last executing test programs: 2.429211694s ago: executing program 1 (id=306): socket(0x2, 0x80805, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='smaps_rollup\x00') fchdir(r0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x84000584) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffebb) 2.429174554s ago: executing program 1 (id=307): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f00000000c0)={0xd4ba}) 2.429094004s ago: executing program 1 (id=308): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000240)) 2.375925458s ago: executing program 1 (id=310): socket$nl_generic(0x10, 0x3, 0x10) fsopen(&(0x7f0000000080)='autofs\x00', 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) syz_usb_disconnect(r0) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x200) syz_usb_disconnect(r1) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCRMFF(r1, 0x4004550d, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r2, 0xffffffffffffffff, 0x0) 2.151887216s ago: executing program 0 (id=319): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000540), r0) 2.151828176s ago: executing program 0 (id=320): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) sendmmsg(r0, &(0x7f00000042c0)=[{{0x0, 0x0, &(0x7f0000002d40)=[{&(0x7f0000000ac0)="8125d32ab23d13e0086f5d7debbcfb2a2eb25960c8ebdf32c8db82d39e58c394e71418ebce8081dc30184aeebe3e725cb865622301a778bde47a96e7c679c3ead5068a625302a19b8ed1acf89664d1c155aa74526d8600a8c122dd7f303408679cc65a63d5a2669d9fd35dd76e73c9da532a30bf6b3ca54f1f333b37d4f34b19413c949a42ce0b878845486571819d3fd9e1e0bee3c09d3381850444b96ba2d99877bddfbd876372a24cd5e30b2905cd0dd1bf12c375f36515ab7c1c654fcf21c7a9c7f49bfec393b9dd2c12a9f9365a8b3646ddc664ca745a39702a88c2f1d6ba78cbeb6027f90bf70cdd4ffe7e9586d89cde97dedfa3428f84bcc58c71885cccb901d859694baec423729a718d297f87a977f42dbbc0cd5e69def875b06a630889eb6aaa22a782e7d99c080b448354524be1efa27c4a56d9034e4c590e27682259ed4a947f9732304ecdf5874c812166ba957850b026cebc04d57812445378c751193bfd167ea3e3febfcb195d0d36cfa60fa39fc4c202970d6cbf16e79918db245ac767ca16c052634a7d18dc8618102d53c49dd10678cc63e3bf8c37e834b5c737e8a5db27152ff5deb672858c61ee2c59b0cdbefc7e986426a2daac15c5d68eba370f36c427a3a3c09c99bb8c9d50528f71429aadda2d903ea71bee6d4d0cf8457e22d8e27431c9403f8dc5e2b6daeb7f3a9264b87c82140b821fa4667eaf9360fdbe0bdcafd99e4b699e3e58510f7cf60a70545e864f74dbb38522b6a491fbc651805c0e01016999bd051577d7a5f22aa2db2070dfdc28b76eccb5a2932ac1852d173b92c8b8bf16a5dd1ba1897198771b80492edaa703d874efb41802473ae448b564902f3e1a82c0350e6f822b20b2e226dd48477e66d25d24dcf1f54be792dd2320a0f31be2fc2bfe8844527e3e475b6edf87fa3ae94b10f6dbc65b1e9a8fa6c73f6c944a795c7a235ef83ede2a1aa56ea684e8380c750eeb7aed2828498f2f52335c9c52f53b9516a48768f0064e2573b586e35bdeda9490e4d5cddae4edd2404d21351f75f5af29b92e472fecb6283fbf0c63f9360df9aa309f7a2d98ca3cc2f6d75ac957f717ac2471744f6ea62373b171f25a56bbb1b86e6020fbd671920934e717637b8684adbc7c42dad8d88cb54bd0683a7193227ff7eb325071de8bc9d52c67ecb978b6ec623b7b2f0958630cbb7e224d7584a21666786e427271d085ccf7f2fe199e4a0119339facbf2e11037531ef981c13f7719f72780b168b5d05ce5f2f201a6fdea2a83044412cd7345a6e777af66a2f563925f066ac6c88dcdb0611b74907dfd25d78fd2d16b413e056ed0d299820f26fbf76d6c08ff86518bbed4a68e7f8d88e6cf9b1bcce37ec2ff41536f4a9bfb5527cafbc638d4aceb5ef8976d847a55bf37116fde5fb2ea98ba346c6ee99023482e611ede40e66d55c0466d53b59d8ed7f7f36928ea7874897fbbe756fbff0fad1c4c1ea48030aa6b65a37d914951af3546c450cb0738a48b42cb60e14a7a222a2731a09893a1f56fb6597c002327bb021e861adc61dcfac70f08152af7bf83c975a53e0ea0e8f07166fe96b58c099de23e16fb887eb397de124e3524666dacd236db8bec59a7210af6e1177335932d9190de877186a36b8677e75ad3c58d8893c93453b5a05c75aef70ec3630390c0f0d72dbae61ff2387092509e1b8bb217bce87757a4567fafcc844e71c4b431be1277e2ef801e142db8cf50434c8cfb955fd6a5deffca460150f4f940852d7a6eab3dac0023ba1d4a63d957783b0c292b652cf37721c7f8ad470ca0fdb1167f67c58e0df4fcc0e280c4402884e0d47cee7d8fa6c5fbad737b79bcb585ac765fb8510754b2ada4f512f196be01a35f26faf83394213e695615d88024eec2d899d514b5ba1613976f14795ba71fbb9383f755b5287dcdb5ee80c6e67c7dc1b07720fe8bbccc83059b4b37ac8e1dbc5ae7c4a97924290b35d5dcb86150