last executing test programs: 2m27.145729995s ago: executing program 3 (id=1437): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socket$tipc(0x1e, 0x5, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) recvmmsg$unix(r2, &(0x7f0000003800)=[{{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000001600)=""/4086, 0x10b8c}], 0x1}}], 0x1, 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='ecryptfs\x00', 0x10005, 0x0) 1m59.856131134s ago: executing program 3 (id=1437): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socket$tipc(0x1e, 0x5, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) recvmmsg$unix(r2, &(0x7f0000003800)=[{{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000001600)=""/4086, 0x10b8c}], 0x1}}], 0x1, 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='ecryptfs\x00', 0x10005, 0x0) 1m31.770610646s ago: executing program 3 (id=1437): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socket$tipc(0x1e, 0x5, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) recvmmsg$unix(r2, &(0x7f0000003800)=[{{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000001600)=""/4086, 0x10b8c}], 0x1}}], 0x1, 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='ecryptfs\x00', 0x10005, 0x0) 59.614243981s ago: executing program 3 (id=1437): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socket$tipc(0x1e, 0x5, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) recvmmsg$unix(r2, &(0x7f0000003800)=[{{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000001600)=""/4086, 0x10b8c}], 0x1}}], 0x1, 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='ecryptfs\x00', 0x10005, 0x0) 35.638604047s ago: executing program 3 (id=1437): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socket$tipc(0x1e, 0x5, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) recvmmsg$unix(r2, &(0x7f0000003800)=[{{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000001600)=""/4086, 0x10b8c}], 0x1}}], 0x1, 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='ecryptfs\x00', 0x10005, 0x0) 14.337210775s ago: executing program 3 (id=1437): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socket$tipc(0x1e, 0x5, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) recvmmsg$unix(r2, &(0x7f0000003800)=[{{0x0, 0x0, &(0x7f0000003740)=[{&(0x7f0000001600)=""/4086, 0x10b8c}], 0x1}}], 0x1, 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='ecryptfs\x00', 0x10005, 0x0) 6.89334622s ago: executing program 4 (id=2879): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private2, @in=@empty, 0x4e22, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x80000}, {}, 0xffffffff}, {{@in6=@ipv4={'\x00', '\xff\xff', @local}, 0x3, 0x2b}, 0x0, @in=@local, 0x0, 0x4}}, 0xe8) r2 = socket$key(0xf, 0x3, 0x2) recvmmsg(r2, &(0x7f00000021c0)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x2}], 0x2, 0x10000, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x88c0) 6.832043719s ago: executing program 1 (id=2880): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(0xffffffffffffffff, 0xc0305302, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000080), 0x4) sendmmsg$inet(r1, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r2) 6.227771845s ago: executing program 4 (id=2883): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc43", 0xf) r1 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f00000000c0), 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0xfffb}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_open_dev$vbi(0x0, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x16a) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f00000002c0)=ANY=[@ANYBLOB="120000000000000200"/23]) openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x5c800, 0x0) pselect6(0x40, &(0x7f0000000000)={0x6, 0x2, 0x8000000000000000, 0x0, 0x2, 0x0, 0x100, 0x10001003}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0x1000000000, 0x689, 0x2, 0x3ffffffffd, 0x2, 0x7}, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) 5.718256075s ago: executing program 1 (id=2884): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd}) kcmp(r0, r0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 4.766423408s ago: executing program 4 (id=2886): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000000c0)='wlan0\x00', 0x10) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x80200, 0x0) ioctl$PTP_SYS_OFFSET(r1, 0x43403d05, &(0x7f00000006c0)={0xa}) 4.692226972s ago: executing program 1 (id=2887): r0 = timerfd_create(0x8, 0x80000) timerfd_settime(r0, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f00000003c0), 0x0) 4.583314439s ago: executing program 1 (id=2888): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_uring_setup(0x13b5, &(0x7f0000000140)={0x0, 0x5606, 0x40, 0xdfffffff, 0x2fa}) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$vhost_msg_v2(r4, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48) 4.380422253s ago: executing program 4 (id=2891): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x30, 0x0, 0x1, 0x10000000, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x24008004}, 0x9004) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/timers\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000280)={0x2020}, 0x2020) 3.607814349s ago: executing program 1 (id=2892): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x8004) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) ioctl$AUTOFS_IOC_FAIL(r1, 0x4c80, 0xffffffffffffffb6) 3.47486119s ago: executing program 0 (id=2893): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private2, @in=@empty, 0x4e22, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x80000}, {}, 0xffffffff}, {{@in6=@ipv4={'\x00', '\xff\xff', @local}, 0x3, 0x2b}, 0x0, @in=@local, 0x0, 0x4}}, 0xe8) recvmmsg(0xffffffffffffffff, &(0x7f00000021c0)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x2}], 0x2, 0x10000, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x88c0) 3.420659262s ago: executing program 2 (id=2894): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r1, 0xfffffffc) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) syz_init_net_socket$llc(0x1a, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.240005516s ago: executing program 0 (id=2895): r0 = fsopen(&(0x7f0000000000)='proc\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket(0x2c, 0x4, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141) keyctl$read(0x2, 0x0, &(0x7f00000003c0)=""/4096, 0x1000) vmsplice(r3, &(0x7f0000000780)=[{&(0x7f0000000800)="366c3d15cc3b565398e8b36c499f4ccb64274b83315c98a12cc2779ffd7920b8adb39bfd42274ad6c9300b77a2d6f571271493ccccdfb2b0e3335ff33fd688cf1adc1b5959e221d41b6a2c11d09fb84c7fc6ebdcd120", 0x56}], 0x1, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x5, 0x84) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f0000001640), 0x0, &(0x7f0000001680)=ANY=[]) removexattr(0x0, &(0x7f0000000280)=@known='trusted.overlay.impure\x00') socket$inet_sctp(0x2, 0x5, 0x84) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 3.214176082s ago: executing program 2 (id=2896): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc43", 0xf) r1 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f00000000c0), 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0xfffb}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_open_dev$vbi(0x0, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x16a) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f00000002c0)=ANY=[@ANYBLOB="120000000000000200"/23]) openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x5c800, 0x0) pselect6(0x40, &(0x7f0000000000)={0x6, 0x2, 0x8000000000000000, 0x0, 0x2, 0x0, 0x100, 0x10001003}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0x1000000000, 0x689, 0x2, 0x3ffffffffd, 0x2, 0x7}, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) 2.561607417s ago: executing program 2 (id=2897): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x8000000000000, &(0x7f0000000300)=@base={0x14, 0x4, 0x4, 0x20002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50) 2.251429162s ago: executing program 0 (id=2898): openat$sysfs(0xffffff9c, 0x0, 0x309080, 0x1) r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r1 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) tkill(r1, 0xb) ioctl$VIDIOC_G_CROP(0xffffffffffffffff, 0xc014563b, 0x0) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000200)={0xb, 0x29, 0x2, {0x945}}, 0xb) lsetxattr$system_posix_acl(&(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1c, 0x0) r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r5, 0x2007ffb) 2.01516816s ago: executing program 2 (id=2899): syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) syz_open_dev$video4linux(&(0x7f0000000000), 0x100000000006, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x388}, 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) 1.507151745s ago: executing program 2 (id=2900): setgroups(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) creat(&(0x7f0000000000)='./file0\x00', 0x108) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f0000006340)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x1, 0xffffffff80000000, 0xb159, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e400ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000fbff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x0, 0x9, {0x0, 0x7}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0xa4901, 0x0) write$tcp_congestion(r5, &(0x7f00000000c0)='lp\x00', 0xfffffdef) dup2(r5, r3) syz_emit_ethernet(0x56, 0x0, 0x0) 1.440583131s ago: executing program 0 (id=2901): socket$xdp(0x2c, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_SET_PTRACER(0x59616d61, r0) 1.429143458s ago: executing program 4 (id=2902): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_uring_setup(0x13b5, &(0x7f0000000140)={0x0, 0x5606, 0x40, 0xdfffffff, 0x2fa}) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$vhost_msg_v2(r4, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48) 313.437786ms ago: executing program 0 (id=2903): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') r0 = socket(0x8, 0x3, 0x0) ioctl$IMGETCOUNT(r0, 0x618f, 0x0) 134.283356ms ago: executing program 1 (id=2904): bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) splice(r1, 0x0, r2, 0x0, 0x10000000000019, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) 133.846057ms ago: executing program 2 (id=2905): bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, 0x0, 0x0) syz_open_procfs$pagemap(0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) mmap$dsp(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xa, 0x80010, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) r3 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r3, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33) 133.607256ms ago: executing program 4 (id=2906): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000008200000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket(0x1e, 0x5, 0x0) listen(r5, 0x0) r6 = socket(0x1e, 0x805, 0x0) accept4$inet6(r5, 0x0, 0x0, 0x800) sendmsg$tipc(r6, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)}, 0x0) socket$kcm(0x2d, 0x2, 0x0) r7 = memfd_secret(0x0) ioctl$SOUND_MIXER_INFO(r7, 0x805c4d65, &(0x7f0000000240)) r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ppoll(&(0x7f00000000c0)=[{r8, 0xb}], 0x1, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=2907): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc43", 0xf) r1 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f00000000c0), 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0xfffb}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_open_dev$vbi(0x0, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x16a) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f00000002c0)=ANY=[@ANYBLOB="120000000000000200"/23]) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f0000000000)={0x6, 0x2, 0x8000000000000000, 0x0, 0x2, 0x0, 0x100, 0x10001003}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0x1000000000, 0x689, 0x2, 0x3ffffffffd, 0x2, 0x7}, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) kernel console output (not intermixed with test programs): ber_perm+0x10/0x10 [ 807.584138][T15587] ? find_held_lock+0x2b/0x80 [ 807.584164][T15587] ? find_held_lock+0x2b/0x80 [ 807.584176][T15587] ? hook_file_ioctl_common+0x145/0x410 [ 807.584199][T15587] ? __fget_files+0x20e/0x3c0 [ 807.584216][T15587] security_file_ioctl+0x9b/0x240 [ 807.584233][T15587] __x64_sys_ioctl+0xb7/0x210 [ 807.584247][T15587] do_syscall_64+0xcd/0x4c0 [ 807.584264][T15587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.584276][T15587] RIP: 0033:0x7f22e678e929 [ 807.584286][T15587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 807.584297][T15587] RSP: 002b:00007f22e45d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 807.584308][T15587] RAX: ffffffffffffffda RBX: 00007f22e69b6080 RCX: 00007f22e678e929 [ 807.584315][T15587] RDX: 0000200000000080 RSI: 00000000c0306201 RDI: 0000000000000006 [ 807.584321][T15587] RBP: 00007f22e45d5090 R08: 0000000000000000 R09: 0000000000000000 [ 807.584328][T15587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 807.584334][T15587] R13: 0000000000000000 R14: 00007f22e69b6080 R15: 00007fffcd3b4428 [ 807.584348][T15587] [ 807.584364][T15587] ERROR: Out of memory at tomoyo_realpath_from_path. [ 807.826274][T11754] Bluetooth: hci2: command tx timeout [ 808.186732][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.197056][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.352561][T15477] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 808.372742][T15477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 808.407173][T15477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 808.438961][T15477] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 808.459974][T15477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 808.498146][T15477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 809.199161][T15477] hsr_slave_0: entered promiscuous mode [ 809.222551][T15477] hsr_slave_1: entered promiscuous mode [ 809.387168][ T30] audit: type=1400 audit(1751214348.328:706): avc: denied { write } for pid=15600 comm="syz.2.2150" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 809.465335][T15602] FAULT_INJECTION: forcing a failure. [ 809.465335][T15602] name failslab, interval 1, probability 0, space 0, times 0 [ 809.485999][T15602] CPU: 0 UID: 0 PID: 15602 Comm: syz.2.2150 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 809.486024][T15602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 809.486033][T15602] Call Trace: [ 809.486039][T15602] [ 809.486046][T15602] dump_stack_lvl+0x16c/0x1f0 [ 809.486074][T15602] should_fail_ex+0x512/0x640 [ 809.486096][T15602] ? fs_reclaim_acquire+0xae/0x150 [ 809.486114][T15602] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 809.486136][T15602] should_failslab+0xc2/0x120 [ 809.486157][T15602] __kmalloc_noprof+0xd2/0x510 [ 809.486189][T15602] tomoyo_realpath_from_path+0xc2/0x6e0 [ 809.486213][T15602] ? tomoyo_profile+0x47/0x60 [ 809.486241][T15602] tomoyo_path_number_perm+0x245/0x580 [ 809.486259][T15602] ? tomoyo_path_number_perm+0x237/0x580 [ 809.486279][T15602] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 809.486301][T15602] ? find_held_lock+0x2b/0x80 [ 809.486343][T15602] ? find_held_lock+0x2b/0x80 [ 809.486363][T15602] ? hook_file_ioctl_common+0x145/0x410 [ 809.486393][T15602] ? __fget_files+0x20e/0x3c0 [ 809.486422][T15602] security_file_ioctl+0x9b/0x240 [ 809.486447][T15602] __x64_sys_ioctl+0xb7/0x210 [ 809.486468][T15602] do_syscall_64+0xcd/0x4c0 [ 809.486495][T15602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 809.486512][T15602] RIP: 0033:0x7f87af78e929 [ 809.486527][T15602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 809.486543][T15602] RSP: 002b:00007f87b0655038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 809.486560][T15602] RAX: ffffffffffffffda RBX: 00007f87af9b5fa0 RCX: 00007f87af78e929 [ 809.486572][T15602] RDX: 0000200000000240 RSI: 00000000c010640c RDI: 0000000000000003 [ 809.486584][T15602] RBP: 00007f87b0655090 R08: 0000000000000000 R09: 0000000000000000 [ 809.486595][T15602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 