last executing test programs: 3.287428032s ago: executing program 4 (id=9068): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in={0x2, 0x4e21, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000040)=[{0x18, 0x84, 0x0, 'r'}, {0x20, 0x84, 0x8, "eeb4fe8ba15e3999ef"}], 0x38}, 0x41) 3.269270846s ago: executing program 4 (id=9069): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x9}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32=r0], 0x48) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000002c0)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r1 = epoll_create1(0x80000) epoll_wait(r1, &(0x7f0000000180)=[{}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r2, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) syz_genetlink_get_family_id$wireguard(&(0x7f0000000340), r3) prlimit64(0x0, 0xe, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffbff965, 0x0, 0x0, 0x0, 0xfffffff9}, [@call={0x85, 0x0, 0x0, 0x55}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00'}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="b9486f0a101951d607fc005866ce", &(0x7f0000000040), 0x1, 0x0, 0x8f, 0xa2, &(0x7f0000000240)="4a926cd6168b7acc42cbd63fdd5091c81435e52d0b2023247590f8d210a76155569739966c561401fb051bb8eb5c00ba22cf6063d5c9fcaa3b44a01d67f9e7fe93ac8a9537ee0a58d8dd98f5ed2264ec846d7012334618e7dd45fb2adf3c39f0e8b1e46b0921c8e6f4de2c3eaee401a4af07711a57fad59228867b61843681b29e5fd4bea6dace8e9afa1f9c5b320d", &(0x7f0000000440)="d5790574feadf04a2ddd52695e13e2e4866bbda855e2fa3e9ab4d38c4796082d1cb66dce2b9d7f26baf229525a2dc6c94647c8f8fe896f246aea3be5fd5469f824ce66cd96e117046f98219b2cd3a0aad5c6454493c47ecd1f3e29e5598a3ab43487725585c8e172b4ffb038a011359d07585292725a21ebe1939f2efaba498c2d2a515416b9145bd79525c33643b8724796c75ab1b51ac1c3be50d4ce46f5d529a3", 0x5, 0x0, 0x8e68}, 0x50) 2.411406847s ago: executing program 4 (id=9071): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33) 2.245885582s ago: executing program 4 (id=9074): r0 = creat(&(0x7f00000006c0)='./file0\x00', 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x2, 0x0, &(0x7f00000002c0)='\x00\x00', 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x40}, 0x50) futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, &(0x7f0000000000)={0x77359400}, 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc08c5332, &(0x7f0000000400)={{}, 0x1, 0x0, 0x0, {0x1}, 0x0, 0x1a}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000540)={0x0, 0x3, {0x1, 0x2, 0x1, 0x2, 0x6}, 0x7}) r2 = inotify_init() inotify_add_watch(r2, &(0x7f0000000200)='./file0\x00', 0x400008bf) close(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000480)='io_uring_task_add\x00', r0, 0x0, 0x8}, 0x18) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={0xffffffffffffffff}) connect$pptp(r3, &(0x7f00000008c0)={0x18, 0x2, {0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1e) close(r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) open_tree(0xffffffffffffffff, &(0x7f0000000640)='\x00', 0x89901) 2.149199714s ago: executing program 3 (id=9077): r0 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev, 0x2}, 0xff32, 0x0}, 0xe07e872420dfefca) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000280)="5c00000012006bab9e3fe3d86e6c1d000014a10dfe000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4080003000601000004000200110000", 0x5b}, {&(0x7f0000000680)}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0) 2.021205195s ago: executing program 3 (id=9079): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000000100)=0x100, 0x3) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}]}, 0x28}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00', 0x0}) bind$xdp(r2, &(0x7f0000000200)={0x2c, 0xd, r5, 0x2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rpcgss_unwrap_failed\x00', 0xffffffffffffffff, 0x0, 0x1}, 0xfffffffffffffc86) socket$netlink(0x10, 0x3, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r6, &(0x7f0000000300)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f0000000340)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33cb95d66a1781f31bf07fd2ae874", "62266bd8", "d1b29b99d21d88a2"}, 0x28) write$binfmt_script(r6, &(0x7f0000000780)={'#! ', './file0'}, 0xb) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]}) msgget$private(0x0, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) 2.015506249s ago: executing program 0 (id=9080): unshare(0x22020600) r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2710, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0) 1.864729882s ago: executing program 0 (id=9082): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000400)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) eventfd(0x0) 1.716100411s ago: executing program 1 (id=8974): setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x88, 0x67, &(0x7f00000002c0), 0x4) 1.663317398s ago: executing program 0 (id=9083): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0xf72d4000) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021"], 0x1c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000002040)=""/4096, 0x1000}], 0x1}}], 0x1, 0x2040, 0x0) 1.647474554s ago: executing program 1 (id=9084): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) sendfile(r2, r2, 0x0, 0x40000f63c) 1.610881492s ago: executing program 0 (id=9085): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0xfffffffc}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x1000000000000) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg(r1, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000480)=""/4085, 0xff5}], 0x1}, 0xbe58}], 0x1, 0x7ffeedc0, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001640)=ANY=[@ANYBLOB="16000000080000000400000001ffff00000000003374831d10ee30ab3dc18d0190dacc382d1eac0c25c284ec73fdd6d25473b83f760b880968bca71bdf3090b46f4bcf45a3fd6f0dd8f582347ad0284e32a0ddf17c77ad8841aaf295448df1f3867b7ff3325e1dcc83cd2f445c6e20fbbab2a67fe61232492800b1a9", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98<\xc8\x18E/\x8c\x1a\xe3\xbd') r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000b00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x30, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='rpcgss_upcall_result\x00', r5, 0x0, 0x4000000}, 0xfffffffffffffe18) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r9 = io_uring_setup(0x2a59, &(0x7f0000000080)={0x0, 0x69bd, 0x400}) io_uring_register$IORING_REGISTER_BUFFERS(r9, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r9, 0x10, &(0x7f00000003c0)={0x2, 0x0, &(0x7f0000000380)=[{&(0x7f0000000600)=""/4096, 0x1000}], 0x0, 0x1}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', 0xffffffffffffffff, 0x0, 0x447}, 0x18) 1.049010917s ago: executing program 3 (id=9086): prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000", @ANYRES32=0x0, @ANYBLOB], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000200)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb0800"], 0x0) 899.567391ms ago: executing program 3 (id=9088): r0 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev, 0x2}, 0xff32, 0x0}, 0xe07e872420dfefca) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000680)='\'', 0x1}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 785.70122ms ago: executing program 2 (id=9089): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in={0x2, 0x4e21, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000040)=[{0x18, 0x84, 0x0, 'r'}, {0x20, 0x84, 0x8, "eeb4fe8ba15e3999ef"}], 0x38}, 0x41) 772.615659ms ago: executing program 3 (id=9090): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000005cd5a9ed9dadfd5500", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r3, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 666.510691ms ago: executing program 2 (id=9091): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000005304"], 0x14}, 0x1, 0x0, 0x0, 0x24000841}, 0x4008840) 599.324184ms ago: executing program 0 (id=9092): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$selinux_user(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t root'], 0x27) 563.571251ms ago: executing program 1 (id=9093): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x2) 513.5534ms ago: executing program 2 (id=9094): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a9998500000004000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/170, 0xaa}], 0x1}, 0x0) 367.544476ms ago: executing program 1 (id=9095): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='kfree\x00', r0}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x80d, 0x0, 0x10000000, 0x5, 0x4}, 0x1, r3}}]}, {0x4, 0xa}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4008001}, 0x0) 360.535603ms ago: executing program 2 (id=9096): futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) readahead(0xffffffffffffffff, 0xfff, 0xc7c4) 333.694576ms ago: executing program 0 (id=9097): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x183081, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r1, &(0x7f0000000380)=ANY=[], 0x280) 214.252253ms ago: executing program 4 (id=9098): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x41, &(0x7f0000000040)=0x7f, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) recvmmsg(r0, &(0x7f0000007a00)=[{{0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000000340)=""/237, 0xed}], 0x1, &(0x7f0000001ac0)=""/112, 0x70}, 0x4}], 0x1, 0x2, 0x0) 207.683424ms ago: executing program 2 (id=9099): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000001100)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) 149.060323ms ago: executing program 1 (id=9100): r0 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev, 0x2}, 0xff32, 0x0}, 0xe07e872420dfefca) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000680)='\'', 0x1}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 76.440217ms ago: executing program 4 (id=9101): r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in={0x2, 0x4e21, @remote}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000040)=[{0x18, 0x84, 0x0, 'r'}, {0x20, 0x84, 0x8, "eeb4fe8ba15e3999ef"}], 0x38}, 0x41) 35.078208ms ago: executing program 2 (id=9102): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f00000000800020", @ANYBLOB='\x00\x00\x00\x00\b'], 0x24}}, 0x0) 31.492722ms ago: executing program 3 (id=9103): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000202300800000000000000000850000007b00000095"], &(0x7f0000000200)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) write$binfmt_script(r1, &(0x7f0000000440)={'#! ', './file0'}, 0xb) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 0s ago: executing program 1 (id=9104): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000001000)=ANY=[@ANYBLOB="7a0af8ff75257025bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) brk(0x1) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x2800000002000000, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x0, 0x4000000}, 0x28) kernel console output (not intermixed with test programs): 54C:0DF2.0050: unknown main item tag 0x0 [ 1615.129564][T27975] usb 5-1: USB disconnect, device number 68 [ 1615.138593][ T9291] playstation 0003:054C:0DF2.0050: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.2-1/input0 [ 1615.304741][ T9291] playstation 0003:054C:0DF2.0050: Invalid byte count transferred, expected 20 got 0 [ 1615.335200][ T9291] playstation 0003:054C:0DF2.0050: Failed to retrieve DualSense pairing info: -22 [ 1615.380640][ T9291] playstation 0003:054C:0DF2.0050: Failed to get MAC address from DualSense [ 1615.423305][ T9291] playstation 0003:054C:0DF2.0050: Failed to create dualsense. [ 1615.480039][ T9291] playstation 0003:054C:0DF2.0050: probe with driver playstation failed with error -22 [ 1615.599102][ T9291] usb 3-1: USB disconnect, device number 91 [ 1615.636939][T21015] usb 4-1: USB disconnect, device number 63 [ 1615.954643][T27975] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 1616.115860][T27975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1616.128413][T27975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1616.140996][T31064] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8055'. [ 1616.163483][T27975] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 1616.174763][T27975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1616.213646][T27975] usb 5-1: config 0 descriptor?? [ 1616.479323][T31081] binder: 31080:31081 ioctl c0306201 0 returned -14 [ 1616.664452][T27975] playstation 0003:054C:0DF2.0051: unknown main item tag 0x0 [ 1616.671900][T27975] playstation 0003:054C:0DF2.0051: unknown main item tag 0x0 [ 1616.679368][T27975] playstation 0003:054C:0DF2.0051: unknown main item tag 0x0 [ 1616.688798][T27975] playstation 0003:054C:0DF2.0051: unknown main item tag 0x0 [ 1616.703803][T31088] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=31088 comm=syz.0.8064 [ 1616.723644][T27975] playstation 0003:054C:0DF2.0051: unknown main item tag 0x0 [ 1617.248151][T27975] playstation 0003:054C:0DF2.0051: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.4-1/input0 [ 1617.331721][T27975] playstation 0003:054C:0DF2.0051: Failed to retrieve feature with reportID 9: -32 [ 1617.553245][T27975] playstation 0003:054C:0DF2.0051: Failed to retrieve DualSense pairing info: -32 [ 1617.591592][T27975] playstation 0003:054C:0DF2.0051: Failed to get MAC address from DualSense [ 1617.605878][T27975] playstation 0003:054C:0DF2.0051: Failed to create dualsense. [ 1617.615738][T27975] playstation 0003:054C:0DF2.0051: probe with driver playstation failed with error -32 [ 1617.725720][T31101] siw: device registration error -23 [ 1618.227358][T27975] usb 5-1: USB disconnect, device number 69 [ 1618.572133][T31105] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8069'. [ 1618.653710][T31110] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8071'. [ 1619.038761][T31129] ubi: mtd0 is already attached to ubi31 [ 1619.968676][T31145] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8084'. [ 1619.987530][T31147] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 1621.342180][T31159] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 1622.021442][T31166] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1622.076940][T31174] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8091'. [ 1622.174479][T21015] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 1622.342064][T21015] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1622.452146][T21015] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1622.592390][T21015] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 1622.601752][T21015] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1623.221825][T21015] usb 3-1: config 0 descriptor?? [ 1624.950639][T31204] ubi: mtd0 is already attached to ubi31 [ 1625.266459][T21015] usbhid 3-1:0.0: can't add hid device: -71 [ 1625.272795][T21015] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1625.355196][T21015] usb 3-1: USB disconnect, device number 92 [ 1631.444381][ T9290] usb 1-1: new full-speed USB device number 66 using dummy_hcd [ 1631.639543][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 1631.639561][ T30] audit: type=1326 audit(2000000005.920:11851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31266 comm="syz.1.8117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c3838e929 code=0x7fc00000 [ 1631.677373][ T9290] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1631.704759][ T9290] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1631.724873][ T9290] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1631.744350][ T9290] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1631.764755][ T9290] usb 1-1: config 0 descriptor?? [ 1632.629059][ T9290] usbhid 1-1:0.0: can't add hid device: -71 [ 1632.640551][ T9290] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1632.670209][ T9290] usb 1-1: USB disconnect, device number 66 [ 1635.776987][T31350] syz.4.8139: attempt to access beyond end of device [ 1635.776987][T31350] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1636.957141][T31364] tmpfs: Unknown parameter 'quot' [ 1636.968424][T31364] siw: device registration error -23 [ 1639.349941][T31370] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8146'. [ 1639.774457][ T9291] usb 5-1: new full-speed USB device number 70 using dummy_hcd [ 1641.009245][ T9291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1641.029982][ T9291] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1641.040427][ T9291] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1641.078270][ T9291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1641.161969][ T9291] usb 5-1: config 0 descriptor?? [ 1641.646299][ T9291] usbhid 5-1:0.0: can't add hid device: -71 [ 1644.426449][ T9291] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1644.438025][ T9291] usb 5-1: USB disconnect, device number 70 [ 1644.841487][T31415] syz.0.8160: attempt to access beyond end of device [ 1644.841487][T31415] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1645.237988][T31412] syz.3.8156: attempt to access beyond end of device [ 1645.237988][T31412] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1645.600919][T31427] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=31427 comm=syz.0.8163 [ 1646.278859][T31433] siw: device registration error -23 [ 1647.994399][ T9290] usb 5-1: new full-speed USB device number 71 using dummy_hcd [ 1648.235803][ T9290] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1648.247063][ T9290] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1648.257028][ T9290] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1648.689805][ T9290] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1648.707540][ T9290] usb 5-1: config 0 descriptor?? [ 1649.564612][ T9290] usbhid 5-1:0.0: can't add hid device: -71 [ 1649.728639][ T9290] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1649.764405][ T9290] usb 5-1: USB disconnect, device number 71 [ 1651.091872][T31490] syz.2.8179: attempt to access beyond end of device [ 1651.091872][T31490] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1652.415587][ T9291] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 1653.059960][ T9291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1653.098938][ T9291] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1653.125581][ T9291] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 1653.176545][ T9291] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1653.218208][ T9291] usb 3-1: config 0 descriptor?? [ 1653.932336][ T9291] usbhid 3-1:0.0: can't add hid device: -71 [ 1653.945494][ T9291] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1653.956571][ T9291] usb 3-1: USB disconnect, device number 93 [ 1654.031162][ T30] audit: type=1326 audit(2000000028.320:11852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31518 comm="syz.4.8186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f97d8e929 code=0x7fc00000 [ 1655.232913][T31540] 9pnet_fd: Insufficient options for proto=fd [ 1655.379938][T31543] syz.1.8191: attempt to access beyond end of device [ 1655.379938][T31543] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1655.551030][T31549] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=31549 comm=syz.2.8196 [ 1655.990651][T31554] kvm: pic: non byte write [ 1656.144517][ T9282] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 1656.354867][ T9282] usb 5-1: Using ep0 maxpacket: 8 [ 1656.415342][ T9282] usb 5-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=d2.b4 [ 1656.444741][ T9282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1656.469062][ T9282] usb 5-1: Product: syz [ 1656.479984][ T9282] usb 5-1: Manufacturer: syz [ 1656.490863][ T9282] usb 5-1: SerialNumber: syz [ 1657.899016][ T9282] usb 5-1: USB disconnect, device number 72 [ 1658.618538][T31588] syz.3.8205: attempt to access beyond end of device [ 1658.618538][T31588] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1659.604364][ T9282] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 1659.674545][T30078] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 1659.764390][ T9282] usb 5-1: Using ep0 maxpacket: 8 [ 1659.777551][ T9282] usb 5-1: config 233 has an invalid descriptor of length 0, skipping remainder of the config [ 1659.889868][T30078] usb 4-1: config index 0 descriptor too short (expected 65183, got 72) [ 1659.901694][ T9282] usb 5-1: config 233 has 0 interfaces, different from the descriptor's value: 1 [ 1659.960170][T30078] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1660.003624][ T9282] usb 5-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=d2.b4 [ 1660.032962][T30078] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1660.046328][ T9282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1660.056156][T30078] usb 4-1: Product: syz [ 1660.060337][T30078] usb 4-1: Manufacturer: syz [ 1660.067361][ T9282] usb 5-1: Product: syz [ 1660.067631][T31605] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 1660.071518][ T9282] usb 5-1: Manufacturer: syz [ 1660.096177][T30078] usb 4-1: SerialNumber: syz [ 1660.110489][ T9282] usb 5-1: SerialNumber: syz [ 1660.123177][T30078] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1660.140916][T15574] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1660.409069][T31599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1660.418856][T31599] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1660.421075][ T9291] usb 5-1: USB disconnect, device number 73 [ 1660.430850][T31599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1660.442283][T31599] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1660.679821][T31599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1660.689617][T31599] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1660.705098][ T9282] usb 4-1: USB disconnect, device number 64 [ 1661.253869][T15574] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 1661.296728][T15574] ath9k_htc: Failed to initialize the device [ 1661.424781][ T9282] usb 4-1: ath9k_htc: USB layer deinitialized [ 1661.734676][ T9282] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 1661.926687][ T9282] usb 4-1: Using ep0 maxpacket: 8 [ 1661.937341][ T9282] usb 4-1: config index 0 descriptor too short (expected 241, got 72) [ 1662.032790][ T9282] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 1662.045286][ T9282] usb 4-1: New USB device found, idVendor=2357, idProduct=0109, bcdDevice=bd.da [ 1662.054794][ T9282] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1662.067518][ T9282] usb 4-1: config 0 descriptor?? [ 1662.594585][ T9282] usb 4-1: USB disconnect, device number 65 [ 1669.346911][ T9293] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 1669.390286][T31718] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=31718 comm=syz.4.8243 [ 1669.809778][ T9293] usb 3-1: Using ep0 maxpacket: 8 [ 1669.832982][ T9293] usb 3-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=d2.b4 [ 1669.845613][ T9293] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1669.853621][ T9293] usb 3-1: Product: syz [ 1669.876363][ T9293] usb 3-1: Manufacturer: syz [ 1669.884888][ T9293] usb 3-1: SerialNumber: syz [ 1669.933965][T31722] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=31722 comm=syz.1.8244 [ 1670.333392][ T9293] usb 3-1: bad CDC descriptors [ 1670.340988][ T9293] usb 3-1: USB disconnect, device number 94 [ 1671.537242][T31742] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=31742 comm=syz.2.8249 [ 1673.399587][T31757] siw: device registration error -23 [ 1673.534506][T21015] usb 3-1: new full-speed USB device number 95 using dummy_hcd [ 1673.754883][T21015] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1673.803268][T21015] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1673.864359][T21015] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 1673.901378][T21015] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1673.931665][T21015] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1673.950053][T21015] usb 3-1: Product: syz [ 1673.971945][T21015] usb 3-1: Manufacturer: syz [ 1673.976737][T21015] usb 3-1: SerialNumber: syz [ 1674.020002][T21015] usb 3-1: config 0 descriptor?? [ 1674.031222][T31761] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1674.052097][T31761] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1674.142465][T21015] usb 3-1: ucan: probing device on interface #0 [ 1674.540609][T21015] usb 3-1: ucan: device reported invalid tx-fifo size [ 1674.547688][T21015] usb 3-1: ucan: probe failed; try to update the device firmware [ 1674.746884][ T9290] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 1674.832572][T15574] usb 3-1: USB disconnect, device number 95 [ 1674.977251][ T9290] usb 1-1: config index 0 descriptor too short (expected 65183, got 72) [ 1675.086221][ T9290] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1675.114489][ T9290] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1675.132859][ T9290] usb 1-1: Product: syz [ 1675.140725][ T9290] usb 1-1: Manufacturer: syz [ 1675.153442][ T9290] usb 1-1: SerialNumber: syz [ 1675.163802][ T9290] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1675.201133][T21261] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1675.484240][T31800] syz.3.8264: attempt to access beyond end of device [ 1675.484240][T31800] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1675.688898][T31781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1675.761578][T31781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1675.899487][T31781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1675.981040][T31781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1676.049494][T31781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1676.061849][T31781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1676.177286][T21015] usb 1-1: USB disconnect, device number 67 [ 1676.277843][T21261] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 1676.454571][T21261] ath9k_htc: Failed to initialize the device [ 1676.478272][T21015] usb 1-1: ath9k_htc: USB layer deinitialized [ 1677.735648][T31831] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=31831 comm=syz.3.8276 [ 1678.194393][T21261] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 1678.375781][T21261] usb 3-1: config index 0 descriptor too short (expected 65183, got 72) [ 1678.410038][T21261] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1678.419272][T21261] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1678.427306][T21261] usb 3-1: Product: syz [ 1678.431517][T21261] usb 3-1: Manufacturer: syz [ 1678.438788][T21261] usb 3-1: SerialNumber: syz [ 1678.445511][T21015] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 1678.457840][T21261] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1678.472122][ T9293] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1678.607579][T21015] usb 1-1: config index 0 descriptor too short (expected 65183, got 72) [ 1678.621152][T21015] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1678.637205][T21015] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1678.650520][T21015] usb 1-1: Product: syz [ 1678.655707][T21015] usb 1-1: Manufacturer: syz [ 1678.662764][T21015] usb 1-1: SerialNumber: syz [ 1678.672839][T21015] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1678.701125][ T9283] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1678.717597][T31829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1678.727056][T31829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1678.741029][T31829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1678.757505][T31829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1678.771301][T31829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1678.784243][T31829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1679.995521][T21261] usb 3-1: USB disconnect, device number 96 [ 1680.001473][ T9293] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1680.014835][ T9293] ath9k_htc: Failed to initialize the device [ 1680.024377][ T9283] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 1680.024654][T21261] usb 3-1: ath9k_htc: USB layer deinitialized [ 1680.088687][ T9283] ath9k_htc: Failed to initialize the device [ 1680.104164][T31840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1680.137396][ T9283] usb 1-1: ath9k_htc: USB layer deinitialized [ 1680.191321][T31840] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1680.213392][T31840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1680.226109][T31840] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1680.237552][T31840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1680.252734][T31840] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1680.268041][ T9291] usb 1-1: USB disconnect, device number 68 [ 1680.564440][T21261] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 1680.734564][T21261] usb 3-1: Using ep0 maxpacket: 8 [ 1680.754712][T21261] usb 3-1: device descriptor read/all, error -71 [ 1680.967944][T31864] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8285'. [ 1681.368264][ T9291] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 1681.684425][ T9291] usb 1-1: Using ep0 maxpacket: 32 [ 1681.693066][ T9291] usb 1-1: device descriptor read/all, error -71 [ 1682.049105][T31880] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=31880 comm=syz.3.8289 [ 1683.888731][T31908] siw: device registration error -23 [ 1684.963594][T21015] usb 3-1: new full-speed USB device number 99 using dummy_hcd [ 1685.163844][T21015] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1685.193346][T21015] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1685.205569][T21015] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 1685.229527][T21015] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1685.242797][T21015] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1685.261318][T21015] usb 3-1: Product: syz [ 1685.265709][T21015] usb 3-1: Manufacturer: syz [ 1685.451124][T21015] usb 3-1: SerialNumber: syz [ 1685.458636][T21015] usb 3-1: config 0 descriptor?? [ 1685.464268][T31913] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1685.473026][T31913] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1685.505774][T21015] usb 3-1: ucan: probing device on interface #0 [ 1686.067140][T21015] usb 3-1: ucan: could not read protocol version, ret=26 [ 1686.074918][T21015] usb 3-1: ucan: probe failed; try to update the device firmware [ 1686.301328][T21015] usb 3-1: USB disconnect, device number 99 [ 1686.815464][T31938] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=31938 comm=syz.0.8305 [ 1687.354476][ T9291] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 1687.844615][ T9291] usb 5-1: config index 0 descriptor too short (expected 65183, got 72) [ 1687.860859][ T9291] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1687.877981][ T9291] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1687.898887][ T9291] usb 5-1: Product: syz [ 1687.914551][ T9291] usb 5-1: Manufacturer: syz [ 1688.071666][ T9291] usb 5-1: SerialNumber: syz [ 1688.096059][ T9291] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1688.115933][T21261] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1688.363267][T31957] siw: device registration error -23 [ 1688.454037][T31942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1688.517222][T31942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1688.551269][T31942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1688.567146][T31942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1688.634359][T31959] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=31959 comm=syz.1.8310 [ 1688.997163][T31942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1689.571427][T21261] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 1689.913136][T21261] ath9k_htc: Failed to initialize the device [ 1689.930487][T31942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1689.951891][T21261] usb 5-1: ath9k_htc: USB layer deinitialized [ 1690.020699][T28623] usb 5-1: USB disconnect, device number 74 [ 1690.505024][T15574] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 1690.664587][T15574] usb 5-1: Using ep0 maxpacket: 8 [ 1690.677374][T15574] usb 5-1: config index 0 descriptor too short (expected 241, got 72) [ 1690.686411][T21015] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 1690.739329][T15574] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 1690.766376][T15574] usb 5-1: config 0 interface 0 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 5 [ 1690.779731][ T9283] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 1690.793517][T15574] usb 5-1: New USB device found, idVendor=2357, idProduct=0109, bcdDevice=bd.da [ 1690.803264][T15574] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1690.849535][T15574] usb 5-1: config 0 