last executing test programs: 3.526027678s ago: executing program 0 (id=67497): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000940)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGFIELDINFO(r1, 0xc038480a, &(0x7f0000000000)={0x3, 0x100, 0x22d, 0x3, 0x3, 0x9d, 0x1b, 0x2632, 0x80, 0x9, 0x2, 0x10001, 0xffff90f2, 0x3}) 1.509048345s ago: executing program 1 (id=67550): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000000)={'wg0\x00', {0x2, 0x4e20, @loopback}}) 1.464164307s ago: executing program 1 (id=67553): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4) setsockopt$inet6_buf(r4, 0x29, 0x3e, &(0x7f00002cef88)="d84f7398", 0x4) sendto$inet6(r4, &(0x7f0000000800)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ec3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a5b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dfff01a9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cabc206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea093680ffffff802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e2cccb31016b13ed8d7bcabb03e176b1c9bda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe90400fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97107339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f40029d7cfcaf26fd1900d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60e7222697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792dff2695407ccdd6a7375e0007230fd3f6501c152f1c1ff279b1d67cc95f2820762b7927659368e41657bdef2dd15b63498a93b787bdb26809d734aaf98b86fcf9fc643a34d03ebbe072820662d20d4774d66c5ae270adade5b8f6242a059b926221ee3d677487471c432b0d6d64dad030703475bb3ecac39b204a814f5ece5961621358e36f8a2cf7196c76959824bbb475a7cad8f57853fe05f59f341b5207cc9bb8d686982c2f158e0d8f5c7ec6cbfd500"/1453, 0x5ad, 0x0, &(0x7f0000000080)={0xa, 0x5e20, 0x3, @mcast2}, 0x1c) recvmmsg(r4, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}, 0xa248}], 0x1, 0x40000000, 0x0) 1.432095689s ago: executing program 1 (id=67554): rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003fc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000004180)=ANY=[], 0x2a0}}], 0x1, 0x4) socket$packet(0x11, 0x3, 0x300) 1.40209131s ago: executing program 1 (id=67556): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x92020007) 853.897043ms ago: executing program 1 (id=67561): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket(0x1e, 0x4, 0x0) socket(0x1e, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) 598.776734ms ago: executing program 1 (id=67566): symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r1, 0x0, 0x0, 0x805, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 503.862968ms ago: executing program 0 (id=67571): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) socket$can_raw(0x1d, 0x3, 0x1) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e21, 0x80000000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3ff}, 0x1c) 453.778751ms ago: executing program 0 (id=67572): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x3c, &(0x7f0000311ffc)=0x1, 0x4) setsockopt$inet6_buf(r4, 0x29, 0x3e, &(0x7f00002cef88)="d84f7398", 0x4) sendto$inet6(r4, &(0x7f0000000800)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b65f97aba1c26a06b6d94c4aefd8fdca10e744391062c8e612721c20051608d9aa6dacf61e1eb331a4daad402b9885599d56130f7149fb1111fa116e94324d585a0569fbd311dad54cb4e32ff7f02216844ec3d526c878d5135ad1c9262239339c18885e2a0a95854d6cde3dd2feeaa50216af6c5760923413af81199a65a6332b02ec7bbf79d557c033cbe032fdc44f66a5c59cc4a3c5d218f5896b359d1efd60baf98df6396567478f7b817ce6e11d59a7def452a068e9607f57f626a5b8d476636ef1ee76307524009ae49be402000000000000001e80fed632155e14da1f7324d97bc61a3c1edc4431ee8a6caa2ed9f85cea5a2a9b263630c7d6fc35dda6002da571a2e51917e7c1019d8ce21a608147e408074c7c5f444fab931bda86d977d7c9ccefd881e5ef05b287f41eea526862885881c2cdc687dfff01a9b70a9b08734ac4d62c7f34465c34aa9e9f136c7f796d9eea41aa37f61830508338bb1f887089070567a1dd96cd700e7a098dabedb60f31acd17d487bc8be1a3101d2b5ac1715003793596c6daa93a27f4adb4d6fbea5669cabc206c944317ea18a2c762457f1bc945fec8f849641d44e7e2a24faeee28f3f266395fe18b0dce20c1f64e8896c8ff0e4a44a116fb32462471a0fcde143e551723d57339722765673b4163d66f473ac10f988cb252f106632f9884a47866d284b4efc6bb1aa74ed48d4a6535795f0873a99907ebc22be2337364cf9acc063e32f7d2e02fad64d04aa405d2dbdee1128ab1e4761d2dd30885ad37dd168478f10789d172feef4c817a5cd372caade57f23300e45f47e001e3ea093680ffffff802477368b9910f4e24037c871cb8251568c792287a6f49fa61b7c2600accaa0e7b40c59d88a29af5886c1f5dfc6837c58aaef12a9e100225c70441144ffa82927fa4802ed9ebb03eea8e945af5f4993f21a7f53baf7ec5bb6cc96b917dde82c18840c3500e9565f68f687b1c73d834c0d99d4acb002dc5682dbcdb1217a98f6c3ef8318b7fa93894e8a097b4511ba5c035e27c9fe8bfe7754741ac21bbc0303b81672e3117e5590fe2d92f912759b9937f64204ec5caa92e2cccb31016b13ed8d7bcabb03e176b1c9bda3bf1c1256ab74ab6f42ed9bafbbd0096263be1a7da1e1c88deec55a653d170e1e13c77dacaa60a37a6ba2383e661ebc9f13dbaade2dd884c9951819fb4608e19e70cd2496ccfb12f24c71f496cfe90400fe1bbea1e9a24b1d4664fb0776aca6269b396779680e52f86877d9209988d12ccb137be01ab7496d00547a7d4849d365a18dbb55c429cde87d33c4b74ad2273cdfee88b5418866ef327f25e9cbcd5a64d97107339f7e4cb5f8de171d2779c0f68884ae835e398f982d5749f085628d3608986656ea04b721f828202e9342bd7d19dfa091e772aebf9718030167a8c029df7c58b7f40029d7cfcaf26fd1900d8775ef373e8e2c5bf3525f907add3be426cd5a079c49abffe933e9ee213a3baf34f932d1299312691e1c53e6247ae0989ad66070d51fad22856a8b6b28954e7d41189b11c5321789eec8670de9e8db0b0473ba2e02731e60e7222697d61e052c18d4bcc6d1572fdf426f7b2fee6c1dee66c85c497b90facaf63b8ec5cde4a73400f9180bcfc0f81eca9580a7c81462a077f9034026bf72aa7c6de4b3c15d4a2dbd6fd7d87084aea9f25fb4bf5ec83eb56874a760533792dff2695407ccdd6a7375e0007230fd3f6501c152f1c1ff279b1d67cc95f2820762b7927659368e41657bdef2dd15b63498a93b787bdb26809d734aaf98b86fcf9fc643a34d03ebbe072820662d20d4774d66c5ae270adade5b8f6242a059b926221ee3d677487471c432b0d6d64dad030703475bb3ecac39b204a814f5ece5961621358e36f8a2cf7196c76959824bbb475a7cad8f57853fe05f59f341b5207cc9bb8d686982c2f158e0d8f5c7ec6cbfd500"/1453, 0x5ad, 0x0, &(0x7f0000000080)={0xa, 0x5e20, 0x3, @mcast2}, 0x1c) recvmmsg(r4, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}, 0xa248}], 0x1, 0x40000000, 0x0) 422.429022ms ago: executing program 0 (id=67575): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket(0x1e, 0x4, 0x0) socket(0x1e, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) 376.430594ms ago: executing program 0 (id=67576): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = dup(r4) fsetxattr$security_selinux(r5, &(0x7f0000000040), &(0x7f00000000c0)='system_u:object_r:random_device_t:s0\x00', 0x25, 0x2) 338.208016ms ago: executing program 0 (id=67578): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32=r1, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mlockall(0x1) 243.05907ms ago: executing program 2 (id=67585): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) 234.07481ms ago: executing program 3 (id=67586): rt_sigaction(0xd, &(0x7f0000000180)={0x0, 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x800) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r4, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x2, 0x3, 0x3}, 0x14}}, 0x0) sendmsg$NFQNL_MSG_VERDICT(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c000000010301"], 0x2c}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 153.894194ms ago: executing program 3 (id=67587): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = dup(r4) fsetxattr$security_selinux(r5, &(0x7f0000000040), &(0x7f00000000c0)='system_u:object_r:random_device_t:s0\x00', 0x25, 0x2) 153.564074ms ago: executing program 3 (id=67588): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) write$P9_RMKNOD(r2, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x488d5) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r6], 0x118) 133.651985ms ago: executing program 2 (id=67589): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f00000000c0)='./bus\x00') capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000080)={0x4, 0x10ffff, 0xfffffffd}) mkdir(&(0x7f0000000000)='./file0\x00', 0x2) 118.372696ms ago: executing program 3 (id=67590): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket(0x10, 0x3, 0x0) fsetxattr$security_selinux(r4, &(0x7f0000000240), &(0x7f0000000280)='system_u:object_r:usr_t:s0\x00', 0x1b, 0x0) 76.664647ms ago: executing program 2 (id=67591): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$igmp(0x2, 0x3, 0x2) sendmsg$inet(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, &(0x7f0000000040)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x24}, @dev={0xac, 0x14, 0x14, 0x27}}}}], 0x20}, 0x0) 76.277557ms ago: executing program 2 (id=67592): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r2, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) 75.976887ms ago: executing program 3 (id=67593): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0x0, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000340)=ANY=[], 0x118) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 64.100557ms ago: executing program 2 (id=67594): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x3}}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendto$inet6(r2, &(0x7f0000000140)="8f69b6", 0x3, 0x0, 0x0, 0x0) 2.26129ms ago: executing program 3 (id=67595): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r3, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = dup(r5) fsetxattr$security_selinux(r6, &(0x7f0000000040), &(0x7f00000000c0)='system_u:object_r:random_device_t:s0\x00', 0x25, 0x2) 0s ago: executing program 2 (id=67596): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) kernel console output (not intermixed with test programs): .021217][ T455] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1903.036922][ T455] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1903.046326][ T455] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1903.054614][ T455] usb 4-1: Product: syz [ 1903.069040][ T455] usb 4-1: Manufacturer: syz [ 1903.073826][ T455] usb 4-1: SerialNumber: syz [ 1903.096448][ T455] usb 4-1: config 0 descriptor?? [ 1903.106068][ T455] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1903.135962][ T455] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1903.156569][T30435] FAULT_INJECTION: forcing a failure. [ 1903.156569][T30435] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1903.180046][T30435] CPU: 0 UID: 0 PID: 30435 Comm: syz.1.62023 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1903.180081][T30435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1903.180094][T30435] Call Trace: [ 1903.180101][T30435] [ 1903.180109][T30435] __dump_stack+0x21/0x30 [ 1903.180141][T30435] dump_stack_lvl+0x10c/0x190 [ 1903.180164][T30435] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1903.180189][T30435] ? kstrtoull+0x13b/0x1e0 [ 1903.180207][T30435] dump_stack+0x19/0x20 [ 1903.180229][T30435] should_fail_ex+0x3d9/0x530 [ 1903.180249][T30435] should_fail+0xf/0x20 [ 1903.180266][T30435] should_fail_usercopy+0x1e/0x30 [ 1903.180285][T30435] _copy_from_user+0x22/0xb0 [ 1903.180307][T30435] ___sys_sendmsg+0x159/0x2a0 [ 1903.180334][T30435] ? __sys_sendmsg+0x280/0x280 [ 1903.180359][T30435] ? proc_fail_nth_write+0x17e/0x210 [ 1903.180383][T30435] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 1903.180411][T30435] __x64_sys_sendmsg+0x1eb/0x2c0 [ 1903.180436][T30435] ? fput+0x1a5/0x240 [ 1903.180459][T30435] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 1903.180484][T30435] ? ksys_write+0x1ef/0x250 [ 1903.180502][T30435] ? __kasan_check_read+0x15/0x20 [ 1903.180530][T30435] x64_sys_call+0x2a4c/0x2ee0 [ 1903.180555][T30435] do_syscall_64+0x58/0xf0 [ 1903.180577][T30435] ? clear_bhb_loop+0x50/0xa0 [ 1903.180599][T30435] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1903.180619][T30435] RIP: 0033:0x7fcc3ef8f6c9 [ 1903.180636][T30435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1903.180652][T30435] RSP: 002b:00007fcc3fe68038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1903.180674][T30435] RAX: ffffffffffffffda RBX: 00007fcc3f1e5fa0 RCX: 00007fcc3ef8f6c9 [ 1903.180689][T30435] RDX: 0000000000000040 RSI: 0000200000000340 RDI: 0000000000000007 [ 1903.180702][T30435] RBP: 00007fcc3fe68090 R08: 0000000000000000 R09: 0000000000000000 [ 1903.180716][T30435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1903.180728][T30435] R13: 00007fcc3f1e6038 R14: 00007fcc3f1e5fa0 R15: 00007ffca6f41af8 [ 1903.180745][T30435] [ 1903.466658][T30437] FAULT_INJECTION: forcing a failure. [ 1903.466658][T30437] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1903.480315][T30437] CPU: 1 UID: 0 PID: 30437 Comm: syz.0.62024 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1903.480349][T30437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1903.480362][T30437] Call Trace: [ 1903.480369][T30437] [ 1903.480377][T30437] __dump_stack+0x21/0x30 [ 1903.480406][T30437] dump_stack_lvl+0x10c/0x190 [ 1903.480429][T30437] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1903.480455][T30437] dump_stack+0x19/0x20 [ 1903.480477][T30437] should_fail_ex+0x3d9/0x530 [ 1903.480497][T30437] should_fail+0xf/0x20 [ 1903.480514][T30437] should_fail_usercopy+0x1e/0x30 [ 1903.480534][T30437] _copy_from_user+0x22/0xb0 [ 1903.480555][T30437] __snd_timer_user_ioctl+0x179c/0x4190 [ 1903.480589][T30437] ? ioctl_has_perm+0x384/0x4d0 [ 1903.480612][T30437] ? snd_timer_user_fasync+0x70/0x70 [ 1903.480631][T30437] ? has_cap_mac_admin+0xd0/0xd0 [ 1903.480652][T30437] ? proc_fail_nth_write+0x17e/0x210 [ 1903.480676][T30437] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 1903.480700][T30437] ? selinux_file_ioctl+0x6e0/0x1360 [ 1903.480722][T30437] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 1903.480744][T30437] ? __cfi_vfs_write+0x10/0x10 [ 1903.480761][T30437] ? __kasan_check_write+0x18/0x20 [ 1903.480787][T30437] ? mutex_unlock+0x8b/0x240 [ 1903.480805][T30437] ? __cfi_mutex_unlock+0x10/0x10 [ 1903.480821][T30437] ? __kasan_check_write+0x18/0x20 [ 1903.480847][T30437] ? mutex_lock+0x92/0x1c0 [ 1903.480863][T30437] ? __cfi_mutex_lock+0x10/0x10 [ 1903.480879][T30437] ? __fget_files+0x2c5/0x340 [ 1903.480902][T30437] snd_timer_user_ioctl+0x5f/0x80 [ 1903.480921][T30437] ? __cfi_snd_timer_user_ioctl+0x10/0x10 [ 1903.480941][T30437] __se_sys_ioctl+0x135/0x1b0 [ 1903.480962][T30437] __x64_sys_ioctl+0x7f/0xa0 [ 1903.480981][T30437] x64_sys_call+0x1878/0x2ee0 [ 1903.481007][T30437] do_syscall_64+0x58/0xf0 [ 1903.481029][T30437] ? clear_bhb_loop+0x50/0xa0 [ 1903.481050][T30437] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1903.481070][T30437] RIP: 0033:0x7fa80958f6c9 [ 1903.481086][T30437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1903.481103][T30437] RSP: 002b:00007fa80a3c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1903.481125][T30437] RAX: ffffffffffffffda RBX: 00007fa8097e5fa0 RCX: 00007fa80958f6c9 [ 1903.481141][T30437] RDX: 0000000000000000 RSI: 0000000040345410 RDI: 0000000000000007 [ 1903.481155][T30437] RBP: 00007fa80a3c5090 R08: 0000000000000000 R09: 0000000000000000 [ 1903.481168][T30437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1903.481181][T30437] R13: 00007fa8097e6038 R14: 00007fa8097e5fa0 R15: 00007ffe8beb2638 [ 1903.481198][T30437] [ 1903.766653][ T455] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1903.778026][ T455] usb 4-1: USB disconnect, device number 11 [ 1904.548809][T30508] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=61969 sclass=netlink_route_socket pid=30508 comm=syz.1.62057 [ 1904.606351][T30506] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1904.626263][T30506] FAULT_INJECTION: forcing a failure. [ 1904.626263][T30506] name failslab, interval 1, probability 0, space 0, times 0 [ 1904.655727][T30506] CPU: 1 UID: 0 PID: 30506 Comm: syz.2.62056 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1904.655760][T30506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1904.655772][T30506] Call Trace: [ 1904.655779][T30506] [ 1904.655787][T30506] __dump_stack+0x21/0x30 [ 1904.655817][T30506] dump_stack_lvl+0x10c/0x190 [ 1904.655841][T30506] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1904.655865][T30506] ? avc_has_perm+0x144/0x220 [ 1904.655889][T30506] dump_stack+0x19/0x20 [ 1904.655911][T30506] should_fail_ex+0x3d9/0x530 [ 1904.655931][T30506] should_failslab+0xac/0x100 [ 1904.655952][T30506] __kmalloc_cache_noprof+0x41/0x490 [ 1904.655971][T30506] ? vhost_task_create+0x101/0x350 [ 1904.655991][T30506] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 1904.656012][T30506] vhost_task_create+0x101/0x350 [ 1904.656031][T30506] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 1904.656052][T30506] ? __cfi_vhost_task_create+0x10/0x10 [ 1904.656071][T30506] ? __cfi_vhost_task_fn+0x10/0x10 [ 1904.656090][T30506] ? __kasan_check_write+0x18/0x20 [ 1904.656115][T30506] ? mutex_lock+0x92/0x1c0 [ 1904.656132][T30506] ? __cfi_mutex_lock+0x10/0x10 [ 1904.656149][T30506] ? kernel_text_address+0xa9/0xe0 [ 1904.656172][T30506] kvm_mmu_post_init_vm+0x156/0x2d0 [ 1904.656196][T30506] kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0 [ 1904.656220][T30506] ? _parse_integer_limit+0x195/0x1e0 [ 1904.656248][T30506] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 1904.656271][T30506] ? kstrtoull+0x13b/0x1e0 [ 1904.656288][T30506] ? kstrtouint+0x78/0xf0 [ 1904.656305][T30506] ? ioctl_has_perm+0x1aa/0x4d0 [ 1904.656326][T30506] ? __asan_memcpy+0x5a/0x80 [ 1904.656343][T30506] ? ioctl_has_perm+0x3e0/0x4d0 [ 1904.656364][T30506] ? has_cap_mac_admin+0xd0/0xd0 [ 1904.656385][T30506] ? __kasan_check_write+0x18/0x20 [ 