last executing test programs: 13m52.755017768s ago: executing program 1 (id=17363): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r5, &(0x7f0000003f40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r8 = dup(r7) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@version_u}, {@nodevmap}, {@access_any}], [], 0x6b}}) 13m52.048724489s ago: executing program 1 (id=17378): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r8 = dup(r7) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@version_u}, {@nodevmap}, {@access_any}], [], 0x6b}}) 13m51.327096381s ago: executing program 1 (id=17393): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents64(r2, &(0x7f00000063c0)=""/1024, 0x400) (fail_nth: 3) syz_fuse_handle_req(r0, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008880)={0x30, 0x0, 0x0, [{0x0, 0x0, 0x4, 0x0, '#,,-'}]}, 0x0, 0x0, 0x0, 0x0}) 13m50.456926418s ago: executing program 1 (id=17402): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) quotactl$Q_QUOTAOFF(0xffffffff80000302, &(0x7f00000000c0)=@rnullb, 0x0, 0x0) 13m50.456557228s ago: executing program 1 (id=17403): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x8010, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) io_setup(0x9bb1, &(0x7f0000000040)=0x0) io_submit(r4, 0x1, &(0x7f0000000480)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x8, r2, 0x0, 0x0, 0x0, 0x0, 0x4}]) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r6, @ANYRES64=r5], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r6, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r7, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r8, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r9, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r10 = socket$inet6(0xa, 0x2, 0x0) close(r10) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 13m50.304046053s ago: executing program 1 (id=17407): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) dup(r4) (async) r6 = dup(r4) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB="2c616669643d3078303030303030303030303030303030382c6bf286fd64b2b1fb3647b470c5b34fa09d90fed38a4b3965c1f962a5123cbb45b8"]) (async) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB="2c616669643d3078303030303030303030303030303030382c6bf286fd64b2b1fb3647b470c5b34fa09d90fed38a4b3965c1f962a5123cbb45b8"]) 13m35.227886482s ago: executing program 32 (id=17407): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) dup(r4) (async) r6 = dup(r4) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB="2c616669643d3078303030303030303030303030303030382c6bf286fd64b2b1fb3647b470c5b34fa09d90fed38a4b3965c1f962a5123cbb45b8"]) (async) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB="2c616669643d3078303030303030303030303030303030382c6bf286fd64b2b1fb3647b470c5b34fa09d90fed38a4b3965c1f962a5123cbb45b8"]) 10m10.758017683s ago: executing program 4 (id=23578): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003780)=[{{0x0, 0x0, &(0x7f0000003200)=[{&(0x7f0000003c40)="550192235da2b4c80ffe71396e252d7703fc86b83b08a520e753fc816da1d27c1911a6ba012ecf3a29c15ee9f79c396ccfbf1553b1e7584848b630877146e819d94080cbd65a5d6b338769790a283091cc8d0bbcd29707c2e649bfa902ac7fca387f8a59120095de9e20405305f588c701dec53db7f7d75c83a84e74ce4281dd7fc09961a99b8fbc2e57a22090718c8d973755d0cd51c8cedebcd8efbe0097309f0158bb601c363a315f58f838b37a82528491dfb578d8e6c1a5e22dc3f60d375e2213c29790804256cbab6e23461f2822b00cebb8be021996dd487839d242b6d524c618d9d480f78143185c9425d0900d09414e2e18d11540f9136cfc540326559812c45e6c29a20b79602351411746b29861fcd0759082e7d7e223c7d927412158c62b1b629cdb82958c73eb1a17f540348241b4575610c68a32612b87cdc7e77fb9448609f634e65073f3e6cc299a71a1d010f6a4da54e00a8038e061cd450dc0079d5850d75e77f207f4ae0107405a826341f0ed4f9ff76c4789441ad06066c4bebf6f1e39fa2aec0a43bf0f3e7ac706ddeb2719e63b3bce6457c028dce9a7", 0x1a1}], 0x1}}], 0x1, 0x8014) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r4, 0x10c000) 10m10.695684319s ago: executing program 4 (id=23579): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xec}]}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r4, &(0x7f0000000100)='Z', 0x1, 0x14, 0x0, 0x0) sendmmsg$inet(r4, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000a40)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74c05d8fa63210cde65d384dd3e87c3fedaec3144d1ee66a0ea0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbd9e52fba37c5a31d095500e91d02256f101e82447e3473322f1d9aabc947f5b815080b5214c94a06fe96450ea42f40300000000000000722841b7c7244b1d2cc012fcda1f7472fdbabb673ef862e349359fad715b3f5cef6ef951abab80a4a0f5f8574395c5820fa25d07a119e23b39a87cb3b763fbfb91121eec3e05eacbe7835e79e74881d1179013622a2a6421d51c974e6abd48a9882c8fca", 0x190}], 0x1}}], 0x1, 0x408e0) shutdown(r4, 0x1) 10m9.944726605s ago: executing program 4 (id=23583): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x24000]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(r3, 0x0, 0x0, 0x8014) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64], 0x118) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = fsopen(&(0x7f0000000080)='ext3\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000100)='test_dummy_encryption', &(0x7f0000000240)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) 10m9.701473659s ago: executing program 4 (id=23595): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2065091, 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x81000, 0x0) 10m9.648590904s ago: executing program 4 (id=23597): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto(r4, 0x0, 0x0, 0x50, 0x0, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r5, &(0x7f0000000b80)=[{&(0x7f00000000c0)="f10dc44f7d20988057f85ab4dd61b58675fb03d944b014fb9cb34ce9a3428ca7df271b1179", 0x25}, {&(0x7f0000000640)="f14e4792586af7f2380c7d51d257826607fd39cc2d3571ac7e6b0f4edf17ed143170620ff63eaff5729afa9b52993626d76acc7c45ed66acb1ef8ba1cf478350334e2e3fac57df457868f7870695a9e2d1b5cd7382abb301e7b41538c733f36483a2418d462b88f7f6f661eeabc2823f86d0e5fe407f4504d78ac48229e940c2d788b3be1cb96e37cddda1244f4361dbf77e0322bfc6ef17abb172a80642b739fc38a4ba24cbf6fc81", 0xa9}, {&(0x7f0000000200)="c6d90d4117fc24396ad8457eeefe95e5c67a103dcd850a086c484bfb2d7c31d81a5cc1ebeb7150aa3f34f53ec3879a2ea5b8efcd9bbd102fbf8536da9e0b81bf7dd3e4c938677040c8cddf", 0x4b}, {&(0x7f0000000180)="81881934a67305703f57d290aa6fcedcf1b035cab7bb", 0x16}, {&(0x7f0000000700)="b87703fcf01a3e7bb667b404b97c7cc284a90404a5a96ff4559329d80d037b08d8810e457b955102a0e93e966b04be1aafc2067dbc6c99566ce636740265f60f3467c311c5bab39f814b6b46458e362728f8f0b6156075616f87842f97f9061c2e676278f96044c4db7785a62f601e32e57baed01ea1e7b49c6a395169e8bd72254557dd7959f8627e2274301d346beb9887e01583a5ab92ef23b6fb80be5edc6324845b1bc2443ffc0ab163daac", 0xae}, {&(0x7f0000000880)="1dfda5b80cb90832bf7cb077130ab731fe0fa5969adc03b465c883b86969debbfc1deaa4273a7d1e116dbd7c04c0af", 0x2f}], 0x6) 10m9.557852294s ago: executing program 4 (id=23600): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r4, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r4, 0x0, 0x0, 0x80, 0x0, 0x0) syz_usb_connect(0x5, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="1201000202cd77100304d8b8bb30010203010902"], 0x0) 10m9.480881771s ago: executing program 33 (id=23600): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r4, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r4, 0x0, 0x0, 0x80, 0x0, 0x0) syz_usb_connect(0x5, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="1201000202cd77100304d8b8bb30010203010902"], 0x0) 1.09600307s ago: executing program 3 (id=42902): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = userfaultfd(0x801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) ioctl$UFFDIO_CONTINUE(r5, 0xc020aa08, 0x0) 1.040732085s ago: executing program 3 (id=42904): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c12020", 0x44000004, 0x0}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) write(r4, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) ftruncate(r6, 0x80079a0) sendfile(r6, r6, 0x0, 0x7e78a6f1) 908.597199ms ago: executing program 0 (id=42908): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) write(r2, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0) 871.673253ms ago: executing program 0 (id=42909): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100000000) 850.867085ms ago: executing program 0 (id=42910): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000002c0)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000dc0)={0x74, r6, 0x5, 0x70bd2a, 0x25dfdbfd, {}, [@WGDEVICE_A_PEERS={0x58, 0x8, 0x0, 0x1, [{0x54, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_ALLOWEDIPS={0x2c, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}]}]}]}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r7}]}, 0x74}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 768.826613ms ago: executing program 0 (id=42911): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = add_key$keyring(&(0x7f0000000140), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) add_key$fscrypt_provisioning(0x0, 0x0, 0x0, 0x0, r5) 768.572463ms ago: executing program 0 (id=42912): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="10000000", @ANYRES16=0x0, @ANYBLOB="00000000000000000000140000001000210b001e00000c00060003"], 0x28}}, 0x0) 754.724644ms ago: executing program 2 (id=42913): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x800, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000013000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000180)=[@cr4={0x1, 0x40002}], 0x1) 734.756736ms ago: executing program 0 (id=42914): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x7, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x100) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/47, 0x2f}], 0x1) io_cancel(0x0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x6, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x7ff}, 0x0) 312.535668ms ago: executing program 2 (id=42919): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000005800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c) 248.838975ms ago: executing program 5 (id=42920): openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000240)=""/156, 0xfffffffffffffd06) 248.606355ms ago: executing program 5 (id=42921): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = add_key$keyring(&(0x7f0000000140), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) add_key$fscrypt_provisioning(0x0, 0x0, 0x0, 0x0, r5) 226.611357ms ago: executing program 5 (id=42922): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6b", 0x2}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x40fd) 187.007491ms ago: executing program 5 (id=42923): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, 0x0, 0x0, 0x4) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$setregs(0x1a, r4, 0xc, 0x0) 131.146657ms ago: executing program 5 (id=42924): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendto$packet(r2, &(0x7f0000007080)="31e9200000007ef52f555f76c888", 0xe, 0x24000840, &(0x7f0000000040)={0x11, 0x86dd, r4, 0x1, 0xe2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}}, 0x14) 130.916627ms ago: executing program 2 (id=42925): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r1, 0x0, 0xb, 0x40015, 0x0, 0x0) mount$incfs(0x0, &(0x7f0000000400)='./bus\x00', &(0x7f0000000500), 0xc802, &(0x7f00000008c0)=ANY=[@ANYBLOB='rootcontext=']) 130.541557ms ago: executing program 5 (id=42926): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r1, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup(r3) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x4000, @local, 0x4}, 0x1c) 118.346018ms ago: executing program 2 (id=42927): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0) 84.298101ms ago: executing program 2 (id=42928): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="10000000", @ANYRES16=0x0, @ANYBLOB="00000000000000000000140000001000210b001e00000c00060003"], 0x28}}, 0x0) 64.179723ms ago: executing program 3 (id=42929): socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r0, 0x5607, 0x4) ioctl$VT_ACTIVATE(r0, 0x5606, 0x4) 45.165495ms ago: executing program 3 (id=42930): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_SET_MAX_THREADS(r5, 0x40046205, &(0x7f0000000000)=0x2) 44.725635ms ago: executing program 2 (id=42931): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) 557.11µs ago: executing program 3 (id=42932): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) write(r3, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0) 0s ago: executing program 3 (id=42933): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x2010800, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="67f1dc5307070249afc74424001f000000c744240236f3d197ff2c240f3235010200000f30f340700f0966450f769e00000100440f20c03588001d00445b66baf80c0f5591050000006066bafc0ced460f01c9c4827d24c3440f20c1ff07ef87f345a57a43e168c4a4", 0x69}], 0x1, 0x7c, 0x0, 0x0) r1 = openat$incfs(r0, &(0x7f00000001c0)='.pending_reads\x00', 0x0, 0x130) ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x40106726, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): ntered blocking state [ 1668.573461][T14435] bridge0: port 2(bridge_slave_1) entered disabled state [ 1668.582277][T14435] bridge_slave_1: entered allmulticast mode [ 1668.589008][T14435] bridge_slave_1: entered promiscuous mode [ 1668.691645][T14435] bridge0: port 2(bridge_slave_1) entered blocking state [ 1668.698771][T14435] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1668.706118][T14435] bridge0: port 1(bridge_slave_0) entered blocking state [ 1668.713186][T14435] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1668.783957][T26306] bridge0: port 1(bridge_slave_0) entered disabled state [ 1668.800189][T26306] bridge0: port 2(bridge_slave_1) entered disabled state [ 1668.829280][T24363] bridge0: port 1(bridge_slave_0) entered blocking state [ 1668.836385][T24363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1668.845711][T24363] bridge0: port 2(bridge_slave_1) entered blocking state [ 1668.852774][T24363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1668.924296][T14435] veth0_vlan: entered promiscuous mode [ 1668.970203][T14435] veth1_macvtap: entered promiscuous mode [ 1669.235761][T14515] /dev/sg0: Can't lookup blockdev [ 1673.202730][T14776] /dev/sg0: Can't lookup blockdev [ 1674.128927][T14858] /dev/sg0: Can't lookup blockdev [ 1674.454630][T14878] /dev/sg0: Can't lookup blockdev [ 1674.857161][T14921] /dev/sg0: Can't lookup blockdev [ 1675.008475][T14942] /dev/sg0: Can't lookup blockdev [ 1675.186828][T14963] /dev/sg0: Can't lookup blockdev [ 1675.419529][T14985] /dev/sg0: Can't lookup blockdev [ 1675.980345][T15003] /dev/sg0: Can't lookup blockdev [ 1681.514635][ T5414] bridge_slave_1: left allmulticast mode [ 1681.540943][ T5414] bridge_slave_1: left promiscuous mode [ 1681.546635][ T5414] bridge0: port 2(bridge_slave_1) entered disabled state [ 1681.589216][ T5414] bridge_slave_0: left allmulticast mode [ 1681.596667][ T5414] bridge_slave_0: left promiscuous mode [ 1681.626657][ T5414] bridge0: port 1(bridge_slave_0) entered disabled state [ 1681.775591][ T5414] tipc: Left network mode [ 1681.799148][ T5414] veth1_macvtap: left promiscuous mode [ 1681.816509][ T5414] veth0_vlan: left promiscuous mode [ 1682.093210][T15349] bridge0: port 1(bridge_slave_0) entered blocking state [ 1682.122902][T15349] bridge0: port 1(bridge_slave_0) entered disabled state [ 1682.130034][T15349] bridge_slave_0: entered allmulticast mode [ 1682.136844][T15349] bridge_slave_0: entered promiscuous mode [ 1682.144384][T15349] bridge0: port 2(bridge_slave_1) entered blocking state [ 1682.153701][T15349] bridge0: port 2(bridge_slave_1) entered disabled state [ 1682.162475][T15349] bridge_slave_1: entered allmulticast mode [ 1682.169184][T15349] bridge_slave_1: entered promiscuous mode [ 1682.286565][ T5414] bridge_slave_1: left allmulticast mode [ 1682.292342][ T5414] bridge_slave_1: left promiscuous mode [ 1682.312850][ T5414] bridge0: port 2(bridge_slave_1) entered disabled state [ 1682.320643][ T5414] bridge_slave_0: left allmulticast mode [ 1682.340887][ T5414] bridge_slave_0: left promiscuous mode [ 1682.346935][ T5414] bridge0: port 1(bridge_slave_0) entered disabled state [ 1682.497936][T15349] bridge0: port 2(bridge_slave_1) entered blocking state [ 1682.505037][T15349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1682.512360][T15349] bridge0: port 1(bridge_slave_0) entered blocking state [ 1682.519589][T15349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1682.553429][ T5414] veth1_macvtap: left promiscuous mode [ 1682.559010][ T5414] veth0_vlan: left promiscuous mode [ 1682.733260][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 1682.751128][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 1682.798984][T26306] bridge0: port 1(bridge_slave_0) entered blocking state [ 