descriptor?? [ 1690.896959][T21015] usb 4-1: config index 0 descriptor too short (expected 162, got 72) [ 1690.934665][ T9283] usb 3-1: Using ep0 maxpacket: 8 [ 1690.944587][T21015] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1690.975158][ T9283] usb 3-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=d2.b4 [ 1690.989623][T21015] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1691.018177][ T9283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1691.026919][T21015] usb 4-1: Product: syz [ 1691.031451][ T9283] usb 3-1: Product: syz [ 1691.035746][T21015] usb 4-1: Manufacturer: syz [ 1691.040542][ T9283] usb 3-1: Manufacturer: syz [ 1691.045359][T21015] usb 4-1: SerialNumber: syz [ 1691.049970][ T9283] usb 3-1: SerialNumber: syz [ 1691.059327][T21015] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1691.071639][ T9283] usb 3-1: bad CDC descriptors [ 1691.083925][T15574] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1691.144455][T28623] usb 5-1: USB disconnect, device number 75 [ 1691.632886][T28623] usb 3-1: USB disconnect, device number 100 [ 1691.936532][T31999] binder: BINDER_SET_CONTEXT_MGR already set [ 1691.942616][T31999] binder: 31994:31999 ioctl 4018620d 200000000040 returned -16 [ 1692.252862][T15574] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 1692.275737][T15574] ath9k_htc: Failed to initialize the device [ 1692.472786][T15574] usb 4-1: ath9k_htc: USB layer deinitialized [ 1693.714487][T21015] usb 4-1: USB disconnect, device number 66 [ 1695.562988][T32032] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 1696.058335][T15574] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 1696.250521][T32051] siw: device registration error -23 [ 1696.549623][T15574] usb 4-1: config index 0 descriptor too short (expected 162, got 72) [ 1696.603283][T15574] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1696.643958][T15574] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1696.652663][T15574] usb 4-1: Product: syz [ 1696.658366][T15574] usb 4-1: Manufacturer: syz [ 1696.663405][T15574] usb 4-1: SerialNumber: syz [ 1696.707748][T15574] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1696.723125][ T9282] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1697.754684][ T9282] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 1697.793992][ T9282] ath9k_htc: Failed to initialize the device [ 1697.881949][ T9282] usb 4-1: ath9k_htc: USB layer deinitialized [ 1699.261987][ T9282] usb 4-1: USB disconnect, device number 67 [ 1700.092385][T32087] syz.3.8344: attempt to access beyond end of device [ 1700.092385][T32087] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1701.904199][T32115] kvm: kvm [32114]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xff21 [ 1701.913165][T32115] kvm: kvm [32114]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xff21 [ 1701.924693][T32115] kvm_intel: kvm [32114]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1701.940914][T32115] kvm: kvm [32114]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xe833 [ 1702.224411][T32115] kvm: kvm [32114]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x186) = 0xe833 [ 1702.390376][T32115] kvm_intel: kvm [32114]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1702.408359][T32115] kvm: kvm [32114]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x1821 [ 1702.421471][T32115] kvm: kvm [32114]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x186) = 0x1821 [ 1702.600655][T32115] kvm_intel: kvm [32114]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1702.653253][T32115] kvm: kvm [32114]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xffc3 [ 1702.713853][T32115] kvm: kvm [32114]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x186) = 0xffc3 [ 1702.754759][T32115] kvm: kvm [32114]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xdf71 [ 1702.772308][T32115] kvm: kvm [32114]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xdf71 [ 1703.116242][T32143] siw: device registration error -23 [ 1703.506022][T21261] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 1703.719023][T21261] usb 1-1: config index 0 descriptor too short (expected 162, got 72) [ 1703.757068][T21261] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1703.774336][T21261] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1703.782597][T21261] usb 1-1: Product: syz [ 1703.787839][T21261] usb 1-1: Manufacturer: syz [ 1703.792457][T21261] usb 1-1: SerialNumber: syz [ 1703.918464][T21261] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1703.938045][T28623] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1704.959439][T28623] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 1704.975659][T28623] ath9k_htc: Failed to initialize the device [ 1705.014548][T28623] usb 1-1: ath9k_htc: USB layer deinitialized [ 1706.708663][T15574] usb 1-1: USB disconnect, device number 71 [ 1706.727814][T32173] binder: 32172:32173 ioctl c0306201 0 returned -14 [ 1706.789767][T32174] syz.1.8367: attempt to access beyond end of device [ 1706.789767][T32174] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1709.958879][T32220] binder: 32217:32220 ioctl c0306201 0 returned -14 [ 1712.224627][ T9290] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 1712.934872][ T9290] usb 1-1: Using ep0 maxpacket: 8 [ 1713.105207][ T9290] usb 1-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=d2.b4 [ 1713.155755][ T9290] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1713.202258][ T9290] usb 1-1: Product: syz [ 1713.212585][ T9290] usb 1-1: Manufacturer: syz [ 1713.218838][ T9290] usb 1-1: SerialNumber: syz [ 1713.600642][ T9290] usb 1-1: USB disconnect, device number 72 [ 1715.359718][T32276] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 1724.844611][T32432] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1724.855110][T32432] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1724.862775][T32432] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1724.890980][T32432] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1724.898411][T32432] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1724.913564][ T5821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1724.920973][ T5821] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1724.929826][ T5821] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1725.255779][ T5821] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1725.264042][ T5821] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1725.593899][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1725.621255][T32431] lo speed is unknown, defaulting to 1000 [ 1725.690091][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1725.749619][T32431] lo speed is unknown, defaulting to 1000 [ 1725.780712][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1726.177592][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1726.556386][T21015] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 1726.778937][T32431] chnl_net:caif_netlink_parms(): no params data found [ 1726.785924][T21015] usb 5-1: Using ep0 maxpacket: 32 [ 1726.794369][T21015] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 1726.802639][T21015] usb 5-1: config 0 has no interface number 0 [ 1726.814162][T21015] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1726.831433][T21015] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1726.863245][T21015] usb 5-1: Product: syz [ 1726.874816][T21015] usb 5-1: Manufacturer: syz [ 1726.879524][T21015] usb 5-1: SerialNumber: syz [ 1726.902571][T21015] usb 5-1: config 0 descriptor?? [ 1726.921228][T21015] smsc95xx v2.0.0 [ 1726.976351][ T49] bridge_slave_1: left allmulticast mode [ 1726.987644][ T49] bridge_slave_1: left promiscuous mode [ 1726.997627][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 1727.014567][ T49] bridge_slave_0: left allmulticast mode [ 1727.024143][ T49] bridge_slave_0: left promiscuous mode [ 1727.054664][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 1727.341383][T21015] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1727.360325][T32432] Bluetooth: hci3: command tx timeout [ 1727.368495][T21015] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1727.428473][ T49] team0: Port device geneve0 removed [ 1728.202516][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1728.224070][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1728.241964][ T49] bond0 (unregistering): Released all slaves [ 1728.256407][T32431] bridge0: port 1(bridge_slave_0) entered blocking state [ 1728.263779][T32431] bridge0: port 1(bridge_slave_0) entered disabled state [ 1728.278286][T32431] bridge_slave_0: entered allmulticast mode [ 1728.292984][T32431] bridge_slave_0: entered promiscuous mode [ 1728.321809][T32431] bridge0: port 2(bridge_slave_1) entered blocking state [ 1728.329568][T32431] bridge0: port 2(bridge_slave_1) entered disabled state [ 1728.339745][T32431] bridge_slave_1: entered allmulticast mode [ 1728.347729][T32431] bridge_slave_1: entered promiscuous mode [ 1728.384239][T32431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1728.397130][T32431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1728.630468][T32431] team0: Port device team_slave_0 added [ 1728.640034][T32431] team0: Port device team_slave_1 added [ 1728.700848][T32431] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1728.712142][T32431] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1728.746238][T32431] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1728.788877][T32431] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1728.807608][T32431] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1728.887709][T32431] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1728.923867][T32476] syz.2.8444: attempt to access beyond end of device [ 1728.923867][T32476] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1729.017891][T32431] hsr_slave_0: entered promiscuous mode [ 1729.030378][T32431] hsr_slave_1: entered promiscuous mode [ 1729.037058][T32431] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1729.048355][T32431] Cannot create hsr debugfs directory [ 1729.445131][T32432] Bluetooth: hci3: command tx timeout [ 1730.183145][T32482] kvm: kvm [32481]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xff21 [ 1730.192935][T32482] kvm: kvm [32481]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xff21 [ 1731.522947][T32432] Bluetooth: hci3: command tx timeout [ 1731.613205][T21015] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000024: -71 [ 1731.930514][T21015] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 1732.611902][T21015] usb 5-1: USB disconnect, device number 76 [ 1732.776151][T32431] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1732.786259][T32431] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1733.757696][T32432] Bluetooth: hci3: command tx timeout [ 1733.807028][T32431] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1734.326007][T32431] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1734.365613][ T49] hsr_slave_0: left promiscuous mode [ 1734.371541][ T49] hsr_slave_1: left promiscuous mode [ 1734.377392][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1734.398100][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1734.493773][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1734.501357][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1734.573135][ T49] veth1_macvtap: left promiscuous mode [ 1734.599512][ T49] veth0_macvtap: left promiscuous mode [ 1734.623943][ T49] veth1_vlan: left promiscuous mode [ 1734.644505][ T49] veth0_vlan: left promiscuous mode [ 1735.953191][T32536] kvm: kvm [32535]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xff21 [ 1735.962802][T32536] kvm: kvm [32535]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xff21 [ 1736.580752][ T49] team0 (unregistering): Port device team_slave_1 removed [ 1736.910409][ T49] team0 (unregistering): Port device team_slave_0 removed [ 1738.805798][T21261] lo speed is unknown, defaulting to 1000 [ 1738.811563][T21261] syþ: Port: 1 Link DOWN [ 1739.104007][T32431] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1739.130933][T32431] 8021q: adding VLAN 0 to HW filter on device team0 [ 1739.226324][ T3461] bridge0: port 1(bridge_slave_0) entered blocking state [ 1739.233470][ T3461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1739.306239][ T3461] bridge0: port 2(bridge_slave_1) entered blocking state [ 1739.313409][ T3461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1739.337261][T32587] syz.3.8471: attempt to access beyond end of device [ 1739.337261][T32587] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1739.438541][T32592] binder_alloc: 32584: binder_alloc_buf, no vma [ 1740.330010][ T49] IPVS: stop unused estimator thread 0... [ 1740.707350][T32615] syz.1.8479: attempt to access beyond end of device [ 1740.707350][T32615] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1741.167554][T32431] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1741.229617][T32431] veth0_vlan: entered promiscuous mode [ 1741.264371][T32431] veth1_vlan: entered promiscuous mode [ 1741.404038][T32431] veth0_macvtap: entered promiscuous mode [ 1741.446175][T32431] veth1_macvtap: entered promiscuous mode [ 1741.467980][T32431] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1741.478917][T32431] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1741.488873][T32431] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1741.511147][T32431] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1741.556419][T32431] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1741.583880][T32431] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1742.216476][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1742.244292][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1742.445429][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1742.453276][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1742.530555][T32644] binder_alloc: 32635: binder_alloc_buf, no vma [ 1746.154539][T32694] syz.3.8497: attempt to access beyond end of device [ 1746.154539][T32694] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1749.638162][T32738] syz.1.8509: attempt to access beyond end of device [ 1749.638162][T32738] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1752.094556][T30078] usb 1-1: new full-speed USB device number 73 using dummy_hcd [ 1752.344810][T30078] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1752.369535][T30078] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1752.494007][T30078] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 1752.529763][T30078] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1752.544737][T30078] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1752.552861][T30078] usb 1-1: Product: syz [ 1752.560995][T30078] usb 1-1: Manufacturer: syz [ 1752.567621][T30078] usb 1-1: SerialNumber: syz [ 1752.618513][T30078] usb 1-1: config 0 descriptor?? [ 1752.624784][ T339] syz.1.8528: attempt to access beyond end of device [ 1752.624784][ T339] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1752.648418][ T322] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1752.668678][ T322] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1752.696945][T30078] usb 1-1: ucan: probing device on interface #0 [ 1753.182392][T30078] usb 1-1: ucan: device reported invalid tx-fifo size [ 1753.200893][T30078] usb 1-1: ucan: probe failed; try to update the device firmware [ 1753.276668][T21261] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 1753.430121][T21015] usb 1-1: USB disconnect, device number 73 [ 1753.446263][T21261] usb 3-1: config index 0 descriptor too short (expected 162, got 72) [ 1753.456686][T21261] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1753.466737][T21261] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1753.484128][T21261] usb 3-1: Product: syz [ 1753.500467][T21261] usb 3-1: Manufacturer: syz [ 1753.528779][T21261] usb 3-1: SerialNumber: syz [ 1753.543453][T21261] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1753.558622][T28623] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1753.711397][ T368] kvm: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xff21 [ 1753.720174][ T368] kvm: kvm [367]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xff21 [ 1753.735564][ T368] kvm_intel: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1753.752237][ T368] kvm: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xff12 [ 1753.761484][ T368] kvm: kvm [367]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xff12 [ 1753.797746][ T368] kvm_intel: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1753.813618][ T368] kvm_intel: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1753.829018][ T368] kvm_intel: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1753.853965][ T368] kvm: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xd0 [ 1753.864143][ T368] kvm: kvm [367]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x186) = 0xd0 [ 1753.875682][ T368] kvm: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xff21 [ 1753.884497][ T368] kvm: kvm [367]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xff21 [ 1753.893963][ T368] kvm: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xff33 [ 1753.902974][ T368] kvm: kvm [367]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x186) = 0xff33 [ 1753.912448][ T368] kvm_intel: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1753.927024][ T368] kvm_intel: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1753.942401][ T368] kvm_intel: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1754.023220][ T368] kvm_intel: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x2 [ 1754.033414][ T368] kvm_intel: kvm [367]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x1d9) = 0x2 [ 1754.058048][ T368] kvm_intel: kvm [367]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x2 [ 1754.571728][ T380] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8543'. [ 1754.783578][T28623] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1754.804674][T28623] ath9k_htc: Failed to initialize the device [ 1755.456416][T28623] usb 3-1: ath9k_htc: USB layer deinitialized [ 1756.052741][ T389] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8544'. [ 1756.062089][ T389] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8544'. [ 1756.077910][ T9291] usb 3-1: USB disconnect, device number 101 [ 1758.169536][ T5821] Bluetooth: hci3: command 0x0405 tx timeout [ 1758.431933][ T460] syz.2.8564: attempt to access beyond end of device [ 1758.431933][ T460] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1759.488038][ T482] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 1759.674348][T28623] usb 4-1: new full-speed USB device number 68 using dummy_hcd [ 1759.835975][T28623] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1759.872961][T28623] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 1759.909242][T28623] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 1759.952709][T28623] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 1759.957493][ T485] kvm_pr_unimpl_wrmsr: 16 callbacks suppressed [ 1759.957511][ T485] kvm: kvm [484]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1759.970237][T28623] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1760.014223][T28623] usb 4-1: Product: syz [ 1760.016112][ T485] kvm: kvm [484]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1760.018467][T28623] usb 4-1: Manufacturer: syz [ 1760.018486][T28623] usb 4-1: SerialNumber: syz [ 1760.041143][ T485] kvm: kvm [484]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1760.050035][ T485] kvm: kvm [484]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1760.092681][T28623] usb 4-1: config 0 descriptor?? [ 1760.109335][ T478] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1760.121134][ T478] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1760.143049][T28623] usb 4-1: ucan: probing device on interface #0 [ 1760.306432][ T485] kvm: kvm [484]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1760.324510][ T485] kvm: kvm [484]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1760.367470][ T485] kvm: kvm [484]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1760.386403][ T485] kvm: kvm [484]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1760.563915][T28623] usb 4-1: ucan: device reported invalid device info [ 1760.570719][T28623] usb 4-1: ucan: probe failed; try to update the device firmware [ 1760.849191][T28623] usb 4-1: USB disconnect, device number 68 [ 1761.002231][ T501] kvm: pic: non byte write [ 1761.867260][ T524] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8583'. [ 1761.876308][ T524] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8583'. [ 1763.686905][ T9282] usb 1-1: new full-speed USB device number 74 using dummy_hcd [ 1763.995839][ T9282] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1764.007110][ T9282] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1764.024329][ T9282] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1764.033452][ T9282] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1764.821937][ T9282] usb 1-1: config 0 descriptor?? [ 1764.835531][ T9282] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1765.613529][ T553] kvm: kvm [552]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xff21 [ 1765.622363][ T553] kvm: kvm [552]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xff21 [ 1765.634177][ T553] kvm_pr_unimpl_wrmsr: 2 callbacks suppressed [ 1765.634188][ T553] kvm_intel: kvm [552]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1765.655694][ T553] kvm: kvm [552]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xff12 [ 1765.664572][ T553] kvm: kvm [552]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xff12 [ 1765.723409][ T553] kvm_intel: kvm [552]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1765.746841][ T553] kvm_intel: kvm [552]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1765.759089][ T553] kvm_intel: kvm [552]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0xff13 [ 1765.781529][ T553] kvm: kvm [552]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xd0 [ 1766.563084][ T9282] usb 1-1: USB disconnect, device number 74 [ 1766.595571][T28623] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 1767.024749][T28623] usb 4-1: config index 0 descriptor too short (expected 162, got 72) [ 1767.090970][T28623] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1767.111486][T28623] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1767.188176][T28623] usb 4-1: Product: syz [ 1767.201928][T28623] usb 4-1: Manufacturer: syz [ 1767.215425][T28623] usb 4-1: SerialNumber: syz [ 1767.230406][T28623] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1767.251755][ T9291] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1768.325079][ T9291] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 1768.382307][ T9291] ath9k_htc: Failed to initialize the device [ 1768.447458][ T9291] usb 4-1: ath9k_htc: USB layer deinitialized [ 1768.673844][T28623] usb 4-1: USB disconnect, device number 69 [ 1769.289969][ T643] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 1771.810438][ T684] syz.3.8627: attempt to access beyond end of device [ 1771.810438][ T684] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1773.344782][T21261] usb 1-1: new full-speed USB device number 75 using dummy_hcd [ 1773.778210][T21261] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1773.817274][T21261] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1773.826597][T21261] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1773.836971][T21261] usb 1-1: config 0 descriptor?? [ 1773.844597][T21261] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1774.442774][ T738] syz.4.8642: attempt to access beyond end of device [ 1774.442774][ T738] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1775.540601][ T758] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 1776.187530][ T9282] usb 1-1: USB disconnect, device number 75 [ 1776.634444][ T9291] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 1776.786714][ T9291] usb 5-1: config index 0 descriptor too short (expected 162, got 72) [ 1776.797451][ T9291] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1776.807195][ T9291] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1776.828590][ T9291] usb 5-1: Product: syz [ 1776.847160][ T9291] usb 5-1: Manufacturer: syz [ 1776.922952][ T9291] usb 5-1: SerialNumber: syz [ 1776.951004][ T9291] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1776.968337][T21261] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1778.036208][T21261] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 1778.052933][T21261] ath9k_htc: Failed to initialize the device [ 1778.086309][T21261] usb 5-1: ath9k_htc: USB layer deinitialized [ 1778.413260][ T9282] usb 5-1: USB disconnect, device number 77 [ 1778.834459][T21261] usb 4-1: new full-speed USB device number 70 using dummy_hcd [ 1779.026135][T21261] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1779.088773][T21261] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1779.112038][T21261] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1779.125253][T21261] usb 4-1: config 0 descriptor?? [ 1779.134362][T21261] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1780.084197][ T30] audit: type=1400 audit(2000000124.630:11853): avc: denied { setattr } for pid=834 comm="syz.4.8673" name="NETLINK" dev="sockfs" ino=161717 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1780.510423][T30078] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 1780.764793][T30078] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 1780.773871][T30078] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1780.785876][T30078] usb 5-1: Product: syz [ 1780.790084][T30078] usb 5-1: Manufacturer: syz [ 1780.798984][T30078] usb 5-1: SerialNumber: syz [ 1780.808961][T30078] usb 5-1: config 0 descriptor?? [ 1780.818253][T30078] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 078 [ 1781.378971][T30078] (null): failure setting delay to 10us [ 1781.391012][T30078] i2c-tiny-usb 5-1:0.0: probe with driver i2c-tiny-usb failed with error -5 [ 1781.407669][T30078] usb 5-1: USB disconnect, device number 78 [ 1781.535786][ T855] kvm: kvm [854]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 1781.649727][ T9290] usb 4-1: USB disconnect, device number 70 [ 1782.109291][ T864] 9pnet_virtio: no channels available for device 127.0.0.1 [ 1782.157428][ T30] audit: type=1400 audit(2000000126.700:11854): avc: denied { execute } for pid=866 comm="syz.1.8682" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=160612 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1782.194604][ T864] netlink: 1072 bytes leftover after parsing attributes in process `syz.3.8680'. [ 1782.453792][ T883] 9pnet_fd: Insufficient options for proto=fd [ 1782.744361][ T9282] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 1782.934303][ T9282] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 1782.943801][ T9282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1782.953276][ T9282] usb 3-1: Product: syz [ 1782.961110][ T9282] usb 3-1: Manufacturer: syz [ 1782.970518][ T9282] usb 3-1: SerialNumber: syz [ 1783.001468][ T9282] usb 3-1: config 0 descriptor?? [ 1783.020313][ T9282] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 102 [ 1783.056114][ T30] audit: type=1400 audit(2000000127.600:11855): avc: denied { mount } for pid=900 comm="syz.1.8691" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 1783.818420][ T9282] (null): failure setting delay to 10us [ 1783.824704][ T9282] i2c-tiny-usb 3-1:0.0: probe with driver i2c-tiny-usb failed with error -5 [ 1783.840883][ T9282] usb 3-1: USB disconnect, device number 102 [ 1784.134449][ T9290] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 1784.296215][ T9290] usb 1-1: config index 0 descriptor too short (expected 162, got 72) [ 1784.306230][ T9290] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1784.315478][ T9290] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1784.323711][ T9290] usb 1-1: Product: syz [ 1784.328155][ T9290] usb 1-1: Manufacturer: syz [ 1784.332750][ T9290] usb 1-1: SerialNumber: syz [ 1784.342753][ T9290] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1784.360147][T21261] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1784.386891][ T926] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=926 comm=syz.2.8696 [ 1784.388048][ T928] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8696'. [ 1784.729479][ T941] 9pnet_fd: Insufficient options for proto=fd [ 1785.111880][ T948] kvm: kvm [947]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xff21 [ 1785.124186][ T948] kvm: kvm [947]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xff21 [ 1785.514396][T21261] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 1785.521382][T21261] ath9k_htc: Failed to initialize the device [ 1785.580604][T21261] usb 1-1: ath9k_htc: USB layer deinitialized [ 1785.895546][T21261] usb 1-1: USB disconnect, device number 76 [ 1787.424224][ T979] syz.1.8705: attempt to access beyond end of device [ 1787.424224][ T979] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1787.791251][ T983] kvm: kvm [982]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 1789.505611][ T1009] kvm: kvm [1008]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 1789.995151][ T30] audit: type=1400 audit(2000000134.450:11856): avc: denied { execmem } for pid=1018 comm="syz.3.8719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 1790.033897][ T1021] FAULT_INJECTION: forcing a failure. [ 1790.033897][ T1021] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 1790.053136][ T1021] CPU: 0 UID: 0 PID: 1021 Comm: syz.0.8720 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1790.053164][ T1021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1790.053174][ T1021] Call Trace: [ 1790.053180][ T1021] [ 1790.053187][ T1021] dump_stack_lvl+0x16c/0x1f0 [ 1790.053218][ T1021] should_fail_ex+0x512/0x640 [ 1790.053254][ T1021] _copy_from_user+0x2e/0xd0 [ 1790.053279][ T1021] copy_msghdr_from_user+0x98/0x160 [ 1790.053306][ T1021] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1790.053337][ T1021] ? __lock_acquire+0x622/0x1c90 [ 1790.053369][ T1021] ___sys_recvmsg+0xdb/0x1a0 [ 1790.053394][ T1021] ? __pfx____sys_recvmsg+0x10/0x10 [ 1790.053441][ T1021] __sys_recvmsg+0x16a/0x220 [ 1790.053467][ T1021] ? __pfx___sys_recvmsg+0x10/0x10 [ 1790.053509][ T1021] do_syscall_64+0xcd/0x4c0 [ 1790.053539][ T1021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1790.053557][ T1021] RIP: 0033:0x7f623ad8e929 [ 1790.053573][ T1021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1790.053590][ T1021] RSP: 002b:00007f623bb25038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 1790.053608][ T1021] RAX: ffffffffffffffda RBX: 00007f623afb5fa0 RCX: 00007f623ad8e929 [ 1790.053620][ T1021] RDX: 0000000000000060 RSI: 0000200000000240 RDI: 0000000000000003 [ 1790.053631][ T1021] RBP: 00007f623bb25090 R08: 0000000000000000 R09: 0000000000000000 [ 1790.053643][ T1021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1790.053654][ T1021] R13: 0000000000000000 R14: 00007f623afb5fa0 R15: 00007ffc6647d7f8 [ 1790.053678][ T1021] [ 1790.364428][T30078] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 1790.984535][T30078] usb 3-1: Using ep0 maxpacket: 8 [ 1791.181233][T30078] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1791.202619][ T1031] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 1791.281675][T30078] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1791.369800][T30078] usb 3-1: Product: syz [ 1791.662055][T30078] usb 3-1: Manufacturer: syz [ 1791.666811][T30078] usb 3-1: SerialNumber: syz [ 1791.694491][T30078] usb 3-1: config 0 descriptor?? [ 1791.915551][ T1049] vivid-003: disconnect [ 1791.926550][ T30] audit: type=1400 audit(2000000136.460:11857): avc: denied { setopt } for pid=1045 comm="syz.1.8724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1792.356318][T30078] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1792.525564][ T1045] vivid-003: reconnect [ 1792.803279][ T9282] usb 5-1: new full-speed USB device number 79 using dummy_hcd [ 1792.934406][ T9282] usb 5-1: device descriptor read/64, error -71 [ 1792.953700][ T1070] geneve2: entered promiscuous mode [ 1792.967435][ T1070] geneve2: entered allmulticast mode [ 1793.234822][ T9282] usb 5-1: new full-speed USB device number 80 using dummy_hcd [ 1793.364502][ T9282] usb 5-1: device descriptor read/64, error -71 [ 1793.474560][ T9282] usb usb5-port1: attempt power cycle [ 1793.824367][ T9282] usb 5-1: new full-speed USB device number 81 using dummy_hcd [ 