1904.656410][T30506] ? mutex_lock_killable+0x92/0x1c0 [ 1904.656429][T30506] ? __cfi_mutex_lock_killable+0x10/0x10 [ 1904.656447][T30506] ? proc_fail_nth_write+0x17e/0x210 [ 1904.656471][T30506] kvm_vcpu_ioctl+0x96f/0xee0 [ 1904.656490][T30506] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 1904.656505][T30506] ? __cfi_vfs_write+0x10/0x10 [ 1904.656520][T30506] ? __kasan_check_write+0x18/0x20 [ 1904.656553][T30506] ? mutex_unlock+0x8b/0x240 [ 1904.656570][T30506] ? __cfi_mutex_unlock+0x10/0x10 [ 1904.656587][T30506] ? __fget_files+0x2c5/0x340 [ 1904.656607][T30506] ? __fget_files+0x2c5/0x340 [ 1904.656627][T30506] ? bpf_lsm_file_ioctl+0xd/0x20 [ 1904.656650][T30506] ? security_file_ioctl+0x34/0xd0 [ 1904.656671][T30506] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 1904.656688][T30506] __se_sys_ioctl+0x135/0x1b0 [ 1904.656708][T30506] __x64_sys_ioctl+0x7f/0xa0 [ 1904.656728][T30506] x64_sys_call+0x1878/0x2ee0 [ 1904.656753][T30506] do_syscall_64+0x58/0xf0 [ 1904.656776][T30506] ? clear_bhb_loop+0x50/0xa0 [ 1904.656796][T30506] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1904.656816][T30506] RIP: 0033:0x7ff10838f6c9 [ 1904.656832][T30506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1904.656849][T30506] RSP: 002b:00007ff1091ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1904.656871][T30506] RAX: ffffffffffffffda RBX: 00007ff1085e5fa0 RCX: 00007ff10838f6c9 [ 1904.656886][T30506] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 1904.656899][T30506] RBP: 00007ff1091ac090 R08: 0000000000000000 R09: 0000000000000000 [ 1904.656913][T30506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1904.656925][T30506] R13: 00007ff1085e6038 R14: 00007ff1085e5fa0 R15: 00007ffc8c4056e8 [ 1904.656941][T30506] [ 1905.277416][T30530] FAULT_INJECTION: forcing a failure. [ 1905.277416][T30530] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1905.295606][T26413] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 1905.314225][T30530] CPU: 0 UID: 0 PID: 30530 Comm: syz.0.62063 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1905.314263][T30530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1905.314287][T30530] Call Trace: [ 1905.314294][T30530] [ 1905.314303][T30530] __dump_stack+0x21/0x30 [ 1905.314336][T30530] dump_stack_lvl+0x10c/0x190 [ 1905.314359][T30530] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1905.314386][T30530] dump_stack+0x19/0x20 [ 1905.314408][T30530] should_fail_ex+0x3d9/0x530 [ 1905.314429][T30530] should_fail+0xf/0x20 [ 1905.314444][T30530] should_fail_usercopy+0x1e/0x30 [ 1905.314464][T30530] _copy_from_user+0x22/0xb0 [ 1905.314487][T30530] __snd_timer_user_ioctl+0x179c/0x4190 [ 1905.314510][T30530] ? ioctl_has_perm+0x384/0x4d0 [ 1905.314533][T30530] ? snd_timer_user_fasync+0x70/0x70 [ 1905.314550][T30530] ? has_cap_mac_admin+0xd0/0xd0 [ 1905.314578][T30530] ? proc_fail_nth_write+0x17e/0x210 [ 1905.314603][T30530] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 1905.314628][T30530] ? selinux_file_ioctl+0x6e0/0x1360 [ 1905.314651][T30530] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 1905.314673][T30530] ? __cfi_vfs_write+0x10/0x10 [ 1905.314691][T30530] ? __kasan_check_write+0x18/0x20 [ 1905.314718][T30530] ? mutex_unlock+0x8b/0x240 [ 1905.314736][T30530] ? __cfi_mutex_unlock+0x10/0x10 [ 1905.314754][T30530] ? __kasan_check_write+0x18/0x20 [ 1905.314779][T30530] ? mutex_lock+0x92/0x1c0 [ 1905.314803][T30530] ? __cfi_mutex_lock+0x10/0x10 [ 1905.314820][T30530] ? __fget_files+0x2c5/0x340 [ 1905.314842][T30530] snd_timer_user_ioctl+0x5f/0x80 [ 1905.314861][T30530] ? __cfi_snd_timer_user_ioctl+0x10/0x10 [ 1905.314881][T30530] __se_sys_ioctl+0x135/0x1b0 [ 1905.314902][T30530] __x64_sys_ioctl+0x7f/0xa0 [ 1905.314922][T30530] x64_sys_call+0x1878/0x2ee0 [ 1905.314947][T30530] do_syscall_64+0x58/0xf0 [ 1905.314970][T30530] ? clear_bhb_loop+0x50/0xa0 [ 1905.314991][T30530] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1905.315011][T30530] RIP: 0033:0x7fa80958f6c9 [ 1905.315029][T30530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1905.315045][T30530] RSP: 002b:00007fa80a3c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1905.315069][T30530] RAX: ffffffffffffffda RBX: 00007fa8097e5fa0 RCX: 00007fa80958f6c9 [ 1905.315084][T30530] RDX: 0000000000000000 RSI: 0000000040345410 RDI: 0000000000000006 [ 1905.315097][T30530] RBP: 00007fa80a3c5090 R08: 0000000000000000 R09: 0000000000000000 [ 1905.315109][T30530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1905.315122][T30530] R13: 00007fa8097e6038 R14: 00007fa8097e5fa0 R15: 00007ffe8beb2638 [ 1905.315139][T30530] [ 1905.725588][T26413] usb 4-1: Using ep0 maxpacket: 32 [ 1905.731856][T26413] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1905.738454][T30542] FAULT_INJECTION: forcing a failure. [ 1905.738454][T30542] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1905.740352][T26413] usb 4-1: config 0 has no interface number 0 [ 1905.759610][T26413] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1905.766727][T30542] CPU: 0 UID: 0 PID: 30542 Comm: syz.0.62073 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1905.766772][T30542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1905.766786][T30542] Call Trace: [ 1905.766793][T30542] [ 1905.766801][T30542] __dump_stack+0x21/0x30 [ 1905.766835][T30542] dump_stack_lvl+0x10c/0x190 [ 1905.766858][T30542] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1905.766885][T30542] dump_stack+0x19/0x20 [ 1905.766907][T30542] should_fail_ex+0x3d9/0x530 [ 1905.766928][T30542] should_fail+0xf/0x20 [ 1905.766945][T30542] should_fail_usercopy+0x1e/0x30 [ 1905.766965][T30542] strncpy_from_user+0x28/0x270 [ 1905.766984][T30542] __se_sys_add_key+0xcd/0x490 [ 1905.767008][T30542] ? __x64_sys_add_key+0xf0/0xf0 [ 1905.767031][T30542] __x64_sys_add_key+0xc3/0xf0 [ 1905.767054][T30542] x64_sys_call+0x195f/0x2ee0 [ 1905.767079][T30542] do_syscall_64+0x58/0xf0 [ 1905.767103][T30542] ? clear_bhb_loop+0x50/0xa0 [ 1905.767124][T30542] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1905.767144][T30542] RIP: 0033:0x7fa80958f6c9 [ 1905.767162][T30542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1905.767180][T30542] RSP: 002b:00007fa80a3c5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 1905.767203][T30542] RAX: ffffffffffffffda RBX: 00007fa8097e5fa0 RCX: 00007fa80958f6c9 [ 1905.767219][T30542] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000200000000240 [ 1905.767232][T30542] RBP: 00007fa80a3c5090 R08: 0000000000000000 R09: 0000000000000000 [ 1905.767246][T30542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1905.767258][T30542] R13: 00007fa8097e6038 R14: 00007fa8097e5fa0 R15: 00007ffe8beb2638 [ 1905.767275][T30542] [ 1905.957852][T26413] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1905.967098][T26413] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1905.976152][T26413] usb 4-1: Product: syz [ 1905.980575][T26413] usb 4-1: Manufacturer: syz [ 1905.985370][T26413] usb 4-1: SerialNumber: syz [ 1905.991786][T26413] usb 4-1: config 0 descriptor?? [ 1905.997893][T26413] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1906.006606][T26413] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1906.237857][T26413] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1906.248764][T26413] usb 4-1: USB disconnect, device number 12 [ 1906.914202][T30611] FAULT_INJECTION: forcing a failure. [ 1906.914202][T30611] name failslab, interval 1, probability 0, space 0, times 0 [ 1906.927064][T30611] CPU: 0 UID: 0 PID: 30611 Comm: syz.1.62104 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1906.927099][T30611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1906.927111][T30611] Call Trace: [ 1906.927118][T30611] [ 1906.927127][T30611] __dump_stack+0x21/0x30 [ 1906.927158][T30611] dump_stack_lvl+0x10c/0x190 [ 1906.927182][T30611] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1906.927205][T30611] ? __kasan_check_write+0x18/0x20 [ 1906.927233][T30611] ? proc_fail_nth_write+0x17e/0x210 [ 1906.927258][T30611] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 1906.927281][T30611] dump_stack+0x19/0x20 [ 1906.927303][T30611] should_fail_ex+0x3d9/0x530 [ 1906.927322][T30611] should_failslab+0xac/0x100 [ 1906.927342][T30611] kmem_cache_alloc_noprof+0x42/0x430 [ 1906.927360][T30611] ? getname_flags+0xc6/0x710 [ 1906.927380][T30611] getname_flags+0xc6/0x710 [ 1906.927397][T30611] ? build_open_flags+0x487/0x600 [ 1906.927423][T30611] getname+0x1b/0x30 [ 1906.927439][T30611] do_sys_openat2+0xcb/0x1c0 [ 1906.927461][T30611] ? fput+0x1a5/0x240 [ 1906.927481][T30611] ? do_sys_open+0x100/0x100 [ 1906.927504][T30611] ? ksys_write+0x1ef/0x250 [ 1906.927521][T30611] ? __cfi_ksys_write+0x10/0x10 [ 1906.927539][T30611] __x64_sys_openat+0x13a/0x170 [ 1906.927562][T30611] x64_sys_call+0xe69/0x2ee0 [ 1906.927596][T30611] do_syscall_64+0x58/0xf0 [ 1906.927621][T30611] ? clear_bhb_loop+0x50/0xa0 [ 1906.927644][T30611] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1906.927664][T30611] RIP: 0033:0x7fcc3ef8f6c9 [ 1906.927682][T30611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1906.927699][T30611] RSP: 002b:00007fcc3fe68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1906.927721][T30611] RAX: ffffffffffffffda RBX: 00007fcc3f1e5fa0 RCX: 00007fcc3ef8f6c9 [ 1906.927736][T30611] RDX: 0000000000082802 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1906.927751][T30611] RBP: 00007fcc3fe68090 R08: 0000000000000000 R09: 0000000000000000 [ 1906.927764][T30611] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001 [ 1906.927776][T30611] R13: 00007fcc3f1e6038 R14: 00007fcc3f1e5fa0 R15: 00007ffca6f41af8 [ 1906.927793][T30611] [ 1907.287448][T26413] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1907.445565][T26413] usb 4-1: Using ep0 maxpacket: 32 [ 1907.457694][T26413] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1907.466100][T26413] usb 4-1: config 0 has no interface number 0 [ 1907.472287][T26413] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1907.480845][T26413] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1907.490291][T26413] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1907.498818][T26413] usb 4-1: Product: syz [ 1907.504549][T26413] usb 4-1: Manufacturer: syz [ 1907.509231][T26413] usb 4-1: SerialNumber: syz [ 1907.514736][T26413] usb 4-1: config 0 descriptor?? [ 1907.522524][T26413] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1907.539240][T26413] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1907.592588][T30629] FAULT_INJECTION: forcing a failure. [ 1907.592588][T30629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1907.605905][T30629] CPU: 1 UID: 0 PID: 30629 Comm: syz.2.62111 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1907.605937][T30629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1907.605949][T30629] Call Trace: [ 1907.605956][T30629] [ 1907.605964][T30629] __dump_stack+0x21/0x30 [ 1907.606004][T30629] dump_stack_lvl+0x10c/0x190 [ 1907.606028][T30629] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1907.606052][T30629] ? inet6_ioctl+0x200/0x280 [ 1907.606076][T30629] dump_stack+0x19/0x20 [ 1907.606087][T30629] should_fail_ex+0x3d9/0x530 [ 1907.606100][T30629] should_fail+0xf/0x20 [ 1907.606109][T30629] should_fail_usercopy+0x1e/0x30 [ 1907.606120][T30629] _copy_from_user+0x22/0xb0 [ 1907.606137][T30629] sock_do_ioctl+0x18b/0x330 [ 1907.606157][T30629] ? sock_show_fdinfo+0xd0/0xd0 [ 1907.606177][T30629] ? __cfi_vfs_write+0x10/0x10 [ 1907.606195][T30629] ? __kasan_check_write+0x18/0x20 [ 1907.606218][T30629] ? mutex_unlock+0x8b/0x240 [ 1907.606232][T30629] sock_ioctl+0x634/0x7b0 [ 1907.606244][T30629] ? __cfi_sock_ioctl+0x10/0x10 [ 1907.606262][T30629] ? __fget_files+0x2c5/0x340 [ 1907.606281][T30629] ? bpf_lsm_file_ioctl+0xd/0x20 [ 1907.606305][T30629] ? security_file_ioctl+0x34/0xd0 [ 1907.606325][T30629] ? __cfi_sock_ioctl+0x10/0x10 [ 1907.606344][T30629] __se_sys_ioctl+0x135/0x1b0 [ 1907.606362][T30629] __x64_sys_ioctl+0x7f/0xa0 [ 1907.606373][T30629] x64_sys_call+0x1878/0x2ee0 [ 1907.606386][T30629] do_syscall_64+0x58/0xf0 [ 1907.606399][T30629] ? clear_bhb_loop+0x50/0xa0 [ 1907.606411][T30629] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1907.606425][T30629] RIP: 0033:0x7ff10838f6c9 [ 1907.606442][T30629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1907.606459][T30629] RSP: 002b:00007ff1091ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1907.606488][T30629] RAX: ffffffffffffffda RBX: 00007ff1085e5fa0 RCX: 00007ff10838f6c9 [ 1907.606501][T30629] RDX: 0000200000000040 RSI: 0000000000008914 RDI: 000000000000000a [ 1907.606509][T30629] RBP: 00007ff1091ac090 R08: 0000000000000000 R09: 0000000000000000 [ 1907.606516][T30629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1907.606523][T30629] R13: 00007ff1085e6038 R14: 00007ff1085e5fa0 R15: 00007ffc8c4056e8 [ 1907.606532][T30629] [ 1907.896069][T26413] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1907.913708][T26413] usb 4-1: USB disconnect, device number 13 [ 1908.387737][T30690] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1908.618131][ T36] audit: type=1400 audit(1763530556.190:600): avc: denied { bind } for pid=30725 comm="syz.1.62158" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1909.365567][T14266] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1909.525590][T14266] usb 4-1: Using ep0 maxpacket: 32 [ 1909.531866][T14266] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1909.545562][T14266] usb 4-1: config 0 has no interface number 0 [ 1909.555577][T14266] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1909.574083][T14266] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1909.593483][T14266] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1909.611790][T14266] usb 4-1: Product: syz [ 1909.616228][T14266] usb 4-1: Manufacturer: syz [ 1909.620851][T14266] usb 4-1: SerialNumber: syz [ 1909.636441][T14266] usb 4-1: config 0 descriptor?? [ 1909.656482][T14266] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1909.666071][T14266] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1909.909361][T14266] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1909.919787][T14266] usb 4-1: USB disconnect, device number 14 [ 1911.769960][T30841] bridge0: port 1(bridge_slave_0) entered blocking state [ 1911.777230][T30841] bridge0: port 1(bridge_slave_0) entered disabled state [ 1911.784393][T30841] bridge_slave_0: entered allmulticast mode [ 1911.790915][T30841] bridge_slave_0: entered promiscuous mode [ 1911.797981][T30841] bridge0: port 2(bridge_slave_1) entered blocking state [ 1911.805570][T30841] bridge0: port 2(bridge_slave_1) entered disabled state [ 1911.812871][T30841] bridge_slave_1: entered allmulticast mode [ 1911.819339][T30841] bridge_slave_1: entered promiscuous mode [ 1911.836381][T25643] bridge_slave_1: left allmulticast mode [ 1911.842245][T25643] bridge_slave_1: left promiscuous mode [ 1911.856762][T25643] bridge0: port 2(bridge_slave_1) entered disabled state [ 1911.871092][T25643] bridge_slave_0: left allmulticast mode [ 1911.885587][T25643] bridge_slave_0: left promiscuous mode [ 1911.893533][T25643] bridge0: port 1(bridge_slave_0) entered disabled state [ 1912.023266][T25643] veth1_macvtap: left promiscuous mode [ 1912.028957][T25643] veth0_vlan: left promiscuous mode [ 1912.107455][T30841] bridge0: port 2(bridge_slave_1) entered blocking state [ 1912.114648][T30841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1912.122025][T30841] bridge0: port 1(bridge_slave_0) entered blocking state [ 1912.129526][T30841] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1912.158081][T24976] bridge0: port 1(bridge_slave_0) entered disabled state [ 1912.165703][T24976] bridge0: port 2(bridge_slave_1) entered disabled state [ 1912.175982][ T936] bridge0: port 1(bridge_slave_0) entered blocking state [ 1912.183183][ T936] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1912.195678][T24976] bridge0: port 2(bridge_slave_1) entered blocking state [ 1912.202929][T24976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1912.232303][T30841] veth0_vlan: entered promiscuous mode [ 1912.245922][T30841] veth1_macvtap: entered promiscuous mode [ 1912.250302][T30854] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1912.515560][T26413] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 1912.666812][T26413] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1912.678720][T26413] usb 2-1: New USB device found, idVendor=2001, idProduct=b301, bcdDevice=45.a9 [ 1912.687983][T26413] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1912.696306][T26413] usb 2-1: Product: syz [ 1912.700745][T26413] usb 2-1: Manufacturer: syz [ 1912.705376][T26413] usb 2-1: SerialNumber: syz [ 1912.713111][T26413] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1912.719680][T26413] r8152-cfgselector 2-1: config 0 descriptor?? [ 1912.726719][T26413] r8152 2-1:0.0: Expected endpoints are not found [ 1912.927781][T14037] r8152-cfgselector 2-1: USB disconnect, device number 41 [ 1913.247971][T30878] FAULT_INJECTION: forcing a failure. [ 1913.247971][T30878] name failslab, interval 1, probability 0, space 0, times 0 [ 1913.260729][T30878] CPU: 0 UID: 0 PID: 30878 Comm: syz.2.62226 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1913.260770][T30878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1913.260782][T30878] Call Trace: [ 1913.260789][T30878] [ 1913.260797][T30878] __dump_stack+0x21/0x30 [ 1913.260827][T30878] dump_stack_lvl+0x10c/0x190 [ 