last executing test programs: 13.780225897s ago: executing program 1 (id=464): r0 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x40002) write$FUSE_POLL(r0, &(0x7f0000002080)={0x18}, 0x18) 13.186398428s ago: executing program 1 (id=466): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) syz_emit_ethernet(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) getsockopt$inet_mreqsrc(r1, 0x0, 0x53, 0x0, &(0x7f0000000040)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(&(0x7f0000000140)='./control\x00', 0x0) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setsig(r4, 0xa, 0x21) fcntl$setlease(r4, 0x400, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x80, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r4}, 0x90) open$dir(&(0x7f0000000080)='./file0\x00', 0x80000, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close_range(r4, 0xffffffffffffffff, 0x0) r5 = socket$kcm(0x10, 0x3, 0x10) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='xdp_bulk_tx\x00', r6}, 0x10) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f94f91724fc60100005000a000200053582c137153e3704000680040002000300", 0x33fe0}], 0x1}, 0x0) utime(&(0x7f0000000540)='./control\x00', 0x0) 12.865469142s ago: executing program 4 (id=467): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xb, &(0x7f0000000140), 0x0) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r1, 0x402, 0x8000003d) fcntl$setsig(r1, 0xa, 0x21) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchmod(r2, 0x0) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000100)=ANY=[@ANYRES8=r3], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_get$uid(0x0, 0xffffffffffffffff) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) 11.895553133s ago: executing program 4 (id=470): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x4) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r1, 0x0, 0x0, 0x0) write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) socket$kcm(0x10, 0x3, 0x10) syz_emit_ethernet(0x86, &(0x7f0000000040)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "5b29ab", 0x0, 0x11, 0x0, @private1, @empty, [@dstopts={0x0, 0x0, '\x00', [@ra={0x5, 0x33}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) setsockopt(r2, 0x0, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f00000001c0), 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r2, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$binfmt_script(r2, &(0x7f0000000280)={'#! ', './file0'}, 0xb) write$binfmt_script(r2, &(0x7f0000000300)={'#! ', './file0'}, 0xffa0) 9.917739655s ago: executing program 1 (id=472): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f00000000c0)="120000001200e7ef00", 0x9, 0x0, 0x0, 0x0) ioperm(0x0, 0x5, 0x6) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000340)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) sendfile(r3, r3, 0x0, 0x9c) 9.872512741s ago: executing program 4 (id=473): ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000000c0)={0x73, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7f, 0x7, 0x45, 0x0, 0x9, 0x7, 0x0, 0x5, 0x4, 0xba, 0x0, 0x0, 0x1}) socket$caif_stream(0x25, 0x1, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) write$FUSE_INIT(r0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, 0x0, 0x0) openat$cgroup_ro(r0, 0x0, 0x275a, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x4, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x13, 0x2}, @var={0x2, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x0, 0x61]}}, 0x0, 0x54}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0xf, &(0x7f00000001c0)=@ringbuf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r5, 0x8, 0x0, 0x0, 0x3, &(0x7f0000000380), 0x10}, 0x90) r6 = memfd_create(&(0x7f0000000ac0)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\a\x00;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\xb7/\xa5\xa7\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84,\xd3\x06\xaeO \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x00\x04\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2Cw\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0xe) socket$nl_route(0x10, 0x3, 0x0) r7 = syz_usb_connect(0x1, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a86200000904000002ca744d070905"], &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000380)) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r7) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0xf, 0x80010, r4, 0x0) fallocate(r6, 0x0, 0x0, 0x400) 9.359376171s ago: executing program 0 (id=477): syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x8c200, 0x0) add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) gettid() sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="00042dbd7000fddbdf25010000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x54}, 0x1, 0x0, 0x0, 0x40d0}, 0x0) futex_waitv(&(0x7f0000000ac0)=[{0x0, 0x0, 0x2}], 0x1, 0x0, 0x0, 0x0) add_key$fscrypt_provisioning(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) read$FUSE(r0, 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$int_in(r3, 0x5452, &(0x7f0000000140)) setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/diskstats\x00', 0x0, 0x0) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) sendfile(r5, r4, 0x0, 0xfff) 9.010101083s ago: executing program 3 (id=478): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000001a40)={'#! ', './file0', [{0x20, '[FS\xb9\xd3S\x1f\xee\xb2\xbb\xec\xb1\xf8\xc7&\xd4\x00\xd2g\x13\xeb\xc1s\xb4\f}\xb14\x1d\xef\xf3\x1b\xd0\xee\xbf\xe2\xe5\\\xc0\xbd(\x8a\x89\x8e\xc10\x11si*y\xfb\xddMU\'ni\x16\xed?\xe7\xdd\xa9z\xba\v\xbb)\t\xc5,x\x8drhOM\xa5\x1f\xef\xa5\x89=x\xe9\xdc\x88\xf6\xa8\xf7 \xf4\x9cm0?\xaf{\x1dl\x8f\xc4\xe7\x94\x10z\x13)>^x)\x03U\x9ae\xe1\x7f\t.2(F\xe6\xe4x\x97\x17\xb5\xa74\x12t\xad\x15\x17\x16\xcd\x8c\xb2\t\x9c\x99\x97M\xfb%\bYN\xa1\t\xb7\xa3\xd3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00U\xb5\xec/\x92K\xf0\xd6\x7f\xe8'}, {0x20, 'mang\n>O\xa3\xdeFa\x9fa,\xff\x93\xf8'}, {0x20, '.*..\xb5\xe7l\xee\x92q\x98\x11\xee\xf1wj<\xbe\x8d\xf7Sg\xd5M\xe5O~\aD\xce4S{\x9c\xb2_\xe1\xea\x19:=\x7f\xb8J\x9cac\xe5\'\\I\xb80\':\x81\r\xad\xc9\x1d(\xcbS\x942\x00\x00\x00\x00\x00\x01 x\x1b\xf5 \xff\xbc\xc9\xac?4!\x17%\xd4\xb0/\x8b\xdd#\xc6*w\xe30I]\xf2\xd2\xdd\xcf\x18\xbd\x1bX\xff6\x9a\xecc\x91\xb15\xa9w\xaf\xef\x98\xa7\xb6\xb0*\t\xf8\xa1\xae>'}], 0xa, "b595a6e85f24493e927a0323126612250a0bb3d869dd7c9cd0994496e5ccecce63b8006d323a8c99f93c8eb474750c0f1c1a3b7cb31076f78ee86e8046dbd9054661aaa4bb5795bac1a8e7c94467719e3c2d99fecc87eafd4f71562f98f5fc07313d37327969490b6b6e8831c54d1e52d0c1ac61908f29458fb54f9ab0183bcb6bd17a959f4fe21974f4304121da3b97d97ebb65d5208f5b49ab550aa9a0232d89c662a1a3625a3e"}, 0x1f7) mmap(&(0x7f0000825000/0x1000)=nil, 0x1000, 0x2800001, 0x11, r0, 0x686c5000) mknod$loop(&(0x7f0000000000)='./bus\x00', 0x100000000000600d, 0x1) creat(&(0x7f0000000080)='./file0\x00', 0xc5) open(&(0x7f0000000040)='./file0\x00', 0x10100, 0x89) inotify_init1(0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x12, 0x80801) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x80805513, &(0x7f00000000c0)}) syz_open_dev$usbfs(&(0x7f0000001800), 0x12, 0xc0800) open(&(0x7f0000000040)='./bus\x00', 0x60142, 0x0) timerfd_create(0x0, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) timerfd_gettime(r3, &(0x7f0000000000)) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r2}, 0xfffffffffffffc2a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000ee8b4c7b167c8f3cc84c01669fcfc1994e794690f88f5c98f17ad5f23150ff"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10) open(0x0, 0x0, 0x0) rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='./file2\x00') syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) 8.92945347s ago: executing program 1 (id=479): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000040)={r2, 0x0, 0x5}) 8.577244155s ago: executing program 2 (id=480): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000580)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) poll(&(0x7f0000000540)=[{r3}], 0x1, 0x0) read$dsp(r3, &(0x7f0000000200)=""/115, 0x73) (fail_nth: 1) 7.530196791s ago: executing program 3 (id=481): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(0x0) link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0) rename(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000280)='./file0\x00') 6.469122936s ago: executing program 2 (id=482): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) syz_emit_ethernet(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) getsockopt$inet_mreqsrc(r1, 0x0, 0x53, 0x0, &(0x7f0000000040)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(&(0x7f0000000140)='./control\x00', 0x0) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setsig(r4, 0xa, 0x21) fcntl$setlease(r4, 0x400, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x80, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r4}, 0x90) open$dir(&(0x7f0000000080)='./file0\x00', 0x80000, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close_range(r4, 0xffffffffffffffff, 0x0) r5 = socket$kcm(0x10, 0x3, 0x10) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='xdp_bulk_tx\x00', r6}, 0x10) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f94f91724fc60100005000a000200053582c137153e3704000680040002000300", 0x33fe0}], 0x1}, 0x0) utime(&(0x7f0000000540)='./control\x00', 0x0) 6.439376937s ago: executing program 1 (id=483): r0 = socket$igmp6(0xa, 0x3, 0x2) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) fadvise64(r0, 0x0, 0x2, 0x3) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x97acdf4d}], 0x1, 0x0, 0x0) r2 = syz_io_uring_setup(0x1110, &(0x7f0000000140), &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x10, 0x0, 0x7, 0x0, 0x0}) io_uring_enter(r2, 0x47fa, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x18, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[0xffffffffffffffff]}, 0x1) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'macsec0\x00'}) fsopen(&(0x7f0000000380)='rpc_pipefs\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x2}, 0x48) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) ioctl$PPPIOCBRIDGECHAN(r5, 0x40047435, 0x0) connect$inet(r5, &(0x7f00000000c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x38}}, 0x10) socket$unix(0x1, 0x2, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) openat$cgroup_procs(r5, &(0x7f0000001600)='tasks\x00', 0x2, 0x0) openat$selinux_access(0xffffffffffffff9c, &(0x7f0000001640), 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000001680)={0x0, 0x5, {}, {0xffffffffffffffff}, 0xf6b}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000016c0)={{0x1, 0x1, 0x18, r5, {0x0, 0xffffffffffffffff}}, './file0\x00'}) socket$inet6_tcp(0xa, 0x1, 0x0) 6.255746073s ago: executing program 4 (id=484): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x4) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r1, 0x0, 0x0, 0x0) write$P9_RATTACH(0xffffffffffffffff, 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) socket$kcm(0x10, 0x3, 0x10) syz_emit_ethernet(0x86, &(0x7f0000000040)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "5b29ab", 0x0, 0x11, 0x0, @private1, @empty, [@dstopts={0x0, 0x0, '\x00', [@ra={0x5, 0x33}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) setsockopt(r2, 0x0, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f00000001c0), 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r2, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$binfmt_script(r2, &(0x7f0000000280)={'#! ', './file0'}, 0xb) write$binfmt_script(r2, &(0x7f0000000300)={'#! ', './file0'}, 0xffa0) 5.818666781s ago: executing program 3 (id=485): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_BEGIN_FF_ERASE(r0, 0x4004556b, &(0x7f0000000000)) syz_usbip_server_init(0x5) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) r3 = socket(0x840000000002, 0x3, 0x100) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r3, &(0x7f0000005240), 0x4000095, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x30, 0x0, &(0x7f0000000180)) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r6, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)={0x128, r7, 0x101, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_IE={0x106, 0x2a, [@fast_bss_trans={0x37, 0x100, {0x0, 0x7, "f61627dca75d09bbd0d1a65a6b37889c", "138ce9c3eb8456aa7cf6efd0a20a9c2b77d3f74c6b06772f6f362fa16f13673a", "ea1f2d844af179417bc669be69300b0a10deba6996b25f7495408a0e80296433", [{0x0, 0x28, "d6000004f8a70aa844ef18d19210035bce7af32432ed01b5a561ab5056537da2acf6f23cca575cb0"}, {0x0, 0x5, '2VX0xffffffffffffffff}) r1 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x2c02) syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x2c02) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000040)) sendmsg$inet(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x7fff0000}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6(0xa, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xf800) syz_genetlink_get_family_id$gtp(&(0x7f0000000100), 0xffffffffffffffff) r5 = add_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r5, 0x0, 0x0) r6 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000340)={{{@in=@local, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@dev, 0x0, 0x33}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0xfd, 0x7}}, 0xe8) sendmmsg(r6, &(0x7f0000000480), 0x21, 0x0) r7 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) dup(r9) 2.823196244s ago: executing program 4 (id=491): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000008c0), 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/schedstat\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000005500)={0x2020}, 0x2020) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000380)={'rose0\x00', 0x20}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) io_setup(0x20, &(0x7f0000001140)) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='H\x00\x00', @ANYRES16=r1, @ANYRESHEX=r2, @ANYRESDEC=r2, @ANYBLOB="0c00990000004000007f000000f12620b40900000800a100000000000500186d0100000008002700000001d134b92267c204f6a78b14e079723cf102c5751fd0b247a1a6e685edc6f35249435a01a6b4fa88782c94d9a50bdecb3a6a3de402b481cbd2ee6ea63985aa1a44d48dc3b4e032d3c57c0a8e0f49409cafe1a4c8841f8c8dd7f0a30b61efe2044a676cba664dab927ea878cf360d8c2e567a8cd9731683a54306ada460e47ac8a4ddd6cb83b3260ac9935782eba847e3f55c979d5bf1146930b76a", @ANYBLOB="1d82b4db22537db30a88", @ANYRES16=0x0, @ANYRESHEX=r5, @ANYRESDEC=r7, @ANYRES16, @ANYRES16=r3], 0x48}}, 0x30040065) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r8 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r9, 0x545c, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) 2.172793142s ago: executing program 3 (id=492): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000030000000000000000d99ade4f00000000000000070000000000000095"], &(0x7f0000000100)='syzkaller\x00'}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000280)=ANY=[@ANYBLOB="05000000000000007311370000000000851000000200000200850000001000000095000000000000009500a50500000000033bf59a7f4c36651ca7e1c51221d6decb"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) openat$cgroup_ro(r4, &(0x7f0000000340)='cgroup.stat\x00', 0x300, 0x0) socket$inet6(0xa, 0x3, 0x7) socket$inet6(0xa, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000005, 0x12, r5, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r6, 0x541c, &(0x7f0000000000)) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00', r0}, 0x10) modify_ldt$write2(0x11, 0x0, 0x0) 2.103175093s ago: executing program 0 (id=493): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000040)={r1, 0x0, 0x5}) 1.562264641s ago: executing program 0 (id=494): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x46, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000108000000180001801400020073797a5f74756e00000000000000000018000280080002002000000004000100080004"], 0x44}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) fcntl$lock(r1, 0x5, &(0x7f0000000080)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$TIPC_NL_PUBL_GET(r4, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000a40)={0x1368, r5, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_NODE={0x138, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0x28, 0x3, "dd9b74a60853cd82e96b867bcdc4bb942b5228cbcbed76e59c284010b5080421acbe7c06"}, @TIPC_NLA_NODE_ID={0xb, 0x3, '?0`0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(&(0x7f0000000140)='./control\x00', 0x0) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setsig(r3, 0xa, 0x21) fcntl$setlease(r3, 0x400, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x80, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r3}, 0x90) open$dir(&(0x7f0000000080)='./file0\x00', 0x80000, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0x0) close_range(r3, 0xffffffffffffffff, 0x0) r4 = socket$kcm(0x10, 0x3, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='xdp_bulk_tx\x00', r5}, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f94f91724fc60100005000a000200053582c137153e3704000680040002000300", 0x33fe0}], 0x1}, 0x0) utime(&(0x7f0000000540)='./control\x00', 0x0) 835.957635ms ago: executing program 2 (id=497): r0 = socket$inet6(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r1) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = socket$inet6(0xa, 0x2, 0x3) setsockopt$inet6_int(r4, 0x29, 0x0, 0x0, 0x0) setsockopt$inet6_buf(r4, 0x29, 0x3e, 0x0, 0x0) creat(0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000000)=@ccm_128={{}, "c04d831721b66c43", "7e50992d53face4acb591d981848b3d9", "a7844c4e", "6c25c0284645e18b"}, 