cfbb6c1ed5f7ae0e9fb989d73ffc6fb3f7ab1a4ec545910f91bc88a49c1823caadc9af5d08e769ecec06a645d2a66aaee0e84a5beaf2673ea4af1d471f40cd61cfbe0d2596c7de8ba142704950cff3e76d7b567561352c7f1a604186ca0e05a543455e33e97f8a59ba130287c946f7dc70efebc06fc23d9ca27aea72ab18144a62eccb7a16513cacd6488d0926b2b5ed738743159663cceb79fdfc57340c8314df13505205c53d2ab292df2c366abb0024c04871b4d02c032afb7241e061fa2e1b962da4e63209a37270e143eec00cfc93c8630bd1f385d48866f9f4c4d4cfb8fac549125bff492e4158362a77f072cdc379c0c0144d3aaa614cb3a006a0db1a2f571dfa1d1b7dd9ff3033da511f83d2320a358e48fd295ea7335b8f36e655dbb42ac2d550e3cbabdbf389736bab1048e5958923268e8ca7fb9cffa6b749a501546cf1d84e191962b71352a515219f0286362baa07dd936a67faf9915457b10b5a930e8416f203b3f09113bd1d41e5508908c2d6d7a2b3de0f6a7f7826b045bb4f7480bcb136eff882c27d22e34d68a265feaee3370ec884512cc83cc5bb0137b227c8f1281e46ac7b98122a00036cc6615c0ef5b1dc7b0c1a8cd8d07d2b53fb95424aa71ce27c3c26d518cca5c9b9626927bf591a032570d53a699e9aeb610abdaa47cad160018ad159498ab9050d54a9df42378feb961f19fecba19424b6087a49d979211ba1fd480641d6919d6edccd7e8e08f250af9f08588649a2e13462951a940aa2fea74f623e927008929d659747aeba2b060c497991d20a3a42178e1aa60cba11b24b592af1383ade53c7b2bdbf54b681c74d426decf92f5d86825ebdf254f191b5dc3313f1d2398db40ba", 0x7f5}], 0x1, &(0x7f0000000900)=ANY=[@ANYBLOB="a0"], 0xa0}}], 0x1, 0x8040) 2.151730526s ago: executing program 0 (id=321): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x2, 0x4, 0x3}]}]}, 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xa0, 0x21, 0x1, 0x70bd28, 0x0, {{@in6=@private2, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x80004}, [@migrate={0x50, 0x11, [{@in=@local, @in=@loopback, @in=@multicast2, @in6=@local, 0x3c, 0x4, 0x0, 0x2, 0x2, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40180}, 0x0) 2.150204366s ago: executing program 0 (id=322): mount$bpf(0x0, &(0x7f0000000680)='.\x00', &(0x7f00000006c0), 0x400008, &(0x7f0000000000)=ANY=[@ANYBLOB="3d03a567"]) 2.143076597s ago: executing program 0 (id=323): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000140)="b7", 0x1}], 0x1, &(0x7f00000000c0)=[@rights={{0x10, 0x1, 0x1, [r0]}}], 0x10}, 0x0) recvmsg(r2, &(0x7f00000009c0)={0x0, 0x0, 0x0}, 0x0) 2.135831887s ago: executing program 0 (id=324): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x53, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b23, 0x0) 1.427992925s ago: executing program 3 (id=333): mkdir(&(0x7f0000000000)='./file0\x00', 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0xfffffffffffffff5, 0x0, {0x9}}, 0xffffffffffffffc6) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) read$FUSE(r0, &(0x7f00000089c0)={0x2020}, 0x2020) 1.344089011s ago: executing program 3 (id=334): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x8000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x42082) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x1, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0xc0f85403, &(0x7f0000000040)) 1.343867021s ago: executing program 3 (id=335): syz_clone3(&(0x7f0000004740)={0x90002080, 0x0, 0x0, 0x0, {0x2c}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000140003007465616d5f736c6176655f3000000000080001400000000114000000020a090100000000000000000000000014000000110001"], 0xd4}}, 0x8818) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) 492.00394ms ago: executing program 3 (id=347): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x12, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x0, 0x40, 0x0, 0x1000000000, 0x2004cb, 0x1, 0xfffffffffffffffe, 0x3, 0x0, 0xff, 0x0, 0x4, 0x2, 0x1ffc], 0x80a0000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 422.907186ms ago: executing program 3 (id=350): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$lock(0xffffffffffffffff, 0x25, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0xa48a, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x8}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) 408.058727ms ago: executing program 3 (id=351): socket$nl_generic(0x10, 0x3, 0x10) r0 