last executing test programs: 48.631774141s ago: executing program 0 (id=678): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$TIOCSETD(r0, 0x5423, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r3, 0x0) 48.46795022s ago: executing program 0 (id=684): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) fcntl$lock(r1, 0x24, &(0x7f0000000000)={0x1, 0x0, 0x7, 0x800005fffffffffe}) 48.171299988s ago: executing program 0 (id=691): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xa1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 48.1395325s ago: executing program 0 (id=694): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x28a5291, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='devpts\x00', 0x101c040, 0x0) 48.018455717s ago: executing program 0 (id=697): r0 = socket$netlink(0x10, 0x3, 0xa) r1 = open(&(0x7f0000000140)='./file1\x00', 0x18dcc2, 0x5c) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$F_SET_RW_HINT(r5, 0x40c, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) ftruncate(r1, 0x200004) sendfile(r0, r1, 0x0, 0x80001d0040d1) 47.263583331s ago: executing program 0 (id=702): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xeeee8000, 0x2000, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 47.242938582s ago: executing program 32 (id=702): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x25000, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xeeee8000, 0x2000, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14.242981622s ago: executing program 5 (id=1201): r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x382, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r3, 0x400455c8, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r4, 0x800448d7, &(0x7f0000000480)) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f00000000c0)={0x1, 0x0, @ioapic={0x29000, 0x4, 0x9, 0x143, 0x0, [{0x4, 0x5, 0x1, '\x00', 0x7b}, {0x5, 0x9, 0x0, '\x00', 0x6}, {0x2, 0x5, 0xc5, '\x00', 0x6}, {0xfe, 0x72, 0xa, '\x00', 0xff}, {0x3, 0x3, 0x5, '\x00', 0xe}, {0xf, 0x0, 0xe, '\x00', 0x8}, {0x8, 0x0, 0x1}, {0x3, 0x1, 0x1}, {0x4, 0x7f, 0x1, '\x00', 0x6}, {0x5, 0x6, 0x3f, '\x00', 0x7a}, {0x7, 0x5, 0x5, '\x00', 0x2}, {0xf7, 0x99, 0x1, '\x00', 0x1}, {0xb1, 0x3, 0x48, '\x00', 0xe9}, {0x0, 0x40, 0x7, '\x00', 0x4}, {0x80, 0x1, 0x5, '\x00', 0x47}, {0x3d, 0x6, 0x9d, '\x00', 0x34}, {0x50, 0x9, 0x7}, {0x6, 0xd, 0x8, '\x00', 0xfe}, {0x7, 0x2, 0x1, '\x00', 0xff}, {0x10, 0xe, 0x8, '\x00', 0x8}, {0x9, 0xc, 0xf7, '\x00', 0x3e}, {0x6, 0x5, 0x0, '\x00', 0x8}, {0x9, 0x5, 0xf7, '\x00', 0x9}, {0x6, 0x8, 0x26, '\x00', 0x1}]}}) connect$bt_rfcomm(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0x0, 0x1}, 0x6) unlink(&(0x7f0000000000)='./file0\x00') close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 9.832655568s ago: executing program 2 (id=1305): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40080c1}, 0x40000880) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b928, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0xff}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x240040e0}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 9.695210476s ago: executing program 2 (id=1309): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "6ef189fdf08e1947", "c7ec4b645285c2f437c9f187838e844d685fc984cc9b9affba1e271d74c5db06", "dff0534c", "e0a620eccf9fd807"}, 0x38) sendto$inet6(r0, 0x0, 0x0, 0x8000, 0x0, 0x0) 9.577868803s ago: executing program 2 (id=1310): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x2, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x9, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'gre0\x00', &(0x7f0000000200)=@ethtool_ringparam={0x10, 0x80000001, 0x3, 0x1, 0xd, 0xefe, 0x0, 0x0, 0x8}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 9.12457465s ago: executing program 2 (id=1312): mkdirat(0xffffffffffffff9c, 0x0, 0x8) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f00000006c0)='./file0/file0\x00', 0x0, 0x38ad211, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='devpts\x00', 0x101c040, 0x0) 9.042023674s ago: executing program 2 (id=1313): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000080)={0x81, 0x0, 0x3}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 8.95003335s ago: executing program 2 (id=1316): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x121c41, 0x0) fcntl$setlease(r0, 0x400, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 8.94990245s ago: executing program 33 (id=1316): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x121c41, 0x0) fcntl$setlease(r0, 0x400, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 3.95972946s ago: executing program 6 (id=1479): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFCONF(r1, 0x8940, &(0x7f00000002c0)=@buf) 3.821893058s ago: executing program 6 (id=1483): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r2, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0x9, 0x4, 0x3, 0x0, 0x0, 0x58, 0x9e, 0x86, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x18addbae, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x5, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0xffff1000, 0x1c4213}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.781089651s ago: executing program 6 (id=1489): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x100, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0xc0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) close(r1) r4 = open(&(0x7f0000000000)='./file0\x00', 0x400, 0x1e1) fcntl$setlease(r4, 0x400, 0x1) r5 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0) write$binfmt_script(r5, &(0x7f0000000340)={'#! ', './file0'}, 0xb) execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 3.140589268s ago: executing program 4 (id=1505): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000002540)={@random="bb6233c1eb87", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv6={0x86dd, @icmpv6={0x8, 0x6, '\x00', 0x28, 0x3a, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @empty, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000001300)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x20, 0x0) 3.124673709s ago: executing program 4 (id=1506): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x800) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x44, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r6, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x0, 0x2, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40098}, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r7, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x0, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe4) sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@dev={0xac, 0x14, 0x14, 0x12}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0xfffffffffffffffd}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x200001, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x70}}, 0x20014880) sendmsg$IPSET_CMD_DESTROY(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000030601030000000000001556000000010500010007000000"], 0x1c}}, 0x0) userfaultfd(0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) 3.080100661s ago: executing program 5 (id=1510): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}]}}}, @IFLA_MTU={0x8, 0x4, 0x200}]}, 0x44}}, 0x20000804) syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), 0xffffffffffffffff) 2.773842939s ago: executing program 5 (id=1511): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0xc0ed000e, &(0x7f00000002c0)={[{@jqfmt_vfsold}, {@nolazytime}, {@debug}, {@noload}, {@lazytime}, {@oldalloc}, {@lazytime}, {@bh}]}, 0xfe, 0x47d, &(0x7f0000000dc0)="$eJzs3M1vFOUfAPDv7LalvP3aH+ILCFJFI761tLzIwYMaTThgYqIHjKfaLqSyUENrIoSY6gGPhsS78e4fYDzpxagnE696NyTEcAE9rZndGVi2u6VbdrvQ/XyS2T7PzLP7PN+ZeTovz84G0LfG0pckYltE/BERI7XsnQXGan9uXr8088/1SzNJVCrv/J1Uy924fmkmL5q/b2stU6lk+U1N6r38fsR0uVw6n+UnFs9+NLFw4eJLc2enT5dOl85NHTt2+NDeoaNTR+rfNrzWONO4buz+dH7PruPvXXlr5uSVD375Nm3vtmx5fRydMlZbu0090+nKemx7XToZ6GFDaEsxItLNNVjt/yNRjM23lo3Em5/3tHFAV1UqlUqz43NmqQJsYEn0ugVAb+QH+vT6N5/W6dTjvnDtteoFUH7RM3OzmC8ZiEItsW+wdnnUFWMRcXLp36/TKdq9D7GvW60CADayH9Lznxebnf8V4pFaYih9+V82hjIaEf+PiB0R8VBE7IyIhyOqZR+NiMfarL9xhGT5+U/h6pqDW4X0/O+VbGwrn7J68yKjxSy3vRr/YHJqrlw6mK2TAzG46dRcUppcoY4f3/j9y1bL6s//0imtPz8XzNpxdaDhBt3s9OL0vcRc79pnEbsHmsWfRD6Mk0TErojYvcY65p5vPSB09/hX0IFxpso3Ec/Wtv9SNMSfS1qOT06+fHTqyMRwlEsHJ/K9Yrlff7v8dqv674w/htuKvwPS7b+l6f5/K/7RZDhi4cLFM9Xx2oUmH3Kz4WKyweU/v2h5TdPm/n98e7b/DyXvVmcMZQs+mV5cPD8ZMZScWD5/6van5fm8fBr/gf3N+/+OuL0mHo+IPRGxNyKeyC690rY/GRFPRcT+Fdbxz68//WH78a9wV76D0vhn77b9o377t58onvnp+/bjz6Xb/3A1dSCbs5r/f6tt4L2sOwAAAHhQFKrfgU8K47fShcL4eO07/DtjS6E8v7D4wqn5j8/N1r4rPxqDhfxO10jd/dDJ7N5wnp9qyB/K7ht/VdxczY/PzJdnex089LmtLfp/6q9ir1sHdN0axtFe7UY7gPXneU3oX/o/9KdE/4e+pv9D/2rW/ze3LD3+XVcbA6wrx3/oX6vo/0vr9DwSsM4c/6F/6f/Ql1o+G1+4p0f+JTqWOPFcEvdBM5YlonBfNGPjJwZW/WMWbSQqI7X+n87Z1LTM8t9mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBD9FwAA//+r+eEo") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000900)=@expire={0x104, 0x18, 0x1, 0x70bd28, 0x25dfdbfb, {{{@in=@broadcast, @in6=@private2, 0x4e22, 0x2, 0x4e20, 0x3e9, 0x2, 0x20, 0x80}, {@in6=@remote, 0x4d2, 0x3c}, @in=@broadcast, {0xb4ca, 0x9af, 0x8, 0x8, 0x1aea, 0xfffffffffffffffe, 0x8, 0x100}, {0x3, 0x7, 0x8000000000000000, 0x80000001}, {0x800, 0xaa1, 0x2}, 0x70bd28, 0x3505, 0xa, 0x1, 0x2}, 0xf}, [@mark={0xc, 0x15, {0x35075c, 0xc0}}]}, 0x104}, 0x1, 0x0, 0x0, 0x8080}, 0x2000402c) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents64(r1, 0x0, 0x0) 2.115822028s ago: executing program 6 (id=1520): socket$packet(0x11, 0x2, 0x300) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x44000) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24004041}, 0x8000) openat$hwrng(0xffffffffffffff9c, 0x0, 0x105000, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) 2.017764893s ago: executing program 6 (id=1521): setpriority(0x5, 0x0, 0x8) write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, &(0x7f00000000c0)={0x14c}, 0x137) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x20000, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000200)}], 0x1) rt_sigtimedwait(&(0x7f0000000000)={[0xe]}, 0x0, 0x0, 0x8) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40015}, 0x44080) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 2.013065554s ago: executing program 1 (id=1523): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000040)=0x8000, 0x4) 1.864433312s ago: executing program 1 (id=1525): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000004c0), 0x14000, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) write$P9_RMKDIR(r1, &(0x7f0000000240)={0x14, 0x49, 0x1, {0x1, 0x4, 0x4}}, 0x14) chdir(&(0x7f0000000100)='./file0\x00') chdir(&(0x7f0000000140)='./bus\x00') 1.786465016s ago: executing program 5 (id=1526): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @remote}, 0x61) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_int(r0, 0x0, 0x16, &(0x7f0000000080)=0x404, 0x4) 1.785815077s ago: executing program 1 (id=1527): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000100)={[{@usrjquota}, {@barrier}, {@nouid32}, {@barrier_val={'barrier', 0x3d, 0x5}}]}, 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x11) ioctl$EXT4_IOC_MIGRATE(r0, 0xc0406618) 1.755995879s ago: executing program 4 (id=1528): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a000000850000007100000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r3, r2, 0x25, 0x0, @val=@netkit={@void, @value=r3}}, 0x1c) 1.720124331s ago: executing program 1 (id=1529): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000e80)={0x1, 0xe, 0x0, 0x40, @vifc_lcl_addr=@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 1.719890731s ago: executing program 1 (id=1530): unshare(0x26020480) socket$nl_route(0x10, 0x3, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) fsconfig$FSCONFIG_SET_FD(r1, 0x5, 0x0, 0x0, 0xffffffffffffffff) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a8, 0x0, 0x12, 0x60d, 0x0, 0x202, 0x2d8, 0x2e8, 0x2e8, 0x2d8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private1, @ipv4={'\x00', '\xff\xff', @empty}, [], [], 'ip_vti0\x00', 'macsec0\x00', {0xff}}, 0x0, 0x190, 0x1d8, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "000000165a8c2e0617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f672225d6147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac05a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x74, 0x2}}, @common=@icmp6={{0x28}, {0xd, "ea9c", 0x1}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@ipv6={@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xff, 0x0, 0xffffff00, 0xff000000], [0xff, 0xff000000, 0x0, 0xff], 'ipvlan1\x00', 'erspan0\x00', {}, {0xff}, 0x2b, 0x5, 0x6}, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}, {{0x2, 0x0, 0x6}}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408) r3 = memfd_create(0x0, 0x2) fallocate(r3, 0x0, 0x0, 0x400001) fcntl$addseals(r3, 0x409, 0xc) ioctl$FS_IOC_RESVSP(r3, 0x40305828, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0) 1.669896203s ago: executing program 4 (id=1532): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000002c0)={[{@init_itable}, {@nobh}, {@nodiscard}]}, 0x3, 0x45c, &(0x7f0000000940)="$eJzs281vFGUYAPBnZtsCArYifvChVtHY+NFSQOXgQY0mHjAx0YMem7YQZKGG1kQIUTAGT8aYeDce/Rc86cUYTyZe9W5IiOECeFozuzN0d9ld6LLbLezvlwy873z0fZ6deXffmXc3gKE1mf2TRGyLiL8iYrxWbdxhsvbftSvn5q9fOTefRKXy3r9Jdb+rV87NF7sWx23NK1NpRPplEntatLt85uyJuXJ58XRen1k5+fHM8pmzLx4/OXds8djiqQOHDx86OPvKywde6kmeWUxXd3+2tHfX2x9++86Rr7N1aZF/Ux49Mtlp4zOVSo+bG6ztdeVkZICBsCaliMhO12i1/49HKVZP3ni89cVAgwP6qlKpVLa233y+AtzDkmis6/IwLIoP+uz+t1iaBwGv9W/4MXCXX6/dAGV5X8uX2paR6vOByO+Ntvep/cmI+OD8f99nS/TnOQQAQIOfs/HPC63Gf2k8XLff/fnc0EREPBAROyLiwYjYGREPRVT3fSQiHl1j+82TJDePf9JLXSV2m7Lx36v53Fbj+K8Y/cVEKa9tr+Y/mhw9Xl7cn78mUzG6KavPdmjjlzf//KbdtvrxX7Zk7RdjwTyOSyObGo9ZmFuZu5Oc612+ELF7pFX+yY2ZgCQidkXE7i7bOP7cj3vbbbt1/h30YJ6p8kPEs7Xzfz6a8i8knecnZzZHeXH/THFV3Oz3Py6+2679O8q/B7Lzf1/L6/9G/hNJ/Xzt8trbuPj3V23vabq9/seS96vlsXzdp3MrK6dnI8aSI7Wg69cfWD22qBf7Z/lP7Wvd/3fE6iuxJyKyi/ixiHg8Ip7IY38yIp6KiH0d8v/tjac/6j7//sryX1jT+V8tjEXzmtaF0olff2podOKm/K93Pv+HqqWpfM3tvP/dTlzdXc0AAABw90kjYlsk6fSNcppOT9e+L78zIi0vLa88f3Tpk1MLtd8ITESkxZOu8brnobP5bX2tfiEial8tKLYfzJ8bf1faUq1Pzy+VFwadPAy5rW36f+af0qCjA/rO77VgeOn/MLxu1f8/X6c4gPXn8x+GV4v+v2UQcQDrbVPLz39jfhgOTf3ftB8Mkab+v3lQcQDrr/vnf2M9jQNYf57/w1Ba3hK3/pF8x0Lxl7o8/J4txOiGCKNvhUg3RBgbtjB6l/eLwb0nAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9NL/AQAA//8kV94B") symlinkat(&(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x181341, 0x84) symlinkat(&(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') openat$sndtimer(0xffffffffffffff9c, &(0x7f00000030c0), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) clock_gettime(0x2, &(0x7f0000000340)) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x228, 0x0, 0x8, 0xfa04, 0x108, 0x6c02, 0x230, 0x194, 0x194, 0x230, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0xd8, 0x0, {0x0, 0x74020000}}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x2, 0x0, 0xfffffffc, 0x2b0, 'pptp\x00', 'syz1\x00', {0x47c}}}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x288) syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x3b, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x28541, 0x0) 1.644185565s ago: executing program 1 (id=1533): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x2a100) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}}) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) connect$bt_l2cap(r1, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x2a}) 1.54909543s ago: executing program 5 (id=1536): syz_open_dev$loop(&(0x7f0000000040), 0x40, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000c00)='/proc/vmallocinfo\x00', 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x2a801, 0x0) sendfile(r1, r0, 0x0, 0x80000000) 1.5487945s ago: executing program 3 (id=1537): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setregid(0xffffffffffffffff, 0xffffffffffffffff) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@remote, 0x0, 0x400, 0x1000, 0x0, 0x2, 0x20, 0x10, 0x84}, {}, {0x0, 0x4000000000000}}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x2500, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000028"], 0x188}}, 0x0) 1.39028672s ago: executing program 3 (id=1538): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x7}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x7fffffff}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r6, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r3, 0x1, 0xd8, 0x6, @multicast}, 0x14) 1.38980326s ago: executing program 3 (id=1539): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000600)=ANY=[], 0x210) 1.335966083s ago: executing program 3 (id=1540): bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0xd, 0x0, 0x1, 0x0, 0x6, @random="933c547ecfa7"}, 0x14) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0xffffffffffffffff}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000180)=0x4, 0x4) ftruncate(0xffffffffffffffff, 0x2000009) sendfile(r3, 0xffffffffffffffff, 0x0, 0x7ffff004) 1.335308123s ago: executing program 5 (id=1541): r0 = socket$netlink(0x10, 0x3, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8) getdents64(0xffffffffffffffff, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) write$binfmt_aout(r2, &(0x7f0000000380)=ANY=[], 0x20) readv(r3, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/168, 0xa8}], 0x1) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="34000000680001002cbd700002dcdf250a0002000400000008000500", @ANYRES32=r6, @ANYBLOB="14000600ff"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4002) splice(r2, &(0x7f0000000040)=0x10, r4, 0x0, 0x807, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) syz_emit_ethernet(0x62, &(0x7f0000000000)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @broadcast}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0xe, 0x2, 0x0, 0x0, 0x24, 0x0, 0x9, 0xff, 0x0, 0x0, @local, @rand_addr=0xe0000000, {[@cipso={0x86, 0x15, 0x0, [{0x2, 0x9, "f431c75babfefe"}, {0x6, 0x6, "8e43df87"}]}, @timestamp_addr={0x44, 0xc, 0x6b, 0x1, 0xa, [{@dev={0xac, 0x14, 0x14, 0x1d}}]}]}}}}}}}, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r8, 0x0) r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r2) sendmsg$IPVS_CMD_NEW_SERVICE(r4, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r9, 0x400, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x20000004) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000340)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100050c1000000fff00204e0000", 0x58}], 0x1) syz_usb_connect(0x3, 0x24, &(0x7f0000000400)=ANY=[], 0x0) 109.899705ms ago: executing program 3 (id=1542): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000980)=ANY=[@ANYBLOB="1400000042000b06"], 0x14}}, 0x0) recvmmsg(r0, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000580)=""/298, 0x12a}, {&(0x7f0000002280)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/202, 0xca}, {&(0x7f0000000240)=""/118, 0x76}, {&(0x7f00000009c0)=""/237, 0xed}, {&(0x7f0000000180)=""/189, 0xbd}, {&(0x7f0000000c80)=""/162, 0xa2}, {&(0x7f00000003c0)=""/66, 0x42}], 0x8}, 0x4140}], 0x1, 0x10000, 0x0) 109.735045ms ago: executing program 4 (id=1543): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) recvfrom(r0, 0x0, 0x0, 0x21, 0x0, 0x0) 70.776876ms ago: executing program 6 (id=1544): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="5c000000240001052abd7000fedbdf2509000000060003"], 0x5c}, 0x1, 0x0, 0x0, 0x8004}, 0x800) 285.021µs ago: executing program 4 (id=1545): socket$netlink(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000e37000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x71, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff}, 0x800) r4 = timerfd_create(0x0, 0x0) timerfd_settime(r4, 0x3, &(0x7f0000000080)={{}, {0x77359400}}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x8004, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) clock_adjtime(0x0, &(0x7f0000000280)={0xc979, 0x1, 0xbf, 0x8, 0x8, 0x1, 0x0, 0x4, 0xf27, 0x80000000, 0x6, 0x3ff, 0x8a8, 0x6, 0x5, 0x413, 0x69, 0x2, 0x6, 0x6, 0x10000, 0x168, 0x2cbf, 0x7, 0xe, 0x5}) 0s ago: executing program 3 (id=1546): syz_io_uring_setup(0x5d99, 0x0, &(0x7f0000000140), 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x8001, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4f}, {0x0, 0x0, 0x0, 0x800, 0x7}, {0x0, 0x0, 0xe6}, 0x0, 0x0, 0x0, 0x0, 0x2}, {{@in=@remote, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) close(r0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x20040014) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfe, {{@in6=@private0, @in=@multicast1, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe, 0x4}, 0x9, 0x0, 0x0, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x25dfdbfc, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8, 0x4}, {0x0, 0x8}}}, 0xb8}}, 0x0) kernel console output (not intermixed with test programs): 6.318069][ T398] xt_hashlimit: size too large, truncated to 1048576 [ 26.399475][ T20] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 26.419437][ T20] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 26.577475][ T30] kauditd_printk_skb: 78 callbacks suppressed [ 26.577492][ T30] audit: type=1400 audit(1771009326.252:152): avc: denied { create } for pid=404 comm="syz.0.19" dev="anon_inodefs" ino=15761 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 26.605748][ T20] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 26.619384][ T20] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.637652][ T20] usb 4-1: Product: syz [ 26.642096][ T20] usb 4-1: Manufacturer: syz [ 26.646998][ T20] usb 4-1: SerialNumber: syz [ 26.660306][ T30] audit: type=1400 audit(1771009326.252:153): avc: denied { ioctl } for pid=404 comm="syz.0.19" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=15761 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 26.697059][ T412] loop4: detected capacity change from 0 to 512 [ 26.709095][ T30] audit: type=1400 audit(1771009326.262:154): avc: denied { read } for pid=404 comm="syz.0.19" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=15761 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 26.736539][ T30] audit: type=1400 audit(1771009326.312:155): avc: denied { create } for pid=407 comm="syz.4.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 26.757873][ T30] audit: type=1400 audit(1771009326.342:156): avc: denied { create } for pid=409 comm="syz.4.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.796030][ T412] EXT4-fs (loop4): Test dummy encryption mode enabled [ 26.817638][ T30] audit: type=1400 audit(1771009326.342:157): avc: denied { write } for pid=409 comm="syz.4.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.838462][ T412] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 26.848407][ T30] audit: type=1400 audit(1771009326.342:158): avc: denied { read } for pid=409 comm="syz.4.21" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.870784][ T412] EXT4-fs (loop4): Errors on filesystem, clearing orphan list. [ 26.878557][ T412] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,errors=continue,grpjquota=,prjquota,usrquota,barrier=0x0000000000000003,usrjquota=min_batch_time=0x00000000ffffffff,nouid32,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 26.922439][ T423] loop0: detected capacity change from 0 to 256 [ 26.922859][ T412] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 26.968746][ T412] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 26.968800][ T30] audit: type=1400 audit(1771009326.642:159): avc: denied { remount } for pid=411 comm="syz.4.22" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 27.092154][ T30] audit: type=1400 audit(1771009326.772:160): avc: denied { name_bind } for pid=425 comm="syz.4.27" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 27.152983][ T30] audit: type=1400 audit(1771009326.832:161): avc: denied { create } for pid=417 comm="syz.1.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 27.167333][ T421] mmap: syz.0.26 (421): VmData 17448960 exceed data ulimit 10. Update limits or use boot option ignore_rlimit_data. [ 27.209476][ T20] usb 4-1: 0:2 : does not exist [ 27.227036][ T431] loop4: detected capacity change from 0 to 256 [ 27.406246][ T401] loop2: detected capacity change from 0 to 131072 [ 27.433991][ T401] F2FS-fs (loop2): Unrecognized mount option "0x0000000000000009" or missing value [ 27.468102][ T441] xt_hashlimit: size too large, truncated to 1048576 [ 27.502415][ T439] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,sb=0x0000000000000001,,errors=continue. Quota mode: writeback. [ 27.537963][ T439] ext4 filesystem being mounted at /11/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 27.670943][ T20] usb 4-1: USB disconnect, device number 2 [ 28.190829][ T360] udevd[360]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 28.492374][ T456] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 28.500975][ T456] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 28.530017][ T456] F2FS-fs (loop2): invalid crc value [ 28.551027][ T456] F2FS-fs (loop2): Found nat_bits in checkpoint [ 28.609385][ T308] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 28.628488][ T456] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 28.639414][ T456] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 28.740246][ T460] F2FS-fs (loop4): Invalid segment/section count (24 != 24 * 5) [ 28.748067][ T460] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 28.774627][ T472] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 28.790731][ T460] F2FS-fs (loop4): invalid crc value [ 28.808341][ T460] F2FS-fs (loop4): Found nat_bits in checkpoint [ 28.863386][ T456] SELinux: Context system_u:object_r:hald_log_t:s0 is not valid (left unmapped). [ 28.919913][ T460] F2FS-fs (loop4): Start checkpoint disabled! [ 28.946611][ T460] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 28.956467][ T460] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 28.964516][ T288] attempt to access beyond end of device [ 28.964516][ T288] loop2: rw=2051, want=53248, limit=40427 [ 28.991564][ T452] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0) [ 29.000169][ T288] attempt to access beyond end of device [ 29.000169][ T288] loop2: rw=2051, want=73728, limit=40427 [ 29.009560][ T308] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.011968][ T452] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 29.032545][ T288] F2FS-fs (loop2): Issue discard(6144, 6144, 512) failed, ret: -5 [ 29.032578][ T288] F2FS-fs (loop2): Issue discard(7168, 7168, 2048) failed, ret: -5 [ 29.045433][ T308] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.064262][ T452] F2FS-fs (loop1): invalid crc value [ 29.069916][ T308] usb 1-1: New USB device found, idVendor=a86d, idProduct=c626, bcdDevice= 0.00 [ 29.079978][ T308] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.089183][ T308] usb 1-1: config 0 descriptor?? [ 29.108263][ T452] F2FS-fs (loop1): Found nat_bits in checkpoint [ 29.185070][ T452] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 29.193161][ T452] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 29.391911][ T26] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 29.568350][ T39] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 29.689391][ T26] usb 5-1: Using ep0 maxpacket: 16 [ 29.809455][ T26] usb 5-1: config 0 has an invalid interface number: 48 but max is 0 [ 29.825571][ T26] usb 5-1: config 0 has no interface number 0 [ 29.836286][ T26] usb 5-1: too many endpoints for config 0 interface 48 altsetting 120: 102, using maximum allowed: 30 [ 29.849402][ T308] usbhid 1-1:0.0: can't add hid device: -71 [ 29.857760][ T308] usbhid: probe of 1-1:0.0 failed with error -71 [ 29.868064][ T26] usb 5-1: config 0 interface 48 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 102 [ 29.873279][ T308] usb 1-1: USB disconnect, device number 2 [ 29.888404][ T500] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 29.899674][ T26] usb 5-1: config 0 interface 48 has no altsetting 0 [ 29.909968][ T500] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 29.927132][ T26] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 29.938038][ T26] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.938604][ T500] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 29.956503][ T26] usb 5-1: config 0 descriptor?? [ 29.979964][ T39] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 29.991327][ T39] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 30.002506][ T39] usb 3-1: New USB device found, idVendor=a86d, idProduct=c626, bcdDevice= 0.00 [ 30.013596][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.038324][ T500] netlink: 24 bytes leftover after parsing attributes in process `syz.0.51'. [ 30.051036][ T39] usb 3-1: config 0 descriptor?? [ 30.239425][ T26] usb 5-1: string descriptor 0 read error: -71 [ 30.248705][ T26] ftdi_sio 5-1:0.48: FTDI USB Serial Device converter detected [ 30.289431][ T26] usb 5-1: Detected FT8U232AM [ 30.358828][ T26] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 30.387162][ T26] usb 5-1: USB disconnect, device number 3 [ 30.397208][ T26] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 30.408414][ T26] ftdi_sio 5-1:0.48: device disconnected [ 30.681203][ T513] FAULT_INJECTION: forcing a failure. [ 30.681203][ T513] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 30.719421][ T513] CPU: 0 PID: 513 Comm: syz.0.55 Not tainted syzkaller #0 [ 30.726890][ T513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 30.736959][ T513] Call Trace: [ 30.740249][ T513] [ 30.743186][ T513] __dump_stack+0x21/0x30 [ 30.747887][ T513] dump_stack_lvl+0x110/0x170 [ 30.752585][ T513] ? show_regs_print_info+0x20/0x20 [ 30.757803][ T513] ? vfs_write+0xc72/0xfd0 [ 30.762243][ T513] dump_stack+0x15/0x20 [ 30.766522][ T513] should_fail+0x3c1/0x510 [ 30.771037][ T513] should_fail_usercopy+0x1a/0x20 [ 30.776077][ T513] _copy_from_user+0x20/0xd0 [ 30.780692][ T513] __sys_bpf+0x258/0x7d0 [ 30.784973][ T513] ? bpf_link_show_fdinfo+0x330/0x330 [ 30.790359][ T513] ? debug_smp_processor_id+0x17/0x20 [ 30.795922][ T513] __x64_sys_bpf+0x7c/0x90 [ 30.800525][ T513] x64_sys_call+0x4b9/0x9a0 [ 30.805160][ T513] do_syscall_64+0x4c/0xa0 [ 30.810045][ T513] ? clear_bhb_loop+0x50/0xa0 [ 30.814836][ T513] ? clear_bhb_loop+0x50/0xa0 [ 30.819520][ T513] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.825534][ T513] RIP: 0033:0x7fbe18c02f79 [ 30.830061][ T513] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 30.850115][ T513] RSP: 002b:00007fbe1765e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 30.858837][ T513] RAX: ffffffffffffffda RBX: 00007fbe18e7cfa0 RCX: 00007fbe18c02f79 [ 30.866909][ T513] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 30.875246][ T513] RBP: 00007fbe1765e090 R08: 0000000000000000 R09: 0000000000000000 [ 30.883318][ T513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 30.891316][ T513] R13: 00007fbe18e7d038 R14: 00007fbe18e7cfa0 R15: 00007fff8ea4f178 [ 30.899751][ T513] [ 31.197330][ T517] set_capacity_and_notify: 6 callbacks suppressed [ 31.197347][ T517] loop1: detected capacity change from 0 to 4096 [ 31.231196][ T523] xt_hashlimit: size too large, truncated to 1048576 [ 31.256882][ T517] EXT4-fs (loop1): Test dummy encryption mode enabled [ 31.311306][ T517] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,usrjquota=,,errors=continue. Quota mode: writeback. [ 31.431469][ T20] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 31.472268][ T537] loop4: detected capacity change from 0 to 512 [ 31.531112][ T537] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_dev=0x0000000000000003,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 31.559476][ T537] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.679412][ T20] usb 4-1: Using ep0 maxpacket: 16 [ 31.751445][ T545] loop1: detected capacity change from 0 to 40427 [ 31.803302][ T545] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 31.809466][ T20] usb 4-1: config 0 interface 0 altsetting 131 endpoint 0x81 has invalid wMaxPacketSize 0 [ 31.811466][ T545] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 31.826032][ T20] usb 4-1: config 0 interface 0 altsetting 131 has 1 endpoint descriptor, different from the interface descriptor's value: 13 [ 31.831198][ T545] F2FS-fs (loop1): invalid crc value [ 31.844110][ T20] usb 4-1: config 0 interface 0 has no altsetting 0 [ 31.856035][ T20] usb 4-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 31.856846][ T545] F2FS-fs (loop1): Found nat_bits in checkpoint [ 31.865362][ T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.881135][ T20] usb 4-1: config 0 descriptor?? [ 31.889482][ T6] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 31.897119][ T308] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 31.899866][ T545] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 31.912129][ T545] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 32.169611][ T6] usb 1-1: device descriptor read/64, error -71 [ 32.259460][ T308] usb 5-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 32.272176][ T308] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 32.282678][ T308] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 32.296402][ T308] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 32.305758][ T308] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.314713][ T308] usb 