1913.260851][T30878] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1913.260875][T30878] ? __kasan_check_write+0x18/0x20 [ 1913.260902][T30878] ? proc_fail_nth_write+0x17e/0x210 [ 1913.260925][T30878] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 1913.260949][T30878] dump_stack+0x19/0x20 [ 1913.260971][T30878] should_fail_ex+0x3d9/0x530 [ 1913.260991][T30878] should_failslab+0xac/0x100 [ 1913.261010][T30878] kmem_cache_alloc_noprof+0x42/0x430 [ 1913.261028][T30878] ? getname_flags+0xc6/0x710 [ 1913.261047][T30878] getname_flags+0xc6/0x710 [ 1913.261065][T30878] ? build_open_flags+0x487/0x600 [ 1913.261088][T30878] getname+0x1b/0x30 [ 1913.261106][T30878] do_sys_openat2+0xcb/0x1c0 [ 1913.261128][T30878] ? fput+0x1a5/0x240 [ 1913.261149][T30878] ? do_sys_open+0x100/0x100 [ 1913.261177][T30878] ? ksys_write+0x1ef/0x250 [ 1913.261194][T30878] ? __cfi_ksys_write+0x10/0x10 [ 1913.261208][T30878] __x64_sys_openat+0x13a/0x170 [ 1913.261232][T30878] x64_sys_call+0xe69/0x2ee0 [ 1913.261257][T30878] do_syscall_64+0x58/0xf0 [ 1913.261282][T30878] ? clear_bhb_loop+0x50/0xa0 [ 1913.261303][T30878] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1913.261322][T30878] RIP: 0033:0x7ff10838f6c9 [ 1913.261339][T30878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1913.261355][T30878] RSP: 002b:00007ff1091ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1913.261377][T30878] RAX: ffffffffffffffda RBX: 00007ff1085e5fa0 RCX: 00007ff10838f6c9 [ 1913.261391][T30878] RDX: 0000000000000000 RSI: 0000200000000500 RDI: ffffffffffffff9c [ 1913.261405][T30878] RBP: 00007ff1091ac090 R08: 0000000000000000 R09: 0000000000000000 [ 1913.261418][T30878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1913.261430][T30878] R13: 00007ff1085e6038 R14: 00007ff1085e5fa0 R15: 00007ffc8c4056e8 [ 1913.261447][T30878] [ 1913.845822][T26413] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 1913.975568][T14037] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1914.005555][T26413] usb 2-1: Using ep0 maxpacket: 32 [ 1914.011835][T26413] usb 2-1: config 0 has an invalid interface number: 230 but max is 0 [ 1914.020286][T26413] usb 2-1: config 0 has no interface number 0 [ 1914.026738][T26413] usb 2-1: config 0 interface 230 has no altsetting 0 [ 1914.035562][T26413] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1914.044734][T26413] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1914.052999][T26413] usb 2-1: Product: syz [ 1914.057594][T26413] usb 2-1: Manufacturer: syz [ 1914.062361][T26413] usb 2-1: SerialNumber: syz [ 1914.071971][T26413] usb 2-1: config 0 descriptor?? [ 1914.078177][T26413] ums-usbat 2-1:0.230: USB Mass Storage device detected [ 1914.090070][T26413] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1914.135566][T14037] usb 4-1: Using ep0 maxpacket: 32 [ 1914.141814][T14037] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1914.157242][T14037] usb 4-1: config 0 has no interface number 0 [ 1914.163409][T14037] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1914.177134][T14037] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1914.189737][T14037] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1914.197842][T14037] usb 4-1: Product: syz [ 1914.205192][T14037] usb 4-1: Manufacturer: syz [ 1914.211138][T14037] usb 4-1: SerialNumber: syz [ 1914.217359][T14037] usb 4-1: config 0 descriptor?? [ 1914.223601][T14037] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1914.232037][T14037] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1914.316303][T26413] ums-usbat 2-1:0.230: probe with driver ums-usbat failed with error -5 [ 1914.325982][T26413] usb 2-1: USB disconnect, device number 42 [ 1914.457597][T14037] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1914.468329][T14037] usb 4-1: USB disconnect, device number 15 [ 1915.185587][T24349] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1915.355561][T24349] usb 4-1: Using ep0 maxpacket: 32 [ 1915.372669][T24349] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1915.385578][T24349] usb 4-1: config 0 has no interface number 0 [ 1915.402007][T24349] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1915.413755][T24349] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1915.425561][T24349] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1915.445573][T24349] usb 4-1: Product: syz [ 1915.449989][T24349] usb 4-1: Manufacturer: syz [ 1915.454901][T24349] usb 4-1: SerialNumber: syz [ 1915.462563][T24349] usb 4-1: config 0 descriptor?? [ 1915.476262][T24349] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1915.497177][T24349] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1915.706391][T24349] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1915.724848][T24349] usb 4-1: USB disconnect, device number 16 [ 1916.055653][T14037] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 1916.215607][T14037] usb 3-1: Using ep0 maxpacket: 32 [ 1916.224635][T14037] usb 3-1: config 0 has an invalid interface number: 230 but max is 0 [ 1916.242930][T14037] usb 3-1: config 0 has no interface number 0 [ 1916.250341][T14037] usb 3-1: config 0 interface 230 has no altsetting 0 [ 1916.258961][T14037] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1916.269728][T14037] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1916.285391][T14037] usb 3-1: Product: syz [ 1916.291777][T14037] usb 3-1: Manufacturer: syz [ 1916.299524][T14037] usb 3-1: SerialNumber: syz [ 1916.306059][T14037] usb 3-1: config 0 descriptor?? [ 1916.315078][T14037] ums-usbat 3-1:0.230: USB Mass Storage device detected [ 1916.335632][T14037] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1916.367687][T31082] overlayfs: failed to resolve './file1': -2 [ 1916.557777][T14037] ums-usbat 3-1:0.230: probe with driver ums-usbat failed with error -5 [ 1916.570140][T14037] usb 3-1: USB disconnect, device number 7 [ 1916.645629][T14266] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 1916.671855][T31094] FAULT_INJECTION: forcing a failure. [ 1916.671855][T31094] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1916.685482][T31094] CPU: 0 UID: 0 PID: 31094 Comm: syz.3.62327 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1916.685522][T31094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1916.685535][T31094] Call Trace: [ 1916.685542][T31094] [ 1916.685552][T31094] __dump_stack+0x21/0x30 [ 1916.685595][T31094] dump_stack_lvl+0x10c/0x190 [ 1916.685615][T31094] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1916.685635][T31094] dump_stack+0x19/0x20 [ 1916.685649][T31094] should_fail_ex+0x3d9/0x530 [ 1916.685662][T31094] should_fail+0xf/0x20 [ 1916.685671][T31094] should_fail_usercopy+0x1e/0x30 [ 1916.685682][T31094] _copy_from_user+0x22/0xb0 [ 1916.685697][T31094] get_user_ifreq+0x71/0x180 [ 1916.685709][T31094] sock_ioctl+0x6fb/0x7b0 [ 1916.685720][T31094] ? __cfi_sock_ioctl+0x10/0x10 [ 1916.685731][T31094] ? bpf_lsm_file_ioctl+0xd/0x20 [ 1916.685745][T31094] ? security_file_ioctl+0x34/0xd0 [ 1916.685759][T31094] ? __cfi_sock_ioctl+0x10/0x10 [ 1916.685769][T31094] __se_sys_ioctl+0x135/0x1b0 [ 1916.685782][T31094] __x64_sys_ioctl+0x7f/0xa0 [ 1916.685792][T31094] x64_sys_call+0x1878/0x2ee0 [ 1916.685813][T31094] do_syscall_64+0x58/0xf0 [ 1916.685827][T31094] ? clear_bhb_loop+0x50/0xa0 [ 1916.685840][T31094] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1916.685851][T31094] RIP: 0033:0x7f1e7a58f6c9 [ 1916.685862][T31094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1916.685872][T31094] RSP: 002b:00007f1e7b4db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1916.685886][T31094] RAX: ffffffffffffffda RBX: 00007f1e7a7e5fa0 RCX: 00007f1e7a58f6c9 [ 1916.685895][T31094] RDX: 0000200000000440 RSI: 00000000000089f1 RDI: 0000000000000009 [ 1916.685902][T31094] RBP: 00007f1e7b4db090 R08: 0000000000000000 R09: 0000000000000000 [ 1916.685910][T31094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1916.685917][T31094] R13: 00007f1e7a7e6038 R14: 00007f1e7a7e5fa0 R15: 00007ffc58034a48 [ 1916.685926][T31094] [ 1916.965572][T14266] usb 2-1: Using ep0 maxpacket: 32 [ 1916.972036][T14266] usb 2-1: config 0 has an invalid interface number: 230 but max is 0 [ 1916.980542][T14266] usb 2-1: config 0 has no interface number 0 [ 1916.986788][T14266] usb 2-1: config 0 interface 230 has no altsetting 0 [ 1916.995896][T14266] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1917.005189][T14266] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1917.013376][T14266] usb 2-1: Product: syz [ 1917.017672][T14266] usb 2-1: Manufacturer: syz [ 1917.022319][T14266] usb 2-1: SerialNumber: syz [ 1917.059118][T14266] usb 2-1: config 0 descriptor?? [ 1917.067354][T14266] ums-usbat 2-1:0.230: USB Mass Storage device detected [ 1917.077230][T14266] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1917.289274][T14266] ums-usbat 2-1:0.230: probe with driver ums-usbat failed with error -5 [ 1917.305483][T14266] usb 2-1: USB disconnect, device number 43 [ 1918.375577][T24349] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1918.535552][T24349] usb 3-1: Using ep0 maxpacket: 32 [ 1918.545607][T24349] usb 3-1: config 0 has an invalid interface number: 230 but max is 0 [ 1918.553822][T24349] usb 3-1: config 0 has no interface number 0 [ 1918.564506][T24349] usb 3-1: config 0 interface 230 has no altsetting 0 [ 1918.573143][T24349] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1918.582513][T24349] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1918.596213][T24349] usb 3-1: Product: syz [ 1918.600928][T24349] usb 3-1: Manufacturer: syz [ 1918.605875][T24349] usb 3-1: SerialNumber: syz [ 1918.611953][T24349] usb 3-1: config 0 descriptor?? [ 1918.618096][T24349] ums-usbat 3-1:0.230: USB Mass Storage device detected [ 1918.638425][T24349] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1918.856573][T24349] ums-usbat 3-1:0.230: probe with driver ums-usbat failed with error -5 [ 1918.877395][T24349] usb 3-1: USB disconnect, device number 8 [ 1921.825623][T14266] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 1921.975613][T14266] usb 2-1: Using ep0 maxpacket: 32 [ 1921.981954][T14266] usb 2-1: config 0 has an invalid interface number: 230 but max is 0 [ 1921.990324][T14266] usb 2-1: config 0 has no interface number 0 [ 1921.996470][T14266] usb 2-1: config 0 interface 230 has no altsetting 0 [ 1922.004671][T14266] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1922.013927][T14266] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1922.022028][T14266] usb 2-1: Product: syz [ 1922.026230][T14266] usb 2-1: Manufacturer: syz [ 1922.030853][T14266] usb 2-1: SerialNumber: syz [ 1922.035624][T14037] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1922.044463][T14266] usb 2-1: config 0 descriptor?? [ 1922.050699][T14266] ums-usbat 2-1:0.230: USB Mass Storage device detected [ 1922.059137][T14266] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1922.195549][T14037] usb 4-1: Using ep0 maxpacket: 32 [ 1922.201889][T14037] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1922.210230][T14037] usb 4-1: config 0 has no interface number 0 [ 1922.216378][T14037] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1922.224471][T14037] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1922.233660][T14037] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1922.241677][T14037] usb 4-1: Product: syz [ 1922.245955][T14037] usb 4-1: Manufacturer: syz [ 1922.250575][T14037] usb 4-1: SerialNumber: syz [ 1922.255920][T14037] usb 4-1: config 0 descriptor?? [ 1922.262020][T14037] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1922.270175][T14037] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1922.286340][T14266] ums-usbat 2-1:0.230: probe with driver ums-usbat failed with error -5 [ 1922.297561][T14266] usb 2-1: USB disconnect, device number 44 [ 1922.479378][T14037] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1922.489983][T14037] usb 4-1: USB disconnect, device number 17 [ 1924.545631][ T397] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1924.606778][T31560] overlayfs: missing 'lowerdir' [ 1924.715626][ T397] usb 4-1: Using ep0 maxpacket: 32 [ 1924.739912][ T397] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1924.749213][ T397] usb 4-1: config 0 has no interface number 0 [ 1924.783464][T31587] netlink: 52 bytes leftover after parsing attributes in process `syz.1.62559'. [ 1924.819895][ T397] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1924.828391][ T397] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1924.837881][ T397] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1924.847825][ T397] usb 4-1: Product: syz [ 1924.852079][ T397] usb 4-1: Manufacturer: syz [ 1924.856799][ T397] usb 4-1: SerialNumber: syz [ 1924.862310][ T397] usb 4-1: config 0 descriptor?? [ 1924.869332][ T397] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1925.010968][ T397] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1925.117906][ T397] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1925.130676][ T397] usb 4-1: USB disconnect, device number 18 [ 1925.165744][T31606] overlayfs: failed to resolve './file1/file0': -2 [ 1925.282356][ T36] audit: type=1400 audit(1763530572.850:601): avc: denied { search } for pid=31622 comm="syz.1.62574" name="/" dev="configfs" ino=1324 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1925.321023][T31629] 9pnet_fd: Insufficient options for proto=fd [ 1925.506902][T31653] overlayfs: failed to resolve './file1': -2 [ 1925.687245][T31673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.62591'. [ 1925.699592][T31673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.62591'. [ 1926.133008][T31690] : Can't lookup blockdev [ 1926.508560][T31736] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3851450944 (3851450944 ns) > initial count (1115526657 ns). Using initial count to start timer. [ 1926.581297][T31744] futex_wake_op: syz.1.62630 tries to shift op by 32; fix this program [ 1926.896510][ T36] audit: type=1400 audit(1763530574.470:602): avc: denied { create } for pid=31795 comm="syz.2.62655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 1926.917542][T31799] futex_wake_op: syz.1.62657 tries to shift op by 32; fix this program [ 1926.939880][ T36] audit: type=1400 audit(1763530574.480:603): avc: denied { execute } for pid=31800 comm="syz.0.62656" path="/207/blkio.bfq.group_wait_time" dev="tmpfs" ino=1336 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1926.989027][T31815] futex_wake_op: syz.2.62664 tries to shift op by 32; fix this program [ 1927.017597][ T36] audit: type=1400 audit(1763530574.590:604): avc: denied { unmount } for pid=30304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 1927.066660][ T36] audit: type=1400 audit(1763530574.640:605): avc: denied { mount } for pid=31826 comm="syz.0.62670" name="/" dev="pstore" ino=2562 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 1927.097298][ T36] audit: type=1400 audit(1763530574.670:606): avc: denied { unmount } for pid=29316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 1927.195738][T31842] loop5: detected capacity change from 0 to 7 [ 1927.258441][T31854] futex_wake_op: syz.0.62682 tries to shift op by 32; fix this program [ 1927.354427][T31870] netlink: 24 bytes leftover after parsing attributes in process `syz.2.62690'. [ 1927.385428][T31872] SELinux: Context system_u:object_r:scanner_device_t:s0 is not valid (left unmapped). [ 1927.401975][ T36] audit: type=1400 audit(1763530574.970:607): avc: denied { relabelto } for pid=31871 comm="syz.2.62691" name="blkio.bfq.group_wait_time" dev="tmpfs" ino=2071 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:scanner_device_t:s0" [ 1927.436030][ T36] audit: type=1400 audit(1763530575.010:608): avc: denied { associate } for pid=31871 comm="syz.2.62691" name="blkio.bfq.group_wait_time" dev="tmpfs" ino=2071 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:scanner_device_t:s0" [ 1927.482137][ T36] audit: type=1400 audit(1763530575.010:609): avc: denied { unlink } for pid=29457 comm="syz-executor" name="blkio.bfq.group_wait_time" dev="tmpfs" ino=2071 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:scanner_device_t:s0" [ 1927.579769][T31904] futex_wake_op: syz.2.62706 tries to shift op by 32; fix this program [ 1927.638939][T31916] 9pnet: Could not find request transport: 0xffffffffffffffff [ 1927.643454][ T36] audit: type=1400 audit(1763530575.210:610): avc: denied { mounton } for pid=31913 comm="syz.1.62712" path="/214/file0" dev="tmpfs" ino=1434 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1927.701248][T31928] futex_wake_op: syz.1.62719 tries to shift op by 32; fix this program [ 1927.810982][T31949] netlink: 'syz.2.62729': attribute type 4 has an invalid length. [ 1927.905602][T21176] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1928.056311][T21176] usb 4-1: Using ep0 maxpacket: 16 [ 1928.069779][T21176] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 1928.078355][T21176] usb 4-1: config 0 has no interface number 0 [ 1928.084778][T21176] usb 4-1: config 0 interface 41 has no altsetting 0 [ 1928.094950][T21176] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1928.104244][T21176] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1928.112646][T21176] usb 4-1: Product: syz [ 1928.117013][T21176] usb 4-1: Manufacturer: syz [ 1928.121678][T21176] usb 4-1: SerialNumber: syz [ 1928.130452][T21176] usb 4-1: config 0 descriptor?? [ 1928.139760][T21176] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -22 [ 1928.249269][T32020] futex_wake_op: syz.2.62764 tries to shift op by 32; fix this program [ 1928.337331][T32037] futex_wake_op: syz.2.62772 