last executing test programs: 3.675617162s ago: executing program 1 (id=54): syz_usb_connect(0x0, 0x3f, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0x21, 0x7, 0x94, 0x8, 0xabf, 0x3370, 0x9b54, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0xe7, 0xeb, 0x97, 0x0, [], [{{0x9, 0x5, 0xe}}, {{0x9, 0x5, 0xc}}, {}]}}]}}]}}, 0x0) 2.650875561s ago: executing program 2 (id=68): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) shutdown(r0, 0x0) 2.600054463s ago: executing program 2 (id=69): r0 = creat(&(0x7f0000000440)='./file0\x00', 0x0) ioctl$TIOCVHANGUP(r0, 0x541b, 0x1000000000000) 2.599873893s ago: executing program 2 (id=70): syz_usb_connect$uac1(0x0, 0x83, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x71, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@mixer_unit={0xa, 0x24, 0x4, 0x2, 0x3f, "b07b2f465a"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8}]}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) 1.817322222s ago: executing program 1 (id=76): pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000000c0)=ANY=[], 0x13) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r3 = inotify_init() inotify_add_watch(r3, &(0x7f0000000040)='./bus\x00', 0x84000176) splice(r0, 0x0, r2, 0x0, 0x1a, 0x0) 1.752058644s ago: executing program 1 (id=77): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000000)={0x3c, 0x0, 0x8, 0x801, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_SHUTDOWN_ACK_SENT={0x8}]}]}, 0x3c}}, 0x0) 1.751889865s ago: executing program 1 (id=78): ioperm(0x0, 0x3, 0x3e) rt_sigqueueinfo(0x0, 0x0, &(0x7f0000002d00)) 1.751665295s ago: executing program 1 (id=80): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000140)='8', 0x1}], 0x1}}], 0x1, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000002c0)=0x8001, 0x4) splice(r0, 0x0, r2, 0x0, 0x39000, 0x0) 1.749010955s ago: executing program 1 (id=81): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x374, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) 736.077902ms ago: executing program 4 (id=86): r0 = syz_open_dev$usbfs(&(0x7f0000002000), 0xd, 0x20041) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550c, &(0x7f0000001300)) 735.983622ms ago: executing program 4 (id=87): r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x20001, 0x0) write$UHID_INPUT(r0, 0x0, 0x0) 735.866943ms ago: executing program 4 (id=88): r0 = socket$igmp6(0xa, 0x3, 0x2) getsockopt(r0, 0x29, 0x7, 0x0, &(0x7f0000000100)) 735.773303ms ago: executing program 4 (id=89): pwritev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000000400)="a4ea4b45fb4a9558100dac4e6c1bd1ec1d0ce4a76e32ee724374cd4c1d4310fa48629c13cae18691ea0db57f4f9ddb5ccddf3cc7588a27b7c7b4fdbee0d9fce736935183627cc05b642f10a02cdd25c49d8d386d0f37d8f92aed0ecea109d96bb0d4362c3a12c03361d04b4d5454a86c3a2d6f4bbfde3a9f8d98739e2a03827e41bf710c716ab8c2b9df168db83436acf234ab8e5d4f0432075f61bf2fbebc2336c4f2ef5a6f4ef975e21d3d1f487ce328f94dec6bb5564d513020f78eacf09c3834417c852986d159257784af12b26a1973a7c70f35facebf4a9f5365810767c2806205ce77b442ce989c2910a02d2e04a2d310163f97603cc9b41608a2b4357fe0cd349fe1a8a314c279a17c88af9f8325ce83929034698d003ba629794951f65c271c08977bb6883c68fa623d9bc254fbb4a3538aa012cf3e414cd266e36b9501e8637b724fef1a2653a91fed865bb5ab0073b6667bb32027607dd3df85caad5086bba25f8d2ea902abb9e4e27a52167ab9fe072a367521cf892f35d7baec9b39c041af158811cbc8f72f05cbffccb707abc894af4bc37c98b6cd10b07333b2f06befd9163a6c8dcba4ae626d0e10b93419a9183002cd1746e9c8a7b2b24240e9dfd9368ebde8581e35a84942962be6186992c5260a986bc32874b0ba606d849a9086fba390c2acdad79757247b4680a507f214ccee418af9a652952ee6c8f7f1e794c469c4a690d77a6f70883279c3c1bfffe458ef001983db08e836f1283adffd4d7d059cba36a7415843ae371d7727a7430d9f7b2ff05e71f93ed91d4a00b56ade42eec43c89a945b6c6c209f6e39c9bc94f952f7c94306869983ee92a4601f1fbbd4cbe8cc1cd76cc98a5cca3d791f7f4ee91d1d0a2774fc9fcf5dcc2b5b28e83df8dbb2182d64fd9cd103388ccd70119ccd7cd50c6c886d70901b2355f088b0e45540bb0f38d39e3ab367511c1eb5e7a26b11064599c9945b83bd8bfe5ef6154bcd963639e62933d1d4f1eed6fb0349fb8712d4b80ccbc60accbc0d7eb5824dafc7de8c3788150e0a9e66653a13029eed500d698210d9907551448b20b7394616262c66323a737c69b11120ec145de53491ab616d6b1ce091c60246bad053d44296a29492691088a1b9aa00a9ce2a60c8378d35b04d6faa6da4a16f99eda2c76bac2e24ac78c87819a6b0822edd4c5801ed94e00053dc04e597af889d6b0d03aabf839433e0ed2e4f247dd6c4f1584848cf2b54c8dfd739f46e2f6c200feaeff8c69475a0c0b72b10798b831bd6a55e10e80a08a60c423213fb07bc889b43b7c8c1cc7e8771971a6c58f5d68e15f7c4175c0082cd8530a0dc23001236147a600d9b3e0ba6605557e27328eef399eed687ef24f85332791c914d73cb92630f1e4b44183f91378fcc12bab9878df9720b88a4841655c2f4f61911c1a18430d1f02040f6c6363c5bcfb74632401e6251dad92652fdda90c70de784d5452f7a11e15e107020f340c59184bb28c0b831698036a3303950c4e05b9457b0825a52c68a1b0143a7f36db6d52cb5590969ea6cd4143a8036c446edf1db08133ff13d46989e