5-1: config 0 descriptor?? [ 32.340730][ T519] UDC core: couldn't find an available UDC or it's busy: -16 [ 32.349223][ T554] kernel profiling enabled (shift: 9) [ 32.349436][ T519] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 32.363504][ T308] usb-storage 5-1:0.0: USB Mass Storage device detected [ 32.371492][ T308] usb-storage 5-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 32.380486][ T20] hid-picolcd 0003:04D8:C002.0001: item fetching failed at offset 1/5 [ 32.388833][ T20] hid-picolcd 0003:04D8:C002.0001: device report parse failed [ 32.397061][ T20] hid-picolcd: probe of 0003:04D8:C002.0001 failed with error -22 [ 32.559474][ T6] usb 1-1: device descriptor read/64, error -71 [ 32.566200][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 32.566215][ T30] audit: type=1400 audit(1771009332.242:198): avc: denied { write } for pid=536 comm="syz.4.62" path="socket:[16741]" dev="sockfs" ino=16741 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 32.571455][ T20] usb 5-1: USB disconnect, device number 4 [ 32.602016][ T498] usb 4-1: USB disconnect, device number 3 [ 32.667296][ T39] usb 3-1: USB disconnect, device number 2 [ 32.829419][ T6] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 32.940383][ T559] loop2: detected capacity change from 0 to 131072 [ 33.040542][ T559] F2FS-fs (loop2): Test dummy encryption mode enabled [ 33.048276][ T559] F2FS-fs (loop2): invalid crc value [ 33.055347][ T559] F2FS-fs (loop2): Found nat_bits in checkpoint [ 33.081686][ T559] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 33.112564][ T6] usb 1-1: device descriptor read/64, error -71 [ 33.116406][ T559] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 33.129404][ T30] audit: type=1400 audit(1771009332.812:199): avc: denied { mounton } for pid=566 comm="syz.3.71" path="/13/file0" dev="tmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 33.137655][ T571] netlink: 176 bytes leftover after parsing attributes in process `syz.4.69'. [ 33.166322][ T559] netlink: 'syz.2.68': attribute type 4 has an invalid length. [ 33.181550][ T30] audit: type=1400 audit(1771009332.842:200): avc: denied { ioctl } for pid=558 comm="syz.2.68" path="socket:[16019]" dev="sockfs" ino=16019 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 33.195879][ T575] loop4: detected capacity change from 0 to 512 [ 33.214444][ T30] audit: type=1400 audit(1771009332.842:201): avc: denied { bind } for pid=558 comm="syz.2.68" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 33.234571][ T579] netlink: 'syz.2.68': attribute type 4 has an invalid length. [ 33.253337][ T575] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.73: iget: bad i_size value: 38620345925642 [ 33.266553][ T575] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.73: couldn't read orphan inode 15 (err -117) [ 33.279067][ T559] syz.2.68 (559) used greatest stack depth: 20832 bytes left [ 33.287133][ T575] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 33.340480][ T575] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz.4.73: bg 0: block 5: invalid block bitmap [ 33.372333][ T593] loop1: detected capacity change from 0 to 512 [ 33.374217][ T575] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28 [ 33.388126][ T30] audit: type=1400 audit(1771009333.062:202): avc: denied { mounton } for pid=574 comm="syz.4.73" path="/19/file1/file0" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 33.391152][ T575] EXT4-fs (loop4): This should not happen!! Data will be lost [ 33.391152][ T575] [ 33.419573][ T594] fuse: Bad value for 'fd' [ 33.423853][ T575] EXT4-fs (loop4): Total free blocks count 0 [ 33.459394][ T575] EXT4-fs (loop4): Free/Dirty block details [ 33.465435][ T575] EXT4-fs (loop4): free_blocks=0 [ 33.472096][ T593] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.77: iget: bad i_size value: 38620345925642 [ 33.485777][ T575] EXT4-fs (loop4): dirty_blocks=64 [ 33.491657][ T593] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.77: couldn't read orphan inode 15 (err -117) [ 33.503581][ T575] EXT4-fs (loop4): Block reservation details [ 33.510318][ T575] EXT4-fs (loop4): i_reserved_data_blocks=64 [ 33.516353][ T593] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 33.528036][ T6] usb 1-1: device descriptor read/64, error -71 [ 33.528491][ T30] audit: type=1400 audit(1771009333.202:203): avc: denied { unmount } for pid=574 comm="syz.4.73" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 33.572347][ T593] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm syz.1.77: bg 0: block 5: invalid block bitmap [ 33.590040][ T593] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 28 [ 33.610109][ T30] audit: type=1400 audit(1771009333.242:204): avc: denied { read } for pid=592 comm="syz.1.77" dev="nsfs" ino=4026532290 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 33.612721][ T593] EXT4-fs (loop1): This should not happen!! Data will be lost [ 33.612721][ T593] [ 33.645554][ T593] EXT4-fs (loop1): Total free blocks count 0 [ 33.651741][ T6] usb usb1-port1: attempt power cycle [ 33.652327][ T603] fuse: Bad value for 'fd' [ 33.657626][ T593] EXT4-fs (loop1): Free/Dirty block details [ 33.669498][ T30] audit: type=1400 audit(1771009333.242:205): avc: denied { open } for pid=592 comm="syz.1.77" path="net:[4026532290]" dev="nsfs" ino=4026532290 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 33.693991][ T593] EXT4-fs (loop1): free_blocks=0 [ 33.702413][ T603] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=603 comm=syz.1.77 [ 33.715246][ T30] audit: type=1400 audit(1771009333.242:206): avc: denied { create } for pid=592 comm="syz.1.77" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 33.733814][ T593] EXT4-fs (loop1): dirty_blocks=64 [ 33.740572][ T30] audit: type=1400 audit(1771009333.252:207): avc: denied { setopt } for pid=592 comm="syz.1.77" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 33.753979][ T593] EXT4-fs (loop1): Block reservation details [ 33.766988][ T26] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 33.775190][ T593] EXT4-fs (loop1): i_reserved_data_blocks=64 [ 34.079375][ T6] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 34.139439][ T26] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 34.153888][ T26] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 34.169659][ T26] usb 4-1: New USB device found, idVendor=a86d, idProduct=c626, bcdDevice= 0.00 [ 34.184398][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.203500][ T26] usb 4-1: config 0 descriptor?? [ 34.259451][ T6] usb 1-1: device descriptor read/8, error -71 [ 34.529469][ T6] usb 1-1: device descriptor read/8, error -71 [ 35.059372][ T26] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 35.329382][ T26] usb 3-1: Using ep0 maxpacket: 16 [ 35.335156][ T609] syz.1.81 (609) used greatest stack depth: 20800 bytes left [ 35.449587][ T26] usb 3-1: config 253 has an invalid interface number: 71 but max is 0 [ 35.457941][ T26] usb 3-1: config 253 has no interface number 0 [ 35.470380][ T26] usb 3-1: config 253 interface 71 altsetting 7 endpoint 0xC has invalid maxpacket 1023, setting to 64 [ 35.509401][ T26] usb 3-1: config 253 interface 71 has no altsetting 0 [ 35.529441][ T26] usb 3-1: New USB device found, idVendor=11ca, idProduct=0201, bcdDevice=42.cd [ 35.551019][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.140396][ T619] loop0: detected capacity change from 0 to 131072 [ 36.191294][ T619] F2FS-fs (loop0): Test dummy encryption mode enabled [ 36.199973][ T619] F2FS-fs (loop0): invalid crc value [ 36.230162][ T619] F2FS-fs (loop0): Found nat_bits in checkpoint [ 36.274929][ T619] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 36.318282][ T619] netlink: 'syz.0.85': attribute type 4 has an invalid length. [ 36.348262][ T619] netlink: 'syz.0.85': attribute type 4 has an invalid length. [ 36.719510][ T6] usb 4-1: USB disconnect, device number 4 [ 36.816577][ T646] loop3: detected capacity change from 0 to 256 [ 36.856695][ T646] FAT-fs (loop3): Unrecognized mount option "00000000000000000000" or missing value [ 37.080436][ T646] binder: BINDER_SET_CONTEXT_MGR already set [ 37.086560][ T646] binder: 645:646 ioctl 4018620d 200000004a80 returned -16 [ 37.094658][ T646] binder: 645:646 ioctl c0306201 200000000180 returned -14 [ 37.320438][ T654] loop0: detected capacity change from 0 to 40427 [ 37.380817][ T654] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 37.399475][ T654] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 37.425032][ T654] F2FS-fs (loop0): invalid crc value [ 37.431994][ T654] F2FS-fs (loop0): Found nat_bits in checkpoint [ 37.469716][ T654] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 37.477310][ T654] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 37.599459][ T26] usb 3-1: string descriptor 0 read error: -71 [ 37.609235][ T666] loop2: detected capacity change from 0 to 256 [ 37.616274][ T26] usb 3-1: USB disconnect, device number 3 [ 37.709745][ T666] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 37.729463][ T666] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 37.752669][ T666] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 37.970940][ T659] loop3: detected capacity change from 0 to 131072 [ 37.991413][ T673] capability: warning: `syz.2.98' uses 32-bit capabilities (legacy support in use) [ 38.034294][ T659] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 38.042987][ T659] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 38.049378][ T339] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 38.066469][ T659] F2FS-fs (loop3): invalid crc value [ 38.096703][ T659] F2FS-fs (loop3): Found nat_bits in checkpoint [ 38.133281][ T659] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 38.141002][ T659] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 38.344301][ T668] netlink: 'syz.4.97': attribute type 4 has an invalid length. [ 38.356140][ T668] netlink: 'syz.4.97': attribute type 4 has an invalid length. [ 38.409455][ T339] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 38.421934][ T339] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.438958][ T339] usb 1-1: config 0 descriptor?? [ 38.660830][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 38.660847][ T30] audit: type=1400 audit(1771009338.342:231): avc: denied { name_bind } for pid=692 comm="syz.1.104" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 38.690835][ T695] netlink: 12 bytes leftover after parsing attributes in process `syz.1.104'. [ 38.700763][ T694] xt_hashlimit: size too large, truncated to 1048576 [ 38.769965][ T699] netlink: 'syz.2.106': attribute type 12 has an invalid length. [ 38.794160][ T30] audit: type=1400 audit(1771009338.472:232): avc: denied { execute } for pid=692 comm="syz.1.104" path="/16/file1" dev="tmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 38.900872][ T701] loop2: detected capacity change from 0 to 2048 [ 39.060378][ T701] loop2: p1 p2 [ 39.120197][ T30] audit: type=1400 audit(1771009338.802:233): avc: denied { setopt } for pid=702 comm="syz.1.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 39.237772][ T708] process 'syz.4.111' launched './file1' with NULL argv: empty string added [ 39.250806][ T709] UDC core: couldn't find an available UDC or it's busy: -16 [ 39.260204][ T555] udevd[555]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 39.260210][ T335] udevd[335]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 39.289442][ T709] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 39.293087][ T335] udevd[335]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 39.349196][ T30] audit: type=1400 audit(1771009339.022:234): avc: denied { bind } for pid=714 comm="syz.2.113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 39.373684][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 39.429971][ T720] loop3: detected capacity change from 0 to 256 [ 39.473777][ T720] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 39.494218][ T720] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 39.504996][ T720] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 39.876526][ T730] netlink: 12 bytes leftover after parsing attributes in process `syz.1.116'. [ 39.899519][ T26] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 39.941948][ T339] usb 1-1: Cannot set autoneg [ 39.946740][ T339] MOSCHIP usb-ethernet driver: probe of 1-1:0.0 failed with error -71 [ 39.957691][ T339] usb 1-1: USB disconnect, device number 7 [ 39.984686][ T733] netlink: 'syz.1.117': attribute type 12 has an invalid length. [ 40.189386][ T26] usb 4-1: Using ep0 maxpacket: 16 [ 40.309435][ T26] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 40.320773][ T26] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 40.346776][ T737] loop0: detected capacity change from 0 to 256 [ 40.422316][ T30] audit: type=1400 audit(1771009340.102:235): avc: denied { setopt } for pid=738 comm="syz.4.120" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 40.457903][ T741] fuse: Bad value for 'fd' [ 40.475022][ T30] audit: type=1400 audit(1771009340.152:236): avc: denied { setopt } for pid=742 comm="syz.4.122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 40.507956][ T737] netlink: 24 bytes leftover after parsing attributes in process `syz.0.119'. [ 40.509564][ T26] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 40.527658][ T30] audit: type=1400 audit(1771009340.182:237): avc: denied { ioctl } for pid=742 comm="syz.4.122" path="socket:[16380]" dev="sockfs" ino=16380 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 40.552928][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.558034][ T737] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=737 comm=syz.0.119 [ 40.560987][ T26] usb 4-1: Product: syz [ 40.561006][ T26] usb 4-1: Manufacturer: syz [ 40.561019][ T26] usb 4-1: SerialNumber: syz [ 40.573795][ T30] audit: type=1400 audit(1771009340.212:238): avc: denied { bind } for pid=742 comm="syz.4.122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 40.597784][ T737] bridge0: port 3(syz_tun) entered blocking state [ 40.613124][ T737] bridge0: port 3(syz_tun) entered disabled state [ 40.629941][ T737] device syz_tun entered promiscuous mode [ 40.636191][ T737] bridge0: port 3(syz_tun) entered blocking state [ 40.642882][ T737] bridge0: port 3(syz_tun) entered forwarding state [ 40.671495][ T30] audit: type=1400 audit(1771009340.352:239): avc: denied { read write } for pid=745 comm="syz.0.123" name="vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 40.672629][ T746] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.714006][ T30] audit: type=1400 audit(1771009340.352:240): avc: denied { open } for pid=745 comm="syz.0.123" path="/dev/vhost-vsock" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 41.229747][ T26] usb 4-1: 0:2 : does not exist [ 41.329828][ T26] usb 4-1: USB disconnect, device number 5 [ 41.441972][ T39] Bluetooth: hci0: command 0x1003 tx timeout [ 41.452587][ T591] Bluetooth: hci0: Frame reassembly failed (-84) [ 41.659924][ T360] udevd[360]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 41.751841][ T765] loop0: detected capacity change from 0 to 512 [ 41.788917][ T765] EXT4-fs (loop0): Ignoring removed bh option [ 41.809962][ T765] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 41.829483][ T765] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 41.854724][ T765] EXT4-fs (loop0): 1 truncate cleaned up [ 41.866543][ T765] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,nomblk_io_submit,usrjquota=,,errors=continue. Quota mode: none. [ 41.992771][ T774] loop3: detected capacity change from 0 to 512 [ 42.003058][ T765] netlink: 'syz.0.129': attribute type 4 has an invalid length. [ 42.021381][ T774] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 42.034510][ T774] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.279372][ T26] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 42.353956][ T778] loop3: detected capacity change from 0 to 131072 [ 42.413086][ T778] F2FS-fs (loop3): Test dummy encryption mode enabled [ 42.421125][ T778] F2FS-fs (loop3): invalid crc value [ 42.428252][ T778] F2FS-fs (loop3): Found nat_bits in checkpoint [ 42.454179][ T778] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 42.549386][ T26] usb 1-1: Using ep0 maxpacket: 32 [ 42.851702][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 42.866360][ T26] usb 1-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 42.884696][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.905329][ T26] usb 1-1: config 0 descriptor?? [ 42.960719][ T26] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 43.371842][ C1] Adjusting tsc more than 11% (6083271 vs 8464875) [ 43.610148][ T26] Bluetooth: hci0: command 0x1001 tx timeout [ 43.616490][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 43.983652][ T788] netlink: 'syz.1.134': attribute type 4 has an invalid length. [ 43.994468][ T788] netlink: 'syz.1.134': attribute type 4 has an invalid length. [ 44.082709][ T791] loop3: detected capacity change from 0 to 131072 [ 44.127323][ T791] F2FS-fs (loop3): Test dummy encryption mode enabled [ 44.135113][ T791] F2FS-fs (loop3): invalid crc value [ 44.142128][ T791] F2FS-fs (loop3): Found nat_bits in checkpoint [ 44.168295][ T791] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 44.207137][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 44.207152][ T30] audit: type=1400 audit(1771009343.654:246): avc: denied { create } for pid=790 comm="syz.3.135" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 44.234231][ T30] audit: type=1400 audit(1771009343.670:247): avc: denied { write } for pid=790 comm="syz.3.135" name="bus" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 44.256236][ T30] audit: type=1400 audit(1771009343.670:248): avc: denied { add_name } for pid=790 comm="syz.3.135" name="work" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 44.276831][ T30] audit: type=1400 audit(1771009343.670:249): avc: denied { setattr } for pid=790 comm="syz.3.135" name="work" dev="loop3" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 44.300316][ T30] audit: type=1400 audit(1771009343.670:250): avc: denied { remove_name } for pid=790 comm="syz.3.135" name="#1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 44.322701][ T30] audit: type=1400 audit(1771009343.670:251): avc: denied { unlink } for pid=790 comm="syz.3.135" name="#1" dev="loop3" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 44.345727][ T30] audit: type=1400 audit(1771009343.670:252): avc: denied { unlink } for pid=790 comm="syz.3.135" name="#2" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.367327][ T30] audit: type=1400 audit(1771009343.686:253): avc: denied { write } for pid=790 comm="syz.3.135" name="random" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 44.391376][ T30] audit: type=1400 audit(1771009343.718:254): avc: denied { rmdir } for pid=287 comm="syz-executor" name="file0" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 44.414017][ T30] audit: type=1400 audit(1771009343.718:255): avc: denied { unlink } for pid=287 comm="syz-executor" name="file1" dev="loop3" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 44.891405][ T6] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 45.283427][ T339] usb 1-1: USB disconnect, device number 8 [ 45.482709][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 45.493999][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 45.504075][ T6] usb 4-1: New USB device found, idVendor=a86d, idProduct=c626, bcdDevice= 0.00 [ 45.513467][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.522392][ T6] usb 4-1: config 0 descriptor?? [ 46.199339][ T26] Bluetooth: hci0: command 0x1009 tx timeout [ 46.337205][ T6] usbhid 4-1:0.0: can't add hid device: -71 [ 46.343579][ T6] usbhid: probe of 4-1:0.0 failed with error -71 [ 46.584424][ T6] usb 4-1: USB disconnect, device number 6 [ 46.810837][ T829] loop0: detected capacity change from 0 to 1024 [ 46.966358][ T829] EXT4-fs (loop0): mounted filesystem without journal. Opts: nolazytime,lazytime,user_xattr,nogrpid,usrquota,jqfmt=vfsv1,nodelalloc,usrquota,dioread_lock,bsdgroups,stripe=0x000000000000e660,sysvgroups,inlinecrypt,,errors=continue. Quota mode: writeback. [ 47.690823][ T840] xt_hashlimit: size too large, truncated to 1048576 [ 47.786811][ T831] netlink: 'syz.1.146': attribute type 4 has an invalid length. [ 47.798240][ T831] netlink: 'syz.1.146': attribute type 4 has an invalid length. [ 47.822889][ T843] xt_hashlimit: size too large, truncated to 1048576 [ 47.957794][ T848] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 48.093112][ T854] netlink: 176 bytes leftover after parsing attributes in process `syz.1.154'. [ 48.185955][ T850] loop0: detected capacity change from 0 to 40427 [ 48.354745][ T850] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 48.393596][ T850] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 48.402686][ T850] F2FS-fs (loop0): invalid crc value [ 48.762547][ T850] F2FS-fs (loop0): Found nat_bits in checkpoint [ 48.780198][ T867] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=867 comm=syz.1.158 [ 48.797651][ T850] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 48.804810][ T850] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 48.828159][ T867] bridge0: port 3(syz_tun) entered blocking state [ 48.838582][ T867] bridge0: port 3(syz_tun) entered disabled state [ 48.845787][ T867] device syz_tun entered promiscuous mode [ 48.851851][ T867] bridge0: port 3(syz_tun) entered blocking state [ 48.858504][ T867] bridge0: port 3(syz_tun) entered forwarding state [ 49.279066][ T874] xt_hashlimit: size too large, truncated to 1048576 [ 49.561475][ T882] loop0: detected capacity change from 0 to 512 [ 49.635211][ T6] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 49.645107][ T882] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 49.657125][ T882] EXT4-fs (loop0): 1 truncate cleaned up [ 49.662960][ T882] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 49.699622][ T882] EXT4-fs (loop0): resizing filesystem from 256 to 1 blocks [ 49.707443][ T882] EXT4-fs warning (device loop0): ext4_resize_fs:2004: can't shrink FS - resize aborted [ 51.193533][ T6] usb 4-1: config 1 has an invalid interface number: 236 but max is 0 [ 51.203690][ T910] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 51.205450][ T6] usb 4-1: config 1 has no interface number 0 [ 51.224867][ T6] usb 4-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=53.4b [ 51.234631][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.256534][ T912] loop2: detected capacity change from 0 to 256 [ 51.296857][ T6] rndis_host 4-1:1.236: skipping garbage [ 51.302629][ T6] rndis_host 4-1:1.236: More than one union descriptor, skipping ... [ 51.313371][ T912] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 51.323189][ T6] usb 4-1: bad CDC descriptors [ 51.329187][ T6] cdc_acm 4-1:1.236: skipping garbage [ 51.335660][ T6] cdc_acm 4-1:1.236: More than one union descriptor, skipping ... [ 51.351966][ T912] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 51.368365][ T912] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 51.419725][ T912] netlink: 24 bytes leftover after parsing attributes in process `syz.2.172'. [ 51.487135][ T914] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 51.495977][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 51.495990][ T30] audit: type=1400 audit(1771009349.967:264): avc: denied { read write } for pid=911 comm="syz.2.172" name="loop-control" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 51.524638][ T26] usb 4-1: USB disconnect, device number 7 [ 51.534080][ T914] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 51.554133][ T30] audit: type=1400 audit(1771009349.967:265): avc: denied { open } for pid=911 comm="syz.2.172" path="/dev/loop-control" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 51.658507][ T919] No source specified [ 51.665105][ T919] loop0: detected capacity change from 0 to 256 [ 51.699446][ T30] audit: type=1400 audit(1771009350.157:266): avc: denied { mounton } for pid=918 comm="syz.0.174" path="/42/file0/bus" dev="loop0" ino=1048608 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 51.699997][ T919] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 51.732066][ T919] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 51.988226][ T923] loop0: detected capacity change from 0 to 40427 [ 52.040234][ T923] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 52.048349][ T923] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 52.057486][ T923] F2FS-fs (loop0): invalid crc value [ 52.064398][ T923] F2FS-fs (loop0): Found nat_bits in checkpoint [ 52.087882][ T923] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 52.095356][ T923] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 52.174198][ T932] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 52.269222][ T30] audit: type=1400 audit(1771009350.664:267): avc: denied { getopt } for pid=929 comm="syz.3.177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.662996][ T30] audit: type=1400 audit(1771009351.027:268): avc: denied { write } for pid=941 comm="syz.1.182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 53.097572][ T948] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 53.115751][ T948] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 53.465860][ T965] loop3: detected capacity change from 0 to 256 [ 53.525569][ T965] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 53.603470][ T965] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 53.765843][ T965] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 53.803574][ T965] netlink: 24 bytes leftover after parsing attributes in process `syz.3.190'. [ 53.829617][ T974] netlink: 40 bytes leftover after parsing attributes in process `syz.4.193'. [ 53.972635][ T939] loop2: detected capacity change from 0 to 131072 [ 53.984391][ T939] F2FS-fs (loop2): Wrong CP boundary, start(512) end(1536) blocks(0) [ 53.992608][ T939] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 54.002576][ T939] F2FS-fs (loop2): invalid crc value [ 54.026723][ T939] F2FS-fs (loop2): Found nat_bits in checkpoint [ 54.086904][ T939] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 54.094544][ T939] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 54.498665][ T30] audit: type=1400 audit(1771009352.695:269): avc: denied { connect } for pid=988 comm="syz.4.197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 54.538585][ T30] audit: type=1400 audit(1771009352.722:270): avc: denied { shutdown } for pid=988 comm="syz.4.197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 54.581024][ T30] audit: type=1326 audit(1771009352.740:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=938 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7c84a1f79 code=0x7ffc0000 [ 54.615698][ T30] audit: type=1326 audit(1771009352.740:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=938 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe7c84a1f79 code=0x7ffc0000 [ 54.666092][ T30] audit: type=1326 audit(1771009352.740:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=938 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fe7c84a1f79 code=0x7ffc0000 [ 54.728438][ T623] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 55.132738][ T623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 55.149824][ T623] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 55.170881][ T623] usb 1-1: New USB device found, idVendor=a86d, idProduct=c626, bcdDevice= 0.00 [ 55.191114][ T623] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.209678][ T623] usb 1-1: config 0 descriptor?? [ 55.245766][ T985] loop3: detected capacity change from 0 to 131072 [ 55.280082][ T985] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 55.292087][ T985] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 55.305071][ T985] F2FS-fs (loop3): invalid crc value [ 55.330937][ T985] F2FS-fs (loop3): Found nat_bits in checkpoint [ 55.370806][ T985] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 55.372662][ T1014] loop2: detected capacity change from 0 to 256 [ 55.378915][ T985] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 55.429236][ T1014] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 55.458083][ T1014] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 55.468586][ T1014] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 55.500960][ T1014] netlink: 24 bytes leftover after parsing attributes in process `syz.2.204'. [ 55.711951][ T1022] netlink: 4 bytes leftover after parsing attributes in process `syz.4.206'. [ 55.777166][ T623] usbhid 1-1:0.0: can't add hid device: -71 [ 55.784943][ T623] usbhid: probe of 1-1:0.0 failed with error -71 [ 55.818037][ T623] usb 1-1: USB disconnect, device number 9 [ 56.015886][ T1024] netlink: 40 bytes leftover after parsing attributes in process `syz.4.207'. [ 56.337043][ T1035] netlink: 32 bytes leftover after parsing attributes in process `syz.1.210'. [ 56.761103][ T1046] loop2: detected capacity change from 0 to 256 [ 56.958018][ T1048] xt_hashlimit: size too large, truncated to 1048576 [ 57.602436][ T1061] device vlan2 entered promiscuous mode [ 57.682633][ T1071] netlink: 'syz.4.223': attribute type 27 has an invalid length. [ 57.723052][ T1071] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.730589][ T1071] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.839205][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 57.839221][ T30] audit: type=1400 audit(1771009355.766:283): avc: denied { write } for pid=1070 comm="syz.4.223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 57.894864][ T1071] device vlan2 left promiscuous mode [ 57.998870][ T1089] loop2: detected capacity change from 0 to 256 [ 57.999663][ T1074] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.012657][ T1074] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.022186][ T1074] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.029443][ T1074] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.080896][ T1074] device veth0_vlan left promiscuous mode [ 58.101575][ T1074] device veth0_vlan entered promiscuous mode [ 58.110291][ T1074] device veth1_macvtap left promiscuous mode [ 58.122158][ T1074] device veth1_macvtap entered promiscuous mode [ 58.129432][ T1082] netlink: 56 bytes leftover after parsing attributes in process `syz.4.223'. [ 58.139773][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.148051][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.155930][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.169000][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.179528][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 58.189959][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.200333][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.221088][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.231405][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 58.270632][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 58.330028][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 58.348172][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 58.356531][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.365647][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 58.374527][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.383889][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.393460][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.402079][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.410649][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.418804][ T498] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 58.425220][ T1055] loop3: detected capacity change from 0 to 131072 [ 58.427131][ T1088] netlink: 40 bytes leftover after parsing attributes in process `syz.0.226'. [ 58.445375][ T1055] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 58.453490][ T1055] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 58.463336][ T1055] F2FS-fs (loop3): invalid crc value [ 58.483741][ T1074] syz.4.223 (1074) used greatest stack depth: 20736 bytes left [ 58.493648][ T1055] F2FS-fs (loop3): Found nat_bits in checkpoint [ 58.530711][ T1055] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 58.538159][ T1055] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 58.738970][ T498] usb 1-1: device descriptor read/64, error -71 [ 59.101743][ T30] audit: type=1400 audit(1771009356.924:284): avc: denied { bind } for pid=1112 comm="syz.4.