tries to shift op by 32; fix this program [ 1928.339369][T21176] usb 4-1: USB disconnect, device number 19 [ 1928.389352][T32041] futex_wake_op: syz.2.62774 tries to shift op by 32; fix this program [ 1928.468262][T32061] futex_wake_op: syz.1.62784 tries to shift op by 32; fix this program [ 1928.502778][T32069] netlink: 104 bytes leftover after parsing attributes in process `syz.1.62788'. [ 1929.170285][T32212] fuse: Bad value for 'fd' [ 1929.353123][T32244] netlink: 388 bytes leftover after parsing attributes in process `syz.0.62874'. [ 1929.968063][T32323] netlink: 'syz.0.62913': attribute type 4 has an invalid length. [ 1930.458937][T32367] netlink: 'syz.0.62934': attribute type 4 has an invalid length. [ 1930.465578][T14037] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1930.625858][T14037] usb 4-1: Using ep0 maxpacket: 16 [ 1930.632492][T14037] usb 4-1: config 0 has an invalid interface number: 218 but max is 0 [ 1930.641173][T14037] usb 4-1: config 0 has no interface number 0 [ 1930.648152][T14037] usb 4-1: config 0 interface 218 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 1930.659493][T14037] usb 4-1: config 0 interface 218 has no altsetting 0 [ 1930.668256][T14037] usb 4-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice=4d.ad [ 1930.677931][T14037] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1930.686253][T14037] usb 4-1: Product: syz [ 1930.690603][T14037] usb 4-1: Manufacturer: syz [ 1930.695286][T14037] usb 4-1: SerialNumber: syz [ 1930.702264][T14037] usb 4-1: config 0 descriptor?? [ 1930.708571][T32353] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1930.924565][T14037] snd-usb-audio 4-1:0.218: probe with driver snd-usb-audio failed with error -2 [ 1930.948454][T29844] udevd[29844]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.218/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 1930.960592][T32389] tipc: Started in network mode [ 1930.964841][T14037] usb 4-1: USB disconnect, device number 20 [ 1930.969767][T32389] tipc: Node identity ac14140f, cluster identity 4711 [ 1930.992842][T32389] tipc: New replicast peer: 255.255.255.255 [ 1931.003925][T32389] tipc: Enabled bearer , priority 10 [ 1931.100464][ T36] kauditd_printk_skb: 3 callbacks suppressed [ 1931.100485][ T36] audit: type=1326 audit(1763530578.670:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32401 comm="syz.2.62952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff10838f6c9 code=0x7ffc0000 [ 1931.143252][ T36] audit: type=1326 audit(1763530578.710:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32401 comm="syz.2.62952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7ff10838f6c9 code=0x7ffc0000 [ 1931.348570][ T36] audit: type=1326 audit(1763530578.920:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32401 comm="syz.2.62952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff10838f6c9 code=0x7ffc0000 [ 1931.405588][ T36] audit: type=1326 audit(1763530578.920:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32401 comm="syz.2.62952" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff10838f6c9 code=0x7ffc0000 [ 1931.685665][T32455] netlink: 'syz.0.62978': attribute type 4 has an invalid length. [ 1931.713186][T32458] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1931.739796][T32458] overlayfs: missing 'lowerdir' [ 1932.005583][T14037] tipc: Node number set to 2886997007 [ 1932.229609][T32507] netlink: 12 bytes leftover after parsing attributes in process `syz.0.63003'. [ 1932.265598][T32512] tipc: Started in network mode [ 1932.295577][T32512] tipc: Node identity ac14140f, cluster identity 4711 [ 1932.302634][T32512] tipc: New replicast peer: 255.255.255.255 [ 1932.324403][T32512] tipc: Enabled bearer , priority 10 [ 1933.148918][T32584] futex_atomic_op_inuser: 15 callbacks suppressed [ 1933.148960][T32584] futex_wake_op: syz.3.63040 tries to shift op by 32; fix this program [ 1933.321066][T14037] tipc: Node number set to 2886997007 [ 1933.754940][T32606] futex_wake_op: syz.0.63051 tries to shift op by 32; fix this program [ 1933.940253][T32625] futex_wake_op: syz.2.63060 tries to shift op by 32; fix this program [ 1934.095839][T32637] netlink: 'syz.1.63066': attribute type 4 has an invalid length. [ 1934.767736][T32649] futex_wake_op: syz.2.63070 tries to shift op by 32; fix this program [ 1934.805149][T32657] futex_wake_op: syz.2.63075 tries to shift op by 32; fix this program [ 1934.827897][T32661] netlink: 'syz.0.63077': attribute type 4 has an invalid length. [ 1934.836075][T32663] netlink: 4 bytes leftover after parsing attributes in process `syz.2.63078'. [ 1934.845278][T32659] tipc: Started in network mode [ 1934.860162][T32659] tipc: Node identity ac14140f, cluster identity 4711 [ 1934.884630][T32659] tipc: New replicast peer: 255.255.255.255 [ 1934.891053][T32659] tipc: Enabled bearer , priority 10 [ 1934.951711][T32679] netlink: 'syz.2.63087': attribute type 4 has an invalid length. [ 1936.008975][T21176] tipc: Node number set to 2886997007 [ 1936.069117][T32764] netlink: 4 bytes leftover after parsing attributes in process `syz.2.63127'. [ 1936.856693][ T348] futex_wake_op: syz.1.63153 tries to shift op by 32; fix this program [ 1937.345629][T24349] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 1937.496596][T24349] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1937.509044][T24349] usb 4-1: config 0 has no interfaces? [ 1937.514565][T24349] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1937.534303][T24349] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1937.554459][T24349] usb 4-1: config 0 descriptor?? [ 1937.767169][T24349] usb 4-1: USB disconnect, device number 21 [ 1940.597681][ T465] overlayfs: failed to resolve './file1': -2 [ 1941.667367][ T484] tipc: Enabling of bearer rejected, already enabled [ 1941.979911][ T503] futex_wake_op: syz.1.63229 tries to shift op by 32; fix this program [ 1943.767148][ T542] netlink: 12 bytes leftover after parsing attributes in process `syz.0.63246'. [ 1943.785697][ T542] tipc: Disabling bearer [ 1944.375571][T14037] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 1944.442382][ T624] futex_wake_op: syz.2.63285 tries to shift op by 32; fix this program [ 1944.555584][T14037] usb 2-1: Using ep0 maxpacket: 16 [ 1944.566615][T14037] usb 2-1: config 1 has an invalid interface number: 64 but max is 0 [ 1944.574833][T14037] usb 2-1: config 1 has no interface number 0 [ 1944.592880][T14037] usb 2-1: New USB device found, idVendor=19d2, idProduct=ffbf, bcdDevice=68.78 [ 1944.605566][T14037] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1944.624062][T14037] usb 2-1: Product: syz [ 1944.628496][T14037] usb 2-1: Manufacturer: syz [ 1944.633097][T14037] usb 2-1: SerialNumber: syz [ 1944.853806][T14037] usb 2-1: USB disconnect, device number 45 [ 1945.010466][ T648] futex_wake_op: syz.0.63295 tries to shift op by 32; fix this program [ 1945.038463][ T650] netlink: 12 bytes leftover after parsing attributes in process `syz.0.63297'. [ 1945.075046][ T652] netlink: 'syz.0.63298': attribute type 4 has an invalid length. [ 1945.306137][ T667] futex_wake_op: syz.2.63305 tries to shift op by 32; fix this program [ 1945.693880][ T683] futex_wake_op: syz.2.63314 tries to shift op by 32; fix this program [ 1945.774973][ T689] netlink: 24 bytes leftover after parsing attributes in process `syz.3.63311'. [ 1945.913828][ T701] futex_wake_op: syz.3.63323 tries to shift op by 32; fix this program [ 1946.584432][ T743] netlink: 12 bytes leftover after parsing attributes in process `syz.3.63343'. [ 1946.716527][ T750] futex_wake_op: syz.3.63346 tries to shift op by 32; fix this program [ 1946.892297][ T761] netlink: 12 bytes leftover after parsing attributes in process `syz.3.63352'. [ 1947.545546][ T821] futex_wake_op: syz.2.63379 tries to shift op by 32; fix this program [ 1947.559090][ T823] futex_wake_op: syz.1.63380 tries to shift op by 32; fix this program [ 1948.035116][ T855] tipc: New replicast peer: 255.255.255.255 [ 1948.061123][ T855] tipc: Enabled bearer , priority 10 [ 1948.470706][ T887] tipc: Enabling of bearer rejected, already enabled [ 1948.822122][ T906] tipc: Enabling of bearer rejected, already enabled [ 1949.165803][ T929] binder: Unknown parameter 'contextÌðÔ' [ 1949.239959][ T939] netlink: 12 bytes leftover after parsing attributes in process `syz.1.63435'. [ 1949.255593][ T939] tipc: Disabling bearer [ 1949.893559][ T976] futex_wake_op: syz.0.63451 tries to shift op by 32; fix this program [ 1950.835977][ T1000] tipc: Enabling of bearer rejected, already enabled [ 1951.099993][ T1010] futex_wake_op: syz.1.63467 tries to shift op by 32; fix this program [ 1951.827823][ T1034] binder: Unknown parameter 'contextÌðÔ' [ 1952.265268][ T1064] netlink: 'syz.1.63492': attribute type 4 has an invalid length. [ 1952.407411][ T1078] tipc: Started in network mode [ 1952.412349][ T1078] tipc: Node identity ac14140f, cluster identity 4711 [ 1952.445647][ T1078] tipc: New replicast peer: 255.255.255.255 [ 1952.462076][ T1078] tipc: Enabled bearer , priority 10 [ 1952.493854][ T1084] netlink: 'syz.3.63507': attribute type 4 has an invalid length. [ 1953.460342][ T1133] futex_wake_op: syz.3.63532 tries to shift op by 32; fix this program [ 1953.575585][T24349] tipc: Node number set to 2886997007 [ 1953.611584][ T1146] netlink: 12 bytes leftover after parsing attributes in process `syz.2.63528'. [ 1953.632677][ T1146] tipc: Disabling bearer [ 1953.667360][ T1154] tipc: New replicast peer: 255.255.255.255 [ 1953.683882][ T1154] tipc: Enabled bearer , priority 10 [ 1953.691037][ T1156] futex_wake_op: syz.2.63543 tries to shift op by 32; fix this program [ 1953.979401][ T1179] futex_wake_op: syz.0.63553 tries to shift op by 32; fix this program [ 1954.317396][ T1195] futex_wake_op: syz.0.63562 tries to shift op by 32; fix this program [ 1954.594776][ T1213] futex_wake_op: syz.0.63571 tries to shift op by 32; fix this program [ 1955.386359][ T1233] futex_wake_op: syz.3.63581 tries to shift op by 32; fix this program [ 1955.757906][ T1251] futex_wake_op: syz.0.63590 tries to shift op by 32; fix this program [ 1955.894189][ T1265] netlink: 4 bytes leftover after parsing attributes in process `syz.2.63596'. [ 1956.692949][ T1273] netlink: 12 bytes leftover after parsing attributes in process `syz.3.63602'. [ 1956.715576][ T1273] tipc: Disabling bearer [ 1956.730599][ T1275] futex_wake_op: syz.2.63601 tries to shift op by 32; fix this program [ 1957.671482][ T1304] tipc: New replicast peer: 255.255.255.255 [ 1957.685803][ T1304] tipc: Enabled bearer , priority 10 [ 1959.134270][ T1355] tipc: New replicast peer: 255.255.255.255 [ 1959.163257][ T1355] tipc: Enabled bearer , priority 10 [ 1959.840068][ T1379] netlink: 4 bytes leftover after parsing attributes in process `syz.1.63651'. [ 1960.028004][ T1395] tipc: Enabling of bearer rejected, already enabled [ 1960.119157][ T1400] futex_wake_op: syz.2.63653 tries to shift op by 32; fix this program [ 1960.882111][ T1424] futex_wake_op: syz.3.63673 tries to shift op by 32; fix this program [ 1961.062317][ T1447] futex_wake_op: syz.0.63683 tries to shift op by 32; fix this program [ 1961.196088][ T1474] futex_wake_op: syz.0.63695 tries to shift op by 32; fix this program [ 1961.713359][ T1557] futex_wake_op: syz.0.63733 tries to shift op by 32; fix this program [ 1961.911387][ T1579] binder: Unknown parameter 'contextÌðÔ@âÞ®N [ 1961.911387][ T1579] úòFoðÀÄ"á™ÅÁ cß' [ 1962.046120][ T1587] futex_wake_op: syz.3.63749 tries to shift op by 32; fix this program [ 1963.119860][ T1610] bridge0: port 1(bridge_slave_0) entered blocking state [ 1963.164421][ T1610] bridge0: port 1(bridge_slave_0) entered disabled state [ 1963.172057][ T1610] bridge_slave_0: entered allmulticast mode [ 1963.178947][ T1610] bridge_slave_0: entered promiscuous mode [ 1963.186135][ T1610] bridge0: port 2(bridge_slave_1) entered blocking state [ 1963.193206][ T1610] bridge0: port 2(bridge_slave_1) entered disabled state [ 1963.200763][ T1610] bridge_slave_1: entered allmulticast mode [ 1963.208931][ T1610] bridge_slave_1: entered promiscuous mode [ 1963.296183][T25643] bridge_slave_1: left allmulticast mode [ 1963.301866][T25643] bridge_slave_1: left promiscuous mode [ 1963.317917][T25643] bridge0: port 2(bridge_slave_1) entered disabled state [ 1963.336282][T25643] bridge_slave_0: left allmulticast mode [ 1963.341995][T25643] bridge_slave_0: left promiscuous mode [ 1963.356347][T25643] bridge0: port 1(bridge_slave_0) entered disabled state [ 1963.505769][T25643] tipc: Disabling bearer [ 1963.511741][T25643] tipc: Left network mode [ 1963.538347][ T1610] bridge0: port 2(bridge_slave_1) entered blocking state [ 1963.545465][ T1610] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1963.552785][ T1610] bridge0: port 1(bridge_slave_0) entered blocking state [ 1963.559856][ T1610] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1963.570174][T25643] veth1_macvtap: left promiscuous mode [ 1963.575912][T25643] veth0_vlan: left promiscuous mode [ 1963.655294][ T9545] bridge0: port 1(bridge_slave_0) entered disabled state [ 1963.674297][ T9545] bridge0: port 2(bridge_slave_1) entered disabled state [ 1963.710188][T24976] bridge0: port 1(bridge_slave_0) entered blocking state [ 1963.717376][T24976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1963.748402][T24976] bridge0: port 2(bridge_slave_1) entered blocking state [ 1963.755596][T24976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1963.816236][ T1610] veth0_vlan: entered promiscuous mode [ 1963.837469][ T1610] veth1_macvtap: entered promiscuous mode [ 1963.979032][ T1639] futex_wake_op: syz.2.63770 tries to shift op by 32; fix this program [ 1964.136727][ T1659] futex_wake_op: syz.3.63779 tries to shift op by 32; fix this program [ 1964.533360][ T1677] futex_wake_op: syz.1.63789 tries to shift op by 32; fix this program [ 1964.631612][ T1681] tipc: Enabling of bearer rejected, already enabled [ 1964.757745][ T1693] binder: Unknown parameter 'contextÌðÔ@âÞ®N [ 1964.757745][ T1693] úòFoðÀÄ"á™ÅÁ cß' [ 1964.819545][ T1697] futex_wake_op: syz.0.63798 tries to shift op by 32; fix this program [ 1965.158635][ T1740] futex_atomic_op_inuser: 1 callbacks suppressed [ 1965.158656][ T1740] futex_wake_op: syz.2.63819 tries to shift op by 32; fix this program [ 1965.168520][ T1739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.63818'. [ 1965.265013][ T36] audit: type=1400 audit(1763530612.830:618): avc: denied { read } for pid=1757 comm="syz.3.63828" name="/" dev="configfs" ino=1324 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1965.310514][ T36] audit: type=1400 audit(1763530612.870:619): avc: denied { open } for pid=1757 comm="syz.3.63828" path="/" dev="configfs" ino=1324 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1965.326661][ T1763] futex_wake_op: syz.3.63830 tries to shift op by 32; fix this program [ 1965.434255][ T1770] futex_wake_op: syz.1.63834 tries to shift op by 32; fix this program [ 1965.704888][ T1792] futex_wake_op: syz.3.63845 tries to shift op by 32; fix this program [ 1965.895623][ T1806] futex_wake_op: syz.3.63854 tries to shift op by 32; fix this program [ 1966.047417][ T1825] netlink: 4 bytes leftover after parsing attributes in process `syz.2.63863'. [ 1966.708386][ T1904] futex_wake_op: syz.1.63902 tries to shift op by 32; fix this program [ 1968.103428][ T1972] futex_wake_op: syz.0.63935 tries to shift op by 32; fix this program [ 1968.230617][ T1985] binder: Unknown parameter 'contextÌðÔ' [ 1968.324896][ T2001] netlink: 4 bytes leftover after parsing attributes in process `syz.3.63950'. [ 1968.482524][ T2017] futex_wake_op: syz.1.63946 tries to shift op by 32; fix this program [ 1969.260543][ T2087] netlink: 4 bytes leftover after parsing attributes in process `syz.0.63991'. [ 1969.287669][ T2091] futex_wake_op: syz.3.63993 tries to shift op by 32; fix this program [ 1969.636134][ T2138] netlink: 4 bytes leftover after parsing attributes in process `syz.2.64015'. [ 1969.723273][ T2150] netlink: 12 bytes leftover after parsing attributes in process `syz.3.64022'. [ 1970.483182][ T2211] futex_wake_op: syz.0.64053 tries to shift op by 32; fix this program [ 1970.651263][ T2229] netlink: 'syz.2.64061': attribute type 4 has an invalid length. [ 1970.838162][ T36] audit: type=1400 audit(1763530618.410:620): avc: denied { write } for pid=2246 comm="syz.2.64071" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1970.931709][ T2251] netlink: 4 bytes leftover after parsing attributes in process `syz.0.64073'. [ 1971.329913][ T2313] netlink: 'syz.0.64102': attribute type 4 has an invalid length. [ 1971.405474][ T2321] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64106'. [ 1971.882753][ T2360] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64125'. [ 1971.984132][ T2370] binder: Unknown parameter 'contextÌðÔ' [ 1972.015755][ T2374] netlink: 16 bytes leftover after parsing attributes in process `syz.3.64133'. [ 1972.034209][ T2374] sit0: entered promiscuous mode [ 1972.045600][ T2374] sit0: entered allmulticast mode [ 1972.234213][ T9545] bridge_slave_1: left allmulticast mode [ 1972.242399][ T9545] bridge_slave_1: left promiscuous mode [ 1972.259167][ T9545] bridge0: port 2(bridge_slave_1) entered disabled state [ 1972.268235][ T9545] bridge_slave_0: left allmulticast mode [ 1972.275279][ T9545] bridge_slave_0: left promiscuous mode [ 1972.281054][ T2418] binder: Unknown parameter 'contextÌðÔ@âÞ®N [ 1972.281054][ T2418] úòFoðÀÄ"á™ÅÁ cß' [ 1972.281151][ T9545] bridge0: port 1(bridge_slave_0) entered disabled state [ 1972.314940][ T36] audit: type=1400 audit(1763530619.880:621): avc: denied { wake_alarm } for pid=2420 comm="syz.3.64156" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1972.403545][ T2402] bridge0: port 1(bridge_slave_0) entered blocking state [ 1972.410752][ T2402] bridge0: port 1(bridge_slave_0) entered disabled state [ 1972.432766][ T2402] bridge_slave_0: entered allmulticast mode [ 1972.440334][ T2402] bridge_slave_0: entered promiscuous mode [ 1972.447025][ T9545] tipc: Disabling bearer [ 1972.452486][ T9545] tipc: Left network mode [ 1972.452494][ T2447] netlink: 'syz.1.64165': attribute type 4 has an invalid length. [ 1972.465139][ T2402] bridge0: port 2(bridge_slave_1) entered blocking state [ 1972.472670][ T2402] bridge0: port 2(bridge_slave_1) entered disabled state [ 1972.480318][ T2402] bridge_slave_1: entered allmulticast mode [ 1972.482477][ T2453] netlink: 36 bytes leftover after parsing attributes in process `syz.1.64170'. [ 1972.487001][ T2402] bridge_slave_1: entered promiscuous mode [ 1972.502111][ T2449] netlink: 'syz.3.64168': attribute type 4 has an invalid length. [ 1972.510110][ T2449] netlink: 'syz.3.64168': attribute type 5 has an invalid length. [ 1972.518222][ T2449] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.64168'. [ 1972.527795][ T2451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.64169'. [ 1972.543914][ T9545] veth1_macvtap: left promiscuous mode [ 1972.549595][ T9545] veth0_vlan: left promiscuous mode [ 1972.584091][ T2466] futex_wake_op: syz.3.64176 tries to shift op by 32; fix this program [ 1972.705646][ T36] audit: type=1400 audit(1763530620.270:622): avc: denied { relabelfrom } for pid=2485 comm="syz.1.64185" name="" dev="pipefs" ino=790894 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1972.754756][ T2493] futex_wake_op: syz.1.64189 tries to shift op by 32; fix this program [ 1972.771101][ T2402] bridge0: port 2(bridge_slave_1) entered blocking state [ 1972.778293][ T2402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1972.785637][ T2402] bridge0: port 1(bridge_slave_0) entered blocking state [ 1972.792785][ T2402] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1972.819290][T25643] bridge0: port 1(bridge_slave_0) entered disabled state [ 1972.832339][T25643] bridge0: port 2(bridge_slave_1) entered disabled state [ 1972.850403][T24976] bridge0: port 1(bridge_slave_0) entered blocking state [ 1972.857594][T24976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1972.880306][ T2516] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64198'. [ 1972.896079][T24976] bridge0: port 2(bridge_slave_1) entered blocking state [ 1972.903230][T24976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1972.918952][ T2520] tipc: Enabling of bearer rejected, failed to enable media [ 1972.970020][ T2402] veth0_vlan: entered promiscuous mode [ 1973.000880][ T2402] veth1_macvtap: entered promiscuous mode [ 1973.118128][ T2543] futex_wake_op: syz.2.64210 tries to shift op by 32; fix this program [ 1973.126501][ T2547] netlink: 'syz.3.64212': attribute type 4 has an invalid length. [ 1973.164247][ T2549] netlink: 12 bytes leftover after parsing attributes in process `syz.3.64214'. [ 1973.415782][ T2591] netlink: 4 bytes leftover after parsing attributes in process `syz.2.64233'. [ 1973.465001][ T2595] bridge_slave_1: left allmulticast mode [ 1973.476099][ T2595] bridge_slave_1: left promiscuous mode [ 1973.481825][ T2595] bridge0: port 2(bridge_slave_1) entered disabled state [ 1973.494355][ T2595] bridge_slave_0: left allmulticast mode [ 1973.502360][ T2602] futex_wake_op: syz.1.64238 tries to shift op by 32; fix this program [ 1973.503494][ T2595] bridge_slave_0: left promiscuous mode [ 1973.525888][ T2595] bridge0: port 1(bridge_slave_0) entered disabled state [ 1973.794867][ T2629] netlink: 'syz.2.64252': attribute type 4 has an invalid length. [ 1973.810341][ T2631] tipc: Enabling of bearer rejected, failed to enable media [ 1973.992304][ T2653] tipc: Enabling of bearer rejected, failed to enable media [ 1975.767963][ T2746] binder: Unknown parameter 'contextÌðÔ' [ 1976.141566][ T2767] SELinux: Context is not valid (left unmapped). [ 1976.175566][ T36] audit: type=1400 audit(1763530623.740:623): avc: denied { relabelto } for pid=2766 comm="syz.0.64318" name="blkio.bfq.io_serviced" dev="tmpfs" ino=230 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="" [ 1976.248782][ T36] audit: type=1400 audit(1763530623.740:624): avc: denied { associate } for pid=2766 comm="syz.0.64318" name="blkio.bfq.io_serviced" dev="tmpfs" ino=230 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="" [ 1976.280356][ T36] audit: type=1400 audit(1763530623.850:625): avc: denied { unlink } for pid=2402 comm="syz-executor" name="blkio.bfq.io_serviced" dev="tmpfs" ino=230 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="" [ 1976.324318][ T2769] bridge0: port 1(bridge_slave_0) entered blocking state [ 1976.335714][ T2769] bridge0: port 1(bridge_slave_0) entered disabled state [ 1976.342997][ T2769] bridge_slave_0: entered allmulticast mode [ 1976.350076][ T2769] bridge_slave_0: entered promiscuous mode [ 1976.359241][ T2769] bridge0: port 2(bridge_slave_1) entered blocking state [ 1976.371550][ T2769] bridge0: port 2(bridge_slave_1) entered disabled state [ 1976.379378][ T2769] bridge_slave_1: entered allmulticast mode [ 1976.385840][ T2769] bridge_slave_1: entered promiscuous mode [ 1976.399800][T24976] bridge_slave_1: left allmulticast mode [ 1976.410775][T24976] bridge_slave_1: left promiscuous mode [ 1976.416850][T24976] bridge0: port 2(bridge_slave_1) entered disabled state [ 1976.421108][ T2780] binder: Unknown parameter 'contextÌðÔ' [ 1976.435032][T24976] bridge_slave_0: left allmulticast mode [ 1976.440952][T24976] bridge_slave_0: left promiscuous mode [ 1976.447121][T24976] bridge0: port 1(bridge_slave_0) entered disabled state [ 1976.458191][ T2788] fuseblk: Bad value for 'fd' [ 1976.552449][T24976] tipc: Disabling bearer [ 1976.565050][T24976] tipc: Left network mode [ 1976.584885][T24976] veth1_macvtap: left promiscuous mode [ 1976.590888][T24976] veth0_vlan: left promiscuous mode [ 1976.705804][ T2810] fuseblk: Bad value for 'fd' [ 1976.740649][ T2769] bridge0: port 2(bridge_slave_1) entered blocking state [ 1976.747751][ T2769] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1976.755246][ T2769] bridge0: port 1(bridge_slave_0) entered blocking state [ 1976.755718][ T2818] binder: Unknown parameter '†— e<é' [ 1976.762516][ T2769] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1976.804697][T25643] bridge0: port 1(bridge_slave_0) entered disabled state [ 1976.815794][T25643] bridge0: port 2(bridge_slave_1) entered disabled state [ 1976.826972][ T9545] bridge0: port 1(bridge_slave_0) entered blocking state [ 1976.834162][ T9545] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1976.843496][T25643] bridge0: port 2(bridge_slave_1) entered blocking state [ 1976.850851][T25643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1976.889907][ T2769] veth0_vlan: entered promiscuous mode [ 1976.909201][ T2769] veth1_macvtap: entered promiscuous mode [ 1977.015468][ T2835] binder: Unknown parameter 'contextÌðÔ' [ 1977.072001][ T2843] binder: Unknown parameter '†—' [ 1977.329321][ T2866] __nla_validate_parse: 3 callbacks suppressed [ 1977.329344][ T2866] netlink: 8 bytes leftover after parsing attributes in process `syz.1.64360'. [ 1977.494802][ T2876] netlink: 4 bytes leftover after parsing attributes in process `syz.1.64365'. [ 1978.606308][ T2957] FAT-fs (rnullb0): bogus number of reserved sectors [ 1978.630377][ T2957] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 1978.672234][ T2963] netlink: 4 bytes leftover after parsing attributes in process `syz.1.64409'. [ 1980.054755][ T3049] FAT-fs (rnullb0): bogus number of reserved sectors [ 1980.071106][ T3049] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 1980.118240][ T3053] binder: Unknown parameter 'contextÌðÔ' [ 1980.479022][ T3081] binder: Unknown parameter '†— e<é' [ 1980.641890][ T3091] binder: Unknown parameter 'contextÌðÔ' [ 1980.866556][ T3111] binder: Unknown parameter '†— e<é' [ 1981.041859][ T36] audit: type=1400 audit(1763530628.610:626): avc: denied { mount } for pid=3125 comm="syz.3.64486" name="/" dev="ramfs" ino=796042 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 1981.065216][ T3126] overlayfs: missing 'workdir' [ 1981.094149][ T36] audit: type=1400 audit(1763530628.660:627): avc: denied { unmount } for pid=30841 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 1981.284051][ T3149] binder: Unknown parameter 'contextÌðÔ' [ 1981.376042][ T3165] FAT-fs (rnullb0): bogus number of reserved sectors [ 1981.382921][ T3165] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 1982.358199][ T3223] No source specified [ 1982.407407][ T3231] binder: Unknown parameter '†— e<é' [ 1982.795965][ T3271] fuseblk: Bad value for 'fd' [ 1982.859549][ T3276] FAT-fs (rnullb0): bogus number of reserved sectors [ 1982.875592][ T3276] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 1983.236676][ T3292] bridge0: port 1(bridge_slave_0) entered blocking state [ 1983.243749][ T3292] bridge0: port 1(bridge_slave_0) entered disabled state [ 1983.258811][ T3292] bridge_slave_0: entered allmulticast mode [ 1983.265478][ T3292] bridge_slave_0: entered promiscuous mode [ 1983.319459][ T3292] bridge0: port 2(bridge_slave_1) entered blocking state [ 1983.343966][ T3292] bridge0: port 2(bridge_slave_1) entered disabled state [ 1983.355800][ T3292] bridge_slave_1: entered allmulticast mode [ 1983.362316][ T3292] bridge_slave_1: entered promiscuous mode [ 1983.368894][ T9545] tipc: Disabling bearer [ 1983.374330][ T9545] tipc: Left network mode [ 1983.401453][ T9545] veth1_macvtap: left promiscuous mode [ 1983.407053][ T9545] veth0_vlan: left promiscuous mode [ 1983.573224][ T3292] bridge0: port 2(bridge_slave_1) entered blocking state [ 1983.580491][ T3292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1983.587951][ T3292] bridge0: port 1(bridge_slave_0) entered blocking state [ 1983.595425][ T3292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1983.610235][ T3332] binder: Unknown parameter 'contextÌðÔ' [ 1983.646574][T29326] bridge0: port 1(bridge_slave_0) entered disabled state [ 1983.654065][T29326] bridge0: port 2(bridge_slave_1) entered disabled state [ 1983.665421][T29326] bridge0: port 1(bridge_slave_0) entered blocking state [ 1983.672700][T29326] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1983.688661][ T3339] binder: Unknown parameter '†— e<é' [ 1983.690740][T29326] bridge0: port 2(bridge_slave_1) entered blocking state [ 1983.701790][T29326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1983.736034][ T3344] netlink: 4 bytes leftover after parsing attributes in process `syz.2.64585'. [ 1983.796839][ T3292] veth0_vlan: entered promiscuous mode [ 1983.820891][ T3292] veth1_macvtap: entered promiscuous mode [ 1983.975775][ T3369] netlink: 4 bytes leftover after parsing attributes in process `syz.1.64596'. [ 1984.129430][ T3381] fuseblk: Bad value for 'fd' [ 1984.487665][ T3403] futex_wake_op: syz.0.64614 tries to shift op by 32; fix this program [ 1984.637433][ T3409] fuseblk: Bad value for 'fd' [ 1985.466804][ T3466] netlink: 12 bytes leftover after parsing attributes in process `syz.1.64638'. [ 1985.504160][ T3471] tipc: Enabling of bearer rejected, failed to enable media [ 1985.549901][ T3482] binder: Unknown parameter '†— e<é' [ 1986.807251][ T3552] fuseblk: Bad value for 'fd' [ 1987.357117][ T3580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64696'. [ 1987.642278][ T3609] FAT-fs (rnullb0): bogus number of reserved sectors [ 1987.649170][ T3609] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 1987.880197][ T3640] 9pnet_fd: Insufficient options for proto=fd [ 1988.275790][ T3665] binder: Unknown parameter 'conte' [ 1988.309539][ T3667] netlink: 12 bytes leftover after parsing attributes in process `syz.0.64739'. [ 1988.362374][ T3669] futex_wake_op: syz.3.64735 tries to shift op by 32; fix this program [ 1988.448604][ T3678] futex_wake_op: syz.3.64743 tries to shift op by 32; fix this program [ 1988.493496][ T3687] FAT-fs (rnullb0): bogus number of reserved sectors [ 1988.500443][ T3687] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 1989.472708][ T36] audit: type=1326 audit(2000000000.810:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3804 comm="syz.2.64806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a91b8f6c9 code=0x7ffc0000 [ 1989.540896][ T36] audit: type=1326 audit(2000000000.810:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3804 comm="syz.2.64806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a91b8f6c9 code=0x7ffc0000 [ 1989.580032][ T3813] binder: Bad value for 'context' [ 1989.595305][ T36] audit: type=1326 audit(2000000000.810:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3804 comm="syz.2.64806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f0a91b8f6c9 code=0x7ffc0000 [ 1989.660066][ T36] audit: type=1326 audit(2000000000.810:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3804 comm="syz.2.64806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a91b8f6c9 code=0x7ffc0000 [ 1989.744853][ T36] audit: type=1326 audit(2000000000.810:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3804 comm="syz.2.64806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a91b8f6c9 code=0x7ffc0000 [ 1990.697454][ T3869] netlink: 12 bytes leftover after parsing attributes in process `syz.0.64835'. [ 1990.707361][ T3871] netlink: 68 bytes leftover after parsing attributes in process `syz.3.64836'. [ 1991.037077][ T36] audit: type=1326 audit(2000000000.130:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3893 comm="syz.0.64848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7d78f6c9 code=0x7ffc0000 [ 1991.095587][ T36] audit: type=1326 audit(2000000000.130:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3893 comm="syz.0.64848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7d78f6c9 code=0x7ffc0000 [ 1991.152204][ T36] audit: type=1326 audit(2000000000.160:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3893 comm="syz.0.64848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=224 compat=0 ip=0x7f6c7d78f6c9 code=0x7ffc0000 [ 1991.213357][ T36] audit: type=1326 audit(2000000000.160:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3893 comm="syz.0.64848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7d78f6c9 code=0x7ffc0000 [ 1991.264898][ T36] audit: type=1326 audit(2000000000.160:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3893 comm="syz.0.64848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7d78f6c9 code=0x7ffc0000 [ 1992.000361][ T3925] fuseblk: Bad value for 'fd' [ 1994.252122][ T4022] FAT-fs (rnullb0): bogus number of reserved sectors [ 1994.265602][ T4022] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 1994.749836][ T4055] fuseblk: Bad value for 'fd' [ 1994.869351][ T4071] netlink: 12 bytes leftover after parsing attributes in process `syz.2.64920'. [ 1994.909424][ T4076] fuseblk: Bad value for 'fd' [ 1994.964971][ T4086] FAT-fs (rnullb0): bogus number of reserved sectors [ 1994.984794][ T4086] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 1995.068142][ T4098] netlink: 12 bytes leftover after parsing attributes in process `syz.3.64946'. [ 1995.096898][ T4102] fuseblk: Bad value for 'fd' [ 1996.887977][ T4162] netlink: 12 bytes leftover after parsing attributes in process `syz.1.64978'. [ 1998.250936][ T4224] tipc: Enabling of bearer rejected, failed to enable media [ 1998.311927][ T4226] FAT-fs (rnullb0): bogus number of reserved sectors [ 1998.328930][ T4226] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 1998.772100][ T4243] binder: Unknown parameter '†— e' [ 1998.826736][ T4245] tipc: Enabling of bearer rejected, failed to enable media [ 1999.189420][ T4263] tipc: Enabling of bearer rejected, failed to enable media [ 1999.239149][ T4267] netlink: 12 bytes leftover after parsing attributes in process `syz.3.65030'. [ 1999.485109][ T4306] 9p: Unknown access argument a: -22 [ 1999.924477][ T4344] netlink: 12 bytes leftover after parsing attributes in process `syz.1.65065'. [ 2000.136093][ T4352] binder: Unknown parameter '†— e<é' [ 2000.244732][ T4358] FAT-fs (rnullb0): bogus number of reserved sectors [ 2000.255636][ T4358] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 2000.525059][ T4372] binder: Unknown parameter '†— e<é' [ 2000.592478][ T4380] fuse: Bad value for 'rootmode' [ 2000.691783][ T4391] binder: Unknown parameter '†— e<é' [ 2000.767142][ T4393] FAT-fs (rnullb0): bogus number of reserved sectors [ 2000.773873][ T4393] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 2000.950002][ T4401] netlink: 'syz.0.65086': attribute type 4 has an invalid length. [ 2000.967557][ T4401] netlink: 'syz.0.65086': attribute type 4 has an invalid length. [ 2002.446028][ T4441] fuseblk: Bad value for 'fd' [ 2002.803673][ T4486] SELinux: Context system_u:object_r:man_t:s0 is not valid (left unmapped). [ 2002.812757][ T36] audit: type=1400 audit(2000000011.560:638): avc: denied { relabelto } for pid=4485 comm="syz.1.65135" name="TCPv6" dev="sockfs" ino=805959 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=tcp_socket permissive=1 trawcon="system_u:object_r:man_t:s0" [ 2003.087445][ T4519] futex_wake_op: syz.3.65150 tries to shift op by 32; fix this program [ 2003.616145][ T4567] futex_wake_op: syz.1.65173 tries to shift op by 32; fix this program [ 2004.199779][ T4590] tipc: Enabling of bearer rejected, failed