809.486606][T15602] R13: 0000000000000000 R14: 00007f87af9b5fa0 R15: 00007ffd26ef5c58 [ 809.486630][T15602] [ 809.488551][T15602] ERROR: Out of memory at tomoyo_realpath_from_path. [ 810.564708][ T30] audit: type=1400 audit(1751214349.448:707): avc: denied { create } for pid=15621 comm="syz.4.2155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 810.920785][ T30] audit: type=1400 audit(1751214349.458:708): avc: denied { write } for pid=15621 comm="syz.4.2155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 811.267076][T15636] lo speed is unknown, defaulting to 1000 [ 811.273051][T15636] lo speed is unknown, defaulting to 1000 [ 811.282054][T15636] lo speed is unknown, defaulting to 1000 [ 811.331601][T15636] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 811.429299][T15636] lo speed is unknown, defaulting to 1000 [ 811.441891][T15636] lo speed is unknown, defaulting to 1000 [ 811.453879][T15636] lo speed is unknown, defaulting to 1000 [ 811.465893][T15636] lo speed is unknown, defaulting to 1000 [ 811.477645][T15636] lo speed is unknown, defaulting to 1000 [ 811.639597][T15477] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 811.741469][T15477] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 811.766313][T15477] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 811.799727][T15477] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 812.274733][ T43] usb 3-1: new full-speed USB device number 53 using dummy_hcd [ 812.437199][ T43] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 812.454787][ T43] usb 3-1: config 0 has no interface number 0 [ 812.463776][ T43] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 812.512587][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 812.601720][ T43] usb 3-1: config 0 descriptor?? [ 812.662268][ T43] usb 3-1: selecting invalid altsetting 1 [ 812.670208][ T43] dvb_ttusb_budget: ttusb_init_controller: error [ 812.676690][ T43] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 812.758703][ T43] DVB: Unable to find symbol cx22700_attach() [ 812.803669][ T43] DVB: Unable to find symbol tda10046_attach() [ 812.810054][ T43] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 814.748783][ T5933] usb 3-1: USB disconnect, device number 53 [ 814.929826][T15669] ALSA: mixer_oss: invalid OSS volume 'V3' [ 814.949167][T15477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 814.958341][ T30] audit: type=1400 audit(1751214353.898:709): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 814.964301][T15669] ALSA: mixer_oss: invalid OSS volume '010000E0' [ 814.993976][T15669] ALSA: mixer_oss: invalid OSS volume '11' [ 815.000164][T15669] ALSA: mixer_oss: invalid OSS volume '010000E0' [ 815.025450][ T30] audit: type=1400 audit(1751214353.958:710): avc: denied { ioctl } for pid=15659 comm="syz.1.2161" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 815.034905][T15669] ALSA: mixer_oss: invalid OSS volume '12' [ 815.084059][T15669] ALSA: mixer_oss: invalid OSS volume '' [ 815.092626][T15477] 8021q: adding VLAN 0 to HW filter on device team0 [ 815.158434][T12879] bridge0: port 1(bridge_slave_0) entered blocking state [ 815.165592][T12879] bridge0: port 1(bridge_slave_0) entered forwarding state [ 815.202471][T11895] bridge0: port 2(bridge_slave_1) entered blocking state [ 815.209636][T11895] bridge0: port 2(bridge_slave_1) entered forwarding state [ 816.454690][ T30] audit: type=1400 audit(1751214355.388:711): avc: denied { mount } for pid=15704 comm="syz.4.2168" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 816.485988][ T30] audit: type=1400 audit(1751214355.418:712): avc: denied { search } for pid=15704 comm="syz.4.2168" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 816.772354][ T30] audit: type=1400 audit(1751214355.418:713): avc: denied { search } for pid=15704 comm="syz.4.2168" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 816.940297][T15701] lo speed is unknown, defaulting to 1000 [ 817.044061][T15701] lo speed is unknown, defaulting to 1000 [ 817.050847][ T30] audit: type=1400 audit(1751214355.418:714): avc: denied { search } for pid=15704 comm="syz.4.2168" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 817.088922][ T30] audit: type=1400 audit(1751214355.418:715): avc: denied { search } for pid=15704 comm="syz.4.2168" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 817.121377][ T30] audit: type=1400 audit(1751214355.428:716): avc: denied { write } for pid=15704 comm="syz.4.2168" name="sg0" dev="devtmpfs" ino=752 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 817.190944][ T30] audit: type=1400 audit(1751214355.528:717): avc: denied { append } for pid=15704 comm="syz.4.2168" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 817.229240][ T30] audit: type=1326 audit(1751214355.598:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15704 comm="syz.4.2168" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5fb9f8e929 code=0x0 [ 817.381565][T15477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 817.838827][T15477] veth0_vlan: entered promiscuous mode [ 817.850583][T15477] veth1_vlan: entered promiscuous mode [ 817.903860][T15477] veth0_macvtap: entered promiscuous mode [ 818.056247][T15477] veth1_macvtap: entered promiscuous mode [ 818.586045][T15741] FAULT_INJECTION: forcing a failure. [ 818.586045][T15741] name failslab, interval 1, probability 0, space 0, times 0 [ 818.593879][T15477] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 818.639873][T15477] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 818.646793][T15741] CPU: 0 UID: 0 PID: 15741 Comm: syz.1.2175 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 818.646818][T15741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 818.646828][T15741] Call Trace: [ 818.646834][T15741] [ 818.646840][T15741] dump_stack_lvl+0x16c/0x1f0 [ 818.646868][T15741] should_fail_ex+0x512/0x640 [ 818.646892][T15741] ? fs_reclaim_acquire+0xae/0x150 [ 818.646911][T15741] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 818.646933][T15741] should_failslab+0xc2/0x120 [ 818.646955][T15741] __kmalloc_noprof+0xd2/0x510 [ 818.646980][T15741] tomoyo_realpath_from_path+0xc2/0x6e0 [ 818.647004][T15741] ? tomoyo_profile+0x47/0x60 [ 818.647030][T15741] tomoyo_path_number_perm+0x245/0x580 [ 818.647048][T15741] ? tomoyo_path_number_perm+0x237/0x580 [ 818.647068][T15741] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 818.647088][T15741] ? find_held_lock+0x2b/0x80 [ 818.647131][T15741] ? find_held_lock+0x2b/0x80 [ 818.647149][T15741] ? hook_file_ioctl_common+0x145/0x410 [ 818.647180][T15741] ? __fget_files+0x20e/0x3c0 [ 818.647206][T15741] security_file_ioctl+0x9b/0x240 [ 818.647231][T15741] __x64_sys_ioctl+0xb7/0x210 [ 818.647252][T15741] do_syscall_64+0xcd/0x4c0 [ 818.647281][T15741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.647299][T15741] RIP: 0033:0x7efc0158e929 [ 818.647314][T15741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 818.647331][T15741] RSP: 002b:00007efc023ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 818.647349][T15741] RAX: ffffffffffffffda RBX: 00007efc017b5fa0 RCX: 00007efc0158e929 [ 818.647361][T15741] RDX: 0000200000000140 RSI: 00000000c0505350 RDI: 0000000000000005 [ 818.647372][T15741] RBP: 00007efc023ee090 R08: 0000000000000000 R09: 0000000000000000 [ 818.647383][T15741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 818.647393][T15741] R13: 0000000000000000 R14: 00007efc017b5fa0 R15: 00007ffc86bbc868 [ 818.647419][T15741] [ 818.647426][T15741] ERROR: Out of memory at tomoyo_realpath_from_path. [ 818.870690][T15477] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 818.879537][T15477] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 818.888277][T15477] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 818.897107][T15477] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 819.545057][ T3474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 819.561893][ T3474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 819.669054][T12879] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 819.690995][T12879] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 820.700539][T15774] FAULT_INJECTION: forcing a failure. [ 820.700539][T15774] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 820.715036][T15774] CPU: 0 UID: 0 PID: 15774 Comm: syz.1.2181 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 820.715062][T15774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 820.715073][T15774] Call Trace: [ 820.715080][T15774] [ 820.715087][T15774] dump_stack_lvl+0x16c/0x1f0 [ 820.715118][T15774] should_fail_ex+0x512/0x640 [ 820.715146][T15774] should_fail_alloc_page+0xe7/0x130 [ 820.715174][T15774] prepare_alloc_pages+0x3c2/0x610 [ 820.715204][T15774] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 820.715230][T15774] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 820.715256][T15774] ? is_bpf_text_address+0x94/0x1a0 [ 820.715278][T15774] ? kernel_text_address+0x8d/0x100 [ 820.715298][T15774] ? __kernel_text_address+0xd/0x40 [ 820.715316][T15774] ? unwind_get_return_address+0x59/0xa0 [ 820.715346][T15774] ? arch_stack_walk+0xa6/0x100 [ 820.715365][T15774] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 820.715402][T15774] ? _kstrtoull+0x145/0x200 [ 820.715421][T15774] ? __pfx__kstrtoull+0x10/0x10 [ 820.715438][T15774] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 820.715462][T15774] ? policy_nodemask+0xea/0x4e0 [ 820.715491][T15774] alloc_pages_mpol+0x1fb/0x550 [ 820.715517][T15774] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 820.715551][T15774] folio_alloc_mpol_noprof+0x36/0x2f0 [ 820.715581][T15774] vma_alloc_folio_noprof+0xed/0x1e0 [ 820.715609][T15774] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 820.715640][T15774] ? __handle_mm_fault+0x2495/0x5490 [ 820.715665][T15774] __handle_mm_fault+0x2f21/0x5490 [ 820.715693][T15774] ? __pfx___handle_mm_fault+0x10/0x10 [ 820.715714][T15774] ? lock_vma_under_rcu+0x47d/0x970 [ 820.715735][T15774] ? lock_vma_under_rcu+0x47d/0x970 [ 820.715775][T15774] handle_mm_fault+0x589/0xd10 [ 820.715797][T15774] ? __pkru_allows_pkey+0x41/0xb0 [ 820.715824][T15774] do_user_addr_fault+0x60c/0x1370 [ 820.715853][T15774] ? rcu_is_watching+0x12/0xc0 [ 820.715879][T15774] exc_page_fault+0x5c/0xb0 [ 820.715904][T15774] asm_exc_page_fault+0x26/0x30 [ 820.715922][T15774] RIP: 0033:0x7efc0145a33b [ 820.715936][T15774] Code: 00 00 00 48 8d 3d fd 2b 19 00 48 89 c1 31 c0 e8 fb 3c ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 31 2c 19 00 48 89 34 24 48 8b 14 24 48 8b [ 820.715954][T15774] RSP: 002b:00007efc023aafb0 EFLAGS: 00010202 [ 820.715970][T15774] RAX: 0000000000000000 RBX: 00007efc017b6160 RCX: 0000000000000000 [ 820.715982][T15774] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000200000000140 [ 820.715993][T15774] RBP: 00007efc023ac090 R08: 0000000000000000 R09: 0000000000000000 [ 820.716005][T15774] R10: 0000200000000140 R11: 0000000000000000 R12: 0000000000000001 [ 820.716017][T15774] R13: 0000000000000000 R14: 00007efc017b6160 R15: 00007ffc86bbc868 [ 820.716043][T15774] [ 820.716257][T15774] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 821.476833][T11624] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 821.628666][T11624] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 821.684825][ T9] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 821.748525][T13520] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 821.767592][T11624] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 821.846381][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 821.884767][ T9] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 821.893904][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 821.898218][T11624] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 821.926398][ T9] usb 2-1: config 0 descriptor?? [ 821.946337][T13520] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 821.946812][ T9] pwc: Askey VC010 type 2 USB webcam detected. [ 821.961442][T13520] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 821.975027][T13520] usb 3-1: New USB device found, idVendor=06a3, idProduct=0ccb, bcdDevice= 0.00 [ 821.984063][T13520] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 822.001390][T13520] usb 3-1: config 0 descriptor?? [ 822.076805][T11624] bridge_slave_1: left allmulticast mode [ 822.082495][T11624] bridge_slave_1: left promiscuous mode [ 822.090509][T11624] bridge0: port 2(bridge_slave_1) entered disabled state [ 822.099877][T11624] bridge_slave_0: left allmulticast mode [ 822.105832][T11624] bridge_slave_0: left promiscuous mode [ 822.111522][T11624] bridge0: port 1(bridge_slave_0) entered disabled state [ 822.347835][ T9] pwc: recv_control_msg error -32 req 02 val 2b00 [ 822.357066][ T9] pwc: recv_control_msg error -32 req 02 val 2700 [ 822.364139][ T9] pwc: recv_control_msg error -32 req 02 val 2c00 [ 822.374145][ T9] pwc: recv_control_msg error -32 req 04 val 1000 [ 822.381447][ T9] pwc: recv_control_msg error -32 req 04 val 1300 [ 822.396426][ T9] pwc: recv_control_msg error -32 req 04 val 1400 [ 822.426462][T13520] saitek 0003:06A3:0CCB.0006: item fetching failed at offset 0/3 [ 822.435309][T13520] saitek 0003:06A3:0CCB.0006: parse failed [ 822.441212][T13520] saitek 0003:06A3:0CCB.0006: probe with driver saitek failed with error -22 [ 822.441575][T11624] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 822.463438][T11624] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 822.474877][T11624] bond0 (unregistering): Released all slaves [ 822.609359][ T9] pwc: recv_control_msg error -32 req 02 val 2100 [ 822.822943][ T9] pwc: recv_control_msg error -71 req 02 val 2500 [ 822.871114][ T9] pwc: recv_control_msg error -71 req 02 val 2400 [ 822.895135][ T9] pwc: recv_control_msg error -71 req 02 val 2600 [ 822.917229][ T9] pwc: recv_control_msg error -71 req 02 val 2900 [ 823.084700][ T9] pwc: recv_control_msg error -71 req 02 val 2800 [ 823.103954][ T9] pwc: recv_control_msg error -71 req 04 val 1100 [ 823.125562][ T9] pwc: recv_control_msg error -71 req 04 val 1200 [ 823.147183][ T9] pwc: Registered as video103. [ 823.178001][ T5818] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 823.187598][ T5818] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 823.196356][ T5818] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 823.212940][ T5818] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 823.220667][ T5818] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 823.228854][ T9] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input55 [ 823.303036][ T9] usb 2-1: USB disconnect, device number 43 [ 823.969590][T15784] lo speed is unknown, defaulting to 1000 [ 824.105708][T11624] hsr_slave_0: left promiscuous mode [ 824.121717][T11624] hsr_slave_1: left promiscuous mode [ 824.127989][T11624] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 824.154663][T11624] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 824.183484][T11624] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 824.193053][T11624] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 824.319580][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 824.319596][ T30] audit: type=1400 audit(1751214363.258:731): avc: denied { connect } for pid=15820 comm="syz.4.2188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 824.842437][T11624] veth1_macvtap: left promiscuous mode [ 824.851188][T11624] veth0_macvtap: left promiscuous mode [ 824.859268][T11624] veth1_vlan: left promiscuous mode [ 824.868716][T11624] veth0_vlan: left promiscuous mode [ 825.294928][T11754] Bluetooth: hci2: command tx timeout [ 825.528182][ T9] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 825.673571][T11624] team0 (unregistering): Port device team_slave_1 removed [ 825.707982][ T9] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.02 [ 825.727235][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 825.739104][ T9] usb 2-1: Product: syz [ 825.743753][T11624] team0 (unregistering): Port device team_slave_0 removed [ 825.751717][ T9] usb 2-1: Manufacturer: syz [ 825.758366][ T9] usb 2-1: SerialNumber: syz [ 825.815638][ T9] usb 2-1: config 0 descriptor?? [ 826.059722][ T9] hso 2-1:0.0: Failed to find BULK IN ep [ 826.124265][T15855] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2194'. [ 826.135688][T15855] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2194'. [ 826.215311][T15784] lo speed is unknown, defaulting to 1000 [ 826.215997][T15811] lo speed is unknown, defaulting to 1000 [ 826.263757][ T5886] usb 2-1: USB disconnect, device number 44 [ 826.291355][T15855] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 826.300269][T15855] team0: entered promiscuous mode [ 826.305450][T15855] team_slave_0: entered promiscuous mode [ 826.312225][T15855] team_slave_1: entered promiscuous mode [ 826.322284][T15811] lo speed is unknown, defaulting to 1000 [ 826.467966][ T30] audit: type=1400 audit(1751214365.408:732): avc: denied { create } for pid=15860 comm="syz.0.2197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 826.860989][ T5886] usb 3-1: USB disconnect, device number 54 [ 827.239216][T15880] fuse: root generation should be zero [ 827.301427][T15811] chnl_net:caif_netlink_parms(): no params data found [ 827.374785][T11754] Bluetooth: hci2: command tx timeout [ 827.453555][T15890] Bluetooth: MGMT ver 1.23 [ 828.135599][T15811] bridge0: port 1(bridge_slave_0) entered blocking state [ 828.161380][T15811] bridge0: port 1(bridge_slave_0) entered disabled state [ 828.177554][T15811] bridge_slave_0: entered allmulticast mode [ 828.192060][T15811] bridge_slave_0: entered promiscuous mode [ 828.239795][ T30] audit: type=1400 audit(1751214367.168:733): avc: denied { setopt } for pid=15904 comm="syz.1.2206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 828.279947][T15811] bridge0: port 2(bridge_slave_1) entered blocking state [ 828.287170][T15811] bridge0: port 2(bridge_slave_1) entered disabled state [ 828.294333][T15811] bridge_slave_1: entered allmulticast mode [ 828.301358][T15811] bridge_slave_1: entered promiscuous mode [ 829.121060][T15924] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2208'. [ 829.131987][T15924] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2208'. [ 829.173500][T15811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 829.198306][T15924] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2208'. [ 829.202881][T15811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 829.207787][T15924] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2208'. [ 829.323656][T15811] team0: Port device team_slave_0 added [ 829.459609][T11754] Bluetooth: hci2: command tx timeout [ 829.497680][T15811] team0: Port device team_slave_1 added [ 830.376676][ T30] audit: type=1400 audit(1751214369.308:734): avc: denied { mount } for pid=15940 comm="syz.4.2211" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 830.478986][T15811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 830.493375][T15811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 830.520836][T15811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 830.550928][T15811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 831.358951][T15811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 831.394813][T15811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 831.463581][T15811] hsr_slave_0: entered promiscuous mode [ 831.469738][T15811] hsr_slave_1: entered promiscuous mode [ 831.475842][T15811] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 831.485182][T15811] Cannot create hsr debugfs directory [ 831.545488][T11754] Bluetooth: hci2: command tx timeout [ 831.647100][T13520] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 831.814848][T13520] usb 1-1: Using ep0 maxpacket: 8 [ 832.077833][T15966] TCP: tcp_parse_options: Illegal window scaling value 236 > 14 received [ 833.475659][T13520] usb 1-1: unable to get BOS descriptor or descriptor too short [ 833.542574][ T30] audit: type=1400 audit(1751214372.278:735): avc: denied { write } for pid=15983 comm="syz.2.2224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 833.545821][T13520] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 833.630300][ T30] audit: type=1400 audit(1751214372.298:736): avc: denied { read } for pid=15983 comm="syz.2.2224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 833.791691][T13520] usb 1-1: can't read configurations, error -71 [ 834.762513][T15811] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 834.819602][T15811] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 834.853458][T15811] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 834.892984][T15811] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 835.074050][ T30] audit: type=1400 audit(1751214374.008:737): avc: denied { getopt } for pid=16022 comm="syz.0.2232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 835.113890][T15811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 835.187596][T15811] 8021q: adding VLAN 0 to HW filter on device team0 [ 835.396989][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 835.404146][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 835.585628][T16036] evm: overlay not supported [ 835.728414][ T30] audit: type=1400 audit(1751214374.578:738): avc: denied { create } for pid=16030 comm="syz.4.2234" name="#45" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 835.880674][ T30] audit: type=1400 audit(1751214374.578:739): avc: denied { link } for pid=16030 comm="syz.4.2234" name="#45" dev="tmpfs" ino=2588 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 835.903115][ T30] audit: type=1400 audit(1751214374.588:740): avc: denied { rename } for pid=16030 comm="syz.4.2234" name="#46" dev="tmpfs" ino=2588 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 835.911183][ T2204] bridge0: port 2(bridge_slave_1) entered blocking state [ 835.932547][ T2204] bridge0: port 2(bridge_slave_1) entered forwarding state [ 836.041225][ T30] audit: type=1400 audit(1751214374.978:741): avc: denied { create } for pid=16021 comm="syz.1.2233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 837.887892][T15811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 838.581564][T15811] veth0_vlan: entered promiscuous mode [ 839.261575][T15811] veth1_vlan: entered promiscuous mode [ 839.452610][T15811] veth0_macvtap: entered promiscuous mode [ 839.461792][T15811] veth1_macvtap: entered promiscuous mode [ 839.482998][T15811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 840.200485][T15811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 840.251438][T16089] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2241'. [ 840.893261][T15811] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 840.973514][T15811] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.119718][T15811] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.394329][T15811] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.443240][ T30] audit: type=1400 audit(1751214380.368:742): avc: denied { name_bind } for pid=16106 comm="syz.4.2246" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 842.810949][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 842.875093][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 843.035827][T11895] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 843.043687][T11895] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 843.189722][ T30] audit: type=1400 audit(1751214382.098:743): avc: denied { getopt } for pid=16123 comm="syz.0.2248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 843.889876][T16138] tipc: Enabling of bearer rejected, failed to enable media [ 846.115485][T11624] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 846.266124][T11624] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 846.362497][T11624] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 846.451125][T11624] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 846.582833][T11624] bridge_slave_1: left allmulticast mode [ 846.590546][T11624] bridge_slave_1: left promiscuous mode [ 846.603280][T11624] bridge0: port 2(bridge_slave_1) entered disabled state [ 846.613027][T11624] bridge_slave_0: left allmulticast mode [ 846.619410][T11624] bridge_slave_0: left promiscuous mode [ 846.625407][T11624] bridge0: port 1(bridge_slave_0) entered disabled state [ 846.952126][T11624] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 846.963384][T11624] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 846.974120][T11624] bond0 (unregistering): Released all slaves [ 847.219382][T11624] hsr_slave_0: left promiscuous mode [ 847.229264][T11624] hsr_slave_1: left promiscuous mode [ 847.237838][T11624] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 847.248874][T11624] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 847.258882][T11624] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 847.267048][T11624] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 847.288656][T11624] veth1_macvtap: left promiscuous mode [ 847.294199][T11624] veth0_macvtap: left promiscuous mode [ 847.344996][T11624] veth1_vlan: left promiscuous mode [ 847.350328][T11624] veth0_vlan: left promiscuous mode [ 847.729164][T13520] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 847.954626][T13520] usb 5-1: Using ep0 maxpacket: 16 [ 847.962522][T13520] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 847.980282][T13520] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 847.996564][T13520] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 848.008220][T16169] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 848.020560][T16169] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 848.032060][T16169] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 848.039059][T13520] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 848.039084][T13520] usb 5-1: Product: syz [ 848.048479][T16169] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 848.059727][T16169] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 848.066319][T13520] usb 5-1: Manufacturer: syz [ 848.088002][T13520] usb 5-1: SerialNumber: syz [ 848.709029][T13520] usb 5-1: 0:2 : does not exist [ 848.723963][T13520] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 848.788346][T13520] usb 5-1: USB disconnect, device number 36 [ 848.842492][ T9955] udevd[9955]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 850.045089][ T30] audit: type=1400 audit(1751214388.968:744): avc: denied { ioctl } for pid=16246 comm="syz.1.2266" path="socket:[57775]" dev="sockfs" ino=57775 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 850.069712][ C0] vkms_vblank_simulate: vblank timer overrun [ 850.255794][T16169] Bluetooth: hci2: command tx timeout [ 851.421367][T16260] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 852.064515][T11624] team0 (unregistering): Port device team_slave_1 removed [ 852.236811][T11624] team0 (unregistering): Port device team_slave_0 removed [ 852.336909][T16169] Bluetooth: hci2: command tx timeout [ 853.065538][T16225] lo speed is unknown, defaulting to 1000 [ 853.072472][T16225] lo speed is unknown, defaulting to 1000 [ 855.346888][T16225] chnl_net:caif_netlink_parms(): no params data found [ 855.350173][T16169] Bluetooth: hci2: command tx timeout [ 856.515974][T16225] bridge0: port 1(bridge_slave_0) entered blocking state [ 856.524987][T16225] bridge0: port 1(bridge_slave_0) entered disabled state [ 856.532232][T16225] bridge_slave_0: entered allmulticast mode [ 856.540242][T16225] bridge_slave_0: entered promiscuous mode [ 856.548575][T16225] bridge0: port 2(bridge_slave_1) entered blocking state [ 856.562038][T16225] bridge0: port 2(bridge_slave_1) entered disabled state [ 856.592764][T16225] bridge_slave_1: entered allmulticast mode [ 856.600355][T16225] bridge_slave_1: entered promiscuous mode [ 856.764064][T16225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 856.958008][T16225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 857.180401][T16323] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2281'. [ 857.242687][ T30] audit: type=1400 audit(1751214396.178:745): avc: denied { accept } for pid=16304 comm="syz.0.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 857.375045][T16169] Bluetooth: hci2: command tx timeout [ 857.393839][T16225] team0: Port device team_slave_0 added [ 857.403633][T16225] team0: Port device team_slave_1 added [ 857.588697][ T30] audit: type=1400 audit(1751214396.498:746): avc: denied { ioctl } for pid=16327 comm="syz.2.2284" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 857.884110][T16334] netlink: 172 bytes leftover after parsing attributes in process `syz.4.2285'. [ 857.960500][T16225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 857.977314][T16225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 858.546378][T16225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 858.558615][T16225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 858.565787][T16225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 858.677350][T16225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 858.747083][T16225] hsr_slave_0: entered promiscuous mode [ 858.756579][T16225] hsr_slave_1: entered promiscuous mode [ 858.790815][T16225] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 858.911380][T16225] Cannot create hsr debugfs directory [ 859.717654][ T30] audit: type=1400 audit(1751214398.648:747): avc: denied { connect } for pid=16374 comm="syz.4.2294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 859.720549][T16375] netlink: 'syz.4.2294': attribute type 15 has an invalid length. [ 860.602120][T16395] netlink: 'syz.2.2299': attribute type 10 has an invalid length. [ 860.606372][ T30] audit: type=1400 audit(1751214399.518:748): avc: denied { ioctl } for pid=16389 comm="syz.2.2299" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x9434 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 861.010312][T16395] team0: Device ipvlan1 failed to register rx_handler [ 862.634855][T16411] .: renamed from bond0 (while UP) [ 863.510937][ T30] audit: type=1400 audit(1751214402.448:749): avc: denied { accept } for pid=16444 comm="syz.4.2317" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 863.551699][T16225] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 864.079875][T16225] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 864.109300][T16225] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 864.140032][T16225] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 864.731030][T16225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 864.769323][T16225] 8021q: adding VLAN 0 to HW filter on device team0 [ 864.786267][ T7525] bridge0: port 1(bridge_slave_0) entered blocking state [ 864.793451][ T7525] bridge0: port 1(bridge_slave_0) entered forwarding state [ 864.909118][ T30] audit: type=1400 audit(1751214403.848:750): avc: denied { read } for pid=16475 comm="syz.4.2323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 864.945879][T16476] .: renamed from bond0 (while UP) [ 864.995176][T11624] bridge0: port 2(bridge_slave_1) entered blocking state [ 865.002240][T11624] bridge0: port 2(bridge_slave_1) entered forwarding state [ 865.585758][ T30] audit: type=1400 audit(1751214404.518:751): avc: denied { bind } for pid=16497 comm="syz.1.2330" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 865.639389][T16225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 866.068900][T16225] veth0_vlan: entered promiscuous mode [ 866.088954][T16511] capability: warning: `syz.1.2333' uses deprecated v2 capabilities in a way that may be insecure [ 866.111913][T16225] veth1_vlan: entered promiscuous mode [ 866.262632][T16225] veth0_macvtap: entered promiscuous mode [ 866.318022][T16225] veth1_macvtap: entered promiscuous mode [ 866.350118][T16225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 866.386274][T16225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 866.447616][T16225] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 866.489366][T16225] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 866.512545][T16225] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 866.528460][T16225] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 866.787966][T16529] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2335'. [ 866.819383][ T30] audit: type=1400 audit(1751214405.758:752): avc: denied { map } for pid=16519 