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 59.145263][ T30] audit: type=1400 audit(1771009356.924:285): avc: denied { name_bind } for pid=1112 comm="syz.4.232" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 59.173898][ T498] usb 1-1: device descriptor read/64, error -71 [ 59.190237][ T30] audit: type=1400 audit(1771009356.924:286): avc: denied { node_bind } for pid=1112 comm="syz.4.232" saddr=::ffff:0.0.0.0 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 59.217129][ T30] audit: type=1400 audit(1771009356.924:287): avc: denied { read } for pid=1112 comm="syz.4.232" path="socket:[18242]" dev="sockfs" ino=18242 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 59.334797][ T1127] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0 [ 59.838491][ T30] audit: type=1400 audit(1771009357.587:288): avc: denied { create } for pid=1125 comm="syz.2.237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 59.999550][ T498] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 60.220227][ T399] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 60.303742][ T498] usb 1-1: device descriptor read/64, error -71 [ 60.738055][ T498] usb 1-1: device descriptor read/64, error -71 [ 60.868517][ T498] usb usb1-port1: attempt power cycle [ 61.420556][ T498] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 61.519762][ T399] usb 4-1: Using ep0 maxpacket: 16 [ 61.964600][ T498] usb 1-1: device not accepting address 12, error -71 [ 62.008028][ T399] usb 4-1: config 1 has an invalid interface number: 105 but max is 0 [ 62.016515][ T399] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 62.040537][ T399] usb 4-1: config 1 has no interface number 0 [ 62.061690][ T399] usb 4-1: config 1 interface 105 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 62.082110][ T30] audit: type=1400 audit(1771009359.669:289): avc: denied { ioctl } for pid=1213 comm="syz.1.268" path="socket:[19458]" dev="sockfs" ino=19458 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 62.082532][ T1214] xt_hashlimit: max too large, truncated to 1048576 [ 62.114756][ T399] usb 4-1: config 1 interface 105 has no altsetting 0 [ 62.220868][ T1223] netlink: 40 bytes leftover after parsing attributes in process `syz.1.272'. [ 62.301117][ T399] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 62.310500][ T399] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.333590][ T399] usb 4-1: Product: syz [ 62.337891][ T399] usb 4-1: Manufacturer: syz [ 62.342585][ T399] usb 4-1: SerialNumber: syz [ 62.450833][ T1230] netlink: 20 bytes leftover after parsing attributes in process `syz.0.274'. [ 62.499759][ T1234] loop0: detected capacity change from 0 to 512 [ 62.534303][ T1234] EXT4-fs (loop0): quotafile must be on filesystem root [ 62.557765][ T1228] fuse: Bad value for 'fd' [ 62.614258][ T1144] loop3: detected capacity change from 0 to 2048 [ 62.691700][ T399] aqc111: probe of 4-1:1.105 failed with error -22 [ 62.749663][ T30] audit: type=1400 audit(1771009360.286:290): avc: denied { create } for pid=1253 comm="syz.4.284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 62.769425][ T1083] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 62.847768][ T1258] loop0: detected capacity change from 0 to 256 [ 62.910545][ T30] audit: type=1400 audit(1771009360.434:291): avc: denied { mounton } for pid=1249 comm="syz.0.282" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=68 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 62.945677][ T1258] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 63.036907][ T1075] usb 4-1: USB disconnect, device number 8 [ 63.160157][ T1262] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 63.212664][ T1262] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=49 sclass=netlink_tcpdiag_socket pid=1262 comm=syz.1.287 [ 63.926586][ T1267] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1267 comm=syz.0.288 [ 64.123577][ T1083] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.140204][ T1083] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 64.161331][ T1083] usb 3-1: New USB device found, idVendor=a86d, idProduct=c626, bcdDevice= 0.00 [ 64.179298][ T1083] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.193268][ T1083] usb 3-1: config 0 descriptor?? [ 64.509795][ T1084] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 64.836510][ T1271] loop3: detected capacity change from 0 to 131072 [ 64.852880][ T1271] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0) [ 64.878631][ T1271] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 64.888798][ T1282] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=49 sclass=netlink_tcpdiag_socket pid=1282 comm=syz.2.293 [ 64.888924][ T1271] F2FS-fs (loop3): invalid crc value [ 64.910913][ T1271] F2FS-fs (loop3): Found nat_bits in checkpoint [ 64.947866][ T1083] usbhid 3-1:0.0: can't add hid device: -71 [ 64.955170][ T1083] usbhid: probe of 3-1:0.0 failed with error -71 [ 64.961437][ T1271] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 64.969247][ T1271] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 64.973901][ T1083] usb 3-1: USB disconnect, device number 4 [ 65.359724][ T1288] IPv6: addrconf: prefix option has invalid lifetime [ 65.630997][ T1084] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 65.648370][ T1084] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 65.666798][ T1297] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=49 sclass=netlink_tcpdiag_socket pid=1297 comm=syz.4.296 [ 65.689546][ T1084] usb 1-1: New USB device found, idVendor=a86d, idProduct=c626, bcdDevice= 0.00 [ 65.709779][ T1084] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.833877][ T1084] usb 1-1: config 0 descriptor?? [ 65.880884][ T1084] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 65.956626][ T1299] IPv6: addrconf: prefix option has invalid lifetime [ 66.309285][ T30] audit: type=1326 audit(1771009363.569:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1270 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 66.366838][ T30] audit: type=1326 audit(1771009363.587:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1270 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 66.424867][ T30] audit: type=1326 audit(1771009363.596:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1270 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 66.529752][ T30] audit: type=1326 audit(1771009363.596:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1270 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 66.579836][ T30] audit: type=1326 audit(1771009363.596:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1270 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 66.603715][ T30] audit: type=1326 audit(1771009363.596:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1270 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 66.627273][ T30] audit: type=1326 audit(1771009363.818:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1270 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 66.651140][ T30] audit: type=1326 audit(1771009363.818:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1270 comm="syz.3.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 68.171639][ T1314] loop2: detected capacity change from 0 to 256 [ 68.199147][ T1314] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1314 comm=syz.2.300 [ 68.312337][ T1076] usb 1-1: USB disconnect, device number 14 [ 68.344042][ T30] audit: type=1400 audit(1771009365.450:300): avc: denied { map } for pid=1323 comm="syz.1.304" path="socket:[19711]" dev="sockfs" ino=19711 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 68.756087][ T1339] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=49 sclass=netlink_tcpdiag_socket pid=1339 comm=syz.3.311 [ 68.848647][ T1330] loop2: detected capacity change from 0 to 131072 [ 68.863910][ T1330] F2FS-fs (loop2): Test dummy encryption mode enabled [ 68.871606][ T1330] F2FS-fs (loop2): invalid crc value [ 68.878766][ T1330] F2FS-fs (loop2): Found nat_bits in checkpoint [ 68.905108][ T1076] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 69.645676][ T1344] IPv6: addrconf: prefix option has invalid lifetime [ 69.652821][ T30] audit: type=1400 audit(1771009366.345:301): avc: denied { audit_read } for pid=1338 comm="syz.3.311" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 69.691720][ T1330] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 69.736249][ T1330] netlink: 'syz.2.308': attribute type 4 has an invalid length. [ 69.750155][ T1330] netlink: 'syz.2.308': attribute type 4 has an invalid length. [ 70.043299][ T1076] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.053452][ T1076] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 70.066459][ T1076] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 70.075780][ T1076] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.084447][ T1076] usb 1-1: config 0 descriptor?? [ 70.608121][ T1076] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x3 [ 70.615421][ T1076] kovaplus 0003:1E7D:2D50.0002: item fetching failed at offset 3/5 [ 70.624597][ T1076] kovaplus 0003:1E7D:2D50.0002: parse failed [ 70.631029][ T1076] kovaplus: probe of 0003:1E7D:2D50.0002 failed with error -22 [ 70.944947][ T1376] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1376 comm=syz.1.324 [ 71.001134][ T1383] netlink: 40 bytes leftover after parsing attributes in process `syz.1.327'. [ 71.037165][ T1392] netlink: 12 bytes leftover after parsing attributes in process `syz.4.332'. [ 71.232465][ T1402] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1402 comm=syz.1.337 [ 71.348659][ T1414] UDC core: couldn't find an available UDC or it's busy: -16 [ 71.356425][ T1414] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 71.455618][ T1418] netlink: 16 bytes leftover after parsing attributes in process `syz.1.344'. [ 71.591430][ T1424] loop2: detected capacity change from 0 to 40427 [ 71.625743][ T1426] netlink: 24 bytes leftover after parsing attributes in process `syz.4.348'. [ 71.640503][ T1424] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 71.649653][ T1424] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 71.664261][ T1428] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1428 comm=syz.4.349 [ 71.674042][ T1424] F2FS-fs (loop2): invalid crc value [ 71.689756][ T1424] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 71.725099][ T1424] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 71.732257][ T1424] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 71.759792][ T1441] overlayfs: conflicting options: nfs_export=on,index=off [ 71.767923][ T288] attempt to access beyond end of device [ 71.767923][ T288] loop2: rw=2049, want=45120, limit=40427 [ 72.135658][ T1460] fuse: Bad value for 'fd' [ 72.198298][ T1475] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 72.240479][ T1475] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=49 sclass=netlink_tcpdiag_socket pid=1475 comm=syz.1.366 [ 72.586738][ T1076] usb 1-1: USB disconnect, device number 15 [ 72.720688][ T1482] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 72.764162][ T1482] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=49 sclass=netlink_tcpdiag_socket pid=1482 comm=syz.0.368 [ 73.939657][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 73.939695][ T30] audit: type=1400 audit(1771009370.460:315): avc: denied { accept } for pid=1485 comm="syz.4.369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 74.046757][ T30] audit: type=1326 audit(1771009370.607:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1485 comm="syz.4.369" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6528fb6f79 code=0x0 [ 74.332199][ T1493] netlink: 40 bytes leftover after parsing attributes in process `syz.3.370'. [ 74.373457][ T1495] fuse: Bad value for 'fd' [ 76.369485][ T1536] loop2: detected capacity change from 0 to 16 [ 76.503963][ T1536] erofs: (device loop2): mounted with root inode @ nid 36. [ 76.578655][ T1545] erofs: (device loop2): z_erofs_readahead: readahead error at page 87 @ nid 36 [ 76.588025][ T1545] erofs: (device loop2): z_erofs_readahead: readahead error at page 86 @ nid 36 [ 76.597635][ T1545] attempt to access beyond end of device [ 76.597635][ T1545] loop2: rw=524288, want=32, limit=16 [ 76.609327][ T1545] attempt to access beyond end of device [ 76.609327][ T1545] loop2: rw=524288, want=14425508776, limit=16 [ 76.623088][ T30] audit: type=1326 audit(1771009373.089:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1535 comm="syz.2.386" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe7c84a1f79 code=0x0 [ 77.224926][ T1568] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=49 sclass=netlink_tcpdiag_socket pid=1568 comm=syz.2.397 [ 77.446650][ T1571] IPv6: addrconf: prefix option has invalid lifetime [ 77.880635][ T1573] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 80.491374][ T1076] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 81.044138][ T1076] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 81.066086][ T1076] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 81.086990][ T1076] usb 1-1: New USB device found, idVendor=a86d, idProduct=c626, bcdDevice= 0.00 [ 81.096147][ T1076] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.119395][ T1076] usb 1-1: config 0 descriptor?? [ 81.179015][ T60] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 81.607708][ T60] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 81.640800][ T60] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 81.702620][ T60] usb 3-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d [ 81.722776][ T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.770812][ T1076] usbhid 1-1:0.0: can't add hid device: -71 [ 81.776919][ T1076] usbhid: probe of 1-1:0.0 failed with error -71 [ 81.783548][ T1613] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 81.859023][ T1076] usb 1-1: USB disconnect, device number 16 [ 82.411234][ T1612] loop2: detected capacity change from 0 to 32768 [ 82.453690][ T360] loop2: p1 p3 < p5 p6 > [ 82.467082][ T1612] loop2: p1 p3 < p5 p6 > [ 82.646790][ T30] audit: type=1400 audit(1771009378.635:318): avc: denied { getopt } for pid=1630 comm="syz.3.419" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 82.757337][ T1635] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=49 sclass=netlink_tcpdiag_socket pid=1635 comm=syz.3.420 [ 82.773368][ T335] udevd[335]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 82.773402][ T378] udevd[378]: inotify_add_watch(7, /dev/loop2p6, 10) failed: No such file or directory [ 82.784342][ T555] udevd[555]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 82.803504][ T360] udevd[360]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 82.901099][ T335] udevd[335]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 82.912749][ T378] udevd[378]: inotify_add_watch(7, /dev/loop2p6, 10) failed: No such file or directory [ 82.923832][ T360] udevd[360]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 82.936915][ T555] udevd[555]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 83.010666][ T1638] IPv6: addrconf: prefix option has invalid lifetime [ 83.795159][ T1076] usb 3-1: USB disconnect, device number 5 [ 83.964604][ T1650] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 84.056292][ T1652] netlink: 24 bytes leftover after parsing attributes in process `syz.0.427'. [ 84.252252][ T1076] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 84.490176][ T1664] overlayfs: failed to clone upperpath [ 84.496428][ T30] audit: type=1400 audit(1771009380.351:319): avc: denied { watch_reads } for pid=1663 comm="syz.4.432" path="/130/file0" dev="tmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 84.718111][ T1076] usb 3-1: device descriptor read/64, error -71 [ 85.151618][ T1076] usb 3-1: device descriptor read/64, error -71 [ 85.307639][ T1676] tipc: Failed to remove unknown binding: 66,1,1/0:3539944569/3539944571 [ 85.317312][ T1676] tipc: Failed to remove unknown binding: 66,1,1/0:3539944569/3539944571 [ 85.328250][ T30] audit: type=1400 audit(1771009381.117:320): avc: denied { ioctl } for pid=1675 comm="syz.0.437" path="socket:[20484]" dev="sockfs" ino=20484 ioctlcmd=0x54ca scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 85.427124][ T1678] netlink: 24 bytes leftover after parsing attributes in process `syz.0.438'. [ 85.444315][ T1076] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 85.758669][ T1076] usb 3-1: device descriptor read/64, error -71 [ 86.044749][ T30] audit: type=1400 audit(1771009381.781:321): avc: denied { nlmsg_read } for pid=1695 comm="syz.3.444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 86.181165][ T1076] usb 3-1: device descriptor read/64, error -71 [ 86.311346][ T1076] usb usb3-port1: attempt power cycle [ 86.777516][ T1076] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 86.847523][ T1713] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 87.655340][ T1076] usb 3-1: device descriptor read/8, error -71 [ 87.869931][ T1726] loop2: detected capacity change from 0 to 1024 [ 87.910440][ T1726] EXT4-fs (loop2): mounted filesystem without journal. Opts: auto_da_alloc,init_itable=0x0000000000000000,noblock_validity,norecovery,,errors=continue. Quota mode: none. [ 87.945115][ T30] audit: type=1400 audit(1771009383.525:322): avc: denied { watch watch_reads } for pid=1725 comm="syz.2.454" path="/syzcgroup/unified/syz2/file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 87.970966][ T30] audit: type=1400 audit(1771009383.525:323): avc: denied { setattr } for pid=1725 comm="syz.2.454" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 