last executing test programs: 2.188161462s ago: executing program 3 (id=92): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x2, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000180)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000001c0)={0x4, 0x2, 0x5, 0xffffffffffffff7f, 0x2, 0x3, 0x4000001, 0x6, 0x7ffffff5}) 2.188105771s ago: executing program 3 (id=93): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) 2.183164121s ago: executing program 3 (id=94): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x4, 0x8, 0x50, "3eccd8000004000000000000000000040100"}) 2.173757942s ago: executing program 3 (id=95): r0 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d000009040101"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f00000009c0)={0x20, 0x80, 0x1c, {0x1, 0x28, 0xe4d, 0x80, 0x3fc, 0xfffd, 0x7, 0xfffffffe, 0xb7f9, 0x7543, 0x0, 0x6}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 1.692051757s ago: executing program 1 (id=102): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0x2) 1.58453s ago: executing program 1 (id=103): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x1, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009980708b5192100c7980000000109021b00012000ac00090400000107000009090585"], 0x0) 1.480475594s ago: executing program 2 (id=105): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x1, 0x0, @pic={0x3, 0x7, 0xe1, 0x81, 0x9, 0xf9, 0x40, 0x42, 0xfb, 0x0, 0xc, 0x0, 0x9, 0x4, 0xfc, 0x38}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6d, 0x0, 0x100000000005, 0x20, 0x3, 0x2, 0x80000000106c, 0x100, 0x9, 0x80000004400080, 0x1c00000, 0x6, 0x0, 0x4, 0x0, 0x8000], 0x1, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.480373054s ago: executing program 2 (id=106): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0x541b, &(0x7f0000000000)={0xffffffffffffffff}) close_range(r4, 0xffffffffffffffff, 0x0) 1.421890755s ago: executing program 2 (id=107): r0 = syz_open_procfs(0x0, &(0x7f0000000280)='ns\x00') syz_usb_connect(0x3, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009"], 0x0) getdents(r0, &(0x7f00000000c0)=""/39, 0xffc3) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000003000/0x3000)=nil, &(0x7f0000000000/0x4000)=nil, 0x3000, 0x3, 0x2}) ioctl$XFS_IOC_FSBULKSTAT_SINGLE(r0, 0xc0205866, &(0x7f0000000540)={&(0x7f0000000000)=0x800000000, 0x4, &(0x7f00000002c0)=[{}, {}, {}], &(0x7f0000000500)}) 1.408952946s ago: executing program 4 (id=108): mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8018) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f3, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000180)={'syztnl2\x00', 0x0, 0x20, 0x40, 0x0, 0x0, {{0x7, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @empty, {[@generic={0x82, 0x2}, @ra={0x94, 0x4, 0x7}]}}}}}) 1.400912896s ago: executing program 4 (id=109): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000480)={0x2c, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x36]}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004040}, 0x24000) 1.352449857s ago: executing program 4 (id=110): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = dup2(r0, r0) sendmsg$NFT_BATCH(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0, 0xb4}, 0x1, 0x0, 0x0, 0x20000851}, 0x4000081) 1.352334168s ago: executing program 4 (id=111): syz_usb_connect$cdc_ecm(0x0, 0x62, &(0x7f0000004100)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x50, 0x1, 0x1, 0x4, 0x50, 0x0, "", [{{0x9, 0x4, 0x0, 0x4c, 0x3, 0x2, 0x6, 0x0, 0x40, {{0x5}, {0x5, 0x24, 0x0, 0x7ff}, {0xd, 0x24, 0xf, 0x1, 0x59f, 0x101, 0x3ff, 0x5}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x1e7, 0xf, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0xfb, 0x8, 0x1}}}}}]}}]}}, 0x0) 1.320488139s ago: executing program 0 (id=112): r0 = timerfd_create(0x7, 0x0) ioctl$TFD_IOC_SET_TICKS(r0, 0x40085400, &(0x7f0000000140)=0x8000000000000000) 1.308478409s ago: executing program 0 (id=113): pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) splice(r1, 0x0, r0, 0x0, 0x800000000ff, 0x0) 1.287237279s ago: executing program 0 (id=114): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000080)=[{0xb1}, {0x6}]}, 0x10) 1.287129869s ago: executing program 0 (id=115): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000080)={0x24, @none={0x0, 0xfffc}}, 0x14) 1.236474561s ago: executing program 0 (id=116): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x18, &(0x7f0000000080)=0xa, 0x4) 1.236358321s ago: executing program 0 (id=117): r0 = syz_usb_connect(0x0, 0x48, &(0x7f0000000a40)=ANY=[@ANYBLOB="1201000022546940fa0ae803d0990102030109023600010000000009047500038cbb2a0009050a00100001000009058803"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000002740)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="40098e00000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000180)={0x40, 0x10, 0x2, "0623"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000003880), 0x4, 0x2) 871.451183ms ago: executing program 4 (id=118): syz_usb_connect$uac2(0x0, 0x7b, &(0x7f0000000080)=ANY=[@ANYBLOB="1201100300000010662410804000010203010902690003010d1003080b00010101209809040000000101200009240106000609006e09040100000102200009040101010102200009050109ff03028202082501810f099b0309"], &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0}) 385.737538ms ago: executing program 1 (id=119): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="3800000036000701fdffffff0180060005"], 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) 336.100899ms ago: executing program 1 (id=120): r0 = open(&(0x7f0000000280)='.