comm="syz.1.2335" path="socket:[59388]" dev="sockfs" ino=59388 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 866.843709][ C1] vkms_vblank_simulate: vblank timer overrun [ 867.298550][ T30] audit: type=1400 audit(1751214405.758:753): avc: denied { read } for pid=16519 comm="syz.1.2335" path="socket:[59388]" dev="sockfs" ino=59388 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 867.404657][ T7525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 867.427083][ T7525] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 867.557736][ T3474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 867.589130][ T3474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 868.329248][ T30] audit: type=1400 audit(1751214407.268:754): avc: denied { append } for pid=16557 comm="syz.0.2344" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 869.060738][T11624] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 869.141574][T11624] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 869.222323][T11624] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 869.293659][T11624] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 869.400910][T11624] bridge_slave_1: left allmulticast mode [ 869.406727][T11624] bridge_slave_1: left promiscuous mode [ 869.412384][T11624] bridge0: port 2(bridge_slave_1) entered disabled state [ 869.421035][T11624] bridge_slave_0: left allmulticast mode [ 869.426996][T11624] bridge_slave_0: left promiscuous mode [ 869.432623][T11624] bridge0: port 1(bridge_slave_0) entered disabled state [ 869.619293][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 869.627274][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 869.648001][T11624] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 869.658597][T11624] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 869.669228][T11624] bond0 (unregistering): Released all slaves [ 869.918136][T11624] hsr_slave_0: left promiscuous mode [ 869.924067][T11624] hsr_slave_1: left promiscuous mode [ 869.933440][T11624] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 869.944015][T11624] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 869.952168][T11624] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 869.959901][T11624] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 869.983128][T11624] veth1_macvtap: left promiscuous mode [ 869.989897][T11624] veth0_macvtap: left promiscuous mode [ 869.996264][T11624] veth1_vlan: left promiscuous mode [ 870.001556][T11624] veth0_vlan: left promiscuous mode [ 870.290899][T11624] team0 (unregistering): Port device team_slave_1 removed [ 870.319691][T11624] team0 (unregistering): Port device team_slave_0 removed [ 871.483610][T11754] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 871.496579][T11754] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 871.504305][T11754] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 871.564461][T11754] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 871.577578][T11754] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 872.614725][T16620] lo speed is unknown, defaulting to 1000 [ 872.621096][T16620] lo speed is unknown, defaulting to 1000 [ 872.696970][T16637] netlink: 'syz.4.2357': attribute type 12 has an invalid length. [ 872.768590][T16637] netlink: 9472 bytes leftover after parsing attributes in process `syz.4.2357'. [ 873.304691][ T30] audit: type=1400 audit(1751214412.238:755): avc: denied { connect } for pid=16655 comm="syz.4.2361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 873.326825][T16620] chnl_net:caif_netlink_parms(): no params data found [ 873.698062][T16169] Bluetooth: hci2: command tx timeout [ 873.760666][T16673] fuse: Bad value for 'fd' [ 874.068661][T16620] bridge0: port 1(bridge_slave_0) entered blocking state [ 874.076362][T16620] bridge0: port 1(bridge_slave_0) entered disabled state [ 874.083672][T16620] bridge_slave_0: entered allmulticast mode [ 874.112332][T16620] bridge_slave_0: entered promiscuous mode [ 874.140715][T16620] bridge0: port 2(bridge_slave_1) entered blocking state [ 874.715929][T16620] bridge0: port 2(bridge_slave_1) entered disabled state [ 874.723145][T16620] bridge_slave_1: entered allmulticast mode [ 874.746008][T16620] bridge_slave_1: entered promiscuous mode [ 874.995412][T16689] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 875.001976][T16689] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 875.094413][T16689] vhci_hcd vhci_hcd.0: Device attached [ 875.165015][T16696] binder: 16686:16696 ioctl c0306201 200000000640 returned -22 [ 875.571193][T16690] vhci_hcd: connection closed [ 875.572628][T11895] vhci_hcd: stop threads [ 875.604600][T11895] vhci_hcd: release socket [ 875.620392][T16620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 875.620451][T11895] vhci_hcd: disconnect device [ 875.652589][T16620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 875.774789][T16169] Bluetooth: hci2: command tx timeout [ 875.831281][T16620] team0: Port device team_slave_0 added [ 875.848425][T16620] team0: Port device team_slave_1 added [ 877.259881][T16620] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 877.294733][T16620] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 877.347627][T16620] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 877.426568][T16620] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 877.433557][T16620] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 877.459456][ C1] vkms_vblank_simulate: vblank timer overrun [ 877.476252][T16620] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 877.671969][T16620] hsr_slave_0: entered promiscuous mode [ 877.697790][T16620] hsr_slave_1: entered promiscuous mode [ 877.745206][T16620] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 877.752800][T16620] Cannot create hsr debugfs directory [ 877.857144][T16169] Bluetooth: hci2: command tx timeout [ 878.162519][T16758] fuse: Bad value for 'fd' [ 878.168916][ T30] audit: type=1400 audit(1751214417.098:756): avc: denied { read write } for pid=16752 comm="syz.2.2384" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 878.193166][ C1] vkms_vblank_simulate: vblank timer overrun [ 878.588960][ T30] audit: type=1400 audit(1751214417.098:757): avc: denied { open } for pid=16752 comm="syz.2.2384" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 879.935334][T16169] Bluetooth: hci2: command tx timeout [ 882.047616][T16814] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2398'. [ 883.936462][ T30] audit: type=1400 audit(1751214422.848:758): avc: denied { bind } for pid=16836 comm="syz.0.2405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 883.956921][ C1] vkms_vblank_simulate: vblank timer overrun [ 883.977771][T16620] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 883.985406][ T30] audit: type=1400 audit(1751214422.848:759): avc: denied { setopt } for pid=16836 comm="syz.0.2405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 884.029257][T16620] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 884.066794][T16620] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 884.129245][T16620] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 884.529582][ T30] audit: type=1400 audit(1751214423.468:760): avc: denied { ioctl } for pid=16854 comm="syz.0.2410" path="socket:[61303]" dev="sockfs" ino=61303 ioctlcmd=0x8905 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 885.213730][T16620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 885.300913][T16620] 8021q: adding VLAN 0 to HW filter on device team0 [ 885.341505][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 885.348715][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 885.472252][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 885.479446][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 886.088334][T16890] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2417'. [ 886.153675][T16890] bridge0: port 3(batadv1) entered blocking state [ 886.161356][T16890] bridge0: port 3(batadv1) entered disabled state [ 886.168679][T16890] batadv1: entered allmulticast mode [ 886.180639][T16890] batadv1: entered promiscuous mode [ 886.948718][ T30] audit: type=1400 audit(1751214425.888:761): avc: denied { ioctl } for pid=16878 comm="syz.2.2415" path="socket:[60117]" dev="sockfs" ino=60117 ioctlcmd=0x89e5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 887.301698][T11624] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 887.311285][T11624] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 888.356701][ T30] audit: type=1400 audit(1751214426.938:762): avc: denied { bind } for pid=16901 comm="syz.0.2420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 888.500725][ T30] audit: type=1400 audit(1751214427.418:763): avc: denied { sqpoll } for pid=16906 comm="syz.1.2421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 888.616554][ T30] audit: type=1400 audit(1751214427.438:764): avc: denied { write } for pid=16906 comm="syz.1.2421" path="socket:[60183]" dev="sockfs" ino=60183 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 889.420711][T16620] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 891.156750][T16620] veth0_vlan: entered promiscuous mode [ 891.164358][ T30] audit: type=1400 audit(1751214428.758:765): avc: denied { map } for pid=16938 comm="syz.4.2427" path="/dev/video8" dev="devtmpfs" ino=951 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 891.201770][ T30] audit: type=1400 audit(1751214428.758:766): avc: denied { execute } for pid=16938 comm="syz.4.2427" path="/dev/video8" dev="devtmpfs" ino=951 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 891.238624][T16620] veth1_vlan: entered promiscuous mode [ 891.366496][T16620] veth0_macvtap: entered promiscuous mode [ 891.403186][T16620] veth1_macvtap: entered promiscuous mode [ 891.441070][T16620] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 891.557630][T16620] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 893.057207][T16620] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.214696][T16620] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.223428][T16620] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.308315][T16620] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 894.176371][ T30] audit: type=1400 audit(1751214433.108:767): avc: denied { write } for pid=16973 comm="syz.2.2436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 894.425946][ T7525] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 894.475111][ T7525] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 894.663653][ T7525] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 894.704569][ T7525] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 896.915008][T11895] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 897.630179][T11895] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 897.708332][T11895] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 897.803920][T11895] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 897.967647][T11895] bridge_slave_1: left allmulticast mode [ 897.973329][T11895] bridge_slave_1: left promiscuous mode [ 897.980943][T11895] bridge0: port 2(bridge_slave_1) entered disabled state [ 897.999302][T11895] bridge_slave_0: left allmulticast mode [ 898.006569][T11895] bridge_slave_0: left promiscuous mode [ 898.012284][T11895] bridge0: port 1(bridge_slave_0) entered disabled state [ 898.346042][T11895] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 898.357215][T11895] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 898.368675][T11895] bond0 (unregistering): Released all slaves [ 898.600089][T11895] hsr_slave_0: left promiscuous mode [ 898.607702][T11895] hsr_slave_1: left promiscuous mode [ 898.614031][T11895] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 898.621874][T11895] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 898.629896][T11895] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 898.640978][T11895] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 898.665451][T11895] veth1_macvtap: left promiscuous mode [ 898.671018][T11895] veth0_macvtap: left promiscuous mode [ 898.676960][T11895] veth1_vlan: left promiscuous mode [ 898.682265][T11895] veth0_vlan: left promiscuous mode [ 899.681637][T17108] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2453'. [ 899.767035][T17099] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 900.057436][T17116] binder: 17111:17116 ioctl c0306201 0 returned -14 [ 900.066580][T17116] binder: 17111:17116 ioctl c0306201 200000000640 returned -22 [ 900.502444][T11895] team0 (unregistering): Port device team_slave_1 removed [ 900.742987][T11754] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 900.755090][T11754] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 900.764077][T11754] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 900.771904][T11754] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 900.782563][T11754] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 900.826756][T11895] team0 (unregistering): Port device team_slave_0 removed [ 901.458430][ T5810] cgroup: fork rejected by pids controller in /syz4 [ 901.654112][T17140] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 901.670237][T17140] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 901.707039][T17121] lo speed is unknown, defaulting to 1000 [ 901.714008][T17121] lo speed is unknown, defaulting to 1000 [ 901.818966][T17140] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 901.827754][T17140] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 901.853937][T17140] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 901.864077][T17140] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 902.015274][T17169] binder: 17160:17169 ioctl c0306201 0 returned -14 [ 902.024367][T17169] binder: 17160:17169 ioctl c0306201 200000000640 returned -22 [ 902.426421][T17140] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 902.443304][T17140] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 902.965378][T17121] chnl_net:caif_netlink_parms(): no params data found [ 903.213715][T17121] bridge0: port 1(bridge_slave_0) entered blocking state [ 903.230107][T17121] bridge0: port 1(bridge_slave_0) entered disabled state [ 903.248835][T17121] bridge_slave_0: entered allmulticast mode [ 903.257021][T17121] bridge_slave_0: entered promiscuous mode [ 903.264988][T17121] bridge0: port 2(bridge_slave_1) entered blocking state [ 903.274663][T17121] bridge0: port 2(bridge_slave_1) entered disabled state [ 903.281832][T17121] bridge_slave_1: entered allmulticast mode [ 903.295924][T17121] bridge_slave_1: entered promiscuous mode [ 904.052392][T17121] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 904.070750][T17121] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 904.333092][T17121] team0: Port device team_slave_0 added [ 904.529730][T17121] team0: Port device team_slave_1 added [ 904.670725][T17216] binder: 17212:17216 ioctl c0306201 0 returned -14 [ 905.129598][ T30] audit: type=1400 audit(1751214444.048:768): avc: denied { shutdown } for pid=17206 comm="syz.1.2483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 906.121461][T11754] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 906.312002][T11754] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 906.321644][T11754] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 906.335644][T11754] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 906.346532][T11754] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 906.438348][T16169] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 906.448934][T16169] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 906.459691][T16169] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 906.473712][T16169] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 906.488485][T16169] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 906.615590][T17121] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 906.648912][T17121] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 906.675706][T17121] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 906.689114][T17121] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 906.696860][T17121] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 