last executing test programs: 16.754747177s ago: executing program 4 (id=464): r0 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000240)=0x3bc0, 0x4) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$packet(r0, &(0x7f00000002c0)="fb57975e267951722b395d37bac8", 0xe, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x2000) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9c, 0x32, 0x3f, 0x8, 0x4a5, 0x3003, 0x3ab2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x2, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x28, 0xf0, 0xf6}}]}}]}}, 0x0) syz_usb_control_io(r2, &(0x7f0000002000)={0x2c, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r4}, 0x18) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000340)=@ccm_128={{0x304}, "5bdc2487a315253f", "0ee8e5710b8018567f1636c16b18b844", "57ebed03", "8ae370cf900e6a87"}, 0x28) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xa, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="620ac4fff000002e07c92b00000000009500000000000000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 13.435087475s ago: executing program 2 (id=472): syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) gettid() sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6(0xa, 0x3, 0x38) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000005140)) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r3, &(0x7f00000000c0)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000001dc0)=""/83, 0x53, 0x0, 0x0, 0x4, 0x3, 0x10000000}}, 0x120) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000340)="580c9159c978ddd6ae338a4b3270ea941c3368b7ca5b282f517628550ccdc491514343f82a1feac4ba353480ab96eb2562c1a02d03d4f8e0983c0525e880f6995b9a4a50385acfb45ccf861ce77bd0dd22be1efeb04f173fd911e2883ab1cc9716651253eff6b53791db87311178cad695018af124e5276616a19c96540cfd4cd3ad17d478b10003e7eb059b98e4e00c5b007bff092691a7c0cadb5802f198e6b5f071c172caedfe27bf863fae724bfb957e622c55bc683486271bd28c06048fa683", 0xc2) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000180)='\x00', &(0x7f00000001c0)='@%$\x00', 0x0) syz_open_dev$sndpcmp(&(0x7f0000000140), 0x3, 0x800) 12.515586944s ago: executing program 4 (id=474): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x81082, 0x0) io_uring_setup(0x2a2e, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x1}) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) r2 = socket$netlink(0x10, 0x3, 0x0) epoll_create1(0x80000) socket$pppl2tp(0x18, 0x1, 0x1) io_setup(0x2, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x2, r2, 0x0, 0x0, 0x0, 0x0, 0x2}]) 12.133066354s ago: executing program 4 (id=476): r0 = socket(0x2, 0x2, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000040)=0xfffffffd) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f00000000c0)=0x2) writev(r1, &(0x7f0000001500)=[{&(0x7f00000013c0)="f0", 0x1}], 0x1) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r1, 0x0) connect$unix(r0, &(0x7f0000000340)=@file={0x1, './file1\x00'}, 0x6e) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) rmdir(&(0x7f00000001c0)='./file1\x00') recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$clear(0x3, 0xfffffffffffffffd) bind$unix(r0, &(0x7f0000000000)=@abs, 0x6e) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$FBIOBLANK(r5, 0x4611, 0x4) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80000, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) eventfd(0x4) ioctl$sock_netrom_SIOCDELRT(r8, 0x890c, &(0x7f00000003c0)={0x0, @null, @bpq0, 0x1, 'syz0\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x9, 0x8, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @null, @null, @null, @default, @null, @bcast]}) 11.024787352s ago: executing program 4 (id=480): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000020c0)={&(0x7f00000000c0)=ANY=[@ANYRES32, @ANYBLOB="0000000014000100fe80000000000000000000000000001f14000100fe8000000000000000000000000000bb0800"], 0x54}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket(0x11, 0x3, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004600002c0864000000059078ac141400e0000001d887c156ea9d79d056ffffffffffffffff01d570cef1832f161019b2b9b3c550849498338dc4fb58a7cdcf69bfea788199dd33fdb86445f8ffa2e600", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000080)={{0x0, 0x1}}) ioctl$SNDRV_TIMER_IOCTL_INFO(r5, 0x40605414, &(0x7f0000000000)) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000600)) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x4000000) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) r7 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0) writev(r7, &(0x7f0000002100)=[{&(0x7f0000002080)='T01\n', 0x4}], 0x1) socket$inet_smc(0x2b, 0x1, 0x0) 10.488734373s ago: executing program 3 (id=482): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_LLC_SET_PARAMS(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x400d055) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x40) r6 = epoll_create(0x97) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) sendmsg$inet(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000240)='n7', 0x2}], 0x1, 0x0, 0x0, 0xf0ffffff}, 0x40) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f0000000040)) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, 0x0) 9.202586085s ago: executing program 4 (id=485): r0 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000240)=0x3bc0, 0x4) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$packet(r0, &(0x7f00000002c0)="fb57975e267951722b395d37bac8", 0xe, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x2000) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9c, 0x32, 0x3f, 0x8, 0x4a5, 0x3003, 0x3ab2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x2, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x28, 0xf0, 0xf6}}]}}]}}, 0x0) syz_usb_control_io(r2, &(0x7f0000002000)={0x2c, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r4}, 0x18) mq_getsetattr(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000340)=@ccm_128={{0x304}, "5bdc2487a315253f", "0ee8e5710b8018567f1636c16b18b844", "57ebed03", "8ae370cf900e6a87"}, 0x28) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xa, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="620ac4fff000002e07c92b00000000009500000000000000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 8.382648634s ago: executing program 3 (id=486): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x81082, 0x0) io_uring_setup(0x2a2e, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x1}) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) r2 = socket$netlink(0x10, 0x3, 0x0) epoll_create1(0x80000) socket$pppl2tp(0x18, 0x1, 0x1) io_setup(0x2, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x2, r2, 0x0, 0x0, 0x0, 0x0, 0x2}]) 8.170811787s ago: executing program 1 (id=487): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2c, r4, 0x1, 0x70bd2d, 0x0, {0x1b}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}}, 0x0) write$cgroup_devices(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="70e6702b8ec2e5be2af534a8bec0cca9d044e8ba20352d987b84cfb5ae9723afca00c9439ee9dd906d96a2f3ddaa51497ec2ed5c31d2ab2e1e5dae6571447b0d32a942e915b35dd9dc52274dc186cbd689b5d700f7fb3a7f5d7e89a1d8deaace6208a7ed3a9ce67297a646342dd833dfd667490de438ea8c2464aff7f90e616902add89e38514c7d9b9e2ddcd3c6a692fb2638685117a818de1e4d7a7a8c3fb8ab6375152b8b43d3a03071961736cb75abd8fe78602c55948eb48fe61946d76773bcbc993933b56c0c59a7f2f4597e5e589bb5ad6926c950fdbd773d87a675a59d21f302d632e5410dda234af4aea319938badd81674fcdff94e71fe6e89e6d9af9c5f6a913f9dd3b99f1a3c9a30cf76cef78f00a644a413ea6dcf4db0d6b5dfe5d52a7acc02dbfe56d8ad2397c000b48bf27c8cb83547c0e23d60dedd7bf3604c778e8ce7dde61fed591b059742b548ed6af9e8eb148b1efafbb53c54e95cdd550c8aa0e5820b217b766bd1c56a40c108ac75d3fe8ea21876a0c62fcbefbb0f9c2b84a58eeefa78f92dd5e10b3234e9d8e4fe6b8c8d0afb07c98cbda66fef41a373ba9df6d587a22f7501ab6e833241619be68b8da75460d3db7947748ce107411e831850f5c635f3e4dc0bd3107290ebaa89553e8f9236722f6a68525332bca920a7ce8dd76348632b4dc7301a580db05a6bddf68a35e4d35de25d98c4f49173b28af80daf1fa3e5035d28991315fa30f164e80bc3cf821063c9b05b644bd7bb09fbb307f2ae2ba4ab1328e916261b2bb7f50521eed6958fdb96955a1f8fda3da5715cdc1ff73b673e76bb740d7d30b97fe4987bc96387dfd9e4ec4d4607252f5d9688abd1d2b5142ea474fd21932d223ec6abd5121a87a64a2b1a69e8190bc2d1f013bddb1f10af1994a4d91d3839d28a88b678391c18d6a7934726863f66931bce141fea67e74d2e174e44724679f77a74b1983154e520b917da8a1952944a098920287419eb061910a720a76cb86f8b2b67503a82eb9aa2dbd61a357a753dc449c2a78b0d2ed5a00c3d2ef9e52ee2e188f8e535ef4267b0a5c85470d30370266f96683a5ed61545f4fa946439a069712bea246343ad5775ea766e707a89b6ec8b9d1bc030dcdbb856be09dac3a37371b765dad143ace81be89acf5ebbc33c1ebacb380730e36fb3258a44fd382365ea7d88d0d9fff18ad93de4445be62dcd18e975d8199c1d27f9157f1d1dbcd51dbe5e3dcd4fe5bd23e37c554ab20078034db993adb110705f536ec3db699da4fd3f5ea849049b014d10f7721fcc7d85b0601670935e580a72f2ad2a89dbcf2dd18d03ba28aa0962e2036b6b38a14f9c86821b5934a352d05b8b8adc44cadb5b41bfdc87afca8c908ccd49dc96dcb709e3f330b9554ab37c197084e7084e1e53593c2fd650b28614f7625db2ad1e3a89a29d7e7fcd6dd71eb8695b144c86b1349f56b2fd3ebc9a31b18e8c6887756c7bbeed8a7bdfea9836913380bd87e10065344042c92dadf7a20b4621a8113c966cc41a3f443c3d19a6d736e319b4286b6c1ea8fbb0566eec04415210be4f398facd5efe28b37f07ce5f5e701d6f75a55161f3200f438a89bad80f0aa71e469f478df1872652f7c7a8968360c656b70cd2c2ff852db828446a04cf5e9c8e26b43db496e9b3bc841400340c3cb6c809cfd360594f99239f7e538e357dffb719001fe8a6815ae8bfb601d908777688dcbcf72da4c2df06b4f2af81b87a6f3c55ed59d2d32d39963cfda3caa217122f9cf1589936baaa9f372638a24acb7ab6d48b5b26e28504fc0b799d4430eb0a224f4983204164f17b02253f7d8cf44e62d9e1bfc3d2977da7158a8a14bc235ad10f42ddb06e954dab662d632d96d0a9af201563e2a7d03e9553adccc4217834fa1f66b794e4d13257a2c8081567dfe3789882cdc938d3e64ebb4440249364ca52389d9f91e00d907ee7b9dd35adf5e704671e30c03aad01cb568847666d6aeb44ca70d68e9967e4c37732863a551d0dcc426340a4ae9c48be3b368b55372802dc51b8ea8c6c7f76c14c833cbdc7da810c766cacb4fee0ad1abd6150d32f9d6fc182e661ebde9a5e2fe71b883010ddcc21b8e43d2bf93e0daa17cc08a4c894b815d6302d2dc8bda1c9effd0284ca19390ef7655c6eaa9dc3d074b7cd67dd1d640863d75863f71e278faca1a7cd8ae7ae94374901eb41f7084bb03f2af8362ac88b009f95cbb1ab126a5fee8356e959ecc89c8fd11cf37a3aa2569deefa25e5413e91154b07b5954549cdc4fd32ea0ca316edc800e17cdcce193514b38eab2924abe3bbccb33458a7d2186e6f690d69fd31b8f0498e6a87cb9f286b12f07db9ce55147d7174d4574fecaac0b90bc877fbff0e314d18229dbbb8a50190099886b8504309252b2469a1bf9cfb7a9076430cf6654c76498a9522e5c91ad28b3de549f6a1c7de9fd50e3427a468395fddc6bbb650da645362f4fd55e79fa21ba0d724733e9ba73ca126f625ee71c0c7f35522eeca03f4c4178c6a35ddf0211ec170e142dedad5a5be33b1535ed84602d5ccc47d1873c00ef54206e745ae7aa034f1707b412e66b6be10fdcd3e5fc0e36295672e686a6268e8fb314f6803a9256e0b7979c9f52907d79e0961d89f4029b5909c25c9ec3c2d8cba9150b35b093e1df42ee25060e842567e47d03e64923082e99c0e9d937faf5aa20fcd5ca2732b8c683afc7496a0b823a82321bc8b98b9c11758ee6a7860195502fc939a6794da840d620b65c5c631e954f55e70ad2707e98c0f50e300c25e0f1ab86cf3dd100df540953593f4de56572b140a9f9640708114e9a114e298094ce6c99abfebde96cac90b76272758fdcb57c864887dc9f738ae9376d68f4055c8f9d5216c69d707eff6218497b49061438e4db6b90aadf8f9427d57af8b9fc4965b5e6eb4afbb6590358e57637a5f9e994361edf2ddee8b8df123396f8e4a6fe4bbcb1589370489782abb4d5e95983b269ab5214c7a98634ea71a70df1653d3959b7e8e29a5f71d4719a90ffd1250234bb44a3df25b188425cc88562b524c3a395eb9f81f696cc86b4b749c9e336f314a6d1c6fabeff96c756930d78c45a3a4325e5a79cfab75beaf1255fa03b57015beaa4cba5887aa8ed727144fd366b7430eb76e2a63343bd2210e27f31cafc406b6b6ecc0cb63362d77e2724e35ed7348de22ca3c75b286ce2a5f69fe2e86576c508cc3746b68f7a70eb6b819a7744f8b9b77006d661877528de10ed6700baa64cf7aa9721cd70a5d4afcfc86d11e0e2af6767406c19b95dbde33492f2f8e1b74c2da82f2d6fe0f893c4bfbef31c7ddc2938699597da4e98f62b26461c506bafb96eae1b9975a0ef7deab0985415369bfb790d093117d8959e42fe9f95ba4cc120756fecd666fa8ccda0b96c183bd215575529b8fec7d0b5d859647d9849208fa4b371be857d04ccf6dd269ed07009c582c8bbc746355156777fee2faccb55d8b424bc033090fc53b5f3b381fe63fe30cc0500b000561c5c872f61964a0bba90db15697ac9ef564becbcd0cc5968c5f1ea8b67449634e9ec295b2eef6e4e69596f1014486c80e7c57e5834dd4768eafbc6f5d205debf0337ba470c22def7da638d080c5711a9d1050de9d41e1d74269a98f77d7ad4f3ce50f9dd032908bbf7455460a71039d120c16e0c7e45e01b787585b9c6542eea594ca5237c223168ac5991a5beb11c747ac123df6294ae1056c83e57c0c4e236e51fefdf02f9139e1b4ad4e054799adbf7682ac61879974eb79527d65c5a36d11d5490268630a4be34bca98d7409e5ddb08994eb8cfa757df01fdb6164ca52f5c59c4fa291fc8829f3bc2e2e1acf8eefbb8541e827fb2112088f326b0c9e9d8f02d0c55084b253246533eb11a8e0d6b2df5eb850b5c44c6fcf5e26c6b5ea705fbcddffa30599af8f5cd997bc51620296cbb042bc68a7b4c888ac7f54b8b14224dcd1b6a3b7d4199f6a45e66bc0778e5868f1aa2c8c0959496b0b4e04ebb38a5466f416f06805e919b4910507c489300856a5cf2102e687dfef842781046f6c623e026665ab612d46913e7e52f10c0bbd65ca3811a416997560651101ac9513a4e9a2a034cdca9569b7a2bfe9eee29253dbbacfbfa86f0bf480cbb13b20c1925338b44b5e580a71780504c3cf0589ca17cab0194fe4794c219b5ef512230ce33475a6b4ba31a94ae12da98d897dfe40f3e54286ff3ae511bec5ef353c374be767855ac84087bcb66dd42904a158e305981ccf717ebc9ced2539bc8815c9a7a7a767b7b71cce4e0e6cfe741198853b67742cb3ba2642d60ab954dea15283989753ed423030ec157309a13cd13b57e8423f7792c56924b63717cf374ae61cc1ceaab4f0200cc3d71514da4720b77eb4a3e1a052b0e6bcc16eae0b9f1d6d4b5abe1af47f00fe107035f0395e953cc971ef5328bc5b9a43f3ca174258335057cfcc0ff520114433830e74d8ee6e1e59be3fe5aaf78b7552eb3ebb034f993c63c2d661a4d598d3e8b02a0239d52c594c5a93b215a7c0caa33926eaee8abe8a24337423636fd4957115e2f97b2c04b4c440805ef69886164fdfbaa1a96c004e4e5f342612d42288f94e832d0999d08ab5d126decfaf20e0b91e0a6e03fbff61fc8fb423edacf6f7ae615b22e2e24afd1eaf845730fca3441744cbfe8cdad57663d7312c117b554b23ca00fe75830cbb22128753d92e2a572c0d287c98d3a8ddd9f578440f3ce2491c77da9d4aba48f3c6f274ad086d40d6d00f46e472010dd6a2ef1460be9ff6b6806b51ca88a25b6fcf4ef189ca363b69a6c439bd9db8b34ded0c95cc24de60136e5c92345d28c4f4c8e6273400a04c9d4e8dcc7a7f27f359d1e413a5d9c0e8f47a3c05f34d09575ec694ca2c0674f69aba6f901987615630c9b8bdd1b57b0d6c2cd17fb8296cdcaf972ff1d9ed9b8079ac0b8b425f8d2eb14ad7e46a0096cc53e1e44871436855ee30e1b310e0e294caf7044204f8bbd4f04b47255f921b0d79eb2b970f72c7cb05ebc6a67fd306fbda71fb82f681d7f56e0902e3fafee4b7d4ed6125f8a719645274a4cb166f977a90313489c5edaabf440709790dada16eb213e37bfda69d7400c1df8d941481bb9fe6099d145ad3cf119b6e9adb65c0890f24de7b4558849993110964401378c6398c8a24a6a92af4df0766a2decbfb67277f1acedafa6ff40a362f4b0d5ee94885c9a674616ca80fe0b59691dc2421ac0f7563a1a7c1a0df710d74c5b3f88aa7a4b5e9eb10926b77a3b984aebfab0772060bef60c9771c9e1fa2b90be58e1116515ff6e8c2115dbc347e633ee6f9ffe0b4fcba7f6331cdab887089bc8e628c0c1f3f20a04cc1dda5b8b1064257e578b57c7a22067cd92415214bdff93a0753e6b0b31116859a3051f03960e909efa89c6df053f4fe22858cbaae8a60d99284fb06b4a803ce64a867b2b2a9cadeeb912074dfb562925ebd3474152ee749bcce8228d01d517ff8a6fe708f76027a400a796a00412c7ff6a5d0eec020c6cad80805a153f0dd071f2efbfd6b423675bc69c4e9038d88992ab5e617f18fba7b0cf6529435a79666aea24ccd00af745a49413364fda443be1cb49cd6d329449a4965f77d1ebb4814a8cf77816122d58453ef41281007b473b2eedb46f1aa0d79f6e77019cb45acfe822a698c2b37852fc4ee2485adf22b46ead551851ba6983e87469d2e41c934ff8b24267c6c832f964f4a80875c4413ed56183b6b4d7c3249cbdb136feb0a3b8dde2f", @ANYRESDEC=r2, @ANYRES32=r1, @ANYBLOB="28ceb334ae5d9da7cde3ad9489d9745d0fef339920a76d76359f", @ANYRES32=r1, @ANYRES32=r4], 