to enable media [ 2004.288939][ T4594] FAT-fs (rnullb0): bogus number of reserved sectors [ 2004.303881][ T4596] futex_wake_op: syz.3.65182 tries to shift op by 32; fix this program [ 2004.305559][ T4594] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 2004.708001][ T4638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.65208'. [ 2004.939243][ T4662] fuseblk: Bad value for 'fd' [ 2005.370533][ T4684] tipc: Enabling of bearer rejected, failed to enable media [ 2005.905864][ T4710] 9pnet_fd: Insufficient options for proto=fd [ 2005.938104][ T4712] netlink: 12 bytes leftover after parsing attributes in process `syz.1.65245'. [ 2007.149797][ T4805] binder: Unknown parameter '†— e<é' [ 2007.846409][ T455] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 2008.016616][ T455] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 2008.045574][ T455] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 2008.077006][ T455] usb 3-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 2008.105590][ T455] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2008.113631][ T455] usb 3-1: Product: syz [ 2008.136867][ T455] usb 3-1: Manufacturer: syz [ 2008.151991][ T455] usb 3-1: SerialNumber: syz [ 2008.166311][ T455] usb 3-1: config 0 descriptor?? [ 2008.182917][ T455] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -90 [ 2008.392899][T26413] usb 3-1: USB disconnect, device number 9 [ 2008.416699][ T4861] binder: Unknown parameter '†— e<é' [ 2008.554264][ T4871] netlink: 12 bytes leftover after parsing attributes in process `syz.1.65317'. [ 2008.573303][ T4873] netlink: 12 bytes leftover after parsing attributes in process `syz.0.65324'. [ 2008.612815][ T4879] binder: Unknown parameter '†— e<é' [ 2009.177629][ T4933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.65353'. [ 2009.495700][ T4951] netlink: 4 bytes leftover after parsing attributes in process `syz.2.65364'. [ 2009.515708][ T4953] FAT-fs (rnullb0): bogus number of reserved sectors [ 2009.522431][ T4953] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 2009.722708][ T4979] netlink: 4 bytes leftover after parsing attributes in process `syz.3.65376'. [ 2010.243280][ T5007] FAT-fs (rnullb0): bogus number of reserved sectors [ 2010.250114][ T5007] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 2010.798332][ T5051] overlayfs: failed to resolve './file0': -2 [ 2011.097671][ T5087] FAT-fs (rnullb0): bogus number of reserved sectors [ 2011.115563][ T5087] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 2011.244903][ T5113] FAT-fs (rnullb0): bogus number of reserved sectors [ 2011.253339][ T5113] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 2011.394935][ T5139] FAT-fs (rnullb0): bogus number of reserved sectors [ 2011.401929][ T5139] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 2011.548325][ T5159] FAT-fs (rnullb0): bogus number of reserved sectors [ 2011.565790][ T5159] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 2012.704115][ T5207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.65489'. [ 2013.669235][ T5223] No source specified [ 2013.697172][ T5225] No source specified [ 2014.217138][ T5263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.65518'. [ 2014.621994][ T5279] netlink: 12 bytes leftover after parsing attributes in process `syz.1.65523'. [ 2014.876093][ T5299] netlink: 12 bytes leftover after parsing attributes in process `syz.1.65535'. [ 2016.255867][ T5381] 9pnet_virtio: no channels available for device syz [ 2016.529647][ T5393] fuseblk: Bad value for 'fd' [ 2018.524192][ T5511] overlay: ./file0 is not a directory [ 2018.525583][ T36] audit: type=1400 audit(2000000002.730:639): avc: denied { mounton } for pid=5510 comm="syz.0.65633" path="/299/file0" dev="tmpfs" ino=1818 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 2018.895469][ T5569] netlink: 288 bytes leftover after parsing attributes in process `syz.2.65669'. [ 2018.996030][ T5579] futex_wake_op: syz.3.65674 tries to shift op by 32; fix this program [ 2019.127817][ T5596] fuseblk: Bad value for 'fd' [ 2019.128276][ T5598] SELinux: Context system_u:object_r:random_device_t:s0 is not valid (left unmapped). [ 2019.162138][ T36] audit: type=1400 audit(2000000003.370:640): avc: denied { relabelto } for pid=5597 comm="syz.0.65683" name="" dev="pipefs" ino=812524 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:random_device_t:s0" [ 2019.207376][ T5602] futex_wake_op: syz.0.65685 tries to shift op by 32; fix this program [ 2019.383446][ T5624] futex_wake_op: syz.3.65696 tries to shift op by 32; fix this program [ 2019.627267][ T5652] netlink: 12 bytes leftover after parsing attributes in process `syz.3.65710'. [ 2019.787308][ T5672] netlink: 12 bytes leftover after parsing attributes in process `syz.3.65719'. [ 2019.860365][ T5683] futex_wake_op: syz.2.65727 tries to shift op by 32; fix this program [ 2020.355580][T14266] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 2020.517455][T14266] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 2020.544620][T14266] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 2020.561716][T14266] usb 3-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 2020.581153][T14266] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2020.601879][T14266] usb 3-1: Product: syz [ 2020.606823][T14266] usb 3-1: Manufacturer: syz [ 2020.611461][T14266] usb 3-1: SerialNumber: syz [ 2020.631343][T14266] usb 3-1: config 0 descriptor?? [ 2020.646556][T14266] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -90 [ 2020.771610][ T5756] netlink: 12 bytes leftover after parsing attributes in process `syz.1.65761'. [ 2020.865775][T14266] usb 3-1: USB disconnect, device number 10 [ 2020.956625][ T5766] netlink: 4 bytes leftover after parsing attributes in process `syz.1.65767'. [ 2021.055888][ T5778] netlink: 12 bytes leftover after parsing attributes in process `syz.1.65772'. [ 2021.139316][ T5788] netlink: 4 bytes leftover after parsing attributes in process `syz.1.65777'. [ 2021.290317][ T5800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.65776'. [ 2021.301467][ T5800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.65776'. [ 2021.530667][ T5808] netlink: 4 bytes leftover after parsing attributes in process `syz.2.65787'. [ 2021.542744][ T5810] netlink: 12 bytes leftover after parsing attributes in process `syz.0.65781'. [ 2022.321899][ T5832] netlink: 4 bytes leftover after parsing attributes in process `syz.2.65797'. [ 2023.239748][ T5866] fuseblk: Bad value for 'fd' [ 2023.468501][ T5886] fuseblk: Bad value for 'fd' [ 2023.623308][ T5907] fuseblk: Bad value for 'fd' [ 2024.173812][ T5966] fuseblk: Bad value for 'fd' [ 2024.520659][ T5984] fuseblk: Bad value for 'fd' [ 2024.935856][ T6035] netlink: 12 bytes leftover after parsing attributes in process `syz.1.65899'. [ 2026.197833][ T6092] fuseblk: Bad value for 'fd' [ 2026.578575][ T6118] fuseblk: Bad value for 'fd' [ 2026.670496][ T6131] futex_wake_op: syz.3.65946 tries to shift op by 32; fix this program [ 2027.425787][ T6184] __nla_validate_parse: 2 callbacks suppressed [ 2027.425813][ T6184] netlink: 4 bytes leftover after parsing attributes in process `syz.1.65973'. [ 2027.505830][ T6190] fuseblk: Bad value for 'fd' [ 2027.708725][ T6211] fuseblk: Bad value for 'fd' [ 2027.789024][ T6217] binder: Unknown parameter '†— e' [ 2028.617883][ T6231] netlink: 4 bytes leftover after parsing attributes in process `syz.2.65998'. [ 2028.818248][ T6245] fuseblk: Bad value for 'fd' [ 2029.852860][ T6294] netlink: 12 bytes leftover after parsing attributes in process `syz.2.66029'. [ 2029.979094][ T6308] binder: Unknown parameter '†— e<' [ 2029.993537][ T6310] fuseblk: Bad value for 'fd' [ 2030.042467][ T6316] netlink: 52 bytes leftover after parsing attributes in process `syz.2.66038'. [ 2030.067635][ T6316] netlink: 12 bytes leftover after parsing attributes in process `syz.2.66038'. [ 2030.090090][ T6316] netlink: 20 bytes leftover after parsing attributes in process `syz.2.66038'. [ 2030.429168][ T6355] binder: Unknown parameter '†— e<é' [ 2030.573859][ T6361] futex_wake_op: syz.2.66060 tries to shift op by 32; fix this program [ 2030.799953][ T6375] fuseblk: Bad value for 'fd' [ 2031.163436][ T6382] futex_wake_op: syz.2.66069 tries to shift op by 32; fix this program [ 2031.441555][ T6404] futex_wake_op: syz.1.66079 tries to shift op by 32; fix this program [ 2031.638001][ T6423] futex_wake_op: syz.3.66088 tries to shift op by 32; fix this program [ 2031.702544][ T6432] netlink: 12 bytes leftover after parsing attributes in process `syz.3.66092'. [ 2032.161462][ T6495] fuseblk: Bad value for 'fd' [ 2032.185562][T14266] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 2032.346684][T14266] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 2032.357757][T14266] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 2032.369343][T14266] usb 2-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 2032.378738][T14266] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2032.387731][T14266] usb 2-1: Product: syz [ 2032.392015][T14266] usb 2-1: Manufacturer: syz [ 2032.396938][T14266] usb 2-1: SerialNumber: syz [ 2032.403901][T14266] usb 2-1: config 0 descriptor?? [ 2032.410916][T14266] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -90 [ 2032.613171][T14266] usb 2-1: USB disconnect, device number 46 [ 2032.667808][ T6525] netlink: 104 bytes leftover after parsing attributes in process `syz.3.66131'. [ 2032.715944][ T6535] netlink: 20 bytes leftover after parsing attributes in process `syz.3.66142'. [ 2032.802907][ T6553] netlink: 20 bytes leftover after parsing attributes in process `syz.0.66151'. [ 2032.932481][ T6574] netlink: 'syz.0.66160': attribute type 4 has an invalid length. [ 2032.940410][ T6574] netlink: 'syz.0.66160': attribute type 5 has an invalid length. [ 2032.948441][ T6574] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.66160'. [ 2032.990153][ T6580] netlink: 20 bytes leftover after parsing attributes in process `syz.0.66163'. [ 2033.075605][T14266] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 2033.121055][ T6595] netlink: 'syz.0.66170': attribute type 4 has an invalid length. [ 2033.129015][ T6595] netlink: 'syz.0.66170': attribute type 5 has an invalid length. [ 2033.137186][ T6595] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.66170'. [ 2033.155488][ T6599] binder: Unknown parameter '†— e<é' [ 2033.161451][ T6601] netlink: 20 bytes leftover after parsing attributes in process `syz.2.66173'. [ 2033.245551][T14266] usb 4-1: Using ep0 maxpacket: 8 [ 2033.263455][T14266] usb 4-1: config 2 interface 0 altsetting 8 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 2033.294611][T14266] usb 4-1: config 2 interface 0 altsetting 8 endpoint 0x9 has invalid wMaxPacketSize 0 [ 2033.325091][T14266] usb 4-1: config 2 interface 0 has no altsetting 0 [ 2033.356222][T14266] usb 4-1: New USB device found, idVendor=04e2, idProduct=1412, bcdDevice=ca.10 [ 2033.365307][T14266] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2033.387662][T14266] usb 4-1: Product: syz [ 2033.391890][T14266] usb 4-1: Manufacturer: syz [ 2033.405589][T14266] usb 4-1: SerialNumber: syz [ 2033.626157][T14266] usb 4-1: USB disconnect, device number 22 [ 2034.036338][ T6627] netlink: 20 bytes leftover after parsing attributes in process `syz.2.66186'. [ 2034.215559][T14266] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 2034.385574][T14266] usb 2-1: Using ep0 maxpacket: 32 [ 2034.396612][T14266] usb 2-1: config 0 has an invalid interface number: 250 but max is 1 [ 2034.415040][T14266] usb 2-1: config 0 has no interface number 1 [ 2034.421315][T14266] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2034.446546][T14266] usb 2-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f [ 2034.465576][T14266] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2034.474971][T14266] usb 2-1: Product: syz [ 2034.485097][T14266] usb 2-1: Manufacturer: syz [ 2034.497580][T14266] usb 2-1: SerialNumber: syz [ 2034.510634][T14266] usb 2-1: config 0 descriptor?? [ 2034.524166][T14266] usb 2-1: Found UVC 0.00 device syz (0408:3090) [ 2034.535937][T14266] usb 2-1: No valid video chain found. [ 2034.733386][T14266] usb 2-1: USB disconnect, device number 47 [ 2034.760390][ T6648] binder: Unknown parameter '†— e<é' [ 2034.837184][ T6654] netlink: 20 bytes leftover after parsing attributes in process `syz.0.66195'. [ 2035.115719][ T6675] binder: Unknown parameter '†— e<é' [ 2035.123951][ T6677] netlink: 12 bytes leftover after parsing attributes in process `syz.3.66209'. [ 2035.334656][ T6713] netlink: 'syz.1.66226': attribute type 4 has an invalid length. [ 2035.346616][ T6713] netlink: 'syz.1.66226': attribute type 5 has an invalid length. [ 2038.405180][T29326] bridge_slave_1: left allmulticast mode [ 2038.427887][T29326] bridge_slave_1: left promiscuous mode [ 2038.433653][T29326] bridge0: port 2(bridge_slave_1) entered disabled state [ 2038.458121][T29326] bridge_slave_0: left allmulticast mode [ 2038.474149][T29326] bridge_slave_0: left promiscuous mode [ 2038.480254][T29326] bridge0: port 1(bridge_slave_0) entered disabled state [ 2038.616432][T29326] veth1_macvtap: left promiscuous mode [ 2038.621991][T29326] veth0_vlan: left promiscuous mode [ 2038.718737][ T6897] __nla_validate_parse: 5 callbacks suppressed [ 2038.718757][ T6897] netlink: 4 bytes leftover after parsing attributes in process `syz.2.66317'. [ 2038.736213][ T6899] netlink: 'syz.0.66318': attribute type 4 has an invalid length. [ 2038.756053][ T6899] netlink: 'syz.0.66318': attribute type 5 has an invalid length. [ 2038.764421][ T6899] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.66318'. [ 2038.799185][ T6876] bridge0: port 1(bridge_slave_0) entered blocking state [ 2038.822010][ T6876] bridge0: port 1(bridge_slave_0) entered disabled state [ 2038.825365][ T6903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.66320'. [ 2038.835613][ T6876] bridge_slave_0: entered allmulticast mode [ 2038.845554][ T6903] netlink: 12 bytes leftover after parsing attributes in process `syz.0.66320'. [ 2038.854696][ T6876] bridge_slave_0: entered promiscuous mode [ 2038.864773][ T6903] netlink: 16 bytes leftover after parsing attributes in process `syz.0.66320'. [ 2038.865121][ T6876] bridge0: port 2(bridge_slave_1) entered blocking state [ 2038.892942][ T6876] bridge0: port 2(bridge_slave_1) entered disabled state [ 2038.900436][ T6876] bridge_slave_1: entered allmulticast mode [ 2038.913540][ T6876] bridge_slave_1: entered promiscuous mode [ 2039.128283][ T6876] bridge0: port 2(bridge_slave_1) entered blocking state [ 2039.135396][ T6876] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2039.142835][ T6876] bridge0: port 1(bridge_slave_0) entered blocking state [ 2039.150076][ T6876] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2039.239610][ T9545] bridge0: port 1(bridge_slave_0) entered disabled state [ 2039.258194][ T9545] bridge0: port 2(bridge_slave_1) entered disabled state [ 2039.277998][T24976] bridge0: port 1(bridge_slave_0) entered blocking state [ 2039.285084][T24976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2039.307037][ T9545] bridge0: port 2(bridge_slave_1) entered blocking state [ 2039.314311][ T9545] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2039.384343][ T6876] veth0_vlan: entered promiscuous mode [ 2039.399895][ T6876] veth1_macvtap: entered promiscuous mode [ 2039.454279][ T6934] No source specified [ 2040.274880][ T6956] netlink: 4 bytes leftover after parsing attributes in process `syz.3.66339'. [ 2041.148318][T29326] bridge_slave_1: left allmulticast mode [ 2041.154277][T29326] bridge_slave_1: left promiscuous mode [ 2041.160481][T29326] bridge0: port 2(bridge_slave_1) entered disabled state [ 2041.168585][T29326] bridge_slave_0: left allmulticast mode [ 2041.174520][T29326] bridge_slave_0: left promiscuous mode [ 2041.180905][T29326] bridge0: port 1(bridge_slave_0) entered disabled state [ 2041.289722][ T6991] bridge0: port 1(bridge_slave_0) entered blocking state [ 2041.296884][ T6991] bridge0: port 1(bridge_slave_0) entered disabled state [ 2041.304032][ T6991] bridge_slave_0: entered allmulticast mode [ 2041.313858][ T6991] bridge_slave_0: entered promiscuous mode [ 2041.326005][T29326] veth1_macvtap: left promiscuous mode [ 2041.331943][T29326] veth0_vlan: left promiscuous mode [ 2041.400220][ T6991] bridge0: port 2(bridge_slave_1) entered blocking state [ 2041.410597][ T6991] bridge0: port 2(bridge_slave_1) entered disabled state [ 2041.418312][ T6991] bridge_slave_1: entered allmulticast mode [ 2041.425895][ T7021] No source specified [ 2041.430232][ T6991] bridge_slave_1: entered promiscuous mode [ 2041.528430][ T6991] bridge0: port 2(bridge_slave_1) entered blocking state [ 2041.535551][ T6991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2041.543450][ T6991] bridge0: port 1(bridge_slave_0) entered blocking state [ 2041.550618][ T6991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2041.569406][T24976] bridge0: port 1(bridge_slave_0) entered disabled state [ 2041.686583][T24976] bridge0: port 2(bridge_slave_1) entered disabled state [ 2041.762198][T24976] bridge0: port 1(bridge_slave_0) entered blocking state [ 2041.769328][T24976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2041.787044][ T9545] bridge0: port 2(bridge_slave_1) entered blocking state [ 2041.794131][ T9545] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2041.827986][ T6991] veth0_vlan: entered promiscuous mode [ 2041.842388][ T6991] veth1_macvtap: entered promiscuous mode [ 2041.884428][ T7053] fuseblk: Bad value for 'fd' [ 2042.409180][ T7079] fuseblk: Bad value for 'fd' [ 2043.929819][ T7126] netlink: 'syz.2.66420': attribute type 4 has an invalid length. [ 2043.948190][ T7126] netlink: 'syz.2.66420': attribute type 5 has an invalid length. [ 2043.965745][ T7126] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.66420'. [ 2044.938808][ T7180] netlink: 9 bytes leftover after parsing attributes in process `syz.2.66445'. [ 2044.948511][ T7180] gretap0: entered promiscuous mode [ 2044.993342][ T7190] netlink: 12 bytes leftover after parsing attributes in process `syz.2.66450'. [ 2045.023192][ T7196] incfs: Backing dir is not set, filesystem can't be mounted. [ 2045.032548][ T7196] incfs: mount failed -2 [ 2045.073771][ T7202] netlink: 'syz.2.66456': attribute type 4 has an invalid length. [ 2045.081706][ T7202] netlink: 'syz.2.66456': attribute type 5 has an invalid length. [ 2045.089971][ T7202] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.66456'. [ 2045.221534][ T7232] netlink: 'syz.1.66471': attribute type 4 has an invalid length. [ 2045.241074][ T7232] netlink: 'syz.1.66471': attribute type 5 has an invalid length. [ 2045.249606][ T7232] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.66471'. [ 2045.336450][ T7250] netlink: 12 bytes leftover after parsing attributes in process `syz.2.66481'. [ 2045.341577][ T7255] incfs: Backing dir is not set, filesystem can't be mounted. [ 2045.353582][ T7255] incfs: mount failed -2 [ 2045.376815][ T7257] netlink: 9 bytes leftover after parsing attributes in process `syz.1.66483'. [ 2045.402471][ T7257] gretap0: entered promiscuous mode [ 2045.520888][ T7277] netlink: 12 bytes leftover after parsing attributes in process `syz.0.66493'. [ 2045.850391][ T7322] netlink: 12 bytes leftover after parsing attributes in process `syz.0.66515'. [ 2045.903141][ T7328] netlink: 'syz.0.66518': attribute type 4 has an invalid length. [ 2045.924446][ T7328] netlink: 'syz.0.66518': attribute type 5 has an invalid length. [ 2045.935114][ T7328] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.66518'. [ 2046.916302][ T7411] netlink: 'syz.2.66557': attribute type 4 has an invalid length. [ 2046.924406][ T7411] netlink: 'syz.2.66557': attribute type 5 has an invalid length. [ 2047.477058][ T7486] gretap0: entered promiscuous mode [ 2047.607805][ T7500] incfs: Backing dir is not set, filesystem can't be mounted. [ 2047.624105][ T7500] incfs: mount failed -2 [ 2048.069699][ T7558] fuse: Bad value for 'rootmode' [ 2048.676495][ T36] audit: type=1326 audit(2000000024.880:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7593 comm="syz.3.66649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f71f258f6c9 code=0x0 [ 2048.991723][ T7640] __nla_validate_parse: 5 callbacks suppressed [ 2048.991745][ T7640] netlink: 9 bytes leftover after parsing attributes in process `syz.1.66670'. [ 2050.396673][ T7696] incfs: Backing dir is not set, filesystem can't be mounted. [ 2050.414428][ T7696] incfs: mount failed -2 [ 2050.600873][ T7708] incfs: Backing dir is not set, filesystem can't be mounted. [ 2050.608961][ T7708] incfs: mount failed -2 [ 2050.634128][ T7710] netlink: 4 bytes leftover after parsing attributes in process `syz.2.66705'. [ 2050.757897][ T36] audit: type=1400 audit(2000000026.960:642): avc: denied { ioctl } for pid=7730 comm="syz.2.66714" path="/dev/rtc0" dev="devtmpfs" ino=195 ioctlcmd=0x7001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 2051.956955][ T7803] netlink: 36 bytes leftover after parsing attributes in process `syz.1.66749'. [ 2051.966139][ T7803] netlink: 12 bytes leftover after parsing attributes in process `syz.1.66749'. [ 2051.976040][ T7803] netlink: 16 bytes leftover after parsing attributes in process `syz.1.66749'. [ 2052.191926][ T7836] incfs: Backing dir is not set, filesystem can't be mounted. [ 2052.216956][ T7836] incfs: mount failed -2 [ 2052.357641][ T7844] 9pnet: Could not find request transport: f [ 2055.312459][ T8027] incfs: Backing dir is not set, filesystem can't be mounted. [ 2055.320515][ T8027] incfs: mount failed -2 [ 2055.682560][ T8063] netlink: 24 bytes leftover after parsing attributes in process `syz.3.66873'. [ 2055.900873][ T8077] validate_nla: 4 callbacks suppressed [ 2055.900895][ T8077] netlink: 'syz.1.66871': attribute type 4 has an invalid length. [ 2055.936355][ T8077] netlink: 'syz.1.66871': attribute type 5 has an invalid length. [ 2055.955543][ T8077] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.66871'. [ 2055.998039][ T8079] incfs: Backing dir is not set, filesystem can't be mounted. [ 2056.015672][ T8079] incfs: mount failed -2 [ 2056.446154][ T8104] netlink: 4 bytes leftover after parsing attributes in process `syz.1.66895'. [ 2056.578447][ T8128] netlink: 4 bytes leftover after parsing attributes in process `syz.0.66904'. [ 2056.663224][ T36] audit: type=1326 audit(2000000032.860:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8144 comm="syz.1.66912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2056.708605][ T36] audit: type=1326 audit(2000000032.860:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8144 comm="syz.1.66912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2056.758372][ T36] audit: type=1326 audit(2000000032.860:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8144 comm="syz.1.66912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2056.792810][ T36] audit: type=1326 audit(2000000032.860:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8144 comm="syz.1.66912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2056.825992][ T36] audit: type=1326 audit(2000000032.860:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8144 comm="syz.1.66912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2056.850584][ T36] audit: type=1326 audit(2000000032.860:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8144 comm="syz.1.66912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2057.043260][ T8187] netlink: 'syz.2.66933': attribute type 4 has an invalid length. [ 2057.051445][ T8187] netlink: 'syz.2.66933': attribute type 5 has an invalid length. [ 2057.060968][ T8187] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.66933'. [ 2057.230955][ T8211] netlink: 4 bytes leftover after parsing attributes in process `syz.0.66945'. [ 2057.279159][ T8219] incfs: Backing dir is not set, filesystem can't be mounted. [ 2057.286933][ T8219] incfs: mount failed -2 [ 2057.495266][ T8239] incfs: Backing dir is not set, filesystem can't be mounted. [ 2057.504011][ T8239] incfs: mount failed -2 [ 2057.568694][ T8245] overlayfs: failed to resolve './file0': -2 [ 2057.809012][ T8263] incfs: Backing dir is not set, filesystem can't be mounted. [ 2057.826200][ T8263] incfs: mount failed -2 [ 2057.906361][ T8275] netlink: 'syz.2.66976': attribute type 4 has an invalid length. [ 2057.916315][ T8275] netlink: 'syz.2.66976': attribute type 5 has an invalid length. [ 2057.924298][ T8275] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.66976'. [ 2058.057293][ T8289] netlink: 96 bytes leftover after parsing attributes in process `syz.2.66984'. [ 2058.115952][ T8295] netlink: 'syz.3.66987': attribute type 4 has an invalid length. [ 2058.142162][ T8295] netlink: 'syz.3.66987': attribute type 5 has an invalid length. [ 2058.153223][ T8297] netlink: 24 bytes leftover after parsing attributes in process `syz.2.66988'. [ 2058.155565][ T8295] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.66987'. [ 2058.474232][ T8341] netlink: 'syz.2.67008': attribute type 4 has an invalid length. [ 2058.490352][ T8341] netlink: 'syz.2.67008': attribute type 5 has an invalid length. [ 2058.732405][ T8382] overlayfs: failed to clone upperpath [ 2058.958031][ T8408] tipc: Started in network mode [ 2058.963026][ T8408] tipc: Node identity ac14140f, cluster identity 4711 [ 2058.982872][ T8408] tipc: New replicast peer: 255.255.255.255 [ 2058.995806][ T8408] tipc: Enabled bearer , priority 10 [ 2059.315110][T24976] bridge_slave_1: left allmulticast mode [ 2059.329802][T24976] bridge_slave_1: left promiscuous mode [ 2059.335924][T24976] bridge0: port 2(bridge_slave_1) entered disabled state [ 2059.347132][ T8466] futex_wake_op: syz.2.67070 tries to shift op by -1; fix this program [ 2059.347395][T24976] bridge_slave_0: left allmulticast mode [ 2059.361372][T24976] bridge_slave_0: left promiscuous mode [ 2059.371815][T24976] bridge0: port 1(bridge_slave_0) entered disabled state [ 2059.531738][T24976] veth1_macvtap: left promiscuous mode [ 2059.542791][T24976] veth0_vlan: left promiscuous mode [ 2059.730159][ T8457] bridge0: port 1(bridge_slave_0) entered blocking state [ 2059.745725][ T8457] bridge0: port 1(bridge_slave_0) entered disabled state [ 2059.761078][ T8457] bridge_slave_0: entered allmulticast mode [ 2059.775020][ T8457] bridge_slave_0: entered promiscuous mode [ 2059.789106][ T8457] bridge0: port 2(bridge_slave_1) entered blocking state [ 2059.806072][ T8457] bridge0: port 2(bridge_slave_1) entered disabled state [ 2059.819745][ T8457] bridge_slave_1: entered allmulticast mode [ 2059.836402][ T8457] bridge_slave_1: entered promiscuous mode [ 2059.965656][ T8457] bridge0: port 2(bridge_slave_1) entered blocking state [ 2059.973132][ T8457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2059.980622][ T8457] bridge0: port 1(bridge_slave_0) entered blocking state [ 2059.987767][ T8457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2060.070269][T29326] bridge0: port 1(bridge_slave_0) entered disabled state [ 2060.084264][T29326] bridge0: port 2(bridge_slave_1) entered disabled state [ 2060.112473][T29326] bridge0: port 1(bridge_slave_0) entered blocking state [ 2060.119684][T29326] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2060.127516][ T455] tipc: Node number set to 2886997007 [ 2060.148918][T29326] bridge0: port 2(bridge_slave_1) entered blocking state [ 2060.156038][T29326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2060.250763][ T8457] veth0_vlan: entered promiscuous mode [ 2060.301137][ T8457] veth1_macvtap: entered promiscuous mode [ 2060.389203][ T8485] overlayfs: failed to clone upperpath [ 2060.761879][ T8505] __nla_validate_parse: 8 callbacks suppressed [ 2060.761903][ T8505] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.67084'. [ 2061.526607][ T8510] netlink: 9 bytes leftover after parsing attributes in process `syz.3.67088'. [ 2061.566488][ T8510] gretap0: entered promiscuous mode [ 2061.653348][ T9545] bridge_slave_1: left allmulticast mode [ 2061.679095][ T9545] bridge_slave_1: left promiscuous mode [ 2061.715678][ T9545] bridge0: port 2(bridge_slave_1) entered disabled state [ 2061.747216][ T9545] bridge_slave_0: left allmulticast mode [ 2061.753257][ T9545] bridge_slave_0: left promiscuous mode [ 2061.799638][ T9545] bridge0: port 1(bridge_slave_0) entered disabled state [ 2062.060683][ T9545] veth1_macvtap: left promiscuous mode [ 2062.075713][ T9545] veth0_vlan: left promiscuous mode [ 2062.584731][ T8519] bridge0: port 1(bridge_slave_0) entered blocking state [ 2062.604348][ T8519] bridge0: port 1(bridge_slave_0) entered disabled state [ 2062.613069][ T8519] bridge_slave_0: entered allmulticast mode [ 2062.619634][ T8519] bridge_slave_0: entered promiscuous mode [ 2062.626879][ T8519] bridge0: port 2(bridge_slave_1) entered blocking state [ 2062.634210][ T8519] bridge0: port 2(bridge_slave_1) entered disabled state [ 2062.641934][ T8519] bridge_slave_1: entered allmulticast mode [ 2062.648693][ T8519] bridge_slave_1: entered promiscuous mode [ 2062.657807][ T8539] incfs: Backing dir is not set, filesystem can't be mounted. [ 2062.672120][ T8539] incfs: mount failed -2 [ 2062.827986][T24976] bridge0: port 1(bridge_slave_0) entered blocking state [ 2062.835053][T24976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2062.842980][T24976] bridge0: port 2(bridge_slave_1) entered blocking state [ 2062.850587][T24976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2062.888515][ T8519] veth0_vlan: entered promiscuous mode [ 2062.901148][ T8519] veth1_macvtap: entered promiscuous mode [ 2062.985636][ T8586] netlink: 24 bytes leftover after parsing attributes in process `syz.2.67117'. [ 2063.034256][ T8596] incfs: Backing dir is not set, filesystem can't be mounted. [ 2063.043169][ T8596] incfs: mount failed -2 [ 2063.841638][ T8640] validate_nla: 2 callbacks suppressed [ 2063.841661][ T8640] netlink: 'syz.2.67142': attribute type 4 has an invalid length. [ 2063.858716][ T8640] netlink: 'syz.2.67142': attribute type 5 has an invalid length. [ 2063.875543][ T8640] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.67142'. [ 2063.966278][ T8650] SELinux: Context system_u:object_r:usr_t:s0 is not valid (left unmapped). [ 2063.975149][ T36] audit: type=1400 audit(2000000040.170:649): avc: denied { relabelfrom } for pid=8649 comm="syz.0.67150" name="NETLINK" dev="sockfs" ino=830882 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 2064.027543][ T36] audit: type=1400 audit(2000000040.210:650): avc: denied { relabelto } for pid=8649 comm="syz.0.67150" name="NETLINK" dev="sockfs" ino=830882 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_route_socket permissive=1 trawcon="system_u:object_r:usr_t:s0" [ 2064.969447][ T8695] netlink: 9 bytes leftover after parsing attributes in process `syz.1.67171'. [ 2065.569180][ T36] audit: type=1400 audit(2000000041.770:651): avc: denied { execmem } for pid=8717 comm="syz.2.67182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 2065.983590][ T8754] netlink: 9 bytes leftover after parsing attributes in process `syz.1.67199'. [ 2066.120057][ T8762] tipc: Started in network mode [ 2066.130670][ T8762] tipc: Node identity ac14140f, cluster identity 4711 [ 2066.143133][ T8762] tipc: New replicast peer: 255.255.255.255 [ 2066.155811][ T8762] tipc: Enabled bearer , priority 10 [ 2066.371439][ T8778] overlayfs: failed to clone upperpath [ 2066.758489][ T8798] netlink: 24 bytes leftover after parsing attributes in process `syz.0.67221'. [ 2067.155579][ T397] tipc: Node number set to 2886997007 [ 2067.309384][ T8834] netlink: 24 bytes leftover after parsing attributes in process `syz.3.67240'. [ 2067.444034][ T36] audit: type=1400 audit(2000000043.640:652): avc: denied { lock } for pid=8852 comm="syz.3.67248" path="socket:[831871]" dev="sockfs" ino=831871 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 2068.027718][ T8902] netlink: 9 bytes leftover after parsing attributes in process `syz.3.67272'. [ 2068.065052][ T36] audit: type=1400 audit(2000000044.260:653): avc: denied { create } for pid=8904 comm="syz.0.67274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 2068.476375][ T8945] netlink: 9 bytes leftover after parsing attributes in process `syz.2.67292'. [ 2068.696813][ T8955] netlink: 'syz.2.67298': attribute type 4 has an invalid length. [ 2068.725641][ T8955] netlink: 'syz.2.67298': attribute type 5 has an invalid length. [ 2068.735710][ T8955] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.67298'. [ 2068.880310][ T8969] netlink: 9 bytes leftover after parsing attributes in process `syz.0.67304'. [ 2068.889866][ T8969] gretap0: entered promiscuous mode [ 2069.407334][ T36] audit: type=1400 audit(2000000045.610:654): avc: denied { shutdown } for pid=9002 comm="syz.3.67322" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 2069.865893][ T9044] netlink: 'syz.0.67340': attribute type 4 has an invalid length. [ 2069.874197][ T9044] netlink: 'syz.0.67340': attribute type 5 has an invalid length. [ 2069.882496][ T9044] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.67340'. [ 2069.993497][ T36] audit: type=1326 audit(2000000046.190:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9051 comm="syz.1.67345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2070.041466][ T36] audit: type=1326 audit(2000000046.230:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9051 comm="syz.1.67345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2070.066623][ T36] audit: type=1326 audit(2000000046.230:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9051 comm="syz.1.67345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2070.091276][ T36] audit: type=1326 audit(2000000046.230:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9051 comm="syz.1.67345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2070.115550][ T36] audit: type=1326 audit(2000000046.230:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9051 comm="syz.1.67345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2070.139901][ T36] audit: type=1326 audit(2000000046.230:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9051 comm="syz.1.67345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=306 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2070.166216][ T36] audit: type=1326 audit(2000000046.230:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9051 comm="syz.1.67345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2070.190590][ T36] audit: type=1326 audit(2000000046.230:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9051 comm="syz.1.67345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92c8d8f6c9 code=0x7ffc0000 [ 2070.216676][ T9056] netlink: 188 bytes leftover after parsing attributes in process `syz.0.67347'. [ 2070.267096][ T9064] netlink: 'syz.3.67350': attribute type 4 has an invalid length. [ 2070.275031][ T9064] netlink: 'syz.3.67350': attribute type 5 has an invalid length. [ 2070.284523][ T9064] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.67350'. [ 2070.329167][ T9068] overlayfs: missing 'lowerdir' [ 