0x28) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000080), 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(r7, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/partitions\x00', 0x0, 0x0) r9 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r9, r8, &(0x7f0000002080)=0x3a, 0x23b) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000000000000000008000900d91999d14e7766ea4469f46e03cf5a00000000"], 0x34}}, 0x0) r10 = syz_open_dev$swradio(&(0x7f0000000180), 0x1, 0x2) openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x400400, 0x0) ioctl$VIDIOC_QBUF(r10, 0xc058560f, &(0x7f0000001540)=@multiplanar_userptr={0x0, 0x3, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "75d386a8"}, 0x0, 0x2, {0x0}}) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000020000000000000000000000009500000000000000cbef9f1e5c74e6e6aeaa53ab998afd26d275dbce879823d05477fe5e84c75ff24bee0100ab43b60670436afa76f409b4bab8fddf376f84515f838232b18f867305115a5e351b457c682060144a5be9e8e211c5bd310c50e73815b12efb384984f122ae4dc1a8870472d445f576e492650519bc4d8b3a50f7ff5f5980bd95f110519cdfedfce4b4983dd7fe968ffa16987cbfd37d536f32912390c6b229fbe080de2a1f10da1cee6d19295fcf7508024e6ec67f"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r11}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x310, 0x0, 0x12, 0x60a, 0x138, 0x202, 0x240, 0x2e8, 0x2e8, 0x240, 0x2c0, 0x4, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @dev}, @mcast2, [], [], 'veth1_to_bond\x00', 'xfrm0\x00'}, 0x0, 0x108, 0x138, 0x0, {}, [@common=@unspec=@statistic={{0x38}}, @common=@inet=@socket2={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@private2, @loopback, [], [], 'vxcan1\x00', 'batadv0\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x370) 163.585854ms ago: executing program 0 (id=498): syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) r0 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = userfaultfd(0x800) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000340)={0xaa, 0x304}) socket$isdn(0x22, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_setup(0x3eae, &(0x7f0000000080)={0x0, 0xfffffffd, 0x40, 0x0, 0xfffffffd}) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo\x00') fchdir(r3) llistxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000025c0)={0x0, 0x0, 0x0}, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000140), 0xffffffffffffffff, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.idle_time\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000100)={0x1, "000000000000003713714a64bdeb9000", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0x5, "fa02c80a3a1e9d4b9aaf000000008d674fe69b5b7638dd031dd7504fe5809639", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f0000000080)={"390008000000000000070000e4f5b53e0ca34dd02acecdc67c5e312462816800", r6}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) 6.630468ms ago: executing program 3 (id=499): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000000100)={@link_local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @multicast1}, {0x400, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FICLONE(0xffffffffffffffff, 0x5451, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) getpgrp(r2) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) clock_nanosleep(0xfffffff2, 0x0, &(0x7f0000000400), 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r7 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ioctl$TIOCSWINSZ(r7, 0x5414, &(0x7f0000000040)) 0s ago: executing program 4 (id=500): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x3, 0x3ffdcf, 0x7ff}, 0x48) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x0, 0x0) renameat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', r0, &(0x7f0000000140)='./file1\x00') kernel console output (not intermixed with test programs): f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.191157][ T5347] RSP: 002b:00007f5a456a2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 139.199598][ T5347] RAX: ffffffffffffffda RBX: 00007f5a44b03f60 RCX: 00007f5a44975bd9 [ 139.207588][ T5347] RDX: 0000000000000030 RSI: 0000000020000040 RDI: 0000000000000014 [ 139.215772][ T5347] RBP: 00007f5a456a20a0 R08: 0000000000000000 R09: 0000000000000000 [ 139.223769][ T5347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.231950][ T5347] R13: 000000000000000b R14: 00007f5a44b03f60 R15: 00007fffff1d8b08 [ 139.239943][ T5347] [ 139.598762][ T5351] overlayfs: failed to resolve './file1': -2 [ 139.805451][ T5353] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 139.919997][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 139.920014][ T29] audit: type=1400 audit(1720298510.959:204): avc: denied { create } for pid=5355 comm="syz.2.47" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 139.981323][ T29] audit: type=1400 audit(1720298510.999:205): avc: denied { create } for pid=5354 comm="syz.0.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 140.077945][ T29] audit: type=1400 audit(1720298511.009:206): avc: denied { ioctl } for pid=5355 comm="syz.2.47" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=7726 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 140.161233][ T29] audit: type=1400 audit(1720298511.059:207): avc: denied { listen } for pid=5354 comm="syz.0.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 140.250496][ T29] audit: type=1400 audit(1720298511.169:208): avc: denied { read } for pid=5350 comm="syz.1.45" name="ppp" dev="devtmpfs" ino=694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 140.286118][ T29] audit: type=1400 audit(1720298511.169:209): avc: denied { open } for pid=5350 comm="syz.1.45" path="/dev/ppp" dev="devtmpfs" ino=694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 140.324903][ T29] audit: type=1400 audit(1720298511.179:210): avc: denied { ioctl } for pid=5350 comm="syz.1.45" path="/dev/ppp" dev="devtmpfs" ino=694 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 140.509561][ T5282] syz.3.30 (5282): drop_caches: 1 [ 141.002980][ T5134] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 141.534748][ T5377] netlink: 212916 bytes leftover after parsing attributes in process `syz.3.52'. [ 142.316209][ T5134] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 142.357544][ T5134] usb 1-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 142.419068][ T5380] all: renamed from bridge_slave_0 (while UP) [ 142.426024][ T5134] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 142.467483][ T5134] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 142.493167][ T5134] usb 1-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 142.517732][ T5134] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 142.568572][ T5134] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 142.589148][ T5134] usb 1-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 142.659044][ T5134] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 142.688253][ T5134] usb 1-1: string descriptor 0 read error: -22 [ 142.710404][ T5134] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 142.731078][ T5134] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.807255][ T5134] adutux 1-1:168.0: interrupt endpoints not found [ 143.041260][ T5134] usb 1-1: USB disconnect, device number 2 [ 144.681800][ T5402] overlayfs: failed to resolve './file1': -2 [ 144.999699][ T5406] FAULT_INJECTION: forcing a failure. [ 144.999699][ T5406] name failslab, interval 1, probability 0, space 0, times 0 [ 145.033189][ T5406] CPU: 0 PID: 5406 Comm: syz.0.59 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 145.043169][ T5406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 145.053267][ T5406] Call Trace: [ 145.056603][ T5406] [ 145.059569][ T5406] dump_stack_lvl+0x16c/0x1f0 [ 145.064313][ T5406] should_fail_ex+0x497/0x5b0 [ 145.069049][ T5406] should_failslab+0x9/0x20 [ 145.073622][ T5406] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 145.079070][ T5406] ? skb_clone+0x190/0x3f0 [ 145.083545][ T5406] skb_clone+0x190/0x3f0 [ 145.087844][ T5406] netlink_deliver_tap+0xab3/0xd90 [ 145.093103][ T5406] netlink_unicast+0x604/0x820 [ 145.097933][ T5406] ? __pfx_netlink_unicast+0x10/0x10 [ 145.103400][ T5406] netlink_sendmsg+0x8b8/0xd70 [ 145.108249][ T5406] ? __pfx_netlink_sendmsg+0x10/0x10 [ 145.113602][ T5406] ? __import_iovec+0x1fd/0x6e0 [ 145.118560][ T5406] ____sys_sendmsg+0xab5/0xc90 [ 145.123384][ T5406] ? copy_msghdr_from_user+0x10b/0x160 [ 145.128933][ T5406] ? __pfx_____sys_sendmsg+0x10/0x10 [ 145.134280][ T5406] ? find_held_lock+0x2d/0x110 [ 145.139106][ T5406] ? __pfx___lock_acquire+0x10/0x10 [ 145.144382][ T5406] ___sys_sendmsg+0x135/0x1e0 [ 145.149140][ T5406] ? __pfx____sys_sendmsg+0x10/0x10 [ 145.154406][ T5406] ? ksys_write+0x21c/0x260 [ 145.158990][ T5406] ? __fget_light+0x173/0x210 [ 145.163739][ T5406] __sys_sendmsg+0x117/0x1f0 [ 145.168574][ T5406] ? __pfx___sys_sendmsg+0x10/0x10 [ 145.173853][ T5406] do_syscall_64+0xcd/0x250 [ 145.178418][ T5406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.184378][ T5406] RIP: 0033:0x7f5a44975bd9 [ 145.188835][ T5406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.208498][ T5406] RSP: 002b:00007f5a456a2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 145.216969][ T5406] RAX: ffffffffffffffda RBX: 00007f5a44b03f60 RCX: 00007f5a44975bd9 [ 145.224998][ T5406] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 145.233037][ T5406] RBP: 00007f5a456a20a0 R08: 0000000000000000 R09: 0000000000000000 [ 145.241082][ T5406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 145.249106][ T5406] R13: 000000000000000b R14: 00007f5a44b03f60 R15: 00007fffff1d8b08 [ 145.257216][ T5406] [ 145.260581][ C0] vkms_vblank_simulate: vblank timer overrun [ 146.380596][ T5414] xt_TPROXY: Can be used only with -p tcp or -p udp [ 146.598936][ T29] audit: type=1326 audit(1720298517.629:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5413 comm="syz.0.61" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a44975bd9 code=0x0 [ 146.889028][ T5098] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 146.903879][ T5098] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 146.912898][ T5098] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 146.922226][ T5098] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 146.931203][ T5098] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 146.939073][ T5098] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 146.973732][ T29] audit: type=1400 audit(1720298518.009:212): avc: denied { mounton } for pid=5419 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 147.323533][ T29] audit: type=1400 audit(1720298518.359:213): avc: denied { write } for pid=5416 comm="syz.1.62" name="udp" dev="proc" ino=4026532937 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 147.405810][ T29] audit: type=1400 audit(1720298518.449:214): avc: denied { read } for pid=5422 comm="syz.0.63" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 147.424380][ T5423] autofs4:pid:5423:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e) [ 147.487980][ T29] audit: type=1400 audit(1720298518.449:215): avc: denied { open } for pid=5422 comm="syz.0.63" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 147.516799][ T5426] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 147.603898][ T29] audit: type=1400 audit(1720298518.469:216): avc: denied { ioctl } for pid=5422 comm="syz.0.63" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 147.652852][ T29] audit: type=1400 audit(1720298518.689:217): avc: denied { create } for pid=5422 comm="syz.0.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 147.694454][ T29] audit: type=1400 audit(1720298518.729:218): avc: denied { setopt } for pid=5422 comm="syz.0.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 147.807296][ T29] audit: type=1400 audit(1720298518.849:219): avc: denied { create } for pid=5428 comm="syz.3.64" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 147.953202][ T29] audit: type=1400 audit(1720298518.989:220): avc: denied { bind } for pid=5422 comm="syz.0.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 148.306982][ T5419] chnl_net:caif_netlink_parms(): no params data found [ 148.928050][ T5419] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.984320][ T5419] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.017619][ T5419] bridge_slave_0: entered allmulticast mode [ 149.024219][ T5098] Bluetooth: hci5: command tx timeout [ 149.050875][ T5419] bridge_slave_0: entered promiscuous mode [ 149.082322][ T5436] xt_ecn: cannot match TCP bits for non-tcp packets [ 149.148631][ T5419] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.223955][ T5419] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.231323][ T5419] bridge_slave_1: entered allmulticast mode [ 149.268148][ T5419] bridge_slave_1: entered promiscuous mode [ 149.580915][ T5419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 149.656527][ T5419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.103881][ T5098] Bluetooth: hci5: command tx timeout [ 151.220873][ T5419] team0: Port device team_slave_0 added [ 151.273338][ T5419] team0: Port device team_slave_1 added [ 151.539949][ T5419] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.595029][ T5419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.628007][ T5419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.642932][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 151.642949][ T29] audit: type=1400 audit(1720298522.669:226): avc: denied { create } for pid=5459 comm="syz.2.70" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:fusefs_t tclass=chr_file permissive=1 [ 151.704327][ T5419] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.711327][ T5419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.788333][ T5419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 151.825868][ T29] audit: type=1400 audit(1720298522.869:227): avc: denied { read } for pid=5459 comm="syz.2.70" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 151.953661][ T29] audit: type=1400 audit(1720298522.899:228): avc: denied { open } for pid=5459 comm="syz.2.70" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 152.112405][ T29] audit: type=1400 audit(1720298522.899:229): avc: denied { ioctl } for pid=5459 comm="syz.2.70" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 152.137622][ C0] vkms_vblank_simulate: vblank timer overrun [ 152.171327][ T29] audit: type=1400 audit(1720298522.929:230): avc: denied { set_context_mgr } for pid=5459 comm="syz.2.70" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 152.194574][ T5471] netlink: 4 bytes leftover after parsing attributes in process `syz.3.72'. [ 152.280930][ T29] audit: type=1400 audit(1720298523.069:231): avc: denied { ioctl } for pid=5459 comm="syz.2.70" path="socket:[8006]" dev="sockfs" ino=8006 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 152.306406][ C0] vkms_vblank_simulate: vblank timer overrun [ 152.409145][ T5471] team_slave_0: entered promiscuous mode [ 152.415261][ T5471] team_slave_0: entered allmulticast mode [ 152.442540][ T29] audit: type=1400 audit(1720298523.359:232): avc: denied { setopt } for pid=5470 comm="syz.3.72" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 152.536261][ T29] audit: type=1400 audit(1720298523.579:233): avc: denied { setopt } for pid=5457 comm="syz.0.69" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 152.615370][ T5471] team0: Port device team_slave_0 removed [ 152.622045][ T5461] overlayfs: failed to resolve './bus': -2 [ 152.742570][ T5419] hsr_slave_0: entered promiscuous mode [ 152.780222][ T5419] hsr_slave_1: entered promiscuous mode [ 152.838336][ T5419] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 152.873554][ T5419] Cannot create hsr debugfs directory [ 153.118738][ T29] audit: type=1400 audit(1720298524.159:234): avc: denied { remount } for pid=5484 comm="syz.3.75" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 153.193887][ T5098] Bluetooth: hci5: command tx timeout [ 153.326469][ T5098] Bluetooth: hci1: unexpected subevent 0x0a length: 18 < 30 [ 153.362575][ T29] audit: type=1400 audit(1720298524.399:235): avc: denied { create } for pid=5484 comm="syz.3.75" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 154.679168][ T5419] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.899485][ T5493] netlink: 20 bytes leftover after parsing attributes in process `syz.0.77'. [ 155.107769][ T5419] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.264233][ T5098] Bluetooth: hci5: command tx timeout [ 155.363400][ T5419] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.611018][ T5419] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.318662][ T5419] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 156.413814][ T5419] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 156.494744][ T5419] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 156.543698][ T5135] usb 1-1: new low-speed USB device number 3 using dummy_hcd [ 156.567338][ T5419] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 156.798305][ T5135] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 156.847412][ T5135] usb 1-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 156.890266][ T5506] xt_ecn: cannot match TCP bits for non-tcp packets [ 156.904089][ T5135] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 156.954975][ T5135] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 156.989599][ T5135] usb 1-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 157.047595][ T5135] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 157.128219][ T5135] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 157.183805][ T5135] usb 1-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 157.233551][ T5135] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 157.303704][ T5135] usb 1-1: string descriptor 0 read error: -22 [ 157.372696][ T5135] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 157.425013][ T5135] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.479039][ T5419] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.528902][ T5135] adutux 1-1:168.0: interrupt endpoints not found [ 157.872888][ T5419] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.981708][ T5139] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.989096][ T5139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.130017][ T9] usb 1-1: USB disconnect, device number 3 [ 159.137986][ T5139] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.145336][ T5139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.508045][ T5523] overlayfs: failed to resolve './bus': -2 [ 160.777006][ T5419] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.882141][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 161.882181][ T29] audit: type=1400 audit(1720298532.909:239): avc: denied { setopt } for pid=5548 comm="syz.0.