last executing test programs: 2.961655287s ago: executing program 2 (id=1709): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x18) timer_create(0x5, &(0x7f0000533fa0)={0x0, 0x2e, 0x800000000004, @thr={0x0, &(0x7f0000000040)="33dad586968d7539657a4e72c82886e6124b6ad0f0c2cfc4435fa857967c9ab260460f8576c82412b42a62667a8dbf09d2b09e3da159bd86a9872e6a945b69142ce12b406711364722e0625219b5a2083693dfcc13c8a3e074bbd7"}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x20000018}, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYRES16=r0, @ANYRESDEC], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs$userns(0x0, &(0x7f0000000000)) 2.78174347s ago: executing program 2 (id=1711): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 2.711671571s ago: executing program 2 (id=1714): syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @broadcast, @val, {@ipv6}}, 0x0) 2.711423721s ago: executing program 2 (id=1716): open(&(0x7f0000000040)='./file0\x00', 0x70e, 0x0) setreuid(0xee00, 0x0) r0 = getuid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r1, 0xffff, 0x1022, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) chown(&(0x7f0000000140)='./file0\x00', r0, r2) 2.706191981s ago: executing program 2 (id=1718): mknod(&(0x7f0000000040)='./bus\x00', 0x100000000805f, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x8000, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb5219f1000b913f1, 0x0) mknod(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8000, 0x0) link(&(0x7f0000000340)='./bus\x00', &(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') ioctl$TIOCCONS(r0, 0x80047462) 2.692669411s ago: executing program 2 (id=1720): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x53, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x5b02, 0x0) syz_usb_disconnect(r0) 2.446102204s ago: executing program 3 (id=1735): fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfdffa000) utimes(0x0, 0xffffffffffffffff) r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000100)={'security\x00', 0x0, [0x5, 0xffffbff7, 0x20000004, 0x3, 0x4]}, &(0x7f0000000040)=0x54) 2.267703697s ago: executing program 3 (id=1738): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x6, @remote, 0x1}, 0x1c) 1.437245029s ago: executing program 3 (id=1769): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x20) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x4}}, 0x50) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@nodevmap}], [], 0x6b}}) 1.436819859s ago: executing program 3 (id=1772): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001b00)=@newqdisc={0xac, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x6}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}]}, 0xac}}, 0x0) 1.32976461s ago: executing program 3 (id=1777): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001640)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0) setxattr$incfs_metadata(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x3) removexattr(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)=@random={'btrfs.', '[#\x00'}) 1.267757451s ago: executing program 3 (id=1778): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x8241, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) syz_usb_connect(0x0, 0x34, 0x0, 0x0) ioctl$HIDIOCGCOLLECTIONINDEX(r1, 0x40184810, &(0x7f0000000140)={0x1, 0x0, 0x6, 0x400, 0x6, 0x2}) 965.654856ms ago: executing program 4 (id=1789): add_key$user(0x0, 0x0, &(0x7f0000000280), 0x0, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100005"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) add_key$user(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20, 0x20, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 871.561257ms ago: executing program 4 (id=1790): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x1c, r2, 0x1, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 871.330227ms ago: executing program 4 (id=1791): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000060000000410000010"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x8, 0x42, 0x40, 0xc0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r2}, 0x38) 871.151667ms ago: executing program 4 (id=1792): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504", @ANYBLOB="ebffffffffffffff280012800b00010065"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20, 0x20, 0x0, 0x0, 0xee01}}}, 0xb8}}, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 837.812208ms ago: executing program 4 (id=1793): syz_open_dev$loop(&(0x7f0000000340), 0x80000761, 0x2a382) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 810.127488ms ago: executing program 4 (id=1794): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) read(r0, &(0x7f00000003c0)=""/44, 0x2c) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYRES8=r0, @ANYRESDEC], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r1, &(0x7f0000000180)=[{0x0, 0x3}, {&(0x7f00000002c0)="5f19bdea", 0x4}], 0x2) 447.429763ms ago: executing program 0 (id=1796): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) syz_emit_ethernet(0x3e, &(0x7f0000001180)={@local, @random="e130aeaaba30", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x8, 0x88, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2, {[@routing={0x84}]}}}}}, 0x0) 287.698935ms ago: executing program 0 (id=1797): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x5f555091d78b790d, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) 260.427586ms ago: executing program 0 (id=1798): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') setxattr$system_posix_acl(&(0x7f0000000340)='./file1\x00', &(0x7f0000000380)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) 203.526047ms ago: executing program 0 (id=1799): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000540)={0x24, r3, 0x1, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x42}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000494}, 0x40000) 202.821116ms ago: executing program 0 (id=1800): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x40460020, 0xfffe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10, 0x80000000}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) write$tcp_congestion(r2, &(0x7f00000000c0)='lp\x00', 0xfffffdef) dup2(r2, r0) 202.367757ms ago: executing program 1 (id=1802): socket$packet(0x11, 0x3, 0x300) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 191.222977ms ago: executing program 1 (id=1803): r0 = socket$inet(0x2, 0x2, 0x0) socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x200000000000c, &(0x7f0000000240)="ea00aa6600000000", 0x8) setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000240)="ea00000100000000", 0x8) 177.993047ms ago: executing program 1 (id=1804): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xc, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 63.343889ms ago: executing program 0 (id=1805): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x101100, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x20000004) r1 = socket$inet6(0xa, 0x3, 0x1) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588) syz_emit_ethernet(0x9a, &(0x7f0000001ec0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6001010000641100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e204e2100649078020000000000000003000000"], 0x0) 40.112759ms ago: executing program 1 (id=1806): r0 = socket(0x2, 0x80805, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x29, 0x4, 0x0, 0xd, 0x40, @empty, @empty, 0x1, 0x700, 0x4, 0x6}}) 786.24µs ago: executing program 1 (id=1807): openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) syz_emit_ethernet(0xfef3, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x64, 0x11, 0x0, @remote, @local, {[], {0x4e20, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x1, 0x100004, "628e0960f6d6d3f6ee6d6b84b345dccac643e7df3e526ff07833b291322d4a74", "882ed6741e7632daeaec0c95f2ad1cd6", {"8fb3d9fd3efe8e4ea8b5ec7448ddd6a3", "215990e1b896120966af96b22cf049f0"}}}}}}}}, 0x0) 0s ago: executing program 1 (id=1808): ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x3, 0x0, 0x1, 0xffffffffffffffff, 0x1}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x53, 0x0, &(0x7f0000000000)="f1912d6bc1e9b93904f0c8bd8153aaf283a5ded23c63711510172fcc30dc65a7eb2f064d52373e6e755fdad6181780d49fd3ce5a8df887811aa8c3108d25c3cbc767432f31e8e1b5cab5e815deeda03f135a41", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x50) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x10, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) 0s ago: executing program 1 (id=1809): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x7, 0x24d417d6, 0x1, 0x800, 0xffffffff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x2000c011}, 0x4000000) kernel console output (not intermixed with test programs): permissive=1 [ 302.761058][ T24] audit: type=1400 audit(1746631205.970:3503): avc: denied { write } for pid=4903 comm="syz.3.1391" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 302.927596][ T4904] F2FS-fs (loop3): Unrecognized mount option "01777777777777777777777" or missing value [ 302.956339][ T24] audit: type=1400 audit(1746631206.390:3504): avc: denied { module_request } for pid=4911 comm="syz.4.1395" kmod="net-pf-10-proto-3-type-5" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 303.126249][ T24] audit: type=1400 audit(1746631206.560:3505): avc: denied { create } for pid=4872 comm="syz.0.1385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 303.194387][ T1434] aqc111: probe of 1-1:1.242 failed with error -22 [ 303.205147][ T1434] usb 1-1: USB disconnect, device number 24 [ 303.254248][ T367] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 303.296946][ T4904] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.304993][ T4904] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1391'. [ 303.337216][ T24] audit: type=1400 audit(1746631206.770:3506): avc: denied { unlink } for pid=4903 comm="syz.3.1391" name="#e" dev="tmpfs" ino=1636 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 303.396051][ T24] audit: type=1400 audit(1746631206.770:3507): avc: denied { getattr } for pid=4903 comm="syz.3.1391" name="/" dev="incremental-fs" ino=1629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 303.524176][ T4918] erofs: (device loop2): mounted with root inode @ nid 36. [ 303.679021][ T367] usb 5-1: config index 0 descriptor too short (expected 3133, got 61) [ 303.690301][ T367] usb 5-1: config 0 has an invalid interface number: 156 but max is 1 [ 303.765711][ T367] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 303.806912][ T367] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 303.848008][ T367] usb 5-1: config 0 has no interface number 0 [ 303.884135][ T367] usb 5-1: config 0 interface 156 altsetting 0 bulk endpoint 0xA has invalid maxpacket 248 [ 304.031364][ T367] usb 5-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 304.043316][ T367] usb 5-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 304.043345][ T367] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 304.043359][ T367] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.058071][ T367] usb 5-1: config 0 descriptor?? [ 304.074394][ T4913] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 304.077920][ T4931] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 304.095256][ T367] usb 5-1: MIDIStreaming interface descriptor not found [ 304.310526][ T367] usb 5-1: USB disconnect, device number 25 [ 304.710745][ T4953] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 304.746663][ T4953] EXT4-fs (loop3): Mount option "dax=never" incompatible with ext3 [ 304.789222][ T4948] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 304.822640][ T4948] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 304.916927][ T4948] F2FS-fs (loop2): Found nat_bits in checkpoint [ 304.993160][ T4948] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 305.026860][ T4948] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 305.144035][ T271] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 305.144050][ T271] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 305.174583][ T271] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 305.212646][ T271] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 305.238637][ T271] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 305.246721][ T271] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 305.254494][ T271] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 305.732607][ T4980] FAULT_INJECTION: forcing a failure. [ 305.732607][ T4980] name failslab, interval 1, probability 0, space 0, times 0 [ 305.775559][ T4980] CPU: 0 PID: 4980 Comm: syz.4.1416 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 305.785663][ T4980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 305.795918][ T4980] Call Trace: [ 305.799330][ T4980] __dump_stack+0x21/0x24 [ 305.803669][ T4980] dump_stack_lvl+0x169/0x1d8 [ 305.808362][ T4980] ? show_regs_print_info+0x18/0x18 [ 305.813575][ T4980] dump_stack+0x15/0x1c [ 305.817756][ T4980] should_fail+0x3c1/0x510 [ 305.822184][ T4980] ? __build_skb+0x2d/0x310 [ 305.826705][ T4980] __should_failslab+0xa4/0xe0 [ 305.831481][ T4980] should_failslab+0x9/0x20 [ 305.835992][ T4980] kmem_cache_alloc+0x3d/0x2e0 [ 305.840793][ T4980] __build_skb+0x2d/0x310 [ 305.845143][ T4980] ? __kasan_check_write+0x14/0x20 [ 305.850265][ T4980] build_skb+0x24/0x200 [ 305.854428][ T4980] bpf_prog_test_run_skb+0x31d/0x10b0 [ 305.859815][ T4980] ? __kasan_check_write+0x14/0x20 [ 305.864956][ T4980] ? __bpf_prog_test_run_raw_tp+0x240/0x240 [ 305.870963][ T4980] bpf_prog_test_run+0x350/0x3c0 [ 305.875911][ T4980] __se_sys_bpf+0x49f/0x680 [ 305.880426][ T4980] ? __x64_sys_bpf+0x90/0x90 [ 305.885029][ T4980] ? fpu__clear_all+0x20/0x20 [ 305.889804][ T4980] __x64_sys_bpf+0x7b/0x90 [ 305.894231][ T4980] do_syscall_64+0x31/0x40 [ 305.900627][ T4980] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 305.908547][ T4980] RIP: 0033:0x7ff111478969 [ 305.912979][ T4980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.932591][ T4980] RSP: 002b:00007ff10fae1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 305.941016][ T4980] RAX: ffffffffffffffda RBX: 00007ff11169ffa0 RCX: 00007ff111478969 [ 305.949089][ T4980] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 305.957703][ T4980] RBP: 00007ff10fae1090 R08: 0000000000000000 R09: 0000000000000000 [ 305.965719][ T4980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.973969][ T4980] R13: 0000000000000000 R14: 00007ff11169ffa0 R15: 00007ffef20abfc8 [ 306.116988][ T4977] EXT4-fs (loop1): mounted filesystem without journal. Opts: resgid=0x0000000000000000,errors=continue,noblock_validity,,errors=continue [ 306.123090][ T4982] xt_NFQUEUE: number of total queues is 0 [ 306.246408][ T4993] FAULT_INJECTION: forcing a failure. [ 306.246408][ T4993] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 306.326480][ T4993] CPU: 1 PID: 4993 Comm: syz.2.1414 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 306.336620][ T4993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 306.346686][ T4993] Call Trace: [ 306.350104][ T4993] __dump_stack+0x21/0x24 [ 306.354472][ T4993] dump_stack_lvl+0x169/0x1d8 [ 306.359167][ T4993] ? thaw_kernel_threads+0x220/0x220 [ 306.364477][ T4993] ? vsnprintf+0x1871/0x1960 [ 306.369612][ T4993] ? show_regs_print_info+0x18/0x18 [ 306.374842][ T4993] dump_stack+0x15/0x1c [ 306.379037][ T4993] should_fail+0x3c1/0x510 [ 306.383494][ T4993] should_fail_usercopy+0x1a/0x20 [ 306.388657][ T4993] _copy_to_user+0x20/0x90 [ 306.393102][ T4993] simple_read_from_buffer+0xe9/0x160 [ 306.398496][ T4993] proc_fail_nth_read+0x19a/0x210 [ 306.403627][ T4993] ? proc_fault_inject_write+0x2f0/0x2f0 [ 306.409511][ T4993] ? rw_verify_area+0x1c0/0x360 [ 306.414476][ T4993] ? proc_fault_inject_write+0x2f0/0x2f0 [ 306.420138][ T4993] vfs_read+0x1fe/0xa10 [ 306.424419][ T4993] ? kernel_read+0x70/0x70 [ 306.428954][ T4993] ? do_preadv+0x27f/0x330 [ 306.433641][ T4993] ? __kasan_check_write+0x14/0x20 [ 306.438785][ T4993] ? mutex_lock+0x8c/0xe0 [ 306.443704][ T4993] ? mutex_trylock+0xa0/0xa0 [ 306.448313][ T4993] ? __fget_files+0x2c4/0x320 [ 306.453430][ T4993] ? __fdget_pos+0x2d2/0x380 [ 306.458119][ T4993] ? ksys_read+0x71/0x240 [ 306.462475][ T4993] ksys_read+0x140/0x240 [ 306.466745][ T4993] ? vfs_write+0xd60/0xd60 [ 306.471192][ T4993] ? fpu__clear_all+0x20/0x20 [ 306.475907][ T4993] __x64_sys_read+0x7b/0x90 [ 306.480967][ T4993] do_syscall_64+0x31/0x40 [ 306.485413][ T4993] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 306.491337][ T4993] RIP: 0033:0x7f4d36c0537c [ 306.496487][ T4993] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 306.516437][ T4993] RSP: 002b:00007f4d3526f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 306.525476][ T4993] RAX: ffffffffffffffda RBX: 00007f4d36e2dfa0 RCX: 00007f4d36c0537c [ 306.534631][ T4993] RDX: 000000000000000f RSI: 00007f4d3526f0a0 RDI: 0000000000000004 [ 306.542737][ T4993] RBP: 00007f4d3526f090 R08: 0000000000000000 R09: 0000000000000000 [ 306.550824][ T4993] R10: 000000000000ffff R11: 0000000000000246 R12: 0000000000000001 [ 306.559285][ T4993] R13: 0000000000000000 R14: 00007f4d36e2dfa0 R15: 00007ffd8dd96808 [ 306.567738][ T421] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 306.637608][ T5005] FAULT_INJECTION: forcing a failure. [ 306.637608][ T5005] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 306.644196][ T1434] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 306.651032][ T5005] CPU: 1 PID: 5005 Comm: syz.4.1424 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 306.668436][ T5005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 306.678518][ T5005] Call Trace: [ 306.681832][ T5005] __dump_stack+0x21/0x24 [ 306.686461][ T5005] dump_stack_lvl+0x169/0x1d8 [ 306.691275][ T5005] ? show_regs_print_info+0x18/0x18 [ 306.696515][ T5005] dump_stack+0x15/0x1c [ 306.700734][ T5005] should_fail+0x3c1/0x510 [ 306.705357][ T5005] should_fail_usercopy+0x1a/0x20 [ 306.710930][ T5005] _copy_from_iter+0x1d1/0x9f0 [ 306.715736][ T5005] ? __kasan_check_read+0x11/0x20 [ 306.720923][ T5005] ? __check_object_size+0x2f4/0x3c0 [ 306.726233][ T5005] skb_copy_datagram_from_iter+0xfa/0x6b0 [ 306.731974][ T5005] tun_get_user+0x140a/0x3090 [ 306.736668][ T5005] ? __x64_sys_openat+0x136/0x160 [ 306.741753][ T5005] ? tun_do_read+0x1c00/0x1c00 [ 306.746533][ T5005] ? kstrtouint_from_user+0x1a0/0x200 [ 306.751923][ T5005] ? __fsnotify_parent+0x5f5/0x6c0 [ 306.757057][ T5005] ? avc_policy_seqno+0x1b/0x70 [ 306.762111][ T5005] ? selinux_file_permission+0x2a5/0x510 [ 306.767770][ T5005] ? fsnotify_perm+0x66/0x4b0 [ 306.772494][ T5005] tun_chr_write_iter+0x1bf/0x270 [ 306.777681][ T5005] vfs_write+0x725/0xd60 [ 306.781950][ T5005] ? __bpf_trace_kmem_free+0x6f/0x90 [ 306.787260][ T5005] ? kernel_write+0x3c0/0x3c0 [ 306.792077][ T5005] ? __fget_files+0x2c4/0x320 [ 306.796753][ T5005] ? __fdget_pos+0x1f7/0x380 [ 306.801442][ T5005] ? ksys_write+0x71/0x240 [ 306.805865][ T5005] ksys_write+0x140/0x240 [ 306.810352][ T5005] ? __ia32_sys_read+0x90/0x90 [ 306.815116][ T5005] ? fpu__clear_all+0x20/0x20 [ 306.819886][ T5005] __x64_sys_write+0x7b/0x90 [ 306.825342][ T5005] do_syscall_64+0x31/0x40 [ 306.830701][ T5005] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 306.837112][ T5005] RIP: 0033:0x7ff111478969 [ 306.841663][ T5005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.861670][ T5005] RSP: 002b:00007ff10fae1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 306.870073][ T5005] RAX: ffffffffffffffda RBX: 00007ff11169ffa0 RCX: 00007ff111478969 [ 306.878054][ T5005] RDX: 000000000000fe3a RSI: 0000200000000000 RDI: 0000000000000005 [ 306.886149][ T5005] RBP: 00007ff10fae1090 R08: 0000000000000000 R09: 0000000000000000 [ 306.894124][ T5005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 306.902093][ T5005] R13: 0000000000000000 R14: 00007ff11169ffa0 R15: 00007ffef20abfc8 [ 306.968568][ T5003] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 306.974316][ T421] usb 2-1: unable to get BOS descriptor or descriptor too short [ 306.978883][ T5003] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 306.993783][ T5003] F2FS-fs (loop2): invalid crc value [ 307.024412][ T1434] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 307.038699][ T5003] F2FS-fs (loop2): Found nat_bits in checkpoint [ 307.045470][ T1434] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 307.055696][ T1434] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.068185][ T1434] usb 4-1: config 0 descriptor?? [ 307.094304][ T421] usb 2-1: config 1 interface 0 altsetting 14 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 307.110387][ T421] usb 2-1: config 1 interface 0 has no altsetting 0 [ 307.121181][ T5003] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 307.128536][ T5003] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 307.194453][ T5015] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1426'. [ 307.203705][ T5015] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1426'. [ 307.274315][ T421] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 307.283447][ T421] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.291726][ T421] usb 2-1: Product: syz [ 307.296076][ T421] usb 2-1: Manufacturer: syz [ 307.300710][ T421] usb 2-1: SerialNumber: syz [ 307.314242][ T367] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 307.438918][ T668] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 307.447911][ T668] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 307.555136][ T1434] keytouch 0003:0926:3333.003A: fixing up Keytouch IEC report descriptor [ 307.566435][ T1434] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.003A/input/input40 [ 307.591430][ T367] usb 5-1: Using ep0 maxpacket: 32 [ 307.647085][ T24] kauditd_printk_skb: 42 callbacks suppressed [ 307.647100][ T24] audit: type=1400 audit(1746631211.080:3550): avc: denied { read } for pid=80 comm="acpid" name="event3" dev="devtmpfs" ino=1174 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 307.647508][ T1434] keytouch 0003:0926:3333.003A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 307.653579][ T24] audit: type=1400 audit(1746631211.080:3551): avc: denied { open } for pid=80 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1174 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 307.712170][ T24] audit: type=1400 audit(1746631211.080:3552): avc: denied { ioctl } for pid=80 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1174 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 307.754292][ T367] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 307.785941][ T367] usb 5-1: config 0 has no interface number 0 [ 308.074278][ T367] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 308.083376][ T367] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.091760][ T367] usb 5-1: Product: syz [ 308.096174][ T367] usb 5-1: Manufacturer: syz [ 308.100786][ T367] usb 5-1: SerialNumber: syz [ 308.111765][ T367] usb 5-1: config 0 descriptor?? [ 308.155251][ T367] smsc95xx v2.0.0 [ 308.194708][ T24] audit: type=1400 audit(1746631211.630:3553): avc: denied { create } for pid=5025 comm="syz.0.1430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 308.214852][ T24] audit: type=1400 audit(1746631211.630:3554): avc: denied { write } for pid=5025 comm="syz.0.1430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 308.234435][ T24] audit: type=1400 audit(1746631211.630:3555): avc: denied { bind } for pid=5025 comm="syz.0.1430" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 308.255067][ T24] audit: type=1400 audit(1746631211.630:3556): avc: denied { name_bind } for pid=5025 comm="syz.0.1430" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 308.276172][ T24] audit: type=1400 audit(1746631211.630:3557): avc: denied { node_bind } for pid=5025 comm="syz.0.1430" saddr=255.255.255.255 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 308.536778][ T1434] usb 4-1: USB disconnect, device number 28 [ 308.764937][ T421] usbhid 2-1:1.0: can't add hid device: -22 [ 308.771835][ T421] usbhid: probe of 2-1:1.0 failed with error -22 [ 308.809459][ T421] usb 2-1: USB disconnect, device number 29 [ 309.298321][ T5038] FAULT_INJECTION: forcing a failure. [ 309.298321][ T5038] name failslab, interval 1, probability 0, space 0, times 0 [ 309.386143][ T5038] CPU: 0 PID: 5038 Comm: syz.3.1432 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 309.396601][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 309.406864][ T5038] Call Trace: [ 309.410202][ T5038] __dump_stack+0x21/0x24 [ 309.414556][ T5038] dump_stack_lvl+0x169/0x1d8 [ 309.419243][ T5038] ? show_regs_print_info+0x18/0x18 [ 309.424484][ T5038] dump_stack+0x15/0x1c [ 309.428659][ T5038] should_fail+0x3c1/0x510 [ 309.433087][ T5038] ? __build_skb+0x2d/0x310 [ 309.438150][ T5038] __should_failslab+0xa4/0xe0 [ 309.442953][ T5038] should_failslab+0x9/0x20 [ 309.447473][ T5038] kmem_cache_alloc+0x3d/0x2e0 [ 309.452250][ T5038] __build_skb+0x2d/0x310 [ 309.456585][ T5038] ? __kasan_check_write+0x14/0x20 [ 309.461705][ T5038] build_skb+0x24/0x200 [ 309.465888][ T5038] bpf_prog_test_run_skb+0x31d/0x10b0 [ 309.471289][ T5038] ? __kasan_check_write+0x14/0x20 [ 309.476420][ T5038] ? __bpf_prog_test_run_raw_tp+0x240/0x240 [ 309.482349][ T5038] bpf_prog_test_run+0x350/0x3c0 [ 309.487470][ T5038] __se_sys_bpf+0x49f/0x680 [ 309.491997][ T5038] ? __x64_sys_bpf+0x90/0x90 [ 309.496718][ T5038] ? fpu__clear_all+0x20/0x20 [ 309.501413][ T5038] __x64_sys_bpf+0x7b/0x90 [ 309.502471][ T367] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -61 [ 309.505932][ T5038] do_syscall_64+0x31/0x40 [ 309.505949][ T5038] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 309.505970][ T5038] RIP: 0033:0x7f01d46ed969 [ 309.523233][ T367] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 309.527290][ T5038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.527299][ T5038] RSP: 002b:00007f01d2d56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 309.527315][ T5038] RAX: ffffffffffffffda RBX: 00007f01d4914fa0 RCX: 00007f01d46ed969 [ 309.527323][ T5038] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 309.527331][ T5038] RBP: 00007f01d2d56090 R08: 0000000000000000 R09: 0000000000000000 [ 309.527337][ T5038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 309.527357][ T5038] R13: 0000000000000000 R14: 00007f01d4914fa0 R15: 00007ffd4a6cb248 [ 309.635892][ T5041] EXT4-fs (loop2): Ignoring removed nobh option [ 309.642662][ T5041] EXT4-fs (loop2): Ignoring removed bh option [ 309.644339][ T367] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 309.659765][ T5041] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 309.702581][ T5048] EXT4-fs (loop3): unable to read superblock [ 309.709489][ T367] smsc95xx: probe of 5-1:0.67 failed with error -61 [ 309.719457][ T5041] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 309.913002][ T367] usb 5-1: USB disconnect, device number 26 [ 310.280412][ T5064] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1438'. [ 310.289539][ T5064] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1438'. [ 310.383761][ T24] audit: type=1400 audit(1746631213.750:3558): avc: denied { write } for pid=5056 comm="syz.3.1439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 312.366399][ T367] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 312.443266][ T5094] FAULT_INJECTION: forcing a failure. [ 312.443266][ T5094] name failslab, interval 1, probability 0, space 0, times 0 [ 312.469381][ T5094] CPU: 1 PID: 5094 Comm: syz.2.1450 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 312.479296][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 312.489355][ T5094] Call Trace: [ 312.492658][ T5094] __dump_stack+0x21/0x24 [ 312.496991][ T5094] dump_stack_lvl+0x169/0x1d8 [ 312.501676][ T5094] ? thaw_kernel_threads+0x220/0x220 [ 312.507153][ T5094] ? show_regs_print_info+0x18/0x18 [ 312.515200][ T5094] ? unwind_get_return_address+0x4d/0x90 [ 312.520880][ T5094] ? stack_trace_save+0xe0/0xe0 [ 312.525745][ T5094] dump_stack+0x15/0x1c [ 312.529918][ T5094] should_fail+0x3c1/0x510 [ 312.534776][ T5094] ? __alloc_skb+0x9e/0x520 [ 312.539416][ T5094] __should_failslab+0xa4/0xe0 [ 312.544293][ T5094] should_failslab+0x9/0x20 [ 312.550845][ T5094] kmem_cache_alloc+0x3d/0x2e0 [ 312.555630][ T5094] __alloc_skb+0x9e/0x520 [ 312.560019][ T5094] ? __kasan_slab_alloc+0xcf/0xf0 [ 312.565071][ T5094] ? slab_post_alloc_hook+0x5d/0x2f0 [ 312.570567][ T5094] ? kmem_cache_alloc+0x165/0x2e0 [ 312.575695][ T5094] ? __alloc_skb+0x9e/0x520 [ 312.580477][ T5094] __pskb_copy_fclone+0xa6/0xf70 [ 312.585444][ T5094] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 312.591542][ T5094] tipc_clone_to_loopback+0xfd/0x480 [ 312.596881][ T5094] tipc_node_xmit+0xadd/0xcd0 [ 312.601568][ T5094] ? tipc_node_get_linkname+0x1a0/0x1a0 [ 312.607115][ T5094] ? slab_post_alloc_hook+0x7d/0x2f0 [ 312.612410][ T5094] ? tipc_msg_create+0x44/0x550 [ 312.617259][ T5094] ? tipc_msg_create+0x44/0x550 [ 312.622108][ T5094] ? __kmalloc_track_caller+0x181/0x320 [ 312.627651][ T5094] ? kmem_cache_alloc+0x165/0x2e0 [ 312.632678][ T5094] tipc_node_xmit_skb+0xe9/0x130 [ 312.637614][ T5094] ? skb_put+0x10e/0x1f0 [ 312.641873][ T5094] ? __skb_queue_purge+0x170/0x170 [ 312.646992][ T5094] ? tipc_msg_create+0x2ee/0x550 [ 312.651982][ T5094] tipc_sk_send_ack+0x38c/0x630 [ 312.657094][ T5094] tipc_recvmsg+0xc62/0x13a0 [ 312.661831][ T5094] ? tipc_send_packet+0xa0/0xa0 [ 312.667666][ T5094] ? security_socket_recvmsg+0x87/0xb0 [ 312.673675][ T5094] ? tipc_send_packet+0xa0/0xa0 [ 312.678555][ T5094] ____sys_recvmsg+0x291/0x580 [ 312.683347][ T5094] ? __sys_recvmsg_sock+0x50/0x50 [ 312.688383][ T5094] ? import_iovec+0x7c/0xb0 [ 312.692905][ T5094] ___sys_recvmsg+0x1af/0x4f0 [ 312.697600][ T5094] ? __sys_recvmsg+0x250/0x250 [ 312.702405][ T5094] ? __fdget+0x1a1/0x230 [ 312.706654][ T5094] __x64_sys_recvmsg+0x1dd/0x2a0 [ 312.711772][ T5094] ? fput+0x1a/0x20 [ 312.715589][ T5094] ? ___sys_recvmsg+0x4f0/0x4f0 [ 312.720453][ T5094] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 312.726531][ T5094] do_syscall_64+0x31/0x40 [ 312.730973][ T5094] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 312.736869][ T5094] RIP: 0033:0x7f4d36c06969 [ 312.741291][ T5094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.760986][ T5094] RSP: 002b:00007f4d3526f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 312.769408][ T5094] RAX: ffffffffffffffda RBX: 00007f4d36e2dfa0 RCX: 00007f4d36c06969 [ 312.777387][ T5094] RDX: 0000000000000000 RSI: 0000200000000900 RDI: 0000000000000003 [ 312.785360][ T5094] RBP: 00007f4d3526f090 R08: 0000000000000000 R09: 0000000000000000 [ 312.793330][ T5094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.801379][ T5094] R13: 0000000000000000 R14: 00007f4d36e2dfa0 R15: 00007ffd8dd96808 [ 312.827978][ T24] audit: type=1400 audit(1746631216.250:3559): avc: denied { write } for pid=77 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 312.850503][ T5092] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 312.869241][ T24] audit: type=1400 audit(1746631216.250:3560): avc: denied { remove_name } for pid=77 comm="syslogd" name="messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 312.873419][ T5092] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 312.892136][ T24] audit: type=1400 audit(1746631216.250:3561): avc: denied { rename } for pid=77 comm="syslogd" name="messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 312.923588][ T24] audit: type=1400 audit(1746631216.250:3562): avc: denied { add_name } for pid=77 comm="syslogd" name="messages.0" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 312.947003][ T24] audit: type=1400 audit(1746631216.250:3563): avc: denied { unlink } for pid=77 comm="syslogd" name="messages.0" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 312.976851][ T24] audit: type=1400 audit(1746631216.250:3564): avc: denied { create } for pid=77 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 312.983990][ T1434] hid-generic 0000:0000:0000.003B: unknown main item tag 0x0 [ 312.998161][ T367] usb 5-1: device descriptor read/64, error -71 [ 313.005837][ T1434] hid-generic 0000:0000:0000.003B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 313.012610][ T5092] F2FS-fs (loop1): Found nat_bits in checkpoint [ 313.049717][ T5092] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 313.056830][ T5092] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 313.112883][ T5104] device veth1_macvtap left promiscuous mode [ 313.122881][ T5104] device macsec0 entered promiscuous mode [ 313.260632][ T5116] FAULT_INJECTION: forcing a failure. [ 313.260632][ T5116] name failslab, interval 1, probability 0, space 0, times 0 [ 313.273365][ T5116] CPU: 1 PID: 5116 Comm: syz.1.1449 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 313.283249][ T5116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 313.293299][ T5116] Call Trace: [ 313.296602][ T5116] __dump_stack+0x21/0x24 [ 313.300936][ T5116] dump_stack_lvl+0x169/0x1d8 [ 313.305615][ T5116] ? show_regs_print_info+0x18/0x18 [ 313.310817][ T5116] ? __this_cpu_preempt_check+0x13/0x20 [ 313.316363][ T5116] dump_stack+0x15/0x1c [ 313.320512][ T5116] should_fail+0x3c1/0x510 [ 313.324926][ T5116] ? avc_alloc_node+0x7e/0x320 [ 313.329691][ T5116] __should_failslab+0xa4/0xe0 [ 313.334460][ T5116] should_failslab+0x9/0x20 [ 313.338957][ T5116] kmem_cache_alloc+0x3d/0x2e0 [ 313.343718][ T5116] avc_alloc_node+0x7e/0x320 [ 313.348304][ T5116] ? release_firmware_map_entry+0x190/0x190 [ 313.354195][ T5116] ? __kasan_check_write+0x14/0x20 [ 313.359326][ T5116] ? __switch_to+0x50f/0xfc0 [ 313.363924][ T5116] ? avc_xperms_free+0x270/0x270 [ 313.364678][ T314] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 313.368885][ T5116] ? __kasan_check_read+0x11/0x20 [ 313.381443][ T5116] ? preempt_schedule_irq+0xbb/0x110 [ 313.386727][ T5116] ? preempt_schedule_notrace+0x110/0x110 [ 313.392456][ T5116] avc_update_node+0x50/0x720 [ 313.397136][ T5116] ? irqentry_exit+0x56/0x60 [ 313.401715][ T5116] ? sysvec_reschedule_ipi+0x69/0x70 [ 313.406989][ T5116] avc_denied+0x132/0x1b0 [ 313.411314][ T5116] avc_has_perm+0x2fb/0x360 [ 313.415809][ T5116] ? avc_has_perm_noaudit+0x240/0x240 [ 313.421170][ T5116] ? avc_has_perm_noaudit+0x158/0x240 [ 313.426538][ T5116] ? __kasan_check_read+0x11/0x20 [ 313.431549][ T5116] ? preempt_schedule_irq+0xbb/0x110 [ 313.436819][ T5116] may_link+0x3cf/0x540 [ 313.440958][ T5116] ? may_create+0x7c0/0x7c0 [ 313.445451][ T5116] selinux_inode_link+0x1f/0x30 [ 313.450287][ T5116] security_inode_link+0xc7/0x120 [ 313.455319][ T5116] vfs_link+0x530/0x880 [ 313.459462][ T5116] do_linkat+0x381/0x660 [ 313.463696][ T5116] __x64_sys_link+0x68/0x80 [ 313.468190][ T5116] do_syscall_64+0x31/0x40 [ 313.472594][ T5116] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 313.478493][ T5116] RIP: 0033:0x7f670e44f969 [ 313.482894][ T5116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.502486][ T5116] RSP: 002b:00007f670ca76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056 [ 313.510889][ T5116] RAX: ffffffffffffffda RBX: 00007f670e677160 RCX: 00007f670e44f969 [ 313.518938][ T5116] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 313.526937][ T5116] RBP: 00007f670ca76090 R08: 0000000000000000 R09: 0000000000000000 [ 313.535590][ T5116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 313.543556][ T5116] R13: 0000000000000000 R14: 00007f670e677160 R15: 00007ffe2abaa168 [ 313.552571][ T24] audit: type=1400 audit(1880848944.979:3565): avc: denied { link } for pid=5091 comm="syz.1.1449" name="file1" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 313.631043][ T24] audit: type=1400 audit(1880848945.059:3566): avc: denied { setopt } for pid=5115 comm="syz.2.1456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 313.694495][ T367] usb 5-1: device descriptor read/64, error -71 [ 313.722734][ T5119] device syzkaller0 entered promiscuous mode [ 313.730226][ T5119] FAULT_INJECTION: forcing a failure. [ 313.730226][ T5119] name failslab, interval 1, probability 0, space 0, times 0 [ 313.743523][ T5119] CPU: 1 PID: 5119 Comm: syz.2.1457 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 313.753414][ T5119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 313.763464][ T5119] Call Trace: [ 313.766749][ T5119] __dump_stack+0x21/0x24 [ 313.771063][ T5119] dump_stack_lvl+0x169/0x1d8 [ 313.775735][ T5119] ? thaw_kernel_threads+0x220/0x220 [ 313.781020][ T5119] ? show_regs_print_info+0x18/0x18 [ 313.786206][ T5119] dump_stack+0x15/0x1c [ 313.790349][ T5119] should_fail+0x3c1/0x510 [ 313.794750][ T5119] ? tun_device_event+0x4e7/0xf20 [ 313.799762][ T5119] __should_failslab+0xa4/0xe0 [ 313.804524][ T5119] should_failslab+0x9/0x20 [ 313.809034][ T5119] __kmalloc+0x60/0x330 [ 313.813186][ T5119] ? tun_device_event+0x15d/0xf20 [ 313.818206][ T5119] tun_device_event+0x4e7/0xf20 [ 313.823041][ T5119] ? __kasan_check_read+0x11/0x20 [ 313.828071][ T5119] ? macsec_notify+0xff/0x490 [ 313.832732][ T5119] ? macsec_common_dellink+0x430/0x430 [ 313.838199][ T5119] raw_notifier_call_chain+0x90/0x100 [ 313.843553][ T5119] dev_change_tx_queue_len+0x1af/0x330 [ 313.848994][ T5119] ? dev_set_mtu+0xc0/0xc0 [ 313.853401][ T5119] dev_ifsioc+0x607/0xa50 [ 313.857712][ T5119] ? dev_ioctl+0xb80/0xb80 [ 313.862118][ T5119] dev_ioctl+0x550/0xb80 [ 313.866346][ T5119] sock_do_ioctl+0x235/0x330 [ 313.870934][ T5119] ? __bpf_trace_kmem_free+0x6f/0x90 [ 313.876202][ T5119] ? sock_show_fdinfo+0xa0/0xa0 [ 313.881042][ T5119] ? selinux_file_ioctl+0x377/0x480 [ 313.886223][ T5119] ? mutex_trylock+0xa0/0xa0 [ 313.890794][ T5119] ? __fget_files+0x2c4/0x320 [ 313.895453][ T5119] sock_ioctl+0x504/0x710 [ 313.899785][ T5119] ? sock_poll+0x360/0x360 [ 313.904186][ T5119] ? __fget_files+0x2c4/0x320 [ 313.908847][ T5119] ? security_file_ioctl+0x84/0xa0 [ 313.913959][ T5119] ? sock_poll+0x360/0x360 [ 313.918360][ T5119] __se_sys_ioctl+0x121/0x1a0 [ 313.923022][ T5119] __x64_sys_ioctl+0x7b/0x90 [ 313.927598][ T5119] do_syscall_64+0x31/0x40 [ 313.932260][ T5119] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 313.938132][ T5119] RIP: 0033:0x7f4d36c06969 [ 313.942538][ T5119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.962126][ T5119] RSP: 002b:00007f4d3526f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 313.970525][ T5119] RAX: ffffffffffffffda RBX: 00007f4d36e2dfa0 RCX: 00007f4d36c06969 [ 313.978483][ T5119] RDX: 0000200000002280 RSI: 0000000000008943 RDI: 0000000000000006 [ 313.986441][ T5119] RBP: 00007f4d3526f090 R08: 0000000000000000 R09: 0000000000000000 [ 313.994397][ T5119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 314.002353][ T5119] R13: 0000000000000000 R14: 00007f4d36e2dfa0 R15: 00007ffd8dd96808 [ 314.018640][ T5119] syzkaller0: refused to change device tx_queue_len [ 314.129536][ T24] audit: type=1400 audit(1880848945.559:3567): avc: denied { map_create } for pid=5125 comm="syz.2.1460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 314.154379][ T24] audit: type=1400 audit(1880848945.559:3568): avc: denied { read write } for pid=270 comm="syz-executor" name="loop1" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 314.452992][ T367] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 314.602489][ T314] usb 1-1: config 1 interface 0 altsetting 7 bulk endpoint 0x82 has invalid maxpacket 8 [ 314.613415][ T314] usb 1-1: config 1 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 1023 [ 314.625026][ T314] usb 1-1: config 1 interface 0 has no altsetting 0 [ 315.005249][ T314] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 315.014408][ T314] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.022399][ T314] usb 1-1: Product: ы [ 315.026533][ T314] usb 1-1: Manufacturer: 瘵톽쏀ꥋ铋龏걜캳Ň书净煌豭吅ꔄ᱊글衢搄ݰ켘䰑묨础林Ū쪮㺥뗬쿰쩛ﬧꡦ杺圭磑寕麀ꈒ큑诽蓁๘瘭ꤕ䕃⟺ճఫ⿵ᩏ肋䂌癙婀꿝围⢁슩럠὜嚥亇軔뾞돴⨫磫狩㞶茦䴙휒倗쟎竍쇔矣쀅㠩䕻ꀾꓜꅚ刜瓗Я墍䓰㦊㻑樟ꡏ❮前訏셰犠嵆챋 [ 315.118998][ T314] usb 1-1: SerialNumber: 碹➁ၻʌ龥୩⠩⎋픉檅㓪▞ᇪ◪ꌯ똄䂱୒ꗱ얅憥᭠ﭪͱ鰣鬻䞸쏥᙭⣻䛍淔ﰀ슰঎沂Ἆ풝ឮṉ⫔퓡ㆵ屷懴錯糖ਧ麋즉칁‛ꕼ纴՝ᮧ凐탗⍑ỵ [ 315.151421][ T5141] FAULT_INJECTION: forcing a failure. [ 315.151421][ T5141] name failslab, interval 1, probability 0, space 0, times 0 [ 315.164321][ T5103] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 315.171584][ T5103] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 315.179335][ T5141] CPU: 1 PID: 5141 Comm: syz.2.1465 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 315.189321][ T5141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 315.198984][ T5128] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 315.199382][ T5141] Call Trace: [ 315.210637][ T5141] __dump_stack+0x21/0x24 [ 315.214230][ T5128] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 315.215186][ T5141] dump_stack_lvl+0x169/0x1d8 [ 315.215208][ T5141] ? show_regs_print_info+0x18/0x18 [ 315.224844][ T5128] F2FS-fs (loop1): invalid crc value [ 315.228011][ T5141] dump_stack+0x15/0x1c [ 315.236431][ T5128] F2FS-fs (loop1): Found nat_bits in checkpoint [ 315.238452][ T5141] should_fail+0x3c1/0x510 [ 315.238473][ T5141] ? __build_skb+0x2d/0x310 [ 315.257720][ T5141] __should_failslab+0xa4/0xe0 [ 315.262484][ T5141] should_failslab+0x9/0x20 [ 315.266993][ T5141] kmem_cache_alloc+0x3d/0x2e0 [ 315.271756][ T5141] __build_skb+0x2d/0x310 [ 315.276092][ T5141] ? __kasan_check_write+0x14/0x20 [ 315.277944][ T5128] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 315.281204][ T5141] build_skb+0x24/0x200 [ 315.281226][ T5141] bpf_prog_test_run_skb+0x31d/0x10b0 [ 315.288363][ T5128] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 315.292365][ T5141] ? __kasan_check_write+0x14/0x20 [ 315.292386][ T5141] ? __bpf_prog_test_run_raw_tp+0x240/0x240 [ 315.316241][ T5141] bpf_prog_test_run+0x350/0x3c0 [ 315.321174][ T5141] __se_sys_bpf+0x49f/0x680 [ 315.325665][ T5141] ? __x64_sys_bpf+0x90/0x90 [ 315.330242][ T5141] ? fpu__clear_all+0x20/0x20 [ 315.335003][ T5141] __x64_sys_bpf+0x7b/0x90 [ 315.339408][ T5141] do_syscall_64+0x31/0x40 [ 315.343915][ T5141] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 315.349793][ T5141] RIP: 0033:0x7f4d36c06969 [ 315.354195][ T5141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.373876][ T5141] RSP: 002b:00007f4d3526f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 315.382275][ T5141] RAX: ffffffffffffffda RBX: 00007f4d36e2dfa0 RCX: 00007f4d36c06969 [ 315.390231][ T5141] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 315.398190][ T5141] RBP: 00007f4d3526f090 R08: 0000000000000000 R09: 0000000000000000 [ 315.406148][ T5141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.414105][ T5141] R13: 0000000000000000 R14: 00007f4d36e2dfa0 R15: 00007ffd8dd96808 [ 315.436540][ T5103] udc-core: couldn't find an available UDC or it's busy [ 315.443534][ T5103] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 315.463162][ T5151] FAULT_INJECTION: forcing a failure. [ 315.463162][ T5151] name failslab, interval 1, probability 0, space 0, times 0 [ 315.475874][ T5151] CPU: 1 PID: 5151 Comm: syz.3.1467 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 315.485780][ T5151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 315.495828][ T5151] Call Trace: [ 315.499120][ T5151] __dump_stack+0x21/0x24 [ 315.503438][ T5151] dump_stack_lvl+0x169/0x1d8 [ 315.508105][ T5151] ? thaw_kernel_threads+0x220/0x220 [ 315.513375][ T5151] ? show_regs_print_info+0x18/0x18 [ 315.518560][ T5151] ? get_page_from_freelist+0x2235/0x23d0 [ 315.524262][ T5151] ? __alloc_pages_nodemask+0x268/0x5f0 [ 315.529791][ T5151] ? pagecache_get_page+0x642/0x930 [ 315.534973][ T5151] ? simple_write_begin+0x36/0x290 [ 315.540066][ T5151] ? generic_perform_write+0x2be/0x510 [ 315.545508][ T5151] dump_stack+0x15/0x1c [ 315.549651][ T5151] should_fail+0x3c1/0x510 [ 315.554053][ T5151] ? xas_create+0x566/0x1450 [ 315.558626][ T5151] __should_failslab+0xa4/0xe0 [ 315.563372][ T5151] should_failslab+0x9/0x20 [ 315.567860][ T5151] kmem_cache_alloc+0x3d/0x2e0 [ 315.572608][ T5151] xas_create+0x566/0x1450 [ 315.577010][ T5151] xas_store+0x9c/0x17f0 [ 315.581234][ T5151] ? xas_start+0x26e/0x360 [ 315.585636][ T5151] ? xas_find_conflict+0x720/0x800 [ 315.590736][ T5151] __add_to_page_cache_locked+0x45d/0x980 [ 315.596439][ T5151] ? put_page+0xd0/0xd0 [ 315.600577][ T5151] ? workingset_activation+0x250/0x250 [ 315.606023][ T5151] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 315.611549][ T5151] ? find_get_entry+0x366/0x3c0 [ 315.616384][ T5151] ? page_cache_prev_miss+0x270/0x270 [ 315.621741][ T5151] ? add_to_page_cache_lru+0x186/0x210 [ 315.627186][ T5151] add_to_page_cache_lru+0xa7/0x210 [ 315.632367][ T5151] pagecache_get_page+0x704/0x930 [ 315.637377][ T5151] grab_cache_page_write_begin+0x59/0xb0 [ 315.642996][ T5151] simple_write_begin+0x36/0x290 [ 315.647922][ T5151] generic_perform_write+0x2be/0x510 [ 315.653214][ T5151] ? atime_needs_update+0x5b0/0x5b0 [ 315.658400][ T5151] ? grab_cache_page_write_begin+0xb0/0xb0 [ 315.664196][ T5151] ? file_remove_privs+0x580/0x580 [ 315.669300][ T5151] ? __fsnotify_parent+0x5f5/0x6c0 [ 315.674395][ T5151] ? __kasan_check_write+0x14/0x20 [ 315.679488][ T5151] ? down_write+0xac/0x110 [ 315.683891][ T5151] __generic_file_write_iter+0x24b/0x480 [ 315.689509][ T5151] ? generic_write_checks+0x3d4/0x480 [ 315.694869][ T5151] generic_file_write_iter+0xa9/0x1d0 [ 315.700229][ T5151] vfs_write+0x725/0xd60 [ 315.704493][ T5151] ? kernel_write+0x3c0/0x3c0 [ 315.709158][ T5151] ? mutex_trylock+0xa0/0xa0 [ 315.713731][ T5151] ? __fget_files+0x2c4/0x320 [ 315.718438][ T5151] ? __fdget_pos+0x2d2/0x380 [ 315.723011][ T5151] ? ksys_write+0x71/0x240 [ 315.727414][ T5151] ksys_write+0x140/0x240 [ 315.731730][ T5151] ? __ia32_sys_read+0x90/0x90 [ 315.736481][ T5151] ? fpu__clear_all+0x20/0x20 [ 315.741142][ T5151] __x64_sys_write+0x7b/0x90 [ 315.745724][ T5151] do_syscall_64+0x31/0x40 [ 315.750127][ T5151] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 315.756099][ T5151] RIP: 0033:0x7f01d46ed969 [ 315.760503][ T5151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.780176][ T5151] RSP: 002b:00007f01d2d56038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 315.788576][ T5151] RAX: ffffffffffffffda RBX: 00007f01d4914fa0 RCX: 00007f01d46ed969 [ 315.796532][ T5151] RDX: 000000000208e24b RSI: 0000200000000000 RDI: 0000000000000005 [ 315.804491][ T5151] RBP: 00007f01d2d56090 R08: 0000000000000000 R09: 0000000000000000 [ 315.812455][ T5151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.820416][ T5151] R13: 0000000000000000 R14: 00007f01d4914fa0 R15: 00007ffd4a6cb248 [ 315.834792][ T5152] udc-core: couldn't find an available UDC or it's busy [ 315.841762][ T5152] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 315.859661][ T9] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 315.876530][ T9] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 315.894473][ T314] usb 1-1: bad CDC descriptors [ 315.918402][ T314] usb 1-1: USB disconnect, device number 25 [ 316.309212][ T5167] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1472'. [ 316.318252][ T5167] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1472'. [ 316.484169][ T314] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 316.724189][ T314] usb 1-1: Using ep0 maxpacket: 16 [ 316.844242][ T314] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 316.854446][ T314] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 316.863336][ T314] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 317.144254][ T314] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 317.220825][ T367] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 317.228387][ T314] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.234839][ T367] hid-generic 0000:0000:0000.003C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 317.254373][ T314] usb 1-1: Product: syz [ 317.263933][ T314] usb 1-1: Manufacturer: syz [ 317.292557][ T314] usb 1-1: rejected 1 configuration due to insufficient available bus power [ 317.324204][ T314] usb 1-1: no configuration chosen from 1 choice [ 317.345968][ T314] usb 1-1: USB disconnect, device number 26 [ 318.595634][ T5186] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 318.612808][ T5186] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 318.625705][ T5186] F2FS-fs (loop1): invalid crc value [ 318.636518][ T5204] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 318.651159][ T5213] erofs: (device loop3): mounted with root inode @ nid 36. [ 318.666473][ T5204] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 318.677707][ T5186] F2FS-fs (loop1): Found nat_bits in checkpoint [ 318.728233][ T5204] F2FS-fs (loop2): Found nat_bits in checkpoint [ 318.799866][ T5186] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 318.808190][ T5186] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 