1682.806143][T26306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1682.824644][T26306] bridge0: port 2(bridge_slave_1) entered blocking state [ 1682.831799][T26306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1682.903599][T15349] veth0_vlan: entered promiscuous mode [ 1682.917812][T15349] veth1_macvtap: entered promiscuous mode [ 1688.304604][T15740] FAULT_INJECTION: forcing a failure. [ 1688.304604][T15740] name failslab, interval 1, probability 0, space 0, times 0 [ 1688.323739][T15740] CPU: 0 UID: 0 PID: 15740 Comm: syz.5.37932 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1688.323769][T15740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1688.323780][T15740] Call Trace: [ 1688.323787][T15740] [ 1688.323795][T15740] __dump_stack+0x21/0x30 [ 1688.323827][T15740] dump_stack_lvl+0x10c/0x190 [ 1688.323852][T15740] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1688.323878][T15740] dump_stack+0x19/0x20 [ 1688.323913][T15740] should_fail_ex+0x3d9/0x530 [ 1688.323934][T15740] should_failslab+0xac/0x100 [ 1688.323956][T15740] kmem_cache_alloc_lru_noprof+0x44/0x430 [ 1688.323976][T15740] ? sock_alloc_inode+0x48/0x150 [ 1688.324000][T15740] sock_alloc_inode+0x48/0x150 [ 1688.324021][T15740] ? __cfi_sock_alloc_inode+0x10/0x10 [ 1688.324042][T15740] alloc_inode+0x7a/0x270 [ 1688.324065][T15740] new_inode_pseudo+0x19/0x40 [ 1688.324087][T15740] do_accept+0x15a/0x6b0 [ 1688.324110][T15740] ? _raw_spin_lock+0x8c/0x120 [ 1688.324135][T15740] ? __cfi_do_accept+0x10/0x10 [ 1688.324159][T15740] ? __kasan_slab_free+0x6a/0x80 [ 1688.324183][T15740] __sys_accept4+0x11e/0x1c0 [ 1688.324207][T15740] ? __cfi___sys_accept4+0x10/0x10 [ 1688.324232][T15740] ? __kasan_check_read+0x15/0x20 [ 1688.324260][T15740] __x64_sys_accept+0x81/0xa0 [ 1688.324284][T15740] x64_sys_call+0x2bcc/0x2ee0 [ 1688.324329][T15740] do_syscall_64+0x58/0xf0 [ 1688.324353][T15740] ? clear_bhb_loop+0x50/0xa0 [ 1688.324375][T15740] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1688.324396][T15740] RIP: 0033:0x7fdba078f6c9 [ 1688.324414][T15740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1688.324431][T15740] RSP: 002b:00007fdba16d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 1688.324455][T15740] RAX: ffffffffffffffda RBX: 00007fdba09e5fa0 RCX: 00007fdba078f6c9 [ 1688.324471][T15740] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1688.324484][T15740] RBP: 00007fdba16d6090 R08: 0000000000000000 R09: 0000000000000000 [ 1688.324497][T15740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1688.324511][T15740] R13: 00007fdba09e6038 R14: 00007fdba09e5fa0 R15: 00007ffe396e33f8 [ 1688.324528][T15740] [ 1696.150985][T24363] bridge_slave_1: left allmulticast mode [ 1696.156783][T24363] bridge_slave_1: left promiscuous mode [ 1696.177314][T24363] bridge0: port 2(bridge_slave_1) entered disabled state [ 1696.191645][T24363] bridge_slave_0: left allmulticast mode [ 1696.209260][T24363] bridge_slave_0: left promiscuous mode [ 1696.215082][T24363] bridge0: port 1(bridge_slave_0) entered disabled state [ 1696.362663][T24363] tipc: Left network mode [ 1696.367904][T24363] veth1_macvtap: left promiscuous mode [ 1696.386871][T24363] veth0_vlan: left promiscuous mode [ 1709.276062][T17341] FAULT_INJECTION: forcing a failure. [ 1709.276062][T17341] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1709.291343][T17341] CPU: 0 UID: 0 PID: 17341 Comm: syz.5.38720 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1709.291375][T17341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1709.291387][T17341] Call Trace: [ 1709.291394][T17341] [ 1709.291402][T17341] __dump_stack+0x21/0x30 [ 1709.291430][T17341] dump_stack_lvl+0x10c/0x190 [ 1709.291451][T17341] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1709.291478][T17341] ? has_cap_mac_admin+0xd0/0xd0 [ 1709.291500][T17341] dump_stack+0x19/0x20 [ 1709.291521][T17341] should_fail_ex+0x3d9/0x530 [ 1709.291540][T17341] should_fail+0xf/0x20 [ 1709.291557][T17341] should_fail_usercopy+0x1e/0x30 [ 1709.291576][T17341] _copy_from_user+0x22/0xb0 [ 1709.291598][T17341] sock_do_ioctl+0x18b/0x330 [ 1709.291618][T17341] ? sock_show_fdinfo+0xd0/0xd0 [ 1709.291635][T17341] ? __cfi_vfs_write+0x10/0x10 [ 1709.291653][T17341] ? __kasan_check_write+0x18/0x20 [ 1709.291678][T17341] ? mutex_unlock+0x8b/0x240 [ 1709.291696][T17341] sock_ioctl+0x634/0x7b0 [ 1709.291713][T17341] ? __cfi_sock_ioctl+0x10/0x10 [ 1709.291731][T17341] ? __fget_files+0x2c5/0x340 [ 1709.291752][T17341] ? bpf_lsm_file_ioctl+0xd/0x20 [ 1709.291775][T17341] ? security_file_ioctl+0x34/0xd0 [ 1709.291795][T17341] ? __cfi_sock_ioctl+0x10/0x10 [ 1709.291812][T17341] __se_sys_ioctl+0x135/0x1b0 [ 1709.291832][T17341] __x64_sys_ioctl+0x7f/0xa0 [ 1709.291851][T17341] x64_sys_call+0x1878/0x2ee0 [ 1709.291883][T17341] do_syscall_64+0x58/0xf0 [ 1709.291905][T17341] ? clear_bhb_loop+0x50/0xa0 [ 1709.291925][T17341] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1709.291944][T17341] RIP: 0033:0x7fdba078f6c9 [ 1709.291959][T17341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1709.291976][T17341] RSP: 002b:00007fdba16d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1709.291997][T17341] RAX: ffffffffffffffda RBX: 00007fdba09e5fa0 RCX: 00007fdba078f6c9 [ 1709.292012][T17341] RDX: 00002000000000c0 RSI: 0000000000008933 RDI: 0000000000000009 [ 1709.292025][T17341] RBP: 00007fdba16d6090 R08: 0000000000000000 R09: 0000000000000000 [ 1709.292037][T17341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1709.292049][T17341] R13: 00007fdba09e6038 R14: 00007fdba09e5fa0 R15: 00007ffe396e33f8 [ 1709.292066][T17341] [ 1709.782251][T17439] incfs: Can't find or create .index dir in ./cgroup [ 1709.791337][T17439] incfs: mount failed -22 [ 1710.764612][T17490] FAULT_INJECTION: forcing a failure. [ 1710.764612][T17490] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1710.778964][T17490] CPU: 1 UID: 0 PID: 17490 Comm: syz.3.38787 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1710.778997][T17490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1710.779009][T17490] Call Trace: [ 1710.779015][T17490] [ 1710.779023][T17490] __dump_stack+0x21/0x30 [ 1710.779052][T17490] dump_stack_lvl+0x10c/0x190 [ 1710.779075][T17490] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1710.779099][T17490] ? check_stack_object+0x12c/0x140 [ 1710.779119][T17490] dump_stack+0x19/0x20 [ 1710.779141][T17490] should_fail_ex+0x3d9/0x530 [ 1710.779161][T17490] should_fail+0xf/0x20 [ 1710.779178][T17490] should_fail_usercopy+0x1e/0x30 [ 1710.779199][T17490] _copy_to_user+0x24/0xa0 [ 1710.779221][T17490] simple_read_from_buffer+0xed/0x160 [ 1710.779245][T17490] proc_fail_nth_read+0x19e/0x210 [ 1710.779269][T17490] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 1710.779293][T17490] ? bpf_lsm_file_permission+0xd/0x20 [ 1710.779317][T17490] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 1710.779340][T17490] vfs_read+0x27d/0xc70 [ 1710.779356][T17490] ? __kasan_check_write+0x18/0x20 [ 1710.779383][T17490] ? __cfi_vfs_read+0x10/0x10 [ 1710.779399][T17490] ? __kasan_check_write+0x18/0x20 [ 1710.779424][T17490] ? mutex_lock+0x92/0x1c0 [ 1710.779440][T17490] ? __cfi_mutex_lock+0x10/0x10 [ 1710.779457][T17490] ? __fget_files+0x2c5/0x340 [ 1710.779478][T17490] ksys_read+0x141/0x250 [ 1710.779495][T17490] ? __cfi_ksys_read+0x10/0x10 [ 1710.779512][T17490] ? __kasan_check_read+0x15/0x20 [ 1710.779537][T17490] __x64_sys_read+0x7f/0x90 [ 1710.779555][T17490] x64_sys_call+0x2638/0x2ee0 [ 1710.779579][T17490] do_syscall_64+0x58/0xf0 [ 1710.779601][T17490] ? clear_bhb_loop+0x50/0xa0 [ 1710.779622][T17490] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1710.779641][T17490] RIP: 0033:0x7f35b118e0dc [ 1710.779658][T17490] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1710.779674][T17490] RSP: 002b:00007f35b2000030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1710.779701][T17490] RAX: ffffffffffffffda RBX: 00007f35b13e5fa0 RCX: 00007f35b118e0dc [ 1710.779717][T17490] RDX: 000000000000000f RSI: 00007f35b20000a0 RDI: 0000000000000009 [ 1710.779730][T17490] RBP: 00007f35b2000090 R08: 0000000000000000 R09: 0000000000000000 [ 1710.779743][T17490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1710.779754][T17490] R13: 00007f35b13e6038 R14: 00007f35b13e5fa0 R15: 00007ffd0843f2d8 [ 1710.779771][T17490] [ 1711.307105][ T36] audit: type=1400 audit(1771720049.573:517): avc: denied { create } for pid=17507 comm="syz.5.38802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 1711.443767][T17524] batadv_slave_1: entered promiscuous mode [ 1711.458048][T17523] batadv_slave_1: left promiscuous mode [ 1712.280230][T24363] bridge_slave_1: left allmulticast mode [ 1712.285899][T24363] bridge_slave_1: left promiscuous mode [ 1712.301460][T24363] bridge0: port 2(bridge_slave_1) entered disabled state [ 1712.315501][T24363] bridge_slave_0: left allmulticast mode [ 1712.322004][T24363] bridge_slave_0: left promiscuous mode [ 1712.331766][T24363] bridge0: port 1(bridge_slave_0) entered disabled state [ 1712.447501][T24363] veth1_macvtap: left promiscuous mode [ 1712.453283][T24363] veth0_vlan: left promiscuous mode [ 1712.546638][T17632] bridge0: port 1(bridge_slave_0) entered blocking state [ 1712.556091][T17632] bridge0: port 1(bridge_slave_0) entered disabled state [ 1712.565454][T17632] bridge_slave_0: entered allmulticast mode [ 1712.571762][T17632] bridge_slave_0: entered promiscuous mode [ 1712.584189][T17632] bridge0: port 2(bridge_slave_1) entered blocking state [ 1712.591604][T17632] bridge0: port 2(bridge_slave_1) entered disabled state [ 1712.598773][T17632] bridge_slave_1: entered allmulticast mode [ 1712.605355][T17632] bridge_slave_1: entered promiscuous mode [ 1712.708468][T17632] bridge0: port 2(bridge_slave_1) entered blocking state [ 1712.715555][T17632] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1712.722819][T17632] bridge0: port 1(bridge_slave_0) entered blocking state [ 1712.729868][T17632] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1712.821350][ T5414] bridge0: port 1(bridge_slave_0) entered disabled state [ 1712.828665][ T5414] bridge0: port 2(bridge_slave_1) entered disabled state [ 1712.851738][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 1712.858825][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1712.888282][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 1712.895343][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1712.975975][T17632] veth0_vlan: entered promiscuous mode [ 1712.997214][T17632] veth1_macvtap: entered promiscuous mode [ 1713.541745][T17727] FAULT_INJECTION: forcing a failure. [ 1713.541745][T17727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1713.559886][T17727] CPU: 0 UID: 0 PID: 17727 Comm: syz.3.38903 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1713.559919][T17727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1713.559931][T17727] Call Trace: [ 1713.559939][T17727] [ 1713.559946][T17727] __dump_stack+0x21/0x30 [ 1713.559975][T17727] dump_stack_lvl+0x10c/0x190 [ 1713.559998][T17727] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1713.560022][T17727] ? __kasan_check_write+0x18/0x20 [ 1713.560049][T17727] ? check_stack_object+0x107/0x140 [ 1713.560067][T17727] dump_stack+0x19/0x20 [ 1713.560089][T17727] should_fail_ex+0x3d9/0x530 [ 1713.560109][T17727] should_fail+0xf/0x20 [ 1713.560126][T17727] should_fail_usercopy+0x1e/0x30 [ 1713.560146][T17727] _copy_from_user+0x22/0xb0 [ 1713.560169][T17727] __sys_sendto+0x29e/0x6f0 [ 1713.560192][T17727] ? __cfi___sys_sendto+0x10/0x10 [ 1713.560215][T17727] ? __kasan_check_write+0x18/0x20 [ 1713.560240][T17727] ? __cfi_ksys_write+0x10/0x10 [ 1713.560258][T17727] __x64_sys_sendto+0xe9/0x100 [ 1713.560280][T17727] x64_sys_call+0x2c2c/0x2ee0 [ 1713.560305][T17727] do_syscall_64+0x58/0xf0 [ 1713.560328][T17727] ? clear_bhb_loop+0x50/0xa0 [ 1713.560348][T17727] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1713.560368][T17727] RIP: 0033:0x7f35b118f6c9 [ 1713.560383][T17727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1713.560408][T17727] RSP: 002b:00007f35b2000038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1713.560428][T17727] RAX: ffffffffffffffda RBX: 00007f35b13e5fa0 RCX: 00007f35b118f6c9 [ 1713.560442][T17727] RDX: 000000000000000e RSI: 0000200000000180 RDI: 000000000000000a [ 1713.560453][T17727] RBP: 00007f35b2000090 R08: 0000200000000140 R09: 0000000000000014 [ 1713.560466][T17727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1713.560477][T17727] R13: 00007f35b13e6038 R14: 00007f35b13e5fa0 R15: 00007ffd0843f2d8 [ 1713.560493][T17727] [ 1713.859353][T17741] netlink: 'syz.3.38911': attribute type 4 has an invalid length. [ 1713.905959][T17750] batadv_slave_1: entered promiscuous mode [ 1713.912021][T17749] batadv_slave_1: left promiscuous mode [ 1715.022658][T17872] batadv_slave_1: entered promiscuous mode [ 1715.033927][T17871] batadv_slave_1: left promiscuous mode [ 1715.275179][ T36] audit: type=1400 audit(1771720053.731:518): avc: denied { map } for pid=17902 comm="syz.0.38991" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1715.334173][ T36] audit: type=1400 audit(1771720053.731:519): avc: denied { execute } for pid=17902 comm="syz.0.38991" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 1716.380649][T17955] bridge0: port 1(bridge_slave_0) entered blocking state [ 1716.387757][T17955] bridge0: port 1(bridge_slave_0) entered disabled state [ 1716.405007][T17955] bridge_slave_0: entered allmulticast mode [ 1716.422587][T17955] bridge_slave_0: entered promiscuous mode [ 1716.433525][T17955] bridge0: port 2(bridge_slave_1) entered blocking state [ 1716.446124][T17955] bridge0: port 2(bridge_slave_1) entered disabled state [ 1716.473514][T17955] bridge_slave_1: entered allmulticast mode [ 1716.491529][T17955] bridge_slave_1: entered promiscuous mode [ 1716.520655][ T5414] bridge_slave_1: left allmulticast mode [ 1716.526520][ T5414] bridge_slave_1: left promiscuous mode [ 1716.543990][ T5414] bridge0: port 2(bridge_slave_1) entered disabled state [ 1716.558870][ T5414] bridge_slave_0: left allmulticast mode [ 1716.572465][ T5414] bridge_slave_0: left promiscuous mode [ 1716.578252][ T5414] bridge0: port 1(bridge_slave_0) entered disabled state [ 1716.741233][ T5414] veth1_macvtap: left promiscuous mode [ 1716.753533][ T5414] veth0_vlan: left promiscuous mode [ 1716.934949][T17955] bridge0: port 2(bridge_slave_1) entered blocking state [ 1716.942021][T17955] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1716.949326][T17955] bridge0: port 1(bridge_slave_0) entered blocking state [ 1716.956367][T17955] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1717.017409][T26306] bridge0: port 1(bridge_slave_0) entered disabled state [ 1717.032538][T26306] bridge0: port 2(bridge_slave_1) entered disabled state [ 1717.060839][T24363] bridge0: port 1(bridge_slave_0) entered blocking state [ 1717.067916][T24363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1717.085635][T24363] bridge0: port 2(bridge_slave_1) entered blocking state [ 1717.092741][T24363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1717.172330][T17955] veth0_vlan: entered promiscuous mode [ 1717.179595][T18008] FAULT_INJECTION: forcing a failure. [ 1717.179595][T18008] name failslab, interval 1, probability 0, space 0, times 0 [ 1717.199300][T17955] veth1_macvtap: entered promiscuous mode [ 1717.209794][T18008] CPU: 1 UID: 0 PID: 18008 Comm: syz.0.39037 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1717.209822][T18008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1717.209834][T18008] Call Trace: [ 1717.209841][T18008] [ 1717.209849][T18008] __dump_stack+0x21/0x30 [ 1717.209876][T18008] dump_stack_lvl+0x10c/0x190 [ 1717.209899][T18008] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1717.209922][T18008] ? __cfi_selinux_file_open+0x10/0x10 [ 1717.209945][T18008] dump_stack+0x19/0x20 [ 1717.209967][T18008] should_fail_ex+0x3d9/0x530 [ 1717.209987][T18008] should_failslab+0xac/0x100 [ 1717.210007][T18008] __kmalloc_cache_noprof+0x41/0x490 [ 1717.210025][T18008] ? tcp_sendmsg_fastopen+0x1e2/0x6e0 [ 1717.210048][T18008] ? is_bpf_text_address+0x17b/0x1a0 [ 1717.210076][T18008] tcp_sendmsg_fastopen+0x1e2/0x6e0 [ 1717.210101][T18008] tcp_sendmsg_locked+0x449b/0x4b40 [ 1717.210126][T18008] ? __asan_memcpy+0x5a/0x80 [ 1717.210146][T18008] ? __kasan_check_write+0x18/0x20 [ 1717.210172][T18008] ? _raw_spin_lock_bh+0x90/0x120 [ 1717.210195][T18008] ? __cfi__raw_spin_lock_bh+0x10/0x10 [ 1717.210217][T18008] ? kstrtouint_from_user+0xfb/0x150 [ 1717.210236][T18008] ? x64_sys_call+0xe69/0x2ee0 [ 1717.210262][T18008] ? _raw_spin_unlock_bh+0x54/0x60 [ 1717.210284][T18008] ? lock_sock_nested+0x1f5/0x290 [ 1717.210305][T18008] ? __cfi_tcp_sendmsg_locked+0x10/0x10 [ 1717.210329][T18008] ? __kasan_check_write+0x18/0x20 [ 1717.210354][T18008] ? proc_fail_nth_write+0x17e/0x210 [ 1717.210378][T18008] ? __cfi_tcp_sendmsg+0x10/0x10 [ 1717.210401][T18008] tcp_sendmsg+0x3e/0xe0 [ 1717.210424][T18008] ? __cfi_tcp_sendmsg+0x10/0x10 [ 1717.210447][T18008] inet_sendmsg+0xb7/0x120 [ 1717.210469][T18008] __sys_sendto+0x588/0x6f0 [ 1717.210493][T18008] ? __cfi___sys_sendto+0x10/0x10 [ 1717.210518][T18008] ? __kasan_check_write+0x18/0x20 [ 1717.210545][T18008] ? __cfi_ksys_write+0x10/0x10 [ 1717.210563][T18008] __x64_sys_sendto+0xe9/0x100 [ 1717.210585][T18008] x64_sys_call+0x2c2c/0x2ee0 [ 1717.210609][T18008] do_syscall_64+0x58/0xf0 [ 1717.210629][T18008] ? clear_bhb_loop+0x50/0xa0 [ 1717.210649][T18008] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1717.210667][T18008] RIP: 0033:0x7fb89f18f6c9 [ 1717.210683][T18008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1717.210697][T18008] RSP: 002b:00007fb89ffcc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1717.210718][T18008] RAX: ffffffffffffffda RBX: 00007fb89f3e5fa0 RCX: 00007fb89f18f6c9 [ 1717.210732][T18008] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 1717.210744][T18008] RBP: 00007fb89ffcc090 R08: 0000000000000000 R09: 0000000000000000 [ 1717.210757][T18008] R10: 0000000020008005 R11: 0000000000000246 R12: 0000000000000001 [ 1717.210770][T18008] R13: 00007fb89f3e6038 R14: 00007fb89f3e5fa0 R15: 00007ffc16b49678 [ 1717.210786][T18008] [ 1717.779943][T18047] FAULT_INJECTION: forcing a failure. [ 1717.779943][T18047] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1717.798181][T18047] CPU: 1 UID: 0 PID: 18047 Comm: syz.5.39052 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1717.798210][T18047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1717.798222][T18047] Call Trace: [ 1717.798227][T18047] [ 1717.798234][T18047] __dump_stack+0x21/0x30 [ 1717.798262][T18047] dump_stack_lvl+0x10c/0x190 [ 1717.798284][T18047] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1717.798307][T18047] ? check_stack_object+0x12c/0x140 [ 1717.798325][T18047] dump_stack+0x19/0x20 [ 1717.798345][T18047] should_fail_ex+0x3d9/0x530 [ 1717.798364][T18047] should_fail+0xf/0x20 [ 1717.798380][T18047] should_fail_usercopy+0x1e/0x30 [ 1717.798399][T18047] _copy_to_user+0x24/0xa0 [ 1717.798421][T18047] simple_read_from_buffer+0xed/0x160 [ 1717.798443][T18047] proc_fail_nth_read+0x19e/0x210 [ 1717.798466][T18047] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 1717.798489][T18047] ? bpf_lsm_file_permission+0xd/0x20 [ 1717.798512][T18047] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 1717.798534][T18047] vfs_read+0x27d/0xc70 [ 1717.798549][T18047] ? fput+0x1a5/0x240 [ 1717.798571][T18047] ? __cfi_vfs_read+0x10/0x10 [ 1717.798586][T18047] ? __kasan_check_write+0x18/0x20 [ 1717.798611][T18047] ? mutex_lock+0x92/0x1c0 [ 1717.798629][T18047] ? __cfi_mutex_lock+0x10/0x10 [ 1717.798646][T18047] ? __fget_files+0x2c5/0x340 [ 1717.798666][T18047] ksys_read+0x141/0x250 [ 1717.798683][T18047] ? __cfi_ksys_read+0x10/0x10 [ 1717.798701][T18047] ? __kasan_check_read+0x15/0x20 [ 1717.798726][T18047] __x64_sys_read+0x7f/0x90 [ 1717.798742][T18047] x64_sys_call+0x2638/0x2ee0 [ 1717.798767][T18047] do_syscall_64+0x58/0xf0 [ 1717.798788][T18047] ? clear_bhb_loop+0x50/0xa0 [ 1717.798808][T18047] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1717.798827][T18047] RIP: 0033:0x7fdba078e0dc [ 1717.798842][T18047] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1717.798857][T18047] RSP: 002b:00007fdba16d6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1717.798876][T18047] RAX: ffffffffffffffda RBX: 00007fdba09e5fa0 RCX: 00007fdba078e0dc [ 1717.798891][T18047] RDX: 000000000000000f RSI: 00007fdba16d60a0 RDI: 0000000000000007 [ 1717.798903][T18047] RBP: 00007fdba16d6090 R08: 0000000000000000 R09: 0000000000000000 [ 1717.798915][T18047] R10: 0000000000012002 R11: 0000000000000246 R12: 0000000000000001 [ 1717.798927][T18047] R13: 00007fdba09e6038 R14: 00007fdba09e5fa0 R15: 00007ffe396e33f8 [ 1717.798942][T18047] [ 1718.307152][T18106] FAULT_INJECTION: forcing a failure. [ 1718.307152][T18106] name failslab, interval 1, probability 0, space 0, times 0 [ 1718.320980][T18106] CPU: 1 UID: 0 PID: 18106 Comm: syz.3.39080 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1718.321011][T18106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1718.321023][T18106] Call Trace: [ 1718.321030][T18106] [ 1718.321038][T18106] __dump_stack+0x21/0x30 [ 1718.321066][T18106] dump_stack_lvl+0x10c/0x190 [ 1718.321088][T18106] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1718.321110][T18106] ? __kasan_check_write+0x18/0x20 [ 1718.321136][T18106] dump_stack+0x19/0x20 [ 1718.321157][T18106] should_fail_ex+0x3d9/0x530 [ 1718.321175][T18106] should_failslab+0xac/0x100 [ 1718.321194][T18106] kmem_cache_alloc_noprof+0x42/0x430 [ 1718.321211][T18106] ? getname_flags+0xc6/0x710 [ 1718.321229][T18106] ? __cfi_ksys_write+0x10/0x10 [ 1718.321245][T18106] getname_flags+0xc6/0x710 [ 1718.321262][T18106] __x64_sys_mkdirat+0x7e/0xa0 [ 1718.321281][T18106] x64_sys_call+0x2ba8/0x2ee0 [ 1718.321303][T18106] do_syscall_64+0x58/0xf0 [ 1718.321324][T18106] ? clear_bhb_loop+0x50/0xa0 [ 1718.321342][T18106] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1718.321360][T18106] RIP: 0033:0x7f35b118f6c9 [ 1718.321374][T18106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1718.321390][T18106] RSP: 002b:00007f35b2000038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1718.321410][T18106] RAX: ffffffffffffffda RBX: 00007f35b13e5fa0 RCX: 00007f35b118f6c9 [ 1718.321424][T18106] RDX: 00000000000001c0 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1718.321437][T18106] RBP: 00007f35b2000090 R08: 0000000000000000 R09: 0000000000000000 [ 1718.321450][T18106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1718.321461][T18106] R13: 00007f35b13e6038 R14: 00007f35b13e5fa0 R15: 00007ffd0843f2d8 [ 1718.321476][T18106] [ 1718.534547][T13816] usb 6-1: new full-speed USB device number 73 using dummy_hcd [ 1718.716723][T13816] usb 6-1: not running at top speed; connect to a high speed hub [ 1718.731000][T13816] usb 6-1: config 1 has an invalid descriptor of length 36, skipping remainder of the config [ 1718.751289][T13816] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1718.774524][T13816] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1718.791723][T13816] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1718.809847][T13816] usb 6-1: Product: ᐌ [ 1718.816653][T13816] usb 6-1: Manufacturer: 븥倰ႉ耩筁頫鎣ꥡ᧠곕በܕ㌛僱ⓗ푢턑罝昚㟺〾⹦谪됏赬↥⦡駈슂킡筱㢅쨕⭉鶘⭍鎪䈯᥽勡賲䮉祯店㬽蔉乔蛷䂕䢀⼨콆ﻕ㳓붺毋꽐訇ޟ徾兼搇솰禝ꀷክ륣ꮅ똔窯屌뫘꓌틿嗻쩳䜩願ꛄ㵱被ᇃﳠ弡㣬䷴롌艆힝༴誇㊻秮櫫빜㻮꒬䇑礠븕貴ⷅ [ 1718.854578][T13816] usb 6-1: SerialNumber: syz [ 1719.245862][T13816] usb 6-1: 0:2 : does not exist [ 1719.261779][T13816] usb 6-1: USB disconnect, device number 73 [ 1719.282225][T13829] udevd[13829]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 1719.523300][T18305] FAULT_INJECTION: forcing a failure. [ 1719.523300][T18305] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1719.542499][T18305] CPU: 1 UID: 0 PID: 18305 Comm: syz.2.39177 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1719.542528][T18305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1719.542539][T18305] Call Trace: [ 1719.542545][T18305] [ 1719.542551][T18305] __dump_stack+0x21/0x30 [ 1719.542579][T18305] dump_stack_lvl+0x10c/0x190 [ 1719.542598][T18305] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1719.542619][T18305] ? __kasan_check_write+0x18/0x20 [ 1719.542645][T18305] ? check_stack_object+0x107/0x140 [ 1719.542662][T18305] dump_stack+0x19/0x20 [ 1719.542681][T18305] should_fail_ex+0x3d9/0x530 [ 1719.542700][T18305] should_fail+0xf/0x20 [ 1719.542715][T18305] should_fail_usercopy+0x1e/0x30 [ 1719.542733][T18305] _copy_from_user+0x22/0xb0 [ 1719.542754][T18305] __sys_sendto+0x29e/0x6f0 [ 1719.542777][T18305] ? __cfi___sys_sendto+0x10/0x10 [ 1719.542802][T18305] ? __kasan_check_write+0x18/0x20 [ 1719.542826][T18305] ? __cfi_ksys_write+0x10/0x10 [ 1719.542851][T18305] __x64_sys_sendto+0xe9/0x100 [ 1719.542875][T18305] x64_sys_call+0x2c2c/0x2ee0 [ 1719.542899][T18305] do_syscall_64+0x58/0xf0 [ 1719.542921][T18305] ? clear_bhb_loop+0x50/0xa0 [ 1719.542941][T18305] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1719.542960][T18305] RIP: 0033:0x7fb22cf8f6c9 [ 1719.542976][T18305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1719.542994][T18305] RSP: 002b:00007fb22de4b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1719.543015][T18305] RAX: ffffffffffffffda RBX: 00007fb22d1e5fa0 RCX: 00007fb22cf8f6c9 [ 1719.543030][T18305] RDX: 0000000000000001 RSI: 0000200000000340 RDI: 0000000000000009 [ 1719.543043][T18305] RBP: 00007fb22de4b090 R08: 0000200000000a80 R09: 0000000000000014 [ 1719.543057][T18305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1719.543069][T18305] R13: 00007fb22d1e6038 R14: 00007fb22d1e5fa0 R15: 00007ffc1406fa98 [ 1719.543086][T18305] [ 1720.798223][T18397] batadv_slave_1: entered promiscuous mode [ 1720.814536][T18396] batadv_slave_1: left promiscuous mode [ 1721.553538][ T597] usb 1-1: new high-speed USB device number 118 using dummy_hcd [ 1721.717576][ T597] usb 1-1: Using ep0 maxpacket: 16 [ 1721.735541][ T597] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1721.753718][ T597] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1721.782584][ T597] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1721.811028][ T597] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1721.844814][ T597] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1721.854035][ T597] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1721.883380][ T597] usb 1-1: Product: syz [ 1721.893360][ T597] usb 1-1: Manufacturer: syz [ 1721.906145][ T597] usb 1-1: SerialNumber: syz [ 1722.126178][ T597] usb 1-1: 0:2 : does not exist [ 1722.136253][ T597] usb 1-1: USB disconnect, device number 118 [ 1723.042531][T18562] FAULT_INJECTION: forcing a failure. [ 1723.042531][T18562] name fail_futex, interval 1, probability 0, space 0, times 1 [ 1723.065350][T18562] CPU: 1 UID: 0 PID: 18562 Comm: syz.5.39305 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1723.065381][T18562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1723.065393][T18562] Call Trace: [ 1723.065400][T18562] [ 1723.065408][T18562] __dump_stack+0x21/0x30 [ 1723.065436][T18562] dump_stack_lvl+0x10c/0x190 [ 1723.065459][T18562] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1723.065483][T18562] ? _parse_integer_limit+0x195/0x1e0 [ 1723.065511][T18562] dump_stack+0x19/0x20 [ 1723.065533][T18562] should_fail_ex+0x3d9/0x530 [ 1723.065552][T18562] should_fail+0xf/0x20 [ 1723.065569][T18562] get_futex_key+0x16b/0x930 [ 1723.065587][T18562] ? kstrtouint_from_user+0xfb/0x150 [ 1723.065604][T18562] ? __cfi_get_futex_key+0x10/0x10 [ 1723.065622][T18562] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 1723.065639][T18562] ? selinux_file_permission+0x309/0xb30 [ 1723.065663][T18562] futex_wake+0x120/0x900 [ 1723.065685][T18562] ? __kasan_check_write+0x18/0x20 [ 1723.065711][T18562] ? proc_fail_nth_write+0x17e/0x210 [ 1723.065735][T18562] ? __cfi_futex_wake+0x10/0x10 [ 1723.065756][T18562] ? bpf_lsm_file_permission+0xd/0x20 [ 1723.065780][T18562] ? vfs_write+0x93e/0xf30 [ 1723.065799][T18562] do_futex+0x356/0x500 [ 1723.065817][T18562] ? __cfi_do_futex+0x10/0x10 [ 1723.065835][T18562] ? mutex_unlock+0x8b/0x240 [ 1723.065852][T18562] ? __fget_files+0x2c5/0x340 [ 1723.065873][T18562] __se_sys_futex+0x28f/0x300 [ 1723.065892][T18562] ? fput+0x1a5/0x240 [ 1723.065914][T18562] ? __x64_sys_futex+0x110/0x110 [ 1723.065933][T18562] ? __cfi_ksys_write+0x10/0x10 [ 1723.065952][T18562] __x64_sys_futex+0xe9/0x110 [ 1723.065971][T18562] x64_sys_call+0x227f/0x2ee0 [ 1723.065996][T18562] do_syscall_64+0x58/0xf0 [ 1723.066018][T18562] ? clear_bhb_loop+0x50/0xa0 [ 1723.066039][T18562] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1723.066058][T18562] RIP: 0033:0x7fdba078f6c9 [ 1723.066074][T18562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1723.066091][T18562] RSP: 002b:00007fdba16d6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1723.066113][T18562] RAX: ffffffffffffffda RBX: 00007fdba09e5fa0 RCX: 00007fdba078f6c9 [ 1723.066129][T18562] RDX: 0000000000000301 RSI: 000000000000000a RDI: 000020000000cffc [ 1723.066142][T18562] RBP: 00007fdba16d6090 R08: 0000000000000000 R09: 0000000000000002 [ 1723.066156][T18562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1723.066168][T18562] R13: 00007fdba09e6038 R14: 00007fdba09e5fa0 R15: 00007ffe396e33f8 [ 1723.066186][T18562] [ 1726.774870][T18743] batadv_slave_1: entered promiscuous mode [ 1726.780983][T18742] batadv_slave_1: left promiscuous mode [ 1728.149284][T18799] batadv_slave_1: entered promiscuous mode [ 1728.164575][T18798] batadv_slave_1: left promiscuous mode [ 1728.430532][T18831] FAULT_INJECTION: forcing a failure. [ 1728.430532][T18831] name failslab, interval 1, probability 0, space 0, times 0 [ 1728.449637][T18831] CPU: 0 UID: 0 PID: 18831 Comm: syz.5.39438 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1728.449670][T18831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1728.449681][T18831] Call Trace: [ 1728.449688][T18831] [ 1728.449695][T18831] __dump_stack+0x21/0x30 [ 1728.449724][T18831] dump_stack_lvl+0x10c/0x190 [ 1728.449753][T18831] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1728.449774][T18831] ? __kasan_check_write+0x18/0x20 [ 1728.449799][T18831] dump_stack+0x19/0x20 [ 1728.449820][T18831] should_fail_ex+0x3d9/0x530 [ 1728.449838][T18831] should_failslab+0xac/0x100 [ 1728.449858][T18831] kmem_cache_alloc_noprof+0x42/0x430 [ 1728.449874][T18831] ? getname_flags+0xc6/0x710 [ 1728.449891][T18831] ? __cfi_ksys_write+0x10/0x10 [ 1728.449906][T18831] getname_flags+0xc6/0x710 [ 1728.449923][T18831] __x64_sys_mkdirat+0x7e/0xa0 [ 1728.449943][T18831] x64_sys_call+0x2ba8/0x2ee0 [ 1728.449966][T18831] do_syscall_64+0x58/0xf0 [ 1728.449987][T18831] ? clear_bhb_loop+0x50/0xa0 [ 1728.450004][T18831] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1728.450019][T18831] RIP: 0033:0x7fdba078f6c9 [ 1728.450034][T18831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1728.450047][T18831] RSP: 002b:00007fdba16d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1728.450066][T18831] RAX: ffffffffffffffda RBX: 00007fdba09e5fa0 RCX: 00007fdba078f6c9 [ 1728.450079][T18831] RDX: 00000000000001c0 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1728.450090][T18831] RBP: 00007fdba16d6090 R08: 0000000000000000 R09: 0000000000000000 [ 1728.450101][T18831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1728.450113][T18831] R13: 00007fdba09e6038 R14: 00007fdba09e5fa0 R15: 00007ffe396e33f8 [ 1728.450128][T18831] [ 1729.602753][T18968] batadv_slave_1: entered promiscuous mode [ 1729.622810][T18967] batadv_slave_1: left promiscuous mode [ 1729.843752][T18998] batadv_slave_1: entered promiscuous mode [ 1729.855339][T18995] batadv_slave_1: left promiscuous mode [ 1730.888171][T19063] FAULT_INJECTION: forcing a failure. [ 1730.888171][T19063] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.916468][T19063] CPU: 0 UID: 0 PID: 19063 Comm: syz.5.39552 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1730.916503][T19063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1730.916523][T19063] Call Trace: [ 1730.916529][T19063] [ 1730.916538][T19063] __dump_stack+0x21/0x30 [ 1730.916567][T19063] dump_stack_lvl+0x10c/0x190 [ 1730.916590][T19063] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1730.916615][T19063] dump_stack+0x19/0x20 [ 1730.916637][T19063] should_fail_ex+0x3d9/0x530 [ 1730.916657][T19063] should_failslab+0xac/0x100 [ 1730.916678][T19063] kmem_cache_alloc_noprof+0x42/0x430 [ 1730.916696][T19063] ? vm_area_dup+0x42/0x570 [ 1730.916716][T19063] vm_area_dup+0x42/0x570 [ 1730.916735][T19063] __split_vma+0x1bd/0xa80 [ 1730.916753][T19063] ? kernel_text_address+0xa9/0xe0 [ 1730.916776][T19063] ? __kernel_text_address+0x11/0x40 [ 1730.916798][T19063] ? vms_gather_munmap_vmas+0xdd0/0xdd0 [ 1730.916818][T19063] ? _parse_integer_limit+0x195/0x1e0 [ 1730.916846][T19063] vms_gather_munmap_vmas+0x273/0xdd0 [ 1730.916864][T19063] ? _parse_integer+0x2e/0x40 [ 1730.916891][T19063] do_vmi_align_munmap+0x244/0x5d0 [ 1730.916912][T19063] ? __cfi_do_vmi_align_munmap+0x10/0x10 [ 1730.916932][T19063] ? mas_walk+0x3f7/0x650 [ 1730.916952][T19063] ? mas_find+0x358/0x5f0 [ 1730.916969][T19063] ? __kasan_check_write+0x18/0x20 [ 1730.916995][T19063] do_vmi_munmap+0x246/0x2e0 [ 1730.917015][T19063] __vm_munmap+0x22b/0x370 [ 1730.917034][T19063] ? vm_munmap+0x40/0x40 [ 1730.917051][T19063] ? __kasan_check_write+0x18/0x20 [ 1730.917077][T19063] ? __cfi_ksys_write+0x10/0x10 [ 1730.917095][T19063] ? blocking_notifier_call_chain+0x7c/0x90 [ 1730.917123][T19063] __se_sys_munmap+0xc0/0x3a0 [ 1730.917143][T19063] __x64_sys_munmap+0x5f/0x80 [ 1730.917161][T19063] x64_sys_call+0x9c6/0x2ee0 [ 1730.917186][T19063] do_syscall_64+0x58/0xf0 [ 1730.917209][T19063] ? clear_bhb_loop+0x50/0xa0 [ 1730.917228][T19063] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1730.917248][T19063] RIP: 0033:0x7fdba078f6c9 [ 1730.917264][T19063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1730.917280][T19063] RSP: 002b:00007fdba16b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000000b [ 1730.917301][T19063] RAX: ffffffffffffffda RBX: 00007fdba09e6090 RCX: 00007fdba078f6c9 [ 1730.917316][T19063] RDX: 0000000000000000 RSI: 0000000000c00000 RDI: 00002000003fe000 [ 1730.917329][T19063] RBP: 00007fdba16b5090 R08: 0000000000000000 R09: 0000000000000000 [ 1730.917342][T19063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1730.917354][T19063] R13: 00007fdba09e6128 R14: 00007fdba09e6090 R15: 00007ffe396e33f8 [ 1730.917372][T19063] [ 1731.713772][T19099] FAULT_INJECTION: forcing a failure. [ 1731.713772][T19099] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1731.737847][T19099] CPU: 0 UID: 0 PID: 19099 Comm: syz.2.39569 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1731.737883][T19099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1731.737895][T19099] Call Trace: [ 1731.737902][T19099] [ 1731.737910][T19099] __dump_stack+0x21/0x30 [ 1731.737939][T19099] dump_stack_lvl+0x10c/0x190 [ 1731.737961][T19099] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1731.737985][T19099] ? check_stack_object+0x107/0x140 [ 1731.738004][T19099] dump_stack+0x19/0x20 [ 1731.738025][T19099] should_fail_ex+0x3d9/0x530 [ 1731.738044][T19099] should_fail+0xf/0x20 [ 1731.738059][T19099] should_fail_usercopy+0x1e/0x30 [ 1731.738078][T19099] _copy_from_user+0x22/0xb0 [ 1731.738100][T19099] __sys_connect+0x136/0x440 [ 1731.738124][T19099] ? __cfi___sys_connect+0x10/0x10 [ 1731.738149][T19099] ? __kasan_check_read+0x15/0x20 [ 1731.738176][T19099] __x64_sys_connect+0x7e/0x90 [ 1731.738198][T19099] x64_sys_call+0x1c2f/0x2ee0 [ 1731.738223][T19099] do_syscall_64+0x58/0xf0 [ 1731.738245][T19099] ? clear_bhb_loop+0x50/0xa0 [ 1731.738265][T19099] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1731.738284][T19099] RIP: 0033:0x7fb22cf8f6c9 [ 1731.738301][T19099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1731.738317][T19099] RSP: 002b:00007fb22de4b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1731.738339][T19099] RAX: ffffffffffffffda RBX: 00007fb22d1e5fa0 RCX: 00007fb22cf8f6c9 [ 1731.738355][T19099] RDX: 000000000000001e RSI: 0000200000000080 RDI: 0000000000000006 [ 1731.738368][T19099] RBP: 00007fb22de4b090 R08: 0000000000000000 R09: 0000000000000000 [ 1731.738381][T19099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1731.738394][T19099] R13: 00007fb22d1e6038 R14: 00007fb22d1e5fa0 R15: 00007ffc1406fa98 [ 1731.738409][T19099] [ 1732.730735][T19191] fuseblk: Bad value for 'fd' [ 1732.902002][T13640] hid-generic 0000:0000:0000.001C: unknown main item tag 0x0 [ 1732.924751][T13640] hid-generic 0000:0000:0000.001C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1733.339152][T19245] batadv_slave_1: entered promiscuous mode [ 1733.351772][T19244] batadv_slave_1: left promiscuous mode [ 1733.458384][ T36] audit: type=1400 audit(1771720072.818:520): avc: denied { execute } for pid=19253 comm="syz.3.39642" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 1733.639192][T19266] batadv_slave_1: entered promiscuous mode [ 1733.648455][T19265] batadv_slave_1: left promiscuous mode [ 1733.825947][T19286] batadv_slave_1: entered promiscuous mode [ 1733.850928][T19285] batadv_slave_1: left promiscuous mode [ 1734.144821][T19328] FAULT_INJECTION: forcing a failure. [ 1734.144821][T19328] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1734.158378][T19328] CPU: 1 UID: 0 PID: 19328 Comm: syz.3.39680 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1734.158409][T19328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1734.158421][T19328] Call Trace: [ 1734.158428][T19328] [ 1734.158436][T19328] __dump_stack+0x21/0x30 [ 1734.158466][T19328] dump_stack_lvl+0x10c/0x190 [ 1734.158489][T19328] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1734.158513][T19328] ? check_stack_object+0x107/0x140 [ 1734.158532][T19328] dump_stack+0x19/0x20 [ 1734.158553][T19328] should_fail_ex+0x3d9/0x530 [ 1734.158573][T19328] should_fail+0xf/0x20 [ 1734.158590][T19328] should_fail_usercopy+0x1e/0x30 [ 1734.158609][T19328] _copy_from_user+0x22/0xb0 [ 1734.158631][T19328] __sys_connect+0x136/0x440 [ 1734.158654][T19328] ? __cfi___sys_connect+0x10/0x10 [ 1734.158680][T19328] ? __kasan_check_read+0x15/0x20 [ 1734.158706][T19328] __x64_sys_connect+0x7e/0x90 [ 1734.158728][T19328] x64_sys_call+0x1c2f/0x2ee0 [ 1734.158754][T19328] do_syscall_64+0x58/0xf0 [ 1734.158777][T19328] ? clear_bhb_loop+0x50/0xa0 [ 1734.158797][T19328] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1734.158817][T19328] RIP: 0033:0x7f35b118f6c9 [ 1734.158833][T19328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1734.158850][T19328] RSP: 002b:00007f35b2000038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1734.158870][T19328] RAX: ffffffffffffffda RBX: 00007f35b13e5fa0 RCX: 00007f35b118f6c9 [ 1734.158886][T19328] RDX: 000000000000006e RSI: 0000200000000280 RDI: 0000000000000006 [ 1734.158899][T19328] RBP: 00007f35b2000090 R08: 0000000000000000 R09: 0000000000000000 [ 1734.158912][T19328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1734.158925][T19328] R13: 00007f35b13e6038 R14: 00007f35b13e5fa0 R15: 00007ffd0843f2d8 [ 1734.158942][T19328] [ 1734.597165][T19371] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19371 comm=syz.3.39699 [ 1734.823503][T19393] FAULT_INJECTION: forcing a failure. [ 1734.823503][T19393] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1734.851369][T19393] CPU: 1 UID: 0 PID: 19393 Comm: syz.2.39710 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1734.851406][T19393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1734.851418][T19393] Call Trace: [ 1734.851424][T19393] [ 1734.851433][T19393] __dump_stack+0x21/0x30 [ 1734.851461][T19393] dump_stack_lvl+0x10c/0x190 [ 1734.851484][T19393] ? __cfi_dump_stack_lvl+0x10/0x10 [ 1734.851509][T19393] ? kstrtoull+0x13b/0x1e0 [ 1734.851526][T19393] dump_stack+0x19/0x20 [ 1734.851548][T19393] should_fail_ex+0x3d9/0x530 [ 1734.851568][T19393] should_fail+0xf/0x20 [ 1734.851585][T19393] should_fail_usercopy+0x1e/0x30 [ 1734.851605][T19393] _copy_from_user+0x22/0xb0 [ 1734.851626][T19393] ___sys_sendmsg+0x159/0x2a0 [ 1734.851652][T19393] ? __sys_sendmsg+0x280/0x280 [ 1734.851676][T19393] ? proc_fail_nth_write+0x17e/0x210 [ 1734.851700][T19393] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 1734.851726][T19393] __x64_sys_sendmsg+0x1eb/0x2c0 [ 1734.851750][T19393] ? fput+0x1a5/0x240 [ 1734.851771][T19393] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 1734.851795][T19393] ? ksys_write+0x1ef/0x250 [ 1734.851812][T19393] ? __kasan_check_read+0x15/0x20 [ 1734.851837][T19393] x64_sys_call+0x2a4c/0x2ee0 [ 1734.851860][T19393] do_syscall_64+0x58/0xf0 [ 1734.851882][T19393] ? clear_bhb_loop+0x50/0xa0 [ 1734.851901][T19393] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1734.851921][T19393] RIP: 0033:0x7fb22cf8f6c9 [ 1734.851938][T19393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1734.851954][T19393] RSP: 002b:00007fb22de4b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1734.851974][T19393] RAX: ffffffffffffffda RBX: 00007fb22d1e5fa0 RCX: 00007fb22cf8f6c9 [ 1734.851989][T19393] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 1734.852002][T19393] RBP: 00007fb22de4b090 R08: 0000000000000000 R09: 0000000000000000 [ 1734.852014][T19393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1734.852025][T19393] R13: 00007fb22d1e6038 R14: 00007fb22d1e5fa0 R15: 00007ffc1406fa98 [ 1734.852040][T19393] [ 1735.871076][T19454] fuseblk: Bad value for 'max_read' [ 1737.388915][T19552] fuseblk: Bad value for 'fd' [ 1737.843262][T19587] fuseblk: Bad value for 'max_read' [ 1738.622555][T19671] fuseblk: Bad value for 'max_read' [ 1738.880439][T24363] bridge_slave_1: left allmulticast mode [ 1738.886344][T24363] bridge_slave_1: left promiscuous mode [ 1738.898445][T24363] bridge0: port 2(bridge_slave_1) entered disabled state [ 1738.917769][T24363] bridge_slave_0: left allmulticast mode [ 1738.923646][T24363] bridge_slave_0: left promiscuous mode [ 1738.936477][T24363] bridge0: port 1(bridge_slave_0) entered disabled state [ 1739.111920][T24363] veth1_macvtap: left promiscuous mode [ 1739.117669][T24363] veth0_vlan: left promiscuous mode [ 1739.218144][T19683] bridge0: port 1(bridge_slave_0) entered blocking state [ 1739.241225][T19683] bridge0: port 1(bridge_slave_0) entered disabled state [ 1739.248330][T19683] bridge_slave_0: entered allmulticast mode [ 1739.275858][T19683] bridge_slave_0: entered promiscuous mode [ 1739.289587][T19710] batadv_slave_1: entered promiscuous mode [ 1739.312552][T19709] batadv_slave_1: left promiscuous mode [ 1739.322368][T19683] bridge0: port 2(bridge_slave_1) entered blocking state [ 1739.336209][T19683] bridge0: port 2(bridge_slave_1) entered disabled state [ 1739.346755][T19683] bridge_slave_1: entered allmulticast mode [ 1739.363003][T19683] bridge_slave_1: entered promiscuous mode [ 1739.472221][T19730] fuseblk: Bad value for 'max_read' [ 1739.490261][T19683] bridge0: port 2(bridge_slave_1) entered blocking state [ 1739.497350][T19683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1739.504683][T19683] bridge0: port 1(bridge_slave_0) entered blocking state [ 1739.511748][T19683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1739.570444][T26306] bridge0: port 1(bridge_slave_0) entered disabled state [ 1739.578517][T26306] bridge0: port 2(bridge_slave_1) entered disabled state [ 1739.589476][T26306] bridge0: port 1(bridge_slave_0) entered blocking state [ 1739.596584][T26306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1739.627089][T26306] bridge0: port 2(bridge_slave_1) entered blocking state [ 1739.634742][T26306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1739.681538][T19683] veth0_vlan: entered promiscuous mode [ 1739.702451][T19683] veth1_macvtap: entered promiscuous mode [ 1739.877520][T19758] batadv_slave_1: entered promiscuous mode [ 1739.893819][T19757] batadv_slave_1: left promiscuous mode [ 1740.721376][T19854] batadv_slave_1: entered promiscuous mode [ 1740.737308][T19853] batadv_slave_1: left promiscuous mode [ 1743.636346][ T5414] bridge_slave_1: left allmulticast mode [ 1743.660605][ T5414] bridge_slave_1: left promiscuous mode [ 1743.666235][ T5414] bridge0: port 2(bridge_slave_1) entered disabled state [ 1743.689936][ T5414] bridge_slave_0: left allmulticast mode [ 1743.695604][ T5414] bridge_slave_0: left promiscuous mode [ 1743.708207][ T5414] bridge0: port 1(bridge_slave_0) entered disabled state [ 1743.873232][ T5414] veth1_macvtap: left promiscuous mode [ 1743.878800][ T5414] veth0_vlan: left promiscuous mode [ 1744.003309][T20040] batadv_slave_1: entered promiscuous mode [ 1744.021807][T20039] batadv_slave_1: left promiscuous mode [ 1744.071233][T20026] bridge0: port 1(bridge_slave_0) entered blocking state [ 1744.078388][T20026] bridge0: port 1(bridge_slave_0) entered disabled state [ 1744.117618][T20026] bridge_slave_0: entered allmulticast mode [ 1744.135638][T20026] bridge_slave_0: entered promiscuous mode [ 1744.156379][T20026] bridge0: port 2(bridge_slave_1) entered blocking state [ 1744.172702][T20026] bridge0: port 2(bridge_slave_1) entered disabled state [ 1744.181291][T20026] bridge_slave_1: entered allmulticast mode [ 1744.187722][T20026] bridge_slave_1: entered promiscuous mode [ 1744.387403][T20026] bridge0: port 2(bridge_slave_1) entered blocking state [ 1744.394497][T20026] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1744.401786][T20026] bridge0: port 1(bridge_slave_0) entered blocking state [ 1744.408885][T20026] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1744.487785][T26306] bridge0: port 1(bridge_slave_0) entered disabled state [ 1744.496262][T26306] bridge0: port 2(bridge_slave_1) entered disabled state [ 1744.514772][T24363] bridge0: port 1(bridge_slave_0) entered blocking state [ 1744.521864][T24363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1744.548208][T26306] bridge0: port 2(bridge_slave_1) entered blocking state [ 1744.555275][T26306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1744.639110][T20026] veth0_vlan: entered promiscuous mode [ 1744.661540][T20026] veth1_macvtap: entered promiscuous mode [ 1744.880018][T20077] batadv_slave_1: entered promiscuous mode [ 1744.889473][T20076] batadv_slave_1: left promiscuous mode [ 1748.652796][T20300] batadv_slave_1: entered promiscuous mode [ 1748.670895][T20299] batadv_slave_1: left promiscuous mode [ 1748.948939][T20321] batadv_slave_1: entered promiscuous mode [ 1748.965801][T20320] batadv_slave_1: left promiscuous mode [ 1749.797132][T20379] batadv_slave_1: entered promiscuous mode [ 1749.814895][T20378] batadv_slave_1: left promiscuous mode [ 1750.176419][T20399] batadv_slave_1: entered promiscuous mode [ 1750.182576][T20398] batadv_slave_1: left promiscuous mode [ 1750.444159][T20423] fuseblk: Bad value for 'max_read' [ 1751.551015][T20469] fuseblk: Bad value for 'max_read' [ 1753.465913][T20597] fuseblk: Bad value for 'max_read' [ 1753.636657][T20617] fuseblk: Bad value for 'max_read' [ 1753.798767][T20655] fuseblk: Bad value for 'max_read' [ 1755.083071][T20747] netlink: 96 bytes leftover after parsing attributes in process `syz.3.40374'. [ 1755.518900][T13655] usb 6-1: new high-speed USB device number 74 using dummy_hcd [ 1755.604602][ T36] audit: type=1400 audit(1771720096.084:521): avc: denied { read } for pid=20791 comm="syz.2.40388" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 1755.629343][ T36] audit: type=1400 audit(1771720096.084:522): avc: denied { open } for pid=20791 comm="syz.2.40388" path="/317/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 1755.690010][T13655] usb 6-1: Using ep0 maxpacket: 16 [ 1755.700828][T13655] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1755.718089][T20805] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3596000302 (14384001208 ns) > initial count (4696682236 ns). Using initial count to start timer. [ 1755.738278][T13655] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1755.745008][T13655] usb 6-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1755.755551][T13655] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1755.765804][T20805] kvm: kvm [20804]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 1755.775932][T20805] kvm: kvm [20804]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 1755.790769][T13655] usb 6-1: config 0 descriptor?? [ 1755.902624][T20830] netlink: 'syz.2.40411': attribute type 4 has an invalid length. [ 1755.977052][ T36] audit: type=1326 audit(1771720096.473:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20842 comm="syz.2.40417" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb22cf8f6c9 code=0x0 [ 1756.005241][T13655] usbhid 6-1:0.0: can't add hid device: -71 [ 1756.011258][T13655] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1756.022124][T13655] usb 6-1: USB disconnect, device number 74 [ 1756.263924][ T36] audit: type=1400 audit(1771720096.767:524): avc: denied { ioctl } for pid=20860 comm="syz.0.40424" path="socket:[599228]" dev="sockfs" ino=599228 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1756.600312][T20902] netlink: 4 bytes leftover after parsing attributes in process `syz.0.40443'. [ 1756.609440][T20902] bridge_slave_1: left allmulticast mode [ 1756.615412][T20902] bridge_slave_1: left promiscuous mode [ 1756.621422][T20902] bridge0: port 2(bridge_slave_1) entered disabled state [ 1756.631913][T20902] bridge_slave_0: left allmulticast mode [ 1756.637874][T20902] bridge_slave_0: left promiscuous mode [ 1756.641673][ T36] audit: type=1400 audit(1771720097.155:525): avc: denied { associate } for pid=20909 comm="syz.3.40446" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 1756.643907][T20902] bridge0: port 1(bridge_slave_0) entered disabled state [ 1756.690138][ T36] audit: type=1400 audit(1771720097.197:526): avc: denied { execute } for pid=20907 comm="syz.3.40446" path="/cpuacct.usage_percpu" dev="rootfs" ino=600316 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 1756.784687][T20922] overlayfs: failed to resolve './file0': -2 [ 1756.971726][T20966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.40474'. [ 1757.014133][T20972] overlayfs: failed to resolve './file0': -2 [ 1757.075373][ T36] audit: type=1400 audit(1771720097.617:527): avc: denied { nlmsg_write } for pid=20990 comm="syz.3.40485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 1757.176677][T21001] kvm: vcpu 0: requested 3328 ns lapic timer period limited to 200000 ns [ 