0xffdd) r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x4, 0xf4, 0x1, 0xffffffff, 0x12, @private1={0xfc, 0x1, '\x00', 0x1}, @private2, 0x7, 0x40, 0x3ff, 0x7fffffff}}) stat(&(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000001380)={{{@in6=@empty, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x4e21, 0xbd41, 0x4e24, 0x2e, 0xa, 0x20, 0x20, 0x88, r6, r7}, {0x0, 0x80, 0x2, 0x8, 0x6, 0x7fffffffffffffff, 0x7, 0x6}, {0x0, 0x0, 0x401, 0x3219}, 0xdf3, 0x6e6bc0, 0x2, 0x1, 0x3, 0x3}, {{@in=@remote, 0x4d4, 0x32}, 0xa, @in6=@private2, 0x3507, 0x1, 0x3, 0xab, 0x5, 0x4, 0x8}}, 0xe8) 8.083390117s ago: executing program 3 (id=488): sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) lseek(0xffffffffffffffff, 0x9, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/ip_tables_matches\x00') read$FUSE(r1, &(0x7f000001b000)={0x2020}, 0x2020) syz_genetlink_get_family_id$smc(0x0, r1) kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x2, 0x5, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f00000000c0)={0x2001}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death], 0x0, 0x100000000000000, 0x0}) 7.257269364s ago: executing program 1 (id=489): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000003240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000007c0)={0x0, 0x0, 0x0, r1}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000002200)={'wlan1\x00', 0x0}) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000067b50f9c170045468ac000"/28], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_PIT(r8, 0x8048ae66, &(0x7f0000000040)={[{0xc, 0x3, 0x4, 0xc, 0x7, 0x2, 0x0, 0x3, 0xfe, 0x5, 0x5, 0x80, 0x5}, {0x6, 0x9, 0x3, 0xd, 0xb5, 0x40, 0x2, 0xc, 0xfe, 0x41, 0x6, 0x18, 0xa}, {0x9, 0x8, 0x3, 0xc, 0x2, 0x78, 0x3, 0x9, 0x2, 0x13, 0x7, 0x54, 0x9}], 0xd9}) r9 = dup(r5) ioctl$TCSETAW(r5, 0x5407, &(0x7f0000000000)={0x7, 0xfffb, 0x1, 0x1, 0x1, "8cd373f12210c706"}) write$UHID_INPUT(r9, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b44090987f70e06d038e7ff7fc6e5539b303d0e8b089b07323068090890e0879b0a0ac6e70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b35070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2d8160f94e35f2d2d12913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc1943cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000cc0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010003000000000000001c7d7c2108000300", @ANYRES32=r4], 0x2c}}, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r11 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r11, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r12, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r13, &(0x7f0000000000), 0x651, 0x0) 7.117474637s ago: executing program 2 (id=490): ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000240)=0x1) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) socket$packet(0x11, 0x2, 0x300) socket$kcm(0x11, 0x3, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) syz_clone(0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_delroute={0x44, 0x19, 0x901, 0x0, 0x20, {0x2, 0x18, 0x0, 0x0, 0x0, 0x2, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @RPL_IPTUNNEL_SRH={0xc, 0x1, {0x3, 0x8, 0x1, 0x8, 0x2}}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x1}]}, 0x44}}, 0x0) socket$inet6(0xa, 0x3, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x4000080) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0) userfaultfd(0x80801) fcntl$dupfd(r0, 0x0, r0) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) 6.992306697s ago: executing program 3 (id=491): socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mount(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0) quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0x0, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000040)=0x9) ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000080)=0x7) syz_open_procfs(0xffffffffffffffff, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x101182) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r2 = epoll_create(0x10000e9) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r4 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r5, &(0x7f0000000080)={0x30000009}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x3, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x400000000, 0x4, 0x7fffffff}, 0x0, 0x0) 6.041763679s ago: executing program 0 (id=492): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000) userfaultfd(0x1) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000440), 0x2b00, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000200)) ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000100)=0xcf5) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0xfffffffd, 0x4000000, 0x1, 0x10, "0062ba7d8200000000f7ffffff00"}) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x3) 5.960201273s ago: executing program 2 (id=493): socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mount(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0) quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0x0, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000040)=0x9) ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000080)=0x7) syz_open_procfs(0xffffffffffffffff, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x101182) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r2 = epoll_create(0x10000e9) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r4 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r5, &(0x7f0000000080)={0x30000009}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x3, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x400000000, 0x4, 0x7fffffff}, 0x0, 0x0) 4.950422727s ago: executing program 0 (id=494): r0 = syz_open_dev$video(&(0x7f0000000580), 0x6, 0x20200) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000000)={0x0, 0x3247504d, 0x2, @stepwise={0x1, 0x400, 0x7, 0x0, 0x1, 0x629}}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000280)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000017f000/0x3000)=nil, 0x3000, &(0x7f0000000000)='[{{]:\xd1\x9d,#/{]#\\}&\x00') sendfile(r2, r2, 0x0, 0x200000) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x713, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x2, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180), 0x4) r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)=@generic={&(0x7f00000001c0)='./file0\x00'}, 0x18) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0xfad6, 0x0, 0x0, 0x80}, &(0x7f00000003c0)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0x15, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@map_val={0x18, 0x5, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x7f}, @map_fd={0x18, 0xa, 0x1, 0x0, r9}, @jmp={0x5, 0x0, 0xc, 0x0, 0x8, 0x4, 0xffffffffffffffff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) listen(r1, 0x3) 4.948938684s ago: executing program 1 (id=495): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) rt_sigqueueinfo(r0, 0xc, &(0x7f0000000040)={0x10, 0x3, 0x8}) recvmmsg(r1, &(0x7f00000011c0)=[{{&(0x7f0000000180)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x80, &(0x7f0000000640)=[{&(0x7f00000002c0)=""/82, 0x52}, {&(0x7f0000000340)=""/109, 0x6d}, {&(0x7f00000003c0)=""/125, 0x7d}, {&(0x7f00000000c0)=""/2, 0x2}, {&(0x7f0000000440)=""/141, 0x8d}, {&(0x7f0000000500)=""/104, 0x68}, {&(0x7f0000000580)=""/121, 0x79}, {&(0x7f0000000600)=""/56, 0x38}], 0x8, &(0x7f00000006c0)=""/126, 0x7e}, 0x4}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000740)=""/46, 0x2e}, {0xfffffffffffffffd}, {&(0x7f0000000780)=""/129, 0x81}, {&(0x7f0000000840)=""/231, 0xe7}, {&(0x7f0000000940)=""/155, 0x9b}, {&(0x7f0000000a00)=""/39, 0x27}, {&(0x7f0000000a40)=""/253, 0xfd}, {&(0x7f0000000b40)=""/79, 0x4f}, {&(0x7f0000000bc0)=""/213, 0xd5}, {&(0x7f0000000cc0)=""/44, 0x2c}], 0xa, &(0x7f0000000dc0)=""/8, 0x8}, 0x9}, {{&(0x7f0000000e00)=@generic, 0x80, &(0x7f00000010c0)=[{&(0x7f0000000e80)=""/36, 0x24}, {&(0x7f0000000ec0)=""/125, 0x7d}, {&(0x7f0000000f40)=""/147, 0x93}, {&(0x7f0000001000)=""/136, 0x88}], 0x4, &(0x7f0000001100)=""/184, 0xb8}, 0x800}], 0x3, 0x40000040, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000740)) clock_settime(0x1, &(0x7f0000001280)={0x0, 0x3938700}) r3 = socket(0x27, 0x1, 0x3) sendmsg$TIPC_CMD_DISABLE_BEARER(r3, 0x0, 0x24000081) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x3a, &(0x7f00000016c0)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x9, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @remote, {[@timestamp={0x44, 0x10, 0xc, 0x0, 0x0, [0x0, 0x0, 0x0]}]}}, @echo}}}}, 0x0) fcntl$lock(0xffffffffffffffff, 0x7, 0x0) 4.79431393s ago: executing program 3 (id=496): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f00000006c0)=ANY=[@ANYBLOB="b40800000000000073114100000000008510000002000000b7000000000000009500c2000000000095000012000000000e09b9445761db3ed82f7be4b9f1628b9a5c40384cb45e62e827e611f21a01a76f66f616553959b478ad3c46bb20e558783b21dd5307760617deec8b1b75c00853ee69e33ba2c01c28950365dd46fcc9f2ac6d20197fd68292e8445824f49b6fba41a316e13e462e31ca00d2622d56318d78e271d364329e7ae732bf8dade587bb30d67e23f78662621b74aabfd8eaf399893bab50fed33101f5a1085f991877907bd6117db675155932860499977f7384a8d94e810492c284fc7cc784ed942bf11d72897a7896f5f8c957984312e9d39eaa478a3065afd52404cb058b"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r0, 0x0, 0x0}, 0x10) r4 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$RTC_SET_TIME(r5, 0x4024700a, &(0x7f0000000040)={0xffffffff, 0x2e, 0x204, 0x80100006, 0x0, 0xa5, 0x3, 0x101}) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty=0x300, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x1000000}}}}}, 0x0) 3.988854148s ago: executing program 0 (id=497): r0 = mq_open(&(0x7f000084dff0)='z\xbf\x17', 0x6e93ebbbcc0884f2, 0x0, 0x0) syz_io_uring_setup(0x239, &(0x7f0000001180)={0x0, 0xcd0c, 0x10100, 0xfffffffa, 0x3c1}, &(0x7f0000000180), 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00') (fail_nth: 14) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) 3.196689452s ago: executing program 0 (id=498): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x81082, 0x0) io_uring_setup(0x2a2e, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x1}) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) r2 = socket$netlink(0x10, 0x3, 0x0) epoll_create1(0x80000) socket$pppl2tp(0x18, 0x1, 0x1) io_setup(0x2, 0x0) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000010c0)={0x0, 0x0, 0x0, 0x5, 0x2, r2, 0x0, 0x0, 0x0, 0x0, 0x2}]) 3.195995956s ago: executing program 1 (id=499): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = io_uring_setup(0x5c4d, &(0x7f0000000180)={0x0, 0x81c, 0x8, 0x1, 0x17b}) r4 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x8000, 0x4, 0x800001b0, 0x0, r3}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, 0x0, 0x1) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200, 0x1, {0x1}}) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(0x0, r7) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) r8 = socket$inet(0x2, 0x800, 0x687) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) r9 = socket$inet(0x2, 0x80000, 0x2) setsockopt$inet_mreqsrc(r9, 0x0, 0x27, 0x0, 0x0) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, @void, @value}, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10) r11 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_UNBLANKSCREEN(r11, 0x541c, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x100, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x3f}]}}}]}, 0x40}}, 0x0) 3.018083128s ago: executing program 