1793.855930][ T9282] usb 5-1: device descriptor read/8, error -71 [ 1794.094986][ T9282] usb 5-1: new full-speed USB device number 82 using dummy_hcd [ 1794.115103][ T9282] usb 5-1: device descriptor read/8, error -71 [ 1794.235218][ T9282] usb usb5-port1: unable to enumerate USB device [ 1794.808112][T30078] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1795.050685][ T9290] usb 3-1: USB disconnect, device number 103 [ 1795.125956][ T1085] input: syz1 as /devices/virtual/input/input66 [ 1795.379394][ T1089] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8735'. [ 1795.388456][ T1089] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8735'. [ 1795.906892][ T1093] xt_hashlimit: max too large, truncated to 1048576 [ 1796.244344][ T9290] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 1796.334350][ T1099] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8738'. [ 1796.568788][ T9290] usb 5-1: config index 0 descriptor too short (expected 162, got 72) [ 1796.590087][ T9290] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1796.705765][ T9290] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1796.827938][ T9290] usb 5-1: Product: syz [ 1796.887406][ T9290] usb 5-1: Manufacturer: syz [ 1796.954678][ T9290] usb 5-1: SerialNumber: syz [ 1797.049387][T30078] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 1797.062535][ T9290] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1797.063904][ T1107] FAULT_INJECTION: forcing a failure. [ 1797.063904][ T1107] name failslab, interval 1, probability 0, space 0, times 1 [ 1797.094894][ T1107] CPU: 1 UID: 0 PID: 1107 Comm: syz.2.8740 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1797.094920][ T1107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1797.094931][ T1107] Call Trace: [ 1797.094938][ T1107] [ 1797.094945][ T1107] dump_stack_lvl+0x16c/0x1f0 [ 1797.094977][ T1107] should_fail_ex+0x512/0x640 [ 1797.094999][ T1107] ? fs_reclaim_acquire+0xae/0x150 [ 1797.095019][ T1107] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1797.095043][ T1107] should_failslab+0xc2/0x120 [ 1797.095070][ T1107] __kmalloc_noprof+0xd2/0x510 [ 1797.095097][ T1107] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1797.095122][ T1107] ? tomoyo_profile+0x47/0x60 [ 1797.095156][ T1107] tomoyo_path_number_perm+0x245/0x580 [ 1797.095176][ T1107] ? tomoyo_path_number_perm+0x237/0x580 [ 1797.095199][ T1107] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1797.095222][ T1107] ? find_held_lock+0x2b/0x80 [ 1797.095266][ T1107] ? find_held_lock+0x2b/0x80 [ 1797.095285][ T1107] ? hook_file_ioctl_common+0x145/0x410 [ 1797.095308][ T1107] ? __fget_files+0x20e/0x3c0 [ 1797.095334][ T1107] security_file_ioctl+0x9b/0x240 [ 1797.095359][ T1107] __x64_sys_ioctl+0xb7/0x210 [ 1797.095379][ T1107] do_syscall_64+0xcd/0x4c0 [ 1797.095407][ T1107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1797.095423][ T1107] RIP: 0033:0x7f372118e929 [ 1797.095437][ T1107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1797.095453][ T1107] RSP: 002b:00007f3721f96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1797.095471][ T1107] RAX: ffffffffffffffda RBX: 00007f37213b5fa0 RCX: 00007f372118e929 [ 1797.095482][ T1107] RDX: 0000200000000380 RSI: 00000000c01064ab RDI: 0000000000000003 [ 1797.095493][ T1107] RBP: 00007f3721f96090 R08: 0000000000000000 R09: 0000000000000000 [ 1797.095503][ T1107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1797.095513][ T1107] R13: 0000000000000000 R14: 00007f37213b5fa0 R15: 00007ffcb6ae84c8 [ 1797.095537][ T1107] [ 1797.095545][ T1107] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1797.136288][T21261] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1797.254377][T30078] usb 1-1: Using ep0 maxpacket: 32 [ 1797.439754][ T1116] FAULT_INJECTION: forcing a failure. [ 1797.439754][ T1116] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1797.452916][ T1116] CPU: 0 UID: 0 PID: 1116 Comm: syz.2.8743 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1797.452945][ T1116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1797.452956][ T1116] Call Trace: [ 1797.452963][ T1116] [ 1797.452970][ T1116] dump_stack_lvl+0x16c/0x1f0 [ 1797.453001][ T1116] should_fail_ex+0x512/0x640 [ 1797.453028][ T1116] _copy_to_iter+0x29f/0x16f0 [ 1797.453056][ T1116] ? __pfx___skb_try_recv_datagram+0x10/0x10 [ 1797.453084][ T1116] ? __pfx__copy_to_iter+0x10/0x10 [ 1797.453111][ T1116] ? __skb_recv_datagram+0x1b2/0x220 [ 1797.453136][ T1116] ? __pfx___skb_recv_datagram+0x10/0x10 [ 1797.453161][ T1116] simple_copy_to_iter+0x46/0x90 [ 1797.453183][ T1116] __skb_datagram_iter+0x129/0x900 [ 1797.453204][ T1116] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 1797.453226][ T1116] ? skb_recv_datagram+0x88/0xc0 [ 1797.453253][ T1116] skb_copy_datagram_iter+0x40/0x50 [ 1797.453276][ T1116] raw_recvmsg+0x19c/0x740 [ 1797.453304][ T1116] ? __pfx_raw_recvmsg+0x10/0x10 [ 1797.453329][ T1116] ? find_held_lock+0x2b/0x80 [ 1797.453355][ T1116] ? __pfx_raw_recvmsg+0x10/0x10 [ 1797.453377][ T1116] inet_recvmsg+0x46f/0x6a0 [ 1797.453402][ T1116] ? __pfx_inet_recvmsg+0x10/0x10 [ 1797.453424][ T1116] ? avc_has_perm_noaudit+0x149/0x3b0 [ 1797.453449][ T1116] sock_recvmsg+0x1b2/0x250 [ 1797.453469][ T1116] sock_read_iter+0x2b9/0x3b0 [ 1797.453488][ T1116] ? __pfx_sock_read_iter+0x10/0x10 [ 1797.453518][ T1116] ? __pfx_file_has_perm+0x10/0x10 [ 1797.453541][ T1116] do_iter_readv_writev+0x738/0x950 [ 1797.453565][ T1116] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1797.453585][ T1116] ? selinux_file_permission+0x126/0x660 [ 1797.453612][ T1116] ? bpf_lsm_file_permission+0x9/0x10 [ 1797.453639][ T1116] ? security_file_permission+0x71/0x210 [ 1797.453663][ T1116] ? rw_verify_area+0xcf/0x680 [ 1797.453684][ T1116] vfs_readv+0x4cb/0x8b0 [ 1797.453709][ T1116] ? __pfx_vfs_readv+0x10/0x10 [ 1797.453747][ T1116] ? __fget_files+0x20e/0x3c0 [ 1797.453769][ T1116] ? __fget_files+0x120/0x3c0 [ 1797.453799][ T1116] ? do_readv+0x28c/0x340 [ 1797.453817][ T1116] do_readv+0x28c/0x340 [ 1797.453837][ T1116] ? __pfx_do_readv+0x10/0x10 [ 1797.453864][ T1116] do_syscall_64+0xcd/0x4c0 [ 1797.453898][ T1116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1797.453916][ T1116] RIP: 0033:0x7f372118e929 [ 1797.453932][ T1116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1797.453950][ T1116] RSP: 002b:00007f3721f96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1797.453967][ T1116] RAX: ffffffffffffffda RBX: 00007f37213b5fa0 RCX: 00007f372118e929 [ 1797.453979][ T1116] RDX: 0000000000000001 RSI: 00002000000007c0 RDI: 0000000000000003 [ 1797.453989][ T1116] RBP: 00007f3721f96090 R08: 0000000000000000 R09: 0000000000000000 [ 1797.454000][ T1116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1797.454011][ T1116] R13: 0000000000000000 R14: 00007f37213b5fa0 R15: 00007ffcb6ae84c8 [ 1797.454036][ T1116] [ 1797.790893][T30078] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1797.802492][T30078] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 1797.819441][T30078] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1797.842110][T30078] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1797.851940][T30078] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1797.860245][T30078] usb 1-1: Product: syz [ 1798.104056][T30078] usb 1-1: Manufacturer: syz [ 1798.229440][T30078] usb 1-1: SerialNumber: syz [ 1798.294663][ T1127] xt_hashlimit: max too large, truncated to 1048576 [ 1798.404591][T21261] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 1798.479413][T21261] ath9k_htc: Failed to initialize the device [ 1798.541703][T30078] usb 1-1: Audio class v2/v3 interfaces need an interface association [ 1798.546936][T21261] usb 5-1: ath9k_htc: USB layer deinitialized [ 1798.694416][T21015] usb 4-1: new full-speed USB device number 71 using dummy_hcd [ 1798.708939][T30078] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1798.730130][T30078] usb 1-1: USB disconnect, device number 77 [ 1799.267650][T21015] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 1799.277068][T21015] usb 4-1: config 0 has no interface number 0 [ 1799.283175][T21015] usb 4-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1799.294707][T21015] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1799.305861][T21015] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1799.350431][T21015] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.04 [ 1799.368591][ T9283] usb 5-1: USB disconnect, device number 83 [ 1799.379396][T21015] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1799.388105][T21015] usb 4-1: Product: syz [ 1799.392306][T21015] usb 4-1: SerialNumber: syz [ 1799.401756][T21015] usb 4-1: config 0 descriptor?? [ 1799.416961][T21015] cm109 4-1:0.8: invalid payload size 0, expected 4 [ 1799.457916][T21015] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input67 [ 1799.618677][ T1149] FAULT_INJECTION: forcing a failure. [ 1799.618677][ T1149] name failslab, interval 1, probability 0, space 0, times 0 [ 1799.631570][ T1149] CPU: 0 UID: 0 PID: 1149 Comm: syz.0.8753 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1799.631596][ T1149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1799.631606][ T1149] Call Trace: [ 1799.631613][ T1149] [ 1799.631620][ T1149] dump_stack_lvl+0x16c/0x1f0 [ 1799.631649][ T1149] should_fail_ex+0x512/0x640 [ 1799.631671][ T1149] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1799.631697][ T1149] should_failslab+0xc2/0x120 [ 1799.631721][ T1149] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1799.631743][ T1149] ? copy_process+0x4b6/0x76a0 [ 1799.631766][ T1149] ? _raw_spin_unlock_irq+0x23/0x50 [ 1799.631790][ T1149] copy_process+0x4b6/0x76a0 [ 1799.631822][ T1149] ? __pfx_copy_process+0x10/0x10 [ 1799.631856][ T1149] kernel_clone+0xfc/0x960 [ 1799.631880][ T1149] ? __pfx_kernel_clone+0x10/0x10 [ 1799.631911][ T1149] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1799.631941][ T1149] __do_sys_clone+0xce/0x120 [ 1799.631961][ T1149] ? __pfx___do_sys_clone+0x10/0x10 [ 1799.631993][ T1149] ? ksys_write+0x1ac/0x250 [ 1799.632013][ T1149] ? __pfx_ksys_write+0x10/0x10 [ 1799.632041][ T1149] do_syscall_64+0xcd/0x4c0 [ 1799.632067][ T1149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1799.632084][ T1149] RIP: 0033:0x7f623ad8e929 [ 1799.632104][ T1149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1799.632121][ T1149] RSP: 002b:00007f623bb24fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1799.632138][ T1149] RAX: ffffffffffffffda RBX: 00007f623afb5fa0 RCX: 00007f623ad8e929 [ 1799.632149][ T1149] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1799.632159][ T1149] RBP: 00007f623bb25090 R08: 0000000000000000 R09: 0000000000000000 [ 1799.632169][ T1149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1799.632179][ T1149] R13: 0000000000000000 R14: 00007f623afb5fa0 R15: 00007ffc6647d7f8 [ 1799.632203][ T1149] [ 1800.120013][ T9283] usb 3-1: new full-speed USB device number 104 using dummy_hcd [ 1800.213560][ T1154] x_tables: duplicate underflow at hook 1 [ 1800.589913][ T9283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1800.604434][ T9283] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1800.614759][ T9283] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1800.624234][ T9283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1800.641249][ T9283] usb 3-1: config 0 descriptor?? [ 1800.658960][ T30] audit: type=1400 audit(2000000145.200:11858): avc: denied { mount } for pid=1158 comm="syz.0.8755" name="/" dev="autofs" ino=162795 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 1801.206791][ T30] audit: type=1400 audit(2000000145.760:11859): avc: denied { read } for pid=1158 comm="syz.0.8755" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 1801.229971][ C1] vkms_vblank_simulate: vblank timer overrun [ 1801.236797][ T30] audit: type=1400 audit(2000000145.760:11860): avc: denied { open } for pid=1158 comm="syz.0.8755" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 1801.260414][ C1] vkms_vblank_simulate: vblank timer overrun [ 1801.273017][ T30] audit: type=1400 audit(2000000145.820:11861): avc: denied { ioctl } for pid=1158 comm="syz.0.8755" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 1801.425351][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1801.433900][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1801.441440][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1801.448885][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1801.456162][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1801.463657][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1801.470973][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1801.478083][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1801.485277][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1801.492392][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1801.500151][ T9291] usb 4-1: USB disconnect, device number 71 [ 1801.500200][ C1] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1801.508251][ T30] audit: type=1400 audit(2000000146.050:11862): avc: denied { unmount } for pid=32431 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 1801.547526][ T9291] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1801.659927][ T1170] binder: BINDER_SET_CONTEXT_MGR already set [ 1801.672924][ T1170] binder: 1164:1170 ioctl 4018620d 200000000040 returned -16 [ 1801.994932][ T1174] syz.0.8757: attempt to access beyond end of device [ 1801.994932][ T1174] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1801.997653][ T9283] usbhid 3-1:0.0: can't add hid device: -71 [ 1802.043330][ T9283] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1802.144830][ T9283] usb 3-1: USB disconnect, device number 104 [ 1802.173778][ T1177] binder_alloc: 1176: binder_alloc_buf, no vma [ 1802.254150][ T1182] FAULT_INJECTION: forcing a failure. [ 1802.254150][ T1182] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1802.273663][ T30] audit: type=1400 audit(2000000146.790:11863): avc: denied { create } for pid=1178 comm="syz.1.8761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1802.293926][ C1] vkms_vblank_simulate: vblank timer overrun [ 1802.319820][ T1182] CPU: 1 UID: 0 PID: 1182 Comm: syz.3.8762 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1802.319846][ T1182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1802.319856][ T1182] Call Trace: [ 1802.319869][ T1182] [ 1802.319877][ T1182] dump_stack_lvl+0x16c/0x1f0 [ 1802.319908][ T1182] should_fail_ex+0x512/0x640 [ 1802.319936][ T1182] _copy_from_user+0x2e/0xd0 [ 1802.319961][ T1182] copy_msghdr_from_user+0x98/0x160 [ 1802.319988][ T1182] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1802.320024][ T1182] ___sys_sendmsg+0xfe/0x1d0 [ 1802.320051][ T1182] ? __pfx____sys_sendmsg+0x10/0x10 [ 1802.320072][ T1182] ? __lock_acquire+0x622/0x1c90 [ 1802.320129][ T1182] __sys_sendmsg+0x16d/0x220 [ 1802.320155][ T1182] ? __pfx___sys_sendmsg+0x10/0x10 [ 1802.320196][ T1182] do_syscall_64+0xcd/0x4c0 [ 1802.320225][ T1182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1802.320243][ T1182] RIP: 0033:0x7f96b7d8e929 [ 1802.320258][ T1182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1802.320275][ T1182] RSP: 002b:00007f96b8cd3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1802.320293][ T1182] RAX: ffffffffffffffda RBX: 00007f96b7fb5fa0 RCX: 00007f96b7d8e929 [ 1802.320305][ T1182] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000004 [ 1802.320316][ T1182] RBP: 00007f96b8cd3090 R08: 0000000000000000 R09: 0000000000000000 [ 1802.320327][ T1182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1802.320338][ T1182] R13: 0000000000000000 R14: 00007f96b7fb5fa0 R15: 00007ffeeae02a58 [ 1802.320362][ T1182] [ 1802.486999][ C1] vkms_vblank_simulate: vblank timer overrun [ 1802.499002][ T30] audit: type=1400 audit(2000000146.820:11864): avc: denied { write } for pid=1178 comm="syz.1.8761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1802.524002][ T1186] netlink: 'syz.1.8763': attribute type 3 has an invalid length. [ 1802.541961][ T1186] netlink: 'syz.1.8763': attribute type 1 has an invalid length. [ 1802.613533][ T30] audit: type=1400 audit(2000000146.820:11865): avc: denied { nlmsg_write } for pid=1178 comm="syz.1.8761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1802.784393][T21015] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 