2070.369361][ T9070] tipc: Started in network mode [ 2070.379965][ T9070] tipc: Node identity ac14140f, cluster identity 4711 [ 2070.394966][ T9070] tipc: New replicast peer: 255.255.255.255 [ 2070.408472][ T9070] tipc: Enabled bearer , priority 10 [ 2071.057081][ T9096] incfs: Backing dir is not set, filesystem can't be mounted. [ 2071.070483][ T9096] incfs: mount failed -2 [ 2071.456360][ T9125] netlink: 4 bytes leftover after parsing attributes in process `syz.2.67379'. [ 2071.536649][T26413] tipc: Node number set to 2886997007 [ 2071.627604][ T9134] netlink: 9 bytes leftover after parsing attributes in process `syz.3.67383'. [ 2071.756646][ T9136] incfs: Backing dir is not set, filesystem can't be mounted. [ 2071.764265][ T9136] incfs: mount failed -2 [ 2072.090085][ T9146] futex_wake_op: syz.1.67389 tries to shift op by 32; fix this program [ 2072.570791][ T9174] tmpfs: Unknown parameter 'no' [ 2072.845112][ T9214] futex_wake_op: syz.2.67422 tries to shift op by 32; fix this program [ 2072.879650][ T9222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.67425'. [ 2072.889098][ T9222] bridge_slave_1: left allmulticast mode [ 2072.894784][ T9222] bridge_slave_1: left promiscuous mode [ 2072.900995][ T9222] bridge0: port 2(bridge_slave_1) entered disabled state [ 2072.909290][ T9222] bridge_slave_0: left allmulticast mode [ 2072.915129][ T9222] bridge_slave_0: left promiscuous mode [ 2072.924186][ T9222] bridge0: port 1(bridge_slave_0) entered disabled state [ 2072.975599][ T455] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 2073.125597][ T455] usb 4-1: Using ep0 maxpacket: 32 [ 2073.142304][ T455] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2073.163003][ T455] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 2073.173184][ T455] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 2073.194160][ T455] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 4 [ 2073.210005][ T455] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 2073.223908][ T455] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=7 [ 2073.232569][ T455] usb 4-1: Product: syz [ 2073.237266][ T455] usb 4-1: Manufacturer: syz [ 2073.242145][ T455] usb 4-1: SerialNumber: syz [ 2073.247868][ T9267] futex_wake_op: syz.2.67446 tries to shift op by 32; fix this program [ 2073.256820][ T455] usb 4-1: config 0 descriptor?? [ 2073.305694][ T9273] netlink: 4 bytes leftover after parsing attributes in process `syz.2.67449'. [ 2073.314812][ T9273] bridge_slave_1: left allmulticast mode [ 2073.320520][ T9273] bridge_slave_1: left promiscuous mode [ 2073.326301][ T9273] bridge0: port 2(bridge_slave_1) entered disabled state [ 2073.334474][ T9273] bridge_slave_0: left allmulticast mode [ 2073.340409][ T9273] bridge_slave_0: left promiscuous mode [ 2073.347678][ T9273] bridge0: port 1(bridge_slave_0) entered disabled state [ 2073.465084][T24349] usb 4-1: USB disconnect, device number 23 [ 2073.591808][ T9292] netlink: 388 bytes leftover after parsing attributes in process `syz.1.67458'. [ 2073.596447][ T36] audit: type=1400 audit(2000000049.790:663): avc: denied { write } for pid=9291 comm="syz.1.67458" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 2073.634248][ T9296] netlink: 4 bytes leftover after parsing attributes in process `syz.2.67460'. [ 2074.006864][ T9312] futex_wake_op: syz.3.67468 tries to shift op by 32; fix this program [ 2074.048314][ T9314] overlayfs: failed to resolve './file1': -2 [ 2074.257771][ T9328] netlink: 4 bytes leftover after parsing attributes in process `syz.2.67471'. [ 2075.205346][ T9359] tipc: Enabling of bearer rejected, already enabled [ 2075.918318][ T9368] futex_wake_op: syz.3.67496 tries to shift op by 32; fix this program [ 2076.081132][ T36] kauditd_printk_skb: 1 callbacks suppressed [ 2076.081152][ T36] audit: type=1326 audit(2000000052.280:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9388 comm="syz.3.67504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e598f6c9 code=0x7ffc0000 [ 2076.145603][ T36] audit: type=1326 audit(2000000052.280:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9388 comm="syz.3.67504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e598f6c9 code=0x7ffc0000 [ 2076.200105][ T36] audit: type=1326 audit(2000000052.280:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9388 comm="syz.3.67504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fa0e598f6c9 code=0x7ffc0000 [ 2076.245552][ T36] audit: type=1326 audit(2000000052.280:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9388 comm="syz.3.67504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e598f6c9 code=0x7ffc0000 [ 2076.295572][ T36] audit: type=1326 audit(2000000052.280:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9388 comm="syz.3.67504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e598f6c9 code=0x7ffc0000 [ 2076.345563][ T36] audit: type=1326 audit(2000000052.310:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9388 comm="syz.3.67504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7fa0e598f6c9 code=0x7ffc0000 [ 2076.395573][ T36] audit: type=1326 audit(2000000052.310:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9388 comm="syz.3.67504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e598f6c9 code=0x7ffc0000 [ 2076.439497][ T36] audit: type=1326 audit(2000000052.310:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9388 comm="syz.3.67504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0e598f6c9 code=0x7ffc0000 [ 2076.700307][ T9395] netlink: 'syz.2.67507': attribute type 4 has an invalid length. [ 2076.709334][ T9395] netlink: 'syz.2.67507': attribute type 5 has an invalid length. [ 2076.717430][ T9395] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.67507'. [ 2076.920891][ T9415] netlink: 'syz.2.67518': attribute type 4 has an invalid length. [ 2076.928924][ T9415] netlink: 'syz.2.67518': attribute type 5 has an invalid length. [ 2076.937304][ T9415] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.67518'. [ 2076.970993][ T9419] incfs: Backing dir is not set, filesystem can't be mounted. [ 2076.985824][ T9419] incfs: mount failed -2 [ 2077.650417][ T9451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.67532'. [ 2077.717111][ T9462] netlink: 24 bytes leftover after parsing attributes in process `syz.1.67539'. [ 2078.067875][ T9494] netlink: 'syz.3.67544': attribute type 4 has an invalid length. [ 2078.095571][ T9494] netlink: 'syz.3.67544': attribute type 5 has an invalid length. [ 2078.113706][ T9494] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.67544'. [ 2078.916995][ T9520] netlink: 'syz.2.67570': attribute type 4 has an invalid length. [ 2078.945554][ T9520] netlink: 'syz.2.67570': attribute type 5 has an invalid length. [ 2078.963680][ T9520] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.67570'. [ 2079.036780][ T9529] tipc: Enabling of bearer rejected, already enabled [ 2079.125044][ T9544] netlink: 'syz.3.67581': attribute type 4 has an invalid length. [ 2079.137377][ T9544] netlink: 'syz.3.67581': attribute type 5 has an invalid length. [ 2079.145418][ T9544] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.67581'. [ 2079.399266][ T36] audit: type=1400 audit(2000000055.600:673): avc: denied { add_name } for pid=9569 comm="syz.3.67593" name="cpuacct.usage_percpu" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 2079.421645][ T8457] ------------[ cut here ]------------ [ 2079.427240][ T8457] WARNING: CPU: 0 PID: 8457 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 2079.435304][ T8457] Modules linked in: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2079.439561][ T8457] CPU: 0 UID: 0 PID: 8457 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 2079.451709][ T8457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 2079.460106][ T36] audit: type=1400 audit(2000000055.600:674): avc: denied { create } for pid=9569 comm="syz.3.67593" name="cpuacct.usage_percpu" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 2079.462016][ T8457] RIP: 0010:drop_nlink+0xce/0x110 [ 2079.488483][ T8457] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 2079.508269][ T8457] RSP: 0018:ffffc9000b577c60 EFLAGS: 00010293 [ 2079.514359][ T8457] RAX: ffffffff81ee1a7e RBX: ffff88811c029a78 RCX: ffff88814fd44c00 [ 2079.522642][ T8457] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2079.530672][ T8457] RBP: ffffc9000b577c88 R08: 0000000000000003 R09: 0000000000000004 [ 2079.538712][ T8457] R10: dffffc0000000000 R11: fffff520016aef7c R12: dffffc0000000000 [ 2079.546723][ T8457] R13: 1ffff11023805358 R14: ffff88811c029ac0 R15: 0000000000000000 [ 2079.554794][ T8457] FS: 0000555585737500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 2079.563889][ T8457] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2079.570524][ T8457] CR2: 000055558575a4e8 CR3: 0000000142318000 CR4: 00000000003526b0 [ 2079.578571][ T8457] Call Trace: [ 2079.581866][ T8457] [ 2079.584809][ T8457] shmem_rmdir+0x5f/0x90 [ 2079.589268][ T8457] vfs_rmdir+0x3dd/0x560 [ 2079.593528][ T8457] incfs_kill_sb+0x109/0x230 [ 2079.598287][ T8457] deactivate_locked_super+0xd5/0x2a0 [ 2079.603673][ T8457] deactivate_super+0xb8/0xe0 [ 2079.608639][ T8457] cleanup_mnt+0x3f1/0x480 [ 2079.613086][ T8457] __cleanup_mnt+0x1d/0x40 [ 2079.617552][ T8457] task_work_run+0x1e0/0x250 [ 2079.622174][ T8457] ? __cfi_task_work_run+0x10/0x10 [ 2079.627354][ T8457] ? __x64_sys_umount+0x126/0x170 [ 2079.632404][ T8457] ? __cfi___x64_sys_umount+0x10/0x10 [ 2079.637841][ T8457] ? __kasan_check_read+0x15/0x20 [ 2079.643246][ T8457] resume_user_mode_work+0x36/0x50 [ 2079.648439][ T8457] syscall_exit_to_user_mode+0x64/0xb0 [ 2079.653925][ T8457] do_syscall_64+0x64/0xf0 [ 2079.658630][ T8457] ? clear_bhb_loop+0x50/0xa0 [ 2079.663334][ T8457] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 2079.669372][ T8457] RIP: 0033:0x7fa0e59909f7 [ 2079.673804][ T8457] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 2079.694220][ T8457] RSP: 002b:00007ffc63c38c88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2079.702731][ T8457] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fa0e59909f7 [ 2079.711042][ T8457] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc63c38d40 [ 2079.719057][ T8457] RBP: 00007ffc63c38d40 R08: 0000000000000000 R09: 0000000000000000 [ 2079.727140][ T8457] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc63c39dd0 [ 2079.735220][ T8457] R13: 00007fa0e5a11d7d R14: 00000000001fb5f0 R15: 00007ffc63c39e10 [ 2079.743257][ T8457] [ 2079.746594][ T8457] ---[ end trace 0000000000000000 ]--- [ 2079.812148][ T8457] ================================================================== [ 2079.820340][ T8457] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 2079.826791][ T8457] Write of size 4 at addr 0000000000000168 by task syz-executor/8457 [ 2079.834894][ T8457] [ 2079.837248][ T8457] CPU: 0 UID: 0 PID: 8457 Comm: syz-executor Tainted: G W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 2079.837282][ T8457] Tainted: [W]=WARN [ 2079.837290][ T8457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 2079.837302][ T8457] Call Trace: [ 2079.837309][ T8457] [ 2079.837317][ T8457] __dump_stack+0x21/0x30 [ 2079.837347][ T8457] dump_stack_lvl+0x10c/0x190 [ 2079.837370][ T8457] ? __cfi_dump_stack_lvl+0x10/0x10 [ 2079.837395][ T8457] print_report+0x3d/0x70 [ 2079.837415][ T8457] kasan_report+0x163/0x1a0 [ 2079.837436][ T8457] ? ihold+0x24/0x70 [ 2079.837464][ T8457] ? _raw_spin_unlock+0x45/0x60 [ 2079.837487][ T8457] ? ihold+0x24/0x70 [ 2079.837505][ T8457] kasan_check_range+0x299/0x2a0 [ 2079.837527][ T8457] __kasan_check_write+0x18/0x20 [ 2079.837560][ T8457] ihold+0x24/0x70 [ 2079.837579][ T8457] vfs_rmdir+0x26a/0x560 [ 2079.837601][ T8457] incfs_kill_sb+0x109/0x230 [ 2079.837628][ T8457] deactivate_locked_super+0xd5/0x2a0 [ 2079.837651][ T8457] deactivate_super+0xb8/0xe0 [ 2079.837674][ T8457] cleanup_mnt+0x3f1/0x480 [ 2079.837695][ T8457] __cleanup_mnt+0x1d/0x40 [ 2079.837714][ T8457] task_work_run+0x1e0/0x250 [ 2079.837736][ T8457] ? __cfi_task_work_run+0x10/0x10 [ 2079.837757][ T8457] ? __x64_sys_umount+0x126/0x170 [ 2079.837781][ T8457] ? __cfi___x64_sys_umount+0x10/0x10 [ 2079.837805][ T8457] ? __kasan_check_read+0x15/0x20 [ 2079.837830][ T8457] resume_user_mode_work+0x36/0x50 [ 2079.837852][ T8457] syscall_exit_to_user_mode+0x64/0xb0 [ 2079.837872][ T8457] do_syscall_64+0x64/0xf0 [ 2079.837894][ T8457] ? clear_bhb_loop+0x50/0xa0 [ 2079.837915][ T8457] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 2079.837934][ T8457] RIP: 0033:0x7fa0e59909f7 [ 2079.837951][ T8457] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 2079.837972][ T8457] RSP: 002b:00007ffc63c38c88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2079.837994][ T8457] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fa0e59909f7 [ 2079.838006][ T8457] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc63c38d40 [ 2079.838019][ T8457] RBP: 00007ffc63c38d40 R08: 0000000000000000 R09: 0000000000000000 [ 2079.838033][ T8457] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc63c39dd0 [ 2079.838046][ T8457] R13: 00007fa0e5a11d7d R14: 00000000001fb5f0 R15: 00007ffc63c39e10 [ 2079.838063][ T8457] [ 2079.838071][ T8457] ================================================================== [ 2080.084082][ T8457] Disabling lock debugging due to kernel taint [ 2080.090574][ T8457] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 2080.098567][ T8457] #PF: supervisor write access in kernel mode [ 2080.104723][ T8457] #PF: error_code(0x0002) - not-present page [ 2080.110797][ T8457] PGD 800000010b320067 P4D 800000010b320067 PUD 0 [ 2080.117341][ T8457] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 2080.123532][ T8457] CPU: 0 UID: 0 PID: 8457 Comm: syz-executor Tainted: G B W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 2080.136930][ T8457] Tainted: [B]=BAD_PAGE, [W]=WARN [ 2080.141958][ T8457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 2080.152171][ T8457] RIP: 0010:ihold+0x2a/0x70 [ 2080.156672][ T8457] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 2080.176449][ T8457] RSP: 0018:ffffc9000b577ca0 EFLAGS: 00010246 [ 2080.182530][ T8457] RAX: ffff88814fd44c00 RBX: 0000000000000000 RCX: ffff88814fd44c00 [ 2080.190677][ T8457] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2080.198935][ T8457] RBP: ffffc9000b577cb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 2080.206981][ T8457] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88811c029a84 [ 2080.214974][ T8457] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 2080.223127][ T8457] FS: 0000555585737500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 2080.232591][ T8457] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2080.239251][ T8457] CR2: 0000000000000168 CR3: 0000000142318000 CR4: 00000000003526b0 [ 2080.247732][ T8457] Call Trace: [ 2080.250996][ T8457] [ 2080.253999][ T8457] vfs_rmdir+0x26a/0x560 [ 2080.258349][ T8457] incfs_kill_sb+0x109/0x230 [ 2080.262963][ T8457] deactivate_locked_super+0xd5/0x2a0 [ 2080.268361][ T8457] deactivate_super+0xb8/0xe0 [ 2080.273070][ T8457] cleanup_mnt+0x3f1/0x480 [ 2080.277484][ T8457] __cleanup_mnt+0x1d/0x40 [ 2080.281909][ T8457] task_work_run+0x1e0/0x250 [ 2080.286495][ T8457] ? __cfi_task_work_run+0x10/0x10 [ 2080.291609][ T8457] ? __x64_sys_umount+0x126/0x170 [ 2080.296652][ T8457] ? __cfi___x64_sys_umount+0x10/0x10 [ 2080.302032][ T8457] ? __kasan_check_read+0x15/0x20 [ 2080.307051][ T8457] resume_user_mode_work+0x36/0x50 [ 2080.312160][ T8457] syscall_exit_to_user_mode+0x64/0xb0 [ 2080.317711][ T8457] do_syscall_64+0x64/0xf0 [ 2080.322363][ T8457] ? clear_bhb_loop+0x50/0xa0 [ 2080.327402][ T8457] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 2080.333407][ T8457] RIP: 0033:0x7fa0e59909f7 [ 2080.337844][ T8457] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 2080.357847][ T8457] RSP: 002b:00007ffc63c38c88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2080.366470][ T8457] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fa0e59909f7 [ 2080.374609][ T8457] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc63c38d40 [ 2080.382578][ T8457] RBP: 00007ffc63c38d40 R08: 0000000000000000 R09: 0000000000000000 [ 2080.390554][ T8457] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc63c39dd0 [ 2080.398722][ T8457] R13: 00007fa0e5a11d7d R14: 00000000001fb5f0 R15: 00007ffc63c39e10 [ 2080.406956][ T8457] [ 2080.410054][ T8457] Modules linked in: [ 2080.413949][ T8457] CR2: 0000000000000168 [ 2080.418158][ T8457] ---[ end trace 0000000000000000 ]--- [ 2080.423612][ T8457] RIP: 0010:ihold+0x2a/0x70 [ 2080.428286][ T8457] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 2080.448241][ T8457] RSP: 0018:ffffc9000b577ca0 EFLAGS: 00010246 [ 2080.454516][ T8457] RAX: ffff88814fd44c00 RBX: 0000000000000000 RCX: ffff88814fd44c00 [ 2080.462687][ T8457] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2080.470751][ T8457] RBP: ffffc9000b577cb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 2080.478746][ T8457] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88811c029a84 [ 2080.486729][ T8457] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 2080.494696][ T8457] FS: 0000555585737500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 2080.503719][ T8457] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2080.510388][ T8457] CR2: 0000000000000168 CR3: 0000000142318000 CR4: 00000000003526b0 [ 2080.518381][ T8457] Kernel panic - not syncing: Fatal exception [ 2080.524784][ T8457] Kernel Offset: disabled [ 2080.529099][ T8457] Rebooting in 86400 seconds..