0 (id=500): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0), 0x4) close(r4) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) listen(0xffffffffffffffff, 0xd083) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r6, 0x0, 0x97, 0x8000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000500)={0x28, 0x4, r6, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000100)) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r7 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0xa2465) ioctl$SNDRV_PCM_IOCTL_REWIND(r7, 0xc0884123, &(0x7f0000000000)=0x85) ioctl$SNDRV_PCM_IOCTL_DRAIN(r7, 0x4144, 0x0) 3.01383818s ago: executing program 4 (id=501): r0 = socket$kcm(0x10, 0x2, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x50313134, 0x0, 0xa, [{}, {0x10}, {}, {}, {0x6}]}}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000180)={0xf0f015, 0x4}) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg(r4, &(0x7f00000001c0)={&(0x7f0000002b00)=@l2tp={0x2, 0x0, @remote, 0x1}, 0x80, &(0x7f0000000240)=[{0x0}, {&(0x7f0000002bc0)='\x00', 0x1}], 0x2}, 0x884) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x41, 0x0) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r6, 0x80083314, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000200)={0x20000000000084, @dev={0xac, 0x14, 0x14, 0xb}, 0x0, 0x1, 'dh\x00', 0x20}, 0x2c) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="180000003c000bab956cb27d8c7d94f90324ff0300000000", 0x18}], 0x1}, 0x40) 2.985909075s ago: executing program 3 (id=502): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @multicast1}, 0x10) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) r1 = syz_open_dev$vim2m(0x0, 0x3fe, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) r3 = openat$dsp(0xffffffffffffff9c, 0x0, 0x101a02, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000300)={0x3, 0x1}, 0x4) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="02000000618976630100000000000000000000000000020000000000"], 0x48) close_range(r3, 0xffffffffffffffff, 0x0) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r8, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}]}, 0x1c}}, 0x0) write$nci(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="7105318974b806070380fc0c30ea56c4f61cab1d07f3ff0401eb"], 0x1a) socket$tipc(0x1e, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) 2.981936249s ago: executing program 2 (id=503): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_LLC_SET_PARAMS(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x400d055) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x40) r5 = epoll_create(0x97) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58"}, 0x28) sendmsg$inet(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000240)='n7', 0x2}], 0x1, 0x0, 0x0, 0xf0ffffff}, 0x40) setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000040)) unlinkat$binderfs_device(0xffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00') syz_init_net_socket$ax25(0x3, 0x5, 0x6) 1.47947561s ago: executing program 1 (id=504): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_LLC_SET_PARAMS(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x400d055) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x40) r6 = epoll_create(0x97) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58"}, 0x28) sendmsg$inet(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000240)='n7', 0x2}], 0x1, 0x0, 0x0, 0xf0ffffff}, 0x40) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f0000000040)) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, 0x0) 1.027492023s ago: executing program 2 (id=505): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0), 0x4) close(r4) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) listen(0xffffffffffffffff, 0xd083) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r6, 0x0, 0x97, 0x8000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000500)={0x28, 0x4, r6, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6}) r7 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r7, 0x40045532, &(0x7f0000000100)) r8 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r8, 0x80045017, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(0xffffffffffffffff, 0xc0884123, &(0x7f0000000000)=0x85) 625.700079ms ago: executing program 0 (id=506): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e22, @multicast1}, 0x10) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) r1 = syz_open_dev$vim2m(0x0, 0x3fe, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1) set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) r3 = openat$dsp(0xffffffffffffff9c, 0x0, 0x101a02, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000300)={0x3, 0x1}, 0x4) bind$packet(r4, 0x0, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB="02000000618976630100000000000000000000000000020000000000"], 0x48) close_range(r3, 0xffffffffffffffff, 0x0) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r8, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}]}, 0x1c}}, 0x0) write$nci(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="7105318974b806070380fc0c30ea56c4f61cab1d07f3ff0401eb"], 0x1a) socket$tipc(0x1e, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) 2.82748ms ago: executing program 1 (id=507): syz_open_dev$dri(0x0, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) gettid() mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f00000000c0)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40) (fail_nth: 10) 0s ago: executing program 2 (id=508): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010000000000000000001851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000000000180000000000000000000000000000009500000000000000360a020000001000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x59, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000200)='$\'#],.\x00', &(0x7f0000000240), 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) socket$kcm(0x11, 0xa, 0x300) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FS_IOC_GETFLAGS(r3, 0x80086601, &(0x7f0000000100)) sendmsg$tipc(r2, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a100", @ANYBLOB], 0x34}}, 0x0) kernel console output (not intermixed with test programs): .4.41" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 102.105881][ T30] audit: type=1400 audit(1750100892.307:190): avc: denied { connect } for pid=6106 comm="syz.4.41" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 102.125834][ T30] audit: type=1400 audit(1750100892.517:191): avc: denied { listen } for pid=6106 comm="syz.4.41" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 102.146828][ T30] audit: type=1400 audit(1750100892.597:192): avc: denied { ioctl } for pid=6106 comm="syz.4.41" path="socket:[8461]" dev="sockfs" ino=8461 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 102.516670][ T30] audit: type=1400 audit(1750100893.247:193): avc: denied { map_read map_write } for pid=6116 comm="syz.0.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 103.672958][ T975] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 106.101483][ T13] wlan0: Trigger new scan to find an IBSS to join [ 106.495600][ T975] usb 3-1: device not accepting address 4, error -71 [ 107.113819][ T6155] loop6: detected capacity change from 0 to 524287999 [ 107.122575][ T30] audit: type=1400 audit(1750100897.847:194): avc: denied { append } for pid=6151 comm="syz.1.51" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 107.210236][ T6156] syz_tun: entered allmulticast mode [ 107.229029][ T30] audit: type=1400 audit(1750100897.897:195): avc: denied { write } for pid=6151 comm="syz.1.51" path="socket:[8139]" dev="sockfs" ino=8139 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 107.473286][ T30] audit: type=1400 audit(1750100898.197:196): avc: denied { write } for pid=6153 comm="syz.2.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 107.535303][ T6156] syz_tun: left allmulticast mode [ 107.570697][ T30] audit: type=1400 audit(1750100898.197:197): avc: denied { connect } for pid=6153 comm="syz.2.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 107.604586][ T30] audit: type=1400 audit(1750100898.197:198): avc: denied { name_connect } for pid=6153 comm="syz.2.50" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 107.653504][ T30] audit: type=1400 audit(1750100898.207:199): avc: denied { setopt } for pid=6164 comm="syz.4.55" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 107.680015][ T30] audit: type=1400 audit(1750100898.277:200): avc: denied { write } for pid=6164 comm="syz.4.55" name="ppp" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 107.704199][ T30] audit: type=1400 audit(1750100898.277:201): avc: denied { open } for pid=6164 comm="syz.4.55" path="/dev/ppp" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 107.728966][ T30] audit: type=1400 audit(1750100898.277:202): avc: denied { ioctl } for pid=6164 comm="syz.4.55" path="/dev/ppp" dev="devtmpfs" ino=710 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 107.737287][ T13] wlan0: Creating new IBSS network, BSSID 52:ec:10:69:37:0b [ 107.761158][ T30] audit: type=1400 audit(1750100898.297:203): avc: denied { mount } for pid=6162 comm="syz.1.54" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 107.971235][ T6177] random: crng reseeded on system resumption [ 112.265498][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 112.265514][ T30] audit: type=1400 audit(1750100902.997:222): avc: denied { create } for pid=6209 comm="syz.3.66" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 112.299891][ T6217] FAULT_INJECTION: forcing a failure. [ 112.299891][ T6217] name failslab, interval 1, probability 0, space 0, times 0 [ 112.314924][ T6217] CPU: 0 UID: 0 PID: 6217 Comm: syz.4.65 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 112.314950][ T6217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.314960][ T6217] Call Trace: [ 112.314966][ T6217] [ 112.314973][ T6217] dump_stack_lvl+0x16c/0x1f0 [ 112.315005][ T6217] should_fail_ex+0x512/0x640 [ 112.315030][ T6217] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 112.315057][ T6217] should_failslab+0xc2/0x120 [ 112.315082][ T6217] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 112.315106][ T6217] ? __alloc_skb+0x2b2/0x380 [ 112.315133][ T6217] __alloc_skb+0x2b2/0x380 [ 112.315156][ T6217] ? __pfx___alloc_skb+0x10/0x10 [ 112.315187][ T6217] netlink_ack+0x15d/0xb80 [ 112.315208][ T6217] ? avc_has_perm_noaudit+0x149/0x3b0 [ 112.315234][ T6217] netlink_rcv_skb+0x332/0x420 [ 112.315251][ T6217] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 112.315277][ T6217] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 112.315305][ T6217] ? ns_capable+0xd7/0x110 [ 112.315327][ T6217] nfnetlink_rcv+0x1b3/0x430 [ 112.315349][ T6217] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 112.315370][ T6217] ? netlink_deliver_tap+0x1ae/0xd30 [ 112.315392][ T6217] netlink_unicast+0x53d/0x7f0 [ 112.315414][ T6217] ? __pfx_netlink_unicast+0x10/0x10 [ 112.315439][ T6217] netlink_sendmsg+0x8d1/0xdd0 [ 112.315463][ T6217] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.315490][ T6217] ____sys_sendmsg+0xa95/0xc70 [ 112.315510][ T6217] ? copy_msghdr_from_user+0x10a/0x160 [ 112.315534][ T6217] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.315563][ T6217] ___sys_sendmsg+0x134/0x1d0 [ 112.315588][ T6217] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.315612][ T6217] ? __lock_acquire+0x622/0x1c90 [ 112.315670][ T6217] __sys_sendmsg+0x16d/0x220 [ 112.315702][ T6217] ? __pfx___sys_sendmsg+0x10/0x10 [ 112.315744][ T6217] do_syscall_64+0xcd/0x4c0 [ 112.315772][ T6217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.315791][ T6217] RIP: 0033:0x7ff9cfb8e929 [ 112.315807][ T6217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.315823][ T6217] RSP: 002b:00007ff9d09fc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 112.315842][ T6217] RAX: ffffffffffffffda RBX: 00007ff9cfdb6160 RCX: 00007ff9cfb8e929 [ 112.315853][ T6217] RDX: 0000000004000084 RSI: 0000200000000000 RDI: 0000000000000008 [ 112.315864][ T6217] RBP: 00007ff9d09fc090 R08: 0000000000000000 R09: 0000000000000000 [ 112.315875][ T6217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.315884][ T6217] R13: 0000000000000000 R14: 00007ff9cfdb6160 R15: 00007fff01f4aad8 [ 112.315907][ T6217] [ 112.582331][ T30] audit: type=1400 audit(1750100903.027:223): avc: denied { connect } for pid=6209 comm="syz.3.66" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 112.620131][ T30] audit: type=1400 audit(1750100903.337:224): avc: denied { setopt } for pid=6209 comm="syz.3.66" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 112.668982][ T30] audit: type=1400 audit(1750100903.337:225): avc: denied { bind } for pid=6209 comm="syz.3.66" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 112.728364][ T30] audit: type=1400 audit(1750100903.347:226): avc: denied { write } for pid=6209 comm="syz.3.66" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 112.747913][ T30] audit: type=1400 audit(1750100903.427:227): avc: denied { mounton } for pid=6219 comm="syz.0.68" path="/13/file0" dev="tmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 112.784739][ T30] audit: type=1400 audit(1750100903.507:228): avc: denied { create } for pid=6219 comm="syz.0.68" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 112.810262][ T30] audit: type=1400 audit(1750100903.517:229): avc: denied { write } for pid=6219 comm="syz.0.68" path="socket:[8705]" dev="sockfs" ino=8705 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 112.989257][ T30] audit: type=1400 audit(1750100903.717:230): avc: denied { execute } for pid=6216 comm="syz.1.67" path="/11/file0/file0" dev="tmpfs" ino=75 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 113.057347][ T6226] fuse: Unknown parameter 'user_i0000000000000000000000000000000000000000' [ 113.108828][ T30] audit: type=1400 audit(1750100903.767:231): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 113.217648][ T6231] loop6: detected capacity change from 0 to 524287999 [ 113.225565][ T6226] netlink: 16 bytes leftover after parsing attributes in process `syz.2.69'. [ 113.759222][ T6238] Context (ID=0x0) not attached to queue pair (handle=0x1:0x1ff) [ 114.352079][ T6244] tipc: Started in network mode [ 114.357158][ T6244] tipc: Node identity 8, cluster identity 4711 [ 114.384851][ T6244] tipc: Node number set to 8 [ 114.751801][ T42] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 115.561750][ T42] usb 3-1: Using ep0 maxpacket: 8 [ 115.571428][ T42] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 115.581105][ T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.591345][ T42] usb 3-1: Product: syz [ 115.601537][ T42] usb 3-1: Manufacturer: syz [ 115.619780][ T42] usb 3-1: SerialNumber: syz [ 115.631102][ T42] usb 3-1: config 0 descriptor?? [ 115.703955][ T6256] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 115.793458][ T6248] netlink: 'syz.0.75': attribute type 10 has an invalid length. [ 115.810278][ T6248] netlink: 40 bytes leftover after parsing attributes in process `syz.0.75'. [ 115.849076][ T42] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 117.014563][ T6264] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 117.291842][ T5908] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 117.603783][ T30] audit: type=1400 audit(1750100908.327:232): avc: denied { getopt } for pid=6277 comm="syz.0.81" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 117.611893][ T5908] usb 4-1: Using ep0 maxpacket: 8 [ 117.631547][ T42] gspca_sunplus: reg_w_riv err -71 [ 117.637145][ T42] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 117.665601][ T42] usb 3-1: USB disconnect, device number 6 [ 117.794868][ T30] audit: type=1400 audit(1750100908.517:233): avc: denied { write } for pid=6277 comm="syz.0.81" name="fib_trie" dev="proc" ino=4026532823 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 117.905251][ T5908] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 118.076618][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.129751][ T6283] FAULT_INJECTION: forcing a failure. [ 118.129751][ T6283] name failslab, interval 1, probability 0, space 0, times 0 [ 118.150837][ T5908] usb 4-1: Product: syz [ 118.157420][ T5908] usb 4-1: Manufacturer: syz [ 118.162176][ T5908] usb 4-1: SerialNumber: syz [ 118.168430][ T6283] CPU: 0 UID: 0 PID: 6283 Comm: syz.4.82 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 118.168459][ T6283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.168470][ T6283] Call Trace: [ 118.168479][ T6283] [ 118.168486][ T6283] dump_stack_lvl+0x16c/0x1f0 [ 118.168528][ T6283] should_fail_ex+0x512/0x640 [ 118.168558][ T6283] should_failslab+0xc2/0x120 [ 118.168586][ T6283] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 118.168612][ T6283] ? nf_ct_ext_add+0x1a7/0x420 [ 118.168634][ T6283] ? trace_kmem_cache_alloc+0x28/0xc0 [ 118.168665][ T6283] krealloc_noprof+0x1fc/0x370 [ 118.168690][ T6283] nf_ct_ext_add+0x1a7/0x420 [ 118.168713][ T6283] init_conntrack.constprop.0+0x5af/0x1080 [ 118.168738][ T6283] ? __pfx_init_conntrack.constprop.0+0x10/0x10 [ 118.168764][ T6283] ? __local_bh_enable_ip+0xa4/0x120 [ 118.168786][ T6283] ? lockdep_hardirqs_on+0x7c/0x110 [ 118.168816][ T6283] nf_conntrack_in+0xb03/0x1950 [ 118.168847][ T6283] ? __pfx_nf_conntrack_in+0x10/0x10 [ 118.168874][ T6283] ? __pfx_ipt_do_table+0x10/0x10 [ 118.168912][ T6283] ? __pfx_ipv4_conntrack_local+0x10/0x10 [ 118.168939][ T6283] ipv4_conntrack_local+0x160/0x250 [ 118.168967][ T6283] nf_hook_slow+0xbb/0x200 [ 118.168997][ T6283] nf_hook+0x370/0x680 [ 118.169017][ T6283] ? __pfx_dst_output+0x10/0x10 [ 118.169037][ T6283] ? __pfx_nf_hook+0x10/0x10 [ 118.169058][ T6283] ? __pfx_dst_output+0x10/0x10 [ 118.169079][ T6283] ? do_csum+0x26f/0x2d0 [ 118.169098][ T6283] __ip_local_out+0x339/0x7c0 [ 118.169118][ T6283] ? __pfx_dst_output+0x10/0x10 [ 118.169140][ T6283] ip_send_skb+0x4a/0x560 [ 118.169163][ T6283] udp_send_skb+0x71d/0x15b0 [ 118.169191][ T6283] udp_sendmsg+0x18f0/0x29f0 [ 118.169214][ T6283] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 118.169238][ T6283] ? __pfx_udp_sendmsg+0x10/0x10 [ 118.169259][ T6283] ? __lock_acquire+0xb8a/0x1c90 [ 118.169297][ T6283] ? reacquire_held_locks+0xcd/0x1f0 [ 118.169323][ T6283] ? release_sock+0x21/0x220 [ 118.169355][ T6283] ? find_held_lock+0x2b/0x80 [ 118.169381][ T6283] ? inet_autobind+0x145/0x1a0 [ 118.169401][ T6283] ? __local_bh_enable_ip+0xa4/0x120 [ 118.169422][ T6283] ? inet_autobind+0x14a/0x1a0 [ 118.169443][ T6283] ? __pfx_udp_sendmsg+0x10/0x10 [ 118.169463][ T6283] inet_sendmsg+0x105/0x140 [ 118.169488][ T6283] ____sys_sendmsg+0x973/0xc70 [ 118.169511][ T6283] ? __pfx_____sys_sendmsg+0x10/0x10 [ 118.169542][ T6283] ___sys_sendmsg+0x134/0x1d0 [ 118.169570][ T6283] ? __pfx____sys_sendmsg+0x10/0x10 [ 118.169593][ T6283] ? __lock_acquire+0x622/0x1c90 [ 118.169650][ T6283] __sys_sendmsg+0x16d/0x220 [ 118.169676][ T6283] ? __pfx___sys_sendmsg+0x10/0x10 [ 118.169719][ T6283] do_syscall_64+0xcd/0x4c0 [ 118.169748][ T6283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.169766][ T6283] RIP: 0033:0x7ff9cfb8e929 [ 118.169782][ T6283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.169800][ T6283] RSP: 002b:00007ff9d0a3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 118.169818][ T6283] RAX: ffffffffffffffda RBX: 00007ff9cfdb5fa0 RCX: 00007ff9cfb8e929 [ 118.169829][ T6283] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003 [ 118.169840][ T6283] RBP: 00007ff9d0a3e090 R08: 0000000000000000 R09: 0000000000000000 [ 118.169850][ T6283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.169860][ T6283] R13: 0000000000000000 R14: 00007ff9cfdb5fa0 R15: 00007fff01f4aad8 [ 118.169892][ T6283] [ 118.525435][ T5908] usb 4-1: config 0 descriptor?? [ 118.832491][ T30] audit: type=1400 audit(1750100909.367:234): avc: denied { mount } for pid=6281 comm="syz.1.83" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 119.044228][ T5908] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 119.893325][ T6299] FAULT_INJECTION: forcing a failure. [ 119.893325][ T6299] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 119.906948][ T6299] CPU: 1 UID: 0 PID: 6299 Comm: syz.1.87 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 119.906971][ T6299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.906982][ T6299] Call Trace: [ 119.906988][ T6299] [ 119.906995][ T6299] dump_stack_lvl+0x16c/0x1f0 [ 119.907031][ T6299] should_fail_ex+0x512/0x640 [ 119.907062][ T6299] should_fail_alloc_page+0xe7/0x130 [ 119.907093][ T6299] prepare_alloc_pages+0x3c2/0x610 [ 119.907119][ T6299] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 119.907144][ T6299] ? copy_splice_read+0x1a8/0xba0 [ 119.907167][ T6299] ? stack_trace_save+0x8e/0xc0 [ 119.907193][ T6299] ? __pfx_stack_trace_save+0x10/0x10 [ 119.907215][ T6299] ? stack_depot_save_flags+0x28/0xa40 [ 119.907247][ T6299] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 119.907269][ T6299] ? kasan_save_stack+0x33/0x60 [ 119.907294][ T6299] ? __kasan_kmalloc+0xaa/0xb0 [ 119.907314][ T6299] ? copy_splice_read+0x1a8/0xba0 [ 119.907333][ T6299] ? do_splice_read+0x2bd/0x370 [ 119.907353][ T6299] ? splice_direct_to_actor+0x2a1/0xa30 [ 119.907374][ T6299] ? do_splice_direct+0x174/0x240 [ 119.907393][ T6299] ? do_sendfile+0xb06/0xe50 [ 119.907414][ T6299] ? __x64_sys_sendfile64+0x154/0x220 [ 119.907440][ T6299] ? do_syscall_64+0xcd/0x4c0 [ 119.907487][ T6299] alloc_pages_bulk_noprof+0x71c/0x1410 [ 119.907518][ T6299] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 119.907548][ T6299] ? trace_kmalloc+0x2b/0xd0 [ 119.907576][ T6299] ? __kmalloc_noprof+0x242/0x510 [ 119.907605][ T6299] copy_splice_read+0x1e1/0xba0 [ 119.907632][ T6299] ? __pfx_copy_splice_read+0x10/0x10 [ 119.907662][ T6299] ? find_held_lock+0x2b/0x80 [ 119.907689][ T6299] ? __pfx_shmem_file_splice_read+0x10/0x10 [ 119.907714][ T6299] do_splice_read+0x2bd/0x370 [ 119.907737][ T6299] splice_direct_to_actor+0x2a1/0xa30 [ 119.907761][ T6299] ? __pfx_direct_splice_actor+0x10/0x10 [ 119.907787][ T6299] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 119.907816][ T6299] do_splice_direct+0x174/0x240 [ 119.907839][ T6299] ? __pfx_do_splice_direct+0x10/0x10 [ 119.907862][ T6299] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 119.907893][ T6299] ? rw_verify_area+0xcf/0x680 [ 119.907915][ T6299] do_sendfile+0xb06/0xe50 [ 119.907941][ T6299] ? __pfx_do_sendfile+0x10/0x10 [ 119.907971][ T6299] __x64_sys_sendfile64+0x154/0x220 [ 119.907998][ T6299] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 119.908032][ T6299] do_syscall_64+0xcd/0x4c0 [ 119.908059][ T6299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.908077][ T6299] RIP: 0033:0x7f419af8e929 [ 119.908094][ T6299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.908111][ T6299] RSP: 002b:00007f419bdc2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 119.908128][ T6299] RAX: ffffffffffffffda RBX: 00007f419b1b6080 RCX: 00007f419af8e929 [ 119.908140][ T6299] RDX: 0000200000000080 RSI: 0000000000000008 RDI: 0000000000000008 [ 119.908150][ T6299] RBP: 00007f419bdc2090 R08: 0000000000000000 R09: 0000000000000000 [ 119.908160][ T6299] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000001 [ 119.908170][ T6299] R13: 0000000000000000 R14: 00007f419b1b6080 R15: 00007ffd7a087c38 [ 119.908194][ T6299] [ 121.082277][ T6303] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 121.106572][ T30] audit: type=1400 audit(1750100911.817:235): avc: denied { bind } for pid=6296 comm="syz.2.88" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 121.244343][ T6310] netlink: 20 bytes leftover after parsing attributes in process `syz.0.89'. [ 121.258582][ T30] audit: type=1400 audit(1750100911.817:236): avc: denied { read } for pid=6296 comm="syz.2.88" name="ppp" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 121.315179][ T30] audit: type=1400 audit(1750100911.827:237): avc: denied { setopt } for pid=6296 comm="syz.2.88" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 121.337533][ T30] audit: type=1400 audit(1750100911.887:238): avc: denied { bind } for pid=6296 comm="syz.2.88" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 121.344991][ T6309] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 121.362240][ T30] audit: type=1400 audit(1750100911.917:239): avc: denied { write } for pid=6296 comm="syz.2.88" path="socket:[9399]" dev="sockfs" ino=9399 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 121.414995][ T5908] gspca_sunplus: reg_w_riv err -71 [ 121.420237][ T5908] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 121.450756][ T6315] bridge_slave_0: left allmulticast mode [ 121.473135][ T5908] usb 4-1: USB disconnect, device number 2 [ 121.498691][ T6315] bridge_slave_0: left promiscuous mode [ 121.678382][ T30] audit: type=1400 audit(1750100911.947:240): avc: denied { ioctl } for pid=6296 comm="syz.2.88" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x642e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 121.733814][ T6315] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.155831][ T6325] netlink: 'syz.1.90': attribute type 10 has an invalid length. [ 122.214726][ T6327] syz.4.94 uses obsolete (PF_INET,SOCK_PACKET) [ 122.251299][ T6315] bridge_slave_1: left allmulticast mode [ 122.265817][ T6315] bridge_slave_1: left promiscuous mode [ 122.285926][ T6315] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.338673][ T6315] bond0: (slave bond_slave_0): Releasing backup interface [ 122.349529][ T30] audit: type=1400 audit(1750100913.077:241): avc: denied { sys_module } for pid=6322 comm="syz.4.94" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 122.363748][ T6330] tmpfs: Unknown parameter 'usrquotafs/binder0' [ 122.413037][ T6315] bond0: (slave bond_slave_1): Releasing backup interface [ 122.485007][ T6334] kernel read not supported for file /z (pid: 6334 comm: syz.3.95) [ 122.514541][ T6330] binder: 6322:6330 ioctl c0306201 200000000640 returned -22 [ 122.533397][ T6315] team0: Port device team_slave_0 removed [ 122.548150][ T6315] team0: Port device team_slave_1 removed [ 122.555138][ T6315] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 122.563608][ T6315] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 122.576063][ T6315] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 122.584413][ T6315] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.457136][ T6325] mac80211_hwsim hwsim8 wlan1: left allmulticast mode [ 123.480664][ T6325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.493815][ T6325] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 123.742268][ T5954] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 123.951927][ T5954] usb 1-1: Using ep0 maxpacket: 8 [ 124.040413][ T5954] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 