906.723303][T17121] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 907.229890][T17225] lo speed is unknown, defaulting to 1000 [ 907.284275][T17121] hsr_slave_0: entered promiscuous mode [ 907.305448][T17121] hsr_slave_1: entered promiscuous mode [ 907.319855][T17121] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 907.335387][T17121] Cannot create hsr debugfs directory [ 907.377652][T17225] lo speed is unknown, defaulting to 1000 [ 908.764650][T16169] Bluetooth: hci1: command tx timeout [ 909.241098][T17265] binder: 17256:17265 ioctl c0306201 0 returned -14 [ 910.383450][T17225] chnl_net:caif_netlink_parms(): no params data found [ 910.876172][T16169] Bluetooth: hci1: command tx timeout [ 911.164584][ T30] audit: type=1400 audit(1751214449.628:769): avc: denied { listen } for pid=17287 comm="syz.1.2506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 911.336611][T17225] bridge0: port 1(bridge_slave_0) entered blocking state [ 911.343795][T17225] bridge0: port 1(bridge_slave_0) entered disabled state [ 911.991712][T17225] bridge_slave_0: entered allmulticast mode [ 912.000361][T17225] bridge_slave_0: entered promiscuous mode [ 912.015328][T17225] bridge0: port 2(bridge_slave_1) entered blocking state [ 912.022784][T17225] bridge0: port 2(bridge_slave_1) entered disabled state [ 912.033247][T17225] bridge_slave_1: entered allmulticast mode [ 912.043165][T17225] bridge_slave_1: entered promiscuous mode [ 912.262582][T17225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 912.314690][T17319] netlink: 356 bytes leftover after parsing attributes in process `syz.0.2518'. [ 912.436638][T17225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 912.968654][T16169] Bluetooth: hci1: command tx timeout [ 913.082746][T17225] team0: Port device team_slave_0 added [ 913.108557][T17225] team0: Port device team_slave_1 added [ 913.319662][T17225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 913.354593][T17225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 913.380535][ C0] vkms_vblank_simulate: vblank timer overrun [ 913.404665][T17225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 913.928750][T17225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 913.939053][T17225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 913.964964][ C0] vkms_vblank_simulate: vblank timer overrun [ 913.984657][T17225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 914.743307][T17225] hsr_slave_0: entered promiscuous mode [ 914.756203][T17225] hsr_slave_1: entered promiscuous mode [ 914.763355][T17225] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 914.779365][T17225] Cannot create hsr debugfs directory [ 914.792347][T17121] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 914.891052][T17121] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 914.959275][T17121] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 914.974782][T16169] Bluetooth: hci1: command tx timeout [ 915.366587][T17121] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 915.601704][T17375] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2532'. [ 915.639013][T17374] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2532'. [ 916.154488][T17398] netlink: 356 bytes leftover after parsing attributes in process `syz.1.2538'. [ 916.419541][T17225] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 916.516503][T17413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2542'. [ 916.569684][T17225] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 917.180697][T17225] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 917.316487][T17121] 8021q: adding VLAN 0 to HW filter on device bond0 [ 917.351015][T17423] fuse: Bad value for 'fd' [ 917.360787][T17225] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 917.459151][T17121] 8021q: adding VLAN 0 to HW filter on device team0 [ 917.501385][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 917.508602][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 917.532541][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 917.539819][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 918.252844][T17225] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 918.312192][T17225] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 918.358732][ T30] audit: type=1400 audit(1751214457.298:770): avc: denied { getopt } for pid=17443 comm="syz.1.2550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 918.378127][ C0] vkms_vblank_simulate: vblank timer overrun [ 918.428054][T17451] netlink: 172 bytes leftover after parsing attributes in process `syz.0.2551'. [ 918.735784][T17225] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 919.061502][T17225] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 919.186113][T17121] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 920.480953][T17489] fuse: Bad value for 'fd' [ 920.505778][T17121] veth0_vlan: entered promiscuous mode [ 920.591589][T17121] veth1_vlan: entered promiscuous mode [ 920.614015][T17225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 921.769587][T17121] veth0_macvtap: entered promiscuous mode [ 921.893328][ T30] audit: type=1400 audit(1751214460.828:771): avc: denied { remount } for pid=17500 comm="syz.2.2564" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 921.913147][ C0] vkms_vblank_simulate: vblank timer overrun [ 922.366028][T17121] veth1_macvtap: entered promiscuous mode [ 922.428419][T17225] 8021q: adding VLAN 0 to HW filter on device team0 [ 922.495821][T17121] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 922.541239][ T3474] bridge0: port 1(bridge_slave_0) entered blocking state [ 922.548444][ T3474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 922.603023][ T3474] bridge0: port 2(bridge_slave_1) entered blocking state [ 922.610238][ T3474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 923.171970][T17121] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 923.237336][T17121] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 923.257478][T17121] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 923.262218][T17525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2572'. [ 923.266809][T17121] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 923.286806][T17121] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 923.310202][T17225] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 923.447340][T17530] cgroup: fork rejected by pids controller in /syz0 [ 923.462133][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 923.482532][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 923.561376][ T3474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 923.579747][ T3474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 923.820567][ T7525] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 923.871333][T17225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 923.906188][ T7525] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 924.039236][ T7525] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 924.142701][ T7525] netdevsim netdevsim0 netdevsim0 (unregistering): left promiscuous mode [ 924.178899][ T7525] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 924.313888][T11754] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 924.326552][T11754] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 924.327538][T17225] veth0_vlan: entered promiscuous mode [ 924.341552][T11754] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 924.352347][T11754] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 924.387837][T17225] veth1_vlan: entered promiscuous mode [ 924.437080][T11754] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 924.515601][T17546] lo speed is unknown, defaulting to 1000 [ 924.518552][ T7525] batadv1: left allmulticast mode [ 924.528352][ T7525] batadv1: left promiscuous mode [ 924.533422][ T7525] bridge0: port 3(batadv1) entered disabled state [ 924.542469][ T7525] bridge_slave_1: left allmulticast mode [ 924.549239][ T7525] bridge_slave_1: left promiscuous mode [ 924.555053][ T7525] bridge0: port 2(bridge_slave_1) entered disabled state [ 924.563143][ T7525] bridge_slave_0: left allmulticast mode [ 924.569014][ T7525] bridge_slave_0: left promiscuous mode [ 924.575122][ T7525] bridge0: port 1(bridge_slave_0) entered disabled state [ 924.741551][ T7525] . (unregistering): (slave bridge0): Releasing backup interface [ 924.849409][ T7525] . (unregistering): (slave bond_slave_0): Releasing backup interface [ 924.859269][ T7525] . (unregistering): (slave bond_slave_1): Releasing backup interface [ 924.869349][ T7525] . (unregistering): (slave dummy0): Releasing backup interface [ 924.878677][ T7525] . (unregistering): Released all slaves [ 924.952110][ T7525] bond1 (unregistering): Released all slaves [ 925.028115][ T7525] bond2 (unregistering): Released all slaves [ 925.098363][ T7525] bond3 (unregistering): Released all slaves [ 925.170773][ T7525] bond4 (unregistering): Released all slaves [ 925.181087][ T7525] bond0 (unregistering): Released all slaves [ 925.191576][T17225] veth0_macvtap: entered promiscuous mode [ 925.201458][T17225] veth1_macvtap: entered promiscuous mode [ 925.208897][T17546] lo speed is unknown, defaulting to 1000 [ 925.277458][ T7525] : left promiscuous mode [ 925.315013][T17225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 925.332682][T17225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 925.357023][ T7525] tipc: Disabling bearer [ 925.369802][ T7525] tipc: Left network mode [ 925.400063][T17225] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 925.413823][T17225] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 925.422836][T17225] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 925.435439][T17225] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 925.694290][ T7525] team0: left promiscuous mode [ 925.699686][ T7525] team_slave_0: left promiscuous mode [ 925.711882][ T7525] team_slave_1: left promiscuous mode [ 925.721351][ T7525] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 925.732317][ T7525] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 925.740376][ T7525] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 925.751774][ T7525] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 925.772108][ T7525] veth1_macvtap: left promiscuous mode [ 925.779222][ T7525] veth0_macvtap: left promiscuous mode [ 925.788264][ T7525] veth1_vlan: left promiscuous mode [ 925.793580][ T7525] veth0_vlan: left promiscuous mode [ 926.319512][T11754] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 926.330315][T11754] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 926.339088][T11754] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 926.358129][T11754] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 926.366497][T11754] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 926.506842][T11754] Bluetooth: hci2: command tx timeout [ 926.890107][T11895] Bluetooth: (null): Invalid header checksum [ 926.931554][T11895] Bluetooth: (null): Invalid header checksum [ 927.016023][T11895] Bluetooth: (null): Invalid header checksum [ 927.118496][T11895] Bluetooth: (null): Invalid header checksum [ 927.142346][ T7525] team0 (unregistering): Port device team_slave_1 removed [ 927.186723][ T7525] team0 (unregistering): Port device team_slave_0 removed [ 928.117176][T17546] chnl_net:caif_netlink_parms(): no params data found [ 928.308654][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 928.322802][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 928.459827][T11754] Bluetooth: hci4: command tx timeout [ 928.578643][T11754] Bluetooth: hci2: command tx timeout [ 928.690280][T12879] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 928.732861][T17546] bridge0: port 1(bridge_slave_0) entered blocking state [ 928.745161][T12879] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 928.752739][T17546] bridge0: port 1(bridge_slave_0) entered disabled state [ 928.799980][T17546] bridge_slave_0: entered allmulticast mode [ 928.813292][T17546] bridge_slave_0: entered promiscuous mode [ 928.825512][T17580] lo speed is unknown, defaulting to 1000 [ 928.864330][T17546] bridge0: port 2(bridge_slave_1) entered blocking state [ 929.077998][T17546] bridge0: port 2(bridge_slave_1) entered disabled state [ 929.090596][T17546] bridge_slave_1: entered allmulticast mode [ 929.098178][T17546] bridge_slave_1: entered promiscuous mode [ 929.131005][T17580] lo speed is unknown, defaulting to 1000 [ 929.162694][T17546] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 929.301360][T17546] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 929.895411][T17546] team0: Port device team_slave_0 added [ 929.915792][T17546] team0: Port device team_slave_1 added [ 929.992301][T17546] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 930.000659][T17546] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 930.194923][T17546] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 930.296846][T17546] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 930.303830][T17546] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 930.329746][ C0] vkms_vblank_simulate: vblank timer overrun [ 930.354707][T17546] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 930.497174][T11754] Bluetooth: hci4: command tx timeout [ 930.705572][T11754] Bluetooth: hci2: command tx timeout [ 930.711165][ T30] audit: type=1400 audit(1751214469.638:772): avc: denied { bind } for pid=17633 comm="syz.4.2593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 930.871042][ T7525] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 931.063133][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.069713][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.163458][ T7525] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 931.200742][T17546] hsr_slave_0: entered promiscuous mode [ 931.207316][T17546] hsr_slave_1: entered promiscuous mode [ 931.220031][T17580] chnl_net:caif_netlink_parms(): no params data found [ 931.864803][ T7525] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 932.360553][ T7525] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 932.574721][T11754] Bluetooth: hci4: command tx timeout [ 932.804737][T11754] Bluetooth: hci2: command tx timeout [ 933.150352][T17580] bridge0: port 1(bridge_slave_0) entered blocking state [ 933.178212][T17580] bridge0: port 1(bridge_slave_0) entered disabled state [ 933.190229][T17580] bridge_slave_0: entered allmulticast mode [ 933.213181][T17580] bridge_slave_0: entered promiscuous mode [ 933.340437][T17580] bridge0: port 2(bridge_slave_1) entered blocking state [ 933.347969][T17580] bridge0: port 2(bridge_slave_1) entered disabled state [ 933.392986][T17580] bridge_slave_1: entered allmulticast mode [ 934.072398][T17580] bridge_slave_1: entered promiscuous mode [ 934.377102][ T30] audit: type=1400 audit(1751214473.308:773): avc: denied { read write } for pid=17692 comm="syz.4.2607" name="file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 934.567482][ T30] audit: type=1400 audit(1751214473.358:774): avc: denied { open } for pid=17692 comm="syz.4.2607" path="/7/file0/file0" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 934.654753][T11754] Bluetooth: hci4: command tx timeout [ 934.656474][T17580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 934.695996][T17580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 934.731160][T17701] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2610'. [ 935.947398][ T7525] bridge_slave_1: left allmulticast mode [ 935.961831][ T7525] bridge_slave_1: left promiscuous mode [ 935.967801][ T7525] bridge0: port 2(bridge_slave_1) entered disabled state [ 935.980889][ T7525] bridge_slave_0: left allmulticast mode [ 935.986854][ T7525] bridge_slave_0: left promiscuous mode [ 935.992714][ T7525] bridge0: port 1(bridge_slave_0) entered disabled state [ 936.057157][ T30] audit: type=1400 audit(1751214474.998:775): avc: denied { module_request } for pid=17723 comm="syz.2.2617" kmod="netdev-veth1_vlan" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 936.977280][ T7525] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 936.988116][ T7525] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 