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000002c0)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f00000003c0)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016fef8a9cedaf6bec340dee49474360d34cb800", 0x0, 0x48) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x40, 0xfffffffffffffffe, 0x0, 0x9}, &(0x7f00000000c0)={0x1f, 0x0, 0x8, 0x5, 0xfffffffffffffff8, 0x8, 0x4000000000}, 0x0, 0x0, 0x0) 332.126683ms ago: executing program 2 (id=353): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, 0x0) 331.977413ms ago: executing program 2 (id=354): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x22826, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f00000001c0)={0xda, 0x0, 0x3}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000080)=@arm64) 322.429493ms ago: executing program 2 (id=355): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0xfffffffffffffffc) r1 = timerfd_create(0x7, 0x800) timerfd_settime(r1, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x77359400}}, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x3b) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f00000001c0)=[{0x6, 0xde, 0xf8, 0xc4}]}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="9e", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000001380)="52348bf9812fc081678b5760a4c4967393fd8939aaf12a894c5424df616c4eea14fbac2dad114a75c405d89fafa5715b56abba4bbceca456d8225e3f6eb57a03287e74c7bd74e40e3fda3150f92d181e7c82cb2f8ea0416fc4c0f111161cdb9a52911925644e25f871d02f403c83214f830f93b30b874e75cab53f1ed7871f21c0d654a47fab0637868517d7e8d9915e99b4dc2dcafdcb2ef2a012ec95418a544c32181fb9", 0xa5}], 0x1}}], 0x2, 0x4) sendto$inet(r2, &(0x7f00000002c0)="17", 0xfdef, 0x10008095, 0x0, 0x0) 297.071206ms ago: executing program 2 (id=356): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) fadvise64(r0, 0x2, 0x0, 0x4) 172.124416ms ago: executing program 2 (id=357): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r1, 0xae4b, 0x0) 162.098486ms ago: executing program 2 (id=358): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000240)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x41, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)=@x86={0x0, 0x10, 0x6, 0x0, 0x80000000, 0x9, 0x0, 0x4b, 0x2, 0x4, 0x2, 0x1, 0x0, 0x81, 0x9, 0x0, 0x7, 0x8, 0x4, '\x00', 0x7, 0xb4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 81.404383ms ago: executing program 1 (id=359): r0 = epoll_create1(0x0) epoll_create1(0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3) sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) 0s ago: executing program 1 (id=360): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.254' (ED25519) to the list of known hosts. [ 21.881420][ T36] audit: type=1400 audit(1756327417.090:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.882691][ T281] cgroup: Unknown subsys name 'net' [ 21.904066][ T36] audit: type=1400 audit(1756327417.100:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.931472][ T36] audit: type=1400 audit(1756327417.120:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.931837][ T281] cgroup: Unknown subsys name 'devices' [ 22.093866][ T281] cgroup: Unknown subsys name 'hugetlb' [ 22.099889][ T281] cgroup: Unknown subsys name 'rlimit' [ 22.250849][ T36] audit: type=1400 audit(1756327417.460:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.274099][ T36] audit: type=1400 audit(1756327417.460:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.282458][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.299021][ T36] audit: type=1400 audit(1756327417.460:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 22.330882][ T36] audit: type=1400 audit(1756327417.520:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.356472][ T36] audit: type=1400 audit(1756327417.520:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.385676][ T36] audit: type=1400 audit(1756327417.600:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.411253][ T36] audit: type=1400 audit(1756327417.600:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.411410][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.191535][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.198603][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.205764][ T289] bridge_slave_0: entered allmulticast mode [ 23.212000][ T289] bridge_slave_0: entered promiscuous mode [ 23.219232][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.226773][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.233905][ T289] bridge_slave_1: entered allmulticast mode [ 23.240051][ T289] bridge_slave_1: entered promiscuous mode [ 23.268282][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.275358][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.282470][ T291] bridge_slave_0: entered allmulticast mode [ 23.288776][ T291] bridge_slave_0: entered promiscuous mode [ 23.308473][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.315527][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.322781][ T291] bridge_slave_1: entered allmulticast mode [ 23.328953][ T291] bridge_slave_1: entered promiscuous mode [ 23.353649][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.360695][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.367787][ T288] bridge_slave_0: entered allmulticast mode [ 23.374050][ T288] bridge_slave_0: entered promiscuous mode [ 23.385148][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.392209][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.399249][ T288] bridge_slave_1: entered allmulticast mode [ 23.405545][ T288] bridge_slave_1: entered promiscuous mode [ 23.473251][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.480301][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.487418][ T290] bridge_slave_0: entered allmulticast mode [ 23.493679][ T290] bridge_slave_0: entered promiscuous mode [ 23.507989][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.515047][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.522127][ T290] bridge_slave_1: entered allmulticast mode [ 23.528306][ T290] bridge_slave_1: entered promiscuous mode [ 23.599330][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.606392][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.613706][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.620728][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.634637][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.641875][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.649150][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.656195][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.682485][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.689622][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.696911][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.703963][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.753928][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.761379][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.769050][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.777133][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.803649][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.810691][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.818660][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.825712][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.843840][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.851069][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.858849][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.865904][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.890140][ T291] veth0_vlan: entered promiscuous mode [ 23.910128][ T291] veth1_macvtap: entered promiscuous mode [ 23.922653][ T289] veth0_vlan: entered promiscuous mode [ 23.953427][ T289] veth1_macvtap: entered promiscuous mode [ 23.974217][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.981286][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.990000][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.990168][ T291] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 23.997068][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.033475][ T288] veth0_vlan: entered promiscuous mode [ 24.070296][ T288] veth1_macvtap: entered promiscuous mode [ 24.081055][ T290] veth0_vlan: entered promiscuous mode [ 24.106102][ T290] veth1_macvtap: entered promiscuous mode [ 24.117076][ T328] Bluetooth: hci0: Frame reassembly failed (-84) [ 24.183673][ T344] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.291593][ T10] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 24.442923][ T10] usb 2-1: config 1 interface 0 has no altsetting 0 [ 24.450847][ T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 24.459970][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.468185][ T10] usb 2-1: Product: syz [ 24.472569][ T10] usb 2-1: Manufacturer: syz [ 24.477204][ T10] usb 2-1: SerialNumber: syz [ 25.087416][ T10] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 25.863283][ T367] tipc: Started in network mode [ 25.868310][ T367] tipc: Node identity 8a64adb6e2ed, cluster identity 4711 [ 25.876061][ T367] tipc: Enabled bearer , priority 0 [ 25.884974][ T366] tipc: Resetting bearer [ 25.896183][ T366] tipc: Disabling bearer [ 26.112927][ T374] tipc: Started in network mode [ 26.117827][ T374] tipc: Node identity c25f780dabcd, cluster identity 4711 [ 26.125169][ T374] tipc: Enabled bearer , priority 0 [ 26.133116][ T374] syzkaller0: entered promiscuous mode [ 26.138657][ T374] syzkaller0: entered allmulticast mode [ 26.151111][ T373] tipc: Resetting bearer [ 26.151709][ T376] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.17' sets config #0 [ 26.167929][ T373] tipc: Disabling bearer [ 26.191557][ T339] Bluetooth: hci0: command 0x1003 tx timeout [ 26.191582][ T52] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 26.208068][ T380] loop8: detected capacity change from 0 to 16384 [ 26.293365][ T384] capability: warning: `syz.3.21' uses deprecated v2 capabilities in a way that may be insecure [ 26.800830][ T403] tipc: Started in network mode [ 26.805797][ T403] tipc: Node identity 2204848e121f, cluster identity 4711 [ 26.813165][ T403] tipc: Enabled bearer , priority 0 [ 26.822053][ T402] tipc: Resetting bearer [ 26.833428][ T402] tipc: Disabling bearer [ 27.041722][ T31] usb 2-1: USB disconnect, device number 2 [ 27.059739][ T31] usblp0: removed [ 27.323799][ T36] kauditd_printk_skb: 51 callbacks suppressed [ 27.323817][ T36] audit: type=1400 audit(1756327422.530:125): avc: denied { create } for pid=428 comm="syz.1.41" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 27.382711][ T36] audit: type=1400 audit(1756327422.570:126): avc: denied { ioctl } for pid=428 comm="syz.1.41" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=4480 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 27.429415][ T36] audit: type=1400 audit(1756327422.640:127): avc: denied { create } for pid=440 comm="syz.0.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 27.451277][ T36] audit: type=1400 audit(1756327422.660:128): avc: denied { write } for pid=440 comm="syz.0.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 27.659743][ T458] tipc: Enabled bearer , priority 0 [ 27.669135][ T458] syzkaller0: entered promiscuous mode [ 27.678149][ T458] syzkaller0: entered allmulticast mode [ 27.693202][ T457] tipc: Resetting bearer [ 27.704746][ T457] tipc: Disabling bearer [ 28.298787][ T478] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 28.303632][ T36] audit: type=1400 audit(1756327423.510:129): avc: denied { create } for pid=477 comm="syz.0.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 28.384061][ T36] audit: type=1400 audit(1756327423.570:130): avc: denied { setopt } for pid=477 comm="syz.0.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 28.428353][ T36] audit: type=1400 audit(1756327423.570:131): avc: denied { write } for pid=477 comm="syz.0.