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 162.425171][ T5419] veth0_vlan: entered promiscuous mode [ 162.586553][ T5419] veth1_vlan: entered promiscuous mode [ 162.708934][ T5566] netlink: 20 bytes leftover after parsing attributes in process `syz.2.93'. [ 162.751898][ T29] audit: type=1400 audit(1720298533.689:240): avc: denied { write } for pid=5563 comm="syz.0.94" name="event2" dev="devtmpfs" ino=838 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 162.844988][ T29] audit: type=1400 audit(1720298533.699:241): avc: denied { open } for pid=5563 comm="syz.0.94" path="/dev/input/event2" dev="devtmpfs" ino=838 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 162.900880][ T5419] veth0_macvtap: entered promiscuous mode [ 162.931857][ T5419] veth1_macvtap: entered promiscuous mode [ 162.983816][ T5419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.996501][ T5419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.008988][ T5419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.013631][ T25] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 163.030162][ T5419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.074475][ T5419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.108978][ T5419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.139864][ T5419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.181716][ T5419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.212559][ T5419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.243743][ T5419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.276529][ T25] usb 1-1: descriptor type invalid, skip [ 163.285520][ T25] usb 1-1: config 7 has an invalid interface number: 243 but max is 3 [ 163.289736][ T5419] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.321160][ T25] usb 1-1: config 7 contains an unexpected descriptor of type 0x2, skipping [ 163.350481][ T25] usb 1-1: config 7 has an invalid descriptor of length 214, skipping remainder of the config [ 163.374933][ T5419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.381595][ T25] usb 1-1: config 7 has 1 interface, different from the descriptor's value: 4 [ 163.413611][ T25] usb 1-1: config 7 has no interface number 0 [ 163.423183][ T5419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.430083][ T25] usb 1-1: config 7 interface 243 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 163.473732][ T5419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.487018][ T25] usb 1-1: config 7 interface 243 has no altsetting 0 [ 163.507491][ T5419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.509362][ T25] usb 1-1: New USB device found, idVendor=19d2, idProduct=fff9, bcdDevice=21.6a [ 163.545931][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.557095][ T5419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.586380][ T25] usb 1-1: Product: ؏甑㱡蠥ꗈ蘵᩟ [ 163.592365][ T25] usb 1-1: Manufacturer: ᰉ [ 163.595008][ T5419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.623509][ T5419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.636873][ T25] usb 1-1: SerialNumber:   [ 163.648666][ T5419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.681890][ T5419] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.713696][ T5419] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.746363][ T5419] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.867049][ T5419] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.891141][ T5565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.926570][ T5419] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.945685][ T5419] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.952671][ T5565] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.978481][ T5419] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.027659][ T25] hub 1-1:7.243: bad descriptor, ignoring hub [ 164.054258][ T25] hub 1-1:7.243: probe with driver hub failed with error -5 [ 164.106454][ T25] option 1-1:7.243: GSM modem (1-port) converter detected [ 164.210174][ T25] usb 1-1: USB disconnect, device number 4 [ 164.268307][ T25] option 1-1:7.243: device disconnected [ 164.413957][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.452573][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.591284][ T1040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.612047][ T1040] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.661376][ T29] audit: type=1400 audit(1720298535.699:242): avc: denied { mount } for pid=5419 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 164.929126][ T29] audit: type=1400 audit(1720298535.969:243): avc: denied { write } for pid=5571 comm="syz.0.96" name="001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 165.197934][ T29] audit: type=1400 audit(1720298536.239:244): avc: denied { create } for pid=5575 comm="syz.1.97" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 165.299391][ T29] audit: type=1400 audit(1720298536.269:245): avc: denied { bind } for pid=5575 comm="syz.1.97" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 165.355030][ T29] audit: type=1400 audit(1720298536.289:246): avc: denied { connect } for pid=5575 comm="syz.1.97" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 165.683708][ T25] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 165.893913][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 165.922718][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 165.961244][ T25] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 166.020935][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.085033][ T25] usb 1-1: config 0 descriptor?? [ 166.391534][ T25] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 166.553375][ T5139] usb 1-1: USB disconnect, device number 5 [ 166.600289][ T5139] iowarrior 1-1:0.0: I/O-Warror #0 now disconnected [ 167.045613][ T5139] kernel write not supported for file /dlm-control (pid: 5139 comm: kworker/1:6) [ 167.539214][ T5619] dummy0: entered promiscuous mode [ 167.606005][ T5619] dummy0: left promiscuous mode [ 168.234583][ T5625] syz.3.108[5625] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 168.234833][ T5625] syz.3.108[5625] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 168.526349][ T5599] overlayfs: failed to resolve './bus': -2 [ 169.201845][ T5629] netlink: 'syz.3.110': attribute type 1 has an invalid length. [ 169.547413][ T5635] syz.3.112[5635] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 169.553917][ T5635] syz.3.112[5635] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 171.180855][ T29] audit: type=1400 audit(1720298542.219:247): avc: denied { write } for pid=5643 comm="syz.3.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 171.569818][ T29] audit: type=1400 audit(1720298542.609:248): avc: denied { name_bind } for pid=5652 comm="syz.3.119" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 171.595108][ T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 171.793834][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 171.808322][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 171.864434][ T8] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 171.896693][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.947505][ T8] usb 1-1: config 0 descriptor?? [ 172.219089][ T8] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 172.355225][ T29] audit: type=1400 audit(1720298543.389:249): avc: denied { ioctl } for pid=5634 comm="syz.1.113" path="/dev/usbmon0" dev="devtmpfs" ino=706 ioctlcmd=0x9206 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 172.394424][ T5638] veth0_vlan: entered allmulticast mode [ 172.493826][ T5139] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 172.512778][ T5135] usb 1-1: USB disconnect, device number 6 [ 172.585496][ T5135] iowarrior 1-1:0.0: I/O-Warror #0 now disconnected [ 172.737597][ T5139] usb 3-1: descriptor type invalid, skip [ 172.745647][ T5139] usb 3-1: config 7 has an invalid interface number: 243 but max is 3 [ 172.756958][ T5139] usb 3-1: config 7 contains an unexpected descriptor of type 0x2, skipping [ 172.775296][ T5139] usb 3-1: config 7 has an invalid descriptor of length 214, skipping remainder of the config [ 172.791245][ T5139] usb 3-1: config 7 has 1 interface, different from the descriptor's value: 4 [ 172.809489][ T5139] usb 3-1: config 7 has no interface number 0 [ 172.819565][ T5139] usb 3-1: config 7 interface 243 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 172.840824][ T5139] usb 3-1: config 7 interface 243 has no altsetting 0 [ 172.858586][ T5139] usb 3-1: New USB device found, idVendor=19d2, idProduct=fff9, bcdDevice=21.6a [ 172.879018][ T5139] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.887190][ T5139] usb 3-1: Product: ؏甑㱡蠥ꗈ蘵᩟ [ 172.893875][ T5139] usb 3-1: Manufacturer: ᰉ [ 172.898563][ T5139] usb 3-1: SerialNumber:   [ 173.113559][ T29] audit: type=1400 audit(1720298544.139:250): avc: denied { create } for pid=5667 comm="syz.3.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 173.124625][ T5665] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 173.193075][ T5665] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 173.222263][ T29] audit: type=1400 audit(1720298544.219:251): avc: denied { ioctl } for pid=5667 comm="syz.3.124" path="socket:[10532]" dev="sockfs" ino=10532 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 173.284116][ T5139] hub 3-1:7.243: bad descriptor, ignoring hub [ 173.319574][ T5139] hub 3-1:7.243: probe with driver hub failed with error -5 [ 173.362928][ T5139] option 3-1:7.243: GSM modem (1-port) converter detected [ 173.449389][ T29] audit: type=1400 audit(1720298544.489:252): avc: denied { create } for pid=5671 comm="syz.0.125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 173.479277][ T5139] usb 3-1: USB disconnect, device number 3 [ 173.537250][ T5139] option 3-1:7.243: device disconnected [ 174.552654][ T4534] udevd[4534]: worker [5133] terminated by signal 33 (Unknown signal 33) [ 174.720282][ T29] audit: type=1400 audit(1720298545.749:253): avc: denied { mounton } for pid=5688 comm="syz.0.131" path="/32/file0" dev="tmpfs" ino=188 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 174.871123][ T29] audit: type=1400 audit(1720298545.909:254): avc: denied { create } for pid=5690 comm="syz.3.132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 174.932864][ T29] audit: type=1400 audit(1720298545.909:255): avc: denied { setopt } for pid=5690 comm="syz.3.132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 174.995841][ T29] audit: type=1400 audit(1720298545.939:256): avc: denied { create } for pid=5690 comm="syz.3.132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 175.563706][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 175.804649][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 175.866063][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 176.032794][ T9] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 176.143149][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.203663][ T9] usb 2-1: config 0 descriptor?? [ 176.451088][ T9] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 176.493552][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 176.493575][ T29] audit: type=1400 audit(1720298547.529:263): avc: denied { read } for pid=5712 comm="syz.0.138" name="event0" dev="devtmpfs" ino=834 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 176.553700][ T29] audit: type=1400 audit(1720298547.539:264): avc: denied { ioctl } for pid=5712 comm="syz.0.138" path="/dev/input/event0" dev="devtmpfs" ino=834 ioctlcmd=0x45a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 176.652221][ T9] usb 2-1: USB disconnect, device number 2 [ 176.694666][ T9] iowarrior 2-1:0.0: I/O-Warror #0 now disconnected [ 176.823634][ T5137] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 177.013815][ T5137] usb 1-1: Using ep0 maxpacket: 32 [ 177.043810][ T5137] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.058679][ T5137] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.082070][ T5137] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 177.112464][ T5137] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 177.122660][ T5137] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 177.142193][ T5724] kvm: emulating exchange as write [ 177.142237][ T29] audit: type=1400 audit(1720298548.179:265): avc: denied { connect } for pid=5722 comm="syz.2.142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 177.170466][ T5137] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 177.186253][ T5137] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.215005][ T5137] usb 1-1: Product: syz [ 177.224428][ T29] audit: type=1400 audit(1720298548.269:266): avc: denied { read } for pid=5722 comm="syz.2.142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 177.232871][ T5137] usb 1-1: Manufacturer: syz [ 177.262125][ T5137] usb 1-1: SerialNumber: syz [ 177.525120][ T5137] cdc_ncm 1-1:1.0: bind() failure [ 177.549897][ T5137] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 177.605074][ T5137] cdc_ncm 1-1:1.1: bind() failure [ 177.640423][ T5137] usb 1-1: USB disconnect, device number 7 [ 177.884658][ T5731] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 178.229186][ T29] audit: type=1400 audit(1720298549.269:267): avc: denied { map } for pid=5730 comm="syz.1.144" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=9783 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 178.356669][ T29] audit: type=1400 audit(1720298549.309:268): avc: denied { read write } for pid=5730 comm="syz.1.144" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=9783 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 178.436125][ T5737] ALSA: mixer_oss: invalid OSS volume '' [ 178.652670][ T29] audit: type=1400 audit(1720298549.689:269): avc: denied { unlink } for pid=5733 comm="syz.3.145" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 178.740501][ T29] audit: type=1400 audit(1720298549.769:270): avc: denied { execute } for pid=5745 comm="syz.2.148" path="/30/cpuacct.usage_sys" dev="tmpfs" ino=191 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 179.116059][ T29] audit: type=1400 audit(1720298550.159:271): avc: denied { bind } for pid=5745 comm="syz.2.148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 179.252337][ T29] audit: type=1400 audit(1720298550.189:272): avc: denied { name_bind } for pid=5745 comm="syz.2.148" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 180.723787][ T5134] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 181.474263][ T5134] usb 1-1: Using ep0 maxpacket: 8 [ 181.494502][ T5134] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 181.552494][ T5134] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 181.579457][ T5134] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.657354][ T5134] usb 1-1: config 0 descriptor?? [ 181.898076][ T5134] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 181.952207][ T5769] netlink: 56 bytes leftover after parsing attributes in process `syz.2.155'. [ 182.142038][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 182.142089][ T29] audit: type=1400 audit(1720298553.009:276): avc: denied { read } for pid=5766 comm="syz.2.155" name="nullb0" dev="devtmpfs" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 182.379136][ T5134] usb 1-1: USB disconnect, device number 8 [ 182.450404][ T5134] iowarrior 1-1:0.0: I/O-Warror #0 now disconnected [ 182.473740][ T29] audit: type=1400 audit(1720298553.009:277): avc: denied { open } for pid=5766 comm="syz.2.155" path="/dev/nullb0" dev="devtmpfs" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 183.238952][ T5789] overlayfs: failed to resolve './bus': -2 [ 183.966742][ T5097] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 183.994492][ T5097] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 184.004845][ T5097] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 184.013737][ T5097] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 184.025169][ T5097] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 184.037483][ T5097] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 184.152596][ T5797] netlink: 'syz.2.161': attribute type 5 has an invalid