937.000227][ T7525] bond0 (unregistering): Released all slaves [ 937.012749][T17707] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2612'. [ 937.028478][T17580] team0: Port device team_slave_0 added [ 937.050831][T17580] team0: Port device team_slave_1 added [ 937.154148][ T30] audit: type=1400 audit(1751214476.088:776): avc: denied { connect } for pid=17736 comm="syz.2.2619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 937.228801][ T30] audit: type=1400 audit(1751214476.158:777): avc: denied { read } for pid=17736 comm="syz.2.2619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 937.315226][T17580] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 937.348065][T17580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 937.378851][T17580] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 937.392645][T17580] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 937.400026][T17580] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 937.428599][T17580] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 938.973671][ T30] audit: type=1400 audit(1751214477.898:778): avc: denied { write } for pid=17763 comm="syz.1.2627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 939.241115][ T30] audit: type=1400 audit(1751214477.908:779): avc: denied { read } for pid=17763 comm="syz.1.2627" path="socket:[65281]" dev="sockfs" ino=65281 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 941.311013][T17580] hsr_slave_0: entered promiscuous mode [ 941.341827][T17580] hsr_slave_1: entered promiscuous mode [ 941.357548][T17580] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 941.381781][T17580] Cannot create hsr debugfs directory [ 941.535765][ T7525] hsr_slave_0: left promiscuous mode [ 941.550485][ T7525] hsr_slave_1: left promiscuous mode [ 941.566129][ T7525] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 941.587904][ T7525] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 941.610071][ T7525] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 941.619822][ T7525] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 941.650890][ T7525] veth1_macvtap: left promiscuous mode [ 941.663117][ T7525] veth0_macvtap: left promiscuous mode [ 941.671312][ T7525] veth1_vlan: left promiscuous mode [ 941.676931][ T7525] veth0_vlan: left promiscuous mode [ 942.027355][T17789] binder: 17787:17789 ioctl c0306201 0 returned -14 [ 942.034488][T17789] binder: 17787:17789 ioctl c0306201 200000000640 returned -22 [ 942.287872][ T7525] team0 (unregistering): Port device team_slave_1 removed [ 942.322088][ T7525] team0 (unregistering): Port device team_slave_0 removed [ 942.613793][T17781] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2630'. [ 942.950837][T17546] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 943.019348][T17546] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 943.095223][T17546] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 943.150644][T17546] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 943.162111][T17806] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2641'. [ 943.174696][T17805] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2641'. [ 943.362759][T17546] 8021q: adding VLAN 0 to HW filter on device bond0 [ 943.398378][T17546] 8021q: adding VLAN 0 to HW filter on device team0 [ 943.461085][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 943.468283][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 943.505887][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 943.513092][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 943.591331][T17546] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 944.713306][T17546] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 944.722200][T17849] binder: 17838:17849 ioctl c0306201 0 returned -14 [ 944.729478][T17849] binder: 17838:17849 ioctl c0306201 200000000640 returned -22 [ 944.961145][T17580] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 944.987625][T17580] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 945.030538][T17580] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 945.069927][T17580] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 945.850818][T17546] veth0_vlan: entered promiscuous mode [ 945.920738][T17546] veth1_vlan: entered promiscuous mode [ 945.941390][T17580] 8021q: adding VLAN 0 to HW filter on device bond0 [ 946.000920][T17580] 8021q: adding VLAN 0 to HW filter on device team0 [ 946.013139][T17546] veth0_macvtap: entered promiscuous mode [ 946.027171][T17546] veth1_macvtap: entered promiscuous mode [ 946.084373][T17546] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 946.104914][T11624] bridge0: port 1(bridge_slave_0) entered blocking state [ 946.112045][T11624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 946.145538][T17546] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 946.154253][ T2204] bridge0: port 2(bridge_slave_1) entered blocking state [ 946.161355][ T2204] bridge0: port 2(bridge_slave_1) entered forwarding state [ 946.295712][T17879] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2655'. [ 947.097501][T17546] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 947.113039][T17546] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 947.123574][T17546] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 947.132535][T17546] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 947.274884][T17877] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2655'. [ 947.593398][T17891] netlink: 'syz.4.2659': attribute type 11 has an invalid length. [ 947.601551][T17891] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2659'. [ 947.749158][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 947.806166][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 948.000826][ T7525] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 948.009227][ T7525] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 948.912167][T17580] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 950.002076][T17580] veth0_vlan: entered promiscuous mode [ 950.027746][T17580] veth1_vlan: entered promiscuous mode [ 950.218991][T17580] veth0_macvtap: entered promiscuous mode [ 950.274495][T17580] veth1_macvtap: entered promiscuous mode [ 950.346150][T17580] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 950.381175][T17580] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 950.553931][T17580] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 950.562892][T17580] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 950.635713][T17580] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 951.412085][T17580] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 951.682885][T17952] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2670'. [ 951.701861][T17944] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2670'. [ 952.999049][ T3474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 953.029257][ T3474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 953.261734][T17954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 953.274644][T17954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 954.980482][T18001] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2688'. [ 955.077750][T17998] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2688'. [ 955.993156][T18027] tmpfs: Unknown parameter '18446744073709551615' [ 956.245688][ T3474] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.621324][ T3474] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.789637][ T3474] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.898133][T16169] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 956.913256][ T3474] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.924257][T16169] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 956.934017][T16169] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 956.942530][T16169] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 956.951927][T16169] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 957.005646][T18048] lo speed is unknown, defaulting to 1000 [ 957.012615][T18048] lo speed is unknown, defaulting to 1000 [ 957.118378][ T3474] bridge_slave_1: left allmulticast mode [ 957.124056][ T3474] bridge_slave_1: left promiscuous mode [ 957.130440][ T3474] bridge0: port 2(bridge_slave_1) entered disabled state [ 957.145614][ T3474] bridge_slave_0: left allmulticast mode [ 957.151283][ T3474] bridge_slave_0: left promiscuous mode [ 957.157228][ T3474] bridge0: port 1(bridge_slave_0) entered disabled state [ 957.482865][ T3474] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 957.494203][ T3474] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 957.507684][ T3474] bond0 (unregistering): Released all slaves [ 957.740311][T18048] chnl_net:caif_netlink_parms(): no params data found [ 957.828953][ T3474] hsr_slave_0: left promiscuous mode [ 957.835047][ T3474] hsr_slave_1: left promiscuous mode [ 957.841106][ T3474] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 957.852037][ T3474] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 957.870912][ T3474] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 957.878593][ T3474] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 957.902182][ T3474] veth1_macvtap: left promiscuous mode [ 957.908368][ T3474] veth0_macvtap: left promiscuous mode [ 957.913984][ T3474] veth1_vlan: left promiscuous mode [ 957.923072][ T3474] veth0_vlan: left promiscuous mode [ 958.393346][ T3474] team0 (unregistering): Port device team_slave_1 removed [ 958.720633][ T3474] team0 (unregistering): Port device team_slave_0 removed [ 958.975652][T11754] Bluetooth: hci3: command tx timeout [ 959.452774][T16169] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 959.469777][T16169] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 959.478665][T16169] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 959.487449][T16169] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 959.495195][T16169] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 960.760604][T18048] bridge0: port 1(bridge_slave_0) entered blocking state [ 960.768088][T18048] bridge0: port 1(bridge_slave_0) entered disabled state [ 960.841090][T18048] bridge_slave_0: entered allmulticast mode [ 960.848744][T18048] bridge_slave_0: entered promiscuous mode [ 960.860965][T18048] bridge0: port 2(bridge_slave_1) entered blocking state [ 960.868119][T18048] bridge0: port 2(bridge_slave_1) entered disabled state [ 960.879014][T18048] bridge_slave_1: entered allmulticast mode [ 960.886550][T18048] bridge_slave_1: entered promiscuous mode [ 961.019311][T18048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 961.064780][T16169] Bluetooth: hci3: command tx timeout [ 961.520841][T18048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 961.844605][T16169] Bluetooth: hci2: command tx timeout [ 961.882485][ T5814] kworker/1:3 (5814) used greatest stack depth: 17352 bytes left [ 962.463428][T18166] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2714'. [ 962.510268][T18048] team0: Port device team_slave_0 added [ 962.545092][T18165] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2714'. [ 962.558141][T18122] lo speed is unknown, defaulting to 1000 [ 962.612749][T18122] lo speed is unknown, defaulting to 1000 [ 962.614355][T18048] team0: Port device team_slave_1 added [ 962.691531][T18048] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 962.704552][T18048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 962.777258][T18048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 962.833574][T18048] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 962.853445][T18048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 962.907006][T18048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 963.144735][T16169] Bluetooth: hci3: command tx timeout [ 963.235151][T11754] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 963.235869][ T3474] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 963.247239][T11754] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 963.261885][T11754] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 963.271466][T11754] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 963.280307][T11754] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 963.358511][ T3474] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 963.380828][T18048] hsr_slave_0: entered promiscuous mode [ 963.387284][T18048] hsr_slave_1: entered promiscuous mode [ 963.393252][T18048] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 963.402010][T18048] Cannot create hsr debugfs directory [ 963.422775][ T3474] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 963.481788][T18191] lo speed is unknown, defaulting to 1000 [ 963.503079][ T3474] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 963.558799][T18191] lo speed is unknown, defaulting to 1000 [ 963.668163][T18122] chnl_net:caif_netlink_parms(): no params data found [ 963.854830][T11754] Bluetooth: hci2: command tx timeout [ 964.011663][T18048] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 964.315529][T18048] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 964.385721][T18122] bridge0: port 1(bridge_slave_0) entered blocking state [ 964.397644][T18227] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 964.436814][T18122] bridge0: port 1(bridge_slave_0) entered disabled state [ 964.453335][T18122] bridge_slave_0: entered allmulticast mode [ 964.478561][T18122] bridge_slave_0: entered promiscuous mode [ 964.538965][T18122] bridge0: port 2(bridge_slave_1) entered blocking state [ 964.554004][T18122] bridge0: port 2(bridge_slave_1) entered disabled state [ 964.563484][T18122] bridge_slave_1: entered allmulticast mode [ 964.578562][T18122] bridge_slave_1: entered promiscuous mode [ 964.770146][T18048] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 964.841523][T18191] chnl_net:caif_netlink_parms(): no params data found [ 964.859087][T18122] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 964.879409][T18048] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 964.909429][T18122] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 965.015682][T18122] team0: Port device team_slave_0 added [ 965.069958][T18233] sg_write: data in/out 2013/126 bytes for SCSI command 0x0-- guessing data in; [ 965.069958][T18233] program syz.4.2725 not setting count and/or reply_len properly [ 965.096415][T18122] team0: Port device team_slave_1 added [ 965.173978][T18122] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 965.194393][T18122] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 965.221366][T11754] Bluetooth: hci3: command tx timeout [ 965.227592][T18122] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 965.262887][ T3474] bridge_slave_1: left allmulticast mode [ 965.275691][ T3474] bridge_slave_1: left promiscuous mode [ 965.283488][ T3474] bridge0: port 2(bridge_slave_1) entered disabled state [ 965.306324][ T3474] bridge_slave_0: left allmulticast mode [ 965.313500][ T3474] bridge_slave_0: left promiscuous mode [ 965.321837][ T3474] bridge0: port 1(bridge_slave_0) entered disabled state [ 965.339049][ T3474] bridge_slave_1: left allmulticast mode [ 965.347764][ T3474] bridge_slave_1: left promiscuous mode [ 965.353550][ T3474] bridge0: port 2(bridge_slave_1) entered disabled state [ 965.374791][T11754] Bluetooth: hci4: command tx timeout [ 965.387554][ T3474] bridge_slave_0: left allmulticast mode [ 965.393230][ T3474] bridge_slave_0: left promiscuous mode [ 965.401855][ T3474] bridge0: port 1(bridge_slave_0) entered disabled state [ 965.493497][ T30] audit: type=1400 audit(1751214504.428:780): avc: denied { getopt } for pid=18241 comm="syz.4.2727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 965.935316][T11754] Bluetooth: hci2: command tx timeout [ 966.354456][ T3474] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 966.370014][ T3474] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 966.381420][ T3474] bond0 (unregistering): Released all slaves [ 966.504316][ T3474] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 966.682603][ T3474] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 966.692784][ T3474] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 