318.846269][ T5204] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 318.858559][ T5204] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 318.911654][ T24] kauditd_printk_skb: 64 callbacks suppressed [ 318.911670][ T24] audit: type=1400 audit(1880848950.319:3633): avc: denied { append } for pid=5203 comm="syz.2.1483" path="/297/bus/file1" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 319.245279][ T24] audit: type=1400 audit(1880848950.429:3634): avc: denied { create } for pid=5212 comm="syz.3.1486" dev="anon_inodefs" ino=31797 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 319.290281][ T24] audit: type=1400 audit(1880848950.439:3635): avc: denied { create } for pid=5212 comm="syz.3.1486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 319.333754][ T668] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 319.395473][ T668] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 319.408711][ T24] audit: type=1400 audit(1880848950.449:3636): avc: denied { ioctl } for pid=5212 comm="syz.3.1486" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=31797 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 319.439902][ T24] audit: type=1400 audit(1880848950.459:3637): avc: denied { create } for pid=5212 comm="syz.3.1486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 319.495965][ T24] audit: type=1400 audit(1880848950.469:3638): avc: denied { bind } for pid=5212 comm="syz.3.1486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 319.515696][ T24] audit: type=1400 audit(1880848950.469:3639): avc: denied { name_bind } for pid=5212 comm="syz.3.1486" src=607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 319.585325][ T24] audit: type=1400 audit(1880848950.469:3640): avc: denied { node_bind } for pid=5212 comm="syz.3.1486" saddr=::700:0:0:0 src=607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 319.621767][ T24] audit: type=1400 audit(1880848950.699:3641): avc: denied { ioctl } for pid=5203 comm="syz.2.1483" path="/297/bus/file1" dev="loop2" ino=10 ioctlcmd=0xf501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 319.771926][ T24] audit: type=1400 audit(1880848950.699:3642): avc: denied { link } for pid=5203 comm="syz.2.1483" name="file1" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 320.182177][ T5248] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1488'. [ 320.191846][ T5248] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1488'. [ 320.434711][ T5258] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1494'. [ 320.443787][ T5258] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1494'. [ 320.462934][ T367] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 320.724193][ T367] usb 4-1: Using ep0 maxpacket: 16 [ 320.884239][ T367] usb 4-1: unable to get BOS descriptor or descriptor too short [ 320.984300][ T367] usb 4-1: config 7 has an invalid interface number: 142 but max is 0 [ 320.988388][ T5267] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000004739,inode_readahead_blks=0x0000000000000800,norecovery,,errors=continue [ 320.992532][ T367] usb 4-1: config 7 has no interface number 0 [ 321.009349][ T5267] ext4 filesystem being mounted at /291/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 321.015367][ T367] usb 4-1: config 7 interface 142 has no altsetting 0 [ 321.204263][ T367] usb 4-1: New USB device found, idVendor=0499, idProduct=2e03, bcdDevice=b6.b4 [ 321.213481][ T367] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.221592][ T367] usb 4-1: Product: syz [ 321.225818][ T367] usb 4-1: Manufacturer: syz [ 321.230446][ T367] usb 4-1: SerialNumber: syz [ 321.268162][ T5275] FAULT_INJECTION: forcing a failure. [ 321.268162][ T5275] name failslab, interval 1, probability 0, space 0, times 0 [ 321.280970][ T5275] CPU: 1 PID: 5275 Comm: syz.4.1499 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 321.290857][ T5275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 321.300915][ T5275] Call Trace: [ 321.304334][ T5275] __dump_stack+0x21/0x24 [ 321.308669][ T5275] dump_stack_lvl+0x169/0x1d8 [ 321.313344][ T5275] ? show_regs_print_info+0x18/0x18 [ 321.318548][ T5275] ? release_firmware_map_entry+0x190/0x190 [ 321.324470][ T5275] dump_stack+0x15/0x1c [ 321.328631][ T5275] should_fail+0x3c1/0x510 [ 321.333048][ T5275] ? __d_alloc+0x2d/0x6a0 [ 321.337385][ T5275] __should_failslab+0xa4/0xe0 [ 321.342149][ T5275] should_failslab+0x9/0x20 [ 321.346653][ T5275] kmem_cache_alloc+0x3d/0x2e0 [ 321.351414][ T5275] __d_alloc+0x2d/0x6a0 [ 321.355571][ T5275] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 321.361203][ T5275] d_alloc_pseudo+0x1d/0x70 [ 321.365720][ T5275] alloc_file_pseudo+0xc8/0x1f0 [ 321.370586][ T5275] ? shmem_get_inode+0x486/0x9d0 [ 321.375622][ T5275] ? alloc_empty_file_noaccount+0x80/0x80 [ 321.381333][ T5275] ? shmem_get_inode+0x693/0x9d0 [ 321.386268][ T5275] ? __kasan_check_write+0x14/0x20 [ 321.391458][ T5275] ? clear_nlink+0x8a/0xe0 [ 321.395866][ T5275] __shmem_file_setup+0x1df/0x2b0 [ 321.400882][ T5275] shmem_file_setup+0x2f/0x40 [ 321.405548][ T5275] __se_sys_memfd_create+0x1e6/0x3a0 [ 321.410831][ T5275] __x64_sys_memfd_create+0x5b/0x70 [ 321.416049][ T5275] do_syscall_64+0x31/0x40 [ 321.420461][ T5275] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 321.426380][ T5275] RIP: 0033:0x7ff111478969 [ 321.430808][ T5275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.450418][ T5275] RSP: 002b:00007ff10fa9ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 321.458847][ T5275] RAX: ffffffffffffffda RBX: 00000000000002eb RCX: 00007ff111478969 [ 321.466810][ T5275] RDX: 00007ff10fa9eef0 RSI: 0000000000000000 RDI: 00007ff1114fb444 [ 321.474793][ T5275] RBP: 00002000000004c0 R08: 00007ff10fa9ebb7 R09: 00007ff10fa9ee40 [ 321.482754][ T5275] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000480 [ 321.492041][ T5275] R13: 00007ff10fa9eef0 R14: 00007ff10fa9eeb0 R15: 0000200000003b40 [ 321.682814][ T5282] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1501'. [ 321.691881][ T5282] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1501'. [ 321.891909][ T5285] udc-core: couldn't find an available UDC or it's busy [ 321.899120][ T5285] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 321.924786][ T5285] exfat: Deprecated parameter 'utf8' [ 321.930419][ T5285] exfat: Deprecated parameter 'namecase' [ 321.936216][ T5285] exfat: Deprecated parameter 'utf8' [ 321.946315][ T367] usb 4-1: USB disconnect, device number 29 [ 321.958728][ T5285] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x389acbd6, utbl_chksum : 0xe619d30d) [ 322.035615][ T5290] device pim6reg1 entered promiscuous mode [ 322.249300][ T5298] FAULT_INJECTION: forcing a failure. [ 322.249300][ T5298] name failslab, interval 1, probability 0, space 0, times 0 [ 322.262401][ T5298] CPU: 1 PID: 5298 Comm: syz.1.1504 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 322.272291][ T5298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 322.282461][ T5298] Call Trace: [ 322.285776][ T5298] __dump_stack+0x21/0x24 [ 322.290142][ T5298] dump_stack_lvl+0x169/0x1d8 [ 322.294838][ T5298] ? show_regs_print_info+0x18/0x18 [ 322.300136][ T5298] dump_stack+0x15/0x1c [ 322.304295][ T5298] should_fail+0x3c1/0x510 [ 322.308727][ T5298] ? security_file_alloc+0x33/0x120 [ 322.313962][ T5298] __should_failslab+0xa4/0xe0 [ 322.318737][ T5298] should_failslab+0x9/0x20 [ 322.323244][ T5298] kmem_cache_alloc+0x3d/0x2e0 [ 322.328014][ T5298] ? __alloc_file+0x28/0x320 [ 322.332623][ T5298] security_file_alloc+0x33/0x120 [ 322.337687][ T5298] __alloc_file+0xb5/0x320 [ 322.342115][ T5298] alloc_empty_file+0x97/0x180 [ 322.346883][ T5298] path_openat+0xf2/0x3160 [ 322.351312][ T5298] ? __balance_callback+0x5e/0xc0 [ 322.356342][ T5298] ? __kasan_check_read+0x11/0x20 [ 322.361366][ T5298] ? preempt_schedule_notrace+0x110/0x110 [ 322.367188][ T5298] ? irqentry_exit+0x56/0x60 [ 322.371882][ T5298] ? sysvec_reschedule_ipi+0x69/0x70 [ 322.377196][ T5298] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 322.382896][ T5298] ? do_filp_open+0x3e0/0x3e0 [ 322.387591][ T5298] ? vfs_tmpfile+0x290/0x2c0 [ 322.392193][ T5298] ? memset_erms+0xb/0x10 [ 322.396514][ T5298] do_filp_open+0x1b3/0x3e0 [ 322.401002][ T5298] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 322.406637][ T5298] ? vfs_tmpfile+0x2c0/0x2c0 [ 322.411251][ T5298] ? get_unused_fd_flags+0x92/0xa0 [ 322.416383][ T5298] do_sys_openat2+0x14c/0x6d0 [ 322.421088][ T5298] ? do_sys_open+0xe0/0xe0 [ 322.421104][ T5298] ? switch_fpu_return+0x197/0x340 [ 322.421115][ T5298] ? __ia32_sys_read+0x90/0x90 [ 322.421127][ T5298] ? fpu__clear_all+0x20/0x20 [ 322.421138][ T5298] __x64_sys_openat+0x136/0x160 [ 322.421151][ T5298] do_syscall_64+0x31/0x40 [ 322.421165][ T5298] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 322.421175][ T5298] RIP: 0033:0x7f670e44e2d0 [ 322.421188][ T5298] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 322.421196][ T5298] RSP: 002b:00007f670ca75f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 322.421211][ T5298] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f670e44e2d0 [ 322.421219][ T5298] RDX: 0000000000000000 RSI: 00007f670e4d1bc9 RDI: 00000000ffffff9c [ 322.421227][ T5298] RBP: 00007f670e4d1bc9 R08: 0000000000000000 R09: 0000000000000000 [ 322.421234][ T5298] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 322.421242][ T5298] R13: 0000000000000000 R14: 00007f670e677160 R15: 00007ffe2abaa168 [ 323.474398][ T5322] 9pnet: Insufficient options for proto=fd [ 323.945846][ T367] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 324.224277][ T367] usb 5-1: device descriptor read/64, error -71 [ 324.700293][ T5343] FAULT_INJECTION: forcing a failure. [ 324.700293][ T5343] name failslab, interval 1, probability 0, space 0, times 0 [ 324.728778][ T5345] FAULT_INJECTION: forcing a failure. [ 324.728778][ T5345] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 324.734250][ T5343] CPU: 0 PID: 5343 Comm: syz.2.1521 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 324.751881][ T5343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 324.761944][ T5343] Call Trace: [ 324.765237][ T5343] __dump_stack+0x21/0x24 [ 324.769567][ T5343] dump_stack_lvl+0x169/0x1d8 [ 324.774239][ T5343] ? thaw_kernel_threads+0x220/0x220 [ 324.779518][ T5343] ? show_regs_print_info+0x18/0x18 [ 324.784712][ T5343] dump_stack+0x15/0x1c [ 324.788863][ T5343] should_fail+0x3c1/0x510 [ 324.793279][ T5343] ? security_file_alloc+0x33/0x120 [ 324.798471][ T5343] __should_failslab+0xa4/0xe0 [ 324.803227][ T5343] should_failslab+0x9/0x20 [ 324.807736][ T5343] kmem_cache_alloc+0x3d/0x2e0 [ 324.812505][ T5343] ? __alloc_file+0x28/0x320 [ 324.817102][ T5343] security_file_alloc+0x33/0x120 [ 324.822128][ T5343] __alloc_file+0xb5/0x320 [ 324.826546][ T5343] alloc_empty_file+0x97/0x180 [ 324.831312][ T5343] alloc_file+0x59/0x540 [ 324.835563][ T5343] alloc_file_pseudo+0x17a/0x1f0 [ 324.840506][ T5343] ? alloc_empty_file_noaccount+0x80/0x80 [ 324.846233][ T5343] ? _raw_spin_lock_bh+0x8e/0xe0 [ 324.851173][ T5343] anon_inode_getfile+0xa6/0x180 [ 324.856111][ T5343] bpf_link_prime+0xf0/0x250 [ 324.860707][ T5343] bpf_raw_tracepoint_open+0x4c1/0x790 [ 324.866199][ T5343] ? bpf_obj_get_info_by_fd+0x2c30/0x2c30 [ 324.871924][ T5343] ? selinux_bpf+0xce/0xf0 [ 324.876359][ T5343] ? security_bpf+0x82/0xa0 [ 324.880863][ T5343] __se_sys_bpf+0x418/0x680 [ 324.885370][ T5343] ? __x64_sys_bpf+0x90/0x90 [ 324.889969][ T5343] ? fpu__clear_all+0x20/0x20 [ 324.894652][ T5343] __x64_sys_bpf+0x7b/0x90 [ 324.899069][ T5343] do_syscall_64+0x31/0x40 [ 324.903486][ T5343] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 324.909374][ T5343] RIP: 0033:0x7f4d36c06969 [ 324.913796][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.933408][ T5343] RSP: 002b:00007f4d3526f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 324.941878][ T5343] RAX: ffffffffffffffda RBX: 00007f4d36e2dfa0 RCX: 00007f4d36c06969 [ 324.949894][ T5343] RDX: 0000000000000010 RSI: 0000200000000f40 RDI: 0000000000000011 [ 324.957916][ T5343] RBP: 00007f4d3526f090 R08: 0000000000000000 R09: 0000000000000000 [ 324.964182][ T367] usb 5-1: device descriptor read/64, error -71 [ 324.965894][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 324.965902][ T5343] R13: 0000000000000000 R14: 00007f4d36e2dfa0 R15: 00007ffd8dd96808 [ 324.966611][ T5345] CPU: 0 PID: 5345 Comm: syz.0.1520 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 324.997994][ T5345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 325.008211][ T5345] Call Trace: [ 325.011525][ T5345] __dump_stack+0x21/0x24 [ 325.016002][ T5345] dump_stack_lvl+0x169/0x1d8 [ 325.020698][ T5345] ? show_regs_print_info+0x18/0x18 [ 325.025926][ T5345] dump_stack+0x15/0x1c [ 325.030098][ T5345] should_fail+0x3c1/0x510 [ 325.034537][ T5345] should_fail_alloc_page+0x4f/0x60 [ 325.039761][ T5345] __alloc_pages_nodemask+0x109/0x5f0 [ 325.045185][ T5345] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 325.050756][ T5345] ? find_next_bit+0x80/0x100 [ 325.055425][ T5345] pcpu_populate_chunk+0x184/0xca0 [ 325.060529][ T5345] pcpu_alloc+0xb4c/0x16b0 [ 325.064943][ T5345] __alloc_percpu_gfp+0x25/0x30 [ 325.069782][ T5345] array_map_alloc+0x440/0x7c0 [ 325.074534][ T5345] ? bpf_percpu_array_update+0x6d0/0x6d0 [ 325.080205][ T5345] ? kernel_write+0x3c0/0x3c0 [ 325.084872][ T5345] ? array_map_alloc_check+0x2c2/0x390 [ 325.090325][ T5345] map_create+0x441/0x2190 [ 325.094733][ T5345] __se_sys_bpf+0x203/0x680 [ 325.099228][ T5345] ? __x64_sys_bpf+0x90/0x90 [ 325.103811][ T5345] ? fpu__clear_all+0x20/0x20 [ 325.108481][ T5345] __x64_sys_bpf+0x7b/0x90 [ 325.112983][ T5345] do_syscall_64+0x31/0x40 [ 325.117405][ T5345] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 325.123287][ T5345] RIP: 0033:0x7f8b34c5a969 [ 325.127696][ T5345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 325.147316][ T5345] RSP: 002b:00007f8b332c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 325.155717][ T5345] RAX: ffffffffffffffda RBX: 00007f8b34e81fa0 RCX: 00007f8b34c5a969 [ 325.163699][ T5345] RDX: 0000000000000048 RSI: 0000200000000b00 RDI: 2000000000000000 [ 325.171659][ T5345] RBP: 00007f8b332c3090 R08: 0000000000000000 R09: 0000000000000000 [ 325.179620][ T5345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 325.187581][ T5345] R13: 0000000000000000 R14: 00007f8b34e81fa0 R15: 00007ffc8e31e478 [ 325.281854][ T24] kauditd_printk_skb: 19 callbacks suppressed [ 325.281869][ T24] audit: type=1326 audit(1880848956.709:3662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5351 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f670e44f969 code=0x7ffc0000 [ 325.315023][ T5341] F2FS-fs (loop3): Found nat_bits in checkpoint [ 325.345243][ T24] audit: type=1326 audit(1880848956.739:3663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5351 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=5 compat=0 ip=0x7f670e44f969 code=0x7ffc0000 [ 325.368739][ T24] audit: type=1326 audit(1880848956.739:3664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5351 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f670e44f969 code=0x7ffc0000 [ 325.413712][ T5341] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 325.424202][ T367] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 325.903987][ T24] audit: type=1400 audit(1880848957.329:3665): avc: denied { read write } for pid=5366 comm="syz.0.1527" name="fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 325.941323][ T24] audit: type=1400 audit(1880848957.359:3666): avc: denied { open } for pid=5366 comm="syz.0.1527" path="/dev/fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 325.966112][ T24] audit: type=1400 audit(1880848957.359:3667): avc: denied { mount } for pid=5366 comm="syz.0.1527" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 325.989252][ T24] audit: type=1326 audit(1880848957.419:3668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5368 comm="syz.0.1528" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b34c5a969 code=0x0 [ 326.009855][ T5341] attempt to access beyond end of device [ 326.009855][ T5341] loop3: rw=2049, want=80072, limit=40427 [ 326.012737][ T24] audit: type=1400 audit(1880848957.419:3669): avc: denied { map } for pid=5340 