88.002821][ T1076] usb 3-1: device descriptor read/8, error -71 [ 88.008321][ T30] audit: type=1400 audit(1771009383.590:324): avc: denied { bind } for pid=1725 comm="syz.2.454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 88.051656][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 88.060415][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 88.069943][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 88.078906][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 88.087518][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.096704][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.105542][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.114319][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.164761][ T1735] syz.2.458 (1735) used greatest stack depth: 20000 bytes left [ 88.550934][ T1744] cgroup: name respecified [ 88.556212][ T1744] bridge0: port 4(gretap0) entered blocking state [ 88.562976][ T1744] bridge0: port 4(gretap0) entered disabled state [ 88.570282][ T1744] device gretap0 entered promiscuous mode [ 88.576610][ T1744] bridge0: port 4(gretap0) entered blocking state [ 88.583161][ T1744] bridge0: port 4(gretap0) entered forwarding state [ 89.010124][ T1752] incfs: Error accessing: ./file0. [ 89.019112][ T1752] incfs: mount failed -20 [ 89.698732][ T1769] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 91.944497][ T30] audit: type=1400 audit(1771009387.216:325): avc: denied { create } for pid=1786 comm="syz.3.475" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 91.970332][ T1785] netlink: 40 bytes leftover after parsing attributes in process `syz.1.474'. [ 91.995290][ T1793] xt_bpf: check failed: parse error [ 92.095409][ T30] audit: type=1400 audit(1771009387.308:326): avc: denied { read } for pid=1786 comm="syz.3.475" path="socket:[20638]" dev="sockfs" ino=20638 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 92.467080][ T1076] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 92.727203][ T1076] usb 3-1: Using ep0 maxpacket: 16 [ 92.891258][ T1076] usb 3-1: config 253 has an invalid interface number: 71 but max is 0 [ 92.899696][ T1076] usb 3-1: config 253 has no interface number 0 [ 92.906238][ T1076] usb 3-1: config 253 interface 71 altsetting 7 endpoint 0xC has invalid maxpacket 1023, setting to 64 [ 92.917759][ T1076] usb 3-1: config 253 interface 71 has no altsetting 0 [ 92.924818][ T1076] usb 3-1: New USB device found, idVendor=11ca, idProduct=0201, bcdDevice=42.cd [ 92.934248][ T1076] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.057397][ T60] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 95.180874][ T1841] tmpfs: Unsupported parameter 'mpol' [ 95.258968][ T1076] usb 3-1: string descriptor 0 read error: -71 [ 95.278744][ T1076] usb 3-1: USB disconnect, device number 10 [ 95.317554][ T60] usb 1-1: Using ep0 maxpacket: 8 [ 95.469292][ T60] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 95.477836][ T60] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 95.488034][ T60] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 95.498184][ T60] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 95.546227][ T60] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 95.559702][ T60] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 95.569084][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.917312][ T1873] netlink: 28 bytes leftover after parsing attributes in process `syz.1.505'. [ 96.936113][ T1873] netlink: 28 bytes leftover after parsing attributes in process `syz.1.505'. [ 97.159414][ T30] audit: type=1400 audit(1771009392.023:327): avc: denied { execute_no_trans } for pid=1909 comm="syz.4.521" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=1204 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 97.185379][ T30] audit: type=1400 audit(1771009392.051:328): avc: denied { connect } for pid=1911 comm="syz.2.522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 97.206781][ T30] audit: type=1400 audit(1771009392.051:329): avc: denied { write } for pid=1911 comm="syz.2.522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 97.495804][ T1076] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 97.719782][ T1926] netlink: 8 bytes leftover after parsing attributes in process `syz.4.528'. [ 97.744638][ T1930] netlink: 4 bytes leftover after parsing attributes in process `syz.4.530'. [ 97.929394][ T1076] usb 3-1: config 0 has no interfaces? [ 97.935161][ T1076] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 97.944949][ T1076] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.956948][ T1076] usb 3-1: config 0 descriptor?? [ 98.264667][ T30] audit: type=1326 audit(1771009393.047:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1955 comm="syz.1.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 98.308339][ T30] audit: type=1326 audit(1771009393.075:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1955 comm="syz.1.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 98.339097][ T1961] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 98.361906][ T30] audit: type=1326 audit(1771009393.075:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1955 comm="syz.1.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 98.400572][ T30] audit: type=1326 audit(1771009393.075:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1955 comm="syz.1.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 98.429439][ T30] audit: type=1326 audit(1771009393.075:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1955 comm="syz.1.543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 98.453595][ T30] audit: type=1400 audit(1771009393.140:335): avc: denied { bind } for pid=1962 comm="syz.4.537" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 98.500193][ T30] audit: type=1400 audit(1771009393.250:336): avc: denied { bind } for pid=1975 comm="syz.1.551" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 98.526852][ T30] audit: type=1400 audit(1771009393.250:337): avc: denied { setopt } for pid=1975 comm="syz.1.551" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 98.565781][ T30] audit: type=1400 audit(1771009393.324:338): avc: denied { ioctl } for pid=1989 comm="syz.4.558" path="socket:[21099]" dev="sockfs" ino=21099 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 98.591460][ T30] audit: type=1400 audit(1771009393.361:339): avc: denied { bind } for pid=1989 comm="syz.4.558" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 98.812879][ T1083] usb 1-1: USB disconnect, device number 17 [ 100.925232][ T1084] usb 3-1: USB disconnect, device number 11 [ 100.954419][ T2052] netlink: 8 bytes leftover after parsing attributes in process `syz.2.584'. [ 100.970879][ T2052] IPv6: Can't replace route, no match found [ 102.977544][ T2119] binder: 2118:2119 ioctl c0306201 200000000480 returned -14 [ 105.015826][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 105.015844][ T30] audit: type=1400 audit(1771009399.276:342): avc: denied { ioctl } for pid=2150 comm="syz.3.625" path="socket:[22259]" dev="sockfs" ino=22259 ioctlcmd=0x5441 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 105.054950][ T30] audit: type=1400 audit(1771009399.276:343): avc: denied { read } for pid=2150 comm="syz.3.625" path="socket:[22259]" dev="sockfs" ino=22259 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 105.222699][ T1084] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 105.439885][ T1076] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 105.494073][ T1084] usb 1-1: Using ep0 maxpacket: 32 [ 105.700006][ T1076] usb 3-1: Using ep0 maxpacket: 16 [ 105.830090][ T1076] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 105.839791][ T1076] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 105.850548][ T1076] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 105.854468][ T1084] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 105.868104][ T1084] usb 1-1: config 0 has no interface number 0 [ 105.874628][ T1084] usb 1-1: config 0 interface 184 has no altsetting 0 [ 106.036205][ T1076] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 106.045514][ T1076] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.057725][ T1084] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 106.067189][ T1084] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.075796][ T1084] usb 1-1: Product: syz [ 106.080364][ T1084] usb 1-1: Manufacturer: syz [ 106.085445][ T1084] usb 1-1: SerialNumber: syz [ 106.091170][ T1076] usb 3-1: Product: syz [ 106.093653][ T1084] usb 1-1: config 0 descriptor?? [ 106.100474][ T1076] usb 3-1: Manufacturer: syz [ 106.105139][ T1076] usb 3-1: SerialNumber: syz [ 106.119528][ T2183] tmpfs: Unknown parameter 'usrquota' [ 106.134339][ T1084] smsc75xx v1.0.0 [ 106.936082][ T30] audit: type=1326 audit(1771009400.955:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2185 comm="syz.1.637" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x0 [ 107.380013][ T1076] usb 3-1: 0:2 : does not exist [ 107.737694][ T1084] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 107.749468][ T1084] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32 [ 107.759362][ T1084] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 107.770029][ T1084] smsc75xx: probe of 1-1:0.184 failed with error -32 [ 108.130670][ T1076] usb 3-1: USB disconnect, device number 12 [ 108.655319][ T2217] device gretap0 left promiscuous mode [ 108.661232][ T2217] bridge0: port 4(gretap0) entered disabled state [ 108.670577][ T2217] device syz_tun left promiscuous mode [ 108.679649][ T2217] bridge0: port 3(syz_tun) entered disabled state [ 108.687412][ T2217] device bridge_slave_0 left promiscuous mode [ 108.694665][ T2217] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.703045][ T2217] device bridge_slave_1 left promiscuous mode [ 108.709804][ T2217] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.833920][ T1076] usb 1-1: USB disconnect, device number 18 [ 110.214592][ T2258] sched: RT throttling activated [ 110.244602][ T2273] netlink: 8 bytes leftover after parsing attributes in process `syz.2.674'. [ 113.285201][ T30] audit: type=1326 audit(1771009406.906:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2286 comm="syz.3.680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 113.357083][ T30] audit: type=1326 audit(1771009406.980:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2286 comm="syz.3.680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 113.488376][ T30] audit: type=1326 audit(1771009407.008:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2286 comm="syz.3.680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 113.620954][ T30] audit: type=1326 audit(1771009407.008:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2286 comm="syz.3.680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 113.663645][ T2310] overlayfs: failed to clone upperpath [ 113.745335][ T2315] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 113.834083][ T30] audit: type=1400 audit(1771009407.395:349): avc: denied { mount } for pid=2322 comm="syz.0.694" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 113.906238][ T30] audit: type=1400 audit(1771009407.395:350): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 114.540615][ T284] bridge0: port 3(syz_tun) entered disabled state [ 114.562404][ T284] device syz_tun left promiscuous mode [ 114.574700][ T284] bridge0: port 3(syz_tun) entered disabled state [ 114.754325][ T30] audit: type=1400 audit(1771009408.263:351): avc: denied { mounton } for pid=2340 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 114.892463][ T2340] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.899640][ T2340] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.907557][ T2340] device bridge_slave_0 entered promiscuous mode [ 114.915347][ T2340] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.922576][ T2340] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.930748][ T2340] device bridge_slave_1 entered promiscuous mode [ 114.998071][ T2340] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.005212][ T2340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.013018][ T2340] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.020164][ T2340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.087589][ T2340] device veth0_vlan entered promiscuous mode [ 115.204148][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.213678][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 115.223170][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 115.233071][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 115.242286][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 115.251006][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 116.062766][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 116.072900][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 116.081213][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 116.331196][ T1084] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 116.338065][ T2340] device veth1_macvtap entered promiscuous mode [ 116.346796][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 116.355919][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 116.364856][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 116.394732][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 116.406732][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 116.421756][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 116.439823][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 116.492491][ T30] audit: type=1400 audit(1771009409.868:352): avc: denied { mounton } for pid=2340 comm="syz-executor" path="/root/syzkaller.UlL3vL/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 116.595664][ T1084] usb 3-1: Using ep0 maxpacket: 8 [ 116.605402][ T2379] loop8: detected capacity change from 0 to 7 [ 116.668084][ T2383] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 116.684350][ T2385] binder: 2384:2385 unknown command 0 [ 116.695437][ T2385] binder: 2384:2385 ioctl c0306201 200000000080 returned -22 [ 116.708880][ T30] audit: type=1400 audit(1771009410.071:353): avc: denied { write } for pid=2384 comm="syz.5.718" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 116.722073][ T1084] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 116.745564][ T30] audit: type=1400 audit(1771009410.090:354): avc: denied { map } for pid=2384 comm="syz.5.718" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 116.752011][ T2393] netlink: 'syz.1.720': attribute type 4 has an invalid length. [ 116.783020][ T1084] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 116.792677][ T1084] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.807299][ T1084] usb 3-1: config 0 descriptor?? [ 116.954427][ T2425] devpts: called with bogus options [ 117.318161][ T1080] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 117.331184][ T1084] hid-generic 0003:1B1C:1B09.0003: unknown main item tag 0x0 [ 117.350572][ T1084] hid-generic 0003:1B1C:1B09.0003: unknown main item tag 0x0 [ 117.358256][ T1084] hid-generic 0003:1B1C:1B09.0003: unknown main item tag 0x0 [ 117.370049][ T1084] hid-generic 0003:1B1C:1B09.0003: unknown main item tag 0x0 [ 117.377994][ T1084] hid-generic 0003:1B1C:1B09.0003: unknown main item tag 0x0 [ 117.385619][ T1084] hid-generic 0003:1B1C:1B09.0003: unknown main item tag 0x0 [ 117.393138][ T1084] hid-generic 0003:1B1C:1B09.0003: unknown main item tag 0x0 [ 117.401491][ T1084] hid-generic 0003:1B1C:1B09.0003: unknown main item tag 0x0 [ 117.409357][ T1084] hid-generic 0003:1B1C:1B09.0003: unknown main item tag 0x0 [ 117.417165][ T1084] hid-generic 0003:1B1C:1B09.0003: unknown main item tag 0x0 [ 117.425082][ T1084] hid-generic 0003:1B1C:1B09.0003: unknown main item tag 0x0 [ 117.459277][ T1084] hid-generic 0003:1B1C:1B09.0003: hidraw0: USB HID v0.00 Device [HID 1b1c:1b09] on usb-dummy_hcd.2-1/input0 [ 117.506986][ T2444] netlink: 4 bytes leftover after parsing attributes in process `syz.3.745'. [ 117.626865][ T1075] usb 3-1: USB disconnect, device number 13 [ 117.790278][ T2465] tmpfs: Unknown parameter 'grpquota' [ 117.860024][ T1080] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 117.881608][ T1080] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.891790][ T1080] usb 6-1: config 0 interface 0 has no altsetting 0 [ 117.903345][ T1080] usb 6-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 117.912606][ T1080] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.947238][ T1080] usb 6-1: config 0 descriptor?? [ 118.411324][ T2480] devpts: called with bogus options [ 118.555272][ T1080] hid-generic 0003:17EF:60EE.0004: unknown main item tag 0x0 [ 118.566403][ T1080] hid-generic 