\x00', 0x141080, 0x0) fcntl$notify(r0, 0x402, 0x8000003b) mkdir(&(0x7f0000000140)='./control\x00', 0x5) setxattr$system_posix_acl(&(0x7f0000000240)='./control\x00', &(0x7f0000000280)='system.posix_acl_access\x00', 0x0, 0x0, 0x3) 335.997809ms ago: executing program 1 (id=121): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000009c0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001d00)={&(0x7f0000000a00)={0x74, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@WGDEVICE_A_PEERS={0x4c, 0x8, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x74}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 335.919079ms ago: executing program 1 (id=122): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000340)=ANY=[@ANYBLOB="060001"], 0x0, 0x0, 0x0, 0x0}) 335.817129ms ago: executing program 4 (id=123): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000003900), 0x34aa945a513d639, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) timer_settime(0x0, 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 178.690774ms ago: executing program 2 (id=124): sendmsg$tipc(0xffffffffffffffff, 0x0, 0x80) ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000003c0)={0x55, 0x8000, 0xfffd, {0x0, 0x1}, {0xf, 0x2}, @cond=[{0x1ff, 0x5388, 0x6f5, 0x800, 0xc7, 0x2}, {0xffff, 0x5, 0x1, 0x47, 0x6, 0xfd}]}) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETSW2(r1, 0x402c542c, 0x0) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 105.870697ms ago: executing program 3 (id=125): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000480)={0x1c, r2, 0xb97534d5fe9704cf, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40488c4}, 0x24000000) 91.656187ms ago: executing program 2 (id=126): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x32) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, 0x0) 309.47µs ago: executing program 3 (id=127): r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x801, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) syz_usb_connect$cdc_ecm(0x2, 0x77, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x65, 0x1, 0x1, 0x1, 0x10, 0x7, "", [{{0x9, 0x4, 0x0, 0xa, 0x3, 0x2, 0x6, 0x0, 0x5, {{0x5}, {0x5, 0x24, 0x0, 0x6957}, {0xd, 0x24, 0xf, 0x1, 0x20000000, 0xb13, 0x80, 0x1}, [@mdlm={0x15, 0x24, 0x12, 0x7}, @mdlm={0x15, 0x24, 0x12, 0x38}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x400, 0x3, 0xf, 0xf4}}, {{0x9, 0x5, 0x3, 0x2, 0x7f7, 0x6, 0x3, 0x9}}}}}]}}]}}, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 2 (id=128): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$IEEE802154_LLSEC_LIST_DEV(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040081}, 0x4000005) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000280), 0x9) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x6, 0x248, 0x9b9a}, 0x3a, [0xfffffff5, 0x0, 0x5, 0x10009, 0x8, 0x155f, 0x6, 0x2, 0x25cd, 0x401, 0x40000b4, 0xa, 0x2, 0x4, 0x81, 0xe4, 0x6, 0xfc000000, 0x9, 0xbbf, 0x200, 0x1, 0x48, 0x100d, 0x3, 0x12a0, 0x8000, 0x1, 0x7, 0x6, 0x7, 0x81, 0x40008a, 0x79, 0x2, 0x10001, 0x4, 0x91, 0x4, 0xe768, 0x16, 0x2, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x84, 0x9, 0xf9a2, 0x80000001, 0xff, 0x2, 0x2, 0x2, 0x2, 0x7, 0x8, 0x7, 0x5, 0x4007f, 0xffffffff, 0x6], [0x3, 0x16e, 0x6, 0xf6ca, 0x4, 0xda, 0xb8a9, 0x20000070, 0x8e, 0xd50, 0x7, 0x5, 0xfffffffe, 0x80d, 0x5, 0xa7, 0x1000, 0x101, 0x200b395, 0x400000, 0x80000000, 0x4, 0x19, 0x7, 0x400001, 0x3, 0x3, 0xb, 0xffffff7f, 0x401, 0x6, 0x200, 0x96, 0x0, 0xfffffff6, 0x401, 0x6, 0xf1, 0x6, 0x55c, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x1, 0x0, 0x1ce, 0x1, 0x80000004, 0x80000001, 0x2, 0x2, 0x9, 0x95, 0x80000000, 0x4, 0xfffffff9, 0x40000003, 0x1000, 0xfffff804, 0x5], [0x2, 0xfffffffe, 0xfffc, 0x6, 0x2, 0x2e6bf783, 0xfffff100, 0x5, 0x400005, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x5, 0xee4b, 0x2008004, 0x1, 0x691, 0x5, 0x89, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xffe, 0x10000a, 0x8000, 0x401, 0x3e55, 0x9, 0xd3, 0x8, 0x3437, 0x2, 0xd, 0x7, 0x601, 0x101, 0x200dd80, 0x60a0, 0x3, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x4, 0x8000, 0x0, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xa, 0x10000, 0x3, 0x8, 0x1], [0xa772, 0x2, 0x7, 0x1afa, 0xbfc, 0x8, 0x3, 0x7f, 0x55, 0x40, 0xc, 0x1005, 0x1, 0x8000007, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xfffffeff, 0xffbffff7, 0x8, 0x7, 0x3, 0x939, 0x6, 0x80008001, 0x7777, 0x7fffffff, 0x2, 0x100, 0xffffffff, 0x7ffffffe, 0x4009, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0x6, 0x10000, 0x0, 0x8004, 0x6fff, 0x2, 0x3, 0xf, 0xe, 0x10, 0x26c, 0x6, 0xfffffff9, 0x4, 0xfffffff8, 0x9, 0xf, 0x463f, 0x4, 0xdad, 0x8003, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$NILFS_IOCTL_GET_SUINFO(0xffffffffffffffff, 0x80186e84, &(0x7f0000000500)={&(0x7f0000000300), 0x0, 0x10, 0x7}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x8, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x204344}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x9}], 0x1, 0x1d, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) kernel console output (not intermixed with test programs): cess permissive=1 [ 14.033744][ T28] audit: type=1400 audit(1781381094.609:63): avc: denied { siginh } for pid=226 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts. [ 20.725816][ T28] audit: type=1400 audit(1781381101.309:64): avc: denied { mounton } for pid=280 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.726883][ T280] cgroup: Unknown subsys name 'net' [ 20.748477][ T28] audit: type=1400 audit(1781381101.309:65): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.775877][ T28] audit: type=1400 audit(1781381101.339:66): avc: denied { unmount } for pid=280 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.776000][ T280] cgroup: Unknown subsys name 'devices' [ 20.920026][ T280] cgroup: Unknown subsys name 'hugetlb' [ 20.925642][ T280] cgroup: Unknown subsys name 'rlimit' [ 21.027212][ T28] audit: type=1400 audit(1781381101.609:67): avc: denied { setattr } for pid=280 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.050366][ T28] audit: type=1400 audit(1781381101.609:68): avc: denied { mounton } for pid=280 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.060329][ T282] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.075248][ T28] audit: type=1400 audit(1781381101.609:69): avc: denied { mount } for pid=280 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.106696][ T28] audit: type=1400 audit(1781381101.669:70): avc: denied { relabelto } for pid=282 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.112028][ T280] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.132156][ T28] audit: type=1400 audit(1781381101.669:71): avc: denied { write } for pid=282 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.166265][ T28] audit: type=1400 audit(1781381101.699:72): avc: denied { read } for pid=280 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.191758][ T28] audit: type=1400 audit(1781381101.699:73): avc: denied { open } for pid=280 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.047599][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.054756][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.062142][ T288] device bridge_slave_0 entered promiscuous mode [ 22.069982][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.077007][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.084512][ T288] device bridge_slave_1 entered promiscuous mode [ 22.167213][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.174304][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.181760][ T292] device bridge_slave_0 entered promiscuous mode [ 22.188676][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.195694][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.203136][ T292] device bridge_slave_1 entered promiscuous mode [ 22.209617][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.216632][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.223976][ T290] device bridge_slave_0 entered promiscuous mode [ 22.234041][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.241107][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.248530][ T290] device bridge_slave_1 entered promiscuous mode [ 22.298870][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.305906][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.313328][ T291] device bridge_slave_0 entered promiscuous mode [ 22.336195][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.343324][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.350692][ T291] device bridge_slave_1 entered promiscuous mode [ 22.380804][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.387845][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.395246][ T289] device bridge_slave_0 entered promiscuous mode [ 22.402133][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.409288][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.416673][ T289] device bridge_slave_1 entered promiscuous mode [ 22.480061][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.487100][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.494390][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.501417][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.579758][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.586795][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.594140][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.601167][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.623207][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.630259][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.637508][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.644545][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.655866][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.662917][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.670198][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.677218][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.691465][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.698515][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.705747][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.712781][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.724023][ T222] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.731250][ T222] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.738560][ T222] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.745649][ T222] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.753065][ T222] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.760349][ T222] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.767701][ T222] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.774951][ T222] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.782093][ T222] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.789322][ T222] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.796857][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.804369][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.828635][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.836737][ T222] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.843847][ T222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.851241][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.859824][ T222] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.866826][ T222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.888348][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.896030][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.903789][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.911976][ T222] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.918996][ T222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.926280][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.934643][ T222] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.941685][ T222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.953512][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.973277][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.980896][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.989658][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.997779][ T222] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.004806][ T222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.012280][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.020623][ T222] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.027631][ T222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.035068][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.043200][ T222] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.050227][ T222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.058115][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.066325][ T222] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.073337][ T222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.095468][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.103632][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.111813][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.120052][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.127932][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.136265][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.144403][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.152826][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.161091][ T222] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.168094][ T222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.175584][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.184138][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.192477][ T222] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.199511][ T222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.225448][ T288] device