124.200990][ T5954] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.422038][ T5954] usb 1-1: Product: syz [ 124.428792][ T5954] usb 1-1: Manufacturer: syz [ 124.439945][ T5954] usb 1-1: SerialNumber: syz [ 124.494402][ T5954] usb 1-1: config 0 descriptor?? [ 124.520143][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 124.520160][ T30] audit: type=1400 audit(1750100915.247:245): avc: denied { read write } for pid=6357 comm="syz.2.104" name="uhid" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 124.562113][ T30] audit: type=1400 audit(1750100915.297:246): avc: denied { open } for pid=6357 comm="syz.2.104" path="/dev/uhid" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 124.716528][ T30] audit: type=1400 audit(1750100915.437:247): avc: denied { write } for pid=6362 comm="syz.3.105" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 124.785781][ T5954] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 124.823347][ T30] audit: type=1400 audit(1750100915.477:248): avc: denied { ioctl } for pid=6362 comm="syz.3.105" path="/dev/input/event2" dev="devtmpfs" ino=923 ioctlcmd=0x4504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 125.371269][ T30] audit: type=1400 audit(1750100916.077:249): avc: denied { ioctl } for pid=6368 comm="syz.3.107" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=9558 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 125.862115][ T5954] gspca_sunplus: reg_w_riv err -110 [ 125.867522][ T5954] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 126.244621][ T6380] Process accounting resumed [ 127.658878][ T5894] usb 1-1: USB disconnect, device number 4 [ 129.366443][ T6410] netlink: 8 bytes leftover after parsing attributes in process `syz.1.116'. [ 129.568375][ T6413] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 129.836353][ T6409] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 129.844105][ T6409] IPv6: NLM_F_CREATE should be set when creating new route [ 129.851727][ T6409] IPv6: NLM_F_CREATE should be set when creating new route [ 129.858964][ T6409] IPv6: NLM_F_CREATE should be set when creating new route [ 131.478487][ T30] audit: type=1400 audit(1750100922.207:250): avc: denied { name_connect } for pid=6407 comm="syz.4.117" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 131.560135][ T30] audit: type=1400 audit(1750100922.257:251): avc: denied { ioctl } for pid=6426 comm="syz.1.122" path="socket:[9122]" dev="sockfs" ino=9122 ioctlcmd=0x942c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 131.731817][ T30] audit: type=1400 audit(1750100922.337:252): avc: denied { search } for pid=5486 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 131.870785][ T30] audit: type=1400 audit(1750100922.337:253): avc: denied { search } for pid=5486 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 131.940526][ T5894] IPVS: starting estimator thread 0... [ 132.062138][ T6435] IPVS: using max 44 ests per chain, 105600 per kthread [ 132.140770][ T6433] overlay: Unknown parameter 'dont_measure' [ 132.142897][ T30] audit: type=1400 audit(1750100922.337:254): avc: denied { search } for pid=5486 comm="dhcpcd" name="data" dev="tmpfs" ino=14 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 132.169475][ T6436] overlay: Unknown parameter 'dont_measure' [ 132.170025][ T30] audit: type=1400 audit(1750100922.337:255): avc: denied { read } for pid=5486 comm="dhcpcd" name="n100" dev="tmpfs" ino=2463 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 132.208597][ T30] audit: type=1400 audit(1750100922.337:256): avc: denied { open } for pid=5486 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=2463 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 132.274091][ T30] audit: type=1400 audit(1750100922.337:257): avc: denied { getattr } for pid=5486 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=2463 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 132.356260][ T30] audit: type=1400 audit(1750100922.687:258): avc: denied { name_connect } for pid=6432 comm="syz.0.124" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 132.381860][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 132.411523][ T30] audit: type=1400 audit(1750100922.937:259): avc: denied { read open } for pid=6445 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1838 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 132.889189][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.897677][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.189646][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 133.205213][ T9] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 133.214649][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.248913][ T9] usb 2-1: Product: syz [ 133.260235][ T9] usb 2-1: Manufacturer: syz [ 133.372991][ T9] usb 2-1: SerialNumber: syz [ 133.476212][ T9] usb 2-1: config 0 descriptor?? [ 133.699158][ T6468] Process accounting resumed [ 133.708561][ T9] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 134.406432][ T6475] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.414497][ T6475] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.845305][ T6475] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 134.886948][ T6475] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 134.952755][ T5875] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 135.181836][ T5875] usb 3-1: Using ep0 maxpacket: 16 [ 135.206427][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.294538][ T9] gspca_sunplus: reg_w_riv err -71 [ 135.300334][ T5875] usb 3-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 135.301345][ T9] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 135.332112][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.351377][ T5875] usb 3-1: config 0 descriptor?? [ 135.392480][ T9] usb 2-1: USB disconnect, device number 2 [ 135.524237][ T6475] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.537943][ T6475] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.547396][ T6475] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.557052][ T6475] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.239506][ T6489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.294564][ T6489] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.347224][ T6489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.385621][ T6489] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.455791][ T5875] usbhid 3-1:0.0: can't add hid device: -71 [ 136.467671][ T5875] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 136.478293][ T5875] usb 3-1: USB disconnect, device number 7 [ 139.489652][ T6539] netlink: 16 bytes leftover after parsing attributes in process `syz.2.145'. [ 139.900948][ T6542] 9pnet_virtio: no channels available for device syz [ 140.925885][ T6554] FAULT_INJECTION: forcing a failure. [ 140.925885][ T6554] name failslab, interval 1, probability 0, space 0, times 0 [ 140.952896][ T6554] CPU: 1 UID: 0 PID: 6554 Comm: syz.2.148 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 140.952927][ T6554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 140.952937][ T6554] Call Trace: [ 140.952944][ T6554] [ 140.952952][ T6554] dump_stack_lvl+0x16c/0x1f0 [ 140.952991][ T6554] should_fail_ex+0x512/0x640 [ 140.953017][ T6554] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 140.953046][ T6554] should_failslab+0xc2/0x120 [ 140.953075][ T6554] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 140.953097][ T6554] ? __alloc_skb+0x2b2/0x380 [ 140.953127][ T6554] __alloc_skb+0x2b2/0x380 [ 140.953150][ T6554] ? __pfx___alloc_skb+0x10/0x10 [ 140.953173][ T6554] ? genl_rcv_msg+0x4bb/0x800 [ 140.953204][ T6554] netlink_ack+0x15d/0xb80 [ 140.953225][ T6554] ? __lock_acquire+0x622/0x1c90 [ 140.953259][ T6554] netlink_rcv_skb+0x332/0x420 [ 140.953277][ T6554] ? __pfx_genl_rcv_msg+0x10/0x10 [ 140.953299][ T6554] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 140.953328][ T6554] ? netlink_deliver_tap+0x1ae/0xd30 [ 140.953344][ T6554] ? is_vmalloc_addr+0x86/0xa0 [ 140.953371][ T6554] genl_rcv+0x28/0x40 [ 140.953390][ T6554] netlink_unicast+0x53d/0x7f0 [ 140.953412][ T6554] ? __pfx_netlink_unicast+0x10/0x10 [ 140.953438][ T6554] netlink_sendmsg+0x8d1/0xdd0 [ 140.953467][ T6554] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.953496][ T6554] ____sys_sendmsg+0xa95/0xc70 [ 140.953518][ T6554] ? copy_msghdr_from_user+0x10a/0x160 [ 140.953543][ T6554] ? __pfx_____sys_sendmsg+0x10/0x10 [ 140.953575][ T6554] ___sys_sendmsg+0x134/0x1d0 [ 140.953602][ T6554] ? __pfx____sys_sendmsg+0x10/0x10 [ 140.953624][ T6554] ? __lock_acquire+0x622/0x1c90 [ 140.953682][ T6554] __sys_sendmsg+0x16d/0x220 [ 140.953707][ T6554] ? __pfx___sys_sendmsg+0x10/0x10 [ 140.953749][ T6554] do_syscall_64+0xcd/0x4c0 [ 140.953780][ T6554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.953798][ T6554] RIP: 0033:0x7f8b4e38e929 [ 140.953814][ T6554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.953831][ T6554] RSP: 002b:00007f8b4f2b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 140.953849][ T6554] RAX: ffffffffffffffda RBX: 00007f8b4e5b5fa0 RCX: 00007f8b4e38e929 [ 140.953861][ T6554] RDX: 0000000008000054 RSI: 0000200000000200 RDI: 0000000000000004 [ 140.953871][ T6554] RBP: 00007f8b4f2b0090 R08: 0000000000000000 R09: 0000000000000000 [ 140.953881][ T6554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.953891][ T6554] R13: 0000000000000000 R14: 00007f8b4e5b5fa0 R15: 00007ffd6be7a3c8 [ 140.953915][ T6554] [ 141.426076][ T6553] bridge0: port 3(dummy0) entered disabled state [ 141.432673][ T6553] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.440179][ T6553] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.013366][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 142.013386][ T30] audit: type=1400 audit(1750100932.357:273): avc: denied { create } for pid=6551 comm="syz.1.147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 142.136872][ T6567] netlink: 8 bytes leftover after parsing attributes in process `syz.2.151'. [ 142.275558][ T30] audit: type=1400 audit(1750100932.997:274): avc: denied { create } for pid=6568 comm="syz.3.152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 142.545768][ T6553] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 142.582799][ T6553] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 142.610038][ T30] audit: type=1400 audit(1750100933.337:275): avc: denied { read write } for pid=6566 comm="syz.2.151" name="ocfs2_control" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 142.653357][ T30] audit: type=1400 audit(1750100933.337:276): avc: denied { open } for pid=6566 comm="syz.2.151" path="/dev/ocfs2_control" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 142.747479][ T6573] Process accounting resumed [ 142.765474][ T6553] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.792290][ T6553] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.815036][ T6553] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.825562][ T6553] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.294748][ T6583] netlink: 'syz.3.154': attribute type 10 has an invalid length. [ 143.839917][ T6583] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 143.849959][ T6583] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 144.974125][ T6603] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 146.714644][ T6626] 9pnet_fd: Insufficient options for proto=fd [ 146.909213][ T6626] netem: change failed [ 148.289727][ T30] audit: type=1400 audit(1750100939.017:277): avc: denied { ioctl } for pid=6640 comm="syz.0.165" path="/dev/iommu" dev="devtmpfs" ino=624 ioctlcmd=0x3b81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 149.682639][ T6662] netlink: 8 bytes leftover after parsing attributes in process `syz.2.167'. [ 150.464582][ T6675] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8 sclass=netlink_route_socket pid=6675 comm=syz.0.172 [ 150.479912][ T6675] FAULT_INJECTION: forcing a failure. [ 150.479912][ T6675] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 150.493471][ T6675] CPU: 0 UID: 0 PID: 6675 Comm: syz.0.172 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 150.493496][ T6675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 150.493505][ T6675] Call Trace: [ 150.493512][ T6675] [ 150.493519][ T6675] dump_stack_lvl+0x16c/0x1f0 [ 150.493550][ T6675] should_fail_ex+0x512/0x640 [ 150.493576][ T6675] _copy_to_user+0x32/0xd0 [ 150.493598][ T6675] simple_read_from_buffer+0xcb/0x170 [ 150.493622][ T6675] proc_fail_nth_read+0x197/0x270 [ 150.493644][ T6675] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 150.493665][ T6675] ? rw_verify_area+0xcf/0x680 [ 150.493684][ T6675] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 150.493704][ T6675] vfs_read+0x1e1/0xc60 [ 150.493728][ T6675] ? __pfx___mutex_lock+0x10/0x10 [ 150.493753][ T6675] ? __pfx_vfs_read+0x10/0x10 [ 150.493781][ T6675] ? fdget_pos+0x1d7/0x370 [ 150.493812][ T6675] ksys_read+0x12a/0x250 [ 150.493831][ T6675] ? __pfx_ksys_read+0x10/0x10 [ 150.493857][ T6675] do_syscall_64+0xcd/0x4c0 [ 150.493884][ T6675] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.493900][ T6675] RIP: 0033:0x7f7dd598d33c [ 150.493913][ T6675] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 150.493928][ T6675] RSP: 002b:00007f7dd6799030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 150.493944][ T6675] RAX: ffffffffffffffda RBX: 00007f7dd5bb6080 RCX: 00007f7dd598d33c [ 150.493954][ T6675] RDX: 