966.702416][ T3474] bond0 (unregistering): Released all slaves [ 966.781091][ T3474] bond1 (unregistering): Released all slaves [ 966.853858][ T3474] bond2 (unregistering): Released all slaves [ 966.927058][ T3474] bond3 (unregistering): Released all slaves [ 967.007006][ T3474] bond4 (unregistering): Released all slaves [ 967.019731][ T3474] bond5 (unregistering): Released all slaves [ 967.030365][ T3474] bond6 (unregistering): Released all slaves [ 967.041304][T18242] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2726'. [ 967.055190][T18122] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 967.062155][T18122] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 967.092509][T18122] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 967.340722][T18122] hsr_slave_0: entered promiscuous mode [ 967.349690][T18122] hsr_slave_1: entered promiscuous mode [ 967.358829][T18122] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 967.369009][T18122] Cannot create hsr debugfs directory [ 967.425044][T18191] bridge0: port 1(bridge_slave_0) entered blocking state [ 967.432232][T18191] bridge0: port 1(bridge_slave_0) entered disabled state [ 967.439793][T18191] bridge_slave_0: entered allmulticast mode [ 967.448581][T18191] bridge_slave_0: entered promiscuous mode [ 967.456122][T11754] Bluetooth: hci4: command tx timeout [ 967.460543][T18191] bridge0: port 2(bridge_slave_1) entered blocking state [ 967.471303][T18191] bridge0: port 2(bridge_slave_1) entered disabled state [ 967.479420][T18191] bridge_slave_1: entered allmulticast mode [ 967.487923][T18191] bridge_slave_1: entered promiscuous mode [ 967.494624][ T3474] : left promiscuous mode [ 967.646987][ T3474] tipc: Disabling bearer [ 967.658161][ T3474] tipc: Left network mode [ 967.673010][T18191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 967.769443][T18191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 967.930404][T18048] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 967.999872][T18048] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 968.015411][T11754] Bluetooth: hci2: command tx timeout [ 968.147502][T18191] team0: Port device team_slave_0 added [ 968.171208][T18191] team0: Port device team_slave_1 added [ 968.184196][T18048] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 968.233537][T18048] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 969.203851][T18191] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 969.210876][T18191] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 969.245353][T18191] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 969.388914][T18191] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 969.406591][T18191] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 969.433044][T18191] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 969.534690][T11754] Bluetooth: hci4: command tx timeout [ 969.611335][ T3474] hsr_slave_0: left promiscuous mode [ 969.619656][ T3474] hsr_slave_1: left promiscuous mode [ 969.628099][ T3474] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 969.637968][ T3474] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 969.649245][ T3474] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 969.658153][ T3474] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 969.672867][ T3474] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 969.681635][ T3474] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 969.690290][ T3474] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 969.707351][ T3474] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 969.754157][ T3474] veth1_macvtap: left promiscuous mode [ 969.760968][ T3474] veth0_macvtap: left promiscuous mode [ 969.771327][ T3474] veth1_vlan: left promiscuous mode [ 969.780068][ T3474] veth0_vlan: left promiscuous mode [ 969.792387][ T3474] veth1_macvtap: left promiscuous mode [ 969.800978][ T3474] veth0_macvtap: left promiscuous mode [ 969.809173][ T3474] veth1_vlan: left promiscuous mode [ 969.819089][ T3474] veth0_vlan: left promiscuous mode [ 970.270620][ T3474] team0 (unregistering): Port device team_slave_1 removed [ 970.302809][ T3474] team0 (unregistering): Port device team_slave_0 removed [ 970.792572][ T3474] team0 (unregistering): Port device team_slave_1 removed [ 970.823673][ T3474] team0 (unregistering): Port device team_slave_0 removed [ 971.163916][T18191] hsr_slave_0: entered promiscuous mode [ 971.178938][T18191] hsr_slave_1: entered promiscuous mode [ 971.188100][ T1203] lo speed is unknown, defaulting to 1000 [ 971.193846][ T1203] infiniband syz2: ib_query_port failed (-19) [ 971.200486][T18325] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2740'. [ 971.614762][T11754] Bluetooth: hci4: command tx timeout [ 971.972879][T18048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 972.061527][T18048] 8021q: adding VLAN 0 to HW filter on device team0 [ 972.384716][T12879] bridge0: port 1(bridge_slave_0) entered blocking state [ 972.391845][T12879] bridge0: port 1(bridge_slave_0) entered forwarding state [ 972.427409][T18122] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 972.458188][T12879] bridge0: port 2(bridge_slave_1) entered blocking state [ 972.465359][T12879] bridge0: port 2(bridge_slave_1) entered forwarding state [ 972.562523][T18122] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 972.571992][T18354] tmpfs: Bad value for 'mpol' [ 972.681023][T18122] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 972.696305][T18122] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 973.233854][T18048] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 973.260991][T18048] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 973.672138][T18380] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2751'. [ 973.681659][T18378] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2751'. [ 973.692957][T18191] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 973.762845][T18191] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 973.790741][T18122] 8021q: adding VLAN 0 to HW filter on device bond0 [ 973.840005][T18191] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 974.258938][T18191] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 974.323014][T18048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 974.401950][T18122] 8021q: adding VLAN 0 to HW filter on device team0 [ 974.794283][T12879] bridge0: port 1(bridge_slave_0) entered blocking state [ 974.801395][T12879] bridge0: port 1(bridge_slave_0) entered forwarding state [ 974.886170][T17954] bridge0: port 2(bridge_slave_1) entered blocking state [ 974.893506][T17954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 975.072275][T18048] veth0_vlan: entered promiscuous mode [ 975.221250][T18048] veth1_vlan: entered promiscuous mode [ 975.323789][T18048] veth0_macvtap: entered promiscuous mode [ 975.465440][T18048] veth1_macvtap: entered promiscuous mode [ 975.679121][T18191] 8021q: adding VLAN 0 to HW filter on device bond0 [ 975.730435][T18048] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 975.759161][T18048] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 975.788416][T18048] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 975.808316][T18048] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 975.818201][T18048] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 975.830236][T18048] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 975.871985][T18191] 8021q: adding VLAN 0 to HW filter on device team0 [ 975.896849][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 975.904038][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 975.929140][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 975.936374][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 976.022956][T18122] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 976.098642][ T2204] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 976.136394][ T2204] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 976.521950][ T2204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 976.543858][T18122] veth0_vlan: entered promiscuous mode [ 976.556777][ T2204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 976.761024][T18122] veth1_vlan: entered promiscuous mode [ 976.787507][T18122] veth0_macvtap: entered promiscuous mode [ 976.796986][T18122] veth1_macvtap: entered promiscuous mode [ 978.185319][T18122] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 978.212227][T18191] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 978.344326][T18122] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 978.560638][T18122] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 978.590021][T18122] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 978.617539][T18473] syz.4.2765 (18473): attempted to duplicate a private mapping with mremap. This is not supported. [ 978.634005][T18122] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 978.666258][T18122] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 979.024632][ T5933] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 979.041082][T18191] veth0_vlan: entered promiscuous mode [ 979.096922][T17954] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 979.109222][T18191] veth1_vlan: entered promiscuous mode [ 979.116371][T17954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 979.205530][ T5933] usb 5-1: Using ep0 maxpacket: 16 [ 979.222299][ T5933] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 979.252056][ T5933] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 979.262475][ T2204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 979.281010][ T2204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 979.282436][ T5933] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 979.306405][T18191] veth0_macvtap: entered promiscuous mode [ 979.361738][T18191] veth1_macvtap: entered promiscuous mode [ 979.371990][ T5933] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 979.411146][ T5933] usb 5-1: Product: syz [ 979.418997][ T5933] usb 5-1: Manufacturer: syz [ 979.425536][ T5933] usb 5-1: SerialNumber: syz [ 979.693955][T18191] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 979.750752][T18191] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 980.210137][ T2204] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 980.239178][T18191] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 980.248228][T18191] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 980.257818][T18191] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 980.266685][T18191] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 980.355863][ T5933] usb 5-1: 0:2 : does not exist [ 980.408067][ T5933] usb 5-1: USB disconnect, device number 37 [ 980.438257][ T2204] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 980.522262][ T9955] udevd[9955]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 980.559591][T17954] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 980.577914][T17954] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 980.643476][ T2204] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 980.673653][ T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 980.682572][ T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 980.741699][ T2204] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 980.926940][ T2204] bridge_slave_1: left allmulticast mode [ 980.932639][ T2204] bridge_slave_1: left promiscuous mode [ 980.969232][ T2204] bridge0: port 2(bridge_slave_1) entered disabled state [ 980.987796][ T2204] bridge_slave_0: left allmulticast mode [ 980.993473][ T2204] bridge_slave_0: left promiscuous mode [ 981.001298][ T2204] bridge0: port 1(bridge_slave_0) entered disabled state [ 981.331696][ T2204] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 981.348225][ T2204] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 981.361265][ T2204] bond0 (unregistering): Released all slaves [ 981.597001][ T2204] hsr_slave_0: left promiscuous mode [ 981.602998][ T2204] hsr_slave_1: left promiscuous mode [ 981.615653][ T2204] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 981.623377][ T2204] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 981.634450][ T2204] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 981.642221][ T2204] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 981.662173][ T2204] veth1_macvtap: left promiscuous mode [ 981.667923][ T2204] veth0_macvtap: left promiscuous mode [ 981.673527][ T2204] veth1_vlan: left promiscuous mode [ 981.680639][ T2204] veth0_vlan: left promiscuous mode [ 981.958226][ T2204] team0 (unregistering): Port device team_slave_1 removed [ 981.992348][ T2204] team0 (unregistering): Port device team_slave_0 removed [ 982.663687][T16169] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 982.679277][T16169] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 982.688123][T16169] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 982.708996][T16169] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 982.719122][T16169] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 983.701777][T18552] lo speed is unknown, defaulting to 1000 [ 985.014255][T16169] Bluetooth: hci2: command tx timeout [ 986.559599][T18552] chnl_net:caif_netlink_parms(): no params data found [ 986.559658][ T30] audit: type=1400 audit(1751214525.498:781): avc: denied { read } for pid=18596 comm="syz.4.2785" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 987.151199][T16169] Bluetooth: hci2: command tx timeout [ 987.944727][ T30] audit: type=1400 audit(1751214526.788:782): avc: denied { wake_alarm } for pid=18628 comm="syz.1.2792" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 987.955443][T18552] bridge0: port 1(bridge_slave_0) entered blocking state [ 988.008904][T18552] bridge0: port 1(bridge_slave_0) entered disabled state [ 988.094229][T18552] bridge_slave_0: entered allmulticast mode [ 988.170982][T18552] bridge_slave_0: entered promiscuous mode [ 988.180852][T18638] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2795'. [ 988.496232][T18552] bridge0: port 2(bridge_slave_1) entered blocking state [ 988.515113][T18552] bridge0: port 2(bridge_slave_1) entered disabled state [ 988.522432][T18552] bridge_slave_1: entered allmulticast mode [ 988.541795][T18552] bridge_slave_1: entered promiscuous mode [ 988.832997][T18552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 989.334611][T16169] Bluetooth: hci2: command tx timeout [ 989.897491][T18552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 990.084720][ T5879] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 990.187180][T18552] team0: Port device team_slave_0 added [ 990.302908][T18552] team0: Port device team_slave_1 added [ 990.544634][ T30] audit: type=1400 audit(1751214529.478:783): avc: denied { write } for pid=18664 comm="syz.1.2801" name="mouse0" dev="devtmpfs" ino=975 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 990.647251][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 990.688498][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 990.723140][ T5879] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 990.770066][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 990.824491][T18552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 990.832910][ T5879] usb 5-1: config 0 descriptor?? [ 990.846085][T18552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 990.914386][T18552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 990.946533][T18679] lo speed is unknown, defaulting to 1000 [ 991.053219][T18552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 991.144274][T18552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 991.199662][T18552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 991.313437][T18552] hsr_slave_0: entered promiscuous mode [ 991.336687][T18552] hsr_slave_1: entered promiscuous mode [ 991.346877][T18552] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 991.350429][ T5879] hid-thrustmaster 0003:044F:B65D.0007: unknown main item tag 0x0 [ 991.354642][T18552] Cannot create hsr debugfs directory [ 991.376766][T16169] Bluetooth: hci2: command tx timeout [ 991.394821][ T5879] hid-thrustmaster 0003:044F:B65D.0007: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.4-1/input0 [ 991.410191][ T5879] hid-thrustmaster 0003:044F:B65D.0007: Wrong number of endpoints? [ 991.733880][ C0] hid-thrustmaster 0003:044F:B65D.0007: URB to get model id failed with error -71 [ 991.753744][ T5879] usb 5-1: USB disconnect, device number 38 [ 992.502763][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.512664][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 994.412981][T18552] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 994.521997][T18552] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 994.576434][T18552] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 994.600402][T18552] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 995.843192][T18552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 995.938712][T18552] 8021q: adding VLAN 0 to HW filter on device team0 [ 996.979043][ T7525] bridge0: port 1(bridge_slave_0) entered blocking state [ 996.986201][ T7525] bridge0: port 1(bridge_slave_0) entered forwarding state [ 997.020207][ T7525] bridge0: port 2(bridge_slave_1) entered blocking state [ 997.027390][ T7525] bridge0: port 2(bridge_slave_1) entered forwarding state [ 997.743589][T18552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 997.867095][T18552] veth0_vlan: entered promiscuous mode [ 997.907995][T18552] veth1_vlan: entered promiscuous mode [ 997.985962][T18552] veth0_macvtap: entered promiscuous mode [ 998.079071][ T30] audit: type=1400 audit(1751214537.018:784): avc: denied { read write } for pid=18815 comm="syz.4.2830" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 998.134080][T18552] veth1_macvtap: entered promiscuous mode [ 998.156022][T18434] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 998.190644][T18434] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 998.213703][T18552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 998.249664][ T30] audit: type=1400 audit(1751214537.018:785): avc: denied { open } for pid=18815 comm="syz.4.2830" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 998.520286][T18552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 998.641759][T18552] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 998.709395][T18552] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 998.748655][T18552] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 998.787820][T18552] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 999.427760][T11624] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 999.458505][T11624] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 999.793729][ T7525] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 999.818166][ T7525] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1001.963243][ T71] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.957586][ T71] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.028442][ T71] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.076754][ T71] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.188733][ T71] bridge_slave_1: left allmulticast mode [ 1003.194444][ T71] bridge_slave_1: left promiscuous mode [ 1003.200506][ T71] bridge0: port 2(bridge_slave_1) entered disabled state [ 1003.213366][ T71] bridge_slave_0: left allmulticast mode [ 1003.219458][ T71] bridge_slave_0: left promiscuous mode [ 1003.225525][ T71] bridge0: port 1(bridge_slave_0) entered disabled state [ 1003.459373][ T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1003.473246][ T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1003.483104][ T71] bond0 (unregistering): Released all slaves [ 1003.787466][ T71] hsr_slave_0: left promiscuous mode [ 1003.793401][ T71] hsr_slave_1: left promiscuous mode [ 1003.802636][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1003.810287][ T71] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1003.819923][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1003.827376][ T71] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1003.843444][ T71] veth1_macvtap: left promiscuous mode [ 1003.848964][ T71] veth0_macvtap: left promiscuous mode [ 1003.854466][ T71] veth1_vlan: left promiscuous mode [ 1003.859837][ T71] veth0_vlan: left promiscuous mode [ 1004.139212][ T71] team0 (unregistering): Port device team_slave_1 removed [ 1004.171259][ T71] team0 (unregistering): Port device team_slave_0 removed [ 1004.809753][T18935] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18935 comm=syz.2.2859 [ 1005.428298][T18956] netlink: 'syz.1.2861': attribute type 10 has an invalid length. [ 1005.456390][T18956] team0: Device ipvlan1 failed to register rx_handler [ 1006.024080][T11754] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1006.032985][T11754] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1006.050004][T11754] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1006.058868][T11754] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1006.067333][T11754] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1006.173816][T18974] overlayfs: failed to clone upperpath [ 1006.436458][T18976] lo speed is unknown, defaulting to 1000 [ 1008.176509][T16169] Bluetooth: hci2: command tx timeout [ 1008.742889][T18976] chnl_net:caif_netlink_parms(): no params data found [ 1010.067407][T19023] block device autoloading is deprecated and will be removed. [ 1010.255019][T16169] Bluetooth: hci2: command tx timeout [ 1010.933553][T18976] bridge0: port 1(bridge_slave_0) entered blocking state [ 1010.962839][T18976] bridge0: port 1(bridge_slave_0) entered disabled state [ 1010.978800][T18976] bridge_slave_0: entered allmulticast mode [ 1011.006321][T18976] bridge_slave_0: entered promiscuous mode [ 1011.046024][T18976] bridge0: port 2(bridge_slave_1) entered blocking state [ 1011.066279][T18976] bridge0: port 2(bridge_slave_1) entered disabled state [ 1011.078216][T18976] bridge_slave_1: entered allmulticast mode [ 1011.087011][T18976] bridge_slave_1: entered promiscuous mode [ 1011.531087][T18976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1011.556401][T18976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1012.335585][T16169] Bluetooth: hci2: command tx timeout [ 1012.391353][T18976] team0: Port device team_slave_0 added [ 1012.429298][T18976] team0: Port device team_slave_1 added [ 1012.566380][T18976] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1012.582261][T18976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1012.805320][T19091] 9pnet_virtio: no channels available for device syz [ 1013.184291][T18976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1013.214812][T18976] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1013.223473][T18976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1013.255178][T18976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1013.544866][T18976] hsr_slave_0: entered promiscuous mode [ 1013.667640][T18976] hsr_slave_1: entered promiscuous mode [ 1013.686834][T18976] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1013.704720][T18976] Cannot create hsr debugfs directory [ 1013.729602][ T1203] libceph: connect (1)[c::]:6789 error -101 [ 1013.736490][ T1203] libceph: mon0 (1)[c::]:6789 connect error [ 1013.809252][T19098] ceph: No mds server is up or the cluster is laggy [ 1014.024941][ T1203] libceph: connect (1)[c::]:6789 error -101 [ 1014.044575][ T1203] libceph: mon0 (1)[c::]:6789 connect error [ 1014.414779][T16169] Bluetooth: hci2: command tx timeout [ 1015.662269][ T30] audit: type=1400 audit(1751214554.598:786): avc: denied { create } for pid=19123 comm="syz.0.2903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 1016.448929][ T30] audit: type=1400 audit(1751214554.928:787): avc: denied { listen } for pid=19132 comm="syz.4.2906" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1016.478569][ T30] audit: type=1400 audit(1751214554.938:788): avc: denied { accept } for pid=19132 comm="syz.4.2906" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1016.490852][T19140] ================================================================== [ 1016.506110][T19140] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x21d2/0x43c0 [ 1016.514681][T19140] Write of size 1280 at addr ffffc90003122b40 by task vivid-000-vid-c/19140 [ 1016.523330][T19140] [ 1016.525631][T19140] CPU: 0 UID: 0 PID: 19140 Comm: vivid-000-vid-c Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 1016.525647][T19140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1016.525654][T19140] Call Trace: [ 1016.525659][T19140] [ 1016.525664][T19140] dump_stack_lvl+0x116/0x1f0 [ 1016.525682][T19140] print_report+0xcd/0x680 [ 1016.525697][T19140] ? __virt_addr_valid+0x81/0x610 [ 1016.525711][T19140] ? tpg_fill_plane_buffer+0x21d2/0x43c0 [ 1016.525727][T19140] kasan_report+0xe0/0x110 [ 1016.525741][T19140] ? tpg_fill_plane_buffer+0x21d2/0x43c0 [ 1016.525758][T19140] kasan_check_range+0x100/0x1b0 [ 1016.525770][T19140] __asan_memcpy+0x3c/0x60 [ 1016.525783][T19140] tpg_fill_plane_buffer+0x21d2/0x43c0 [ 1016.525805][T19140] ? __pfx_tpg_fill_plane_buffer+0x10/0x10 [ 1016.525823][T19140] vivid_fillbuff+0x8d2/0x4250 [ 1016.525839][T19140] ? stack_trace_save+0x8e/0xc0 [ 1016.525855][T19140] ? __pfx_stack_trace_save+0x10/0x10 [ 1016.525872][T19140] ? __pfx_vivid_fillbuff+0x10/0x10 [ 1016.525892][T19140] ? v4l2_ctrl_request_setup+0x45e/0xa60 [ 1016.525902][T19140] ? lockdep_hardirqs_on+0x7c/0x110 [ 1016.525920][T19140] ? vivid_thread_vid_cap_tick+0x814/0x15d0 [ 1016.525935][T19140] vivid_thread_vid_cap_tick+0x814/0x15d0 [ 1016.525953][T19140] vivid_thread_vid_cap+0x454/0xda0 [ 1016.525970][T19140] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 1016.525985][T19140] ? do_raw_spin_lock+0x12c/0x2b0 [ 1016.525998][T19140] ? find_held_lock+0x2b/0x80 [ 1016.526011][T19140] ? rcu_is_watching+0x12/0xc0 [ 1016.526028][T19140] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1016.526043][T19140] ? lockdep_hardirqs_on+0x7c/0x110 [ 1016.526058][T19140] ? __kthread_parkme+0x19e/0x250 [ 1016.526073][T19140] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 1016.526088][T19140] kthread+0x3c2/0x780 [ 1016.526098][T19140] ? __pfx_kthread+0x10/0x10 [ 1016.526107][T19140] ? rcu_is_watching+0x12/0xc0 [ 1016.526120][T19140] ? __pfx_kthread+0x10/0x10 [ 1016.526129][T19140] ret_from_fork+0x5d4/0x6f0 [ 1016.526144][T19140] ? __pfx_kthread+0x10/0x10 [ 1016.526153][T19140] ret_from_fork_asm+0x1a/0x30 [ 1016.526168][T19140] [ 1016.526173][T19140] [ 1016.730930][T19140] The buggy address belongs to the virtual mapping at [ 1016.730930][T19140] [ffffc90003120000, ffffc90003124000) created by: [ 1016.730930][T19140] vb2_vmalloc_alloc+0x135/0x3f0 [ 1016.748888][T19140] [ 1016.751191][T19140] The buggy address belongs to the physical page: [ 1016.757571][T19140] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x522a0 [ 1016.767605][T19140] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1016.774694][T19140] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 1016.783249][T19140] raw: ffff888000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1016.791801][T19140] page dumped because: kasan: bad access detected [ 1016.798195][T19140] page_owner tracks the page as allocated [ 1016.803877][T19140] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 19139, tgid 19132 (syz.4.2906), ts 1016076913658, free_ts 1015845317956 [ 1016.823392][T19140] post_alloc_hook+0x1c0/0x230 [ 1016.828149][T19140] get_page_from_freelist+0x1321/0x3890 [ 1016.833669][T19140] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1016.839535][T19140] alloc_pages_mpol+0x1fb/0x550 [ 1016.844362][T19140] alloc_pages_noprof+0x131/0x390 [ 1016.849362][T19140] __vmalloc_node_range_noprof+0x72f/0x14b0 [ 1016.855230][T19140] vmalloc_user_noprof+0x9e/0xe0 [ 1016.860137][T19140] vb2_vmalloc_alloc+0x135/0x3f0 [ 1016.865047][T19140] __vb2_queue_alloc+0x8c9/0x1280 [ 1016.870048][T19140] vb2_core_reqbufs+0xa90/0xfe0 [ 1016.874876][T19140] __vb2_init_fileio+0x3f1/0x1100 [ 1016.879881][T19140] vb2_core_poll+0x5ec/0x700 [ 1016.884440][T19140] vb2_poll+0x33/0x150 [ 1016.888486][T19140] vb2_fop_poll+0x10f/0x2c0 [ 1016.892964][T19140] v4l2_poll+0x163/0x320 [ 1016.897180][T19140] do_sys_poll+0x559/0xdf0 [ 1016.901572][T19140] page last free pid 19133 tgid 19132 stack trace: [ 1016.908064][T19140] __free_frozen_pages+0x7fe/0x1180 [ 1016.913252][T19140] tlb_remove_table_rcu+0x116/0x1a0 [ 1016.918422][T19140] rcu_core+0x799/0x14e0 [ 1016.922637][T19140] handle_softirqs+0x216/0x8e0 [ 1016.927373][T19140] __irq_exit_rcu+0x109/0x170 [ 1016.932022][T19140] irq_exit_rcu+0x9/0x30 [ 1016.936247][T19140] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1016.941853][T19140] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1016.947818][T19140] [ 1016.950116][T19140] Memory state around the buggy address: [ 1016.955718][T19140] ffffc90003122f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1016.963749][T19140] ffffc90003122f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1016.971787][T19140] >ffffc90003123000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1016.979819][T19140] ^ [ 1016.983856][T19140] ffffc90003123080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1016.991888][T19140] ffffc90003123100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1016.999924][T19140] ================================================================== [ 1017.323475][ T30] audit: type=1400 audit(1751214555.968:789): avc: denied { read } for pid=5166 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 1017.378669][T19140] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1017.385904][T19140] CPU: 1 UID: 0 PID: 19140 Comm: vivid-000-vid-c Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) [ 1017.398405][T19140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1017.408461][T19140] Call Trace: [ 1017.411735][T19140] [ 1017.414662][T19140] dump_stack_lvl+0x3d/0x1f0 [ 1017.419254][T19140] panic+0x71c/0x800 [ 1017.423142][T19140] ? __pfx_panic+0x10/0x10 [ 1017.427550][T19140] ? irqentry_exit+0x3b/0x90 [ 1017.432131][T19140] ? lockdep_hardirqs_on+0x7c/0x110 [ 1017.437319][T19140] ? preempt_schedule_thunk+0x16/0x30 [ 1017.442687][T19140] ? tpg_fill_plane_buffer+0x21d2/0x43c0 [ 1017.448311][T19140] ? preempt_schedule_common+0x44/0xc0 [ 1017.453760][T19140] ? check_panic_on_warn+0x1f/0xb0 [ 1017.458862][T19140] ? tpg_fill_plane_buffer+0x21d2/0x43c0 [ 1017.464484][T19140] check_panic_on_warn+0xab/0xb0 [ 1017.469418][T19140] end_report+0x107/0x170 [ 1017.473739][T19140] kasan_report+0xee/0x110 [ 1017.478148][T19140] ? tpg_fill_plane_buffer+0x21d2/0x43c0 [ 1017.483774][T19140] kasan_check_range+0x100/0x1b0 [ 1017.488696][T19140] __asan_memcpy+0x3c/0x60 [ 1017.493098][T19140] tpg_fill_plane_buffer+0x21d2/0x43c0 [ 1017.498557][T19140] ? __pfx_tpg_fill_plane_buffer+0x10/0x10 [ 1017.504356][T19140] vivid_fillbuff+0x8d2/0x4250 [ 1017.509111][T19140] ? stack_trace_save+0x8e/0xc0 [ 1017.513950][T19140] ? __pfx_stack_trace_save+0x10/0x10 [ 1017.519317][T19140] ? __pfx_vivid_fillbuff+0x10/0x10 [ 1017.524516][T19140] ? v4l2_ctrl_request_setup+0x45e/0xa60 [ 1017.530146][T19140] ? lockdep_hardirqs_on+0x7c/0x110 [ 1017.535336][T19140] ? vivid_thread_vid_cap_tick+0x814/0x15d0 [ 1017.541219][T19140] vivid_thread_vid_cap_tick+0x814/0x15d0 [ 1017.546932][T19140] vivid_thread_vid_cap+0x454/0xda0 [ 1017.552122][T19140] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 1017.557832][T19140] ? do_raw_spin_lock+0x12c/0x2b0 [ 1017.562842][T19140] ? find_held_lock+0x2b/0x80 [ 1017.567523][T19140] ? rcu_is_watching+0x12/0xc0 [ 1017.572299][T19140] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1017.578104][T19140] ? lockdep_hardirqs_on+0x7c/0x110 [ 1017.583298][T19140] ? __kthread_parkme+0x19e/0x250 [ 1017.588319][T19140] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 1017.594032][T19140] kthread+0x3c2/0x780 [ 1017.598089][T19140] ? __pfx_kthread+0x10/0x10 [ 1017.602667][T19140] ? rcu_is_watching+0x12/0xc0 [ 1017.607426][T19140] ? __pfx_kthread+0x10/0x10 [ 1017.612021][T19140] ret_from_fork+0x5d4/0x6f0 [ 1017.616602][T19140] ? __pfx_kthread+0x10/0x10 [ 1017.621184][T19140] ret_from_fork_asm+0x1a/0x30 [ 1017.625938][T19140] [ 1017.629134][T19140] Kernel Offset: disabled [ 1017.633434][T19140] Rebooting in 86400 seconds..