1757.368168][T21030] bridge0: port 3(erspan0) entered blocking state [ 1757.379289][T21030] bridge0: port 3(erspan0) entered disabled state [ 1757.385880][T21030] erspan0: entered allmulticast mode [ 1757.392073][T21030] erspan0: entered promiscuous mode [ 1757.406788][T21030] bridge0: port 3(erspan0) entered blocking state [ 1757.413269][T21030] bridge0: port 3(erspan0) entered forwarding state [ 1757.461423][ T36] audit: type=1400 audit(1771720098.016:528): avc: denied { read } for pid=21040 comm="syz.5.40508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 1757.582271][T21061] No source specified [ 1757.750359][ T36] audit: type=1400 audit(1771720098.331:529): avc: denied { read } for pid=21093 comm="syz.5.40533" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1757.785597][ T36] audit: type=1400 audit(1771720098.331:530): avc: denied { open } for pid=21093 comm="syz.5.40533" path="/99/file0/.pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1758.080987][T13640] usb 1-1: new high-speed USB device number 119 using dummy_hcd [ 1758.188765][T21156] netlink: 756 bytes leftover after parsing attributes in process `syz.3.40561'. [ 1758.242679][T13640] usb 1-1: Using ep0 maxpacket: 16 [ 1758.251166][T13640] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1758.273727][T13640] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1758.281002][T13640] usb 1-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1758.299197][T13640] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1758.309742][T13640] usb 1-1: config 0 descriptor?? [ 1758.513874][T13640] usbhid 1-1:0.0: can't add hid device: -71 [ 1758.525382][T13640] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1758.537067][T13640] usb 1-1: USB disconnect, device number 119 [ 1759.065679][T21234] syz.0.40597(21234): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1759.280716][T21246] input: syz1 as /devices/virtual/input/input276 [ 1759.429898][T21265] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=21265 comm=syz.3.40612 [ 1760.231351][T21313] input: syz1 as /devices/virtual/input/input277 [ 1760.288603][T21325] netlink: 'syz.2.40640': attribute type 4 has an invalid length. [ 1760.347468][ T3274] usb 1-1: new high-speed USB device number 120 using dummy_hcd [ 1760.472045][T21347] netlink: 156 bytes leftover after parsing attributes in process `syz.5.40651'. [ 1760.509664][ T3274] usb 1-1: Using ep0 maxpacket: 32 [ 1760.516042][ T3274] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 1760.526124][ T3274] usb 1-1: config 0 has no interface number 0 [ 1760.532629][ T3274] usb 1-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1760.543653][ T3274] usb 1-1: config 0 interface 1 has no altsetting 0 [ 1760.551851][ T3274] usb 1-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 1760.561748][ T3274] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1760.570300][ T3274] usb 1-1: Product: syz [ 1760.574758][ T3274] usb 1-1: Manufacturer: syz [ 1760.581319][ T3274] usb 1-1: SerialNumber: syz [ 1760.588263][ T3274] usb 1-1: config 0 descriptor?? [ 1760.671573][ T36] kauditd_printk_skb: 3 callbacks suppressed [ 1760.671740][ T36] audit: type=1400 audit(1771720101.397:534): avc: denied { watch } for pid=21364 comm="syz.5.40659" path=2F6D656D66643A2D263A7B2DAA5D7B202864656C6574656429 dev="tmpfs" ino=1495 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1760.704960][ T36] audit: type=1400 audit(1771720101.397:535): avc: denied { execute_no_trans } for pid=21364 comm="syz.5.40659" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=515 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1760.792525][ T3274] usb 1-1: USB disconnect, device number 120 [ 1761.488910][T21439] netlink: 12 bytes leftover after parsing attributes in process `syz.3.40693'. [ 1761.580154][T21447] netlink: 16 bytes leftover after parsing attributes in process `syz.3.40697'. [ 1761.600656][T21447] netlink: 7 bytes leftover after parsing attributes in process `syz.3.40697'. [ 1761.664429][ T36] audit: type=1400 audit(1771720102.436:536): avc: denied { mounton } for pid=21451 comm="syz.3.40700" path="/239/file0" dev="tmpfs" ino=1425 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1761.664934][T21453] 9p: Unknown Cache mode or invalid value m [ 1762.748263][ T597] usb 1-1: new high-speed USB device number 121 using dummy_hcd [ 1762.929720][ T597] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1762.952192][ T597] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1762.978423][ T597] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1763.005444][ T597] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1763.024497][ T597] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1763.047609][ T597] usb 1-1: config 0 descriptor?? [ 1763.439230][ T597] plantronics 0003:047F:FFFF.001D: No inputs registered, leaving [ 1763.466471][ T597] plantronics 0003:047F:FFFF.001D: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1763.471563][T21628] overlayfs: failed to resolve './file0': -2 [ 1763.710461][ T3274] usb 1-1: USB disconnect, device number 121 [ 1764.315833][T21649] 9pnet_fd: Insufficient options for proto=fd [ 1764.363607][T21655] netlink: 8 bytes leftover after parsing attributes in process `syz.3.40795'. [ 1765.545534][T21704] loop5: detected capacity change from 0 to 7 [ 1767.395832][T13816] usb 6-1: new high-speed USB device number 75 using dummy_hcd [ 1767.557951][T13816] usb 6-1: Using ep0 maxpacket: 16 [ 1767.574121][T13816] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1767.588728][T13816] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1767.601278][T13816] usb 6-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1767.616247][T13816] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1767.631179][T13816] usb 6-1: config 0 descriptor?? [ 1767.830986][T13816] usbhid 6-1:0.0: can't add hid device: -71 [ 1767.853159][T13816] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1767.882886][T13816] usb 6-1: USB disconnect, device number 75 [ 1768.092831][T21793] loop5: detected capacity change from 0 to 7 [ 1768.521639][T21821] hub 1-0:1.0: USB hub found [ 1768.539354][T21821] hub 1-0:1.0: 1 port detected [ 1769.306533][T21842] overlayfs: missing 'lowerdir' [ 1771.162607][T21982] loop5: detected capacity change from 0 to 7 [ 1771.242584][ T36] audit: type=1400 audit(1771720112.494:537): avc: denied { watch } for pid=21988 comm="syz.2.40943" path="/proc/973/task/974" dev="proc" ino=606388 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 1771.815765][T13816] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 1771.977393][T13816] usb 3-1: Using ep0 maxpacket: 16 [ 1771.987820][T13816] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1772.002017][T22011] netlink: 48 bytes leftover after parsing attributes in process `syz.3.40960'. [ 1772.008838][T13816] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1772.034760][T13816] usb 3-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1772.043873][T13816] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1772.065663][T13816] usb 3-1: config 0 descriptor?? [ 1772.147461][T22015] loop5: detected capacity change from 0 to 7 [ 1772.269666][T13816] usbhid 3-1:0.0: can't add hid device: -71 [ 1772.291956][T13816] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1772.326035][T13816] usb 3-1: USB disconnect, device number 6 [ 1773.192112][T22062] can0: slcan on ttyS3. [ 1773.233324][T22062] can0 (unregistered): slcan off ttyS3. [ 1773.244104][T22062] Falling back ldisc for ttyS3. [ 1773.252279][T22065] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1 [ 1773.277908][T22065] rust_binder: Write failure EINVAL in pid:1128 [ 1773.474069][T22091] overlayfs: missing 'lowerdir' [ 1773.858930][T22115] overlayfs: missing 'lowerdir' [ 1773.935573][T22121] netlink: 188 bytes leftover after parsing attributes in process `syz.0.41011'. [ 1774.015652][T22125] loop5: detected capacity change from 0 to 7 [ 1774.173157][T22134] overlayfs: missing 'lowerdir' [ 1774.215193][T22138] netlink: 4 bytes leftover after parsing attributes in process `syz.0.41019'. [ 1774.331579][T22156] overlayfs: missing 'lowerdir' [ 1775.007916][T22186] can0: slcan on ttyS3. [ 1775.055358][T22186] can0 (unregistered): slcan off ttyS3. [ 1775.065228][T22186] Falling back ldisc for ttyS3. [ 1775.248215][T22213] overlayfs: missing 'lowerdir' [ 1775.578637][T22257] netlink: 'syz.2.41064': attribute type 4 has an invalid length. [ 1776.098441][T22293] 9pnet: p9_errstr2errno: server reported unknown error n$[ [ 1776.098441][T22293] [ 1776.673096][ T36] audit: type=1400 audit(1771720118.185:538): avc: denied { setopt } for pid=22326 comm="syz.2.41097" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 1776.949440][T18811] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 1777.142936][T18811] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1777.170538][T18811] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1777.184704][T18811] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1777.206043][T18811] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1777.217476][T18811] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1777.232211][T18811] usb 3-1: config 0 descriptor?? [ 1777.645457][T18811] plantronics 0003:047F:FFFF.001E: No inputs registered, leaving [ 1777.683317][T18811] plantronics 0003:047F:FFFF.001E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1778.035309][T13640] usb 3-1: USB disconnect, device number 7 [ 1778.463732][ T5749] usb 6-1: new high-speed USB device number 76 using dummy_hcd [ 1778.481974][T22384] overlayfs: missing 'workdir' [ 1778.613539][T22405] overlayfs: missing 'workdir' [ 1778.615765][ T5749] usb 6-1: Using ep0 maxpacket: 16 [ 1778.634548][ T5749] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1778.654484][ T5749] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1778.671816][ T5749] usb 6-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1778.691146][ T5749] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1778.710384][ T5749] usb 6-1: config 0 descriptor?? [ 1778.747265][ T36] audit: type=1400 audit(1771720120.368:539): avc: denied { write } for pid=22420 comm="syz.2.41141" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 1778.785644][ T36] audit: type=1400 audit(1771720120.400:540): avc: denied { open } for pid=22420 comm="syz.2.41141" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 1778.908216][ T5749] usbhid 6-1:0.0: can't add hid device: -71 [ 1778.920677][ T5749] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1778.936840][ T5749] usb 6-1: USB disconnect, device number 76 [ 1779.061241][T22439] loop5: detected capacity change from 0 to 7 [ 1779.236965][T22458] can0: slcan on ttyS3. [ 1779.285678][T22458] can0 (unregistered): slcan off ttyS3. [ 1779.308770][T22458] Falling back ldisc for ttyS3. [ 1779.316633][T22469] tipc: Enabling of bearer rejected, failed to enable media [ 1779.520625][T22479] bridge0: port 1(bridge_slave_0) entered blocking state [ 1779.528305][T22479] bridge0: port 1(bridge_slave_0) entered disabled state [ 1779.545719][T22479] bridge_slave_0: entered allmulticast mode [ 1779.556859][T22479] bridge_slave_0: entered promiscuous mode [ 1779.568025][T22479] bridge0: port 2(bridge_slave_1) entered blocking state [ 1779.576007][T22479] bridge0: port 2(bridge_slave_1) entered disabled state [ 1779.585726][T22479] bridge_slave_1: entered allmulticast mode [ 1779.594949][T22479] bridge_slave_1: entered promiscuous mode [ 1779.694962][T22479] bridge0: port 2(bridge_slave_1) entered blocking state [ 1779.702090][T22479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1779.710555][T22479] bridge0: port 1(bridge_slave_0) entered blocking state [ 1779.719558][T22479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1779.729465][ T5414] veth1_macvtap: left promiscuous mode [ 1779.735918][ T5414] veth0_vlan: left promiscuous mode [ 1779.788324][T24363] bridge0: port 1(bridge_slave_0) entered disabled state [ 1779.796357][T24363] bridge0: port 2(bridge_slave_1) entered disabled state [ 1779.796856][T18811] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1779.820170][T26306] bridge0: port 1(bridge_slave_0) entered blocking state [ 1779.828241][T26306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1779.840310][T26306] bridge0: port 2(bridge_slave_1) entered blocking state [ 1779.847955][T26306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1779.863802][T13655] usb 6-1: new high-speed USB device number 77 using dummy_hcd [ 1779.894627][T22479] veth0_vlan: entered promiscuous mode [ 1779.907995][T22479] veth1_macvtap: entered promiscuous mode [ 1779.959117][T18811] usb 3-1: Using ep0 maxpacket: 8 [ 1779.967793][T18811] usb 3-1: config 0 has an invalid interface number: 193 but max is 1 [ 1779.976734][T18811] usb 3-1: config 0 has an invalid interface number: 4 but max is 1 [ 1779.985189][T18811] usb 3-1: config 0 has an invalid interface number: 54 but max is 1 [ 1779.994104][T18811] usb 3-1: config 0 has an invalid descriptor of length 10, skipping remainder of the config [ 1780.004499][T18811] usb 3-1: config 0 has 3 interfaces, different from the descriptor's value: 2 [ 1780.014066][T13655] usb 6-1: Using ep0 maxpacket: 16 [ 1780.019229][T18811] usb 3-1: config 0 has no interface number 0 [ 1780.026170][T18811] usb 3-1: config 0 has no interface number 1 [ 1780.033046][T18811] usb 3-1: config 0 has no interface number 2 [ 1780.040439][T13655] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1780.051490][T13655] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1780.058390][T18811] usb 3-1: config 0 interface 193 altsetting 147 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1780.071942][T13655] usb 6-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1780.081232][T18811] usb 3-1: config 0 interface 4 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 1780.094420][T13655] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1780.103378][T13655] usb 6-1: config 0 descriptor?? [ 1780.108831][T18811] usb 3-1: config 0 interface 193 has no altsetting 0 [ 1780.116194][T18811] usb 3-1: config 0 interface 4 has no altsetting 0 [ 1780.124288][T18811] usb 3-1: config 0 interface 54 has no altsetting 0 [ 1780.132985][T18811] usb 3-1: New USB device found, idVendor=1f38, idProduct=0001, bcdDevice=7d.6a [ 1780.142323][T18811] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1780.150640][T18811] usb 3-1: Product: syz [ 1780.154904][T18811] usb 3-1: Manufacturer: syz [ 1780.159838][T18811] usb 3-1: SerialNumber: syz [ 1780.165967][T18811] usb 3-1: config 0 descriptor?? [ 1780.315485][T13655] usbhid 6-1:0.0: can't add hid device: -71 [ 1780.323488][T13655] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1780.335683][T13655] usb 6-1: USB disconnect, device number 77 [ 1780.370951][T18811] usb 3-1: unknown interface protocol 0x4f, assuming v1 [ 1780.388507][T18811] usb 3-1: 193:2 : does not exist [ 1780.398270][T18811] usb 3-1: unknown interface protocol 0x5, assuming v1 [ 1780.406044][T18811] usb 3-1: cannot find UAC_HEADER [ 1780.427430][T18811] snd-usb-audio 3-1:0.4: probe with driver snd-usb-audio failed with error -22 [ 1780.455238][T18811] usb 3-1: unknown interface protocol 0x9b, assuming v1 [ 1780.467606][T18811] usb 3-1: cannot find UAC_HEADER [ 1780.474473][T18811] snd-usb-audio 3-1:0.54: probe with driver snd-usb-audio failed with error -22 [ 1780.500151][T18811] usb 3-1: USB disconnect, device number 8 [ 1780.523477][T22552] tipc: Enabling of bearer rejected, failed to enable media [ 1780.607764][T22572] tipc: Enabling of bearer rejected, failed to enable media [ 1780.766663][T22610] fuse: Bad value for 'fd' [ 1781.146733][T22632] fuse: Bad value for 'fd' [ 1781.387406][ T3274] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 1781.416005][T18811] usb 6-1: new high-speed USB device number 78 using dummy_hcd [ 1781.530614][ T3274] usb 3-1: Using ep0 maxpacket: 8 [ 1781.536763][ T3274] usb 3-1: config 0 has an invalid interface number: 193 but max is 1 [ 1781.544997][ T3274] usb 3-1: config 0 has an invalid interface number: 4 but max is 1 [ 1781.553544][ T3274] usb 3-1: config 0 has an invalid interface number: 54 but max is 1 [ 1781.558946][T18811] usb 6-1: Using ep0 maxpacket: 8 [ 1781.562181][ T3274] usb 3-1: config 0 has an invalid descriptor of length 10, skipping remainder of the config [ 1781.576639][T18811] usb 6-1: config 1 interface 0 altsetting 248 bulk endpoint 0x3 has invalid maxpacket 32 [ 1781.577191][ T3274] usb 3-1: config 0 has 3 interfaces, different from the descriptor's value: 2 [ 1781.596016][ T3274] usb 3-1: config 0 has no interface number 0 [ 1781.596014][T18811] usb 6-1: config 1 interface 0 has no altsetting 0 [ 1781.597979][T18811] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1781.602174][ T3274] usb 3-1: config 0 has no interface