1802.944379][T21015] usb 1-1: Using ep0 maxpacket: 8 [ 1803.200454][T21015] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1803.208341][ T1193] lo speed is unknown, defaulting to 1000 [ 1803.210013][T21015] usb 1-1: config 1 has no interface number 1 [ 1803.224650][T21015] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1803.370856][T21015] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1804.345888][T21015] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1804.354017][T21015] usb 1-1: Manufacturer: Ј [ 1804.358636][T21015] usb 1-1: SerialNumber: syz [ 1804.413783][ T1206] FAULT_INJECTION: forcing a failure. [ 1804.413783][ T1206] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1804.430091][ T1206] CPU: 1 UID: 0 PID: 1206 Comm: syz.3.8768 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1804.430119][ T1206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1804.430131][ T1206] Call Trace: [ 1804.430137][ T1206] [ 1804.430144][ T1206] dump_stack_lvl+0x16c/0x1f0 [ 1804.430179][ T1206] should_fail_ex+0x512/0x640 [ 1804.430206][ T1206] _copy_from_user+0x2e/0xd0 [ 1804.430231][ T1206] copy_msghdr_from_user+0x98/0x160 [ 1804.430258][ T1206] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1804.430295][ T1206] ___sys_sendmsg+0xfe/0x1d0 [ 1804.430323][ T1206] ? __pfx____sys_sendmsg+0x10/0x10 [ 1804.430346][ T1206] ? __lock_acquire+0x622/0x1c90 [ 1804.430405][ T1206] __sys_sendmsg+0x16d/0x220 [ 1804.430430][ T1206] ? __pfx___sys_sendmsg+0x10/0x10 [ 1804.430472][ T1206] do_syscall_64+0xcd/0x4c0 [ 1804.430502][ T1206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1804.430521][ T1206] RIP: 0033:0x7f96b7d8e929 [ 1804.430535][ T1206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1804.430553][ T1206] RSP: 002b:00007f96b8cd3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1804.430572][ T1206] RAX: ffffffffffffffda RBX: 00007f96b7fb5fa0 RCX: 00007f96b7d8e929 [ 1804.430584][ T1206] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004 [ 1804.430594][ T1206] RBP: 00007f96b8cd3090 R08: 0000000000000000 R09: 0000000000000000 [ 1804.430605][ T1206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1804.430616][ T1206] R13: 0000000000000000 R14: 00007f96b7fb5fa0 R15: 00007ffeeae02a58 [ 1804.430640][ T1206] [ 1805.188249][ T1189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1805.244730][ T1189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1805.276240][T21015] usb 1-1: 2:1 : format type 0 is detected, processed as PCM [ 1805.283667][T21015] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 1805.291688][ T1216] FAULT_INJECTION: forcing a failure. [ 1805.291688][ T1216] name failslab, interval 1, probability 0, space 0, times 0 [ 1805.316492][T21015] usb 1-1: USB disconnect, device number 78 [ 1805.322481][ T1216] CPU: 1 UID: 0 PID: 1216 Comm: syz.1.8771 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1805.322506][ T1216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1805.322516][ T1216] Call Trace: [ 1805.322523][ T1216] [ 1805.322530][ T1216] dump_stack_lvl+0x16c/0x1f0 [ 1805.322560][ T1216] should_fail_ex+0x512/0x640 [ 1805.322582][ T1216] ? fs_reclaim_acquire+0xae/0x150 [ 1805.322602][ T1216] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1805.322627][ T1216] should_failslab+0xc2/0x120 [ 1805.322652][ T1216] __kmalloc_noprof+0xd2/0x510 [ 1805.322680][ T1216] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1805.322707][ T1216] ? tomoyo_profile+0x47/0x60 [ 1805.322736][ T1216] tomoyo_path_number_perm+0x245/0x580 [ 1805.322757][ T1216] ? tomoyo_path_number_perm+0x237/0x580 [ 1805.322779][ T1216] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1805.322800][ T1216] ? find_held_lock+0x2b/0x80 [ 1805.322843][ T1216] ? find_held_lock+0x2b/0x80 [ 1805.322862][ T1216] ? hook_file_ioctl_common+0x145/0x410 [ 1805.322884][ T1216] ? __fget_files+0x20e/0x3c0 [ 1805.322910][ T1216] security_file_ioctl+0x9b/0x240 [ 1805.322936][ T1216] __x64_sys_ioctl+0xb7/0x210 [ 1805.322958][ T1216] do_syscall_64+0xcd/0x4c0 [ 1805.322991][ T1216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1805.323009][ T1216] RIP: 0033:0x7f3c3838e929 [ 1805.323023][ T1216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1805.323040][ T1216] RSP: 002b:00007f3c39266038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1805.323057][ T1216] RAX: ffffffffffffffda RBX: 00007f3c385b5fa0 RCX: 00007f3c3838e929 [ 1805.323068][ T1216] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1805.323079][ T1216] RBP: 00007f3c39266090 R08: 0000000000000000 R09: 0000000000000000 [ 1805.323089][ T1216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1805.323099][ T1216] R13: 0000000000000000 R14: 00007f3c385b5fa0 R15: 00007ffcaeb9f4e8 [ 1805.323122][ T1216] [ 1805.323129][ T1216] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1805.556468][ T1212] ceph: No mds server is up or the cluster is laggy [ 1805.631383][ T1227] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8773'. [ 1807.608064][ T1264] lo speed is unknown, defaulting to 1000 [ 1809.189656][ T1287] tipc: Enabling of bearer rejected, failed to enable media [ 1809.636340][T21015] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 1809.719921][ T1301] lo speed is unknown, defaulting to 1000 [ 1809.794467][T21015] usb 4-1: Using ep0 maxpacket: 8 [ 1809.817268][T21015] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1809.867720][T21015] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1809.920645][T21015] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1809.930765][T21015] usb 4-1: New USB device found, idVendor=04b4, idProduct=bca1, bcdDevice= 0.00 [ 1809.941376][T21015] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1809.987805][T21015] usb 4-1: config 0 descriptor?? [ 1810.431040][T21015] cypress 0003:04B4:BCA1.0052: unknown main item tag 0x0 [ 1810.438223][T21015] cypress 0003:04B4:BCA1.0052: unknown main item tag 0x0 [ 1810.447425][T21015] cypress 0003:04B4:BCA1.0052: unknown main item tag 0x0 [ 1810.470260][T21015] cypress 0003:04B4:BCA1.0052: hidraw0: USB HID v0.04 Device [HID 04b4:bca1] on usb-dummy_hcd.3-1/input0 [ 1811.055724][T21015] usb 4-1: USB disconnect, device number 72 [ 1811.256643][ T30] audit: type=1400 audit(2000000155.810:11866): avc: denied { read write } for pid=1324 comm="syz.2.8806" name="usbmon0" dev="devtmpfs" ino=717 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 1811.293190][ T30] audit: type=1400 audit(2000000155.810:11867): avc: denied { open } for pid=1324 comm="syz.2.8806" path="/dev/usbmon0" dev="devtmpfs" ino=717 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 1811.318434][ T30] audit: type=1400 audit(2000000155.810:11868): avc: denied { ioctl } for pid=1324 comm="syz.2.8806" path="/dev/usbmon0" dev="devtmpfs" ino=717 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 1811.834389][ T9290] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 1812.004774][ T9290] usb 5-1: Using ep0 maxpacket: 16 [ 1812.032846][ T9290] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 1812.049295][ T1345] bridge: RTM_NEWNEIGH with invalid ether address [ 1812.055907][ T9290] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1812.093570][ T9290] usb 5-1: config 0 descriptor?? [ 1812.197631][ T30] audit: type=1400 audit(2000000156.750:11869): avc: denied { read } for pid=1342 comm="syz.1.8811" name="rtc0" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1812.252659][ T30] audit: type=1400 audit(2000000156.750:11870): avc: denied { open } for pid=1342 comm="syz.1.8811" path="/dev/rtc0" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1812.344354][ T30] audit: type=1400 audit(2000000156.780:11871): avc: denied { ioctl } for pid=1342 comm="syz.1.8811" path="/dev/rtc0" dev="devtmpfs" ino=922 ioctlcmd=0x7003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1812.549417][ T9290] lenovo 0003:17EF:6047.0053: hidraw0: USB HID v1.01 Device [HID 17ef:6047] on usb-dummy_hcd.4-1/input0 [ 1813.959620][ T9290] usb 5-1: USB disconnect, device number 84 [ 1814.536538][ T30] audit: type=1400 audit(2000000159.090:11872): avc: denied { map_create } for pid=1365 comm="syz.1.8818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1814.624399][ T30] audit: type=1400 audit(2000000159.090:11873): avc: denied { bpf } for pid=1365 comm="syz.1.8818" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1814.663612][ T30] audit: type=1400 audit(2000000159.090:11874): avc: denied { map_read map_write } for pid=1365 comm="syz.1.8818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1814.925949][ T30] audit: type=1400 audit(2000000159.110:11875): avc: denied { prog_load } for pid=1365 comm="syz.1.8818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1817.312760][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 1817.312777][ T30] audit: type=1400 audit(2000000161.860:11888): avc: denied { mounton } for pid=1389 comm="syz.3.8823" path="/521/file0" dev="tmpfs" ino=2768 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1817.419308][ T30] audit: type=1400 audit(2000000161.900:11889): avc: denied { mount } for pid=1389 comm="syz.3.8823" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 1817.425360][ T1418] lo speed is unknown, defaulting to 1000 [ 1817.454709][ T30] audit: type=1400 audit(2000000161.950:11890): avc: denied { read } for pid=1410 comm="syz.2.8829" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1817.477724][ T30] audit: type=1400 audit(2000000161.950:11891): avc: denied { open } for pid=1410 comm="syz.2.8829" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1817.502288][ T30] audit: type=1400 audit(2000000161.950:11892): avc: denied { ioctl } for pid=1410 comm="syz.2.8829" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1817.538024][ T30] audit: type=1400 audit(2000000162.090:11893): avc: denied { create } for pid=1417 comm="syz.0.8831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 1817.649080][ T30] audit: type=1400 audit(2000000162.110:11894): avc: denied { connect } for pid=1417 comm="syz.0.8831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 1817.767680][ T1423] usb usb8: usbfs: process 1423 (syz.4.8832) did not claim interface 0 before use [ 1818.143023][ T30] audit: type=1400 audit(2000000162.120:11895): avc: denied { read } for pid=1417 comm="syz.0.8831" name="ppp" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1818.166112][ T30] audit: type=1400 audit(2000000162.120:11896): avc: denied { open } for pid=1417 comm="syz.0.8831" path="/dev/ppp" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1818.196989][ T30] audit: type=1400 audit(2000000162.120:11897): avc: denied { ioctl } for pid=1417 comm="syz.0.8831" path="/dev/ppp" dev="devtmpfs" ino=710 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1818.794672][ T1429] netlink: 96 bytes leftover after parsing attributes in process `syz.1.8830'. [ 1820.254680][ T1445] SELinux: ebitmap: truncated map [ 1820.346790][ T1445] SELinux: failed to load policy [ 1821.183587][ T1468] overlayfs: failed to resolve './file0': -2 [ 1821.684491][T21015] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 1821.894309][T21015] usb 4-1: Using ep0 maxpacket: 16 [ 1821.907639][T21015] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1821.934311][T21015] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1821.958545][T21015] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 1821.967927][T21015] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1822.198363][T21015] usb 4-1: config 0 descriptor?? [ 1822.705898][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 1822.705915][ T30] audit: type=1400 audit(2000000167.260:11929): avc: denied { create } for pid=1477 comm="syz.2.8849" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 1823.740040][ T30] audit: type=1400 audit(2000000168.290:11930): avc: denied { unlink } for pid=1485 comm="syz.4.8852" name="#1c" dev="tmpfs" ino=2919 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 1823.776620][ T30] audit: type=1400 audit(2000000168.290:11931): avc: denied { mount } for pid=1485 comm="syz.4.8852" name="/" dev="overlay" ino=2914 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1823.799189][ T30] audit: type=1400 audit(2000000168.290:11932): avc: denied { create } for pid=1485 comm="syz.4.8852" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1823.851458][ T30] audit: type=1400 audit(2000000168.290:11933): avc: denied { link } for pid=1485 comm="syz.4.8852" name="file1" dev="tmpfs" ino=2921 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1823.890800][ T30] audit: type=1400 audit(2000000168.290:11934): avc: denied { rename } for pid=1485 comm="syz.4.8852" name="file0" dev="overlay" ino=2921 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1824.093487][ T30] audit: type=1400 audit(2000000168.320:11935): avc: denied { setattr } for pid=1485 comm="syz.4.8852" name="#1e" dev="tmpfs" ino=2922 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1824.246344][T21015] usbhid 4-1:0.0: can't add hid device: -71 [ 1824.252708][T21015] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1824.261048][ T30] audit: type=1400 audit(2000000168.380:11936): avc: denied { unmount } for pid=23992 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1824.293493][T21015] usb 4-1: USB disconnect, device number 73 [ 1824.472496][ T30] audit: type=1400 audit(2000000168.390:11937): avc: denied { unlink } for pid=23992 comm="syz-executor" name="00fb210001e25228468beb40abab186930a7331a75b512301a690b000000000000" dev="tmpfs" ino=2922 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 1824.613951][ T1496] lo speed is unknown, defaulting to 1000 [ 1824.752711][ T30] audit: type=1400 audit(2000000169.300:11938): avc: denied { create } for pid=1493 comm="syz.3.8854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1826.160688][ T1539] x_tables: ip_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 1826.842335][ T1553] veth1_macvtap: left promiscuous mode [ 1826.858333][ T1553] macsec0: entered promiscuous mode [ 1827.904629][ T24] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 1827.970277][ T1576] cgroup: Unknown subsys name 'subj_role' [ 1828.161108][ T24] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1828.246250][ T24] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1828.313455][ T24] usb 5-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00 [ 1828.341130][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1828.360042][ T24] usb 5-1: config 0 descriptor?? [ 1828.390332][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 1828.390348][ T30] audit: type=1400 audit(2000000172.940:11954): avc: denied { unmount } for pid=32431 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1828.780296][T21015] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 1828.792030][ T24] sunplus 0003:04FC:05D8.0054: unknown main item tag 0x0 [ 1828.799687][ T24] sunplus 0003:04FC:05D8.0054: unknown main item tag 0x0 [ 1828.807104][ T24] sunplus 0003:04FC:05D8.0054: unknown main item tag 0x0 [ 1828.814161][ T24] sunplus 0003:04FC:05D8.0054: unknown main item tag 0x0 [ 1828.821276][ T24] sunplus 0003:04FC:05D8.0054: unknown main item tag 0x0 [ 1828.828654][ T24] sunplus 0003:04FC:05D8.0054: unknown main item tag 0x0 [ 1828.848572][ T24] sunplus 0003:04FC:05D8.0054: hidraw0: USB HID v0.05 Device [HID 04fc:05d8] on usb-dummy_hcd.4-1/input0 [ 1829.028341][ T1587] devpts: Invalid uid '0x00000000ffffffff' [ 1829.072669][ T30] audit: type=1400 audit(2000000173.560:11955): avc: denied { mount } for pid=1581 comm="syz.0.8887" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 1829.126630][T21015] usb 4-1: Using ep0 maxpacket: 8 [ 1829.178232][T15574] usb 5-1: USB disconnect, device number 85 [ 1829.190935][T21015] usb 4-1: config 0 has an invalid interface number: 32 but max is 0 [ 1829.576818][T21015] usb 4-1: config 0 has no interface number 0 [ 1829.623932][T21015] usb 4-1: config 0 interface 32 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1829.635829][ T30] audit: type=1400 audit(2000000173.570:11956): avc: denied { getopt } for pid=1581 comm="syz.0.8887" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1829.701076][ T30] audit: type=1400 audit(2000000173.580:11957): avc: denied { remount } for pid=1581 comm="syz.0.8887" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 1829.721131][ T30] audit: type=1400 audit(2000000174.100:11958): avc: denied { sys_module } for pid=1581 comm="syz.0.8887" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 1830.246160][T21015] usb 4-1: config 0 interface 32 has no altsetting 0 [ 1830.246594][ T30] audit: type=1400 audit(2000000174.800:11959): avc: denied { unmount } for pid=32431 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 1830.252886][T21015] usb 4-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00 [ 1830.252910][T21015] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1830.260454][T21015] usb 4-1: config 0 descriptor?? [ 1831.397500][T21015] usbhid 4-1:0.32: can't add hid device: -71 [ 1831.403649][T21015] usbhid 4-1:0.32: probe with driver usbhid failed with error -71 [ 1831.414610][T21015] usb 4-1: USB disconnect, device number 74 [ 1831.629815][ T30] audit: type=1400 audit(2000000176.170:11960): avc: denied { mount } for pid=1614 comm="syz.2.8895" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1831.710999][ T30] audit: type=1400 audit(2000000176.260:11961): avc: denied { watch watch_reads } for pid=1600 comm="syz.0.8893" path="/88" dev="tmpfs" ino=473 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 1831.742704][ T1613] tipc: Started in network mode [ 1831.747837][ T1613] tipc: Node identity ea86c9e8d46e, cluster identity 4711 [ 1831.755260][ T1613] tipc: Enabled bearer , priority 0 [ 1831.766074][ T1613] tipc: Disabling bearer [ 1833.067202][ T30] audit: type=1400 audit(2000000176.860:11962): avc: denied { setopt } for pid=1621 comm="syz.2.8898" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1834.378689][ T1635] tipc: Enabled bearer , priority 0 [ 1834.403860][ T1635] tipc: Disabling bearer [ 1834.793509][ T1640] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8902'. [ 1836.149193][ T1653] netlink: 'syz.3.8908': attribute type 29 has an invalid length. [ 1836.191194][ T1653] netlink: 'syz.3.8908': attribute type 29 has an invalid length. [ 1836.928972][ T30] audit: type=1400 audit(2000000181.480:11963): avc: denied { relabelfrom } for pid=1671 comm="syz.1.8916" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 1837.070664][ T30] audit: type=1400 audit(2000000181.530:11964): avc: denied { relabelto } for pid=1671 comm="syz.1.8916" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 1838.136254][ T30] audit: type=1400 audit(2000000182.680:11965): avc: denied { write } for pid=1706 comm="syz.2.8933" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1838.266416][ T30] audit: type=1400 audit(2000000182.820:11966): avc: denied { create } for pid=1713 comm="syz.2.8935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 1838.327878][ T30] audit: type=1400 audit(2000000182.840:11967): avc: denied { create } for pid=1713 comm="syz.2.8935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1838.369717][ T30] audit: type=1400 audit(2000000182.840:11968): avc: denied { create } for pid=1713 comm="syz.2.8935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1838.390279][ T30] audit: type=1400 audit(2000000182.840:11969): avc: denied { write } for pid=1713 comm="syz.2.8935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1838.411593][ T30] audit: type=1400 audit(2000000182.840:11970): avc: denied { connect } for pid=1713 comm="syz.2.8935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1838.432067][ T30] audit: type=1400 audit(2000000182.840:11971): avc: denied { name_connect } for pid=1713 comm="syz.2.8935" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 1838.453539][ T30] audit: type=1400 audit(2000000182.850:11972): avc: denied { setopt } for pid=1713 comm="syz.2.8935" lport=36842 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1839.752787][ T1716] netlink: 'syz.0.8936': attribute type 29 has an invalid length. [ 1839.766775][ T1730] dvmrp1: tun_chr_ioctl cmd 1074025676 [ 1839.772314][ T1730] dvmrp1: owner set to 0 [ 1839.800257][ T1735] syzkaller0: entered allmulticast mode [ 1840.569177][ T1757] netlink: 'syz.2.8951': attribute type 40 has an invalid length. [ 1840.579040][ T1759] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8947'. [ 1840.606238][ T1754] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8947'. [ 1840.631284][ T1759] netlink: 60 bytes leftover after parsing attributes in process `syz.0.8947'. [ 1841.265760][ T24] hid-generic 0000:0000:0000.0055: unknown main item tag 0x0 [ 1841.645988][ T24] hid-generic 0000:0000:0000.0055: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1841.989172][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 1841.989190][ T30] audit: type=1400 audit(2000000186.400:11993): avc: denied { execmem } for pid=1795 comm="syz.1.8969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 1842.538090][ T30] audit: type=1400 audit(2000000187.090:11994): avc: denied { read } for pid=1784 comm="syz.2.8963" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1842.595978][ T30] audit: type=1400 audit(2000000187.090:11995): avc: denied { open } for pid=1784 comm="syz.2.8963" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1842.712279][ T30] audit: type=1400 audit(2000000187.130:11996): avc: denied { shutdown } for pid=1784 comm="syz.2.8963" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 1842.786720][ T30] audit: type=1400 audit(2000000187.330:11997): avc: denied { create } for pid=1811 comm="syz.1.8973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1842.844545][ T30] audit: type=1400 audit(2000000187.340:11998): avc: denied { connect } for pid=1811 comm="syz.1.8973" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1843.444508][ T30] audit: type=1400 audit(2000000187.990:11999): avc: denied { read write } for pid=1816 comm="syz.2.8975" name="uinput" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 1843.493839][ T30] audit: type=1400 audit(2000000187.990:12000): avc: denied { open } for pid=1816 comm="syz.2.8975" path="/dev/uinput" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 1843.537988][ T30] audit: type=1326 audit(2000000188.030:12001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1818 comm="syz.2.8976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f372118e929 code=0x7ffc0000 [ 1843.561799][ T30] audit: type=1326 audit(2000000188.030:12002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1818 comm="syz.2.8976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f372118e929 code=0x7ffc0000 [ 1843.602576][ T5821] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1843.617313][ T5821] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1843.637061][ T5821] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1843.656749][ T5821] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1843.669417][ T5821] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1844.790880][ T1821] lo speed is unknown, defaulting to 1000 [ 1845.566789][T32516] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1845.577601][T32516] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1845.754452][T32432] Bluetooth: hci4: command tx timeout [ 1845.768542][T32516] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1845.783412][T32516] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1845.819551][ T1821] chnl_net:caif_netlink_parms(): no params data found [ 1845.832960][ T1847] xt_hashlimit: size too large, truncated to 1048576 [ 1845.845968][ T1840] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8982'. [ 1845.904824][ T1840] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8982'. [ 1846.411773][T32516] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1846.440603][T32516] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1846.647507][T32516] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1846.673441][T32516] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1846.730617][ T1861] kernel profiling enabled (shift: 9) [ 1846.861507][ T1821] bridge0: port 1(bridge_slave_0) entered blocking state [ 1846.888940][ T1821] bridge0: port 1(bridge_slave_0) entered disabled state [ 1846.902128][ T1821] bridge_slave_0: entered allmulticast mode [ 1846.920750][ T1821] bridge_slave_0: entered promiscuous mode [ 1846.938574][ T1821] bridge0: port 2(bridge_slave_1) entered blocking state [ 1846.947686][ T1821] bridge0: port 2(bridge_slave_1) entered disabled state [ 1846.955123][ T1821] bridge_slave_1: entered allmulticast mode [ 1846.962755][ T1821] bridge_slave_1: entered promiscuous mode [ 1847.060175][ T1821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1847.082400][ T1821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1847.106235][T32516] bridge_slave_1: left allmulticast mode [ 1847.111916][T32516] bridge_slave_1: left promiscuous mode [ 1847.127939][T32516] bridge0: port 2(bridge_slave_1) entered disabled state [ 1847.158153][T32516] bridge_slave_0: left allmulticast mode [ 1847.163273][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 1847.163288][ T30] audit: type=1400 audit(2000000191.710:12043): avc: denied { getopt } for pid=1875 comm="syz.2.8994" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1847.163862][T32516] bridge_slave_0: left promiscuous mode [ 1847.174015][ T1877] futex_wake_op: syz.2.8994 tries to shift op by -1; fix this program [ 1847.192786][T32516] bridge0: port 1(bridge_slave_0) entered disabled state [ 1847.358225][ T30] audit: type=1400 audit(2000000191.910:12044): avc: denied { create } for pid=1881 comm="syz.4.8995" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1847.688284][ T30] audit: type=1400 audit(2000000192.210:12045): avc: denied { ioctl } for pid=1881 comm="syz.4.8995" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=166963 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1847.845319][ T5821] Bluetooth: hci4: command tx timeout [ 1848.002094][ T30] audit: type=1400 audit(2000000192.550:12046): avc: denied { write } for pid=1875 comm="syz.2.8994" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 1848.114347][ T30] audit: type=1400 audit(2000000192.660:12047): avc: denied { ioctl } for pid=1889 comm="syz.0.8997" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 1848.162557][ T30] audit: type=1400 audit(2000000192.710:12048): avc: denied { read write } for pid=1891 comm="syz.4.8996" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 1848.188573][ T30] audit: type=1400 audit(2000000192.740:12049): avc: denied { open } for pid=1891 comm="syz.4.8996" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 1848.277242][ T30] audit: type=1400 audit(2000000192.740:12050): avc: denied { mounton } for pid=1891 comm="syz.4.8996" path="/573/file0" dev="tmpfs" ino=3059 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1848.318370][ T30] audit: type=1400 audit(2000000192.740:12051): avc: denied { mount } for pid=1891 comm="syz.4.8996" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 1848.387761][ T30] audit: type=1400 audit(2000000192.940:12052): avc: denied { mounton } for pid=1896 comm="syz.0.8998" path="/105/file0" dev="tmpfs" ino=565 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 1848.532067][T32516] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1848.549691][T32516] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1848.550809][ T1906] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9001'. [ 1848.572618][T32516] bond0 (unregistering): Released all slaves [ 1848.627622][ T1821] team0: Port device team_slave_0 added [ 1848.670560][ T1821] team0: Port device team_slave_1 added [ 1848.694584][T21261] usb 3-1: new high-speed USB device number 105 using dummy_hcd [ 1848.754710][T32516] tipc: Left network mode [ 1848.760363][ T1821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1848.779622][ T1821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1848.822336][ T1821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1848.866196][ T1821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1848.873169][ T1821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1848.934422][ T1821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1848.946521][T21261] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1848.961992][T21261] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1848.990293][T21261] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1849.040920][T21261] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1849.055862][T21261] usb 3-1: config 0 descriptor?? [ 1849.156770][ T1821] hsr_slave_0: entered promiscuous mode [ 1849.174440][ T1821] hsr_slave_1: entered promiscuous mode [ 1849.180800][ T1821] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1849.204449][ T1821] Cannot create hsr debugfs directory [ 1849.255547][T32516] hsr_slave_0: left promiscuous mode [ 1849.262546][T32516] hsr_slave_1: left promiscuous mode [ 1849.282255][T32516] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1849.303264][T32516] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1849.312318][T32516] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1849.328732][T32516] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1849.376244][T32516] veth1_macvtap: left promiscuous mode [ 1849.381799][T32516] veth0_macvtap: left promiscuous mode [ 1849.391819][T32516] veth1_vlan: left promiscuous mode [ 1849.399052][T32516] veth0_vlan: left promiscuous mode [ 1849.676996][ T5821] Bluetooth: hci3: command 0x0405 tx timeout [ 1849.914453][T32432] Bluetooth: hci4: command tx timeout [ 1850.364122][T21261] uclogic 0003:256C:006D.0056: failed retrieving string descriptor #200: -71 [ 1850.382517][T21261] uclogic 0003:256C:006D.0056: failed retrieving pen parameters: -71 [ 1850.390722][T21261] uclogic 0003:256C:006D.0056: failed probing pen v2 parameters: -71 [ 1850.399083][T21261] uclogic 0003:256C:006D.0056: failed probing parameters: -71 [ 1850.409311][T21261] uclogic 0003:256C:006D.0056: probe with driver uclogic failed with error -71 [ 1850.421243][T21261] usb 3-1: USB disconnect, device number 105 [ 1850.552487][T32516] team0 (unregistering): Port device team_slave_1 removed [ 1850.597184][T32516] team0 (unregistering): Port device team_slave_0 removed [ 1851.073020][ T1926] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1851.100623][ T9291] lo speed is unknown, defaulting to 1000 [ 1851.107369][ T9291] infiniband syz0: ib_query_port failed (-19) [ 1851.242032][ T1946] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9015'. [ 1851.269401][ T1955] tmpfs: Bad value for 'nr_inodes' [ 1851.994488][T32432] Bluetooth: hci4: command tx timeout [ 1852.057323][ T1966] tipc: Enabled bearer , priority 0 [ 1852.086948][T28623] usb 5-1: new full-speed USB device number 86 using dummy_hcd [ 1852.115499][ T1962] tipc: Resetting bearer [ 1852.236802][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 1852.236819][ T30] audit: type=1400 audit(2000000196.780:12092): avc: denied { mounton } for pid=1975 comm="syz.0.9028" path="/115/bus" dev="tmpfs" ino=620 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 1852.267191][ T30] audit: type=1400 audit(2000000196.790:12093): avc: denied { unlink } for pid=1975 comm="syz.0.9028" name="#1f" dev="tmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 1852.302027][T28623] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1852.308654][ T30] audit: type=1400 audit(2000000196.790:12094): avc: denied { mount } for pid=1975 comm="syz.0.9028" name="/" dev="overlay" ino=619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1852.334171][T28623] usb 5-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 1852.334205][T28623] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1852.369076][T28623] usb 5-1: config 0 descriptor?? [ 1852.405159][ T30] audit: type=1400 audit(2000000196.960:12095): avc: denied { unmount } for pid=32431 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 1852.452840][ T30] audit: type=1326 audit(2000000197.010:12096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1973 comm="syz.2.9027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f372118e929 code=0x7ffc0000 [ 1852.517507][ T30] audit: type=1326 audit(2000000197.010:12097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1973 comm="syz.2.9027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f372118e929 code=0x7ffc0000 [ 1852.566561][ T30] audit: type=1400 audit(2000000197.030:12098): avc: denied { read write } for pid=1973 comm="syz.2.9027" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 1852.615937][ T30] audit: type=1400 audit(2000000197.030:12099): avc: denied { open } for