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 28.617414][ T36] audit: type=1400 audit(1756327423.830:132): avc: denied { block_suspend } for pid=511 comm="syz.1.74" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 28.730706][ T36] audit: type=1400 audit(1756327423.940:133): avc: denied { connect } for pid=520 comm="syz.0.77" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 28.804605][ T36] audit: type=1400 audit(1756327424.020:134): avc: denied { execute } for pid=526 comm="syz.0.79" name="file1" dev="tmpfs" ino=161 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 28.804642][ T529] process 'syz.0.79' launched '/dev/fd/3/./file1' with NULL argv: empty string added [ 29.260380][ T570] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 29.483253][ T581] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3343437945 (53495007120 ns) > initial count (52285443328 ns). Using initial count to start timer. [ 29.934554][ T609] kvm: pic: non byte write [ 30.509267][ T643] kvm: MWAIT instruction emulated as NOP! [ 30.735026][ T658] netlink: 8 bytes leftover after parsing attributes in process `syz.1.134'. [ 31.364575][ T706] kvm: kvm [697]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x7 [ 31.374977][ T706] kvm: kvm [697]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x7 [ 31.808029][ T751] kvm: kvm [750]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x10 [ 32.174984][ T796] netlink: 'syz.0.190': attribute type 1 has an invalid length. [ 32.932239][ T36] kauditd_printk_skb: 20 callbacks suppressed [ 32.932264][ T36] audit: type=1400 audit(1756327428.150:155): avc: denied { write } for pid=845 comm="syz.3.213" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 33.010562][ T36] audit: type=1400 audit(1756327428.220:156): avc: denied { name_bind } for pid=850 comm="syz.3.215" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 33.081161][ T36] audit: type=1400 audit(1756327428.290:157): avc: denied { write } for pid=863 comm="syz.0.221" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 33.326992][ T36] audit: type=1400 audit(1756327428.540:158): avc: denied { watch watch_reads } for pid=887 comm="syz.3.231" path="/57" dev="tmpfs" ino=312 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 33.401764][ T890] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1946294017 (31140704272 ns) > initial count (4518400576 ns). Using initial count to start timer. [ 34.146460][ T947] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 35.131620][ T36] audit: type=1326 audit(1756327430.340:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=994 comm="syz.0.273" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2d3b8ebe9 code=0x0 [ 35.161367][ T996] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3940630386 (15762521544 ns) > initial count (6051692324 ns). Using initial count to start timer. [ 35.193241][ T36] audit: type=1400 audit(1756327430.410:160): avc: denied { ioctl } for pid=997 comm="syz.0.274" path="socket:[12127]" dev="sockfs" ino=12127 ioctlcmd=0x8940 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 35.249047][ T36] audit: type=1400 audit(1756327430.450:161): avc: denied { read } for pid=1003 comm="syz.0.277" dev="nsfs" ino=4026532303 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 35.271105][ T36] audit: type=1400 audit(1756327430.450:162): avc: denied { open } for pid=1003 comm="syz.0.277" path="net:[4026532303]" dev="nsfs" ino=4026532303 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 35.302202][ T36] audit: type=1400 audit(1756327430.450:163): avc: denied { create } for pid=1003 comm="syz.0.277" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 35.323614][ T36] audit: type=1400 audit(1756327430.450:164): avc: denied { bind } for pid=1003 comm="syz.0.277" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 35.491590][ T31] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 35.642595][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.653687][ T31] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 35.655132][ T1037] 9pnet_virtio: no channels available for device syz [ 35.662801][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.678278][ T31] usb 3-1: config 0 descriptor?? [ 35.690380][ T1039] 9pnet_virtio: no channels available for device syz [ 35.897952][ T31] usbhid 3-1:0.0: can't add hid device: -71 [ 35.905061][ T31] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 35.915322][ T31] usb 3-1: USB disconnect, device number 2 [ 35.956306][ T1062] mmap: syz.1.303 (1062) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 36.271755][ T329] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 36.331566][ T31] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 36.432660][ T329] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 36.441386][ T329] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 36.451668][ T329] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 36.460708][ T329] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 36.471816][ T329] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 36.483987][ T329] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 36.493094][ T329] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 36.501082][ T329] usb 2-1: Product: syz [ 36.505271][ T31] usb 3-1: Using ep0 maxpacket: 32 [ 36.510424][ T329] usb 2-1: Manufacturer: syz [ 36.516286][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 36.527632][ T329] cdc_wdm 2-1:1.0: skipping garbage [ 36.532900][ T329] cdc_wdm 2-1:1.0: skipping garbage [ 36.538326][ T31] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 36.547566][ T329] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 36.551612][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 36.553524][ T329] cdc_wdm 2-1:1.0: Unknown control protocol [ 36.566960][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.575606][ T31] usb 3-1: config 0 descriptor?? [ 36.701548][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 36.707692][ T9] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 36.716053][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 36.725896][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 36.730027][ T31] usb 2-1: USB disconnect, device number 3 [ 36.735801][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 36.754345][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 36.767477][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 36.776597][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.980740][ T1123] netlink: 32 bytes leftover after parsing attributes in process `syz.3.332'. [ 36.990372][ T31] usb 3-1: USB disconnect, device number 3 [ 37.381552][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 37.532525][ T9] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 37.541234][ T9] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 37.558587][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 37.581556][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 37.592712][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 37.612276][ T9] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 37.621332][ T9] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 37.631618][ T9] usb 2-1: Product: syz [ 37.635836][ T9] usb 2-1: Manufacturer: syz [ 37.642700][ T9] cdc_wdm 2-1:1.0: skipping garbage [ 37.647928][ T9] cdc_wdm 2-1:1.0: skipping garbage [ 37.654935][ T9] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 37.660857][ T9] cdc_wdm 2-1:1.0: Unknown control protocol [ 37.771460][ T1144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.340'. [ 37.780669][ T1144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.340'. [ 37.789683][ T1144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.340'. [ 37.798850][ T1144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.340'. [ 37.846196][ T9] usb 2-1: USB disconnect, device number 4 [ 37.858389][ T1152] netlink: 104 bytes leftover after parsing attributes in process `syz.2.344'. [ 37.879949][ T1154] netlink: 64 bytes leftover after parsing attributes in process `syz.2.345'. [ 38.365143][ T1187] tipc: Started in network mode [ 38.370022][ T1187] tipc: Node identity fac6698d0ec1, cluster identity 4711 [ 38.377316][ T1187] tipc: Enabled bearer , priority 0 [ 38.384404][ T1187] syzkaller0: entered promiscuous mode [ 38.389938][ T1187] syzkaller0: entered allmulticast mode [ 38.397836][ T1186] tipc: Resetting bearer [ 38.404902][ T1186] tipc: Disabling bearer [ 38.438806][ T1188] ------------[ cut here ]------------ [ 38.444406][ T1188] WARNING: CPU: 0 PID: 1188 at arch/x86/kvm/x86.c:11216 vcpu_run+0x6fb7/0x7260 [ 38.453446][ T1188] Modules linked in: [ 38.457384][ T1188] CPU: 0 UID: 0 PID: 1188 Comm: syz.2.358 Not tainted syzkaller #0 530b3ddaa03db34d09c0fae50fba32de8d319ece [ 38.468880][ T1188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 38.478990][ T1188] RIP: 0010:vcpu_run+0x6fb7/0x7260 [ 38.484155][ T1188] Code: 24 48 83 c3 20 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 5d 02 00 00 44 88 33 eb 7c e8 80 92 69 00 eb 75 e8 79 92 69 00 <0f> 0b eb 6c e8 70 92 69 00 48 8b 84 24 a0 00 00 00 42 80 3c 38 00 [ 38.504035][ T1188] RSP: 0018:ffffc90010897520 EFLAGS: 00010283 [ 38.510104][ T1188] RAX: ffffffff811c51c7 RBX: 00000000fffffff0 RCX: 0000000000080000 [ 38.518295][ T1188] RDX: ffffc900042cc000 RSI: 00000000000000cc RDI: 00000000000000cd [ 38.526397][ T1188] RBP: ffffc900108979b0 R08: ffff888118840ce7 R09: 1ffff1102310819c [ 38.534558][ T1188] R10: dffffc0000000000 R11: ffffed102310819d R12: ffff88811d048038 [ 38.542574][ T1188] R13: ffff88811d048200 R14: ffff88811d048000 R15: dffffc0000000000 [ 38.550553][ T1188] FS: 00007fe6e41b46c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 38.559716][ T1188] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.566343][ T1188] CR2: 00007f99971fe000 CR3: 000000011da5c000 CR4: 00000000003526b0 [ 38.574350][ T1188] Call Trace: [ 38.577631][ T1188] [ 38.580570][ T1188] ? kvm_sched_clock_read+0x15/0x30 [ 38.585796][ T1188] ? sched_balance_newidle+0x88f/0xe00 [ 38.591275][ T1188] ? xfd_validate_state+0x68/0x150 [ 38.596725][ T1188] ? signal_pending+0xc0/0xc0 [ 38.601429][ T1188] ? __kasan_check_write+0x18/0x20 [ 38.606970][ T1188] ? xfd_validate_state+0x68/0x150 [ 38.612140][ T1188] ? fpu_swap_kvm_fpstate+0x93/0x5f0 [ 38.617521][ T1188] ? __kasan_check_write+0x18/0x20 [ 38.622668][ T1188] ? fpregs_mark_activate+0x69/0x160 [ 38.627966][ T1188] ? fpu_swap_kvm_fpstate+0x44d/0x5f0 [ 38.633379][ T1188] kvm_arch_vcpu_ioctl_run+0x101a/0x1aa0 [ 38.639032][ T1188] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 38.645074][ T1188] ? cgroup_rstat_updated+0x132/0x7f0 [ 38.650549][ T1188] ? __cfi_wait_rcu_exp_gp+0x10/0x10 [ 38.655957][ T1188] ? ioctl_has_perm+0x1aa/0x4d0 [ 38.660859][ T1188] ? __cfi_autoremove_wake_function+0x10/0x10 [ 38.666956][ T1188] ? ioctl_has_perm+0x3e0/0x4d0 [ 38.671844][ T1188] ? has_cap_mac_admin+0xd0/0xd0 [ 38.676803][ T1188] ? synchronize_rcu+0x77/0x2e0 [ 38.681813][ T1188] ? __cfi_synchronize_rcu+0x10/0x10 [ 38.687105][ T1188] ? handle_mm_fault+0x169b/0x1b90 [ 38.692270][ T1188] ? __kasan_check_write+0x18/0x20 [ 38.697418][ T1188] kvm_vcpu_ioctl+0x96f/0xee0 [ 38.702155][ T1188] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 38.707380][ T1188] ? __cfi_handle_mm_fault+0x10/0x10 [ 38.712691][ T1188] ? lock_vma_under_rcu+0x49d/0x530 [ 38.717911][ T1188] ? __fget_files+0x2c5/0x340 [ 38.722625][ T1188] ? bpf_lsm_file_ioctl+0xd/0x20 [ 38.727579][ T1188] ? security_file_ioctl+0x34/0xd0 [ 38.732722][ T1188] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 38.737946][ T1188] __se_sys_ioctl+0x135/0x1b0 [ 38.742758][ T1188] __x64_sys_ioctl+0x7f/0xa0 [ 38.747548][ T1188] x64_sys_call+0x1878/0x2ee0 [ 38.752313][ T1188] do_syscall_64+0x58/0xf0 [ 38.756749][ T1188] ? clear_bhb_loop+0x50/0xa0 [ 38.761428][ T1188] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 38.767532][ T1188] RIP: 0033:0x7fe6e338ebe9 [ 38.772019][ T1188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 38.791680][ T1188] RSP: 002b:00007fe6e41b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 38.800197][ T1188] RAX: ffffffffffffffda RBX: 00007fe6e35b6180 RCX: 00007fe6e338ebe9 [ 38.808219][ T1188] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 38.816220][ T1188] RBP: 00007fe6e3411e19 R08: 0000000000000000 R09: 0000000000000000 [ 38.824234][ T1188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 38.832330][ T1188] R13: 00007fe6e35b6218 R14: 00007fe6e35b6180 R15: 00007ffd461c0f48 [ 38.840312][ T1188] [ 38.843366][ T1188] ---[ end trace 0000000000000000 ]--- [ 38.849439][ T1197] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 39.307753][ T1131] usb 1-1: USB disconnect, device number 2