comm="syz.3.1519" path="/319/file0/cpuset.effective_mems" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 326.043662][ T5341] attempt to access beyond end of device [ 326.043662][ T5341] loop3: rw=2049, want=81920, limit=40427 [ 326.048086][ T367] usb 5-1: device descriptor read/64, error -71 [ 326.069948][ T5341] attempt to access beyond end of device [ 326.069948][ T5341] loop3: rw=2049, want=53232, limit=40427 [ 326.082988][ T5341] attempt to access beyond end of device [ 326.082988][ T5341] loop3: rw=2049, want=53248, limit=40427 [ 326.106757][ T5341] attempt to access beyond end of device [ 326.106757][ T5341] loop3: rw=2049, want=62512, limit=40427 [ 326.125009][ T5341] attempt to access beyond end of device [ 326.125009][ T5341] loop3: rw=2049, want=62520, limit=40427 [ 326.151836][ T5370] attempt to access beyond end of device [ 326.151836][ T5370] loop3: rw=0, want=77896, limit=40427 [ 326.203493][ T272] attempt to access beyond end of device [ 326.203493][ T272] loop3: rw=2049, want=45104, limit=40427 [ 326.368682][ T5376] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1531'. [ 326.384062][ T5376] device pim6reg1 entered promiscuous mode [ 326.487449][ T24] audit: type=1400 audit(1880848957.919:3670): avc: denied { setopt } for pid=5384 comm="syz.2.1535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 326.507372][ T367] usb 5-1: device descriptor read/64, error -71 [ 326.543313][ T5387] FAULT_INJECTION: forcing a failure. [ 326.543313][ T5387] name failslab, interval 1, probability 0, space 0, times 0 [ 326.556012][ T5387] CPU: 1 PID: 5387 Comm: syz.3.1534 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 326.565900][ T5387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 326.575955][ T5387] Call Trace: [ 326.579256][ T5387] __dump_stack+0x21/0x24 [ 326.583591][ T5387] dump_stack_lvl+0x169/0x1d8 [ 326.588269][ T5387] ? thaw_kernel_threads+0x220/0x220 [ 326.593896][ T5387] ? show_regs_print_info+0x18/0x18 [ 326.599304][ T5387] ? sysvec_reschedule_ipi+0x69/0x70 [ 326.604740][ T5387] ? asm_sysvec_reschedule_ipi+0x12/0x20 [ 326.610379][ T5387] dump_stack+0x15/0x1c [ 326.614612][ T5387] should_fail+0x3c1/0x510 [ 326.619128][ T5387] ? genl_rcv_msg+0xa33/0x1090 [ 326.623982][ T5387] __should_failslab+0xa4/0xe0 [ 326.628754][ T5387] should_failslab+0x9/0x20 [ 326.633262][ T5387] __kmalloc+0x60/0x330 [ 326.637425][ T5387] genl_rcv_msg+0xa33/0x1090 [ 326.642040][ T5387] ? genl_rcv+0x40/0x40 [ 326.646220][ T5387] ? __schedule+0xb4f/0x1310 [ 326.650836][ T5387] ? release_firmware_map_entry+0x190/0x190 [ 326.656757][ T5387] ? __schedule+0xb4f/0x1310 [ 326.661379][ T5387] ? wg_get_device_done+0xc0/0xc0 [ 326.666430][ T5387] ? selinux_nlmsg_lookup+0x31a/0x4a0 [ 326.671933][ T5387] netlink_rcv_skb+0x1e0/0x430 [ 326.676725][ T5387] ? genl_rcv+0x40/0x40 [ 326.680909][ T5387] ? netlink_ack+0xb80/0xb80 [ 326.685537][ T5387] ? kasan_check_range+0x66/0x290 [ 326.690611][ T5387] ? __kasan_check_write+0x14/0x20 [ 326.695785][ T5387] genl_rcv+0x28/0x40 [ 326.699869][ T5387] netlink_unicast+0x87c/0xa40 [ 326.704642][ T5387] netlink_sendmsg+0x88d/0xb30 [ 326.709420][ T5387] ? netlink_getsockopt+0x530/0x530 [ 326.714637][ T5387] ? security_socket_sendmsg+0x82/0xa0 [ 326.720094][ T5387] ? netlink_getsockopt+0x530/0x530 [ 326.725401][ T5387] ____sys_sendmsg+0x5a2/0x8c0 [ 326.730167][ T5387] ? __sys_sendmsg_sock+0x40/0x40 [ 326.735212][ T5387] ? import_iovec+0x7c/0xb0 [ 326.739709][ T5387] ___sys_sendmsg+0x1f0/0x260 [ 326.744382][ T5387] ? __sys_sendmsg+0x250/0x250 [ 326.749134][ T5387] ? rw_verify_area+0x1c0/0x360 [ 326.753974][ T5387] ? preempt_schedule_notrace+0x110/0x110 [ 326.759686][ T5387] ? __fdget+0x1a1/0x230 [ 326.763925][ T5387] __x64_sys_sendmsg+0x1e2/0x2a0 [ 326.768855][ T5387] ? ___sys_sendmsg+0x260/0x260 [ 326.773695][ T5387] ? switch_fpu_return+0x197/0x340 [ 326.778802][ T5387] do_syscall_64+0x31/0x40 [ 326.783207][ T5387] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 326.789087][ T5387] RIP: 0033:0x7f01d46ed969 [ 326.793500][ T5387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.813096][ T5387] RSP: 002b:00007f01d2d14038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 326.821504][ T5387] RAX: ffffffffffffffda RBX: 00007f01d4915160 RCX: 00007f01d46ed969 [ 326.829490][ T5387] RDX: 0000000000000040 RSI: 0000200000000340 RDI: 0000000000000006 [ 326.837452][ T5387] RBP: 00007f01d2d14090 R08: 0000000000000000 R09: 0000000000000000 [ 326.845416][ T5387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 326.853406][ T5387] R13: 0000000000000000 R14: 00007f01d4915160 R15: 00007ffd4a6cb248 [ 326.861996][ T367] usb usb5-port1: attempt power cycle [ 326.884971][ T24] audit: type=1326 audit(1880848958.319:3671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5393 comm="syz.0.1537" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b34c5a969 code=0x0 [ 326.929721][ T5390] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 326.944202][ T314] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 327.359515][ T314] usb 2-1: Using ep0 maxpacket: 32 [ 327.424234][ T421] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 327.524295][ T314] usb 2-1: unable to get BOS descriptor or descriptor too short [ 327.630851][ T314] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 327.645408][ T5414] EXT4-fs (loop3): Test dummy encryption mode enabled [ 327.684270][ T421] usb 3-1: Using ep0 maxpacket: 16 [ 327.694985][ T5414] EXT4-fs error (device loop3): __ext4_iget:5007: inode #11: block 1: comm syz.3.1544: invalid block [ 327.711334][ T5414] EXT4-fs error (device loop3): ext4_orphan_get:1400: comm syz.3.1544: couldn't read orphan inode 11 (err -117) [ 327.724186][ T5414] EXT4-fs (loop3): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,bsddf,nodiscard,sysvgroups,nojournal_checksum,noauto_da_alloc,test_dummy_encryption,jqfmt=vfsv1,journal_dev=0x0000000000000008,acl,,errors=continue [ 328.034609][ T421] usb 3-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 328.054789][ T314] usb 2-1: New USB device found, idVendor=17ef, idProduct=7000, bcdDevice=a1.ec [ 328.089036][ T421] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.106115][ T314] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.402141][ T314] usb 2-1: Product: syz [ 328.408920][ T421] usb 3-1: config 0 descriptor?? [ 328.431508][ T314] usb 2-1: Manufacturer: syz [ 328.648516][ T5423] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 328.666076][ T5423] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 328.675629][ T5423] F2FS-fs (loop4): invalid crc value [ 328.682610][ T5423] F2FS-fs (loop4): Found nat_bits in checkpoint [ 328.689019][ T314] usb 2-1: SerialNumber: syz [ 328.689785][ T314] usb 2-1: config 0 descriptor?? [ 328.695835][ T5385] netlink: 'syz.2.1535': attribute type 1 has an invalid length. [ 328.733097][ T5423] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 328.740266][ T5423] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 328.925903][ T5431] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 328.933278][ T5431] EXT4-fs (loop3): Mount option "dax=never" incompatible with ext3 [ 328.946050][ T421] sony 0003:054C:05C4.003D: item fetching failed at offset 2/3 [ 328.956431][ T421] sony 0003:054C:05C4.003D: parse failed [ 328.962302][ T421] sony: probe of 0003:054C:05C4.003D failed with error -22 [ 328.975609][ T421] usb 2-1: USB disconnect, device number 31 [ 329.152356][ T5385] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1535'. [ 329.163613][ T5385] udc-core: couldn't find an available UDC or it's busy [ 329.170776][ T5385] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 329.181684][ T554] usb 3-1: USB disconnect, device number 31 [ 329.696589][ T295] hid-generic 0000:0000:0000.003E: unknown main item tag 0x0 [ 329.705405][ T295] hid-generic 0000:0000:0000.003E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 330.199871][ T5451] FAULT_INJECTION: forcing a failure. [ 330.199871][ T5451] name failslab, interval 1, probability 0, space 0, times 0 [ 330.212555][ T5451] CPU: 0 PID: 5451 Comm: syz.4.1550 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 330.222450][ T5451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 330.232512][ T5451] Call Trace: [ 330.235819][ T5451] __dump_stack+0x21/0x24 [ 330.240168][ T5451] dump_stack_lvl+0x169/0x1d8 [ 330.244848][ T5451] ? thaw_kernel_threads+0x220/0x220 [ 330.250136][ T5451] ? show_regs_print_info+0x18/0x18 [ 330.255329][ T5451] dump_stack+0x15/0x1c [ 330.259484][ T5451] should_fail+0x3c1/0x510 [ 330.263893][ T5451] ? __vmalloc_node_range+0x29f/0x780 [ 330.269276][ T5451] __should_failslab+0xa4/0xe0 [ 330.274061][ T5451] should_failslab+0x9/0x20 [ 330.278587][ T5451] __kmalloc+0x60/0x330 [ 330.282750][ T5451] __vmalloc_node_range+0x29f/0x780 [ 330.287942][ T5451] ? kmem_cache_alloc+0x165/0x2e0 [ 330.292955][ T5451] dup_task_struct+0x40f/0xbd0 [ 330.297704][ T5451] ? copy_process+0x5af/0x3310 [ 330.302456][ T5451] ? __kasan_check_write+0x14/0x20 [ 330.307559][ T5451] ? recalc_sigpending+0x1ac/0x230 [ 330.312657][ T5451] copy_process+0x5af/0x3310 [ 330.317238][ T5451] ? memset+0x35/0x40 [ 330.321214][ T5451] ? fsnotify_set_children_dentry_flags+0x210/0x210 [ 330.327791][ T5451] ? proc_fail_nth_read+0x210/0x210 [ 330.332980][ T5451] ? pidfd_show_fdinfo+0x2b0/0x2b0 [ 330.338081][ T5451] ? rw_verify_area+0x1c0/0x360 [ 330.342924][ T5451] ? vfs_write+0xac8/0xd60 [ 330.347331][ T5451] kernel_clone+0x23f/0x940 [ 330.351824][ T5451] ? kernel_write+0x3c0/0x3c0 [ 330.356499][ T5451] ? create_io_thread+0x130/0x130 [ 330.361515][ T5451] ? mutex_lock+0x8c/0xe0 [ 330.365840][ T5451] __x64_sys_clone+0x176/0x1d0 [ 330.370610][ T5451] ? __ia32_sys_vfork+0xf0/0xf0 [ 330.375466][ T5451] ? ksys_write+0x1eb/0x240 [ 330.379971][ T5451] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 330.386029][ T5451] do_syscall_64+0x31/0x40 [ 330.390441][ T5451] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 330.396350][ T5451] RIP: 0033:0x7ff111478969 [ 330.400867][ T5451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.420620][ T5451] RSP: 002b:00007ff10fabffe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 330.429115][ T5451] RAX: ffffffffffffffda RBX: 00007ff1116a0080 RCX: 00007ff111478969 [ 330.437210][ T5451] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000 [ 330.445173][ T5451] RBP: 00007ff10fac0090 R08: 0000000000000000 R09: 0000000000000000 [ 330.453151][ T5451] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 330.461120][ T5451] R13: 0000000000000000 R14: 00007ff1116a0080 R15: 00007ffef20abfc8 [ 330.842023][ T5452] 9pnet: Insufficient options for proto=fd [ 331.214907][ T5466] FAULT_INJECTION: forcing a failure. [ 331.214907][ T5466] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.228235][ T5466] CPU: 0 PID: 5466 Comm: syz.4.1557 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 331.238144][ T5466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 331.248213][ T5466] Call Trace: [ 331.251524][ T5466] __dump_stack+0x21/0x24 [ 331.255856][ T5466] dump_stack_lvl+0x169/0x1d8 [ 331.260534][ T5466] ? show_regs_print_info+0x18/0x18 [ 331.265737][ T5466] ? __fsnotify_parent+0x5f5/0x6c0 [ 331.270852][ T5466] dump_stack+0x15/0x1c [ 331.275012][ T5466] should_fail+0x3c1/0x510 [ 331.279434][ T5466] should_fail_usercopy+0x1a/0x20 [ 331.284462][ T5466] _copy_from_user+0x20/0xd0 [ 331.289082][ T5466] sock_getsockopt+0xff/0x19a0 [ 331.293850][ T5466] ? dst_negative_advice+0x150/0x150 [ 331.299143][ T5466] ? selinux_socket_getsockopt+0x208/0x2e0 [ 331.304961][ T5466] ? selinux_socket_getpeername+0x2e0/0x2e0 [ 331.310854][ T5466] ? mutex_lock+0x8c/0xe0 [ 331.315193][ T5466] ? __fget_files+0x2c4/0x320 [ 331.319871][ T5466] ? security_socket_getsockopt+0x82/0xa0 [ 331.325595][ T5466] __sys_getsockopt+0x1a1/0x370 [ 331.330448][ T5466] __x64_sys_getsockopt+0xbf/0xd0 [ 331.335475][ T5466] do_syscall_64+0x31/0x40 [ 331.339983][ T5466] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 331.345873][ T5466] RIP: 0033:0x7ff111478969 [ 331.350305][ T5466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.370064][ T5466] RSP: 002b:00007ff10fac0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 331.378481][ T5466] RAX: ffffffffffffffda RBX: 00007ff1116a0080 RCX: 00007ff111478969 [ 331.386457][ T5466] RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000005 [ 331.394520][ T5466] RBP: 00007ff10fac0090 R08: 0000200000000200 R09: 0000000000000000 [ 331.402493][ T5466] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001 [ 331.410468][ T5466] R13: 0000000000000000 R14: 00007ff1116a0080 R15: 00007ffef20abfc8 [ 331.419862][ T24] kauditd_printk_skb: 12 callbacks suppressed [ 331.419945][ T24] audit: type=1400 audit(1880848962.349:3684): avc: denied { mount } for pid=5462 comm="syz.1.1558" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 331.654267][ T24] audit: type=1400 audit(1880848962.369:3685): avc: denied { unmount } for pid=270 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 332.182571][ T24] audit: type=1400 audit(1880848963.239:3686): avc: denied { getopt } for pid=5473 comm="syz.0.1561" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 332.370106][ T5487] tipc: Bearer : already 2 bearers with priority 10 [ 332.378736][ T24] audit: type=1400 audit(1880848963.239:3687): avc: denied { mounton } for pid=5473 comm="syz.0.1561" path="/proc/971/task" dev="proc" ino=32165 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 332.412584][ T5487] tipc: Bearer : trying with adjusted priority [ 332.420202][ T5487] tipc: Enabling of bearer rejected, failed to enable media [ 332.600230][ T24] audit: type=1400 audit(1880848963.239:3688): avc: denied { mount } for pid=5473 comm="syz.0.1561" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 332.925262][ T5498] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 333.025083][ T5498] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000008,dioread_nolock, [ 333.041387][ T5498] ext4 filesystem being mounted at /332/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 333.651538][ T5506] FAULT_INJECTION: forcing a failure. [ 333.651538][ T5506] name failslab, interval 1, probability 0, space 0, times 0 [ 333.664243][ T5506] CPU: 0 PID: 5506 Comm: syz.4.1567 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 333.674128][ T5506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 333.684181][ T5506] Call Trace: [ 333.687475][ T5506] __dump_stack+0x21/0x24 [ 333.691804][ T5506] dump_stack_lvl+0x169/0x1d8 [ 333.696483][ T5506] ? thaw_kernel_threads+0x220/0x220 [ 333.701781][ T5506] ? show_regs_print_info+0x18/0x18 [ 333.706988][ T5506] dump_stack+0x15/0x1c [ 333.711149][ T5506] should_fail+0x3c1/0x510 [ 333.715592][ T5506] ? netlink_sendmsg+0x5f6/0xb30 [ 333.720528][ T5506] __should_failslab+0xa4/0xe0 [ 333.725302][ T5506] should_failslab+0x9/0x20 [ 333.729836][ T5506] __kmalloc_track_caller+0x5f/0x320 [ 333.735125][ T5506] ? kmem_cache_alloc+0x165/0x2e0 [ 333.740153][ T5506] ? __alloc_skb+0x9e/0x520 [ 333.744656][ T5506] ? netlink_sendmsg+0x5f6/0xb30 [ 333.749592][ T5506] __alloc_skb+0xdc/0x520 [ 333.753920][ T5506] ? netlink_autobind+0x155/0x190 [ 333.758968][ T5506] netlink_sendmsg+0x5f6/0xb30 [ 333.763738][ T5506] ? netlink_getsockopt+0x530/0x530 [ 333.768940][ T5506] ? security_socket_sendmsg+0x82/0xa0 [ 333.774400][ T5506] ? netlink_getsockopt+0x530/0x530 [ 333.779598][ T5506] ____sys_sendmsg+0x5a2/0x8c0 [ 333.784365][ T5506] ? __sys_sendmsg_sock+0x40/0x40 [ 333.789389][ T5506] ? import_iovec+0x7c/0xb0 [ 333.793984][ T5506] ___sys_sendmsg+0x1f0/0x260 [ 333.798661][ T5506] ? __sys_sendmsg+0x250/0x250 [ 333.803427][ T5506] ? rw_verify_area+0x1c0/0x360 [ 333.808283][ T5506] ? __fdget+0x1a1/0x230 [ 333.812524][ T5506] __x64_sys_sendmsg+0x1e2/0x2a0 [ 333.817460][ T5506] ? fput+0x1a/0x20 [ 333.821270][ T5506] ? ___sys_sendmsg+0x260/0x260 [ 333.826132][ T5506] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 333.832196][ T5506] do_syscall_64+0x31/0x40 [ 333.836619][ T5506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 333.842507][ T5506] RIP: 0033:0x7ff111478969 [ 333.846923][ T5506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.866526][ T5506] RSP: 002b:00007ff10fa9f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 