0003:17EF:60EE.0004: unknown main item tag 0x0 [ 118.579278][ T1080] hid-generic 0003:17EF:60EE.0004: unknown main item tag 0x0 [ 118.587139][ T1080] hid-generic 0003:17EF:60EE.0004: unknown main item tag 0x0 [ 118.594698][ T1080] hid-generic 0003:17EF:60EE.0004: unknown main item tag 0x0 [ 118.603744][ T1080] hid-generic 0003:17EF:60EE.0004: hidraw0: USB HID v0.01 Device [HID 17ef:60ee] on usb-dummy_hcd.5-1/input0 [ 119.351146][ T60] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 119.669868][ T60] usb 3-1: Using ep0 maxpacket: 32 [ 120.103441][ T60] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.115018][ T60] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.255225][ T60] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 120.264854][ T60] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 120.273480][ T60] usb 3-1: Product: syz [ 120.277813][ T60] usb 3-1: Manufacturer: syz [ 120.320957][ T60] hub 3-1:4.0: USB hub found [ 120.558813][ T60] hub 3-1:4.0: 2 ports detected [ 120.928365][ T498] usb 6-1: USB disconnect, device number 2 [ 121.035773][ T60] hub 3-1:4.0: set hub depth failed [ 121.098266][ T60] usb 3-1: USB disconnect, device number 14 [ 121.324299][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 121.324316][ T30] audit: type=1400 audit(1771009414.325:357): avc: denied { connect } for pid=2581 comm="syz.4.802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 122.444353][ T1075] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 122.737027][ T1075] usb 6-1: Using ep0 maxpacket: 8 [ 122.899642][ T1075] usb 6-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 16 [ 122.949344][ T1075] usb 6-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 122.998514][ T1075] usb 6-1: config 1 interface 0 has no altsetting 0 [ 123.048294][ T2627] device gretap1 entered promiscuous mode [ 123.106577][ T1075] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 123.124278][ T1075] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 123.296057][ T1075] usb 6-1: SerialNumber: syz [ 123.343965][ T2577] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 123.600919][ T2577] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 124.780491][ T1075] cdc_ether 6-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.5-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 124.800161][ T30] audit: type=1400 audit(1771009417.536:358): avc: denied { read } for pid=140 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 124.824402][ T30] audit: type=1400 audit(1771009417.536:359): avc: denied { search } for pid=140 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 124.874673][ T30] audit: type=1400 audit(1771009417.536:360): avc: denied { read } for pid=140 comm="dhcpcd" name="n15" dev="tmpfs" ino=3228 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 124.948898][ T30] audit: type=1400 audit(1771009417.536:361): avc: denied { open } for pid=140 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=3228 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 124.989464][ T399] usb 6-1: USB disconnect, device number 3 [ 124.998894][ T399] cdc_ether 6-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.5-1, CDC Ethernet Device [ 125.008917][ T30] audit: type=1400 audit(1771009417.536:362): avc: denied { getattr } for pid=140 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=3228 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 125.036315][ T30] audit: type=1400 audit(1771009417.591:363): avc: denied { read } for pid=2662 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=487 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 125.059783][ T30] audit: type=1400 audit(1771009417.591:364): avc: denied { open } for pid=2662 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=487 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 125.109967][ T30] audit: type=1400 audit(1771009417.591:365): avc: denied { getattr } for pid=2662 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=487 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 125.137861][ T30] audit: type=1400 audit(1771009417.674:366): avc: denied { write } for pid=2660 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=486 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 127.686346][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 127.686363][ T30] audit: type=1326 audit(1771009420.193:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2786 comm="syz.1.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 127.718766][ T30] audit: type=1326 audit(1771009420.193:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2786 comm="syz.1.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 127.742336][ T30] audit: type=1326 audit(1771009420.230:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2786 comm="syz.1.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 127.767105][ T30] audit: type=1326 audit(1771009420.230:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2786 comm="syz.1.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 127.791227][ T30] audit: type=1326 audit(1771009420.230:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2786 comm="syz.1.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 127.815852][ T30] audit: type=1326 audit(1771009420.230:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2786 comm="syz.1.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 127.841761][ T30] audit: type=1326 audit(1771009420.230:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2786 comm="syz.1.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 127.865544][ T30] audit: type=1326 audit(1771009420.230:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2786 comm="syz.1.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 127.889894][ T30] audit: type=1326 audit(1771009420.230:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2786 comm="syz.1.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 128.668090][ T30] audit: type=1400 audit(1771009421.107:382): avc: denied { getopt } for pid=2832 comm="syz.5.894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 129.476491][ T1075] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 129.569816][ T2845] mmap: syz.3.899 (2845) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 129.800765][ T2871] overlayfs: failed to clone upperpath [ 131.537275][ T1075] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.554974][ T1075] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 131.586168][ T1075] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.613129][ T1084] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 131.614756][ T1075] usb 3-1: config 0 descriptor?? [ 131.971136][ T1075] usbhid 3-1:0.0: can't add hid device: -71 [ 131.978237][ T1075] usbhid: probe of 3-1:0.0 failed with error -71 [ 132.007423][ T1075] usb 3-1: USB disconnect, device number 15 [ 132.057633][ T1084] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 132.092106][ T1084] usb 6-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 132.125334][ T1084] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.159991][ T1084] usb 6-1: config 0 descriptor?? [ 132.198610][ T2849] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 133.759090][ T1084] usbhid 6-1:0.0: can't add hid device: -71 [ 133.766953][ T1084] usbhid: probe of 6-1:0.0 failed with error -71 [ 133.797896][ T1084] usb 6-1: USB disconnect, device number 4 [ 134.321747][ T2980] device bridge_slave_0 left promiscuous mode [ 134.328459][ T2980] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.338232][ T2980] device bridge_slave_1 left promiscuous mode [ 134.346062][ T2980] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.431057][ T1084] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 134.455533][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 134.455561][ T30] audit: type=1400 audit(1771009682.443:385): avc: denied { create } for pid=2984 comm="syz.1.958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 134.666159][ T30] audit: type=1326 audit(1771009682.637:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2995 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 134.692837][ T30] audit: type=1326 audit(1771009682.665:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2995 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 134.717105][ T30] audit: type=1326 audit(1771009682.665:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2995 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 134.741573][ T30] audit: type=1326 audit(1771009682.665:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2995 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 134.770473][ T30] audit: type=1326 audit(1771009682.665:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2995 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 134.794648][ T30] audit: type=1326 audit(1771009682.665:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2995 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 134.819091][ T30] audit: type=1326 audit(1771009682.665:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2995 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 134.845448][ T30] audit: type=1326 audit(1771009682.665:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2995 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 134.869287][ T30] audit: type=1326 audit(1771009682.665:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2995 comm="syz.1.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc14d759f79 code=0x7ffc0000 [ 135.136721][ T1084] usb 6-1: Using ep0 maxpacket: 8 [ 135.211750][ T3008] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=3607142109 (3607142109 ns) > initial count (292177717 ns). Using initial count to start timer. [ 135.275003][ T3026] overlayfs: failed to clone upperpath [ 135.439150][ T1084] usb 6-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 135.448470][ T1084] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1 [ 135.456674][ T1084] usb 6-1: Product: syz [ 135.460930][ T1084] usb 6-1: Manufacturer: syz [ 135.465522][ T1084] usb 6-1: SerialNumber: syz [ 135.470986][ T1084] usb 6-1: config 0 descriptor?? [ 135.579695][ T1075] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 135.733653][ T60] usb 6-1: USB disconnect, device number 5 [ 135.969886][ T1075] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 135.981090][ T1075] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.991066][ T1075] usb 3-1: New USB device found, idVendor=0925, idProduct=8066, bcdDevice= 0.00 [ 136.000579][ T1075] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.010155][ T1075] usb 3-1: config 0 descriptor?? [ 136.433536][ T3054] overlayfs: failed to clone upperpath [ 136.448534][ T3056] tipc: Started in network mode [ 136.453489][ T3056] tipc: Node identity 80000001, cluster identity 3 [ 136.460222][ T3056] tipc: Node number set to 2147483649 [ 136.545220][ T1075] hid-generic 0003:0925:8066.0005: unbalanced collection at end of report description [ 136.555333][ T1075] hid-generic: probe of 0003:0925:8066.0005 failed with error -22 [ 136.587623][ T60] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 136.768137][ T1075] usb 3-1: USB disconnect, device number 16 [ 136.952979][ T3068] netlink: 20 bytes leftover after parsing attributes in process `syz.4.996'. [ 136.969820][ T3070] netlink: 4 bytes leftover after parsing attributes in process `syz.4.997'. [ 136.979824][ T3070] netlink: 4 bytes leftover after parsing attributes in process `syz.4.997'. [ 136.989022][ T3070] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 136.999592][ T60] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 137.014949][ T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.026580][ T60] usb 6-1: config 0 descriptor?? [ 138.787683][ T1084] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 139.175717][ T3149] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1033'. [ 139.177897][ T1084] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.195909][ T1084] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.205728][ T1084] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 139.218892][ T1084] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 139.227992][ T1084] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.239363][ T1084] usb 3-1: config 0 descriptor?? [ 139.564171][ T1080] usb 6-1: USB disconnect, device number 6 [ 139.797190][ T3182] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1047'. [ 140.142226][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 140.183257][ T30] audit: type=1400 audit(1771009687.684:405): avc: denied { accept } for pid=3191 comm="syz.4.1052" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 140.713874][ T1084] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 140.721930][ T1084] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 140.729755][ T1084] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 140.740141][ T1084] plantronics 0003:047F:FFFF.0006: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 140.768349][ T1084] usb 3-1: USB disconnect, device number 17 [ 140.790756][ T3211] fido_id[3211]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 140.920710][ T30] audit: type=1326 audit(1771009688.404:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3213 comm="syz.3.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 140.956691][ T30] audit: type=1326 audit(1771009688.404:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3213 comm="syz.3.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 141.023334][ T3226] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1066'. [ 141.182183][ T30] audit: type=1326 audit(1771009688.404:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3213 comm="syz.3.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 141.262421][ T30] audit: type=1326 audit(1771009688.404:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3213 comm="syz.3.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 141.286380][ T30] audit: type=1326 audit(1771009688.404:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3213 comm="syz.3.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 141.312528][ T30] audit: type=1326 audit(1771009688.441:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3213 comm="syz.3.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 141.336991][ T30] audit: type=1326 audit(1771009688.441:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3213 comm="syz.3.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 141.364808][ T30] audit: type=1326 audit(1771009688.441:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3213 comm="syz.3.