9e37fdfd780ad30d78cf3bb4a95b0b4929af952c71917ba1be370184c4c62028a28acecf4ce55b74e7dff6ee9a741bc9f079937b87e05b08b24e3b8e6274997cfd2bc2934a57be9e449a65f65247e8b11bc985c18df830ae4afbaa369d35b3a8e344dcaf94e1fa3b38ed3d8b5583c9591ab848331b6cf527304f444a1c821cdf63914d25c82015eda475f08912849bebc82914ac19a4f05c3dee0f7806ba6650d95f834f29512fa97062ddb04a18746b41574c600fd0a74374d2209f14879d987f6c8cd403d4a8d2e963ac3032c40d7870f5283dcf06c05e30c8a7863a8f1948053f77c175d2eaf9fabceaa55ce1b3ea186ac5b8dcfe2c26613079b0a33072fa3090c27147b357a2ec28ff544f227b2a3a0f95690a689c991fbf8a1c187dad91fbce31fe4d0a43355bcee0cfbf259e67a5d84b0c2ee752f0164769e49161dfb7f825161c440ff9f1b9346d08caba867711ed2c167f4f4d464dcd27d10355f2a844affd76beac47551c21b09b9ee58e72c4480dac76dee6685a950d3d66358c8fed905918ea368d6ea2b35b2aff7a9304d97c474967fa4400f5610e9bdcca4d6da836a0864334115952146c257fdac1c2615c1d187fda2d42b99298f23aaa160f994cfdbcc567c32a6c63c5ca7deb1f7ccd67bfcf5d1065e656b5061f3f511f5180a0866fbd8b198b07c846a1084617bddc2b854ab66bebfccbac412b775d11f4d0eea102149ca57268b14eec027e19995d3e7b533845aadc882158797630709baa6af2d62e9bed57b1d077bb85a8b440d2351f06dea89eaae5de19439639409fbb5ddba8b2f41408492fb1544165760a482ef96d0a45db0214e935aa5f635924af0fdaa421424cb6158981c12c1eaf2c47d9dc7f182a5e058c1db68561bf0e210d83075a81c243ce385183a7b181ff7d09811bd0f9453f3fbcde41cdaf88e79020ac0f81a11698889b6b5760e3b57b69273df83e8e73d26c44fc5b095b3373b5073e0bb1fa7a15563fe71dee7603f330b7d1700919ba8ef379b0ade24c9aca831e0a8d77ef630e0a6c574e1893db3cd77a955c9014bde7576917405d5b6e96e11d5f6abe9bd6056c6fa96c8b33ebb8535c2d4ea0e2cbd01a5499405373900688f5da127f37d118944034619b4d73a8e180d2a8b1dcfefa2e106966a24a9ef0b98059f684d9c9929957d07376254a13690a8116a896ef2a7548c2e05484b46fb6ab0aa0311051f8c73b044d84ccda8d93243478d50ccddb5c759fa5aa4ed9a0aafa89c819896b6fa9c47ced65baf026b409488f2631d4b26a15a236151", 0x801}, {0x0}], 0x2, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x953c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) 735.685623ms ago: executing program 4 (id=90): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000340)='\x00\x00\x00\x00', 0x4}], 0x1) 732.617013ms ago: executing program 4 (id=91): syz_usb_connect(0x0, 0x6f, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0xb6, 0x7, 0x17, 0x40, 0x1410, 0x1130, 0x8b8b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe8, 0x0, 0x54, 0x0, [@uac_control={{}, [@selector_unit={0x7, 0x24, 0x5, 0x0, 0x0, "59d7"}, @mixer_unit={0x9, 0x24, 0x4, 0x0, 0x0, "75e70460"}, @extension_unit={0x9, 0x24, 0x8, 0x0, 0x0, 0x0, 'Cc'}, @output_terminal={0x9, 0x24, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4}, @output_terminal={0x9, 0x24, 0x3, 0x4, 0x304, 0x0, 0x6}]}, @cdc_ecm={{0x5}, {0x5}, {0xd}}]}}]}}]}}, 0x0) 714.034684ms ago: executing program 2 (id=92): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0) unlink(&(0x7f00000002c0)='./file0\x00') 702.230584ms ago: executing program 2 (id=93): mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1, 0x42032, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000180)) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56}) 572.022659ms ago: executing program 2 (id=94): syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0) memfd_create(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_procfs(0x0, &(0x7f0000000300)='net/sockstat6\x00') preadv2(r3, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/102, 0x66}], 0x1, 0xfffffffe, 0x0, 0x0) 248.065601ms ago: executing program 0 (id=97): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x6c, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASK={0x18, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @local}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASTER={0x4}]}, 0x6c}}, 0x0) 247.823901ms ago: executing program 3 (id=99): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0x7) r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000400)='_', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r1}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'crct10dif\x00\x00\x00 \x00\x00\x00+\xcc\xff%\xd2cTH,\x00'}}) 247.584651ms ago: executing program 0 (id=100): r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x8}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote}, 0x1c) close(r0) 232.284441ms ago: executing program 0 (id=101): r0 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, 0x1c) 224.880462ms ago: executing program 3 (id=102): munmap(&(0x7f0000001000/0x1000)=nil, 0x1000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) 132.633385ms ago: executing program 0 (id=103): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000003c0)={'ip_vti0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x2100, 0x6000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4}}}}) 132.399185ms ago: executing program 3 (id=104): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000140)=ANY=[@ANYBLOB="e0000001ac1414aa0000000003"], 0x1c) setsockopt$inet_mreqn(r3, 0x0, 0x25, &(0x7f0000000080)={@multicast1, @local}, 0xc) 132.281335ms ago: executing program 0 (id=105): r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="290000001800190f00003fffffffda060200000000e80001dd00000404001600ea11c21d0005000000", 0x29}], 0x1) 132.093395ms ago: executing program 0 (id=106): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', 0x0, 0x27, 0x0) 81.593867ms ago: executing program 3 (id=107): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) 53.552848ms ago: executing program 3 (id=108): mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r0, 0x0) setreuid(r0, 0xffffffffffffffff) 0s ago: executing program 3 (id=109): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000640)={0x34, r4, 0x303, 0x0, 0x0, {0x3d}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.66' (ED25519) to the list of known hosts. [ 18.146724][ T23] audit: type=1400 audit(1719755719.800:66): avc: denied { mounton } for pid=339 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 18.148241][ T339] cgroup1: Unknown subsys name 'net' [ 18.149965][ T23] audit: type=1400 audit(1719755719.800:67): avc: denied { mount } for pid=339 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.150741][ T339] cgroup1: Unknown subsys name 'net_prio' [ 18.154389][ T339] cgroup1: Unknown subsys name 'devices' [ 18.156066][ T23] audit: type=1400 audit(1719755719.810:68): avc: denied { unmount } for pid=339 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.280281][ T339] cgroup1: Unknown subsys name 'hugetlb' [ 18.285879][ T339] cgroup1: Unknown subsys name 'rlimit' [ 18.478854][ T23] audit: type=1400 audit(1719755720.140:69): avc: denied { setattr } for pid=339 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9248 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 18.501931][ T23] audit: type=1400 audit(1719755720.140:70): avc: denied { mounton } for pid=339 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 18.526486][ T23] audit: type=1400 audit(1719755720.140:71): avc: denied { mount } for pid=339 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 18.539870][ T341] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 18.557758][ T23] audit: type=1400 audit(1719755720.180:72): avc: denied { read } for pid=144 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 18.579324][ T23] audit: type=1400 audit(1719755720.220:73): avc: denied { relabelto } for pid=341 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 18.604609][ T23] audit: type=1400 audit(1719755720.220:74): avc: denied { write } for pid=341 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.632834][ T23] audit: type=1400 audit(1719755720.290:75): avc: denied { read } for pid=339 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.658802][ T339] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 18.988204][ T347] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.995130][ T347] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.002907][ T347] device bridge_slave_0 entered promiscuous mode [ 19.011779][ T347] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.018734][ T347] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.026012][ T347] device bridge_slave_1 entered promiscuous mode [ 19.080245][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.087178][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.094715][ T351] device bridge_slave_0 entered promiscuous mode [ 19.102035][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.109071][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.116963][ T351] device bridge_slave_1 entered promiscuous mode [ 19.185735][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.192618][ T350] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.199899][ T350] device bridge_slave_0 entered promiscuous mode [ 19.215073][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.221956][ T349] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.229331][ T349] device bridge_slave_0 entered promiscuous mode [ 19.237732][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.244562][ T350] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.252031][ T350] device bridge_slave_1 entered promiscuous mode [ 19.270350][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.277183][ T349] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.284517][ T349] device bridge_slave_1 entered promiscuous mode [ 19.335857][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.342982][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.350931][ T352] device bridge_slave_0 entered promiscuous mode [ 19.361112][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.367956][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.375315][ T352] device bridge_slave_1 entered promiscuous mode [ 19.490733][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.497578][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.504724][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.511653][ T351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.544546][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.551397][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.558526][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.565298][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.616475][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.623412][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.630525][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.637284][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.668163][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.675471][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.684383][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.692541][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.700138][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.708169][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.716159][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.723377][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.749865][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 19.757098][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.764546][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.772660][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.800368][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 19.808937][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.816858][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.823697][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.831352][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 19.839702][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.847779][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.854584][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.861807][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.869908][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 19.883566][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.898155][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.906450][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 19.938824][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.947155][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.955109][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.979724][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.987469][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 19.996296][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.005267][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.013555][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.021640][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.028472][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.035730][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.043938][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.050794][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.067591][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.075396][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.088640][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.096406][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.104662][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.113129][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.137602][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.145518][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.154188][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 20.162392][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.170416][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.178328][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.197105][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 20.205398][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.213652][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.221908][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.250111][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.258371][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.276482][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.285028][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.293391][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.301977][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.310188][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.318308][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.335510][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 20.342734][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.350345][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 20.359361][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.367274][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.374192][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.381791][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 20.390161][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.398232][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.405040][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.412295][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 20.420843][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.428773][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.472411][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.483260][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.507197][ T384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7'. [ 20.516500][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.527530][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.611273][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.628340][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.640136][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.648555][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.656348][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 20.667421][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.677431][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.687220][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.697709][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.706786][ T370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.818364][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 20.826484][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.836723][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.846225][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.856863][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.865264][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.866519][ T396] syz.2.3 (396) used greatest stack depth: 20664 bytes left [ 21.227316][ T427] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=427 comm=syz.2.22 [ 21.536721][ T439] kernel profiling enabled (shift: 3) [ 21.670407][ T13] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 21.917733][ T13] usb 3-1: Using ep0 maxpacket: 32 [ 22.077719][ T13] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 22.088563][ T13] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 22.137597][ T371] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 22.357712][ T353] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 22.427918][ T13] usb 3-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.40 [ 22.437239][ T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 22.445327][ T13] usb 3-1: Product: syz [ 22.450111][ T13] usb 3-1: Manufacturer: syz [ 22.454579][ T13] usb 3-1: SerialNumber: syz [ 22.707670][ T371] usb 4-1: config 0 has an invalid descriptor of length 68, skipping remainder of the config [ 22.717712][ T353] usb 5-1: Using ep0 maxpacket: 8 [ 22.722567][ T371] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 22.731406][ T371] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 22.739588][ T13] usbhid 3-1:1.0: can't add hid device: -22 [ 22.745552][ T13] usbhid: probe of 3-1:1.0 failed with error -22 [ 22.746104][ T371] usb 4-1: config 0 descriptor?? [ 22.757077][ T13] usb 3-1: USB disconnect, device number 2 [ 22.992089][ T371] usb 4-1: USB disconnect, device number 2 [ 23.007819][ T353] usb 5-1: New USB device found, idVendor=2304, idProduct=0248, bcdDevice=e0.c3 [ 23.016691][ T353] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 23.024623][ T353] usb 5-1: Product: syz [ 23.028643][ T353] usb 5-1: Manufacturer: syz [ 23.032995][ T353] usb 5-1: SerialNumber: syz [ 23.038231][ T353] usb 5-1: config 0 descriptor?? [ 23.227056][ T494] x_tables: duplicate underflow at hook 2 [ 23.420165][ T23] kauditd_printk_skb: 54 callbacks suppressed [ 23.420174][ T23] audit: type=1400 audit(1719755725.080:130): avc: denied { map } for pid=510 comm="syz.2.56" path="socket:[12710]" dev="sockfs" ino=12710 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 23.542701][ T23] audit: type=1400 audit(1719755725.200:131): avc: denied { read } for pid=518 comm="syz.3.60" path="socket:[11850]" dev="sockfs" ino=11850 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 23.597663][ T353] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 23.743309][ T23] audit: type=1400 audit(1719755725.400:132): avc: denied { read } for pid=525 comm="syz.0.61" name="kvm" dev="devtmpfs" ino=108 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 23.744598][ T526] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.782438][ T23] audit: type=1400 