length. [ 185.821705][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 186.173792][ T5098] Bluetooth: hci6: command tx timeout [ 187.858950][ T5836] xt_ecn: cannot match TCP bits for non-tcp packets [ 187.953612][ T5135] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 188.009985][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.031103][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.063959][ T5796] bridge_slave_0: entered allmulticast mode [ 188.166804][ T5796] bridge_slave_0: entered promiscuous mode [ 188.179700][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.194889][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.203598][ T5135] usb 4-1: Using ep0 maxpacket: 8 [ 188.215122][ T5135] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 188.223677][ T5098] Bluetooth: hci6: command tx timeout [ 188.241783][ T5796] bridge_slave_1: entered allmulticast mode [ 188.265169][ T5135] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 188.275991][ T5796] bridge_slave_1: entered promiscuous mode [ 188.330893][ T5135] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.408703][ T5135] usb 4-1: config 0 descriptor?? [ 188.650837][ T5135] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 188.767491][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.917869][ T5135] usb 4-1: USB disconnect, device number 2 [ 188.945856][ T5135] iowarrior 4-1:0.0: I/O-Warror #0 now disconnected [ 188.987523][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.018456][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.229764][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.336336][ T5796] team0: Port device team_slave_0 added [ 189.399712][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.439702][ T5796] team0: Port device team_slave_1 added [ 189.566122][ T5135] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 189.687729][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.718979][ T29] audit: type=1400 audit(1720298560.759:278): avc: denied { create } for pid=5848 comm="syz.3.175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 189.742650][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.779183][ T29] audit: type=1400 audit(1720298560.819:279): avc: denied { setopt } for pid=5848 comm="syz.3.175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 189.793973][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.797400][ T5850] mmap: syz.3.175 (5850) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 189.840300][ T5135] usb 2-1: Using ep0 maxpacket: 32 [ 189.846612][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.854280][ T5135] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 189.893350][ T5135] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 189.921009][ T5135] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 189.955323][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.964022][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.000912][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.042446][ T5135] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 190.061440][ T5135] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 190.101382][ T5135] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 190.129022][ T5135] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.157036][ T5135] usb 2-1: Product: syz [ 190.173697][ T5135] usb 2-1: Manufacturer: syz [ 190.192931][ T5135] usb 2-1: SerialNumber: syz [ 190.292725][ T29] audit: type=1400 audit(1720298561.329:280): avc: denied { mount } for pid=5851 comm="syz.0.176" name="/" dev="ramfs" ino=9981 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 190.303735][ T5098] Bluetooth: hci6: command tx timeout [ 190.408345][ T5796] hsr_slave_0: entered promiscuous mode [ 190.446897][ T5796] hsr_slave_1: entered promiscuous mode [ 190.469457][ T5796] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.477470][ T5796] Cannot create hsr debugfs directory [ 190.496927][ T5852] overlayfs: missing 'lowerdir' [ 190.622918][ T5852] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 190.633212][ T5852] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 190.668449][ T5857] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 192.184641][ T5135] cdc_ncm 2-1:1.0: bind() failure [ 192.240202][ T5135] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 192.263783][ T5856] netlink: 12 bytes leftover after parsing attributes in process `syz.2.177'. [ 192.300372][ T5135] cdc_ncm 2-1:1.1: bind() failure [ 192.340956][ T5135] usb 2-1: USB disconnect, device number 3 [ 192.383857][ T5098] Bluetooth: hci6: command tx timeout [ 192.923418][ T5869] netlink: 56 bytes leftover after parsing attributes in process `syz.3.180'. [ 193.741987][ T29] audit: type=1400 audit(1720298564.769:281): avc: denied { unmount } for pid=5082 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 193.784716][ T11] bridge_slave_1: left allmulticast mode [ 193.792281][ T11] bridge_slave_1: left promiscuous mode [ 193.816201][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.885020][ T11] bridge_slave_0: left allmulticast mode [ 193.907373][ T11] bridge_slave_0: left promiscuous mode [ 193.927064][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.075586][ T5882] Zero length message leads to an empty skb [ 194.185184][ T25] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 194.265657][ T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 194.413600][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 194.431865][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 194.469901][ T25] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 194.513705][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 194.522980][ T8] usb 3-1: New USB device found, idVendor=2040, idProduct=c602, bcdDevice= 1.8e [ 194.540699][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.542552][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.556209][ T8] usb 3-1: config 0 descriptor?? [ 194.598110][ T8] usb 3-1: dvb_usb_v2: found a 'HCW 126xxx' in warm state [ 194.644913][ T25] usb 2-1: config 0 descriptor?? [ 194.697314][ T8] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 194.755492][ T8] dvbdev: DVB: registering new adapter (HCW 126xxx) [ 194.792769][ T8] usb 3-1: media controller created [ 194.892869][ T25] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 195.101966][ T25] usb 2-1: USB disconnect, device number 4 [ 195.124136][ T25] iowarrior 2-1:0.0: I/O-Warror #0 now disconnected [ 195.171693][ T5885] syz.0.183 (5885): drop_caches: 1 [ 195.189890][ T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 195.374514][ T8] usb 3-1: selecting invalid altsetting 1 [ 195.411715][ T8] set interface failed [ 195.420902][ T8] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 195.438453][ T8] error writing reg: 0xff, val: 0x00 [ 195.442252][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 195.490134][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 195.529946][ T11] bond0 (unregistering): Released all slaves [ 195.619153][ T5873] netlink: 16 bytes leftover after parsing attributes in process `syz.3.182'. [ 195.690401][ T8] dvb_usb_mxl111sf 3-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 196.304868][ T5896] netlink: 4 bytes leftover after parsing attributes in process `syz.3.186'. [ 196.314339][ T5896] netlink: 'syz.3.186': attribute type 3 has an invalid length. [ 196.509808][ T5135] usb 3-1: USB disconnect, device number 4 [ 196.720491][ T11] hsr_slave_0: left promiscuous mode [ 196.743180][ T11] hsr_slave_1: left promiscuous mode [ 196.753099][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 196.762636][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 196.795980][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 196.822047][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 196.965647][ T11] veth1_macvtap: left promiscuous mode [ 196.994217][ T11] veth0_macvtap: left promiscuous mode [ 197.000108][ T11] veth1_vlan: left promiscuous mode [ 197.076141][ T11] veth0_vlan: left promiscuous mode [ 198.928289][ T5927] netlink: 56 bytes leftover after parsing attributes in process `syz.1.192'. [ 199.081275][ T5928] FAULT_INJECTION: forcing a failure. [ 199.081275][ T5928] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.097082][ T5928] CPU: 1 PID: 5928 Comm: syz.3.195 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 199.107124][ T5928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 199.117226][ T5928] Call Trace: [ 199.120543][ T5928] [ 199.123507][ T5928] dump_stack_lvl+0x16c/0x1f0 [ 199.128258][ T5928] should_fail_ex+0x497/0x5b0 [ 199.133014][ T5928] _copy_to_iter+0x44f/0x1140 [ 199.137754][ T5928] ? __pfx__copy_to_iter+0x10/0x10 [ 199.143006][ T5928] ? __up_read+0x1fb/0x760 [ 199.147466][ T5928] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 199.153335][ T5928] ? down_read+0xc9/0x330 [ 199.157725][ T5928] ? __pfx___up_read+0x10/0x10 [ 199.162681][ T5928] copy_page_to_iter+0xf1/0x180 [ 199.167597][ T5928] process_vm_rw_core.constprop.0+0x5c9/0xa10 [ 199.173745][ T5928] ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10 [ 199.180412][ T5928] ? rcu_is_watching+0x12/0xc0 [ 199.185231][ T5928] process_vm_rw+0x301/0x360 [ 199.189890][ T5928] ? __pfx_process_vm_rw+0x10/0x10 [ 199.195073][ T5928] ? ksys_write+0x21c/0x260 [ 199.199639][ T5928] ? __pfx_lock_release+0x10/0x10 [ 199.204830][ T5928] ? ksys_write+0x1ab/0x260 [ 199.209396][ T5928] ? __pfx_ksys_write+0x10/0x10 [ 199.214309][ T5928] __x64_sys_process_vm_readv+0xe2/0x1c0 [ 199.220014][ T5928] ? do_syscall_64+0x91/0x250 [ 199.224754][ T5928] ? lockdep_hardirqs_on+0x7c/0x110 [ 199.230006][ T5928] do_syscall_64+0xcd/0x250 [ 199.234576][ T5928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.240523][ T5928] RIP: 0033:0x7fd36fd75bd9 [ 199.245103][ T5928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.264745][ T5928] RSP: 002b:00007fd370a9a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000136 [ 199.273277][ T5928] RAX: ffffffffffffffda RBX: 00007fd36ff04110 RCX: 00007fd36fd75bd9 [ 199.281268][ T5928] RDX: 0000000000000002 RSI: 0000000020008400 RDI: 000000000000009f [ 199.289293][ T5928] RBP: 00007fd370a9a0a0 R08: 0000000000000286 R09: 0000000000000000 [ 199.297296][ T5928] R10: 0000000020008640 R11: 0000000000000246 R12: 0000000000000001 [ 199.305297][ T5928] R13: 000000000000006e R14: 00007fd36ff04110 R15: 00007ffc18edbf58 [ 199.313302][ T5928] [ 199.400681][ T5930] FAULT_INJECTION: forcing a failure. [ 199.400681][ T5930] name failslab, interval 1, probability 0, space 0, times 0 [ 199.416439][ T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 199.424011][ T5930] CPU: 1 PID: 5930 Comm: syz.2.196 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 199.424097][ T5930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 199.424117][ T5930] Call Trace: [ 199.424131][ T5930] [ 199.424144][ T5930] dump_stack_lvl+0x16c/0x1f0 [ 199.424202][ T5930] should_fail_ex+0x497/0x5b0 [ 199.424245][ T5930] should_failslab+0x9/0x20 [ 199.424298][ T5930] __kmalloc_noprof+0xcf/0x410 [ 199.424333][ T5930] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 199.424395][ T5930] genl_family_rcv_msg_doit+0xbf/0x2f0 [ 199.424449][ T5930] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 199.424507][ T5930] ? security_capable+0x98/0xd0 [ 199.424558][ T5930] genl_rcv_msg+0x565/0x800 [ 199.424613][ T5930] ? __pfx_genl_rcv_msg+0x10/0x10 [ 199.503152][ T5930] ? __pfx___lock_acquire+0x10/0x10 [ 199.508428][ T5930] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 199.513938][ T5930] ? __pfx_nl802154_add_llsec_key+0x10/0x10 [ 199.519897][ T5930] ? __pfx_nl802154_post_doit+0x10/0x10 [ 199.525515][ T5930] ? __pfx___lock_acquire+0x10/0x10 [ 199.530963][ T5930] netlink_rcv_skb+0x16b/0x440 [ 199.535800][ T5930] ? __pfx_genl_rcv_msg+0x10/0x10 [ 199.540899][ T5930] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 199.546260][ T5930] ? down_read+0xc9/0x330 [ 199.550656][ T5930] ? __pfx_down_read+0x10/0x10 [ 199.555655][ T5930] ? netlink_deliver_tap+0x1ae/0xd90 [ 199.561004][ T5930] genl_rcv+0x28/0x40 [ 199.565179][ T5930] netlink_unicast+0x542/0x820 [ 199.570004][ T5930] ? __pfx_netlink_unicast+0x10/0x10 [ 199.575367][ T5930] netlink_sendmsg+0x8b8/0xd70 [ 199.580464][ T5930] ? __pfx_netlink_sendmsg+0x10/0x10 [ 199.585821][ T5930] ? __import_iovec+0x1fd/0x6e0 [ 199.590733][ T5930] ____sys_sendmsg+0xab5/0xc90 [ 199.595550][ T5930] ? copy_msghdr_from_user+0x10b/0x160 [ 199.601081][ T5930] ? __pfx_____sys_sendmsg+0x10/0x10 [ 199.606470][ T5930] ? find_held_lock+0x2d/0x110 [ 199.611328][ T5930] ? __pfx___lock_acquire+0x10/0x10 [ 199.616594][ T5930] ___sys_sendmsg+0x135/0x1e0 [ 199.621408][ T5930] ? __pfx____sys_sendmsg+0x10/0x10 [ 199.626675][ T5930] ? ksys_write+0x21c/0x260 [ 199.631250][ T5930] ? __fget_light+0x173/0x210 [ 199.635987][ T5930] __sys_sendmsg+0x117/0x1f0 [ 199.640639][ T5930] ? __pfx___sys_sendmsg+0x10/0x10 [ 199.645824][ T5930] do_syscall_64+0xcd/0x250 [ 199.650397][ T5930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.656366][ T5930] RIP: 0033:0x7f9e8ed75bd9 [ 199.660829][ T5930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.673978][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 199.680465][ T5930] RSP: 002b:00007f9e8fa9d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 199.680504][ T5930] RAX: ffffffffffffffda RBX: 00007f9e8ef03f60 RCX: 00007f9e8ed75bd9 [ 199.680528][ T5930] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000004 [ 199.680549][ T5930] RBP: 00007f9e8fa9d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 199.680569][ T5930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 199.680589][ T5930] R13: 000000000000000b R14: 00007f9e8ef03f60 R15: 00007fff0ea27e88 [ 199.680617][ T5930] [ 199.811235][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 199.838026][ T9] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 199.893526][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.935114][ T9] usb 1-1: config 0 descriptor?? [ 199.989706][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.996586][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.084523][ T29] audit: type=1400 audit(1720298571.129:282): avc: denied { ioctl } for pid=5934 comm="syz.2.198" path="socket:[10104]" dev="sockfs" ino=10104 ioctlcmd=0x89b0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 200.166641][ T9] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 200.298619][ T5098] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 200.305404][ T5098] Bluetooth: Wrong link type (-22) [ 200.311341][ T5098] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 200.321914][ T5098] Bluetooth: Wrong link type (-22) [ 200.332864][ T5098] Bluetooth: hci2: link tx timeout [ 200.345333][ T5098] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 200.456390][ T5167] usb 1-1: USB disconnect, device number 9 [ 200.485244][ T5098] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 200.491803][ T5098] Bluetooth: Wrong link type (-22) [ 200.503585][ T5098] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 200.510299][ T5098] Bluetooth: Wrong link type (-22) [ 200.515652][ T5098] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 200.523920][ T5098] Bluetooth: Wrong link type (-22) [ 200.530615][ T5098] Bluetooth: hci2: link tx timeout [ 200.535882][ T5098] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 200.591884][ T5167] iowarrior 1-1:0.0: I/O-Warror #0 now disconnected [ 200.759472][ T29] audit: type=1400 audit(1720298571.799:283): avc: denied { connect } for pid=5934 comm="syz.2.