333.874944][ T5506] RAX: ffffffffffffffda RBX: 00007ff1116a0160 RCX: 00007ff111478969 [ 333.882923][ T5506] RDX: 0000000000000800 RSI: 0000200000000280 RDI: 0000000000000009 [ 333.890889][ T5506] RBP: 00007ff10fa9f090 R08: 0000000000000000 R09: 0000000000000000 [ 333.898858][ T5506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 333.906836][ T5506] R13: 0000000000000000 R14: 00007ff1116a0160 R15: 00007ffef20abfc8 [ 334.256977][ T24] audit: type=1400 audit(1880848965.689:3689): avc: denied { read write } for pid=5497 comm="syz.3.1569" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 334.280285][ T24] audit: type=1400 audit(1880848965.689:3690): avc: denied { open } for pid=5497 comm="syz.3.1569" path="/332/file1/file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 334.280662][ T5498] EXT4-fs error (device loop3): ext4_mb_generate_buddy:808: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 334.319188][ T5498] EXT4-fs (loop3): Remounting filesystem read-only [ 334.327101][ T289] EXT4-fs (loop3): failed to convert unwritten extents to written extents -- potential data loss! (inode 15, error -30) [ 334.362702][ T5492] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 334.370610][ T5492] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 334.380111][ T5492] F2FS-fs (loop1): invalid crc value [ 334.388538][ T5492] F2FS-fs (loop1): Found nat_bits in checkpoint [ 334.473500][ T1781] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 334.485041][ T1781] hid-generic 0000:0000:0000.003F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 334.515521][ T5492] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 334.634494][ T5492] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 335.921022][ T295] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0 [ 335.938235][ T295] hid-generic 0000:0000:0000.0040: hidraw0: HID v0.00 Device [syz1] on syz0 [ 335.954535][ T9] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 335.963599][ T9] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 336.050430][ T5544] 9pnet: Insufficient options for proto=fd [ 336.073165][ T5535] EXT4-fs (loop4): orphan cleanup on readonly fs [ 336.080603][ T5535] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1579: bg 0: block 248: padding at end of block bitmap is not set [ 336.422589][ T5535] Quota error (device loop4): write_blk: dquota write failed [ 336.431201][ T5535] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 336.445683][ T5535] EXT4-fs error (device loop4): ext4_acquire_dquot:6226: comm syz.4.1579: Failed to acquire dquot type 1 [ 336.458173][ T5535] EXT4-fs (loop4): 1 truncate cleaned up [ 336.465325][ T5535] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 337.067756][ T295] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 337.105557][ T24] audit: type=1400 audit(1880848968.519:3691): avc: denied { wake_alarm } for pid=5557 comm="syz.3.1583" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 337.135619][ T1434] hid-generic 0000:0000:0000.0041: unknown main item tag 0x0 [ 337.143800][ T1434] hid-generic 0000:0000:0000.0041: hidraw0: HID v0.00 Device [syz1] on syz0 [ 337.186611][ T1781] hid-generic 0000:0000:0000.0042: unknown main item tag 0x0 [ 337.202517][ T1781] hid-generic 0000:0000:0000.0042: hidraw1: HID v0.00 Device [syz1] on syz0 [ 337.233542][ T5565] 9pnet: Insufficient options for proto=fd [ 337.269367][ T24] audit: type=1400 audit(1880848968.699:3692): avc: denied { create } for pid=5566 comm="syz.2.1586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 337.296354][ T24] audit: type=1400 audit(1880848968.729:3693): avc: denied { append } for pid=77 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=9 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 337.324935][ T24] audit: type=1400 audit(1880848968.729:3694): avc: denied { read write } for pid=271 comm="syz-executor" name="loop2" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 337.350505][ T24] audit: type=1400 audit(1880848968.729:3695): avc: denied { open } for pid=271 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 337.377141][ T24] audit: type=1400 audit(1880848968.729:3696): avc: denied { ioctl } for pid=271 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=117 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 337.384197][ T295] usb 5-1: Using ep0 maxpacket: 16 [ 337.403312][ T24] audit: type=1400 audit(1880848968.729:3697): avc: denied { prog_load } for pid=5569 comm="syz.2.1587" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 337.427682][ T24] audit: type=1400 audit(1880848968.729:3698): avc: denied { bpf } for pid=5569 comm="syz.2.1587" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 337.430556][ T5567] 9pnet: Insufficient options for proto=fd [ 337.448917][ T24] audit: type=1400 audit(1880848968.729:3699): avc: denied { perfmon } for pid=5569 comm="syz.2.1587" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 337.565798][ T5573] EXT4-fs (loop1): Ignoring removed nobh option [ 337.572171][ T5573] EXT4-fs (loop1): Unrecognized mount option "dont_appraise" or missing value [ 337.581585][ T295] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 337.592859][ T295] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 337.603023][ T295] usb 5-1: config 0 interface 0 has no altsetting 0 [ 337.609784][ T295] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 337.618924][ T295] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.628123][ T295] usb 5-1: config 0 descriptor?? [ 337.809240][ T5575] EXT4-fs (loop1): orphan cleanup on readonly fs [ 337.818026][ T5575] EXT4-fs (loop1): 1 truncate cleaned up [ 337.824023][ T5575] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 338.391025][ T295] hid (null): unknown global tag 0xc [ 338.396461][ T295] hid (null): report_id 13250 is invalid [ 338.402577][ T295] hid (null): unknown global tag 0xe [ 338.474200][ T295] usb 5-1: USB disconnect, device number 32 [ 338.694295][ T25] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 339.084199][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 339.264636][ T25] usb 3-1: config 1 has an invalid interface number: 242 but max is 0 [ 339.281354][ T25] usb 3-1: config 1 has no interface number 0 [ 339.419944][ T25] usb 3-1: config 1 interface 242 has no altsetting 0 [ 339.594270][ T25] usb 3-1: New USB device found, idVendor=2eca, idProduct=c101, bcdDevice= 7.df [ 339.603465][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.611906][ T25] usb 3-1: Product: syz [ 339.616345][ T25] usb 3-1: Manufacturer: syz [ 339.620983][ T25] usb 3-1: SerialNumber: syz [ 339.717377][ T5611] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1599'. [ 339.774184][ T1781] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 339.784273][ T5615] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables [ 339.796315][ T5615] xt_CT: You must specify a L4 protocol and not use inversions on it [ 339.867032][ T5613] EXT4-fs (loop1): 1 orphan inode deleted [ 339.907986][ T5613] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 339.918248][ T5613] ext4 filesystem being mounted at /313/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 339.928510][ T5620] erofs: (device loop3): mounted with root inode @ nid 36. [ 341.407559][ T5628] FAULT_INJECTION: forcing a failure. [ 341.407559][ T5628] name failslab, interval 1, probability 0, space 0, times 0 [ 341.420343][ T5628] CPU: 1 PID: 5628 Comm: syz.1.1600 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 341.430412][ T5628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 341.440453][ T5628] Call Trace: [ 341.443739][ T5628] __dump_stack+0x21/0x24 [ 341.448077][ T5628] dump_stack_lvl+0x169/0x1d8 [ 341.452748][ T5628] ? show_regs_print_info+0x18/0x18 [ 341.457995][ T5628] ? stack_trace_save+0x98/0xe0 [ 341.462882][ T5628] dump_stack+0x15/0x1c [ 341.467053][ T5628] should_fail+0x3c1/0x510 [ 341.471498][ T5628] ? avc_alloc_node+0x7e/0x320 [ 341.476259][ T5628] __should_failslab+0xa4/0xe0 [ 341.481038][ T5628] should_failslab+0x9/0x20 [ 341.485537][ T5628] kmem_cache_alloc+0x3d/0x2e0 [ 341.490455][ T5628] ? do_sys_openat2+0x14c/0x6d0 [ 341.495464][ T5628] ? __x64_sys_openat+0x136/0x160 [ 341.500486][ T5628] ? do_syscall_64+0x31/0x40 [ 341.505085][ T5628] avc_alloc_node+0x7e/0x320 [ 341.509678][ T5628] ? avc_xperms_free+0x270/0x270 [ 341.514606][ T5628] avc_update_node+0x50/0x720 [ 341.519272][ T5628] avc_denied+0x132/0x1b0 [ 341.523593][ T5628] avc_has_perm_noaudit+0x205/0x240 [ 341.528780][ T5628] ? avc_denied+0x1b0/0x1b0 [ 341.533295][ T5628] ? d_alloc_parallel+0x11ee/0x1320 [ 341.538485][ T5628] selinux_inode_permission+0x37c/0x5e0 [ 341.544020][ T5628] ? selinux_inode_follow_link+0x350/0x350 [ 341.549829][ T5628] ? from_kgid+0x159/0x680 [ 341.554365][ T5628] security_inode_permission+0xa0/0x100 [ 341.559954][ T5628] inode_permission+0xf1/0x520 [ 341.564715][ T5628] path_openat+0xd1d/0x3160 [ 341.569207][ T5628] ? getname+0x19/0x20 [ 341.573268][ T5628] ? do_filp_open+0x3e0/0x3e0 [ 341.577941][ T5628] do_filp_open+0x1b3/0x3e0 [ 341.582432][ T5628] ? vfs_tmpfile+0x2c0/0x2c0 [ 341.587017][ T5628] ? get_unused_fd_flags+0x92/0xa0 [ 341.592133][ T5628] do_sys_openat2+0x14c/0x6d0 [ 341.596813][ T5628] ? __kasan_check_write+0x14/0x20 [ 341.601911][ T5628] ? fput_many+0x15a/0x1a0 [ 341.606401][ T5628] ? do_sys_open+0xe0/0xe0 [ 341.610803][ T5628] ? fput+0x1a/0x20 [ 341.614596][ T5628] ? ksys_write+0x1eb/0x240 [ 341.619084][ T5628] ? __ia32_sys_read+0x90/0x90 [ 341.623834][ T5628] ? fpu__clear_all+0x20/0x20 [ 341.628500][ T5628] __x64_sys_openat+0x136/0x160 [ 341.633369][ T5628] do_syscall_64+0x31/0x40 [ 341.637811][ T5628] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 341.643688][ T5628] RIP: 0033:0x7f670e44f969 [ 341.648265][ T5628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.667874][ T5628] RSP: 002b:00007f670ca97038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 341.676289][ T5628] RAX: ffffffffffffffda RBX: 00007f670e677080 RCX: 00007f670e44f969 [ 341.684269][ T5628] RDX: 000000000000275a RSI: 0000200000000080 RDI: ffffffffffffff9c [ 341.692597][ T5628] RBP: 00007f670ca97090 R08: 0000000000000000 R09: 0000000000000000 [ 341.700582][ T5628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 341.708543][ T5628] R13: 0000000000000000 R14: 00007f670e677080 R15: 00007ffe2abaa168 [ 341.717459][ T1781] usb 5-1: Using ep0 maxpacket: 8 [ 341.777543][ T24] kauditd_printk_skb: 81 callbacks suppressed [ 341.777558][ T24] audit: type=1400 audit(1880848973.209:3781): avc: denied { create } for pid=5585 comm="syz.2.1591" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 341.834605][ T24] audit: type=1400 audit(1880848973.239:3782): avc: denied { setopt } for pid=5630 comm="syz.0.1604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 341.854594][ T24] audit: type=1400 audit(1880848973.239:3783): avc: denied { write } for pid=5612 comm="syz.1.1600" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 341.876367][ T25] aqc111: probe of 3-1:1.242 failed with error -22 [ 341.887560][ T24] audit: type=1400 audit(1880848973.239:3784): avc: denied { add_name } for pid=5612 comm="syz.1.1600" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 341.888608][ T25] usb 3-1: USB disconnect, device number 32 [ 341.909926][ T24] audit: type=1400 audit(1880848973.239:3785): avc: denied { create } for pid=5612 comm="syz.1.1600" name="cgroup.controllers" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 341.937248][ T24] audit: type=1400 audit(1880848973.239:3786): avc: denied { read append open } for pid=5612 comm="syz.1.1600" path="/313/file1/cgroup.controllers" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 341.944303][ T1781] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 341.964164][ T24] audit: type=1400 audit(1880848973.239:3787): avc: denied { read } for pid=5585 comm="syz.2.1591" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 341.996936][ T1781] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 341.998048][ T24] audit: type=1400 audit(1880848973.239:3788): avc: denied { open } for pid=5585 comm="syz.2.1591" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 342.010314][ T1781] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 342.029481][ T24] audit: type=1400 audit(1880848973.369:3789): avc: denied { accept } for pid=5630 comm="syz.0.1604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 342.038300][ T1781] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.077943][ T1781] usb 5-1: config 0 descriptor?? [ 342.264165][ T1562] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 342.504173][ T1562] usb 1-1: Using ep0 maxpacket: 16 [ 342.511298][ T24] audit: type=1400 audit(1880848973.939:3790): avc: denied { append } for pid=5646 comm="syz.2.1609" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 342.624906][ T1562] usb 1-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 342.634330][ T1562] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.644822][ T1562] usb 1-1: config 0 descriptor?? [ 342.884855][ T5634] netlink: 'syz.0.1604': attribute type 1 has an invalid length. [ 342.917441][ T5659] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 342.926126][ T5659] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 342.942269][ T5659] F2FS-fs (loop2): Found nat_bits in checkpoint [ 342.989167][ T5659] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 342.996929][ T5659] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 343.882675][ T1562] sony 0003:054C:05C4.0044: item fetching failed at offset 2/3 [ 343.894043][ T1562] sony 0003:054C:05C4.0044: parse failed [ 343.902622][ T1562] sony: probe of 0003:054C:05C4.0044 failed with error -22 [ 343.921266][ T1562] usb 5-1: USB disconnect, device number 33 [ 343.959335][ T5634] udc-core: couldn't find an available UDC or it's busy [ 344.004363][ T5634] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 344.082345][ T295] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 344.334801][ T5681] device ip6gre1 entered promiscuous mode [ 344.634354][ T25] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 345.025127][ T295] usb 2-1: config 0 has an invalid interface number: 202 but max is 0 [ 345.042853][ T295] usb 2-1: config 0 has no interface number 0 [ 345.070136][ T295] usb 2-1: config 0 interface 202 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32 [ 345.265964][ T1434] usb 1-1: USB disconnect, device number 27 [ 345.306333][ T5685] EXT4-fs (loop2): orphan cleanup on readonly fs [ 345.316486][ T5685] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.1619: bg 0: block 248: padding at end of block bitmap is not set [ 345.332568][ T5685] EXT4-fs error (device loop2): ext4_acquire_dquot:6226: comm syz.2.1619: Failed to acquire dquot type 1 [ 345.346550][ T5685] EXT4-fs (loop2): 1 truncate cleaned up [ 345.391047][ T5685] EXT4-fs (loop2): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,dioread_nolock,abort,noload,nodiscard,,errors=continue [ 345.524554][ T295] usb 2-1: New USB device found, idVendor=04b3, idProduct=4001, bcdDevice= 1.10 [ 345.652926][ T295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.692130][ T295] usb 2-1: Product: syz [ 346.744710][ T295] usb 2-1: Manufacturer: syz [ 346.750443][ T295] usb 2-1: SerialNumber: syz [ 346.761934][ T5696] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1622'. [ 346.797463][ T295] usb 2-1: config 0 descriptor?? [ 346.821817][ T24] kauditd_printk_skb: 59 callbacks suppressed [ 346.821841][ T24] audit: type=1400 audit(1880848978.249:3848): avc: denied { create } for pid=5694 comm="syz.1.1622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 347.013464][ T5691] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 347.021072][ T5691] EXT4-fs (loop3): Mount option "dax=never" incompatible with ext3 [ 347.162335][ T295] usb 2-1: can't set config #0, error -71 [ 347.261980][ T295] usb 2-1: USB disconnect, device number 32 [ 347.544237][ T1434] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 348.019547][ T24] audit: type=1400 audit(1880848979.449:3849): avc: denied { create } for pid=5707 comm="syz.1.1627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 348.156482][ T5713] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 