veth0_vlan entered promiscuous mode [ 23.232852][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.240970][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.249097][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.257066][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.265197][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.273345][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.281451][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.289546][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.297374][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.305432][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.313464][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.321708][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.329779][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.337977][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.346385][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.354331][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.362393][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.369855][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.382643][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.391018][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.404379][ T290] device veth0_vlan entered promiscuous mode [ 23.412624][ T289] device veth0_vlan entered promiscuous mode [ 23.419744][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.428038][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.436503][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.444432][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.452513][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.460458][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.468500][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.475891][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.483349][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.490749][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.501967][ T288] device veth1_macvtap entered promiscuous mode [ 23.514737][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.522955][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.531201][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.539065][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.547289][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.555774][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.563736][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.571867][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.579441][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.590262][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.598440][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.606561][ T292] device veth0_vlan entered promiscuous mode [ 23.619564][ T290] device veth1_macvtap entered promiscuous mode [ 23.634326][ T292] device veth1_macvtap entered promiscuous mode [ 23.645733][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.654228][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.662584][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.671020][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.679327][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.687521][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.695862][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.704384][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.712799][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.721223][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.729509][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.737720][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.745995][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.757915][ T289] device veth1_macvtap entered promiscuous mode [ 23.770301][ T291] device veth0_vlan entered promiscuous mode [ 23.770802][ T288] request_module fs-gadgetfs succeeded, but still no fs? [ 23.783358][ T291] device veth1_macvtap entered promiscuous mode [ 23.790232][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.799492][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.807387][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.815513][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.823858][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.832264][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.840554][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.848851][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.856948][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.865394][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.873007][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.898992][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.907572][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.916102][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.924717][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.933151][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.941564][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.048618][ T332] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.126755][ T344] tipc: Started in network mode [ 24.133727][ T344] tipc: Node identity 4, cluster identity 4711 [ 24.140055][ T344] tipc: Node number set to 4 [ 24.348234][ T313] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 24.388423][ T60] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 24.398211][ T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 24.529383][ T313] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 24.540325][ T313] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 24.553364][ T313] usb 1-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00 [ 24.562437][ T313] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.571527][ T313] usb 1-1: config 0 descriptor?? [ 24.582526][ T60] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 24.592223][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 24.599625][ T24] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 24.610473][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 18, changing to 8 [ 24.621713][ T60] usb 4-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 24.628207][ T314] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 24.630931][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 24.651181][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.659269][ T60] usb 4-1: Product: syz [ 24.663422][ T60] usb 4-1: Manufacturer: syz [ 24.667996][ T60] usb 4-1: SerialNumber: syz [ 24.672643][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 24.681963][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.693057][ T24] usb 2-1: config 0 descriptor?? [ 24.819093][ T314] usb 3-1: Using ep0 maxpacket: 8 [ 24.836768][ T314] usb 3-1: config 0 has no interfaces? [ 24.844296][ T314] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 24.845575][ T357] fuse: Bad value for 'fd' [ 24.853652][ T314] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.866213][ T314] usb 3-1: Product: syz [ 24.870503][ T314] usb 3-1: Manufacturer: syz [ 24.875093][ T314] usb 3-1: SerialNumber: syz [ 24.882772][ T314] usb 3-1: config 0 descriptor?? [ 24.980745][ T313] kye 0003:0458:4018.0001: unknown main item tag 0x2 [ 24.987494][ T313] kye 0003:0458:4018.0001: ignoring exceeding usage max [ 24.995733][ T313] kye 0003:0458:4018.0001: hidraw0: USB HID v4.00 Device [HID 0458:4018] on usb-dummy_hcd.0-1/input0 [ 25.093295][ T60] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x04B8 pid 0x0202 [ 25.100493][ T314] usb 3-1: USB disconnect, device number 2 [ 25.110892][ T24] logitech 0003:046D:C293.0002: unexpected long global item [ 25.118556][ T24] logitech 0003:046D:C293.0002: parse failed [ 25.124543][ T24] logitech: probe of 0003:046D:C293.0002 failed with error -22 [ 25.187984][ T24] usb 1-1: USB disconnect, device number 2 [ 25.321372][ T296] usb 2-1: USB disconnect, device number 2 [ 25.949390][ T28] kauditd_printk_skb: 60 callbacks suppressed [ 25.949418][ T28] audit: type=1400 audit(1781381106.539:134): avc: denied { ioctl } for pid=388 comm="syz.1.29" path="/dev/input/event1" dev="devtmpfs" ino=261 ioctlcmd=0x4504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 26.298251][ T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 26.479539][ T24] usb 2-1: unable to get BOS descriptor or descriptor too short [ 26.489015][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 26.504742][ T24] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 26.533103][ T24] usb 2-1: string descriptor 0 read error: -22 [ 26.543707][ T24] usb 2-1: New USB device found, idVendor=0441, idProduct=4248, bcdDevice= 0.40 [ 26.558795][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.580211][ T24] usb 2-1: MIDIStreaming interface descriptor not found [ 26.732607][ T385] syz.0.26 (385) used greatest stack depth: 21096 bytes left [ 26.756567][ T28] audit: type=1400 audit(1781381107.339:135): avc: denied { create } for pid=401 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 26.776029][ T28] audit: type=1400 audit(1781381107.339:136): avc: denied { setopt } for pid=401 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 26.786764][ T24] usb 2-1: USB disconnect, device number 3 [ 26.924368][ T404] syz.0.36 (404) used greatest stack depth: 20416 bytes left [ 26.948182][ T296] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 27.129493][ T296] usb 3-1: Using ep0 maxpacket: 16 [ 27.137232][ T314] usb 4-1: USB disconnect, device number 2 [ 27.150161][ T296] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.164380][ T314] usblp0: removed [ 27.173171][ T296] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.183046][ T296] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 27.196127][ T296] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 27.205209][ T296] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.217037][ T296] usb 3-1: config 0 descriptor?? [ 27.228312][ T313] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 27.321445][ T28] audit: type=1400 audit(1781381107.909:137): avc: denied { mounton } for pid=416 comm="syz.1.41" path="/8/file0" dev="tmpfs" ino=59 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 27.386650][ T28] audit: type=1400 audit(1781381107.969:138): avc: denied { read } for pid=419 comm="syz.1.42" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 27.390607][ T420] binder: 419:420 ioctl c0306201 200000000680 returned -14 [ 27.427702][ T28] audit: type=1400 audit(1781381107.969:139): avc: denied { open } for pid=419 comm="syz.1.42" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 27.456064][ T28] audit: type=1400 audit(1781381107.969:140): avc: denied { ioctl } for pid=419 comm="syz.1.42" path="/dev/binderfs/binder0" dev="binder" ino=13 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 27.482952][ T28] audit: type=1400 audit(1781381107.979:141): avc: denied { set_context_mgr } for pid=419 comm="syz.1.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 27.508242][ T313] usb 1-1: config 0 interface 0 has no altsetting 0 [ 27.514983][ T313] usb 1-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 27.524265][ T28] audit: type=1400 audit(1781381107.979:142): avc: denied { map } for pid=419 comm="syz.1.42" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 27.553015][ T313] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.568934][ T313] usb 1-1: config 0 descriptor?? [ 27.575790][ T28] audit: type=1400 audit(1781381107.979:143): avc: denied { call } for pid=419 comm="syz.1.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 27.637560][ T296] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0003/input/input4 [ 27.719909][ T296] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 27.866851][ T60] usb 3-1: USB disconnect, device number 3 [ 27.979190][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 27.986013][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 27.993253][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.010064][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.016874][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.024791][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.032111][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.039544][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.046479][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.053751][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.060666][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.070060][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.076858][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.088417][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.095198][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.117223][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.124369][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.130896][ T452] tipc: Enabling of bearer rejected, media not registered [ 28.133630][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.146515][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.153728][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.153787][ T456] process 'syz.1.58' launched './file0' with NULL argv: empty string added [ 28.160671][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.176060][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.189217][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.196494][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.204642][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.206323][ T461] /dev/nullb0: Can't open blockdev [ 28.216088][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.228264][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.235168][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.242313][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.263419][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.276505][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.283433][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.290442][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.298527][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.305327][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.314771][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.321902][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.329039][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.335900][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.342974][ T313] sony 0003:054C:0268.0004: unknown main item tag 0x0 [ 28.352567][ T313] sony 0003:054C:0268.0004: hiddev96,hidraw0: USB HID v80.81 Device [HID 054c:0268] on usb-dummy_hcd.0-1/input0 [ 28.371472][ T313] sony 0003:054C:0268.0004: failed to claim input [ 28.388541][ T313] usb 1-1: USB disconnect, device number 3 [ 28.432918][ T483] fido_id[483]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 28.448792][ T491] capability: warning: `syz.1.72' uses deprecated v2 capabilities in a way that may be insecure [ 28.838192][ T314] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 29.019174][ T314] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 29.029420][ T314] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 29.038951][ T314] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 29.047996][ T314] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 29.055992][ T314] usb 3-1: SerialNumber: syz [ 29.098259][ T296] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 29.161137][ T535] tmpfs: Unknown parameter 'usrquota' [ 29.265307][ T314] usb 3-1: 0:2 : does not exist [ 29.273961][ T314] usb 3-1: USB disconnect, device number 4 [ 29.280901][ T296] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 29.294421][ T296] usb 1-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice= 0.40 [ 29.304365][ T296] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 29.312572][ T296] usb 1-1: Product: syz [ 29.316733][ T296] usb 1-1: Manufacturer: syz [ 29.321435][ T296] usb 1-1: SerialNumber: syz [ 29.468313][ T6] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 29.509166][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 29.531377][ T296] usb 1-1: cannot setup if 1: error -71 [ 29.537023][ T296] snd-usb-audio: probe of 1-1:1.1 failed with error -71 [ 29.544628][ T296] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 29.556572][ T296] usb 1-1: USB disconnect, device number 4 [ 29.659270][ T6] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 29.673824][ T6] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.689919][ T6] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 29.699270][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 29.707232][ T6] usb 4-1: Product: syz [ 29.711541][ T6] usb 4-1: Manufacturer: syz [ 29.716121][ T6] usb 4-1: SerialNumber: syz [ 29.722583][ T6] cdc_mbim 4-1:1.0: skipping garbage [ 29.758518][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 29.827170][ T562] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.104' sets config #1 [ 30.048174][ T313] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 30.078477][ T586] Unsupported ieee802154 address type: 0 [ 30.218238][ T60] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 30.239236][ T313] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 30.249102][ T313] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 30.258119][ T313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.368193][ T309] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 30.398193][ T60] usb 3-1: Using ep0 maxpacket: 16 [ 30.404339][ T60] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 30.414480][ T60] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 30.425367][ T60] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 30.438858][ T60] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 30.447909][ T60] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 30.456027][ T60] usb 3-1: Manufacturer: syz [ 30.461644][ T60] usb 3-1: config 0 descriptor?? [ 30.468183][ T313] usb 2-1: string descriptor 0 read error: -71 [ 30.474559][ T313] hub 2-1:32.0: bad descriptor, ignoring hub [ 30.480675][ T313] hub: probe of 2-1:32.0 failed with error -5 [ 30.518557][ T313] usb 2-1: USB disconnect, device number 4 [ 30.549216][ T309] usb 1-1: config 0 has an invalid interface number: 117 but max is 0 [ 30.557408][ T309] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 30.567989][ T309] usb 1-1: config 0 has no interface number 0 [ 30.574192][ T309] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 30.585258][ T309] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 30.595351][ T309] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 30.609758][ T309] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 30.618875][ T309] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.626840][ T309] usb 1-1: Product: syz [ 30.631000][ T309] usb 1-1: Manufacturer: syz [ 30.635587][ T309] usb 1-1: SerialNumber: syz [ 30.641013][ T309] usb 1-1: config 0 descriptor?? [ 30.669314][ T314] usb 3-1: USB disconnect, device number 5 [ 30.725229][ T6] cdc_mbim 4-1:1.0: bind() failure [ 30.731602][ T6] usb 4-1: USB disconnect, device number 3 [ 31.211637][ T28] kauditd_printk_skb: 40 callbacks suppressed [ 31.211673][ T28] audit: type=1400 audit(1781381111.799:184): avc: denied { write } for pid=607 