audit(1719755725.400:133): avc: denied { open } for pid=525 comm="syz.0.61" path="/dev/kvm" dev="devtmpfs" ino=108 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 23.814174][ T23] audit: type=1400 audit(1719755725.400:134): avc: denied { ioctl } for pid=525 comm="syz.0.61" path="/dev/kvm" dev="devtmpfs" ino=108 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 23.852378][ T23] audit: type=1400 audit(1719755725.470:135): avc: denied { create } for pid=528 comm="syz.3.62" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 23.891742][ T23] audit: type=1400 audit(1719755725.480:136): avc: denied { write } for pid=528 comm="syz.3.62" path="socket:[11860]" dev="sockfs" ino=11860 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 23.915876][ T23] audit: type=1400 audit(1719755725.480:137): avc: denied { nlmsg_read } for pid=528 comm="syz.3.62" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 23.931917][ T353] usb 2-1: Using ep0 maxpacket: 8 [ 24.187665][ T353] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 24.197194][ T353] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 24.206755][ T353] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 24.237597][ T124] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.367718][ T353] usb 2-1: New USB device found, idVendor=0abf, idProduct=3370, bcdDevice=9b.54 [ 24.376662][ T353] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.384416][ T353] usb 2-1: Product: syz [ 24.388382][ T353] usb 2-1: Manufacturer: syz [ 24.392771][ T353] usb 2-1: SerialNumber: syz [ 24.398035][ T353] usb 2-1: config 0 descriptor?? [ 24.477602][ T124] usb 1-1: Using ep0 maxpacket: 32 [ 24.517986][ T124] usb 1-1: too many configurations: 138, using maximum allowed: 8 [ 24.597789][ T124] usb 1-1: config 7 has an invalid interface number: 198 but max is 0 [ 24.605910][ T124] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 24.616007][ T124] usb 1-1: config 7 has no interface number 0 [ 24.627610][ T471] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 24.640208][ T5] usb 2-1: USB disconnect, device number 2 [ 24.697649][ T124] usb 1-1: config 7 has an invalid interface number: 198 but max is 0 [ 24.705751][ T124] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 24.715840][ T124] usb 1-1: config 7 has no interface number 0 [ 24.794952][ T23] audit: type=1400 audit(1719755726.450:138): avc: denied { create } for pid=553 comm="syz.3.72" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 24.814785][ T124] usb 1-1: config 7 has an invalid interface number: 198 but max is 0 [ 24.821992][ T23] audit: type=1400 audit(1719755726.450:139): avc: denied { block_suspend } for pid=553 comm="syz.3.72" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 24.827586][ T124] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 24.854340][ T124] usb 1-1: config 7 has no interface number 0 [ 24.897610][ T471] usb 3-1: Using ep0 maxpacket: 16 [ 24.947648][ T124] usb 1-1: config 7 has an invalid interface number: 198 but max is 0 [ 24.955741][ T124] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 24.965811][ T124] usb 1-1: config 7 has no interface number 0 [ 25.027671][ T471] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 25.036493][ T471] usb 3-1: config 1 has no interface number 1 [ 25.042489][ T471] usb 3-1: too many endpoints for config 1 interface 2 altsetting 63: 176, using maximum allowed: 30 [ 25.047643][ T124] usb 1-1: config 7 has an invalid interface number: 198 but max is 0 [ 25.055440][ T471] usb 3-1: config 1 interface 2 altsetting 63 has 0 endpoint descriptors, different from the interface descriptor's value: 176 [ 25.061401][ T124] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 25.074209][ T471] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 25.095105][ T471] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 25.096167][ T124] usb 1-1: config 7 has no interface number 0 [ 25.111597][ T5] usb 5-1: USB disconnect, device number 2 [ 25.115044][ T471] usb 3-1: config 1 interface 2 has no altsetting 2 [ 25.125640][ T561] 9pnet: p9_errstr2errno: server reported unknown error ‌@يخ‚ح(للي« [ 25.187643][ T124] usb 1-1: config 7 has an invalid interface number: 198 but max is 0 [ 25.195629][ T124] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 25.207600][ T124] usb 1-1: config 7 has no interface number 0 [ 25.287711][ T124] usb 1-1: config 7 has an invalid interface number: 198 but max is 0 [ 25.295706][ T124] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 25.306115][ T124] usb 1-1: config 7 has no interface number 0 [ 25.317879][ T471] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 25.326838][ T471] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 25.397831][ T124] usb 1-1: config 7 has an invalid interface number: 198 but max is 0 [ 25.406341][ T124] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 25.418522][ T124] usb 1-1: config 7 has no interface number 0 [ 25.475744][ T471] usb 3-1: Product: syz [ 25.480144][ T471] usb 3-1: Manufacturer: syz [ 25.484537][ T471] usb 3-1: SerialNumber: syz [ 25.507605][ T13] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 25.577674][ T124] usb 1-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.09 [ 25.586576][ T124] usb 1-1: New USB device strings: Mfr=244, Product=177, SerialNumber=118 [ 25.594922][ T124] usb 1-1: Product: syz [ 25.598890][ T124] usb 1-1: Manufacturer: syz [ 25.603262][ T124] usb 1-1: SerialNumber: syz [ 25.876017][ T471] usb 3-1: USB disconnect, device number 3 [ 26.014230][ T124] usb 1-1: USB disconnect, device number 2 [ 26.077949][ T13] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.090724][ T13] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.100454][ T13] usb 2-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00 [ 26.109334][ T13] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.121254][ T13] usb 2-1: config 0 descriptor?? [ 26.527621][ T124] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 26.661132][ T13] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 26.668408][ T13] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 26.676786][ T13] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 26.684682][ T13] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 26.692263][ T13] sony 0003:054C:0374.0001: unknown main item tag 0x0 [ 26.703366][ T13] sony 0003:054C:0374.0001: hiddev96,hidraw0: USB HID v0.00 Device [HID 054c:0374] on usb-dummy_hcd.1-1/input0 [ 26.716888][ T13] sony 0003:054C:0374.0001: failed to claim input [ 26.782056][ T631] netlink: 9 bytes leftover after parsing attributes in process `syz.0.105'. [ 26.888957][ T353] usb 2-1: USB disconnect, device number 3 [ 26.977542][ C0] ================================================================== [ 26.985464][ C0] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 26.992365][ C0] Read of size 8 at addr ffff8881f6e09b40 by task syz.3.109/640 [ 26.999831][ C0] [ 27.002006][ C0] CPU: 0 PID: 640 Comm: syz.3.109 Not tainted 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 27.011540][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 27.021437][ C0] Call Trace: [ 27.024560][ C0] [ 27.027261][ C0] dump_stack+0x1d8/0x241 [ 27.031425][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 27.037060][ C0] ? printk+0xd1/0x111 [ 27.040970][ C0] ? profile_pc+0xa4/0xe0 [ 27.045135][ C0] ? wake_up_klogd+0xb2/0xf0 [ 27.049553][ C0] ? profile_pc+0xa4/0xe0 [ 27.053720][ C0] print_address_description+0x8c/0x600 [ 27.059106][ C0] ? panic+0x89d/0x89d [ 27.063011][ C0] ? profile_pc+0xa4/0xe0 [ 27.067173][ C0] __kasan_report+0xf3/0x120 [ 27.071600][ C0] ? profile_pc+0xa4/0xe0 [ 27.075766][ C0] ? _raw_spin_trylock+0x10a/0x1a0 [ 27.080717][ C0] kasan_report+0x30/0x60 [ 27.084884][ C0] profile_pc+0xa4/0xe0 [ 27.088878][ C0] profile_tick+0xb9/0x100 [ 27.093127][ C0] tick_sched_timer+0x237/0x3c0 [ 27.097817][ C0] ? tick_setup_sched_timer+0x460/0x460 [ 27.103196][ C0] __hrtimer_run_queues+0x3e9/0xb90 [ 27.108232][ C0] ? hrtimer_interrupt+0x890/0x890 [ 27.113181][ C0] hrtimer_interrupt+0x38a/0x890 [ 27.117957][ C0] smp_apic_timer_interrupt+0x110/0x460 [ 27.123335][ C0] apic_timer_interrupt+0xf/0x20 [ 27.128113][ C0] RIP: 0010:_raw_spin_trylock+0x10a/0x1a0 [ 27.133663][ C0] Code: 00 00 00 f0 41 0f b1 4d 00 74 17 bf 01 00 00 00 e8 9b cd f3 fc 65 8b 05 00 7b b1 7b 31 c9 85 c0 74 31 48 c7 04 24 0e 36 e0 45 <4b> c7 04 27 00 00 00 00 65 48 8b 04 25 28 00 00 00 48 3b 44 24 40 [ 27.153103][ C0] RSP: 0018:ffff8881f6e09b40 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 27.161361][ C0] RAX: 0000000000000000 RBX: 1ffff1103edc136c RCX: 0000000000000001 [ 27.169156][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881f6e09b60 [ 27.176969][ C0] RBP: ffff8881f6e09bd0 R08: dffffc0000000000 R09: 0000000000000003 [ 27.184782][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 1ffff1103edc1368 [ 27.192595][ C0] R13: ffff8881eeca68c0 R14: ffff8881f6e09b60 R15: dffffc0000000000 [ 27.200411][ C0] ? apic_timer_interrupt+0xa/0x20 [ 27.205360][ C0] ? __lock_text_start+0x8/0x8 [ 27.209982][ C0] ? check_preemption_disabled+0x9f/0x320 [ 27.215521][ C0] virtnet_poll+0x2d2/0x1250 [ 27.219941][ C0] ? refill_work+0x1f0/0x1f0 [ 27.224365][ C0] ? check_preemption_disabled+0x9f/0x320 [ 27.229918][ C0] ? __skb_gro_checksum_complete+0x290/0x290 [ 27.235729][ C0] ? debug_smp_processor_id+0x20/0x20 [ 27.240949][ C0] ? virtqueue_disable_cb+0xf2/0x280 [ 27.246064][ C0] ? trace_xdp_exception+0x1c0/0x1c0 [ 27.251180][ C0] net_rx_action+0x53f/0x1160 [ 27.255691][ C0] ? debug_smp_processor_id+0x20/0x20 [ 27.260902][ C0] ? net_tx_action+0x5c0/0x5c0 [ 27.265497][ C0] ? debug_smp_processor_id+0x20/0x20 [ 27.270708][ C0] ? irqtime_account_irq+0x6d/0x1b0 [ 27.275740][ C0] __do_softirq+0x23b/0x6b7 [ 27.280083][ C0] ? debug_smp_processor_id+0x20/0x20 [ 27.285288][ C0] irq_exit+0x195/0x1c0 [ 27.289280][ C0] do_IRQ+0xd3/0x1e0 [ 27.293015][ C0] common_interrupt+0xf/0xf [ 27.297437][ C0] [ 27.300224][ C0] RIP: 0010:alloc_set_pte+0x121/0x1170 [ 27.305512][ C0] Code: 10 48 89 6c 24 28 0f 84 2e 01 00 00 e8 78 e6 d8 ff 4c 8b 6c 24 30 42 80 7c 35 00 00 74 08 4c 89 e7 e8 83 cb 08 00 49 8b 1c 24 <48> 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 69 cb 08 00 [ 27.324960][ C0] RSP: 0018:ffff8881e6ebf728 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffda [ 27.333198][ C0] RAX: ffffffff818b5288 RBX: ffff8881e6c902a8 RCX: 0000000000040000 [ 27.341013][ C0] RDX: ffffc90001749000 RSI: 000000000003ffff RDI: 0000000000040000 [ 27.348824][ C0] RBP: 1ffff1103cdd7f4e R08: ffffffff818b5240 R09: fffff94000ebfe81 [ 27.356633][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881e6ebfa70 [ 27.364445][ C0] R13: ffffea00075ff400 R14: dffffc0000000000 R15: ffff8881e77caa68 [ 27.372263][ C0] ? alloc_set_pte+0xc0/0x1170 [ 27.376855][ C0] ? alloc_set_pte+0x108/0x1170 [ 27.381548][ C0] ? alloc_set_pte+0x108/0x1170 [ 27.386231][ C0] ? xas_next_entry+0x248/0x2e0 [ 27.390916][ C0] filemap_map_pages+0x9d8/0xdd0 [ 27.395696][ C0] ? maybe_unlock_mmap_for_io+0x120/0x120 [ 27.401248][ C0] ? __count_memcg_events+0x97/0x210 [ 27.406370][ C0] handle_mm_fault+0x25cd/0x4990 [ 27.411144][ C0] ? perf_event_mmap+0x3ab/0x1920 [ 27.416087][ C0] ? finish_fault+0x230/0x230 [ 27.420602][ C0] ? percpu_counter_add_batch+0x14d/0x170 [ 27.426161][ C0] ? _raw_spin_unlock+0x49/0x60 [ 27.430844][ C0] ? follow_page_pte+0x711/0xcc0 [ 27.435621][ C0] __get_user_pages+0xc0b/0x13b0 [ 27.440404][ C0] ? populate_vma_page_range+0xf0/0xf0 [ 27.445698][ C0] ? memset+0x1f/0x40 [ 27.449521][ C0] ? vmacache_update+0x9f/0xf0 [ 27.454114][ C0] __mm_populate+0x369/0x510 [ 27.458556][ C0] ? __get_user_pages+0x13b0/0x13b0 [ 27.458568][ C0] vm_mmap_pgoff+0x20d/0x260 [ 27.458577][ C0] ? account_locked_vm+0x1b0/0x1b0 [ 27.458586][ C0] ? fpu__clear+0x3c0/0x3c0 [ 27.458594][ C0] ? ksys_mmap_pgoff+0xd6/0x1e0 [ 27.458603][ C0] do_syscall_64+0xca/0x1c0 [ 27.458612][ C0] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 27.458631][ C0] RIP: 0033:0x7f011c60eb99 [ 27.458639][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 27.458644][ C0] RSP: 002b:00007f011b890048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 27.458651][ C0] RAX: ffffffffffffffda RBX: 00007f011c79cfa0 RCX: 00007f011c60eb99 [ 27.458656][ C0] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000 [ 27.458661][ C0] RBP: 00007f011c68f77e R08: ffffffffffffffff R09: 0000000000000000 [ 27.458665][ C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 27.458669][ C0] R13: 000000000000000b R14: 00007f011c79cfa0 R15: 00007ffcfb975438 [ 27.458673][ C0] [ 27.458676][ C0] The buggy address belongs to the page: [ 27.458688][ C0] page:ffffea0007db8240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 27.458693][ C0] flags: 0x8000000000001000(reserved) [ 27.458703][ C0] raw: 8000000000001000 ffffea0007db8248 ffffea0007db8248 0000000000000000 [ 27.458709][ C0] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 27.458712][ C0] page dumped because: kasan: bad access detected [ 27.458718][ C0] page_owner info is not present (never set?) [ 27.458719][ C0] [ 27.458722][ C0] Memory state around the buggy address: [ 27.458728][ C0] ffff8881f6e09a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.458733][ C0] ffff8881f6e09a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.458738][ C0] >ffff8881f6e09b00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 [ 27.458742][ C0] ^ [ 27.458747][ C0] ffff8881f6e09b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.458752][ C0] ffff8881f6e09c00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 27.458754][ C0] ================================================================== [ 27.458757][ C0] Disabling lock debugging due to kernel taint [ 27.584014][ T124] usb 5-1: config 0 has an invalid interface descriptor of length 4, skipping [ 27.584025][ T124] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 27.584044][ T124] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 27.584056][ T124] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 27.787705][ T124] usb 5-1: New USB device found, idVendor=1410, idProduct=1130, bcdDevice=8b.8b [ 27.787719][ T124] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.787728][ T124] usb 5-1: Product: syz [ 27.787737][ T124] usb 5-1: Manufacturer: syz [ 27.787746][ T124] usb 5-1: SerialNumber: syz [ 27.788674][ T124] usb 5-1: config 0 descriptor?? [ 28.039481][ T353] usb 5-1: USB disconnect, device number 3