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 141.389055][ T30] audit: type=1326 audit(1771009688.441:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3213 comm="syz.3.1063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x7ffc0000 [ 143.359811][ T3268] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1083'. [ 143.385953][ T3268] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1083'. [ 143.398384][ T3268] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.708028][ T399] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 143.968088][ T399] usb 6-1: Using ep0 maxpacket: 32 [ 144.098205][ T399] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 14385, setting to 1024 [ 144.115169][ T399] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 144.325899][ T399] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 144.356292][ T399] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 144.374719][ T399] usb 6-1: Product: syz [ 144.379198][ T399] usb 6-1: Manufacturer: syz [ 144.384231][ T399] usb 6-1: SerialNumber: syz [ 144.396778][ T399] usb 6-1: config 0 descriptor?? [ 144.423609][ T3275] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 144.447384][ T399] hub 6-1:0.0: bad descriptor, ignoring hub [ 144.471909][ T399] hub: probe of 6-1:0.0 failed with error -5 [ 144.857170][ T1075] usb 6-1: USB disconnect, device number 7 [ 147.324644][ T3505] tipc: Enabling of bearer rejected, failed to enable media [ 147.696390][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 147.696408][ T30] audit: type=1400 audit(1771009694.660:416): avc: denied { create } for pid=3523 comm="syz.2.1202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 147.781224][ T30] audit: type=1400 audit(1771009694.706:417): avc: denied { ioctl } for pid=3522 comm="syz.5.1201" path="socket:[26823]" dev="sockfs" ino=26823 ioctlcmd=0x48d7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 147.850613][ T30] audit: type=1400 audit(1771009694.798:418): avc: denied { create } for pid=3537 comm="syz.2.1209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 147.891360][ T30] audit: type=1400 audit(1771009694.826:419): avc: denied { write } for pid=3537 comm="syz.2.1209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 147.933609][ T30] audit: type=1400 audit(1771009694.826:420): avc: denied { read } for pid=3537 comm="syz.2.1209" path="socket:[26154]" dev="sockfs" ino=26154 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 147.990562][ T3549] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1213'. [ 148.017403][ T3551] 9pnet_virtio: no channels available for device syz [ 149.374260][ T3637] 9pnet_virtio: no channels available for device syz [ 149.788071][ T30] audit: type=1400 audit(1771009696.477:421): avc: denied { read } for pid=3650 comm="syz.1.1259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 150.005269][ T945] Bluetooth: hci0: command 0x1003 tx timeout [ 150.032945][ T716] Bluetooth: hci0: sending frame failed (-49) [ 151.692153][ T30] audit: type=1400 audit(1771009698.350:422): avc: denied { mounton } for pid=3729 comm="syz.2.1294" path="/syzcgroup/unified/syz2" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 152.022060][ T30] audit: type=1400 audit(1771009698.655:423): avc: denied { append } for pid=3743 comm="syz.2.1299" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 152.094549][ T3757] device syzkaller0 entered promiscuous mode [ 152.103697][ T3757] tipc: Started in network mode [ 152.109345][ T3757] tipc: Node identity ceee80141301, cluster identity 4711 [ 152.116973][ T3757] tipc: Enabled bearer , priority 0 [ 152.129815][ T3756] tipc: Resetting bearer [ 152.151540][ T3756] tipc: Disabling bearer [ 152.167765][ T3760] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1306'. [ 152.279876][ T1076] Bluetooth: hci0: command 0x1001 tx timeout [ 152.291804][ T716] Bluetooth: hci0: sending frame failed (-49) [ 152.914778][ T473] tipc: Left network mode [ 153.069418][ T3789] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.077435][ T3789] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.085298][ T3789] device bridge_slave_0 entered promiscuous mode [ 153.092344][ T3803] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1324'. [ 153.105917][ T3789] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.113018][ T3789] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.323679][ T3789] device bridge_slave_1 entered promiscuous mode [ 153.516313][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 153.528032][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 153.538008][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 153.546566][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 153.555732][ T591] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.562924][ T591] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.570784][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 153.581159][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.589731][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 153.598597][ T591] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.605690][ T591] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.624000][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 153.632345][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 153.648264][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 153.656743][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 153.676226][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 153.686894][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 153.696195][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 153.705302][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 153.714055][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 153.721711][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 153.731077][ T3789] device veth0_vlan entered promiscuous mode [ 153.750366][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 153.760722][ T3789] device veth1_macvtap entered promiscuous mode [ 153.772731][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 153.782104][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 153.793335][ T473] device bridge_slave_1 left promiscuous mode [ 153.800362][ T473] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.809183][ T473] device bridge_slave_0 left promiscuous mode [ 153.815502][ T473] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.824180][ T473] device veth1_macvtap left promiscuous mode [ 153.830839][ T473] device veth0_vlan left promiscuous mode [ 153.912255][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 153.920938][ T591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 154.502499][ T498] Bluetooth: hci0: command 0x1009 tx timeout [ 154.773331][ T20] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 155.163545][ T20] usb 7-1: config 0 has no interfaces? [ 155.169380][ T20] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 155.178927][ T20] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.187856][ T20] usb 7-1: config 0 descriptor?? [ 156.100585][ T4013] overlayfs: missing 'lowerdir' [ 156.190336][ T30] audit: type=1326 audit(1771009702.493:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4027 comm="syz.3.1420" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff832f7df79 code=0x0 [ 156.798682][ T30] audit: type=1400 audit(1771009703.056:425): avc: denied { getopt } for pid=4042 comm="syz.1.1427" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 157.165562][ T30] audit: type=1400 audit(1771009703.398:426): avc: denied { mount } for pid=4066 comm="syz.4.1438" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 157.166072][ T4067] overlayfs: failed to clone lowerpath [ 157.204140][ T4067] overlayfs: failed to clone lowerpath [ 157.245143][ T591] device bridge_slave_1 left promiscuous mode [ 157.252541][ T591] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.263052][ T591] device bridge_slave_0 left promiscuous mode [ 157.270317][ T591] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.279297][ T591] device veth1_macvtap left promiscuous mode [ 157.285473][ T591] device veth0_vlan left promiscuous mode [ 157.433084][ T4103] tmpfs: Unknown parameter 'usrquota' [ 157.481884][ T30] audit: type=1400 audit(1771009703.684:427): avc: denied { connect } for pid=4113 comm="syz.3.1460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 157.549110][ T30] audit: type=1400 audit(1771009703.757:428): avc: denied { create } for pid=4122 comm="syz.3.1464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 157.589905][ T4132] device batadv_slave_0 entered promiscuous mode [ 157.701416][ T4147] overlayfs: failed to clone lowerpath [ 157.708212][ T4147] overlayfs: failed to clone lowerpath [ 157.747141][ T498] usb 7-1: USB disconnect, device number 2 [ 157.775585][ T4151] 9pnet: Could not find request transport: rdma [ 158.049293][ T4153] 9pnet_virtio: no channels available for device syz [ 158.151267][ T30] audit: type=1400 audit(1771009704.311:429): avc: denied { mount } for pid=4177 comm="syz.3.1491" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 158.654279][ T30] audit: type=1326 audit(1771009704.772:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4204 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6528fb6f79 code=0x7ffc0000 [ 158.699258][ T30] audit: type=1326 audit(1771009704.800:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4204 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f6528fb6f79 code=0x7ffc0000 [ 158.737532][ T30] audit: type=1326 audit(1771009704.800:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4204 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6528fb6f79 code=0x7ffc0000 [ 158.970312][ T4232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge1: link becomes ready [ 159.115926][ T4239] loop5: detected capacity change from 0 to 512 [ 159.501254][ T4239] EXT4-fs (loop5): Ignoring removed oldalloc option [ 159.534770][ T4239] EXT4-fs (loop5): Ignoring removed bh option [ 159.625040][ T4239] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802c118, mo2=0002] [ 159.644358][ T4239] System zones: 1-12 [ 159.671693][ T4239] EXT4-fs error (device loop5): ext4_iget_extra_inode:4597: inode #15: comm syz.5.1511: corrupted in-inode xattr [ 159.718317][ T4239] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1511: couldn't read orphan inode 15 (err -117) [ 159.774039][ T4239] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsold,nolazytime,debug,noload,lazytime,oldalloc,lazytime,bh,,errors=continue. Quota mode: none. [ 159.945371][ T30] audit: type=1326 audit(1771009705.963:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4267 comm="syz.6.1521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0907f91f79 code=0x7ffc0000 [ 160.196438][ T4294] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 160.475318][ T4309] netlink: 337 bytes leftover after parsing attributes in process `syz.3.1537'. [ 161.917426][ T4331] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1544'. [ 161.931297][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 161.931315][ T30] audit: type=1400 audit(1771009707.799:448): avc: denied { setopt } for pid=4332 comm="syz.3.1546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 161.959788][ T4333] ================================================================== [ 161.968579][ T4333] BUG: KASAN: slab-out-of-bounds in xfrm_policy_inexact_list_reinsert+0x606/0x6c0 [ 161.978096][ T4333] Read of size 1 at addr ffff8881283663f8 by task syz.3.1546/4333 [ 161.986015][ T4333] [ 161.988367][ T4333] CPU: 1 PID: 4333 Comm: syz.3.1546 Not tainted syzkaller #0 [ 161.995852][ T4333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 162.005935][ T4333] Call Trace: [ 162.009246][ T4333] [ 162.012222][ T4333] __dump_stack+0x21/0x30 [ 162.016591][ T4333] dump_stack_lvl+0x110/0x170 [ 162.021314][ T4333] ? show_regs_print_info+0x20/0x20 [ 162.026668][ T4333] ? load_image+0x3e0/0x3e0 [ 162.031311][ T4333] ? unwind_get_return_address+0x4d/0x90 [ 162.036986][ T4333] print_address_description+0x7f/0x2c0 [ 162.042680][ T4333] ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0 [ 162.049238][ T4333] kasan_report+0xf1/0x140 [ 162.053732][ T4333] ? xfrm_policy_inexact_list_reinsert+0x606/0x6c0 [ 162.060968][ T4333] __asan_report_load1_noabort+0x14/0x20 [ 162.066741][ T4333] xfrm_policy_inexact_list_reinsert+0x606/0x6c0 [ 162.073111][ T4333] xfrm_policy_inexact_insert_node+0x938/0xb50 [ 162.079305][ T4333] ? xfrm_netlink_rcv+0x72/0x90 [ 162.084199][ T4333] ? netlink_unicast+0x876/0xa40 [ 162.089169][ T4333] ? ____sys_sendmsg+0x5b7/0x8f0 [ 162.094146][ T4333] ? x64_sys_call+0x4b/0x9a0 [ 162.098860][ T4333] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 162.104972][ T4333] xfrm_policy_inexact_alloc_chain+0x53d/0xb30 [ 162.111209][ T4333] xfrm_policy_inexact_insert+0x70/0x1130 [ 162.117053][ T4333] ? __kasan_check_write+0x14/0x20 [ 162.122529][ T4333] ? _raw_spin_lock_bh+0x94/0xf0 [ 162.127811][ T4333] ? policy_hash_bysel+0x13f/0x6f0 [ 162.133739][ T4333] xfrm_policy_insert+0x126/0x9a0 [ 162.138970][ T4333] ? xfrm_policy_construct+0x54f/0x1f00 [ 162.144553][ T4333] xfrm_add_policy+0x4ed/0x850 [ 162.149426][ T4333] ? xfrm_dump_sa_done+0xc0/0xc0 [ 162.154520][ T4333] xfrm_user_rcv_msg+0x4dc/0x7b0 [ 162.159597][ T4333] ? xfrm_netlink_rcv+0x90/0x90 [ 162.164698][ T4333] ? avc_has_perm_noaudit+0x490/0x490 [ 162.170182][ T4333] ? x64_sys_call+0x4b/0x9a0 [ 162.174876][ T4333] ? selinux_nlmsg_lookup+0x237/0x4c0 [ 162.180334][ T4333] netlink_rcv_skb+0x1f5/0x440 [ 162.185187][ T4333] ? xfrm_netlink_rcv+0x90/0x90 [ 162.190045][ T4333] ? netlink_ack+0xb50/0xb50 [ 162.194633][ T4333] ? wait_for_completion_killable_timeout+0x10/0x10 [ 162.201222][ T4333] ? __netlink_lookup+0x387/0x3b0 [ 162.206247][ T4333] xfrm_netlink_rcv+0x72/0x90 [ 162.210927][ T4333] netlink_unicast+0x876/0xa40 [ 162.215776][ T4333] netlink_sendmsg+0x879/0xb80 [ 162.220540][ T4333] ? netlink_getsockopt+0x530/0x530 [ 162.225740][ T4333] ? do_futex+0xde8/0x2800 [ 162.230158][ T4333] ? security_socket_sendmsg+0x82/0xa0 [ 162.235623][ T4333] ? netlink_getsockopt+0x530/0x530 [ 162.240817][ T4333] ____sys_sendmsg+0x5b7/0x8f0 [ 162.245581][ T4333] ? __sys_sendmsg_sock+0x40/0x40 [ 162.250722][ T4333] ? import_iovec+0x7c/0xb0 [ 162.255324][ T4333] ___sys_sendmsg+0x236/0x2e0 [ 162.260125][ T4333] ? __sys_sendmsg+0x280/0x280 [ 162.264905][ T4333] ? __fdget+0x1a1/0x230 [ 162.269236][ T4333] __x64_sys_sendmsg+0x206/0x2f0 [ 162.274268][ T4333] ? ___sys_sendmsg+0x2e0/0x2e0 [ 162.279231][ T4333] ? __kasan_check_write+0x14/0x20 [ 162.284373][ T4333] ? switch_fpu_return+0x15d/0x2c0 [ 162.289582][ T4333] x64_sys_call+0x4b/0x9a0 [ 162.294095][ T4333] do_syscall_64+0x4c/0xa0 [ 162.298622][ T4333] ? clear_bhb_loop+0x50/0xa0 [ 162.303298][ T4333] ? clear_bhb_loop+0x50/0xa0 [ 162.307970][ T4333] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 162.313975][ T4333] RIP: 0033:0x7ff832f7df79 [ 162.318398][ T4333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 162.338063][ T4333] RSP: 002b:00007ff8319d9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.346570][ T4333] RAX: ffffffffffffffda RBX: 00007ff8331f7fa0 RCX: 00007ff832f7df79 [ 162.354546][ T4333] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 162.362522][ T4333] RBP: 00007ff8330147e0 R08: 0000000000000000 R09: 0000000000000000 [ 162.370581][ T4333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 162.378548][ T4333] R13: 00007ff8331f8038 R14: 00007ff8331f7fa0 R15: 00007ffd72ebe218 [ 162.386520][ T4333] [ 162.389538][ T4333] [ 162.391853][ T4333] Allocated by task 4333: [ 162.396168][ T4333] __kasan_kmalloc+0xda/0x110 [ 162.400845][ T4333] __kmalloc+0x13d/0x2c0 [ 162.405083][ T4333] sk_prot_alloc+0xed/0x320 [ 162.409584][ T4333] sk_alloc+0x38/0x430 [ 162.413663][ T4333] pfkey_create+0x12a/0x660 [ 162.418162][ T4333] __sock_create+0x38d/0x7a0 [ 162.422747][ T4333] __sys_socket+0xec/0x190 [ 162.427164][ T4333] __x64_sys_socket+0x7a/0x90 [ 162.431950][ T4333] x64_sys_call+0x8c5/0x9a0 [ 162.436451][ T4333] do_syscall_64+0x4c/0xa0 [ 162.440867][ T4333] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 162.447015][ T4333] [ 162.449332][ T4333] The buggy address belongs to the object at ffff888128366000 [ 162.449332][ T4333] which belongs to the cache kmalloc-1k of size 1024 [ 162.463536][ T4333] The buggy address is located 1016 bytes inside of [ 162.463536][ T4333] 1024-byte region [ffff888128366000, ffff888128366400) [ 162.477070][ T4333] The buggy address belongs to the page: [ 162.483042][ T4333] page:ffffea0004a0d800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x128360 [ 162.493821][ T4333] head:ffffea0004a0d800 order:3 compound_mapcount:0 compound_pincount:0 [ 162.502142][ T4333] flags: 0x4000000000010200(slab|head|zone=1) [ 162.508217][ T4333] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043080 [ 162.516886][ T4333] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 162.525603][ T4333] page dumped because: kasan: bad access detected [ 162.532179][ T4333] page_owner tracks the page as allocated [ 162.537896][ T4333] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 287, ts 22886320115, free_ts 0 [ 162.556305][ T4333] post_alloc_hook+0x192/0x1b0 [ 162.561277][ T4333] prep_new_page+0x1c/0x110 [ 162.565782][ T4333] get_page_from_freelist+0x2d3a/0x2dc0 [ 162.571413][ T4333] __alloc_pages+0x1a2/0x460 [ 162.576114][ T4333] new_slab+0xa1/0x4d0 [ 162.580317][ T4333] ___slab_alloc+0x381/0x810 [ 162.584922][ T4333] __slab_alloc+0x49/0x90 [ 162.589464][ T4333] kmem_cache_alloc_trace+0x146/0x270 [ 162.595038][ T4333] new_nbp+0x205/0x720 [ 162.599213][ T4333] br_add_if+0x29d/0x10b0 [ 162.603539][ T4333] br_add_slave+0x2c/0x40 [ 162.607958][ T4333] do_setlink+0xe86/0x3d50 [ 162.612372][ T4333] rtnl_newlink+0x1639/0x1a30 [ 162.617136][ T4333] rtnetlink_rcv_msg+0xa4b/0xce0 [ 162.622159][ T4333] netlink_rcv_skb+0x1f5/0x440 [ 162.627274][ T4333] rtnetlink_rcv+0x1c/0x20 [ 162.632037][ T4333] page_owner free stack trace missing [ 162.637744][ T4333] [ 162.640109][ T4333] Memory state around the buggy address: [ 162.645906][ T4333] ffff888128366280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 162.654397][ T4333] ffff888128366300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 162.662625][ T4333] >ffff888128366380: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 162.671028][ T4333] ^ [ 162.679090][ T4333] ffff888128366400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 162.687324][ T4333] ffff888128366480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 162.696107][ T4333] ================================================================== [ 162.704428][ T4333] Disabling lock debugging due to kernel taint