comm="syz.2.124" name="event2" dev="devtmpfs" ino=277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 31.278245][ T6] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 31.295580][ T28] audit: type=1400 audit(1781381111.879:185): avc: denied { create } for pid=609 comm="syz.2.126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 31.319459][ T28] audit: type=1400 audit(1781381111.909:186): avc: denied { connect } for pid=609 comm="syz.2.126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 31.339615][ T28] audit: type=1400 audit(1781381111.909:187): avc: denied { ioctl } for pid=609 comm="syz.2.126" path="socket:[17680]" dev="sockfs" ino=17680 ioctlcmd=0x7436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 31.368214][ C1] ================================================================== [ 31.376291][ C1] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x6c/0xb0 [ 31.383675][ C1] Read of size 8 at addr ffff88811b505190 by task udevd/103 [ 31.390944][ C1] [ 31.393252][ C1] CPU: 1 PID: 103 Comm: udevd Not tainted syzkaller #0 [ 31.400171][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 31.410220][ C1] Call Trace: [ 31.413483][ C1] [ 31.416309][ C1] __dump_stack+0x21/0x24 [ 31.420636][ C1] dump_stack_lvl+0x110/0x170 [ 31.425297][ C1] ? __cfi_dump_stack_lvl+0x8/0x8 [ 31.430304][ C1] ? debug_smp_processor_id+0x17/0x20 [ 31.435664][ C1] ? rcu_cblist_dequeue+0x6c/0xb0 [ 31.440675][ C1] print_address_description+0x71/0x200 [ 31.446204][ C1] print_report+0x4a/0x60 [ 31.450512][ C1] kasan_report+0x122/0x150 [ 31.454998][ C1] ? rcu_cblist_dequeue+0x6c/0xb0 [ 31.460008][ C1] __asan_report_load8_noabort+0x14/0x20 [ 31.465622][ C1] rcu_cblist_dequeue+0x6c/0xb0 [ 31.470456][ C1] rcu_do_batch+0x40d/0xc30 [ 31.474938][ C1] ? __this_cpu_preempt_check+0x13/0x20 [ 31.480463][ C1] ? __raise_softirq_irqoff+0x17/0xd0 [ 31.485816][ C1] ? __cfi_raise_softirq+0x10/0x10 [ 31.490914][ C1] ? rcu_core+0xf00/0xf00 [ 31.495222][ C1] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 31.501014][ C1] ? rcu_report_qs_rnp+0x2b9/0x390 [ 31.506110][ C1] rcu_core+0x486/0xf00 [ 31.510252][ C1] ? rcu_cpu_kthread_park+0x90/0x90 [ 31.515429][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 31.520614][ C1] ? run_rebalance_domains+0xf7/0x1c0 [ 31.525967][ C1] rcu_core_si+0x9/0x10 [ 31.530106][ C1] handle_softirqs+0x1d7/0x600 [ 31.534856][ C1] __irq_exit_rcu+0x52/0xf0 [ 31.539339][ C1] irq_exit_rcu+0x9/0x10 [ 31.543564][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 31.549184][ C1] [ 31.552098][ C1] [ 31.555012][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 31.560978][ C1] RIP: 0010:update_stack_state+0x1f7/0x490 [ 31.566768][ C1] Code: 95 c0 48 8b 55 c0 4c 39 f2 0f 93 c1 20 c1 4c 39 fa 0f 92 c0 20 c8 3c 01 75 14 48 8b 4d 80 4c 39 f1 0f 97 c0 4c 39 f9 0f 96 c1 <84> c8 75 6d 49 bd 00 00 00 00 00 fc ff df 48 8b 85 70 ff ff ff 42 [ 31.586351][ C1] RSP: 0018:ffffc900009a71a8 EFLAGS: 00000287 [ 31.592439][ C1] RAX: 0000000000000001 RBX: ffffc900009a7330 RCX: ffffc900009a7301 [ 31.600392][ C1] RDX: ffffc900009a73b0 RSI: 1ffff92000134e66 RDI: ffffc900009a7380 [ 31.608368][ C1] RBP: ffffc900009a7258 R08: ffffc900009a7301 R09: ffffc900009a7328 [ 31.616319][ C1] R10: dffffc0000000000 R11: fffff52000134e71 R12: ffffc900009a7328 [ 31.624269][ C1] R13: 0000000000000001 R14: ffffc900009a0000 R15: ffffc900009a8000 [ 31.632229][ C1] unwind_next_frame+0x39e/0x660 [ 31.637153][ C1] __unwind_start+0x31b/0x3a0 [ 31.641811][ C1] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 31.647952][ C1] arch_stack_walk+0xe4/0x150 [ 31.652614][ C1] ? arch_stack_walk+0xe4/0x150 [ 31.657455][ C1] stack_trace_save+0xa6/0xf0 [ 31.662132][ C1] ? __cfi_stack_trace_save+0x10/0x10 [ 31.667506][ C1] ? memset+0x35/0x40 [ 31.671475][ C1] kasan_set_track+0x4b/0x70 [ 31.676056][ C1] ? __kmem_cache_free+0xb7/0x1b0 [ 31.681070][ C1] kasan_save_free_info+0x2b/0x40 [ 31.686088][ C1] ____kasan_slab_free+0x132/0x180 [ 31.691194][ C1] __kasan_slab_free+0x11/0x20 [ 31.695948][ C1] slab_free_freelist_hook+0xc2/0x190 [ 31.701307][ C1] ? security_inode_init_security+0x2b5/0x3c0 [ 31.707371][ C1] __kmem_cache_free+0xb7/0x1b0 [ 31.712216][ C1] kfree+0x6f/0xf0 [ 31.715933][ C1] security_inode_init_security+0x2b5/0x3c0 [ 31.721814][ C1] ? __cfi_shmem_initxattrs+0x10/0x10 [ 31.727186][ C1] ? __cfi_security_inode_init_security+0x10/0x10 [ 31.733588][ C1] ? __kasan_check_write+0x14/0x20 [ 31.738694][ C1] ? set_cached_acl+0xdd/0x180 [ 31.743450][ C1] ? simple_acl_create+0x191/0x1c0 [ 31.748559][ C1] shmem_mknod+0xb8/0x1d0 [ 31.752883][ C1] ? shmem_create+0x16/0x40 [ 31.757374][ C1] shmem_create+0x2c/0x40 [ 31.761692][ C1] ? __cfi_shmem_create+0x10/0x10 [ 31.766703][ C1] path_openat+0x15b6/0x2f30 [ 31.771278][ C1] ? do_filp_open+0x420/0x420 [ 31.775938][ C1] do_filp_open+0x1ee/0x420 [ 31.780421][ C1] ? __cfi_do_filp_open+0x10/0x10 [ 31.785441][ C1] ? alloc_fd+0x4c1/0x570 [ 31.789770][ C1] do_sys_openat2+0x15e/0x820 [ 31.794439][ C1] ? do_sys_open+0xe0/0xe0 [ 31.798843][ C1] ? __this_cpu_preempt_check+0x13/0x20 [ 31.804374][ C1] ? xfd_validate_state+0x70/0x150 [ 31.809476][ C1] __x64_sys_openat+0x136/0x160 [ 31.814317][ C1] x64_sys_call+0x783/0x9a0 [ 31.818803][ C1] do_syscall_64+0x4c/0xa0 [ 31.823204][ C1] ? clear_bhb_loop+0x30/0x80 [ 31.827862][ C1] ? clear_bhb_loop+0x30/0x80 [ 31.832527][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 31.838411][ C1] RIP: 0033:0x7f4e6eaa7407 [ 31.842816][ C1] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 31.862398][ C1] RSP: 002b:00007fffc701b950 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 31.870790][ C1] RAX: ffffffffffffffda RBX: 00007f4e6f228880 RCX: 00007f4e6eaa7407 [ 31.878740][ C1] RDX: 0000000000080141 RSI: 000055ff5799102e RDI: ffffffffffffff9c [ 31.886691][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 31.894637][ C1] R10: 00000000000001a4 R11: 0000000000000202 R12: 00000000ffffffff [ 31.902588][ C1] R13: 00000000ffffffff R14: ffffffffffffffff R15: 0000000000000000 [ 31.910543][ C1] [ 31.913548][ C1] [ 31.915855][ C1] Allocated by task 611: [ 31.920079][ C1] kasan_set_track+0x4b/0x70 [ 31.924652][ C1] kasan_save_alloc_info+0x1f/0x30 [ 31.929738][ C1] __kasan_kmalloc+0x95/0xb0 [ 31.934313][ C1] __kmalloc+0xb4/0x1e0 [ 31.938447][ C1] l2tp_session_create+0x38/0xbd0 [ 31.943452][ C1] pppol2tp_connect+0xbf5/0x1640 [ 31.948366][ C1] __sys_connect+0x3da/0x460 [ 31.952936][ C1] __x64_sys_connect+0x7a/0x90 [ 31.957680][ C1] x64_sys_call+0x88d/0x9a0 [ 31.962161][ C1] do_syscall_64+0x4c/0xa0 [ 31.966556][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 31.972439][ C1] [ 31.974738][ C1] Freed by task 41: [ 31.978521][ C1] kasan_set_track+0x4b/0x70 [ 31.983090][ C1] kasan_save_free_info+0x2b/0x40 [ 31.988089][ C1] ____kasan_slab_free+0x132/0x180 [ 31.993181][ C1] __kasan_slab_free+0x11/0x20 [ 31.997925][ C1] slab_free_freelist_hook+0xc2/0x190 [ 32.003273][ C1] __kmem_cache_free+0xb7/0x1b0 [ 32.008107][ C1] kfree+0x6f/0xf0 [ 32.011809][ C1] l2tp_session_put+0xaf/0x1a0 [ 32.016549][ C1] l2tp_session_delete+0x3df/0x4d0 [ 32.021640][ C1] l2tp_tunnel_del_work+0x199/0x410 [ 32.026816][ C1] process_one_work+0x717/0xc30 [ 32.031644][ C1] worker_thread+0xa4d/0x11d0 [ 32.036296][ C1] kthread+0x281/0x320 [ 32.040344][ C1] ret_from_fork+0x1f/0x30 [ 32.044742][ C1] [ 32.047043][ C1] Last potentially related work creation: [ 32.052730][ C1] kasan_save_stack+0x3a/0x60 [ 32.057387][ C1] __kasan_record_aux_stack+0xb6/0xc0 [ 32.062734][ C1] kasan_record_aux_stack_noalloc+0xb/0x10 [ 32.068517][ C1] call_rcu+0xcf/0xf50 [ 32.072570][ C1] pppol2tp_release+0x1e3/0x2b0 [ 32.077405][ C1] sock_close+0xc9/0x220 [ 32.081632][ C1] __fput+0x1fd/0x8f0 [ 32.085593][ C1] ____fput+0x15/0x20 [ 32.089554][ C1] task_work_run+0x1e1/0x250 [ 32.094128][ C1] exit_to_user_mode_loop+0x9b/0xb0 [ 32.099306][ C1] exit_to_user_mode_prepare+0x87/0xd0 [ 32.104744][ C1] syscall_exit_to_user_mode+0x1a/0x30 [ 32.110181][ C1] do_syscall_64+0x58/0xa0 [ 32.114577][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 32.120457][ C1] [ 32.122758][ C1] The buggy address belongs to the object at ffff88811b505000 [ 32.122758][ C1] which belongs to the cache kmalloc-512 of size 512 [ 32.136786][ C1] The buggy address is located 400 bytes inside of [ 32.136786][ C1] 512-byte region [ffff88811b505000, ffff88811b505200) [ 32.150034][ C1] [ 32.152339][ C1] The buggy address belongs to the physical page: [ 32.158735][ C1] page:ffffea00046d4100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b504 [ 32.168952][ C1] head:ffffea00046d4100 order:2 compound_mapcount:0 compound_pincount:0 [ 32.177248][ C1] flags: 0x4000000000010200(slab|head|zone=1) [ 32.183302][ C1] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00 [ 32.191867][ C1] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 32.200422][ C1] page dumped because: kasan: bad access detected [ 32.206806][ C1] page_owner tracks the page as allocated [ 32.212493][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 116, tgid 116 (udevd), ts 4773347963, free_ts 0 [ 32.232099][ C1] post_alloc_hook+0x1f5/0x210 [ 32.236848][ C1] prep_new_page+0x1c/0x110 [ 32.241331][ C1] get_page_from_freelist+0x2ca9/0x2d20 [ 32.246859][ C1] __alloc_pages+0x1fa/0x610 [ 32.251430][ C1] alloc_slab_page+0x6e/0xf0 [ 32.255998][ C1] new_slab+0x98/0x3e0 [ 32.260041][ C1] ___slab_alloc+0x70f/0xb70 [ 32.264614][ C1] __slab_alloc+0x5e/0xa0 [ 32.268925][ C1] __kmem_cache_alloc_node+0x204/0x2d0 [ 32.274366][ C1] __kmalloc_node_track_caller+0xa1/0x1e0 [ 32.280061][ C1] __alloc_skb+0x226/0x4a0 [ 32.284458][ C1] alloc_skb_with_frags+0xa8/0x620 [ 32.289552][ C1] sock_alloc_send_pskb+0x87f/0x9a0 [ 32.294731][ C1] unix_dgram_sendmsg+0x5c1/0x1710 [ 32.299827][ C1] sock_write_iter+0x2ea/0x3f0 [ 32.304574][ C1] vfs_write+0x5ef/0xd00 [ 32.308795][ C1] page_owner free stack trace missing [ 32.314135][ C1] [ 32.316440][ C1] Memory state around the buggy address: [ 32.322041][ C1] ffff88811b505080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.330079][ C1] ffff88811b505100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.338114][ C1] >ffff88811b505180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.346148][ C1] ^ [ 32.350711][ C1] ffff88811b505200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.358746][ C1] ffff88811b505280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.366780][ C1] ================================================================== [ 32.374862][ C1] Disabling lock debugging due to kernel taint [ 32.406266][ T28] audit: type=1400 audit(1781381112.989:188): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 32.428363][ T28] audit: type=1400 audit(1781381112.989:189): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 32.450340][ T28] audit: type=1400 audit(1781381112.989:190): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 32.472961][ T28] audit: type=1400 audit(1781381112.989:191): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 32.493732][ T28] audit: type=1400 audit(1781381112.989:192): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 32.514215][ T28] audit: type=1400 audit(1781381112.989:193): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 32.540557][ T313] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 32.732982][ T313] usb 4-1: not running at top speed; connect to a high speed hub [ 32.741467][ T313] usb 4-1: config 1 interface 0 altsetting 10 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 32.752446][ T313] usb 4-1: config 1 interface 0 altsetting 10 endpoint 0x3 has invalid maxpacket 2039, setting to 64 [ 32.758198][ T6] usb 2-1: Using ep0 maxpacket: 32 [ 32.764624][ T313] usb 4-1: config 1 interface 0 altsetting 10 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 32.782114][ T313] usb 4-1: config 1 interface 0 has no altsetting 0 [ 32.789335][ T6] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 32.797604][ T6] usb 2-1: config 0 has no interface number 0 [ 32.803876][ T6] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 32.804829][ T313] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 32.822879][ T313] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.824090][ T6] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 32.830891][ T313] usb 4-1: Product: syz [ 32.830906][ T313] usb 4-1: Manufacturer: syz [ 32.830918][ T313] usb 4-1: SerialNumber: syz [ 32.840294][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.845412][ T614] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 32.848839][ T6] usb 2-1: Product: syz [ 32.853359][ T614] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 32.861411][ T6] usb 2-1: Manufacturer: syz [ 32.884139][ T6] usb 2-1: SerialNumber: syz [ 32.889351][ T6] usb 2-1: config 0 descriptor?? [ 33.074514][ T313] usb 4-1: bad CDC descriptors [ 33.083139][ T313] usb 4-1: USB disconnect, device number 4 [ 33.785427][ T24] usb 1-1: USB disconnect, device number 5 [ 34.117792][ T314] usb 2-1: USB disconnect, device number 5