number 1 [ 1781.602194][ T3274] usb 3-1: config 0 has no interface number 2 [ 1781.602225][ T3274] usb 3-1: config 0 interface 193 altsetting 147 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1781.602259][ T3274] usb 3-1: config 0 interface 4 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 1781.602285][ T3274] usb 3-1: config 0 interface 193 has no altsetting 0 [ 1781.602304][ T3274] usb 3-1: config 0 interface 4 has no altsetting 0 [ 1781.602321][ T3274] usb 3-1: config 0 interface 54 has no altsetting 0 [ 1781.603715][ T3274] usb 3-1: New USB device found, idVendor=1f38, idProduct=0001, bcdDevice=7d.6a [ 1781.614519][T18811] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1781.621749][ T3274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1781.625246][T18811] usb 6-1: Product: syz [ 1781.630980][ T3274] usb 3-1: Product: syz [ 1781.645130][T18811] usb 6-1: Manufacturer: syz [ 1781.663320][ T3274] usb 3-1: Manufacturer: syz [ 1781.667839][T18811] usb 6-1: SerialNumber: syz [ 1781.671270][ T3274] usb 3-1: SerialNumber: syz [ 1781.684872][T22641] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1781.694853][T22656] fuse: Bad value for 'fd' [ 1781.747202][ T3274] usb 3-1: config 0 descriptor?? [ 1781.793007][T22663] tipc: Enabling of bearer rejected, failed to enable media [ 1781.901987][T18811] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71 [ 1781.914065][T18811] usb 6-1: USB disconnect, device number 78 [ 1781.946063][ T3274] usb 3-1: unknown interface protocol 0x4f, assuming v1 [ 1781.953307][ T3274] usb 3-1: 193:2 : does not exist [ 1781.958995][ T3274] usb 3-1: unknown interface protocol 0x5, assuming v1 [ 1781.966008][ T3274] usb 3-1: cannot find UAC_HEADER [ 1781.971181][ T3274] snd-usb-audio 3-1:0.4: probe with driver snd-usb-audio failed with error -22 [ 1781.981632][ T3274] usb 3-1: unknown interface protocol 0x9b, assuming v1 [ 1781.988685][ T3274] usb 3-1: cannot find UAC_HEADER [ 1781.995034][ T3274] snd-usb-audio 3-1:0.54: probe with driver snd-usb-audio failed with error -22 [ 1782.011700][ T3274] usb 3-1: USB disconnect, device number 9 [ 1783.339048][T22719] netlink: 4344 bytes leftover after parsing attributes in process `syz.5.41274'. [ 1783.555274][T22734] can0: slcan on ttyS3. [ 1783.610928][T22734] can0 (unregistered): slcan off ttyS3. [ 1783.617495][T22734] Falling back ldisc for ttyS3. [ 1784.006804][T13640] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 1784.160090][T13640] usb 3-1: config 0 has an invalid interface number: 108 but max is 0 [ 1784.170543][T13640] usb 3-1: config 0 has no interface number 0 [ 1784.176825][T13640] usb 3-1: config 0 interface 108 has no altsetting 0 [ 1784.186672][T13640] usb 3-1: New USB device found, idVendor=0403, idProduct=e80a, bcdDevice=42.b7 [ 1784.201673][T13640] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1784.209857][T13640] usb 3-1: Product: syz [ 1784.214021][T13640] usb 3-1: Manufacturer: syz [ 1784.220473][T13640] usb 3-1: SerialNumber: syz [ 1784.233533][T13640] usb 3-1: config 0 descriptor?? [ 1784.388301][ T3274] usb 6-1: new high-speed USB device number 79 using dummy_hcd [ 1784.432475][T13640] ftdi_sio 3-1:0.108: FTDI USB Serial Device converter detected [ 1784.442136][T13640] ftdi_sio ttyUSB0: unknown device type: 0x42b7 [ 1784.455137][T13640] usb 3-1: USB disconnect, device number 10 [ 1784.462944][T13640] ftdi_sio 3-1:0.108: device disconnected [ 1784.540448][ T3274] usb 6-1: Using ep0 maxpacket: 8 [ 1784.550457][ T3274] usb 6-1: config 0 has an invalid interface number: 54 but max is 0 [ 1784.558562][ T3274] usb 6-1: config 0 has an invalid descriptor of length 9, skipping remainder of the config [ 1784.568856][ T3274] usb 6-1: config 0 has no interface number 0 [ 1784.574948][ T3274] usb 6-1: config 0 interface 54 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1784.592145][ T3274] usb 6-1: config 0 interface 54 has no altsetting 0 [ 1784.600505][ T3274] usb 6-1: New USB device found, idVendor=1f38, idProduct=0001, bcdDevice=7d.6a [ 1784.610010][ T3274] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1784.618191][ T3274] usb 6-1: Product: syz [ 1784.622366][ T3274] usb 6-1: Manufacturer: syz [ 1784.627397][ T3274] usb 6-1: SerialNumber: syz [ 1784.636117][ T3274] usb 6-1: config 0 descriptor?? [ 1784.846536][ T3274] usb 6-1: unknown interface protocol 0x9b, assuming v1 [ 1784.853551][ T3274] usb 6-1: 54:2 : does not exist [ 1784.874697][ T3274] usb 6-1: USB disconnect, device number 79 [ 1784.889238][T22023] udevd[22023]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.54/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 1785.581985][T22873] netlink: 4 bytes leftover after parsing attributes in process `syz.5.41340'. [ 1785.735366][T22883] can0: slcan on ttyS3. [ 1785.799283][T22883] can0 (unregistered): slcan off ttyS3. [ 1785.806729][T22883] Falling back ldisc for ttyS3. [ 1787.550287][T13655] usb 6-1: new high-speed USB device number 80 using dummy_hcd [ 1787.655275][ T36] audit: type=1326 audit(1771720129.734:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23098 comm="syz.3.41437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e5db8f6c9 code=0x7ffc0000 [ 1787.685987][ T36] audit: type=1326 audit(1771720129.734:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23098 comm="syz.3.41437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e5db8f6c9 code=0x7ffc0000 [ 1787.692888][T13655] usb 6-1: Using ep0 maxpacket: 16 [ 1787.714490][ T36] audit: type=1326 audit(1771720129.734:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23098 comm="syz.3.41437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f5e5db8f6c9 code=0x7ffc0000 [ 1787.716178][T13655] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1787.741953][ T36] audit: type=1326 audit(1771720129.734:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23098 comm="syz.3.41437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e5db8f6c9 code=0x7ffc0000 [ 1787.749775][T13655] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1787.777128][ T36] audit: type=1326 audit(1771720129.734:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23098 comm="syz.3.41437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5e5db8f6c9 code=0x7ffc0000 [ 1787.779580][T13655] usb 6-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1787.812839][T13655] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1787.821395][T13655] usb 6-1: config 0 descriptor?? [ 1787.919568][T23103] can0: slcan on ttyS3. [ 1787.941486][T23103] can0 (unregistered): slcan off ttyS3. [ 1787.947254][T23103] Falling back ldisc for ttyS3. [ 1788.024858][T13655] usbhid 6-1:0.0: can't add hid device: -71 [ 1788.034379][T13655] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1788.047127][T13655] usb 6-1: USB disconnect, device number 80 [ 1788.925741][T23223] bridge0: port 1(bridge_slave_0) entered blocking state [ 1788.932889][T23223] bridge0: port 1(bridge_slave_0) entered disabled state [ 1788.940071][T23223] bridge_slave_0: entered allmulticast mode [ 1788.946871][T23223] bridge_slave_0: entered promiscuous mode [ 1788.955641][T23223] bridge0: port 2(bridge_slave_1) entered blocking state [ 1788.962855][ T3274] usb 6-1: new high-speed USB device number 81 using dummy_hcd [ 1788.971194][T23223] bridge0: port 2(bridge_slave_1) entered disabled state [ 1788.978398][T23223] bridge_slave_1: entered allmulticast mode [ 1788.985261][T23223] bridge_slave_1: entered promiscuous mode [ 1789.020816][T26306] bridge_slave_1: left allmulticast mode [ 1789.033326][T26306] bridge_slave_1: left promiscuous mode [ 1789.039046][T26306] bridge0: port 2(bridge_slave_1) entered disabled state [ 1789.046678][T26306] bridge_slave_0: left allmulticast mode [ 1789.052326][T26306] bridge_slave_0: left promiscuous mode [ 1789.074327][T26306] bridge0: port 1(bridge_slave_0) entered disabled state [ 1789.131317][ T3274] usb 6-1: Using ep0 maxpacket: 16 [ 1789.138644][ T3274] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1789.150041][ T3274] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1789.156664][ T3274] usb 6-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1789.176498][ T3274] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1789.187699][ T3274] usb 6-1: config 0 descriptor?? [ 1789.210219][T26306] veth1_macvtap: left promiscuous mode [ 1789.215742][T26306] veth0_vlan: left promiscuous mode [ 1789.225176][T23228] overlayfs: failed to clone upperpath [ 1789.309206][T23223] bridge0: port 2(bridge_slave_1) entered blocking state [ 1789.316303][T23223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1789.323610][T23223] bridge0: port 1(bridge_slave_0) entered blocking state [ 1789.330641][T23223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1789.354774][ T5414] bridge0: port 1(bridge_slave_0) entered disabled state [ 1789.362549][ T5414] bridge0: port 2(bridge_slave_1) entered disabled state [ 1789.373216][T24363] bridge0: port 1(bridge_slave_0) entered blocking state [ 1789.380351][T24363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1789.399064][ T3274] usbhid 6-1:0.0: can't add hid device: -71 [ 1789.408363][T24363] bridge0: port 2(bridge_slave_1) entered blocking state [ 1789.415518][T24363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1789.423358][ T3274] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1789.435920][ T3274] usb 6-1: USB disconnect, device number 81 [ 1789.458451][T23223] veth0_vlan: entered promiscuous mode [ 1789.471964][T23223] veth1_macvtap: entered promiscuous mode [ 1790.140883][ T3274] usb 6-1: new high-speed USB device number 82 using dummy_hcd [ 1790.276112][T23279] 9pnet_fd: Insufficient options for proto=fd [ 1790.292966][ T3274] usb 6-1: device descriptor read/64, error -71 [ 1790.319347][T23281] can0: slcan on ttyS3. [ 1790.362709][T23281] can0 (unregistered): slcan off ttyS3. [ 1790.368361][T23281] Falling back ldisc for ttyS3. [ 1790.541051][ T3274] usb 6-1: device descriptor read/64, error -71 [ 1790.797861][ T3274] usb 6-1: new high-speed USB device number 83 using dummy_hcd [ 1790.960091][ T3274] usb 6-1: device descriptor read/64, error -71 [ 1791.226773][ T3274] usb 6-1: device descriptor read/64, error -71 [ 1791.331646][ T3274] usb usb6-port1: attempt power cycle [ 1791.645862][ T31] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 1791.674024][ T3274] usb 6-1: new high-speed USB device number 84 using dummy_hcd [ 1791.703645][ T3274] usb 6-1: device descriptor read/8, error -71 [ 1791.798099][ T31] usb 3-1: Using ep0 maxpacket: 16 [ 1791.804354][ T31] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1791.815523][ T31] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1791.822286][ T31] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1791.831678][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1791.840833][ T3274] usb 6-1: device descriptor read/8, error -71 [ 1791.847582][ T31] usb 3-1: config 0 descriptor?? [ 1792.083576][ T3274] usb 6-1: new high-speed USB device number 85 using dummy_hcd [ 1792.103599][ T3274] usb 6-1: device descriptor read/8, error -71 [ 1792.216586][T23429] tipc: Enabling of bearer rejected, failed to enable media [ 1792.239609][ T3274] usb 6-1: device descriptor read/8, error -71 [ 1792.245986][ T31] hid-generic 0003:1E71:2009.001F: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0 [ 1792.360264][ T3274] usb usb6-port1: unable to enumerate USB device [ 1792.668505][ T31] usb 3-1: USB disconnect, device number 11 [ 1792.941306][T23494] overlayfs: failed to resolve './file1': -2 [ 1793.179351][ T3274] usb 6-1: new high-speed USB device number 86 using dummy_hcd [ 1793.312459][ T3274] usb 6-1: device descriptor read/64, error -71 [ 1793.321752][T23568] loop5: detected capacity change from 0 to 7 [ 1793.560333][ T3274] usb 6-1: device descriptor read/64, error -71 [ 1793.788764][ T3274] usb 6-1: new high-speed USB device number 87 using dummy_hcd [ 1793.921946][ T3274] usb 6-1: device descriptor read/64, error -71 [ 1794.075409][T23634] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1794.084299][T23634] overlayfs: missing 'lowerdir' [ 1794.152079][ T3274] usb 6-1: device descriptor read/64, error -71 [ 1794.264794][ T3274] usb usb6-port1: attempt power cycle [ 1794.311981][T23658] bridge0: port 1(bridge_slave_0) entered blocking state [ 1794.319212][T23658] bridge0: port 1(bridge_slave_0) entered disabled state [ 1794.326506][T23658] bridge_slave_0: entered allmulticast mode [ 1794.332724][T23658] bridge_slave_0: entered promiscuous mode [ 1794.339095][T23658] bridge0: port 2(bridge_slave_1) entered blocking state [ 1794.350619][T23658] bridge0: port 2(bridge_slave_1) entered disabled state [ 1794.367678][T23658] bridge_slave_1: entered allmulticast mode [ 1794.374144][T23658] bridge_slave_1: entered promiscuous mode [ 1794.385797][T26306] bridge_slave_1: left allmulticast mode [ 1794.398248][T26306] bridge_slave_1: left promiscuous mode [ 1794.403943][T26306] bridge0: port 2(bridge_slave_1) entered disabled state [ 1794.414057][T26306] bridge_slave_0: left allmulticast mode [ 1794.423348][T26306] bridge_slave_0: left promiscuous mode [ 1794.433796][T26306] bridge0: port 1(bridge_slave_0) entered disabled state [ 1794.546025][T26306] veth1_macvtap: left promiscuous mode [ 1794.551643][T26306] veth0_vlan: left promiscuous mode [ 1794.588782][ T3274] usb 6-1: new high-speed USB device number 88 using dummy_hcd [ 1794.618229][ T3274] usb 6-1: device descriptor read/8, error -71 [ 1794.660895][T23658] bridge0: port 2(bridge_slave_1) entered blocking state [ 1794.667973][T23658] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1794.675256][T23658] bridge0: port 1(bridge_slave_0) entered blocking state [ 1794.682274][T23658] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1794.707081][T24363] bridge0: port 1(bridge_slave_0) entered disabled state [ 1794.714367][T24363] bridge0: port 2(bridge_slave_1) entered disabled state [ 1794.724602][T24363] bridge0: port 1(bridge_slave_0) entered blocking state [ 1794.731674][T24363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1794.740952][T24363] bridge0: port 2(bridge_slave_1) entered blocking state [ 1794.742550][ T3274] usb 6-1: device descriptor read/8, error -71 [ 1794.748009][T24363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1794.783321][T23658] veth0_vlan: entered promiscuous mode [ 1794.795429][T23658] veth1_macvtap: entered promiscuous mode [ 1794.990060][ T3274] usb 6-1: new high-speed USB device number 89 using dummy_hcd [ 1795.023933][ T3274] usb 6-1: device descriptor read/8, error -71 [ 1795.084679][T23730] can0: slcan on ttyS3. [ 1795.151559][ T3274] usb 6-1: device descriptor read/8, error -71 [ 1795.187395][T23737] netlink: 'syz.3.41707': attribute type 4 has an invalid length. [ 1795.195299][T23737] netlink: 17 bytes leftover after parsing attributes in process `syz.3.41707'. [ 1795.204673][T23730] can0 (unregistered): slcan off ttyS3. [ 1795.210864][T23730] Falling back ldisc for ttyS3. [ 1795.256148][ T3274] usb usb6-port1: unable to enumerate USB device [ 1795.303670][T23755] tipc: Started in network mode [ 1795.308621][T23755] tipc: Node identity d69fc4f864c5, cluster identity 4711 [ 1795.315878][T23755] tipc: Enabled bearer , priority 0 [ 1795.323606][T23754] tipc: Disabling bearer [ 1795.389852][T23761] can0: slcan on ttyS3. [ 1795.481057][T23761] can0 (unregistered): slcan off ttyS3. [ 1795.493741][ T3274] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 1795.501680][T23761] Falling back ldisc for ttyS3. [ 1795.590444][T23801] tipc: Enabled bearer , priority 0 [ 1795.598386][T23800] tipc: Disabling bearer [ 1795.675745][ T3274] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1795.685947][ T3274] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1795.695242][ T3274] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1795.709965][ T3274] usb 4-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 1795.722101][ T3274] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1795.730518][ T3274] usb 4-1: Product: syz [ 1795.737060][ T3274] usb 4-1: Manufacturer: syz [ 1795.742714][ T3274] usb 4-1: SerialNumber: syz [ 1795.748256][ T3274] usb 4-1: config 0 descriptor?? [ 1795.753471][ T36] audit: type=1400 audit(1771720138.217:546): avc: denied { getopt } for pid=23811 comm="syz.2.41731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 1795.966594][ T3274] usb 4-1: USB disconnect, device number 110 [ 1796.450601][T23841] tipc: Started in network mode [ 1796.455641][T23841] tipc: Node identity b26df8b04b4d, cluster identity 4711 [ 1796.467218][T23841] tipc: Enabled bearer , priority 0 [ 1796.484583][T23840] tipc: Disabling bearer [ 1796.855488][T23874] fuse: Bad value for 'fd' [ 1797.534366][T23901] overlayfs: failed to resolve './file1': -2 [ 1798.520917][T23958] tipc: Started in network mode [ 1798.532071][T23958] tipc: Node identity 366c3f432097, cluster identity 4711 [ 1798.549493][T23958] tipc: Enabled bearer , priority 0 [ 1798.570780][T23957] tipc: Disabling bearer [ 1798.812018][T23983] Invalid ELF header type: 2 != 1 [ 1798.817142][ T36] audit: type=1400 audit(1771720141.440:547): avc: denied { module_load } for pid=23982 comm="syz.5.41813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 1798.850362][T23985] tipc: Enabled bearer , priority 0 [ 1798.866134][T23984] tipc: Disabling bearer [ 1799.026836][T24004] No source specified [ 1799.040096][T24007] fuse: Unknown parameter 'use00000000000000000000' [ 1799.133837][ T36] audit: type=1400 audit(1771720141.776:548): avc: denied { read } for pid=24015 comm="syz.5.41829" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 1800.046858][T24031] fuse: Unknown parameter 'use00000000000000000000' [ 1800.231776][T24055] fuse: Unknown parameter 'use00000000000000000000' [ 1800.342956][T24066] can0: slcan on ttyS3. [ 1800.390120][T24066] can0 (unregistered): slcan off ttyS3. [ 1800.516384][T24078] fuse: Unknown parameter 'user_i00000000000000000000' [ 1801.103424][T13640] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 1801.256897][T13640] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1801.268074][T13640] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1801.277504][T13640] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1801.286984][T13640] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1801.301148][T13640] usb 3-1: config 0 descriptor?? [ 1801.719388][T24131] fuse: Unknown parameter 'user_id00000000000000000000' [ 1802.152301][T24150] fuse: Unknown parameter 'user_id00000000000000000000' [ 1802.395853][T24180] tipc: Enabled bearer , priority 0 [ 1802.404688][T24179] tipc: Disabling bearer [ 1802.491777][T24193] netlink: 144 bytes leftover after parsing attributes in process `syz.0.41911'. [ 1803.016208][T24239] overlayfs: missing 'lowerdir' [ 1803.036998][T13640] usb 6-1: new high-speed USB device number 91 using dummy_hcd [ 1803.179844][T13640] usb 6-1: Using ep0 maxpacket: 32 [ 1803.186014][T13640] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 1803.194591][T13640] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1803.203934][T13640] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1803.212918][T13640] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1803.222594][T13640] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1803.232256][T13640] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1803.245256][T13640] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1803.254307][T13640] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1803.262836][T13640] usb 6-1: config 0 descriptor?? [ 1803.460397][T13640] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 91 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1803.472613][T13640] usb 6-1: USB disconnect, device number 91 [ 1803.479218][T13640] usblp0: removed [ 1803.740021][T18811] usb 3-1: USB disconnect, device number 12 [ 1803.884600][T13655] usb 6-1: new high-speed USB device number 92 using dummy_hcd [ 1804.047408][T13655] usb 6-1: Using ep0 maxpacket: 32 [ 1804.053669][T13655] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 1804.079894][T13655] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1804.098676][T13655] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1804.115019][T13655] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1804.126554][T24288] tipc: Started in network mode [ 1804.131438][T24288] tipc: Node identity 2218686e6279, cluster identity 4711 [ 1804.134553][T13655] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1804.151854][T24288] tipc: Enabled bearer , priority 0 [ 1804.163187][T24287] tipc: Disabling bearer [ 1804.168525][T13655] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1804.197873][T13655] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1804.217201][T13655] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1804.227116][T13655] usb 6-1: config 0 descriptor?? [ 1804.408552][T24302] incfs: Backing dir is not set, filesystem can't be mounted. [ 1804.416127][T24302] incfs: mount failed -2 [ 1804.428705][T13655] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 92 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1804.459525][T13655] usb 6-1: USB disconnect, device number 92 [ 1804.475896][T13655] usblp0: removed [ 1804.813466][T24331] netlink: 536 bytes leftover after parsing attributes in process `syz.3.41977'. [ 1804.822709][T24331] netlink: 124 bytes leftover after parsing attributes in process `syz.3.41977'. [ 1804.844050][T24333] fuse: Unknown parameter '0x0000000000000004' [ 1805.385319][T24383] tipc: Enabled bearer , priority 0 [ 1805.393065][T24382] tipc: Disabling bearer [ 1805.444369][T24385] 9pnet_fd: Insufficient options for proto=fd [ 1806.039473][T24410] loop5: detected capacity change from 0 to 7 [ 1806.672904][T24425] 9pnet_fd: Insufficient options for proto=fd [ 1806.799579][T24434] netlink: 4 bytes leftover after parsing attributes in process `syz.2.42024'. [ 1806.805436][ T36] audit: type=1400 audit(1771720149.829:549): avc: denied { read } for pid=24433 comm="syz.3.42025" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1806.832862][ T36] audit: type=1400 audit(1771720149.829:550): avc: denied { open } for pid=24433 comm="syz.3.42025" path="/dev/loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1806.858031][ T36] audit: type=1400 audit(1771720149.829:551): avc: denied { ioctl } for pid=24433 comm="syz.3.42025" path="/dev/loop-control" dev="devtmpfs" ino=48 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 1807.431387][T24451] loop5: detected capacity change from 0 to 7 [ 1807.553910][T24466] overlayfs: failed to resolve './file1': -2 [ 1808.138856][ T36] audit: type=1400 audit(1771720151.225:552): avc: denied { bind } for pid=24505 comm="syz.5.42056" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 1808.589807][T13640] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 1808.732636][T13640] usb 4-1: Using ep0 maxpacket: 16 [ 1808.738728][T13640] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1808.749812][T13640] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1808.756589][T13640] usb 4-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1808.765873][T13640] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1808.774446][T13640] usb 4-1: config 0 descriptor?? [ 1808.932671][ T3274] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 1808.974818][T13640] usbhid 4-1:0.0: can't add hid device: -71 [ 1808.980982][T13640] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1808.998506][T13640] usb 4-1: USB disconnect, device number 111 [ 1809.077500][ T3274] usb 3-1: Using ep0 maxpacket: 8 [ 1809.083971][ T3274] usb 3-1: config 0 has an invalid interface number: 193 but max is 1 [ 1809.092532][ T3274] usb 3-1: config 0 has an invalid interface number: 4 but max is 1 [ 1809.101149][ T3274] usb 3-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 1809.111508][ T3274] usb 3-1: config 0 has no interface number 0 [ 1809.117707][ T3274] usb 3-1: config 0 has no interface number 1 [ 1809.123901][ T3274] usb 3-1: config 0 interface 193 altsetting 147 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1809.133494][T24555] loop5: detected capacity change from 0 to 7 [ 1809.137163][ T3274] usb 3-1: config 0 interface 4 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 1809.156870][ T3274] usb 3-1: config 0 interface 193 has no altsetting 0 [ 1809.164092][ T3274] usb 3-1: config 0 interface 4 has no altsetting 0 [ 1809.172404][ T3274] usb 3-1: New USB device found, idVendor=1f38, idProduct=0001, bcdDevice=7d.6a [ 1809.181504][ T3274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1809.189534][ T3274] usb 3-1: Product: syz [ 1809.193922][ T3274] usb 3-1: Manufacturer: syz [ 1809.198531][ T3274] usb 3-1: SerialNumber: syz [ 1809.204005][ T3274] usb 3-1: config 0 descriptor?? [ 1809.404793][ T3274] usb 3-1: unknown interface protocol 0x4f, assuming v1 [ 1809.411997][ T3274] usb 3-1: 193:2 : does not exist [ 1809.418239][ T3274] usb 3-1: unknown interface protocol 0x2, assuming v1 [ 1809.425601][ T3274] usb 3-1: cannot find UAC_HEADER [ 1809.431935][ T3274] snd-usb-audio 3-1:0.4: probe with driver snd-usb-audio failed with error -22 [ 1809.450767][ T3274] usb 3-1: USB disconnect, device number 13 [ 1810.019244][T13655] hid-generic 0000:0000:0000.0020: unknown main item tag 0x0 [ 1810.027539][T13655] hid-generic 0000:0000:0000.0020: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1810.071359][T24584] fido_id[24584]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1810.131265][T24591] SELinux: security_context_str_to_sid () failed with errno=-22 [ 1810.237616][T13655] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0 [ 1810.250169][T13655] hid-generic 0000:0000:0000.0021: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1810.267798][T24605] fido_id[24605]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1811.225496][T24666] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1045 sclass=netlink_xfrm_socket pid=24666 comm=syz.3.42127 [ 1811.456359][T24691] tipc: Enabled bearer , priority 0 [ 1811.463724][T24690] tipc: Disabling bearer [ 1811.495519][ T36] audit: type=1400 audit(1771720154.763:553): avc: denied { create } for pid=24692 comm="syz.5.42137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 1811.516413][ T36] audit: type=1400 audit(1771720154.763:554): avc: denied { listen } for pid=24692 comm="syz.5.42137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 1811.779559][T24708] overlayfs: failed to resolve './file0': -2 [ 1811.810643][T24712] 9pnet_fd: Insufficient options for proto=fd [ 1811.846350][ T597] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0 [ 1811.855208][ T597] hid-generic 0000:0000:0000.0022: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1811.891596][T24717] fido_id[24717]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1811.944922][ T36] audit: type=1400 audit(1771720155.225:555): avc: denied { watch_reads } for pid=24728 comm="syz.0.42154" path="/216" dev="tmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 1811.951058][T24731] netlink: 12 bytes leftover after parsing attributes in process `syz.5.42155'. [ 1812.014446][ T597] hid-generic 0000:0000:0000.0023: unknown main item tag 0x0 [ 1812.029558][ T597] hid-generic 0000:0000:0000.0023: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1812.054173][T24744] fido_id[24744]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1812.115549][T24764] 9pnet: Unknown protocol version 9p20\++} [ 1812.175046][T24782] rust_binder: BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 1812.203450][T24786] netlink: 'syz.0.42180': attribute type 16 has an invalid length. [ 1812.217225][T24786] netlink: 64122 bytes leftover after parsing attributes in process `syz.0.42180'. [ 1812.458617][T24829] overlayfs: missing 'lowerdir' [ 1812.488889][T24835] sock: sock_timestamping_bind_phc: sock not bind to device [ 1812.582805][ T36] audit: type=1326 audit(1771720155.897:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24841 comm="syz.3.42206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d58b8f6c9 code=0x7ffc0000 [ 1812.625715][ T36] audit: type=1326 audit(1771720155.939:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24837 comm="syz.0.42204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66e578f6c9 code=0x7ffc0000 [ 1812.654451][ T36] audit: type=1326 audit(1771720155.939:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24837 comm="syz.0.42204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f66e578f6c9 code=0x7ffc0000 [ 1812.678420][ T36] audit: type=1326 audit(1771720155.939:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24837 comm="syz.0.42204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66e578f6c9 code=0x7ffc0000 [ 1812.702354][ T36] audit: type=1326 audit(1771720155.939:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24837 comm="syz.0.42204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66e578f6c9 code=0x7ffc0000 [ 1812.840171][T24861] tipc: Enabling of bearer rejected, failed to enable media [ 1812.861799][T24863] netlink: 'syz.2.42216': attribute type 4 has an invalid length. [ 1813.058111][T24883] SELinux: security_context_str_to_sid () failed with errno=-22 [ 1813.262630][ T332] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1813.399732][ T332] usb 3-1: device descriptor read/64, error -71 [ 1813.647415][ T332] usb 3-1: device descriptor read/64, error -71 [ 1813.876068][ T332] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 1814.009358][ T332] usb 3-1: device descriptor read/64, error -71 [ 1814.017605][T24917] SELinux: security_context_str_to_sid () failed with errno=-22 [ 1814.160815][T24938] 9pnet_fd: Insufficient options for proto=fd [ 1814.237921][ T332] usb 3-1: device descriptor read/64, error -71 [ 1814.342852][ T332] usb usb3-port1: attempt power cycle [ 1814.666574][ T332] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 1814.686652][ T332] usb 3-1: device descriptor read/8, error -71 [ 1814.812222][ T332] usb 3-1: device descriptor read/8, error -71 [ 1814.961254][ T36] audit: type=1400 audit(1771720158.386:561): avc: denied { listen } for pid=24962 comm="syz.5.42261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 1815.038461][ T332] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 1815.058083][ T332] usb 3-1: device descriptor read/8, error -71 [ 1815.191669][ T332] usb 3-1: device descriptor read/8, error -71 [ 1815.218978][ T597] usb 6-1: new high-speed USB device number 93 using dummy_hcd [ 1815.295305][ T332] usb usb3-port1: unable to enumerate USB device [ 1815.371699][ T597] usb 6-1: Using ep0 maxpacket: 8 [ 1815.378221][ T597] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1815.386889][ T597] usb 6-1: config 0 has an invalid interface number: 88 but max is 0 [ 1815.395048][ T597] usb 6-1: config 0 has no interface number 0 [ 1815.401216][ T597] usb 6-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 1815.412253][ T597] usb 6-1: config 0 interface 88 has no altsetting 0 [ 1815.419391][ T597] usb 6-1: language id specifier not provided by device, defaulting to English [ 1815.429517][ T597] usb 6-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 1815.438652][ T597] usb 6-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 1815.446763][ T597] usb 6-1: Product: syz [ 1815.451119][ T597] usb 6-1: Manufacturer: syz [ 1815.455918][ T597] usb 6-1: SerialNumber: syz [ 1815.461426][ T597] usb 6-1: config 0 descriptor?? [ 1815.664184][ T597] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.88/input/input287 [ 1815.678826][ T597] usb 6-1: USB disconnect, device number 93 [ 1815.699421][T22023] udevd[22023]: Error opening device "/dev/input/event3": No such file or directory [ 1815.709070][T22023] udevd[22023]: Unable to EVIOCGABS device "/dev/input/event3" [ 1815.717444][T22023] udevd[22023]: Unable to EVIOCGABS device "/dev/input/event3" [ 1815.979585][T25017] overlayfs: missing 'lowerdir' [ 1816.246287][T25035] overlayfs: missing 'lowerdir' [ 1816.286722][ T36] audit: type=1400 audit(1771720159.792:562): avc: denied { connect } for pid=25040 comm="syz.5.42300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1816.392622][ T332] hid-generic 0000:0000:0000.0024: unknown main item tag 0x0 [ 1816.410260][ T332] hid-generic 0000:0000:0000.0024: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1816.451816][T25053] fido_id[25053]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1816.895656][T13816] usb 6-1: new high-speed USB device number 94 using dummy_hcd [ 1817.048146][T13816] usb 6-1: Using ep0 maxpacket: 8 [ 1817.061790][T13816] usb 6-1: config 0 has an invalid interface number: 193 but max is 1 [ 1817.076582][T13816] usb 6-1: config 0 has an invalid interface number: 4 but max is 1 [ 1817.084628][T13816] usb 6-1: config 0 has an invalid descriptor of length 241, skipping remainder of the config [ 1817.111077][T13816] usb 6-1: config 0 has no interface number 0 [ 1817.124341][T13816] usb 6-1: config 0 has no interface number 1 [ 1817.130440][T13816] usb 6-1: config 0 interface 193 altsetting 147 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1817.162471][T13816] usb 6-1: config 0 interface 4 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 1817.191006][T13816] usb 6-1: config 0 interface 193 has no altsetting 0 [ 1817.197793][T13816] usb 6-1: config 0 interface 4 has no altsetting 0 [ 1817.211246][T13816] usb 6-1: New USB device found, idVendor=1f38, idProduct=0001, bcdDevice=7d.6a [ 1817.220341][T13816] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1817.228323][T13816] usb 6-1: Product: syz [ 1817.248152][T13816] usb 6-1: Manufacturer: syz [ 1817.252759][T13816] usb 