348.165648][ T5713] ext4 filesystem being mounted at /348/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 348.203932][ T24] audit: type=1400 audit(1880848979.629:3850): avc: denied { read } for pid=5711 comm="syz.3.1628" name="usbmon2" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 348.204303][ T1434] usb 1-1: Using ep0 maxpacket: 32 [ 348.281122][ T24] audit: type=1400 audit(1880848979.629:3851): avc: denied { open } for pid=5711 comm="syz.3.1628" path="/dev/usbmon2" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 348.305725][ T24] audit: type=1400 audit(1880848979.669:3852): avc: denied { wake_alarm } for pid=5711 comm="syz.3.1628" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 348.328022][ T24] audit: type=1400 audit(1880848979.709:3853): avc: denied { connect } for pid=5716 comm="syz.2.1629" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 348.424241][ T1434] usb 1-1: config 1 has an invalid interface number: 242 but max is 0 [ 348.432648][ T1434] usb 1-1: config 1 has no interface number 0 [ 348.439154][ T1434] usb 1-1: config 1 interface 242 has no altsetting 0 [ 348.459301][ T5717] EXT4-fs (loop2): Ignoring removed orlov option [ 348.507818][ T5717] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,quota,noauto_da_alloc,debug_want_extra_isize=0x0000000000000080,lazytime,noauto_da_alloc,stripe=0x0000000000000005,orlov,,errors=continue [ 348.684264][ T1434] usb 1-1: New USB device found, idVendor=2eca, idProduct=c101, bcdDevice= 7.df [ 348.700204][ T1434] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.720548][ T5723] F2FS-fs (loop4): invalid crc value [ 348.733429][ T1434] usb 1-1: Product: syz [ 348.740967][ T1434] usb 1-1: Manufacturer: syz [ 348.746029][ T1434] usb 1-1: SerialNumber: syz [ 348.757971][ T5723] F2FS-fs (loop4): Found nat_bits in checkpoint [ 348.808188][ T24] audit: type=1400 audit(1880848980.239:3854): avc: denied { setopt } for pid=5729 comm="syz.1.1631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 348.876280][ T5723] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 348.915569][ T24] audit: type=1400 audit(1880848980.349:3855): avc: denied { create } for pid=5722 comm="syz.4.1630" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 349.076011][ T24] audit: type=1400 audit(1880848980.509:3856): avc: denied { name_bind } for pid=5729 comm="syz.1.1631" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 349.107846][ T24] audit: type=1400 audit(1880848980.509:3857): avc: denied { node_bind } for pid=5729 comm="syz.1.1631" saddr=172.20.20.170 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 349.285976][ T5738] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 349.295244][ T5738] EXT4-fs (loop3): Mount option "dax=never" incompatible with ext3 [ 349.624962][ T269] attempt to access beyond end of device [ 349.624962][ T269] loop4: rw=2049, want=45104, limit=40427 [ 350.274061][ T1434] aqc111: probe of 1-1:1.242 failed with error -22 [ 350.299309][ T1434] usb 1-1: USB disconnect, device number 28 [ 351.641624][ T5749] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue [ 351.656085][ T5749] ext4 filesystem being mounted at /350/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 351.806592][ T5732] F2FS-fs (loop1): Found nat_bits in checkpoint [ 352.276685][ T24] kauditd_printk_skb: 4 callbacks suppressed [ 352.276701][ T24] audit: type=1400 audit(1880848983.709:3862): avc: denied { read write } for pid=5759 comm="syz.0.1636" name="uhid" dev="devtmpfs" ino=261 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 352.278414][ T25] hid-generic 0000:0000:0000.0045: unknown main item tag 0x0 [ 352.282781][ T24] audit: type=1400 audit(1880848983.709:3863): avc: denied { open } for pid=5759 comm="syz.0.1636" path="/dev/uhid" dev="devtmpfs" ino=261 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 352.408433][ T25] hid-generic 0000:0000:0000.0045: hidraw0: HID v0.00 Device [syz1] on syz0 [ 352.560627][ T24] audit: type=1400 audit(1880848983.989:3864): avc: denied { mounton } for pid=5759 comm="syz.0.1636" path="/344/file0" dev="tmpfs" ino=1884 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 352.575254][ T5764] 9pnet: Insufficient options for proto=fd [ 352.731400][ T24] audit: type=1400 audit(1880848984.039:3865): avc: denied { connect } for pid=5769 comm="syz.3.1639" lport=250 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 352.870921][ T24] audit: type=1400 audit(1880848984.039:3866): avc: denied { write } for pid=5769 comm="syz.3.1639" laddr=172.20.20.170 lport=250 faddr=172.20.20.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 352.917155][ T24] audit: type=1400 audit(1880848984.349:3867): avc: denied { bind } for pid=5769 comm="syz.3.1639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 352.953525][ T24] audit: type=1400 audit(1880848984.379:3868): avc: denied { setopt } for pid=5769 comm="syz.3.1639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 353.148744][ T25] hid-generic 0000:0000:0000.0046: unknown main item tag 0x0 [ 353.163664][ T25] hid-generic 0000:0000:0000.0046: hidraw0: HID v0.00 Device [syz1] on syz0 [ 353.175360][ T5793] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 353.204218][ T5793] EXT4-fs (loop3): Ignoring removed bh option [ 353.214534][ T5793] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 353.237801][ T5793] EXT4-fs (loop3): 1 truncate cleaned up [ 353.243490][ T5793] EXT4-fs (loop3): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000002,mblk_io_submit,bh,auto_da_alloc,barrier,quota,nogrpid,,errors=continue [ 353.348378][ T24] audit: type=1400 audit(1880848984.779:3869): avc: denied { read write } for pid=5798 comm="syz.2.1648" name="fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 353.466308][ T24] audit: type=1400 audit(1880848984.829:3870): avc: denied { open } for pid=5798 comm="syz.2.1648" path="/dev/fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 353.527430][ T24] audit: type=1400 audit(1880848984.939:3871): avc: denied { mount } for pid=5798 comm="syz.2.1648" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 353.577038][ T5796] 9pnet: Insufficient options for proto=fd [ 355.000999][ T5828] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 355.099822][ T5828] exFAT-fs (loop4): hint_cluster is invalid (17) [ 355.155136][ T5835] attempt to access beyond end of device [ 355.155136][ T5835] loop1: rw=1, want=222, limit=128 [ 355.428093][ T5850] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 355.468724][ T5850] exFAT-fs (loop1): hint_cluster is invalid (17) [ 357.514818][ T5860] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 357.522274][ T5860] EXT4-fs (loop1): Mount option "dax=never" incompatible with ext3 [ 357.761490][ T5853] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 357.875769][ T5853] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 357.982067][ T5853] F2FS-fs (loop4): invalid crc value [ 357.987806][ T5865] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 358.050102][ T5853] F2FS-fs (loop4): Found nat_bits in checkpoint [ 358.267476][ T5853] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 358.268937][ T5865] exFAT-fs (loop3): hint_cluster is invalid (17) [ 358.274910][ T5853] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 358.289728][ T24] kauditd_printk_skb: 93 callbacks suppressed [ 358.289742][ T24] audit: type=1400 audit(1880848989.719:3965): avc: denied { mount } for pid=5852 comm="syz.4.1665" name="/" dev="loop4" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 358.387853][ T24] audit: type=1400 audit(1880848989.819:3966): avc: denied { setcheckreqprot } for pid=5871 comm="syz.0.1671" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 358.532175][ T24] audit: type=1400 audit(1880848989.959:3967): avc: denied { unmount } for pid=269 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 358.628226][ T24] audit: type=1400 audit(1880848990.059:3968): avc: denied { create } for pid=5875 comm="syz.2.1669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 358.657425][ T24] audit: type=1400 audit(1880848990.059:3969): avc: denied { read } for pid=5875 comm="syz.2.1669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 358.687084][ T24] audit: type=1400 audit(1880848990.119:3970): avc: denied { write } for pid=5875 comm="syz.2.1669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 358.707100][ T24] audit: type=1400 audit(1880848990.119:3971): avc: denied { create } for pid=5875 comm="syz.2.1669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 358.741674][ T24] audit: type=1400 audit(1880848990.119:3972): avc: denied { bind } for pid=5875 comm="syz.2.1669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 358.761231][ T24] audit: type=1400 audit(1880848990.119:3973): avc: denied { listen } for pid=5875 comm="syz.2.1669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 358.889266][ T5887] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1675'. [ 358.918105][ T24] audit: type=1400 audit(1880848990.349:3974): avc: denied { write } for pid=5884 comm="syz.1.1675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 358.924711][ T5887] netlink: 'syz.1.1675': attribute type 3 has an invalid length. [ 361.081624][ T5913] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1680'. [ 361.626967][ T5915] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 361.634450][ T5915] EXT4-fs (loop3): Mount option "dax=never" incompatible with ext3 [ 363.413845][ T5920] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue [ 363.428037][ T5920] ext4 filesystem being mounted at /333/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 363.574922][ T24] kauditd_printk_skb: 6 callbacks suppressed [ 363.574977][ T24] audit: type=1400 audit(1880848994.929:3981): avc: denied { write } for pid=5917 comm="syz.1.1682" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 363.885817][ T24] audit: type=1400 audit(1880848994.929:3982): avc: denied { add_name } for pid=5917 comm="syz.1.1682" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 363.928052][ T24] audit: type=1400 audit(1880848994.939:3983): avc: denied { read write open } for pid=5917 comm="syz.1.1682" path="/333/bus/bus" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 363.972315][ T24] audit: type=1400 audit(1880848994.969:3984): avc: denied { create } for pid=5917 comm="syz.1.1682" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 363.993531][ T24] audit: type=1400 audit(1880848994.979:3985): avc: denied { write } for pid=5917 comm="syz.1.1682" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 364.016974][ T24] audit: type=1400 audit(1880848995.449:3986): avc: denied { setopt } for pid=5921 comm="syz.2.1683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 364.547016][ T1562] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 364.704246][ T295] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 364.804140][ T1562] usb 4-1: Using ep0 maxpacket: 8 [ 364.831510][ T24] audit: type=1400 audit(1880848996.259:3987): avc: denied { read } for pid=5955 comm="syz.4.1694" name="usbmon0" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 365.074345][ T295] usb 3-1: Using ep0 maxpacket: 32 [ 365.080007][ T1562] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 365.095824][ T24] audit: type=1400 audit(1880848996.289:3988): avc: denied { open } for pid=5955 comm="syz.4.1694" path="/dev/usbmon0" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 365.142529][ T1562] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 365.290586][ T1562] usb 4-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 365.301476][ T1562] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.311840][ T5957] F2FS-fs (loop4): invalid crc value [ 365.367390][ T295] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 365.918751][ T24] audit: type=1400 audit(1880848996.289:3989): avc: denied { map } for pid=5955 comm="syz.4.1694" path="/dev/usbmon0" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 365.943840][ T5957] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 365.973612][ T5957] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0 [ 365.980331][ T5957] F2FS-fs (loop4): Start checkpoint disabled! [ 366.050781][ T5957] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 366.068590][ T24] audit: type=1400 audit(1880848996.569:3990): avc: denied { read write } for pid=5960 comm="syz.1.1695" name="loop-control" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 366.154679][ T295] usb 3-1: config 0 has no interface number 0 [ 366.167665][ T1562] usb 4-1: config 0 descriptor?? [ 366.268018][ T5971] FAULT_INJECTION: forcing a failure. [ 366.268018][ T5971] name failslab, interval 1, probability 0, space 0, times 0 [ 366.280704][ T5971] CPU: 1 PID: 5971 Comm: syz.4.1694 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 366.290595][ T5971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 366.300648][ T5971] Call Trace: [ 366.303955][ T5971] __dump_stack+0x21/0x24 [ 366.308304][ T5971] dump_stack_lvl+0x169/0x1d8 [ 366.313018][ T5971] ? thaw_kernel_threads+0x220/0x220 [ 366.318305][ T5971] ? show_regs_print_info+0x18/0x18 [ 366.323510][ T5971] dump_stack+0x15/0x1c [ 366.327666][ T5971] should_fail+0x3c1/0x510 [ 366.332083][ T5971] ? __d_alloc+0xaf/0x6a0 [ 366.336416][ T5971] __should_failslab+0xa4/0xe0 [ 366.341181][ T5971] should_failslab+0x9/0x20 [ 366.345724][ T5971] __kmalloc+0x60/0x330 [ 366.349881][ T5971] ? kmem_cache_alloc+0x165/0x2e0 [ 366.354905][ T5971] ? __d_alloc+0x2d/0x6a0 [ 366.359230][ T5971] __d_alloc+0xaf/0x6a0 [ 366.363391][ T5971] d_alloc+0x4b/0x1d0 [ 366.367372][ T5971] __lookup_hash+0xcb/0x250 [ 366.371870][ T5971] filename_create+0x1d4/0x680 [ 366.376637][ T5971] ? kern_path_create+0x40/0x40 [ 366.381470][ T5971] ? getname_flags+0x206/0x500 [ 366.386223][ T5971] do_symlinkat+0x8f/0x3b0 [ 366.390627][ T5971] ? fpu__clear_all+0x20/0x20 [ 366.396064][ T5971] __x64_sys_symlinkat+0x7b/0x90 [ 366.400990][ T5971] do_syscall_64+0x31/0x40 [ 366.405411][ T5971] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 366.411289][ T5971] RIP: 0033:0x7ff111478969 [ 366.415695][ T5971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.435290][ T5971] RSP: 002b:00007ff10fa9f038 EFLAGS: 00000246 ORIG_RAX: 000000000000010a [ 366.444242][ T5971] RAX: ffffffffffffffda RBX: 00007ff1116a0160 RCX: 00007ff111478969 [ 366.452200][ T5971] RDX: 0000200000000340 RSI: 0000000000000008 RDI: 0000200000000440 [ 366.454288][ T295] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 366.460176][ T5971] RBP: 00007ff10fa9f090 R08: 0000000000000000 R09: 0000000000000000 [ 366.469432][ T295] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.477144][ T5971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 366.477152][ T5971] R13: 0000000000000000 R14: 00007ff1116a0160 R15: 00007ffef20abfc8 [ 366.511939][ T295] usb 3-1: Product: syz [ 366.516389][ T295] usb 3-1: Manufacturer: syz [ 366.521086][ T295] usb 3-1: SerialNumber: syz [ 366.526999][ T295] usb 3-1: config 0 descriptor?? [ 366.564841][ T295] smsc95xx v2.0.0 [ 366.645573][ T1562] holtek 0003:1241:5015.0047: unknown main item tag 0x0 [ 366.652995][ T1562] holtek 0003:1241:5015.0047: unknown main item tag 0x0 [ 366.663074][ T1562] holtek 0003:1241:5015.0047: item fetching failed at offset 2/5 [ 366.671277][ T1562] holtek 0003:1241:5015.0047: parse failed [ 366.677748][ T1562] holtek: probe of 0003:1241:5015.0047 failed with error -22 [ 367.170517][ T1562] usb 4-1: USB disconnect, device number 30 [ 368.321015][ T5987] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue [ 368.335151][ T5987] ext4 filesystem being mounted at /337/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 368.924245][ T295] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -61 [ 368.939581][ T5996] erofs: (device loop4): mounted with root inode @ nid 36. [ 369.087856][ T295] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 369.134189][ T295] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 369.247658][ T24] kauditd_printk_skb: 3 callbacks suppressed [ 369.247753][ T24] audit: type=1400 audit(1880849000.639:3994): avc: denied { create } for pid=5994 comm="syz.4.1702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 369.412996][ T295] smsc95xx: probe of 3-1:0.67 failed with error -71 [ 369.421126][ T295] usb 3-1: USB disconnect, device number 33 [ 369.477127][ T24] audit: type=1400 audit(1880849000.659:3995): avc: denied { create } for pid=5994 comm="syz.4.1702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 369.504223][ T24] audit: type=1400 audit(1880849000.669:3996): avc: denied { bind } for pid=5994 comm="syz.4.1702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 369.538434][ T24] audit: type=1400 audit(1880849000.669:3997): avc: denied { name_bind } for pid=5994 comm="syz.4.1702" src=607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 369.565667][ T24] audit: type=1400 audit(1880849000.669:3998): avc: denied { node_bind } for pid=5994 comm="syz.4.1702" saddr=::700:0:0:0 src=607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 369.591125][ T24] audit: type=1400 audit(1880849000.889:3999): avc: denied { mount } for pid=6003 comm="syz.1.1705" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 369.616515][ T24] audit: type=1400 audit(1880849000.969:4000): avc: denied { append } for pid=6006 comm="syz.2.1706" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 369.661027][ T6010] EXT4-fs (loop4): orphan cleanup on readonly fs [ 369.672296][ T6010] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.1707: bg 0: block 248: padding at end of block bitmap is not set [ 369.688251][ T6010] Quota error (device loop4): write_blk: dquota write failed [ 369.696828][ T6010] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 369.709464][ T6010] EXT4-fs error (device loop4): ext4_acquire_dquot:6226: comm syz.4.1707: Failed to acquire dquot type 1 [ 369.722075][ T6010] EXT4-fs (loop4): 1 truncate cleaned up [ 369.729357][ T6010] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 369.760547][ T5993] fuse: Unknown parameter '017777777777777777777770x0000000000000005' [ 369.780477][ T24] audit: type=1400 audit(1880849001.209:4001): avc: denied { create } for pid=5992 comm="syz.0.1703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 369.952280][ T6047] netlink: 'syz.3.1723': attribute type 12 has an invalid length. [ 369.960757][ T6047] netlink: 'syz.3.1723': attribute type 29 has an invalid length. [ 369.972061][ T6047] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1723'. [ 369.983213][ T6047] netlink: 'syz.3.1723': attribute type 2 has an invalid length. [ 369.991236][ T6047] netlink: 'syz.3.1723': attribute type 3 has an invalid length. [ 370.000252][ T6047] netlink: 31 bytes leftover after parsing attributes in process `syz.3.1723'. [ 370.059801][ T6057] 9pnet_virtio: no channels available for device syz [ 370.084171][ T554] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 370.092750][ T6061] 9pnet: p9_fd_create_tcp (6061): problem connecting socket to 127.0.0.1 [ 370.132883][ T6071] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1734'. [ 370.184187][ T1562] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 370.334212][ T554] usb 5-1: Using ep0 maxpacket: 16 [ 370.424163][ T1562] usb 3-1: Using ep0 maxpacket: 8 [ 370.454316][ T554] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 370.467519][ T6108] SELinux: ebitmap start bit (3223858) is not a multiple of the map unit size (64) [ 370.470899][ T554] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.479062][ T6108] SELinux: failed to load policy [ 370.492408][ T554] usb 5-1: config 0 interface 0 has no altsetting 0 [ 370.500572][ T554] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 370.509881][ T554] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.530997][ T554] usb 5-1: config 0 descriptor?? [ 370.564211][ T1562] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 370.572453][ T1562] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 370.582516][ T1562] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 370.592437][ T1562] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 370.602444][ T1562] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 370.616113][ T1562] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 370.625559][ T1562] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.808122][ T6135] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967295 (34359738360 ns) > initial count (288 ns). Using initial count to start timer. [ 370.853959][ T6140] xt_hashlimit: size too large, truncated to 1048576 [ 371.074274][ T554] usbhid 5-1:0.0: can't add hid device: -71 [ 371.082185][ T554] usbhid: probe of 5-1:0.0 failed with error -71 [ 371.099105][ T554] usb 5-1: USB disconnect, device number 35 [ 371.181109][ T6161] 9pnet_virtio: no channels available for device syz [ 371.564232][ T1562] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 371.603012][ T6196] 9pnet_virtio: no channels available for device syz [ 371.804280][ T1562] usb 4-1: Using ep0 maxpacket: 16 [ 371.924266][ T1562] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 371.935409][ T1562] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 371.945189][ T1562] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 371.954269][ T1562] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.962934][ T1562] usb 4-1: config 0 descriptor?? [ 372.104178][ T20] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 372.124018][ T6217] xt_hashlimit: size too large, truncated to 1048576 [ 372.315577][ T6220] binder: BINDER_SET_CONTEXT_MGR already set [ 372.322065][ T6220] binder: 6219:6220 ioctl 4018620d 200000000040 returned -16 [ 372.375643][ T6228] 9pnet_virtio: no channels available for device syz [ 372.436090][ T1562] appleir 0003:05AC:8241.0048: unknown main item tag 0x0 [ 372.443333][ T1562] appleir 0003:05AC:8241.0048: unknown main item tag 0x0 [ 372.450907][ T1562] appleir 0003:05AC:8241.0048: unknown main item tag 0x0 [ 372.458587][ T1562] appleir 0003:05AC:8241.0048: unknown main item tag 0x0 [ 372.465982][ T1562] appleir 0003:05AC:8241.0048: unknown main item tag 0x0 [ 372.473895][ T1562] appleir 0003:05AC:8241.0048: No inputs registered, leaving [ 372.484206][ T1562] appleir 0003:05AC:8241.0048: hiddev96,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0 [ 372.484216][ T20] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 372.484246][ T20] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 372.515711][ T20] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 372.525372][ T20] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 372.536518][ T20] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 372.558034][ T6238] xt_hashlimit: size too large, truncated to 1048576 [ 372.606480][ T6244] loop2: [ 372.664560][ T20] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 372.669398][ T6248] ================================================================== [ 372.686015][ T6248] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x842/0x3280 [ 372.686040][ T20] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 372.694520][ T6248] Read of size 8 at addr ffff888117598fc0 by task syz.1.1809/6248 [ 372.694524][ T6248] [ 372.694540][ T6248] CPU: 0 PID: 6248 Comm: syz.1.1809 Not tainted 5.10.237-syzkaller-00309-g7e2543346ff7 #0 [ 372.694548][ T6248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 372.694553][ T6248] Call Trace: [ 372.694579][ T6248] __dump_stack+0x21/0x24 [ 372.694593][ T6248] dump_stack_lvl+0x169/0x1d8 [ 372.694608][ T6248] ? show_regs_print_info+0x18/0x18 [ 372.694635][ T6248] ? thaw_kernel_threads+0x220/0x220 [ 372.710477][ T20] usb 5-1: Product: syz [ 372.711130][ T6248] print_address_description+0x7f/0x2c0 [ 372.715791][ T20] usb 5-1: Manufacturer: syz [ 372.723360][ T6248] ? tc_setup_flow_action+0x842/0x3280 [ 372.723386][ T6248] kasan_report+0xe2/0x130 [ 372.782604][ T6248] ? flow_action_cookie_create+0x28/0x90 [ 372.788262][ T6248] ? tc_setup_flow_action+0x842/0x3280 [ 372.793754][ T6248] __asan_report_load8_noabort+0x14/0x20 [ 372.799406][ T6248] tc_setup_flow_action+0x842/0x3280 [ 372.804711][ T6248] ? __kmalloc+0x1a7/0x330 [ 372.809138][ T6248] ? flow_rule_alloc+0x32/0x2c0 [ 372.813998][ T6248] mall_replace_hw_filter+0x293/0x810 [ 372.819376][ T6248] ? pcpu_block_update_hint_alloc+0x8bc/0xc50 [ 372.824806][ T20] cdc_wdm 5-1:1.0: skipping garbage [ 372.825456][ T6248] ? mall_set_parms+0x410/0x410 [ 372.825476][ T6248] ? tcf_exts_destroy+0xb0/0xb0 [ 372.830680][ T20] cdc_wdm 5-1:1.0: skipping garbage [ 372.835503][ T6248] ? pcpu_alloc+0xf8a/0x16b0 [ 372.835522][ T6248] ? mall_set_parms+0x19d/0x410 [ 372.835537][ T6248] mall_change+0x528/0x750 [ 372.835551][ T6248] ? __kasan_check_write+0x14/0x20 [ 372.835578][ T6248] ? mall_get+0xa0/0xa0 [ 372.868991][ T6248] ? tcf_chain_tp_insert_unique+0xac1/0xc10 [ 372.875716][ T6248] ? nla_strcmp+0xf4/0x140 [ 372.880147][ T6248] tc_new_tfilter+0x13f6/0x1a10 [ 372.885020][ T6248] ? mall_get+0xa0/0xa0 [ 372.889207][ T6248] ? tcf_gate_entry_destructor+0x20/0x20 [ 372.894862][ T6248] ? security_capable+0x87/0xb0 [ 372.899729][ T6248] ? ns_capable+0x8c/0xf0 [ 372.904073][ T6248] ? netlink_net_capable+0x125/0x160 [ 372.909497][ T6248] ? tcf_gate_entry_destructor+0x20/0x20 [ 372.915163][ T6248] rtnetlink_rcv_msg+0x800/0xb90 [ 372.920268][ T6248] ? rtnetlink_bind+0x80/0x80 [ 372.924968][ T6248] ? arch_stack_walk+0xee/0x140 [ 372.929832][ T6248] ? stack_trace_save+0x98/0xe0 [ 372.934771][ T6248] ? stack_trace_snprint+0xf0/0xf0 [ 372.940317][ T6248] ? memcpy+0x56/0x70 [ 372.944308][ T6248] ? avc_has_perm+0x234/0x360 [ 372.948988][ T6248] ? __kasan_slab_alloc+0xbd/0xf0 [ 372.954008][ T6248] ? slab_post_alloc_hook+0x5d/0x2f0 [ 372.959299][ T6248] ? ___sys_sendmsg+0x1f0/0x260 [ 372.964184][ T6248] ? avc_has_perm_noaudit+0x240/0x240 [ 372.969582][ T6248] ? selinux_nlmsg_lookup+0x3fb/0x4a0 [ 372.974973][ T6248] netlink_rcv_skb+0x1e0/0x430 [ 372.980023][ T6248] ? rtnetlink_bind+0x80/0x80 [ 372.985019][ T6248] ? netlink_ack+0xb80/0xb80 [ 372.989633][ T6248] ? __netlink_lookup+0x387/0x3b0 [ 372.994654][ T6248] rtnetlink_rcv+0x1c/0x20 [ 372.999353][ T6248] netlink_unicast+0x87c/0xa40 [ 373.004147][ T6248] netlink_sendmsg+0x88d/0xb30 [ 373.009787][ T6248] ? schedule_preempt_disabled+0x20/0x20 [ 373.015413][ T6248] ? netlink_getsockopt+0x530/0x530 [ 373.020624][ T6248] ? security_socket_sendmsg+0x82/0xa0 [ 373.026363][ T6248] ? netlink_getsockopt+0x530/0x530 [ 373.031670][ T6248] ____sys_sendmsg+0x5a2/0x8c0 [ 373.036446][ T6248] ? __sys_sendmsg_sock+0x40/0x40 [ 373.041481][ T6248] ? import_iovec+0x7c/0xb0 [ 373.045988][ T6248] ___sys_sendmsg+0x1f0/0x260 [ 373.050788][ T6248] ? __sys_sendmsg+0x250/0x250 [ 373.055550][ T6248] ? __fdget+0x1a1/0x230 [ 373.059789][ T6248] __x64_sys_sendmsg+0x1e2/0x2a0 [ 373.064719][ T6248] ? ___sys_sendmsg+0x260/0x260 [ 373.069914][ T6248] ? switch_fpu_return+0x197/0x340 [ 373.075048][ T6248] do_syscall_64+0x31/0x40 [ 373.079466][ T6248] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 373.085593][ T6248] RIP: 0033:0x7f670e44f969 [ 373.090005][ T6248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.109980][ T6248] RSP: 002b:00007f670cab8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 373.118394][ T6248] RAX: ffffffffffffffda RBX: 00007f670e676fa0 RCX: 00007f670e44f969 [ 373.126413][ T6248] RDX: 0000000004000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 373.134489][ T6248] RBP: 00007f670e4d1ab1 R08: 0000000000000000 R09: 0000000000000000 [ 373.142906][ T6248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 373.150902][ T6248] R13: 0000000000000000 R14: 00007f670e676fa0 R15: 00007ffe2abaa168 [ 373.158909][ T6248] [ 373.161638][ T6248] Allocated by task 6248: [ 373.167364][ T6248] __kasan_kmalloc+0xda/0x110 [ 373.172055][ T6248] __kmalloc+0x1a7/0x330 [ 373.176291][ T6248] tcf_idr_create+0x5f/0x790 [ 373.180868][ T6248] tcf_idr_create_from_flags+0x61/0x70 [ 373.186317][ T6248] tcf_gact_init+0x2b4/0x520 [ 373.191327][ T6248] tcf_action_init_1+0x3e1/0x670 [ 373.196950][ T6248] tcf_action_init+0x1e6/0x700 [ 373.201804][ T6248] tcf_exts_validate+0x215/0x510 [ 373.206738][ T6248] mall_set_parms+0x4b/0x410 [ 373.211315][ T6248] mall_change+0x45c/0x750 [ 373.215810][ T6248] tc_new_tfilter+0x13f6/0x1a10 [ 373.220756][ T6248] rtnetlink_rcv_msg+0x800/0xb90 [ 373.225776][ T6248] netlink_rcv_skb+0x1e0/0x430 [ 373.232670][ T6248] rtnetlink_rcv+0x1c/0x20 [ 373.237208][ T6248] netlink_unicast+0x87c/0xa40 [ 373.241966][ T6248] netlink_sendmsg+0x88d/0xb30 [ 373.247909][ T6248] ____sys_sendmsg+0x5a2/0x8c0 [ 373.253077][ T6248] ___sys_sendmsg+0x1f0/0x260 [ 373.257758][ T6248] __x64_sys_sendmsg+0x1e2/0x2a0 [ 373.262689][ T6248] do_syscall_64+0x31/0x40 [ 373.267106][ T6248] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 373.273089][ T6248] [ 373.275416][ T6248] Last potentially related work creation: [ 373.281132][ T6248] kasan_save_stack+0x3a/0x60 [ 373.285800][ T6248] __kasan_record_aux_stack+0xd2/0x100 [ 373.291247][ T6248] kasan_record_aux_stack_noalloc+0xb/0x10 [ 373.297043][ T6248] call_rcu+0x105/0x1040 [ 373.301277][ T6248] neigh_parms_release+0x1cb/0x200 [ 373.306402][ T6248] addrconf_ifdown+0x15bb/0x1800 [ 373.311326][ T6248] addrconf_notify+0x3bd/0xe90 [ 373.316426][ T6248] raw_notifier_call_chain+0x90/0x100 [ 373.321788][ T6248] unregister_netdevice_many+0xf8b/0x1980 [ 373.327496][ T6248] default_device_exit_batch+0x330/0x390 [ 373.333116][ T6248] cleanup_net+0x5fb/0xb70 [ 373.337554][ T6248] process_one_work+0x6e1/0xba0 [ 373.342497][ T6248] worker_thread+0xa6a/0x13b0 [ 373.347181][ T6248] kthread+0x346/0x3d0 [ 373.351244][ T6248] ret_from_fork+0x1f/0x30 [ 373.355639][ T6248] [ 373.357957][ T6248] The buggy address belongs to the object at ffff888117598f00 [ 373.357957][ T6248] which belongs to the cache kmalloc-192 of size 192 [ 373.371996][ T6248] The buggy address is located 0 bytes to the right of [ 373.371996][ T6248] 192-byte region [ffff888117598f00, ffff888117598fc0) [ 373.385600][ T6248] The buggy address belongs to the page: [ 373.391254][ T6248] page:ffffea00045d6600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117598 [ 373.401690][ T6248] flags: 0x4000000000000200(slab) [ 373.406711][ T6248] raw: 4000000000000200 0000000000000000 0000000100000001 ffff888100043380 [ 373.415284][ T6248] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 373.423849][ T6248] page dumped because: kasan: bad access detected [ 373.430271][ T6248] page_owner tracks the page as allocated [ 373.435996][ T6248] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 102, ts 5170433887, free_ts 0 [ 373.451000][ T6248] prep_new_page+0x179/0x180 [ 373.455666][ T6248] get_page_from_freelist+0x2235/0x23d0 [ 373.461229][ T6248] __alloc_pages_nodemask+0x268/0x5f0 [ 373.466585][ T6248] new_slab+0x84/0x3f0 [ 373.470644][ T6248] ___slab_alloc+0x2a6/0x450 [ 373.475221][ T6248] __slab_alloc+0x63/0xa0 [ 373.479540][ T6248] kmem_cache_alloc_trace+0x1b3/0x2e0 [ 373.484986][ T6248] kernfs_fop_open+0x343/0xb30 [ 373.489738][ T6248] do_dentry_open+0x793/0x1090 [ 373.494490][ T6248] vfs_open+0x73/0x80 [ 373.498461][ T6248] path_openat+0x27ad/0x3160 [ 373.503037][ T6248] do_filp_open+0x1b3/0x3e0 [ 373.507536][ T6248] do_sys_openat2+0x14c/0x6d0 [ 373.512198][ T6248] __x64_sys_openat+0x136/0x160 [ 373.517036][ T6248] do_syscall_64+0x31/0x40 [ 373.521451][ T6248] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 373.527333][ T6248] page_owner free stack trace missing [ 373.532698][ T6248] [ 373.535018][ T6248] Memory state around the buggy address: [ 373.540646][ T6248] ffff888117598e80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 373.548697][ T6248] ffff888117598f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 373.556751][ T6248] >ffff888117598f80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 373.564827][ T6248] ^ [ 373.570969][ T6248] ffff888117599000: fa fb fb fb fb fb fb fc fc fc fc 00 00 00 00 00 [ 373.579369][ T6248] ffff888117599080: 00 00 fc fc fc fc fa fb fb fb fb fb fb fc fc fc [ 373.587442][ T6248] ================================================================== [ 373.595693][ T6248] Disabling lock debugging due to kernel taint [ 373.606126][ T1562] usb 3-1: USB disconnect, device number 34 [ 373.611261][ T20] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 373.624174][ T15] usb 4-1: USB disconnect, device number 31 [ 373.635147][ T20] usb 5-1: USB disconnect, device number 36