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 200.848255][ T29] audit: type=1400 audit(1720298571.799:284): avc: denied { name_connect } for pid=5934 comm="syz.2.198" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 201.326398][ T11] team0 (unregistering): Port device team_slave_1 removed [ 201.609793][ T11] team0 (unregistering): Port device team_slave_0 removed [ 202.400223][ T5097] Bluetooth: hci2: command tx timeout [ 203.086327][ T5956] FAULT_INJECTION: forcing a failure. [ 203.086327][ T5956] name failslab, interval 1, probability 0, space 0, times 0 [ 203.112457][ T29] audit: type=1400 audit(1720298574.139:285): avc: denied { create } for pid=5957 comm="syz.3.204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 203.132369][ T5956] CPU: 1 PID: 5956 Comm: syz.0.203 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 203.142407][ T5956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 203.152481][ T5956] Call Trace: [ 203.155777][ T5956] [ 203.158725][ T5956] dump_stack_lvl+0x16c/0x1f0 [ 203.163431][ T5956] should_fail_ex+0x497/0x5b0 [ 203.168205][ T5956] should_failslab+0x9/0x20 [ 203.172762][ T5956] __kmalloc_noprof+0xcf/0x410 [ 203.177552][ T5956] ? __pfx_lock_acquire+0x10/0x10 [ 203.182718][ T5956] tomoyo_realpath_from_path+0xb9/0x720 [ 203.188323][ T5956] ? tomoyo_profile+0x47/0x60 [ 203.193059][ T5956] tomoyo_path_number_perm+0x245/0x590 [ 203.198660][ T5956] ? tomoyo_path_number_perm+0x232/0x590 [ 203.204604][ T5956] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 203.210812][ T5956] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 203.216884][ T5956] ? __fget_files+0x256/0x400 [ 203.221596][ T5956] security_file_ioctl+0x75/0xc0 [ 203.226592][ T5956] __x64_sys_ioctl+0xbb/0x220 [ 203.231320][ T5956] do_syscall_64+0xcd/0x250 [ 203.235859][ T5956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.242157][ T5956] RIP: 0033:0x7f5a44975bd9 [ 203.246596][ T5956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.266230][ T5956] RSP: 002b:00007f5a45681048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 203.274669][ T5956] RAX: ffffffffffffffda RBX: 00007f5a44b04038 RCX: 00007f5a44975bd9 [ 203.282679][ T5956] RDX: 0000000020000080 RSI: 00000000c0045006 RDI: 0000000000000004 [ 203.290676][ T5956] RBP: 00007f5a456810a0 R08: 0000000000000000 R09: 0000000000000000 [ 203.298673][ T5956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.306779][ T5956] R13: 000000000000006e R14: 00007f5a44b04038 R15: 00007fffff1d8b08 [ 203.314781][ T5956] [ 203.338137][ T5956] ERROR: Out of memory at tomoyo_realpath_from_path. [ 203.451918][ T29] audit: type=1400 audit(1720298574.489:286): avc: denied { ioctl } for pid=5957 comm="syz.3.204" path="socket:[11172]" dev="sockfs" ino=11172 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 203.493139][ T29] audit: type=1400 audit(1720298574.519:287): avc: denied { bind } for pid=5957 comm="syz.3.204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 203.681251][ T29] audit: type=1400 audit(1720298574.719:288): avc: denied { connect } for pid=5957 comm="syz.3.204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 203.718069][ T29] audit: type=1400 audit(1720298574.759:289): avc: denied { write } for pid=5957 comm="syz.3.204" path="socket:[11172]" dev="sockfs" ino=11172 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 204.310568][ T5970] netlink: 56 bytes leftover after parsing attributes in process `syz.0.206'. [ 204.555016][ T5098] Bluetooth: hci2: command tx timeout [ 205.004232][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88807c8ef800: rx timeout, send abort [ 205.016905][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88807c8ef800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 205.217785][ T5974] overlayfs: missing 'lowerdir' [ 205.470447][ T29] audit: type=1400 audit(1720298576.499:290): avc: denied { bind } for pid=5976 comm="syz.0.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 205.613338][ T5939] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 205.691871][ T5939] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 206.505382][ T5796] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 206.565082][ T5796] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 206.648714][ T5796] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 206.685888][ T29] audit: type=1400 audit(1720298577.729:291): avc: denied { write } for pid=5984 comm="syz.2.211" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 206.732707][ T5796] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 207.536551][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.651485][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.726604][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.733865][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.817694][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.825240][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.674366][ T9] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 209.581568][ T6022] netlink: 212916 bytes leftover after parsing attributes in process `syz.3.221'. [ 210.306353][ T9] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 210.341576][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 210.383957][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 210.427572][ T9] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 210.500466][ T9] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 210.534434][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 210.582855][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 210.616889][ T9] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 210.704107][ T9] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 210.717635][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.749847][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 210.819052][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 210.864348][ T25] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 210.877607][ T9] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 210.952792][ T9] usb 2-1: string descriptor 0 read error: -22 [ 210.978731][ T9] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 211.002730][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.117851][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 211.120220][ T9] usb 2-1: can't set config #168, error -71 [ 211.133688][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 211.162428][ T25] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 211.198802][ T9] usb 2-1: USB disconnect, device number 5 [ 211.201365][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.265913][ T25] usb 3-1: config 0 descriptor?? [ 211.299058][ T29] audit: type=1400 audit(1720298582.339:292): avc: denied { bind } for pid=6034 comm="syz.3.225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 211.408628][ T29] audit: type=1400 audit(1720298582.439:293): avc: denied { getopt } for pid=6034 comm="syz.3.225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 211.532363][ T29] audit: type=1400 audit(1720298582.509:294): avc: denied { connect } for pid=6034 comm="syz.3.225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 211.625800][ T25] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 211.900634][ T5139] usb 3-1: USB disconnect, device number 5 [ 211.925259][ T5139] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected [ 212.110549][ T5796] veth0_vlan: entered promiscuous mode [ 212.142670][ T5796] veth1_vlan: entered promiscuous mode [ 212.314508][ T5796] veth0_macvtap: entered promiscuous mode [ 212.347960][ T5796] veth1_macvtap: entered promiscuous mode [ 212.441804][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.457330][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.468650][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.480187][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.490617][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.506012][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.518105][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.546496][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.566064][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 212.581127][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.598049][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.649149][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.711853][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.738442][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.767183][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.803200][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.810544][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.810566][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.810591][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.810609][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.810632][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.815871][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 213.173001][ T5796] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.198611][ T5796] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.269718][ T6062] netlink: 56 bytes leftover after parsing attributes in process `syz.0.231'. [ 213.969995][ T5796] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.994112][ T5796] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.134237][ T29] audit: type=1400 audit(1720298585.169:295): avc: denied { shutdown } for pid=6056 comm="syz.1.230" laddr=172.20.20.170 lport=20002 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 214.156501][ C1] vkms_vblank_simulate: vblank timer overrun [ 214.265593][ T6057] cgroup: No subsys list or none specified [ 215.472325][ T6072] netlink: 212916 bytes leftover after parsing attributes in process `syz.0.232'. [ 216.378874][ T1040] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.405331][ T1040] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.492555][ T29] audit: type=1400 audit(1720298587.529:296): avc: denied { watch_mount } for pid=6081 comm="syz.0.236" path="/60" dev="tmpfs" ino=345 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 216.620676][ T29] audit: type=1400 audit(1720298587.609:297): avc: denied { unlink } for pid=6081 comm="syz.0.236" name="#1" dev="tmpfs" ino=356 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 216.690704][ T29] audit: type=1400 audit(1720298587.699:298): avc: denied { mount } for pid=6081 comm="syz.0.236" name="/" dev="overlay" ino=351 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 216.720567][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.740233][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.865689][ T6103] netlink: 56 bytes leftover after parsing attributes in process `syz.1.241'. [ 218.603022][ T5139] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 218.824218][ T5139] usb 5-1: Using ep0 maxpacket: 32 [ 218.852006][ T5139] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.894024][ T5139] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.923726][ T5139] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 218.943766][ T5139] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 218.962708][ T5139] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 219.011190][ T5139] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 219.042516][ T5139] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.223992][ T5139] usb 5-1: Product: syz [ 219.238648][ T5139] usb 5-1: Manufacturer: syz [ 219.243328][ T5139] usb 5-1: SerialNumber: syz [ 221.366469][ T6117] netlink: 212916 bytes leftover after parsing attributes in process `syz.2.245'. [ 221.849977][ T5139] usb 5-1: can't set config #1, error -71 [ 221.871175][ T5139] usb 5-1: USB disconnect, device number 2 [ 221.909351][ T29] audit: type=1400 audit(1720298592.939:299): avc: denied { block_suspend } for pid=6120 comm="syz.3.247" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 221.999461][ T29] audit: type=1400 audit(1720298592.979:300): avc: denied { read write } for pid=6121 comm="syz.0.246" name="sg0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 222.072123][ T29] audit: type=1400 audit(1720298592.979:301): avc: denied { open } for pid=6121 comm="syz.0.246" path="/dev/sg0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 222.111732][ T6129] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 222.111732][ T6129] program syz.0.246 not setting count and/or reply_len properly [ 222.143659][ T29] audit: type=1400 audit(1720298593.029:302): avc: denied { module_load } for pid=6120 comm="syz.3.247" path="/sys/power/wakeup_count" dev="sysfs" ino=1380 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 222.168167][ C1] vkms_vblank_simulate: vblank timer overrun [ 222.267934][ T29] audit: type=1400 audit(1720298593.069:303): avc: denied { ioctl } for pid=6121 comm="syz.0.246" path="/dev/sg0" dev="devtmpfs" ino=695 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 223.479814][ T6143] netlink: 56 bytes leftover after parsing attributes in process `syz.3.252'. [ 226.540745][ T29] audit: type=1400 audit(1720298597.569:304): avc: denied { map } for pid=6170 comm="syz.4.262" path="socket:[11806]" dev="sockfs" ino=11806 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 226.630193][ T29] audit: type=1400 audit(1720298597.569:305): avc: denied { read } for pid=6170 comm="syz.4.262" path="socket:[11806]" dev="sockfs" ino=11806 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 227.314907][ T6181] netlink: 56 bytes leftover after parsing attributes in process `syz.3.264'. [ 227.325234][ T6180] overlayfs: missing 'lowerdir' [ 227.548760][ T29] audit: type=1400 audit(1720298598.359:306): avc: denied { setopt } for pid=6172 comm="syz.1.263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 227.568107][ C1] vkms_vblank_simulate: vblank timer overrun [ 228.027972][ T5136] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 228.263887][ T5136] usb 1-1: Using ep0 maxpacket: 32 [ 228.296005][ T5136] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 228.325734][ T5136] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 228.362836][ T5136] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 228.640141][ T5136] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 228.748220][ T6191] netlink: 212916 bytes leftover after parsing attributes in process `syz.2.268'. [ 229.639263][ T5136] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 229.824021][ T5136] usb 1-1: string descriptor 0 read error: -71 [ 229.830568][ T5136] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 229.848446][ T5136] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.904103][ T5136] usb 1-1: can't set config #1, error -71 [ 229.924900][ T5136] usb 1-1: USB disconnect, device number 10 [ 231.864612][ T5092] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 231.872282][ T29] audit: type=1400 audit(1720298602.909:307): avc: granted { setsecparam } for pid=6210 comm="syz.4.273" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 232.027820][ T5092] Bluetooth: hci4: SCO packet for unknown connection handle 2096 [ 232.568155][ T6222] FAULT_INJECTION: forcing a failure. [ 232.568155][ T6222] name failslab, interval 1, probability 0, space 0, times 0 [ 232.681018][ T6222] CPU: 0 PID: 6222 Comm: syz.4.277 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 232.691162][ T6222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 232.701362][ T6222] Call Trace: [ 232.704693][ T6222] [ 232.707676][ T6222] dump_stack_lvl+0x16c/0x1f0 [ 232.712424][ T6222] should_fail_ex+0x497/0x5b0 [ 232.717175][ T6222] should_failslab+0x9/0x20 [ 232.721756][ T6222] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 232.727216][ T6222] ? skb_clone+0x190/0x3f0 [ 232.731712][ T6222] skb_clone+0x190/0x3f0 [ 232.736031][ T6222] pfkey_process+0xc7/0x840 [ 232.740605][ T6222] ? __pfx_pfkey_process+0x10/0x10 [ 232.745817][ T6222] ? trace_contention_end+0xea/0x140 [ 232.751173][ T6222] ? __virt_addr_valid+0x5e/0x580 [ 232.756240][ T6222] ? __phys_addr_symbol+0x30/0x80 [ 232.761296][ T6222] pfkey_sendmsg+0x439/0x840 [ 232.766016][ T6222] ____sys_sendmsg+0xab5/0xc90 [ 232.770895][ T6222] ? copy_msghdr_from_user+0x10b/0x160 [ 232.776416][ T6222] ? __pfx_____sys_sendmsg+0x10/0x10 [ 232.781741][ T6222] ? find_held_lock+0x2d/0x110 [ 232.786563][ T6222] ? __pfx___lock_acquire+0x10/0x10 [ 232.791813][ T6222] ___sys_sendmsg+0x135/0x1e0 [ 232.796540][ T6222] ? __pfx____sys_sendmsg+0x10/0x10 [ 232.801794][ T6222] ? ksys_write+0x21c/0x260 [ 232.806368][ T6222] ? __fget_light+0x173/0x210 [ 232.811081][ T6222] __sys_sendmsg+0x117/0x1f0 [ 232.815712][ T6222] ? __pfx___sys_sendmsg+0x10/0x10 [ 232.821386][ T6222] do_syscall_64+0xcd/0x250 [ 232.825929][ T6222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.831872][ T6222] RIP: 0033:0x7f9500175bd9 [ 232.836319][ T6222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.856213][ T6222] RSP: 002b:00007f9500efa048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 232.864656][ T6222] RAX: ffffffffffffffda RBX: 00007f9500303f60 RCX: 00007f9500175bd9 [ 232.872736][ T6222] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003 [ 232.880737][ T6222] RBP: 00007f9500efa0a0 R08: 0000000000000000 R09: 0000000000000000 [ 232.888757][ T6222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 232.896798][ T6222] R13: 000000000000000b R14: 00007f9500303f60 R15: 00007ffc411cc918 [ 232.904893][ T6222] [ 233.771278][ T6235] netlink: 212916 bytes leftover after parsing attributes in process `syz.3.279'. [ 233.815889][ T5098] Bluetooth: hci0: command 0x0406 tx timeout [ 233.822161][ T5098] Bluetooth: hci1: command 0x0406 tx timeout [ 233.829256][ T5098] Bluetooth: hci2: command 0x0406 tx timeout [ 233.835947][ T5098] Bluetooth: hci4: command 0x0406 tx timeout [ 233.842280][ T5098] Bluetooth: hci3: command 0x0406 tx timeout [ 234.751723][ T6239] netlink: 56 bytes leftover after parsing attributes in process `syz.1.281'. [ 236.148126][ T5666] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 236.554521][ T5666] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 237.112488][ T5666] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 237.183057][ T5666] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 237.253221][ T5666] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 237.327498][ T5666] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.388374][ T5666] usb 1-1: config 0 descriptor?? [ 237.863715][ T5666] usbhid 1-1:0.0: can't add hid device: -71 [ 237.888953][ T5666] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 238.043038][ T5666] usb 1-1: USB disconnect, device number 11 [ 238.479372][ T6260] overlayfs: failed to resolve './bus': -2 [ 238.683689][ T5090] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 239.084942][ T6286] netlink: 56 bytes leftover after parsing attributes in process `syz.3.292'. [ 239.728480][ T6289] netlink: 212916 bytes leftover after parsing attributes in process `syz.4.293'. [ 240.222641][ T5090] Bluetooth: hci0: SCO packet for unknown connection handle 2096 [ 240.769176][ T29] audit: type=1400 audit(1720298611.809:308): avc: denied { write } for pid=6276 comm="syz.2.291" name="nullb0" dev="devtmpfs" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 240.800249][ C1] vkms_vblank_simulate: vblank timer overrun [ 241.871017][ T6301] netlink: 212916 bytes leftover after parsing attributes in process `syz.2.295'. [ 243.798584][ T6311] netlink: 4 