6-1: SerialNumber: syz [ 1817.269886][T13816] usb 6-1: config 0 descriptor?? [ 1817.470530][T13816] usb 6-1: unknown interface protocol 0x4f, assuming v1 [ 1817.486235][T13816] usb 6-1: 193:2 : does not exist [ 1817.496356][T13816] usb 6-1: unknown interface protocol 0x5, assuming v1 [ 1817.503232][T13816] usb 6-1: cannot find UAC_HEADER [ 1817.525248][T13816] snd-usb-audio 6-1:0.4: probe with driver snd-usb-audio failed with error -22 [ 1817.540217][T13816] usb 6-1: USB disconnect, device number 94 [ 1818.007194][T13816] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0 [ 1818.024741][T13816] hid-generic 0000:0000:0000.0025: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1818.053186][T25151] fido_id[25151]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1818.316038][T25164] overlayfs: missing 'lowerdir' [ 1818.668076][T25187] overlayfs: missing 'lowerdir' [ 1818.712145][T25189] SELinux: security_context_str_to_sid () failed with errno=-22 [ 1819.394607][T25215] overlayfs: missing 'lowerdir' [ 1819.632408][T25233] overlayfs: missing 'lowerdir' [ 1819.724427][T13655] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1819.886070][T13655] usb 3-1: Using ep0 maxpacket: 16 [ 1819.906603][T13655] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1819.917791][T13655] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1819.924473][T13655] usb 3-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1819.935667][T13655] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1819.945809][T13655] usb 3-1: config 0 descriptor?? [ 1820.089475][T25275] overlayfs: failed to resolve './file0': -2 [ 1820.144148][T13655] usbhid 3-1:0.0: can't add hid device: -71 [ 1820.150209][T13655] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1820.161794][T13655] usb 3-1: USB disconnect, device number 18 [ 1820.218938][ T36] audit: type=1400 audit(1771720163.908:563): avc: denied { read } for pid=25291 comm="syz.5.42418" name="/" dev="configfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1820.251077][ T36] audit: type=1400 audit(1771720163.940:564): avc: denied { open } for pid=25291 comm="syz.5.42418" path="/" dev="configfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 1820.594195][T25318] netlink: 36 bytes leftover after parsing attributes in process `syz.3.42430'. [ 1820.603355][T25318] netlink: 12 bytes leftover after parsing attributes in process `syz.3.42430'. [ 1820.886356][T13640] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1821.058980][T13640] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1821.076973][T13640] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1821.098319][T13640] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1821.115622][T13640] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1821.134273][T13640] usb 3-1: SerialNumber: syz [ 1821.337085][T13640] usb 3-1: 0:2 : does not exist [ 1821.354458][T13640] usb 3-1: USB disconnect, device number 19 [ 1821.379124][T22023] udevd[22023]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 1822.124025][T25393] overlayfs: missing 'workdir' [ 1822.139364][T25395] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 1822.139385][T25395] rust_binder: Read failure Err(EFAULT) in pid:641 [ 1822.153353][T25397] netlink: 24 bytes leftover after parsing attributes in process `syz.2.42468'. [ 1822.177803][T25399] netlink: 'syz.3.42469': attribute type 4 has an invalid length. [ 1822.292820][T25422] netlink: 'syz.3.42482': attribute type 4 has an invalid length. [ 1822.345370][T25431] SELinux: security_context_str_to_sid () failed with errno=-22 [ 1822.459901][T25445] netlink: 'syz.5.42479': attribute type 10 has an invalid length. [ 1822.486703][T25445] netlink: 40 bytes leftover after parsing attributes in process `syz.5.42479'. [ 1822.505803][T25445] veth1: entered promiscuous mode [ 1822.515992][T25447] netlink: 'syz.0.42493': attribute type 4 has an invalid length. [ 1822.804015][T25470] netlink: 'syz.0.42504': attribute type 4 has an invalid length. [ 1822.971675][T25486] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1822.992134][T25486] overlayfs: missing 'lowerdir' [ 1823.494205][T13640] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0 [ 1823.502269][T13640] hid-generic 0000:0000:0000.0026: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1823.519822][T25539] fido_id[25539]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1823.895945][T13640] usb 6-1: new high-speed USB device number 95 using dummy_hcd [ 1824.039980][T13640] usb 6-1: New USB device found, idVendor=07c4, idProduct=a10b, bcdDevice=8e.07 [ 1824.052489][T13640] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1824.061680][T13640] usb 6-1: config 0 descriptor?? [ 1824.070193][T13640] ums-datafab 6-1:0.0: USB Mass Storage device detected [ 1824.262490][ T332] usb 6-1: USB disconnect, device number 95 [ 1825.077162][ T332] usb 6-1: new high-speed USB device number 96 using dummy_hcd [ 1825.229760][ T332] usb 6-1: Using ep0 maxpacket: 16 [ 1825.240131][ T332] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1825.252323][ T332] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1825.259177][ T332] usb 6-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1825.268506][ T332] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1825.277295][ T332] usb 6-1: config 0 descriptor?? [ 1825.311876][T25615] netlink: 8 bytes leftover after parsing attributes in process `syz.3.42570'. [ 1825.478287][ T332] usbhid 6-1:0.0: can't add hid device: -71 [ 1825.484253][ T332] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1825.496401][ T332] usb 6-1: USB disconnect, device number 96 [ 1826.134393][ T31] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1826.276000][ T36] audit: type=1400 audit(1771720170.271:565): avc: denied { lock } for pid=25707 comm="syz.3.42612" path="socket:[629065]" dev="sockfs" ino=629065 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 1826.300511][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1826.311786][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1826.321918][ T31] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1826.335351][ T31] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1826.344772][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1826.354067][ T31] usb 3-1: config 0 descriptor?? [ 1826.745441][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.752864][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.771551][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.780559][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.788425][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.795926][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.803405][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.811052][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.818432][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.825975][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.833468][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.842363][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.852123][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.860267][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.867648][ T31] plantronics 0003:047F:FFFF.0027: unknown main item tag 0x0 [ 1826.875471][ T31] plantronics 0003:047F:FFFF.0027: No inputs registered, leaving [ 1826.896329][ T31] plantronics 0003:047F:FFFF.0027: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1826.992278][T13655] usb 3-1: USB disconnect, device number 20 [ 1828.775750][T25869] tipc: Enabling of bearer rejected, failed to enable media [ 1830.468041][T13816] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1830.611199][T13816] usb 3-1: Using ep0 maxpacket: 16 [ 1830.627317][T13816] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1830.648307][T13816] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1830.658192][T13816] usb 3-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.00 [ 1830.678093][T13816] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1830.697274][T13816] usb 3-1: config 0 descriptor?? [ 1830.899061][T13816] usbhid 3-1:0.0: can't add hid device: -71 [ 1830.905036][T13816] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1830.928008][T13816] usb 3-1: USB disconnect, device number 21 [ 1831.053191][ T36] audit: type=1400 audit(1771720175.289:566): avc: denied { read } for pid=25983 comm="syz.3.42737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1831.119704][T25988] tipc: Enabling of bearer rejected, failed to enable media [ 1831.129644][ T36] audit: type=1400 audit(1771720175.363:567): avc: denied { setopt } for pid=25983 comm="syz.3.42737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1831.520486][T26033] No source specified [ 1831.603612][T26049] SELinux: security_context_str_to_sid () failed with errno=-22 [ 1831.693057][T26056] netlink: 36 bytes leftover after parsing attributes in process `syz.2.42767'. [ 1831.712166][T26056] netlink: 12 bytes leftover after parsing attributes in process `syz.2.42767'. [ 1831.726585][T26056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.42767'. [ 1831.839917][T26069] rust_binder: 629: no such ref 1 [ 1831.845004][T26069] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 1831.845022][T26069] rust_binder: Read failure Err(EFAULT) in pid:629 [ 1831.853604][T26058] bridge0: port 1(bridge_slave_0) entered blocking state [ 1831.867485][T26058] bridge0: port 1(bridge_slave_0) entered disabled state [ 1831.875779][T26058] bridge_slave_0: entered allmulticast mode [ 1831.882014][T26058] bridge_slave_0: entered promiscuous mode [ 1831.890171][T26058] bridge0: port 2(bridge_slave_1) entered blocking state [ 1831.897214][T26058] bridge0: port 2(bridge_slave_1) entered disabled state [ 1831.904402][T26058] bridge_slave_1: entered allmulticast mode [ 1831.910880][T26058] bridge_slave_1: entered promiscuous mode [ 1831.924889][ T5414] erspan0: left allmulticast mode [ 1831.930160][ T5414] erspan0: left promiscuous mode [ 1831.935448][ T5414] bridge0: port 3(erspan0) entered disabled state [ 1831.942568][ T5414] bridge_slave_1: left allmulticast mode [ 1831.948440][ T5414] bridge_slave_1: left promiscuous mode [ 1831.954233][ T5414] bridge0: port 2(bridge_slave_1) entered disabled state [ 1831.961838][ T5414] bridge_slave_0: left allmulticast mode [ 1831.967806][ T5414] bridge_slave_0: left promiscuous mode [ 1831.973544][ T5414] bridge0: port 1(bridge_slave_0) entered disabled state [ 1832.070747][ T5414] tipc: Left network mode [ 1832.080874][ T5414] veth1_macvtap: left promiscuous mode [ 1832.094206][ T5414] veth0_vlan: left promiscuous mode [ 1832.249071][T26306] bridge0: port 1(bridge_slave_0) entered blocking state [ 1832.256166][T26306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1832.265013][T26306] bridge0: port 2(bridge_slave_1) entered blocking state [ 1832.272072][T26306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1832.301361][T26058] veth0_vlan: entered promiscuous mode [ 1832.313886][T26058] veth1_macvtap: entered promiscuous mode [ 1832.390779][T26100] SELinux: security_context_str_to_sid () failed with errno=-22 [ 1832.794967][T26140] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 1832.866996][T13640] hid-generic 0000:0000:0000.0028: unknown main item tag 0x0 [ 1832.883223][T13640] hid-generic 0000:0000:0000.0028: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1832.921462][T26156] fido_id[26156]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1833.185143][T13655] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0 [ 1833.202566][T13655] hid-generic 0000:0000:0000.0029: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1833.227986][T26179] fido_id[26179]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1833.482190][T26189] netlink: 'syz.2.42821': attribute type 4 has an invalid length. [ 1833.705366][T26201] No source specified [ 1834.011245][T26222] SELinux: security_context_str_to_sid () failed with errno=-22 [ 1834.385365][T26249] batadv_slave_1: entered promiscuous mode [ 1834.399198][T26249] batadv_slave_1: left promiscuous mode [ 1835.232414][T26292] SELinux: security_context_str_to_sid () failed with errno=-22 [ 1835.271966][T26294] No source specified [ 1835.571936][T13655] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 1835.573241][T26318] No source specified [ 1835.584238][T13655] hid-generic 0000:0000:0000.002A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1835.621205][T26319] fido_id[26319]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1835.751189][T26344] No source specified [ 1836.310672][T26387] No source specified [ 1837.066023][T26424] SELinux: security_context_str_to_sid () failed with errno=-22 [ 1837.186125][T26440] No source specified [ 1837.226169][T26442] ------------[ cut here ]------------ [ 1837.231698][T26442] WARNING: CPU: 1 PID: 26442 at mm/page_alloc.c:5234 __alloc_pages_noprof+0xe8/0x7b0 [ 1837.241232][T26442] Modules linked in: [ 1837.245130][T26442] CPU: 1 UID: 0 PID: 26442 Comm: syz.3.42933 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 1837.256880][T26442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1837.267188][T26442] RIP: 0010:__alloc_pages_noprof+0xe8/0x7b0 [ 1837.273132][T26442] Code: 00 0f 1f 44 00 00 83 fb 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d 32 0f ee 05 00 0f 85 be 00 00 00 c6 05 25 0f ee 05 01 <0f> 0b 31 c0 e9 b0 00 00 00 83 fb 0a 0f 87 a5 00 00 00 44 8b 64 24 [ 1837.292965][T26442] RSP: 0018:ffffc900031b7980 EFLAGS: 00010246 [ 1837.297194][ T36] audit: type=1400 audit(1771720181.767:568): avc: denied { ioctl } for pid=26441 comm="syz.3.42933" path="/339/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x6726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1837.299064][T26442] RAX: 0000000000000000 RBX: 0000000000000034 RCX: 0000000000000000 [ 1837.333111][T26442] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900031b7a38 [ 1837.341195][T26442] RBP: ffffc900031b7aa8 R08: ffffc900031b7a37 R09: 0000000000000000 [ 1837.349286][T26442] R10: ffffc900031b7a20 R11: fffff52000636f47 R12: ffffc900031b79c0 [ 1837.357290][T26442] R13: dffffc0000000000 R14: 1ffff92000636f34 R15: 0000000000000000 [ 1837.365285][T26442] FS: 00007f5d59a686c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 1837.374240][T26442] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1837.380823][T26442] CR2: 000000110c3556b3 CR3: 0000000145c8a000 CR4: 00000000003526b0 [ 1837.388823][T26442] Call Trace: [ 1837.392097][T26442] [ 1837.395047][T26442] ? __futex_queue+0x19a/0x340 [ 1837.399817][T26442] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 1837.405572][T26442] ? futex_wait_setup+0x1bc/0x260 [ 1837.410606][T26442] ? pending_reads_dispatch_ioctl+0xc70/0x1fa0 [ 1837.416969][T26442] ___kmalloc_large_node+0x81/0x220 [ 1837.422308][T26442] ? pending_reads_dispatch_ioctl+0xc70/0x1fa0 [ 1837.428477][T26442] __kmalloc_large_node_noprof+0x1e/0xe0 [ 1837.434142][T26442] ? pending_reads_dispatch_ioctl+0xc70/0x1fa0 [ 1837.440325][T26442] __kmalloc_noprof+0x336/0x530 [ 1837.445178][T26442] ? __kasan_check_write+0x18/0x20 [ 1837.450337][T26442] pending_reads_dispatch_ioctl+0xc70/0x1fa0 [ 1837.456328][T26442] ? futex_setup_timer+0xb4/0xd0 [ 1837.461315][T26442] ? futex_wait+0x29a/0x7a0 [ 1837.465824][T26442] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 1837.472278][T26442] ? selinux_file_ioctl+0x6e0/0x1360 [ 1837.477574][T26442] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 1837.483159][T26442] ? do_futex+0x309/0x500 [ 1837.487490][T26442] ? __cfi_do_futex+0x10/0x10 [ 1837.492231][T26442] ? __fget_files+0x2c5/0x340 [ 1837.496910][T26442] ? bpf_lsm_file_ioctl+0xd/0x20 [ 1837.501882][T26442] ? security_file_ioctl+0x34/0xd0 [ 1837.507023][T26442] ? __cfi_pending_reads_dispatch_ioctl+0x10/0x10 [ 1837.513444][T26442] __se_sys_ioctl+0x135/0x1b0 [ 1837.518176][T26442] __x64_sys_ioctl+0x7f/0xa0 [ 1837.522771][T26442] x64_sys_call+0x1878/0x2ee0 [ 1837.527485][T26442] do_syscall_64+0x58/0xf0 [ 1837.531909][T26442] ? clear_bhb_loop+0x50/0xa0 [ 1837.536619][T26442] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 1837.542512][T26442] RIP: 0033:0x7f5d58b8f6c9 [ 1837.546951][T26442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1837.566955][T26442] RSP: 002b:00007f5d59a68038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1837.575533][T26442] RAX: ffffffffffffffda RBX: 00007f5d58de5fa0 RCX: 00007f5d58b8f6c9 [ 1837.583531][T26442] RDX: 00002000000000c0 RSI: 0000000040106726 RDI: 0000000000000004 [ 1837.591506][T26442] RBP: 00007f5d58c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1837.599508][T26442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1837.607498][T26442] R13: 00007f5d58de6038 R14: 00007f5d58de5fa0 R15: 00007ffd2c518448 [ 1837.615500][T26442] [ 1837.618514][T26442] ---[ end trace 0000000000000000 ]---