pid=1973 comm="syz.2.9027" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 1852.661083][ T30] audit: type=1400 audit(2000000197.040:12100): avc: denied { mount } for pid=1973 comm="syz.2.9027" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 1852.687205][ T30] audit: type=1400 audit(2000000197.230:12101): avc: denied { create } for pid=1960 comm="syz.4.9021" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1854.005495][ T1992] netlink: 'syz.4.9030': attribute type 27 has an invalid length. [ 1854.286052][T28623] usbhid 5-1:0.0: can't add hid device: -71 [ 1854.292114][T28623] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1854.332765][T28623] usb 5-1: USB disconnect, device number 86 [ 1855.445939][ T1962] tipc: Disabling bearer [ 1855.790526][ T1992] bridge0: port 1(bridge_slave_0) entered disabled state [ 1856.975281][ T1992] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1857.012471][ T1992] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1857.394409][ T1992] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1857.414337][ T1992] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1857.423243][ T1992] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1857.434421][ T1992] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1857.622671][ T1993] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1857.630107][ T1993] 8021q: adding VLAN 0 to HW filter on device team0 [ 1857.726816][ T1993] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1857.860556][ T1999] lo: entered promiscuous mode [ 1857.885066][ T1999] lo: left promiscuous mode [ 1857.988881][ T2017] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9038'. [ 1858.393749][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 1858.393765][ T30] audit: type=1400 audit(2000000202.860:12127): avc: denied { name_bind } for pid=2039 comm="syz.3.9044" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 1858.446785][ T30] audit: type=1400 audit(2000000202.860:12128): avc: denied { name_bind } for pid=2039 comm="syz.3.9044" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1 [ 1858.690255][ T1821] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1858.731373][ T1821] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1858.755444][ T1821] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1858.777150][ T30] audit: type=1400 audit(2000000203.330:12129): avc: denied { prog_load } for pid=2055 comm="syz.3.9053" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1858.801844][ T1821] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1858.808713][ T30] audit: type=1400 audit(2000000203.330:12130): avc: denied { bpf } for pid=2055 comm="syz.3.9053" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1858.857146][ T30] audit: type=1400 audit(2000000203.330:12131): avc: denied { perfmon } for pid=2055 comm="syz.3.9053" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1858.898871][ T30] audit: type=1400 audit(2000000203.330:12132): avc: denied { prog_run } for pid=2055 comm="syz.3.9053" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1858.919491][ T30] audit: type=1400 audit(2000000203.390:12133): avc: denied { create } for pid=1821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1859.004292][ T30] audit: type=1400 audit(2000000203.390:12134): avc: denied { write } for pid=1821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1859.049581][ T30] audit: type=1400 audit(2000000203.390:12135): avc: denied { read } for pid=1821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1859.059403][ T1821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1859.087000][ T2071] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1859.097574][ T1821] 8021q: adding VLAN 0 to HW filter on device team0 [ 1859.129819][T32516] bridge0: port 1(bridge_slave_0) entered blocking state [ 1859.137017][T32516] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1859.179206][T32516] bridge0: port 2(bridge_slave_1) entered blocking state [ 1859.186386][T32516] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1859.972498][ T2095] netlink: 76 bytes leftover after parsing attributes in process `syz.2.9065'. [ 1860.577501][ T2108] netlink: 'syz.4.9069': attribute type 4 has an invalid length. [ 1860.632322][ T2109] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9069'. [ 1861.225903][ T2091] netlink: 96 bytes leftover after parsing attributes in process `syz.3.9063'. [ 1861.272485][ T1821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1861.382747][ T2113] netlink: 'syz.4.9071': attribute type 1 has an invalid length. [ 1861.392446][ T1821] veth0_vlan: entered promiscuous mode [ 1861.405698][ T2113] netlink: 16150 bytes leftover after parsing attributes in process `syz.4.9071'. [ 1861.429813][ T1821] veth1_vlan: entered promiscuous mode [ 1861.518325][ T1821] veth0_macvtap: entered promiscuous mode [ 1861.549157][ T1821] veth1_macvtap: entered promiscuous mode [ 1861.596747][ T1821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1861.621316][ T1821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1861.648083][ T1821] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1861.657510][ T1821] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1861.674400][ T1821] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1861.683158][ T1821] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1861.833413][T32516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1861.861748][T32516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1861.917810][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1861.926507][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1863.036295][ T2158] netlink: 'syz.3.9090': attribute type 1 has an invalid length. [ 1863.174536][ T2158] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1863.231087][ T2165] SELinux: syz.0.9092 (2165) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 1863.232463][ T2169] hub 2-0:1.0: USB hub found [ 1863.250293][ T2169] hub 2-0:1.0: 1 port detected [ 1863.339421][ T2163] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1863.347006][ T2163] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1863.376928][ T2163] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 1863.403863][ T30] kauditd_printk_skb: 1132 callbacks suppressed [ 1863.403879][ T30] audit: type=1326 audit(2000000207.950:13251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2171 comm="syz.2.9096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f372118e929 code=0x7ffc0000 [ 1863.452819][ T30] audit: type=1326 audit(2000000207.970:13252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2171 comm="syz.2.9096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f372118e929 code=0x7ffc0000 [ 1863.480563][ T30] audit: type=1326 audit(2000000207.970:13253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2171 comm="syz.2.9096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7f372118e929 code=0x7ffc0000 [ 1863.545785][ T30] audit: type=1326 audit(2000000207.970:13254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2171 comm="syz.2.9096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f372118e929 code=0x7ffc0000 [ 1863.573821][ T30] audit: type=1326 audit(2000000207.970:13255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2171 comm="syz.2.9096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f372118e929 code=0x7ffc0000 [ 1863.752654][ T2189] ------------[ cut here ]------------ [ 1863.756387][ T30] audit: type=1326 audit(2000000208.300:13256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2188 comm="syz.1.9104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01858e929 code=0x7ffc0000 [ 1863.758164][ T2189] Please remove unsupported % in format string [ 1863.788678][ T2189] WARNING: CPU: 1 PID: 2189 at lib/vsprintf.c:2724 format_decode+0xac6/0xd40 [ 1863.797486][ T2189] Modules linked in: [ 1863.800860][ T30] audit: type=1326 audit(2000000208.300:13257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2188 comm="syz.1.9104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7fa01858e929 code=0x7ffc0000 [ 1863.801619][ T2189] CPU: 1 UID: 0 PID: 2189 Comm: syz.1.9104 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1863.834996][ T30] audit: type=1326 audit(2000000208.300:13258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2188 comm="syz.1.9104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01858e929 code=0x7ffc0000 [ 1863.836957][ T2189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1863.870449][ T2189] RIP: 0010:format_decode+0xac6/0xd40 [ 1863.875850][ T2189] Code: ea 03 0f b6 04 02 4c 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 c2 01 00 00 41 0f b6 75 00 48 c7 c7 c0 0a 14 8d e8 db 33 fe f5 90 <0f> 0b 90 90 e9 d8 fa ff ff 49 bc 00 00 00 00 00 fc ff df 31 db e8 [ 1863.895487][ T2189] RSP: 0018:ffffc900050776b8 EFLAGS: 00010282 [ 1863.897859][ T30] audit: type=1326 audit(2000000208.300:13259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2188 comm="syz.1.9104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa01858e929 code=0x7ffc0000 [ 1863.901546][ T2189] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000fd53000 [ 1863.901563][ T2189] RDX: 0000000000080000 RSI: ffffffff817ae255 RDI: 0000000000000001 [ 1863.940955][ T2189] RBP: ffffc90005077758 R08: 0000000000000001 R09: 0000000000000000 [ 1863.948955][ T2189] R10: 0000000000000000 R11: 000000000007ce60 R12: 0000000000000004 [ 1863.956952][ T2189] R13: ffffc9000507795c R14: ffffc900050777e8 R15: 0000000000000000 [ 1863.964949][ T2189] FS: 00007fa0193d76c0(0000) GS:ffff888124853000(0000) knlGS:0000000000000000 [ 1863.973891][ T2189] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1863.980521][ T2189] CR2: 00007f96b8cd2f98 CR3: 000000007a289000 CR4: 00000000003526f0 [ 1863.988529][ T2189] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1863.996530][ T2189] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1864.001836][ T30] audit: type=1400 audit(2000000208.550:13260): avc: denied { execute } for pid=2186 comm="syz.3.9103" dev="tmpfs" ino=784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1864.004521][ T2189] Call Trace: [ 1864.004532][ T2189] [ 1864.004544][ T2189] ? __pfx_format_decode+0x10/0x10 [ 1864.004571][ T2189] ? is_bpf_text_address+0x8a/0x1a0 [ 1864.004597][ T2189] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1864.004623][ T2189] bstr_printf+0x168/0x10a0 [ 1864.004656][ T2189] ? __pfx_bstr_printf+0x10/0x10 [ 1864.004683][ T2189] ? __lock_acquire+0x622/0x1c90 [ 1864.062443][ T2189] bpf_trace_printk+0x10a/0x190 [ 1864.067337][ T2189] ? __pfx_bpf_trace_printk+0x10/0x10 [ 1864.072731][ T2189] ? ktime_get+0x200/0x310 [ 1864.077190][ T2189] ? lockdep_hardirqs_on+0x7c/0x110 [ 1864.082391][ T2189] ? read_tsc+0x9/0x20 [ 1864.086481][ T2189] bpf_prog_12183cdb1cd51dab+0x37/0x3f [ 1864.091942][ T2189] bpf_test_run+0x48c/0xa70 [ 1864.096487][ T2189] ? __pfx_bpf_test_run+0x10/0x10 [ 1864.101527][ T2189] ? __asan_memset+0x23/0x50 [ 1864.106140][ T2189] bpf_prog_test_run_skb+0xb92/0x2280 [ 1864.111514][ T2189] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1864.117343][ T2189] ? fput+0x70/0xf0 [ 1864.121170][ T2189] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1864.127008][ T2189] __sys_bpf+0x1488/0x4d80 [ 1864.131436][ T2189] ? kmem_cache_free+0x2d1/0x4d0 [ 1864.136407][ T2189] ? __pfx___sys_bpf+0x10/0x10 [ 1864.141189][ T2189] ? audit_log_end+0x14a/0x2b0 [ 1864.145993][ T2189] ? audit_seccomp+0x21f/0x290 [ 1864.150805][ T2189] __x64_sys_bpf+0x78/0xc0 [ 1864.155256][ T2189] do_syscall_64+0xcd/0x4c0 [ 1864.159783][ T2189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1864.165728][ T2189] RIP: 0033:0x7fa01858e929 [ 1864.170147][ T2189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1864.189768][ T2189] RSP: 002b:00007fa0193d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1864.198178][ T2189] RAX: ffffffffffffffda RBX: 00007fa0187b5fa0 RCX: 00007fa01858e929 [ 1864.206161][ T2189] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 000000000000000a [ 1864.214131][ T2189] RBP: 00007fa018610b39 R08: 0000000000000000 R09: 0000000000000000 [ 1864.222123][ T2189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1864.230087][ T2189] R13: 0000000000000000 R14: 00007fa0187b5fa0 R15: 00007ffdbaf92278 [ 1864.238082][ T2189] [ 1864.241110][ T2189] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1864.248383][ T2189] CPU: 1 UID: 0 PID: 2189 Comm: syz.1.9104 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1864.260343][ T2189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1864.270382][ T2189] Call Trace: [ 1864.273644][ T2189] [ 1864.276564][ T2189] dump_stack_lvl+0x3d/0x1f0 [ 1864.281151][ T2189] panic+0x71c/0x800 [ 1864.285042][ T2189] ? __pfx_panic+0x10/0x10 [ 1864.289456][ T2189] ? show_trace_log_lvl+0x29b/0x3e0 [ 1864.294666][ T2189] ? format_decode+0xac6/0xd40 [ 1864.299420][ T2189] check_panic_on_warn+0xab/0xb0 [ 1864.304352][ T2189] __warn+0xf6/0x3c0 [ 1864.308240][ T2189] ? format_decode+0xac6/0xd40 [ 1864.312993][ T2189] report_bug+0x3c3/0x580 [ 1864.317316][ T2189] ? format_decode+0xac6/0xd40 [ 1864.322069][ T2189] handle_bug+0x184/0x210 [ 1864.326384][ T2189] exc_invalid_op+0x17/0x50 [ 1864.330872][ T2189] asm_exc_invalid_op+0x1a/0x20 [ 1864.335709][ T2189] RIP: 0010:format_decode+0xac6/0xd40 [ 1864.341071][ T2189] Code: ea 03 0f b6 04 02 4c 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 c2 01 00 00 41 0f b6 75 00 48 c7 c7 c0 0a 14 8d e8 db 33 fe f5 90 <0f> 0b 90 90 e9 d8 fa ff ff 49 bc 00 00 00 00 00 fc ff df 31 db e8 [ 1864.360666][ T2189] RSP: 0018:ffffc900050776b8 EFLAGS: 00010282 [ 1864.366720][ T2189] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000fd53000 [ 1864.374678][ T2189] RDX: 0000000000080000 RSI: ffffffff817ae255 RDI: 0000000000000001 [ 1864.382637][ T2189] RBP: ffffc90005077758 R08: 0000000000000001 R09: 0000000000000000 [ 1864.390616][ T2189] R10: 0000000000000000 R11: 000000000007ce60 R12: 0000000000000004 [ 1864.398572][ T2189] R13: ffffc9000507795c R14: ffffc900050777e8 R15: 0000000000000000 [ 1864.406538][ T2189] ? __warn_printk+0x1a5/0x350 [ 1864.411300][ T2189] ? format_decode+0xac5/0xd40 [ 1864.416055][ T2189] ? __pfx_format_decode+0x10/0x10 [ 1864.421155][ T2189] ? is_bpf_text_address+0x8a/0x1a0 [ 1864.426344][ T2189] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1864.432227][ T2189] bstr_printf+0x168/0x10a0 [ 1864.436731][ T2189] ? __pfx_bstr_printf+0x10/0x10 [ 1864.441667][ T2189] ? __lock_acquire+0x622/0x1c90 [ 1864.446603][ T2189] bpf_trace_printk+0x10a/0x190 [ 1864.451448][ T2189] ? __pfx_bpf_trace_printk+0x10/0x10 [ 1864.456818][ T2189] ? ktime_get+0x200/0x310 [ 1864.461225][ T2189] ? lockdep_hardirqs_on+0x7c/0x110 [ 1864.466414][ T2189] ? read_tsc+0x9/0x20 [ 1864.470476][ T2189] bpf_prog_12183cdb1cd51dab+0x37/0x3f [ 1864.475921][ T2189] bpf_test_run+0x48c/0xa70 [ 1864.480439][ T2189] ? __pfx_bpf_test_run+0x10/0x10 [ 1864.485477][ T2189] ? __asan_memset+0x23/0x50 [ 1864.490059][ T2189] bpf_prog_test_run_skb+0xb92/0x2280 [ 1864.495424][ T2189] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1864.501218][ T2189] ? fput+0x70/0xf0 [ 1864.505022][ T2189] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1864.510813][ T2189] __sys_bpf+0x1488/0x4d80 [ 1864.515220][ T2189] ? kmem_cache_free+0x2d1/0x4d0 [ 1864.520148][ T2189] ? __pfx___sys_bpf+0x10/0x10 [ 1864.524919][ T2189] ? audit_log_end+0x14a/0x2b0 [ 1864.529680][ T2189] ? audit_seccomp+0x21f/0x290 [ 1864.534459][ T2189] __x64_sys_bpf+0x78/0xc0 [ 1864.538870][ T2189] do_syscall_64+0xcd/0x4c0 [ 1864.543367][ T2189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1864.549246][ T2189] RIP: 0033:0x7fa01858e929 [ 1864.553651][ T2189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1864.573243][ T2189] RSP: 002b:00007fa0193d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1864.581643][ T2189] RAX: ffffffffffffffda RBX: 00007fa0187b5fa0 RCX: 00007fa01858e929 [ 1864.589597][ T2189] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 000000000000000a [ 1864.597553][ T2189] RBP: 00007fa018610b39 R08: 0000000000000000 R09: 0000000000000000 [ 1864.605507][ T2189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1864.613461][ T2189] R13: 0000000000000000 R14: 00007fa0187b5fa0 R15: 00007ffdbaf92278 [ 1864.621428][ T2189] [ 1864.624622][ T2189] Kernel Offset: disabled [ 1864.628928][ T2189] Rebooting in 86400 seconds..