bytes leftover after parsing attributes in process `syz.1.300'. [ 244.491966][ T29] audit: type=1400 audit(1720298615.529:309): avc: denied { read write } for pid=6322 comm="syz.1.302" name="raw-gadget" dev="devtmpfs" ino=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 244.647254][ T29] audit: type=1400 audit(1720298615.529:310): avc: denied { open } for pid=6322 comm="syz.1.302" path="/dev/raw-gadget" dev="devtmpfs" ino=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 245.057352][ T6331] netlink: 56 bytes leftover after parsing attributes in process `syz.2.304'. [ 245.643802][ T29] audit: type=1400 audit(1720298615.609:311): avc: denied { ioctl } for pid=6322 comm="syz.1.302" path="/dev/raw-gadget" dev="devtmpfs" ino=733 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 245.975529][ T5666] usb 2-1: new low-speed USB device number 7 using dummy_hcd [ 246.206071][ T5666] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 246.259870][ T5666] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 246.283271][ T5666] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 246.312437][ T5666] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 246.573911][ T5666] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 246.602935][ T5666] usb 2-1: string descriptor 0 read error: -22 [ 246.625228][ T5666] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 246.751705][ T6346] netlink: 212916 bytes leftover after parsing attributes in process `syz.4.308'. [ 247.780491][ T6348] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 247.780491][ T6348] program syz.3.309 not setting count and/or reply_len properly [ 247.803511][ T5666] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.459154][ T5666] usb 2-1: config 0 descriptor?? [ 248.466641][ T5666] usb 2-1: can't set config #0, error -71 [ 248.480529][ T5666] usb 2-1: USB disconnect, device number 7 [ 248.613968][ T8] usb 3-1: new low-speed USB device number 6 using dummy_hcd [ 248.828457][ T29] audit: type=1400 audit(1720298619.869:312): avc: denied { shutdown } for pid=6353 comm="syz.0.313" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 248.915814][ T8] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 248.969601][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 249.002273][ T29] audit: type=1400 audit(1720298620.039:313): avc: denied { create } for pid=6353 comm="syz.0.313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 249.043594][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 249.091929][ T6359] loop0: detected capacity change from 0 to 7 [ 249.130565][ T6359] Dev loop0: unable to read RDB block 7 [ 249.139625][ T6359] loop0: unable to read partition table [ 249.153715][ T8] usb 3-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 249.205550][ T6359] loop0: partition table beyond EOD, truncated [ 249.216291][ T6359] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 249.216291][ T6359] ) failed (rc=-5) [ 249.267744][ T8] usb 3-1: unable to read config index 1 descriptor/start: -71 [ 249.304272][ T8] usb 3-1: can't read configurations, error -71 [ 250.073306][ T6370] netlink: 56 bytes leftover after parsing attributes in process `syz.4.316'. [ 251.027330][ T5090] Bluetooth: hci1: unexpected event for opcode 0x204e [ 252.035335][ T6384] netlink: 212916 bytes leftover after parsing attributes in process `syz.0.321'. [ 254.297866][ T29] audit: type=1400 audit(1720298625.319:314): avc: denied { create } for pid=6380 comm="syz.1.320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 254.374152][ T6385] netlink: 12 bytes leftover after parsing attributes in process `syz.1.320'. [ 254.398540][ T6385] netlink: 'syz.1.320': attribute type 25 has an invalid length. [ 254.402341][ T29] audit: type=1400 audit(1720298625.319:315): avc: denied { getopt } for pid=6380 comm="syz.1.320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 254.570016][ T6385] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 254.580016][ T6385] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 254.590466][ T6385] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 254.600784][ T6385] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 254.757697][ T6389] syz.4.318 (6389): drop_caches: 1 [ 254.943593][ T8] usb 1-1: new low-speed USB device number 12 using dummy_hcd [ 255.166000][ T8] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 255.196120][ T5090] Bluetooth: hci6: SCO packet for unknown connection handle 0 [ 255.211973][ T6407] syz.3.322 (6407): drop_caches: 1 [ 255.229965][ T8] usb 1-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 255.312889][ T5090] Bluetooth: hci6: SCO packet for unknown connection handle 2096 [ 255.387395][ T8] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 255.578434][ T8] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 255.619808][ T8] usb 1-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 255.655683][ T6407] syz.3.322 (6407): drop_caches: 1 [ 255.733542][ T8] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 255.771833][ T8] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 255.789711][ T8] usb 1-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 255.987678][ T8] usb 1-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 256.223012][ T8] usb 1-1: string descriptor 0 read error: -22 [ 256.517352][ T8] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 256.620375][ T6431] netlink: 56 bytes leftover after parsing attributes in process `syz.1.328'. [ 257.450297][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.560727][ T8] usb 1-1: can't set config #168, error -71 [ 257.571926][ T6435] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 257.571926][ T6435] program syz.1.331 not setting count and/or reply_len properly [ 257.619718][ T8] usb 1-1: USB disconnect, device number 12 [ 258.018828][ T6443] netlink: 212916 bytes leftover after parsing attributes in process `syz.3.333'. [ 260.241856][ T6451] netlink: 12 bytes leftover after parsing attributes in process `syz.4.336'. [ 260.273619][ T6451] netlink: 'syz.4.336': attribute type 25 has an invalid length. [ 260.330710][ T6451] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 260.339855][ T6451] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 260.348981][ T6451] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 260.357843][ T6451] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 260.400681][ T6456] xt_ecn: cannot match TCP bits for non-tcp packets [ 261.450893][ T6477] netlink: 56 bytes leftover after parsing attributes in process `syz.2.341'. [ 261.468575][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.475335][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.226057][ T5090] Bluetooth: hci6: SCO packet for unknown connection handle 0 [ 262.469595][ T5090] Bluetooth: hci6: SCO packet for unknown connection handle 2096 [ 263.537540][ T6488] netlink: 212916 bytes leftover after parsing attributes in process `syz.1.345'. [ 265.552690][ T6506] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 265.552690][ T6506] program syz.2.348 not setting count and/or reply_len properly [ 266.111258][ T29] audit: type=1400 audit(1720298637.069:316): avc: denied { name_bind } for pid=6507 comm="syz.4.350" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 266.169179][ T6503] xt_ecn: cannot match TCP bits for non-tcp packets [ 266.606647][ T6520] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 266.613671][ T6520] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 266.686897][ T6520] vhci_hcd vhci_hcd.0: Device attached [ 266.745518][ T6527] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 267.096950][ T9] usb 16-1: SetAddress Request (2) to port 0 [ 267.142818][ T9] usb 16-1: new SuperSpeed USB device number 2 using vhci_hcd [ 267.469457][ T6521] vhci_hcd: connection reset by peer [ 267.540204][ T6536] netlink: 56 bytes leftover after parsing attributes in process `syz.0.354'. [ 268.303536][ T1108] vhci_hcd: stop threads [ 268.311857][ T1108] vhci_hcd: release socket [ 268.364319][ T1108] vhci_hcd: disconnect device [ 269.881495][ T6547] netlink: 212916 bytes leftover after parsing attributes in process `syz.4.357'. [ 270.857324][ T6562] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 270.857324][ T6562] program syz.1.361 not setting count and/or reply_len properly [ 270.908562][ T6564] ======================================================= [ 270.908562][ T6564] WARNING: The mand mount option has been deprecated and [ 270.908562][ T6564] and is ignored by this kernel. Remove the mand [ 270.908562][ T6564] option from the mount to silence this warning. [ 270.908562][ T6564] ======================================================= [ 270.925873][ T6565] xt_ecn: cannot match TCP bits for non-tcp packets [ 271.114055][ T29] audit: type=1400 audit(1720298642.129:317): avc: denied { mount } for pid=6561 comm="syz.0.363" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 271.333466][ T29] audit: type=1400 audit(1720298642.369:318): avc: denied { unmount } for pid=5082 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 272.313696][ T6584] netlink: 56 bytes leftover after parsing attributes in process `syz.1.365'. [ 272.994004][ T9] usb 16-1: device descriptor read/8, error -110 [ 273.524871][ T5136] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 273.867203][ T6590] netlink: 212916 bytes leftover after parsing attributes in process `syz.1.368'. [ 274.483661][ T9] usb usb16-port1: attempt power cycle [ 274.561860][ T5136] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 274.582316][ T5136] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 274.623717][ T5136] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 274.633002][ T5136] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.706275][ T5136] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.767325][ T5136] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 274.807764][ T5136] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 274.840948][ T5136] usb 3-1: Product: syz [ 274.851476][ T5136] usb 3-1: Manufacturer: syz [ 274.930819][ T5136] cdc_wdm 3-1:1.0: skipping garbage [ 274.956820][ T5136] cdc_wdm 3-1:1.0: skipping garbage [ 275.010668][ T5136] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 275.078037][ T5136] cdc_wdm 3-1:1.0: Unknown control protocol [ 275.143923][ T5136] usb 3-1: USB disconnect, device number 8 [ 275.183088][ T9] usb usb16-port1: unable to enumerate USB device [ 275.788307][ T6605] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 275.794899][ T6605] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 275.823741][ T6605] vhci_hcd vhci_hcd.0: Device attached [ 275.875896][ T6613] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 275.875896][ T6613] program syz.0.375 not setting count and/or reply_len properly [ 276.043601][ T5134] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 276.133621][ T9] usb 18-1: SetAddress Request (2) to port 0 [ 276.144268][ T9] usb 18-1: new SuperSpeed USB device number 2 using vhci_hcd [ 276.287393][ T5134] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 276.348040][ T5134] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 276.427573][ T5134] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 276.456999][ T5134] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 276.522499][ T5134] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.553183][ T5134] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 276.567860][ T6608] vhci_hcd: connection reset by peer [ 276.581493][ T5134] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 276.591216][ T5134] usb 2-1: Product: syz [ 276.595967][ T1061] vhci_hcd: stop threads [ 276.613133][ T5134] usb 2-1: Manufacturer: syz [ 276.626255][ T1061] vhci_hcd: release socket [ 276.653904][ T1061] vhci_hcd: disconnect device [ 276.709806][ T5134] cdc_wdm 2-1:1.0: skipping garbage [ 276.738436][ T5134] cdc_wdm 2-1:1.0: skipping garbage [ 276.786055][ T5134] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 276.792038][ T5134] cdc_wdm 2-1:1.0: Unknown control protocol [ 277.023638][ T5134] usb 2-1: USB disconnect, device number 8 [ 277.622192][ T6630] netlink: 56 bytes leftover after parsing attributes in process `syz.3.378'. [ 279.514095][ T6637] netlink: 212916 bytes leftover after parsing attributes in process `syz.4.380'. [ 280.680522][ T6648] xt_ecn: cannot match TCP bits for non-tcp packets [ 281.461002][ T6661] netlink: 212916 bytes leftover after parsing attributes in process `syz.0.386'. [ 282.084591][ T9] usb 18-1: device descriptor read/8, error -110 [ 282.466457][ T6664] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 282.466457][ T6664] program syz.0.387 not setting count and/or reply_len properly [ 282.811721][ T9] usb usb18-port1: attempt power cycle [ 284.072112][ T9] usb usb18-port1: unable to enumerate USB device [ 284.557973][ T6678] netlink: 56 bytes leftover after parsing attributes in process `syz.0.391'. [ 285.508824][ T29] audit: type=1800 audit(1720298656.529:319): pid=6671 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.390" name="bus" dev="overlay" ino=192 res=0 errno=0 [ 285.530331][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.007702][ T5090] Bluetooth: hci0: unexpected event for opcode 0x0c14 [ 286.048373][ T6674] xt_ecn: cannot match TCP bits for non-tcp packets [ 286.473641][ T29] audit: type=1400 audit(1720298657.479:320): avc: denied { write } for pid=6685 comm="syz.4.394" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 286.756645][ T5097] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 286.771741][ T5097] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 286.783078][ T5097] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 286.792635][ T5097] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 286.876179][ T5097] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 286.885225][ T5097] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 288.860678][ T6692] chnl_net:caif_netlink_parms(): no params data found [ 288.936688][ T6707] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 288.943371][ T6707] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 288.999099][ T6707] vhci_hcd vhci_hcd.0: Device attached [ 289.104814][ T5097] Bluetooth: hci5: command tx timeout [ 289.260248][ T6716] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 289.260248][ T6716] program syz.3.401 not setting count and/or reply_len properly [ 289.313898][ T5139] usb 10-1: SetAddress Request (2) to port 0 [ 289.320049][ T5139] usb 10-1: new SuperSpeed USB device number 2 using vhci_hcd [ 289.810265][ T6692] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.903769][ T6726] netlink: 56 bytes leftover after parsing attributes in process `syz.4.402'. [ 289.943326][ T6692] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.014927][ T6692] bridge_slave_0: entered allmulticast mode [ 290.155875][ T6692] bridge_slave_0: entered promiscuous mode [ 290.196886][ T6692] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.215554][ T6692] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.237108][ T6692] bridge_slave_1: entered allmulticast mode [ 290.264651][ T6692] bridge_slave_1: entered promiscuous mode [ 290.271877][ T6709] vhci_hcd: connection reset by peer [ 290.339812][ T51] vhci_hcd: stop threads [ 290.353462][ T51] vhci_hcd: release socket [ 290.395862][ T51] vhci_hcd: disconnect device [ 290.727534][ T6692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 290.755163][ T6692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 290.803250][ T5097] Bluetooth: hci1: unexpected event for opcode 0x0c14 [ 290.918563][ T29] audit: type=1800 audit(1720298661.959:321): pid=6728 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.404" name="bus" dev="overlay" ino=489 res=0 errno=0 [ 290.947704][ T6692] team0: Port device team_slave_0 added [ 290.979741][ T6692] team0: Port device team_slave_1 added [ 291.184458][ T5097] Bluetooth: hci5: command tx timeout [ 291.205346][ T6692] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 291.258368][ T6692] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 291.371933][ T6692] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 291.383536][ T5666] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 291.422081][ T6692] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 291.464271][ T6692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 291.490271][ C0] vkms_vblank_simulate: vblank timer overrun [ 291.610577][ T6692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 291.659137][ T5666] usb 1-1: descriptor type invalid, skip [ 291.672238][ T5666] usb 1-1: config 7 has an invalid interface number: 243 but max is 3 [ 291.693218][ T5666] usb 1-1: config 7 contains an unexpected descriptor of type 0x2, skipping [ 291.733079][ T5666] usb 1-1: config 7 has an invalid descriptor of length 214, skipping remainder of the config [ 291.787725][ T5666] usb 1-1: config 7 has 1 interface, different from the descriptor's value: 4 [ 291.907738][ T5666] usb 1-1: config 7 has no interface number 0 [ 291.933782][ T5666] usb 1-1: config 7 interface 243 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 291.971626][ T5666] usb 1-1: config 7 interface 243 has no altsetting 0 [ 292.007178][ T5666] usb 1-1: New USB device found, idVendor=19d2, idProduct=fff9, bcdDevice=21.6a [ 292.074745][ T5666] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.179905][ T5666] usb 1-1: Product: ؏甑㱡蠥ꗈ蘵᩟ [ 292.201387][ T5666] usb 1-1: Manufacturer: ᰉ [ 292.209172][ T5666] usb 1-1: SerialNumber:   [ 292.244581][ T6692] hsr_slave_0: entered promiscuous mode [ 292.378552][ T6692] hsr_slave_1: entered promiscuous mode [ 292.437572][ T6736] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.500912][ T6692] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 292.523906][ T6736] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.619994][ T5666] hub 1-1:7.243: bad descriptor, ignoring hub [ 292.641887][ T6692] Cannot create hsr debugfs directory [ 292.649676][ T5666] hub 1-1:7.243: probe with driver hub failed with error -5 [ 292.674428][ T5666] option 1-1:7.243: GSM modem (1-port) converter detected [ 292.788382][ T5666] usb 1-1: USB disconnect, device number 13 [ 292.822541][ T5666] option 1-1:7.243: device disconnected [ 293.274095][ T5097] Bluetooth: hci5: command tx timeout [ 293.864358][ T6759] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 293.864358][ T6759] program syz.4.415 not setting count and/or reply_len properly [ 293.942892][ T6762] netlink: 56 bytes leftover after parsing attributes in process `syz.3.414'. [ 294.468417][ T5139] usb 10-1: device descriptor read/8, error -110 [ 294.909581][ T6692] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.989643][ T6766] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 294.996256][ T6766] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 295.021538][ T6766] vhci_hcd vhci_hcd.0: Device attached [ 295.063370][ T6769] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 295.069986][ T6769] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 295.089731][ T6769] vhci_hcd vhci_hcd.0: Device attached [ 295.106107][ T5139] usb usb10-port1: attempt power cycle [ 295.346377][ T5097] Bluetooth: hci5: command tx timeout [ 295.493675][ T5666] usb 12-1: SetAddress Request (2) to port 0 [ 295.563725][ T928] usb 18-1: SetAddress Request (6) to port 0 [ 295.593606][ T928] usb 18-1: new SuperSpeed USB device number 6 using vhci_hcd [ 295.609408][ T5666] usb 12-1: new SuperSpeed USB device number 2 using vhci_hcd [ 295.739659][ T6692] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.035217][ T5139] usb usb10-port1: unable to enumerate USB device [ 296.086711][ T6770] vhci_hcd: connection reset by peer [ 296.139699][ T35] vhci_hcd: stop threads [ 296.174199][ T35] vhci_hcd: release socket [ 296.217442][ T35] vhci_hcd: disconnect device [ 296.377682][ T6692] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.423836][ T6773] vhci_hcd: connection reset by peer [ 296.449382][ T35] vhci_hcd: stop threads [ 296.486753][ T35] vhci_hcd: release socket [ 296.493784][ T35] vhci_hcd: disconnect device [ 296.668431][ T6692] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.733997][ T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 296.978915][ T9] usb 1-1: descriptor type invalid, skip [ 297.001112][ T9] usb 1-1: config 7 has an invalid interface number: 243 but max is 3 [ 297.013814][ T9] usb 1-1: config 7 contains an unexpected descriptor of type 0x2, skipping [ 297.034085][ T9] usb 1-1: config 7 has an invalid descriptor of length 214, skipping remainder of the config [ 297.059831][ T9] usb 1-1: config 7 has 1 interface, different from the descriptor's value: 4 [ 297.079195][ T9] usb 1-1: config 7 has no interface number 0 [ 297.098107][ T9] usb 1-1: config 7 interface 243 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 297.151279][ T9] usb 1-1: config 7 interface 243 has no altsetting 0 [ 297.180871][ T9] usb 1-1: New USB device found, idVendor=19d2, idProduct=fff9, bcdDevice=21.6a [ 297.218946][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.243535][ T9] usb 1-1: Product: ؏甑㱡蠥ꗈ蘵᩟ [ 297.257462][ T9] usb 1-1: Manufacturer: ᰉ [ 297.262352][ T9] usb 1-1: SerialNumber:   [ 297.675279][ T6788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 297.748917][ T6802] netlink: 56 bytes leftover after parsing attributes in process `syz.4.425'. [ 298.529524][ T6788] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 298.640228][ T9] hub 1-1:7.243: bad descriptor, ignoring hub [ 298.652810][ T9] hub 1-1:7.243: probe with driver hub failed with error -5 [ 298.706675][ T6692] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 298.716032][ T9] option 1-1:7.243: GSM modem (1-port) converter detected [ 298.836679][ T6692] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 298.862873][ T6804] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 298.862873][ T6804] program syz.4.426 not setting count and/or reply_len properly [ 298.909544][ T6692] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 298.944828][ T9] usb 1-1: USB disconnect, device number 14 [ 298.952560][ T9] option 1-1:7.243: device disconnected [ 298.980410][ T6692] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 299.397775][ T6692] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.489107][ T6692] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.764974][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.773142][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.800274][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.807635][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.866441][ T6813] netlink: 56 bytes leftover after parsing attributes in process `syz.0.428'. [ 300.703620][ T928] usb 18-1: device descriptor read/8, error -110 [ 300.783922][ T5666] usb 12-1: device descriptor read/8, error -110 [ 301.176156][ T928] usb usb18-port1: attempt power cycle [ 301.195469][ T29] audit: type=1800 audit(1720298672.229:322): pid=6816 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.429" name="bus" dev="overlay" ino=594 res=0 errno=0 [ 301.206195][ T5666] usb usb12-port1: attempt power cycle [ 301.389630][ T6692] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 301.632178][ T6692] veth0_vlan: entered promiscuous mode [ 301.695618][ T6692] veth1_vlan: entered promiscuous mode [ 301.905239][ T5666] usb usb12-port1: unable to enumerate USB device [ 301.939262][ T928] usb usb18-port1: unable to enumerate USB device [ 302.052886][ T6692] veth0_macvtap: entered promiscuous mode [ 302.151091][ T6692] veth1_macvtap: entered promiscuous mode [ 302.250639][ T29] audit: type=1400 audit(1720298673.289:323): avc: denied { setopt } for pid=6821 comm="syz.4.430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 302.286095][ T6828] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 302.288932][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.292649][ T6828] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 302.324348][ T29] audit: type=1400 audit(1720298673.289:324): avc: denied { open } for pid=6821 comm="syz.4.430" path="/dev/ptyqd" dev="devtmpfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 302.360829][ T6828] vhci_hcd vhci_hcd.0: Device attached [ 302.368689][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.417843][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.447849][ T29] audit: type=1400 audit(1720298673.429:325): avc: denied { ioctl } for pid=6821 comm="syz.4.430" path="/dev/ptyqd" dev="devtmpfs" ino=134 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 302.517642][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.590953][ T51] Bluetooth: hci2: Frame reassembly failed (-84) [ 302.601236][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.661668][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.694369][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.695262][ T5666] usb 16-1: SetAddress Request (6) to port 0 [ 302.747415][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.765203][ T5666] usb 16-1: new SuperSpeed USB device number 6 using vhci_hcd [ 302.785983][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.837987][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.894572][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 302.947283][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.983356][ T6692] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 303.061771][ T6829] vhci_hcd: connection reset by peer [ 303.243925][ T1061] vhci_hcd: stop threads [ 303.248252][ T1061] vhci_hcd: release socket [ 303.280811][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.302414][ T1061] vhci_hcd: disconnect device [ 303.375622][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.414518][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.425193][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.438254][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.448787][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.458720][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.523158][ T6845] netlink: 56 bytes leftover after parsing attributes in process `syz.1.435'. [ 303.720174][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.852068][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.892031][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.962051][ T6692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 304.023539][ T6692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 304.067944][ T6692] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 304.255756][ T6692] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.268973][ T6847] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 304.268973][ T6847] program syz.0.436 not setting count and/or reply_len properly [ 304.294830][ T6692] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.309298][ T6692] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.334039][ T6692] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.463709][ T5097] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 305.253486][ T29] audit: type=1400 audit(1720298676.249:326): avc: denied { getopt } for pid=6851 comm="syz.1.438" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 305.493891][ T29] audit: type=1400 audit(1720298676.529:327): avc: denied { read write } for pid=6861 comm="syz.0.441" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 305.590481][ T29] audit: type=1400 audit(1720298676.529:328): avc: denied { open } for pid=6861 comm="syz.0.441" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 305.591304][ T29] audit: type=1400 audit(1720298676.539:329): avc: denied { setopt } for pid=6862 comm="syz.3.440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 305.591969][ T29] audit: type=1400 audit(1720298676.539:330): avc: denied { bind } for pid=6862 comm="syz.3.440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 305.735539][ T1108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.782568][ T1108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.868412][ T3838] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.897796][ T3838] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 307.904030][ T5666] usb 16-1: device descriptor read/8, error -110 [ 308.459663][ T6886] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 308.466297][ T6886] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 308.511922][ T3388] bridge_slave_1: left allmulticast mode [ 308.647978][ T3388] bridge_slave_1: left promiscuous mode [ 308.711889][ T3388] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.763613][ T5666] usb 16-1: SetAddress Request (7) to port 0 [ 308.775394][ T6886] vhci_hcd vhci_hcd.0: Device attached [ 308.796595][ T5666] usb 16-1: new SuperSpeed USB device number 7 using vhci_hcd [ 308.824401][ T3388] bridge_slave_0: left allmulticast mode [ 308.839530][ T3388] bridge_slave_0: left promiscuous mode [ 308.867653][ T3388] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.584293][ T5090] Bluetooth: hci6: command 0x0406 tx timeout [ 309.977711][ T29] audit: type=1326 audit(1720298681.019:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6906 comm="syz.4.449" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9500175bd9 code=0x0 [ 309.981351][ T6892] vhci_hcd: connection reset by peer [ 310.200738][ T29] audit: type=1400 audit(1720298681.209:332): avc: granted { setsecparam } for pid=6906 comm="syz.4.449" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 310.382862][ T1040] vhci_hcd: stop threads [ 310.387477][ T1040] vhci_hcd: release socket [ 310.399817][ T1040] vhci_hcd: disconnect device [ 310.455689][ T6912] Bluetooth: MGMT ver 1.22 [ 311.365201][ T6920] netlink: 212916 bytes leftover after parsing attributes in process `syz.2.452'. [ 311.458185][ T29] audit: type=1400 audit(1720298682.499:333): avc: denied { create } for pid=6923 comm="syz.4.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 311.501614][ T29] audit: type=1400 audit(1720298682.499:334): avc: denied { ioctl } for pid=6923 comm="syz.4.453" path="socket:[15305]" dev="sockfs" ino=15305 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 311.593554][ T29] audit: type=1400 audit(1720298682.499:335): avc: denied { ioctl } for pid=6923 comm="syz.4.453" path="socket:[15306]" dev="sockfs" ino=15306 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sock_file permissive=1 [ 311.621775][ T29] audit: type=1400 audit(1720298682.499:336): avc: denied { write } for pid=6923 comm="syz.4.453" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 312.079788][ T3388] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 312.150366][ T3388] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 312.204154][ T3388] bond0 (unregistering): Released all slaves [ 312.483807][ T6932] netlink: 20 bytes leftover after parsing attributes in process `syz.0.455'. [ 313.511805][ T3388] hsr_slave_0: left promiscuous mode [ 313.541312][ T3388] hsr_slave_1: left promiscuous mode [ 313.604320][ T3388] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 313.654026][ T3388] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 313.695702][ T3388] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 313.732510][ T3388] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 313.840382][ T6956] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 313.846949][ T6956] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 313.899680][ T3388] veth1_macvtap: left promiscuous mode [ 313.917971][ T3388] veth0_macvtap: left promiscuous mode [ 313.936520][ T29] audit: type=1400 audit(1720298684.969:337): avc: denied { mount } for pid=6960 comm="syz.3.463" name="/" dev="configfs" ino=1120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 313.936816][ T3388] veth1_vlan: left promiscuous mode [ 313.978793][ T6956] vhci_hcd vhci_hcd.0: Device attached [ 313.991628][ T5666] usb 16-1: device descriptor read/8, error -110 [ 314.097282][ T3388] veth0_vlan: left promiscuous mode [ 314.110240][ T6946] syz.0.460 (6946): drop_caches: 1 [ 314.137315][ T29] audit: type=1326 audit(1720298685.179:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.3.463" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd36fd75bd9 code=0x0 [ 314.164085][ T5666] usb usb16-port1: attempt power cycle [ 314.255746][ T29] audit: type=1400 audit(1720298685.209:339): avc: denied { read write } for pid=6964 comm="syz.1.464" name="mouse0" dev="devtmpfs" ino=839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 314.324100][ T5136] usb 14-1: SetAddress Request (2) to port 0 [ 314.330184][ T5136] usb 14-1: new SuperSpeed USB device number 2 using vhci_hcd [ 314.372394][ T29] audit: type=1400 audit(1720298685.209:340): avc: denied { open } for pid=6964 comm="syz.1.464" path="/dev/input/mouse0" dev="devtmpfs" ino=839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 314.449328][ T6946] syz.0.460 (6946): drop_caches: 1 [ 314.685127][ T6957] vhci_hcd: connection reset by peer [ 314.718408][ T12] vhci_hcd: stop threads [ 314.737999][ T12] vhci_hcd: release socket [ 314.773669][ T12] vhci_hcd: disconnect device [ 315.049533][ T5666] usb usb16-port1: unable to enumerate USB device [ 315.191833][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 315.191858][ T29] audit: type=1400 audit(1720298686.229:342): avc: denied { unmount } for pid=5083 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 315.228673][ T6976] netlink: 212916 bytes leftover after parsing attributes in process `syz.1.466'. [ 316.906075][ T3388] team0 (unregistering): Port device team_slave_1 removed [ 316.971788][ T3388] team0 (unregistering): Port device team_slave_0 removed [ 318.192858][ T6999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.474'. [ 318.301080][ T6999] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 318.347942][ T7000] batman_adv: batadv1: Adding interface: netdevsim0 [ 318.373829][ T7000] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 318.459136][ T7000] batman_adv: batadv1: Interface activated: netdevsim0 [ 318.515330][ T928] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 318.786665][ T928] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 318.850291][ T928] usb 5-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 318.887163][ T928] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 319.005726][ T928] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 319.012381][ T29] audit: type=1400 audit(1720298690.049:343): avc: denied { create } for pid=7016 comm="syz.3.478" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 319.052197][ T928] usb 5-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 319.078178][ T928] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 319.142196][ T928] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 319.154471][ T29] audit: type=1400 audit(1720298690.179:344): avc: denied { read write } for pid=7016 comm="syz.3.478" name="bus" dev="tmpfs" ino=616 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 320.138394][ T29] audit: type=1400 audit(1720298690.179:345): avc: denied { open } for pid=7016 comm="syz.3.478" path="/108/bus" dev="tmpfs" ino=616 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 320.171622][ T5136] usb 14-1: device descriptor read/8, error -110 [ 320.779803][ T7025] FAULT_INJECTION: forcing a failure. [ 320.779803][ T7025] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 320.793695][ T7025] CPU: 0 PID: 7025 Comm: syz.2.480 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 320.803728][ T7025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 320.813811][ T7025] Call Trace: [ 320.817183][ T7025] [ 320.820137][ T7025] dump_stack_lvl+0x16c/0x1f0 [ 320.824857][ T7025] should_fail_ex+0x497/0x5b0 [ 320.829567][ T7025] _copy_to_user+0x30/0xc0 [ 320.834017][ T7025] snd_pcm_oss_read+0x27b/0x760 [ 320.838916][ T7025] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 320.844353][ T7025] vfs_read+0x1d4/0xbd0 [ 320.848574][ T7025] ? __pfx_vfs_read+0x10/0x10 [ 320.853287][ T7025] ? __fget_files+0x256/0x400 [ 320.858000][ T7025] ? __fget_light+0x173/0x210 [ 320.862706][ T7025] ksys_read+0x12f/0x260 [ 320.866985][ T7025] ? __pfx_ksys_read+0x10/0x10 [ 320.871890][ T7025] do_syscall_64+0xcd/0x250 [ 320.876440][ T7025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.882375][ T7025] RIP: 0033:0x7f8ee9f75bd9 [ 320.886811][ T7025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.906447][ T7025] RSP: 002b:00007f8eead1e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 320.914892][ T7025] RAX: ffffffffffffffda RBX: 00007f8eea104110 RCX: 00007f8ee9f75bd9 [ 320.922973][ T7025] RDX: 0000000000000073 RSI: 0000000020000200 RDI: 0000000000000005 [ 320.930970][ T7025] RBP: 00007f8eead1e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 320.938970][ T7025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.946973][ T7025] R13: 000000000000006e R14: 00007f8eea104110 R15: 00007fff53b54d88 [ 320.955175][ T7025] [ 321.203688][ T928] usb 5-1: config 168 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 321.221669][ T928] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 321.303268][ T29] audit: type=1400 audit(1720298691.119:346): avc: denied { unlink } for pid=5083 comm="syz-executor" name="bus" dev="tmpfs" ino=616 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 321.406412][ T928] usb 5-1: string descriptor 0 read error: -71 [ 321.412936][ T928] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 321.513494][ T928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.791006][ T5136] usb usb14-port1: attempt power cycle [ 321.805596][ T928] usb 5-1: can't set config #168, error -71 [ 321.818637][ T928] usb 5-1: USB disconnect, device number 3 [ 321.940274][ T7035] netlink: 212916 bytes leftover after parsing attributes in process `syz.2.482'. [ 322.575939][ T7042] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 322.582539][ T7042] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 322.626179][ T5136] usb usb14-port1: unable to enumerate USB device [ 322.644951][ T7042] vhci_hcd vhci_hcd.0: Device attached [ 322.881535][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.899716][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.953914][ T5666] usb 16-1: SetAddress Request (10) to port 0 [ 323.051560][ T5666] usb 16-1: new SuperSpeed USB device number 10 using vhci_hcd [ 323.432173][ T7048] syz.2.486 (7048): drop_caches: 1 [ 323.533696][ T7043] vhci_hcd: connection reset by peer [ 323.549609][ T1108] vhci_hcd: stop threads [ 323.554156][ T1108] vhci_hcd: release socket [ 323.594105][ T1108] vhci_hcd: disconnect device [ 323.897634][ T7048] syz.2.486 (7048): drop_caches: 1 [ 325.954450][ T29] audit: type=1400 audit(1720298696.989:347): avc: denied { mount } for pid=7071 comm="syz.3.492" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 326.972895][ T7084] netlink: 212916 bytes leftover after parsing attributes in process `syz.0.496'. [ 327.532933][ T29] audit: type=1400 audit(1720298698.569:348): avc: denied { search } for pid=4516 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 411.993876][ T5090] Bluetooth: hci5: command 0x0406 tx timeout [ 432.883396][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 432.890420][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P7096/1:b..l P7102/1:b..l [ 432.900248][ C1] rcu: (detected by 1, t=10502 jiffies, g=29469, q=517 ncpus=2) [ 432.908006][ C1] task:syz.4.500 state:R running task stack:27216 pid:7102 tgid:7101 ppid:5796 flags:0x00000000 [ 432.921207][ C1] Call Trace: [ 432.924531][ C1] [ 432.927502][ C1] __schedule+0xf15/0x5d00 [ 432.931987][ C1] ? hlock_class+0x4e/0x130 [ 432.936541][ C1] ? mark_lock+0xb5/0xc60 [ 432.940932][ C1] ? __pfx___schedule+0x10/0x10 [ 432.945839][ C1] ? mark_lock+0xb5/0xc60 [ 432.950231][ C1] ? mark_lock+0xb5/0xc60 [ 432.954627][ C1] preempt_schedule_irq+0x51/0x90 [ 432.959722][ C1] irqentry_exit+0x36/0x90 [ 432.964197][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 432.970251][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 432.976386][ C1] Code: be b0 01 00 00 e8 a0 ff ff ff 31 c0 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 65 48 8b 15 64 f4 75 7e 65 8b 05 65 f4 75 7e a9 00 01 [ 432.996042][ C1] RSP: 0018:ffffc90003207720 EFLAGS: 00000286 [ 433.002155][ C1] RAX: 0000000000000002 RBX: ffffffff819f1abb RCX: ffffffff81342a2e [ 433.010168][ C1] RDX: ffff888026afbc00 RSI: 0000000000000000 RDI: 0000000000000007 [ 433.018180][ C1] RBP: ffffc900032077c0 R08: 0000000000000007 R09: 0000000000000000 [ 433.026185][ C1] R10: ffffffff819f1abb R11: 0000000000000000 R12: ffffc90003207730 [ 433.034191][ C1] R13: ffffffff81798340 R14: ffffc900032077f0 R15: ffff888026afbc00 [ 433.042202][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 433.048419][ C1] ? map_create+0x57b/0x1c50 [ 433.053093][ C1] ? map_create+0x57b/0x1c50 [ 433.057747][ C1] ? arch_stack_walk+0xce/0x170 [ 433.062649][ C1] arch_stack_walk+0xd8/0x170 [ 433.067386][ C1] ? map_create+0x57b/0x1c50 [ 433.072050][ C1] stack_trace_save+0x95/0xd0 [ 433.076786][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 433.082215][ C1] save_stack+0x162/0x1f0 [ 433.086683][ C1] ? __pfx_save_stack+0x10/0x10 [ 433.091671][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 433.096761][ C1] ? free_unref_page+0x64a/0xe40 [ 433.101754][ C1] ? vfree+0x181/0x7a0 [ 433.105879][ C1] ? kvfree+0x33/0x50 [ 433.109921][ C1] ? htab_map_alloc+0xf33/0x17b0 [ 433.114926][ C1] __reset_page_owner+0x8d/0x400 [ 433.119916][ C1] ? rcu_is_watching+0x12/0xc0 [ 433.124733][ C1] free_unref_page+0x64a/0xe40 [ 433.129560][ C1] vfree+0x181/0x7a0 [ 433.133517][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 433.139374][ C1] ? free_percpu+0x7e9/0x1110 [ 433.144101][ C1] kvfree+0x33/0x50 [ 433.147970][ C1] htab_map_alloc+0xf33/0x17b0 [ 433.152804][ C1] ? ns_capable+0xd7/0x110 [ 433.157277][ C1] map_create+0x57b/0x1c50 [ 433.161763][ C1] ? __pfx_avc_has_perm+0x10/0x10 [ 433.166855][ C1] ? __pfx_map_create+0x10/0x10 [ 433.171770][ C1] ? __pfx___might_resched+0x10/0x10 [ 433.177103][ C1] ? selinux_bpf+0xde/0x130 [ 433.181672][ C1] __sys_bpf+0xd73/0x49a0 [ 433.186051][ C1] ? __pfx___sys_bpf+0x10/0x10 [ 433.190863][ C1] ? do_futex+0x123/0x350 [ 433.195252][ C1] ? __pfx_do_futex+0x10/0x10 [ 433.200007][ C1] ? xfd_validate_state+0x5d/0x180 [ 433.205185][ C1] __x64_sys_bpf+0x78/0xc0 [ 433.209672][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 433.214940][ C1] do_syscall_64+0xcd/0x250 [ 433.219516][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.225483][ C1] RIP: 0033:0x7f9500175bd9 [ 433.229937][ C1] RSP: 002b:00007f9500efa048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 433.238405][ C1] RAX: ffffffffffffffda RBX: 00007f9500303f60 RCX: 00007f9500175bd9 [ 433.246449][ C1] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0000000000000000 [ 433.254461][ C1] RBP: 00007f95001e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 433.262485][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 433.270499][ C1] R13: 000000000000000b R14: 00007f9500303f60 R15: 00007ffc411cc918 [ 433.278609][ C1] [ 433.281661][ C1] task:syz.2.497 state:R running task stack:26784 pid:7096 tgid:7091 ppid:6692 flags:0x00004002 [ 433.293481][ C1] Call Trace: [ 433.296806][ C1] [ 433.299768][ C1] __schedule+0xf15/0x5d00 [ 433.304241][ C1] ? mark_lock+0xb5/0xc60 [ 433.308641][ C1] ? __pfx___schedule+0x10/0x10 [ 433.313537][ C1] ? mark_held_locks+0x9f/0xe0 [ 433.318367][ C1] ? irqentry_exit+0x3b/0x90 [ 433.323013][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 433.328353][ C1] ? preempt_schedule_thunk+0x1a/0x30 [ 433.333807][ C1] preempt_schedule_common+0x44/0xc0 [ 433.339143][ C1] preempt_schedule_thunk+0x1a/0x30 [ 433.344428][ C1] ? unwind_next_frame+0x1c8b/0x23a0 [ 433.349803][ C1] unwind_next_frame+0x1c90/0x23a0 [ 433.354978][ C1] ? folios_put_refs+0x487/0x6d0 [ 433.359976][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 433.366188][ C1] arch_stack_walk+0x100/0x170 [ 433.371001][ C1] ? mapping_try_invalidate+0x393/0x470 [ 433.376594][ C1] stack_trace_save+0x95/0xd0 [ 433.381328][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 433.386765][ C1] save_stack+0x162/0x1f0 [ 433.391141][ C1] ? __pfx_save_stack+0x10/0x10 [ 433.396037][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 433.401136][ C1] ? free_unref_folios+0x991/0x1310 [ 433.406407][ C1] ? folios_put_refs+0x487/0x6d0 [ 433.411427][ C1] __reset_page_owner+0x8d/0x400 [ 433.416433][ C1] free_unref_folios+0x991/0x1310 [ 433.421531][ C1] folios_put_refs+0x487/0x6d0 [ 433.426365][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 433.431721][ C1] ? mlock_drain_local+0x24c/0x4f0 [ 433.436892][ C1] mapping_try_invalidate+0x393/0x470 [ 433.442313][ C1] ? __pfx_mapping_try_invalidate+0x10/0x10 [ 433.448266][ C1] ? mark_held_locks+0x9f/0xe0 [ 433.453103][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 433.458470][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 433.463890][ C1] ? __pfx___might_resched+0x10/0x10 [ 433.469234][ C1] drop_pagecache_sb+0xd2/0x290 [ 433.474320][ C1] ? __pfx_drop_pagecache_sb+0x10/0x10 [ 433.479844][ C1] iterate_supers+0xfb/0x240 [ 433.484499][ C1] drop_caches_sysctl_handler+0xeb/0x190 [ 433.490198][ C1] proc_sys_call_handler+0x4cc/0x6f0 [ 433.495536][ C1] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 433.501395][ C1] ? rcu_is_watching+0x12/0xc0 [ 433.506206][ C1] ? splice_from_pipe_next+0x1f8/0x5d0 [ 433.511812][ C1] iter_file_splice_write+0x906/0x10b0 [ 433.517324][ C1] ? __pfx_iter_file_splice_write+0x10/0x10 [ 433.523274][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 433.528364][ C1] ? __pfx_iter_file_splice_write+0x10/0x10 [ 433.534316][ C1] direct_splice_actor+0x19b/0x6d0 [ 433.539485][ C1] splice_direct_to_actor+0x346/0xa40 [ 433.544907][ C1] ? __pfx_direct_splice_actor+0x10/0x10 [ 433.550590][ C1] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 433.556534][ C1] ? __pfx___might_resched+0x10/0x10 [ 433.561867][ C1] ? __pfx_lock_release+0x10/0x10 [ 433.566954][ C1] do_splice_direct+0x17e/0x250 [ 433.571849][ C1] ? __pfx_do_splice_direct+0x10/0x10 [ 433.577351][ C1] ? avc_policy_seqno+0x9/0x20 [ 433.582175][ C1] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 433.588141][ C1] do_sendfile+0xb1e/0xe50 [ 433.592616][ C1] ? __pfx_do_sendfile+0x10/0x10 [ 433.597692][ C1] ? __might_fault+0xe3/0x190 [ 433.602421][ C1] __x64_sys_sendfile64+0x155/0x220 [ 433.607665][ C1] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 433.613431][ C1] do_syscall_64+0xcd/0x250 [ 433.617992][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.623945][ C1] RIP: 0033:0x7f8ee9f75bd9 [ 433.628829][ C1] RSP: 002b:00007f8eead1e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 433.637291][ C1] RAX: ffffffffffffffda RBX: 00007f8eea104110 RCX: 00007f8ee9f75bd9 [ 433.645303][ C1] RDX: 0000000020002080 RSI: 0000000000000009 RDI: 000000000000000a [ 433.653341][ C1] RBP: 00007f8ee9fe4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 433.661358][ C1] R10: 000000000000023b R11: 0000000000000246 R12: 0000000000000000 [ 433.669405][ C1] R13: 000000000000006e R14: 00007f8eea104110 R15: 00007fff53b54d88 [ 433.677432][ C1] [ 433.680606][ C1] rcu: rcu_preempt kthread starved for 9963 jiffies! g29469 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 433.691792][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 433.701885][ C1] rcu: RCU grace-period kthread stack dump: [ 433.707807][ C1] task:rcu_preempt state:R running task stack:25776 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 433.719605][ C1] Call Trace: [ 433.722926][ C1] [ 433.725912][ C1] __schedule+0xf15/0x5d00 [ 433.730467][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 433.735734][ C1] ? __pfx___schedule+0x10/0x10 [ 433.740635][ C1] ? schedule+0x298/0x350 [ 433.745015][ C1] ? __pfx_lock_release+0x10/0x10 [ 433.750104][ C1] ? __pfx___mod_timer+0x10/0x10 [ 433.755108][ C1] ? lock_acquire+0x1b1/0x560 [ 433.759842][ C1] ? lockdep_init_map_type+0x16d/0x7d0 [ 433.765373][ C1] schedule+0xe7/0x350 [ 433.769578][ C1] schedule_timeout+0x136/0x2a0 [ 433.774496][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 433.780022][ C1] ? __pfx_process_timeout+0x10/0x10 [ 433.785371][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 433.791238][ C1] ? prepare_to_swait_event+0xf0/0x470 [ 433.796766][ C1] rcu_gp_fqs_loop+0x1eb/0xb00 [ 433.801589][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 433.806935][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 433.812619][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 433.818487][ C1] rcu_gp_kthread+0x271/0x380 [ 433.823229][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 433.828490][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 433.833741][ C1] ? __kthread_parkme+0x148/0x220 [ 433.838906][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 433.844164][ C1] kthread+0x2c1/0x3a0 [ 433.848282][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 433.853537][ C1] ? __pfx_kthread+0x10/0x10 [ 433.858181][ C1] ret_from_fork+0x45/0x80 [ 433.862656][ C1] ? __pfx_kthread+0x10/0x10 [ 433.867294][ C1] ret_from_fork_asm+0x1a/0x30 [ 433.872126][ C1] [ 433.875171][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 433.881524][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 433.891492][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 433.901583][ C1] RIP: 0010:acpi_safe_halt+0x1a/0x20 [ 433.906944][ C1] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 68 54 1c 75 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 18 ae b3 00 fb f4 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 433.926595][ C1] RSP: 0018:ffffc900001a7d58 EFLAGS: 00000246 [ 433.932710][ C1] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8ae767b9 [ 433.940722][ C1] RDX: 0000000000000001 RSI: ffff888019a82000 RDI: ffff888019a82064 [ 433.948826][ C1] RBP: ffff888019a82064 R08: 0000000000000001 R09: ffffed1017266fdd [ 433.956843][ C1] R10: ffff8880b9337eeb R11: 0000000000000000 R12: ffff88801b79b000 [ 433.964854][ C1] R13: ffffffff8e741e00 R14: 0000000000000001 R15: 0000000000000000 [ 433.972865][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 433.981838][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 433.988463][ C1] CR2: 00007f9e74cdfd90 CR3: 000000002513a000 CR4: 00000000003506f0 [ 433.996482][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 434.004498][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 434.012590][ C1] Call Trace: [ 434.015920][ C1] [ 434.018792][ C1] ? show_regs+0x8c/0xa0 [ 434.023093][ C1] ? rcu_check_gp_kthread_starvation+0x31b/0x450 [ 434.029479][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 434.034769][ C1] ? rcu_sched_clock_irq+0x22a2/0x3100 [ 434.040297][ C1] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 434.046014][ C1] ? tmigr_requires_handle_remote+0x14c/0x480 [ 434.052217][ C1] ? __pfx_tmigr_requires_handle_remote+0x10/0x10 [ 434.058699][ C1] ? hrtimer_run_queues+0x97/0x450 [ 434.063862][ C1] ? update_process_times+0x175/0x220 [ 434.069299][ C1] ? __pfx_update_process_times+0x10/0x10 [ 434.075071][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 434.080578][ C1] ? update_wall_time+0x1c/0x40 [ 434.085490][ C1] ? tick_nohz_handler+0x376/0x530 [ 434.090665][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 434.096175][ C1] ? __hrtimer_run_queues+0x657/0xcc0 [ 434.101604][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 434.107392][ C1] ? ktime_get_update_offsets_now+0x201/0x310 [ 434.113522][ C1] ? hrtimer_interrupt+0x31b/0x800 [ 434.118691][ C1] ? __sysvec_apic_timer_interrupt+0x10f/0x450 [ 434.124910][ C1] ? sysvec_apic_timer_interrupt+0x90/0xb0 [ 434.130772][ C1] [ 434.133734][ C1] [ 434.136786][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 434.143008][ C1] ? ct_kernel_exit+0x139/0x190 [ 434.148000][ C1] ? acpi_safe_halt+0x1a/0x20 [ 434.152738][ C1] acpi_idle_enter+0xc5/0x160 [ 434.157480][ C1] cpuidle_enter_state+0x85/0x500 [ 434.162567][ C1] ? __pfx_tsc_verify_tsc_adjust+0x10/0x10 [ 434.168447][ C1] cpuidle_enter+0x4e/0xa0 [ 434.172912][ C1] do_idle+0x313/0x3f0 [ 434.177026][ C1] ? __pfx_do_idle+0x10/0x10 [ 434.181664][ C1] cpu_startup_entry+0x4f/0x60 [ 434.186490][ C1] start_secondary+0x220/0x2b0 [ 434.191311][ C1] ? __pfx_start_secondary+0x10/0x10 [ 434.196674][ C1] common_startup_64+0x13e/0x148 [ 434.201663][ C1] [ 438.703531][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { P7066 P4748 P7102 P7096 } 2671 jiffies s: 5689 root: 0x0/T