000000000000000f RSI: 00007f7dd67990a0 RDI: 0000000000000006 [ 150.493962][ T6675] RBP: 00007f7dd6799090 R08: 0000000000000000 R09: 0000000000000000 [ 150.493972][ T6675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.493982][ T6675] R13: 0000000000000000 R14: 00007f7dd5bb6080 R15: 00007ffe76acd918 [ 150.494003][ T6675] [ 150.861032][ T5875] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 150.973999][ T6674] orangefs_mount: mount request failed with -4 [ 151.995804][ T30] audit: type=1400 audit(1750100942.727:278): avc: denied { watch } for pid=6690 comm="syz.2.176" path="/proc/125/fdinfo" dev="proc" ino=11279 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 152.036246][ T6687] ntfs3(nullb0): Primary boot signature is not NTFS. [ 152.081494][ T6687] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 152.839306][ T30] audit: type=1400 audit(1750100943.177:279): avc: denied { ioctl } for pid=6696 comm="syz.1.177" path="pid:[4026532794]" dev="nsfs" ino=4026532794 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 152.883487][ T6704] syzkaller1: entered promiscuous mode [ 152.931179][ T30] audit: type=1400 audit(1750100943.647:280): avc: denied { bind } for pid=6683 comm="syz.0.175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 152.968676][ T6704] syzkaller1: entered allmulticast mode [ 153.556593][ T30] audit: type=1400 audit(1750100943.657:281): avc: denied { setopt } for pid=6683 comm="syz.0.175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 153.638840][ T30] audit: type=1400 audit(1750100944.027:282): avc: denied { connect } for pid=6709 comm="syz.3.179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 153.675888][ T30] audit: type=1400 audit(1750100944.367:283): avc: denied { append } for pid=6716 comm="syz.3.182" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 154.757308][ T6726] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 154.767362][ T30] audit: type=1400 audit(1750100945.497:284): avc: denied { ioctl } for pid=6716 comm="syz.3.182" path="socket:[10665]" dev="sockfs" ino=10665 ioctlcmd=0x48d4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 155.001776][ T30] audit: type=1326 audit(1750100945.727:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6737 comm="syz.2.186" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8b4e38e929 code=0x0 [ 155.073106][ T30] audit: type=1400 audit(1750100945.797:286): avc: denied { name_bind } for pid=6743 comm="syz.0.187" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 155.387520][ T5908] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 155.568833][ T5908] usb 4-1: Using ep0 maxpacket: 32 [ 155.606752][ T5908] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 155.615304][ T5908] usb 4-1: config 0 has no interface number 0 [ 155.619982][ T6752] loop6: detected capacity change from 0 to 524287999 [ 155.635549][ T5908] usb 4-1: config 0 interface 184 has no altsetting 0 [ 155.655390][ T5908] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 155.668191][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.765427][ T6758] Bluetooth: MGMT ver 1.23 [ 155.791134][ T30] audit: type=1400 audit(1750100946.497:287): avc: denied { bind } for pid=6750 comm="syz.1.188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 156.285909][ T5908] usb 4-1: Product: syz [ 156.290130][ T5908] usb 4-1: Manufacturer: syz [ 156.295168][ T5908] usb 4-1: SerialNumber: syz [ 156.313162][ T6721] 9pnet_fd: Insufficient options for proto=fd [ 156.375973][ T5908] usb 4-1: config 0 descriptor?? [ 156.388441][ T5908] smsc75xx v1.0.0 [ 157.101778][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 157.232740][ T5901] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 157.554433][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 151, changing to 11 [ 157.565802][ T5901] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 157.577280][ T5901] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 157.592153][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 157.640594][ T5901] usb 3-1: New USB device found, idVendor=046d, idProduct=ca04, bcdDevice= 0.00 [ 157.650137][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 157.744389][ T9] usb 1-1: SerialNumber: syz [ 157.749396][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.804342][ T5901] usb 3-1: config 0 descriptor?? [ 157.828345][ T6768] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 158.076563][ T6788] bridge1: entered promiscuous mode [ 158.094973][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 158.123020][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 158.137041][ T6790] FAULT_INJECTION: forcing a failure. [ 158.137041][ T6790] name failslab, interval 1, probability 0, space 0, times 0 [ 158.150440][ T6790] CPU: 1 UID: 0 PID: 6790 Comm: syz.1.195 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 158.150465][ T6790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.150475][ T6790] Call Trace: [ 158.150481][ T6790] [ 158.150487][ T6790] dump_stack_lvl+0x16c/0x1f0 [ 158.150519][ T6790] should_fail_ex+0x512/0x640 [ 158.150547][ T6790] should_failslab+0xc2/0x120 [ 158.150572][ T6790] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 158.150595][ T6790] ? skb_clone+0x190/0x3f0 [ 158.150626][ T6790] skb_clone+0x190/0x3f0 [ 158.150658][ T6790] netlink_deliver_tap+0xabd/0xd30 [ 158.150683][ T6790] netlink_unicast+0x5df/0x7f0 [ 158.150705][ T6790] ? __pfx_netlink_unicast+0x10/0x10 [ 158.150730][ T6790] netlink_sendmsg+0x8d1/0xdd0 [ 158.150753][ T6790] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.150781][ T6790] ____sys_sendmsg+0xa95/0xc70 [ 158.150802][ T6790] ? copy_msghdr_from_user+0x10a/0x160 [ 158.150827][ T6790] ? __pfx_____sys_sendmsg+0x10/0x10 [ 158.150858][ T6790] ___sys_sendmsg+0x134/0x1d0 [ 158.150884][ T6790] ? __pfx____sys_sendmsg+0x10/0x10 [ 158.150907][ T6790] ? __lock_acquire+0x622/0x1c90 [ 158.150967][ T6790] __sys_sendmsg+0x16d/0x220 [ 158.150991][ T6790] ? __pfx___sys_sendmsg+0x10/0x10 [ 158.151031][ T6790] do_syscall_64+0xcd/0x4c0 [ 158.151058][ T6790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.151074][ T6790] RIP: 0033:0x7f419af8e929 [ 158.151089][ T6790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.151104][ T6790] RSP: 002b:00007f419bde3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.151120][ T6790] RAX: ffffffffffffffda RBX: 00007f419b1b5fa0 RCX: 00007f419af8e929 [ 158.151131][ T6790] RDX: 0000000004000090 RSI: 00002000000007c0 RDI: 0000000000000004 [ 158.151141][ T6790] RBP: 00007f419bde3090 R08: 0000000000000000 R09: 0000000000000000 [ 158.151151][ T6790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.151160][ T6790] R13: 0000000000000000 R14: 00007f419b1b5fa0 R15: 00007ffd7a087c38 [ 158.151183][ T6790] [ 158.151340][ T30] audit: type=1400 audit(1750100948.867:288): avc: denied { ioctl } for pid=6789 comm="syz.1.195" path="socket:[10864]" dev="sockfs" ino=10864 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 158.342284][ T6768] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1546 sclass=netlink_route_socket pid=6768 comm=syz.2.190 [ 158.387081][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 158.415633][ T5901] logitech 0003:046D:CA04.0001: unknown main item tag 0x5 [ 158.424057][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 158.497793][ T5901] logitech 0003:046D:CA04.0001: item fetching failed at offset 6/7 [ 158.512106][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 158.547768][ T5901] logitech 0003:046D:CA04.0001: parse failed [ 158.557462][ T5908] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 158.568388][ T5901] logitech 0003:046D:CA04.0001: probe with driver logitech failed with error -22 [ 158.578942][ T5908] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 158.671610][ T5908] usb 4-1: USB disconnect, device number 3 [ 158.733147][ T9] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71 [ 158.828237][ T9] usb 1-1: USB disconnect, device number 5 [ 158.942923][ T6044] udevd[6044]: setting mode of /dev/bus/usb/001/005 to 020664 failed: No such file or directory [ 159.001415][ T6044] udevd[6044]: setting owner of /dev/bus/usb/001/005 to uid=0, gid=0 failed: No such file or directory [ 159.169946][ T5948] usb 3-1: USB disconnect, device number 9 [ 159.671790][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 159.878491][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 160.217799][ T9] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 161.552108][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.343709][ T9] usb 2-1: Product: syz [ 162.347959][ T9] usb 2-1: Manufacturer: syz [ 162.382620][ T9] usb 2-1: SerialNumber: syz [ 162.400227][ T9] usb 2-1: config 0 descriptor?? [ 162.406952][ T9] usb 2-1: can't set config #0, error -71 [ 162.417184][ T9] usb 2-1: USB disconnect, device number 3 [ 162.868460][ T30] audit: type=1400 audit(1750100953.597:289): avc: denied { create } for pid=6846 comm="syz.4.203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 162.952246][ T30] audit: type=1400 audit(1750100953.617:290): avc: denied { ioctl } for pid=6846 comm="syz.4.203" path="socket:[11579]" dev="sockfs" ino=11579 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 163.041890][ T30] audit: type=1400 audit(1750100953.637:291): avc: denied { ioctl } for pid=6846 comm="syz.4.203" path="/dev/vhost-vsock" dev="devtmpfs" ino=1276 ioctlcmd=0xaf60 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 163.108818][ T30] audit: type=1400 audit(1750100953.837:292): avc: denied { bind } for pid=6846 comm="syz.4.203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 163.513010][ T30] audit: type=1400 audit(1750100953.837:293): avc: denied { connect } for pid=6846 comm="syz.4.203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 163.545041][ T30] audit: type=1400 audit(1750100953.837:294): avc: denied { write } for pid=6846 comm="syz.4.203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 164.358677][ C0] vcan0: j1939_tp_rxtimer: 0xffff888057166800: rx timeout, send abort [ 164.748011][ T30] audit: type=1400 audit(1750100955.427:295): avc: denied { read } for pid=5173 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 164.868325][ C0] vcan0: j1939_tp_rxtimer: 0xffff888057166800: abort rx timeout. Force session deactivation [ 164.878559][ T30] audit: type=1400 audit(1750100955.487:296): avc: denied { search } for pid=5173 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 164.878665][ T30] audit: type=1400 audit(1750100955.497:297): avc: denied { search } for pid=5173 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 164.938309][ T30] audit: type=1400 audit(1750100955.497:298): avc: denied { add_name } for pid=5173 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 165.238636][ T6886] tipc: Started in network mode [ 165.243657][ T6886] tipc: Node identity 8, cluster identity 4711 [ 165.249812][ T6886] tipc: Node number set to 8 [ 165.518996][ T6890] fuse: Unknown parameter '' [ 167.360083][ T6908] netlink: 8 bytes leftover after parsing attributes in process `syz.4.214'. [ 168.519281][ T6918] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 168.577026][ T6921] netlink: 8 bytes leftover after parsing attributes in process `syz.0.218'. [ 168.690212][ T6921] netlink: 12 bytes leftover after parsing attributes in process `syz.0.218'. [ 169.011848][ T975] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 169.182039][ T975] usb 5-1: Using ep0 maxpacket: 16 [ 169.337613][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 169.337635][ T30] audit: type=1400 audit(1750100960.047:302): avc: denied { create } for pid=6936 comm="syz.0.222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 169.363261][ C0] vkms_vblank_simulate: vblank timer overrun [ 169.820747][ T975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.978648][ T6946] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 171.229855][ T6943] binder: 6942:6943 ioctl c0306201 0 returned -14 [ 171.283988][ T975] usb 5-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 171.301921][ T975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.315050][ T975] usb 5-1: config 0 descriptor?? [ 171.741799][ T975] usbhid 5-1:0.0: can't add hid device: -71 [ 171.747811][ T975] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 171.836867][ T30] audit: type=1400 audit(1750100962.557:303): avc: denied { read } for pid=6954 comm="syz.1.226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 171.863947][ T975] usb 5-1: USB disconnect, device number 4 [ 172.235220][ T30] audit: type=1400 audit(1750100962.687:304): avc: denied { write } for pid=6954 comm="syz.1.226" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 172.638300][ T30] audit: type=1400 audit(1750100963.287:305): avc: denied { map } for pid=6963 comm="syz.0.228" path="socket:[12326]" dev="sockfs" ino=12326 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 174.181485][ T6969] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 174.530659][ T30] audit: type=1400 audit(1750100965.257:306): avc: denied { read write } for pid=6976 comm="syz.3.232" name="rdma_cm" dev="devtmpfs" ino=1272 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 175.129775][ T30] audit: type=1400 audit(1750100965.257:307): avc: denied { open } for pid=6976 comm="syz.3.232" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1272 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 175.291800][ T30] audit: type=1400 audit(1750100965.567:308): avc: denied { create } for pid=6977 comm="syz.1.231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 175.358986][ T6987] netlink: 8 bytes leftover after parsing attributes in process `syz.3.234'. [ 175.467443][ T6987] netlink: 12 bytes leftover after parsing attributes in process `syz.3.234'. [ 175.720399][ T30] audit: type=1400 audit(1750100966.447:309): avc: denied { write } for pid=7002 comm="syz.2.237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 176.011773][ T5875] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 176.029739][ T30] audit: type=1400 audit(1750100966.757:310): avc: denied { getopt } for pid=7007 comm="syz.3.239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 176.767213][ T5875] usb 5-1: Using ep0 maxpacket: 16 [ 176.820800][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.934049][ T5875] usb 5-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 177.039024][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.334593][ T5875] usb 5-1: config 0 descriptor?? [ 177.700238][ T30] audit: type=1400 audit(1750100968.427:311): avc: denied { create } for pid=7020 comm="syz.2.242" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 177.732525][ T7017] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 177.984594][ T7006] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.014484][ T7006] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.588905][ T7034] netlink: 8 bytes leftover after parsing attributes in process `syz.3.246'. [ 178.598801][ T7034] netlink: 12 bytes leftover after parsing attributes in process `syz.3.246'. [ 178.733544][ T7006] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.896198][ T7006] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.947886][ T5875] usbhid 5-1:0.0: can't add hid device: -71 [ 178.954006][ T5875] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 178.964479][ T5875] usb 5-1: USB disconnect, device number 5 [ 179.631031][ T30] audit: type=1400 audit(1750100970.157:312): avc: denied { connect } for pid=7045 comm="syz.1.247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 179.829490][ T30] audit: type=1400 audit(1750100970.157:313): avc: denied { write } for pid=7045 comm="syz.1.247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 180.111846][ T30] audit: type=1400 audit(1750100970.817:314): avc: denied { mount } for pid=7056 comm="syz.4.250" name="/" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 180.753034][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 180.778929][ T30] audit: type=1400 audit(1750100971.427:315): avc: denied { block_suspend } for pid=7063 comm="syz.1.252" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 181.064487][ T30] audit: type=1400 audit(1750100971.767:316): avc: denied { unmount } for pid=5830 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 181.282143][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 181.895283][ T9] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 183.215623][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.384209][ T9] usb 4-1: Product: syz [ 183.388493][ T9] usb 4-1: Manufacturer: syz [ 183.431998][ T30] audit: type=1400 audit(1750100974.097:317): avc: denied { bind } for pid=7073 comm="syz.4.255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 183.456498][ T30] audit: type=1400 audit(1750100974.097:318): avc: denied { name_bind } for pid=7073 comm="syz.4.255" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 183.462747][ T9] usb 4-1: SerialNumber: syz [ 183.479853][ T30] audit: type=1400 audit(1750100974.097:319): avc: denied { node_bind } for pid=7073 comm="syz.4.255" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 183.560143][ T30] audit: type=1400 audit(1750100974.157:320): avc: denied { create } for pid=7079 comm="syz.2.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 183.565517][ T9] usb 4-1: config 0 descriptor?? [ 183.653173][ T30] audit: type=1400 audit(1750100974.247:321): avc: denied { connect } for pid=7079 comm="syz.2.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 183.671397][ T9] usb 4-1: can't set config #0, error -71 [ 183.732986][ T9] usb 4-1: USB disconnect, device number 4 [ 183.769696][ T7089] syz_tun: entered allmulticast mode [ 183.860266][ T7089] syz_tun: left allmulticast mode [ 183.956539][ T5875] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 184.171777][ T5875] usb 5-1: Using ep0 maxpacket: 32 [ 184.188809][ T5875] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 184.210441][ T5875] usb 5-1: config 0 has no interface number 0 [ 184.237852][ T5875] usb 5-1: config 0 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 184.270675][ T5875] usb 5-1: config 0 interface 1 has no altsetting 0 [ 184.289799][ T5875] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 184.309734][ T5875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.331299][ T5875] usb 5-1: Product: syz [ 184.336642][ T5875] usb 5-1: Manufacturer: syz [ 184.375826][ T5875] usb 5-1: SerialNumber: syz [ 184.407678][ T5875] usb 5-1: config 0 descriptor?? [ 184.724661][ T7086] process 'syz.4.258' launched './file1' with NULL argv: empty string added [ 184.740218][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 184.740234][ T30] audit: type=1400 audit(1750100975.467:326): avc: denied { execute_no_trans } for pid=7084 comm="syz.4.258" path="/50/file1" dev="tmpfs" ino=281 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 184.927031][ T30] audit: type=1400 audit(1750100975.657:327): avc: denied { connect } for pid=7084 comm="syz.4.258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 185.218827][ T30] audit: type=1400 audit(1750100975.947:328): avc: denied { unlink } for pid=7121 comm="syz.0.267" name="#1" dev="tmpfs" ino=283 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 185.233777][ T7122] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 185.585135][ T30] audit: type=1400 audit(1750100976.317:329): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 186.695065][ T5875] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 186.739708][ T5875] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 187.052006][ T5829] Bluetooth: hci4: command 0x0405 tx timeout [ 187.100939][ T5875] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 187.113290][ T5875] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 187.122037][ T5875] usb 5-1: media controller created [ 187.148635][ T5875] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 188.131803][ T5875] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 188.139422][ T5875] zl10353_read_register: readreg error (reg=127, ret==-71) [ 188.356697][ T5875] usb 5-1: selecting invalid altsetting 0 [ 188.372183][ T5875] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 188.487493][ T7147] syz_tun: entered allmulticast mode [ 188.496580][ T5875] usb 5-1: USB disconnect, device number 6 [ 188.564415][ T7147] syz_tun: left allmulticast mode [ 188.812842][ T5908] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 189.091723][ T5908] usb 1-1: Using ep0 maxpacket: 8 [ 190.976446][ T5908] usb 1-1: unable to get BOS descriptor or descriptor too short [ 191.014533][ T5908] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 191.062170][ T5908] usb 1-1: can't read configurations, error -71 [ 191.799059][ T7178] loop6: detected capacity change from 0 to 524287999 [ 192.055828][ T30] audit: type=1400 audit(1750100982.787:330): avc: denied { write } for pid=7180 comm="syz.2.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 192.057787][ T7181] netlink: 'syz.2.283': attribute type 1 has an invalid length. [ 192.226999][ T7186] netlink: 28 bytes leftover after parsing attributes in process `syz.2.283'. [ 192.280734][ T7181] 8021q: adding VLAN 0 to HW filter on device bond2 [ 192.388272][ T7181] bond1: (slave bond2): making interface the new active one [ 192.401901][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 192.484882][ T7181] bond1: (slave bond2): Enslaving as an active interface with an up link [ 192.572535][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 192.582469][ T7186] 8021q: adding VLAN 0 to HW filter on device bond1 [ 192.590993][ T9] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 192.600324][ T30] audit: type=1400 audit(1750100983.317:331): avc: denied { setopt } for pid=7189 comm="syz.0.285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 192.615190][ T7190] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 192.619930][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.663579][ T30] audit: type=1400 audit(1750100983.327:332): avc: denied { mount } for pid=7189 comm="syz.0.285" name="/" dev="ramfs" ino=12892 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 192.697325][ T9] usb 2-1: Product: syz [ 192.718424][ T9] usb 2-1: Manufacturer: syz [ 192.726755][ T9] usb 2-1: SerialNumber: syz [ 192.745331][ T30] audit: type=1400 audit(1750100983.467:333): avc: denied { create } for pid=7193 comm="syz.4.286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 192.766140][ T9] usb 2-1: config 0 descriptor?? [ 192.773837][ T30] audit: type=1400 audit(1750100983.477:334): avc: denied { ioctl } for pid=7193 comm="syz.4.286" path="socket:[12898]" dev="sockfs" ino=12898 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 193.106009][ T9] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 193.120790][ T30] audit: type=1400 audit(1750100983.477:335): avc: denied { getopt } for pid=7193 comm="syz.4.286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 193.188005][ T7199] syz_tun: entered allmulticast mode [ 193.199854][ T7190] usb usb8: usbfs: process 7190 (syz.0.285) did not claim interface 0 before use [ 193.285509][ T7199] syz_tun: left allmulticast mode [ 193.309502][ T30] audit: type=1400 audit(1750100983.697:336): avc: denied { create } for pid=7189 comm="syz.0.285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 193.350980][ T30] audit: type=1400 audit(1750100983.927:337): avc: denied { append } for pid=7189 comm="syz.0.285" name="pfkey" dev="proc" ino=4026533158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 193.472027][ T30] audit: type=1400 audit(1750100984.207:338): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 194.597528][ T9] gspca_sunplus: reg_w_riv err -110 [ 194.598791][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.607089][ T9] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 194.610202][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.641945][ T7210] binder: 7203:7210 ioctl c0306201 200000000640 returned -22 [ 195.437703][ T9] usb 2-1: USB disconnect, device number 4 [ 196.713554][ T5141] Bluetooth: hci1: command 0x0406 tx timeout [ 196.719645][ T5141] Bluetooth: hci4: command 0x0405 tx timeout [ 196.725659][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 196.731716][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 196.737689][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 196.921250][ T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 197.259578][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 197.465158][ T7233] Process accounting resumed [ 197.950979][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 198.093445][ T7242] tipc: Started in network mode [ 198.098674][ T7242] tipc: Node identity 8, cluster identity 4711 [ 198.105061][ T7242] tipc: Node number set to 8 [ 198.283042][ T7215] syz.4.293: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 198.455711][ T7215] CPU: 0 UID: 0 PID: 7215 Comm: syz.4.293 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 198.455745][ T7215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.455758][ T7215] Call Trace: [ 198.455764][ T7215] [ 198.455772][ T7215] dump_stack_lvl+0x16c/0x1f0 [ 198.455809][ T7215] warn_alloc+0x248/0x3a0 [ 198.455840][ T7215] ? __pfx_warn_alloc+0x10/0x10 [ 198.455876][ T7215] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 198.455896][ T7215] ? __vmalloc_node_noprof+0xad/0xf0 [ 198.455921][ T7215] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 198.455951][ T7215] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 198.455977][ T7215] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 198.456006][ T7215] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 198.456024][ T7215] vmalloc_user_noprof+0x9e/0xe0 [ 198.456042][ T7215] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 198.456062][ T7215] vb2_vmalloc_alloc+0x135/0x3f0 [ 198.456083][ T7215] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 198.456102][ T7215] __vb2_queue_alloc+0x8c6/0x1280 [ 198.456148][ T7215] vb2_core_reqbufs+0xa90/0xfe0 [ 198.456173][ T7215] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 198.456190][ T7215] ? __pfx___mutex_trylock_common+0x10/0x10 [ 198.456224][ T7215] ? __pfx___might_resched+0x10/0x10 [ 198.456259][ T7215] ? trace_contention_end+0xdd/0x130 [ 198.456289][ T7215] ? __mutex_lock+0x1ca/0xb90 [ 198.456323][ T7215] vb2_reqbufs+0x1a3/0x1f0 [ 198.456350][ T7215] ? __pfx_vb2_reqbufs+0x10/0x10 [ 198.456375][ T7215] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 198.456398][ T7215] ? kasan_quarantine_put+0x10a/0x240 [ 198.456424][ T7215] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 198.456449][ T7215] v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0 [ 198.456481][ T7215] v4l_reqbufs+0x14f/0x1e0 [ 198.456504][ T7215] __video_do_ioctl+0xb40/0xfc0 [ 198.456532][ T7215] ? __might_fault+0xe3/0x190 [ 198.456556][ T7215] ? __pfx___video_do_ioctl+0x10/0x10 [ 198.456591][ T7215] video_usercopy+0x4d0/0x1720 [ 198.456618][ T7215] ? __pfx___video_do_ioctl+0x10/0x10 [ 198.456641][ T7215] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 198.456672][ T7215] ? __pfx_video_usercopy+0x10/0x10 [ 198.456714][ T7215] v4l2_ioctl+0x1ba/0x250 [ 198.456737][ T7215] ? __pfx_v4l2_ioctl+0x10/0x10 [ 198.456761][ T7215] __x64_sys_ioctl+0x18e/0x210 [ 198.456785][ T7215] do_syscall_64+0xcd/0x4c0 [ 198.456817][ T7215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.456836][ T7215] RIP: 0033:0x7ff9cfb8e929 [ 198.456854][ T7215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.456872][ T7215] RSP: 002b:00007ff9d0a3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 198.456893][ T7215] RAX: ffffffffffffffda RBX: 00007ff9cfdb5fa0 RCX: 00007ff9cfb8e929 [ 198.456906][ T7215] RDX: 0000200000000240 RSI: 00000000c0145608 RDI: 0000000000000003 [ 198.456917][ T7215] RBP: 00007ff9cfc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 198.456929][ T7215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.456941][ T7215] R13: 0000000000000000 R14: 00007ff9cfdb5fa0 R15: 00007fff01f4aad8 [ 198.456967][ T7215] [ 198.985070][ T7215] Mem-Info: [ 198.995242][ T7215] active_anon:8939 inactive_anon:0 isolated_anon:0 [ 198.995242][ T7215] active_file:1931 inactive_file:40582 isolated_file:0 [ 198.995242][ T7215] unevictable:2816 dirty:418 writeback:0 [ 198.995242][ T7215] slab_reclaimable:11322 slab_unreclaimable:99052 [ 198.995242][ T7215] mapped:32289 shmem:1368 pagetables:1484 [ 198.995242][ T7215] sec_pagetables:0 bounce:0 [ 198.995242][ T7215] kernel_misc_reclaimable:0 [ 198.995242][ T7215] free:1297736 free_pcp:23495 free_cma:0 [ 199.041045][ T7215] Node 0 active_anon:35756kB inactive_anon:0kB active_file:7724kB inactive_file:162128kB unevictable:9728kB isolated(anon):0kB isolated(file):0kB mapped:129156kB dirty:1672kB writeback:0kB shmem:3936kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12336kB pagetables:5800kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 199.074526][ T7215] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 199.108821][ T7215] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 199.140535][ T7215] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 199.146441][ T7215] Node 0 DMA32 free:1289388kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:35748kB inactive_anon:0kB active_file:7724kB inactive_file:160792kB unevictable:9728kB writepending:1672kB present:3129332kB managed:2540624kB mlocked:8192kB bounce:0kB free_pcp:60868kB local_pcp:39672kB free_cma:0kB [ 199.185555][ T7215] lowmem_reserve[]: 0 0 1 1 1 [ 199.190416][ T7215] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:1336kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB [ 199.220109][ T7215] lowmem_reserve[]: 0 0 0 0 0 [ 199.224894][ T7215] Node 1 Normal free:3885980kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:32800kB local_pcp:16652kB free_cma:0kB [ 199.256467][ T5908] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 199.272600][ T7215] lowmem_reserve[]: 0 0 0 0 0 [ 199.277646][ T7215] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 199.292559][ T7215] Node 0 DMA32: 2*4kB (UM) 2*8kB (UM) 0*16kB 124*32kB (UE) 45*64kB (UME) 205*128kB (UME) 157*256kB (UM) 99*512kB (U) 42*1024kB (UME) 4*2048kB (UM) 272*4096kB (UM) = 1289304kB [ 199.316189][ T7215] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 199.329891][ T7215] Node 1 Normal: 165*4kB (UME) 43*8kB (UME) 49*16kB (UME) 61*32kB (UME) 28*64kB (UME) 10*128kB (UME) 5*256kB (UME) 4*512kB (UE) 1*1024kB (M) 2*2048kB (UE) 945*4096kB (M) = 3885980kB [ 199.353425][ T7215] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 199.363672][ T7215] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 199.427648][ T7215] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 199.437804][ T5901] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 199.446779][ T5908] usb 4-1: Using ep0 maxpacket: 8 [ 199.458378][ T5908] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 199.471726][ T5908] usb 4-1: can't read configurations, error -61 [ 199.487305][ T7215] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 199.529806][ T7215] 43877 total pagecache pages [ 199.535079][ T7215] 0 pages in swap cache [ 199.539366][ T7215] Free swap = 124996kB [ 199.546538][ T7215] Total swap = 124996kB [ 199.551629][ T7215] 2097051 pages RAM [ 199.556287][ T7215] 0 pages HighMem/MovableOnly [ 199.561221][ T7215] 429917 pages reserved [ 199.570805][ T7215] 0 pages cma reserved [ 199.605728][ T5901] usb 1-1: Using ep0 maxpacket: 16 [ 199.624164][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 199.635560][ T5901] usb 1-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 199.652654][ T5908] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 199.669302][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.988410][ T5901] usb 1-1: config 0 descriptor?? [ 200.063903][ T9] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 200.084069][ T5908] usb 4-1: Using ep0 maxpacket: 8 [ 200.092264][ T5908] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 200.100359][ T5908] usb 4-1: can't read configurations, error -61 [ 200.113046][ T9] usb 5-1: can't read configurations, error -71 [ 200.350384][ T5908] usb usb4-port1: attempt power cycle [ 200.564820][ T7247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 200.573884][ T7247] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 200.711389][ T7247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 200.720389][ T7247] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 201.563987][ T5908] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 201.618204][ T5901] usbhid 1-1:0.0: can't add hid device: -71 [ 201.627720][ T5901] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 201.656255][ T5901] usb 1-1: USB disconnect, device number 8 [ 201.811737][ T5908] usb 4-1: device not accepting address 7, error -71 [ 201.872256][ T5875] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 202.031815][ T5875] usb 3-1: Using ep0 maxpacket: 8 [ 202.039625][ T5875] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 202.049383][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.057548][ T5875] usb 3-1: Product: syz [ 202.062733][ T5875] usb 3-1: Manufacturer: syz [ 202.063928][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 202.067329][ T5875] usb 3-1: SerialNumber: syz [ 202.082129][ T5875] usb 3-1: config 0 descriptor?? [ 202.192196][ T5908] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 202.223702][ T5901] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 202.425625][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 202.425668][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 202.425710][ T9] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 202.425731][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.471229][ T5875] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 202.475414][ T5908] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 202.475440][ T5908] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 202.616491][ T5908] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 202.775724][ T9] usb 5-1: config 0 descriptor?? [ 203.197602][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 203.205937][ T5908] usb 4-1: SerialNumber: syz [ 203.274823][ T7280] cgroup: name respecified [ 203.351772][ T5901] usb 2-1: Using ep0 maxpacket: 32 [ 203.360467][ T5901] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 203.372250][ T5901] usb 2-1: config 0 has no interface number 0 [ 203.389466][ T5901] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 203.400067][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.414416][ T9] lenovo 0003:17EF:6047.0002: unknown main item tag 0x0 [ 203.435350][ T5901] usb 2-1: Product: syz [ 203.440251][ T30] audit: type=1400 audit(1750100994.167:339): avc: denied { mount } for pid=7264 comm="syz.3.307" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 203.464848][ T5901] usb 2-1: Manufacturer: syz [ 203.470587][ T9] lenovo 0003:17EF:6047.0002: unknown main item tag 0x0 [ 203.543453][ T5901] usb 2-1: SerialNumber: syz [ 203.549448][ T9] lenovo 0003:17EF:6047.0002: unknown main item tag 0x0 [ 203.557393][ T9] lenovo 0003:17EF:6047.0002: unknown main item tag 0x0 [ 203.567483][ T5901] usb 2-1: config 0 descriptor?? [ 203.575814][ T7285] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 203.580171][ T9] lenovo 0003:17EF:6047.0002: unknown main item tag 0x0 [ 203.592325][ T7285] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 203.623192][ T9] lenovo 0003:17EF:6047.0002: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.4-1/input0 [ 203.645124][ T5875] gspca_sunplus: reg_w_riv err -71 [ 203.650663][ T5875] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 203.689744][ T5875] usb 3-1: USB disconnect, device number 10 [ 203.724156][ T5908] usb 4-1: 0:2 : does not exist [ 203.774078][ T5908] usb 4-1: USB disconnect, device number 8 [ 203.871319][ T6044] udevd[6044]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 204.330784][ T7294] netlink: 8 bytes leftover after parsing attributes in process `syz.0.315'. [ 204.332695][ T5901] radio-si470x 2-1:0.35: si470x_get_report: usb_control_msg returned -110 [ 204.400356][ T5901] radio-si470x 2-1:0.35: probe with driver radio-si470x failed with error -5 [ 204.510784][ T30] audit: type=1400 audit(1750100995.237:340): avc: denied { mount } for pid=7260 comm="syz.4.305" name="/" dev="configfs" ino=1065 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 204.531455][ T7271] netlink: 'syz.1.310': attribute type 27 has an invalid length. [ 204.551315][ T5901] radio-raremono 2-1:0.35: this is not Thanko's Raremono. [ 204.606810][ T30] audit: type=1400 audit(1750100995.287:341): avc: denied { search } for pid=7260 comm="syz.4.305" name="/" dev="configfs" ino=1065 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 204.691242][ T9] lenovo 0003:17EF:6047.0002: Fn-lock setting failed: -71 [ 204.724041][ T9] lenovo 0003:17EF:6047.0002: Sensitivity setting failed: -71 [ 204.749052][ T30] audit: type=1400 audit(1750100995.287:342): avc: denied { search } for pid=7260 comm="syz.4.305" name="/" dev="configfs" ino=1065 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 204.898320][ T9] usb 5-1: USB disconnect, device number 8 [ 205.891309][ T30] audit: type=1400 audit(1750100995.307:343): avc: denied { ioctl } for pid=7270 comm="syz.1.310" path="socket:[13434]" dev="sockfs" ino=13434 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 206.047857][ T5901] usb 2-1: USB disconnect, device number 5 [ 206.551847][ T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 207.711765][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 207.718844][ T9] usb 5-1: config 8 has an invalid interface number: 203 but max is 0 [ 207.727351][ T9] usb 5-1: config 8 has no interface number 0 [ 207.733601][ T9] usb 5-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83 [ 207.771739][ T9] usb 5-1: config 8 interface 203 altsetting 1 endpoint 0x83 has invalid maxpacket 1040, setting to 1024 [ 207.847833][ T9] usb 5-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024 [ 207.914408][ T9] usb 5-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023 [ 207.951481][ T9] usb 5-1: config 8 interface 203 altsetting 1 endpoint 0xD has invalid wMaxPacketSize 0 [ 208.006192][ T9] usb 5-1: config 8 interface 203 has no altsetting 0 [ 208.046144][ T9] usb 5-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 208.075785][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.110803][ T9] usb 5-1: Product: syz [ 208.231864][ T9] usb 5-1: Manufacturer: syz [ 208.240286][ T9] usb 5-1: SerialNumber: syz [ 209.825530][ T9] usb 5-1: can't set config #8, error -71 [ 209.935153][ T9] usb 5-1: USB disconnect, device number 9 [ 210.037229][ T7352] tipc: Started in network mode [ 210.042689][ T7352] tipc: Node identity 8, cluster identity 4711 [ 210.049027][ T7352] tipc: Node number set to 8 [ 210.430903][ T7363] netlink: 8 bytes leftover after parsing attributes in process `syz.4.332'. [ 211.698707][ T7370] netlink: 8 bytes leftover after parsing attributes in process `syz.2.333'. [ 211.714681][ T7370] netlink: 12 bytes leftover after parsing attributes in process `syz.2.333'. [ 212.511712][ T30] audit: type=1400 audit(1750101002.427:344): avc: denied { execute } for pid=7358 comm="syz.0.331" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=13170 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 212.559641][ T7377] netlink: 8 bytes leftover after parsing attributes in process `syz.1.334'. [ 212.614451][ T7377] netlink: 12 bytes leftover after parsing attributes in process `syz.1.334'. [ 212.627748][ T7362] team0: Port device team_slave_1 removed [ 213.051854][ T5875] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 213.281733][ T5875] usb 3-1: Using ep0 maxpacket: 16 [ 213.492473][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 213.931993][ T5875] usb 3-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 213.941808][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.973617][ T5875] usb 3-1: config 0 descriptor?? [ 215.114497][ T7385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 215.134074][ T7385] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 215.357212][ T7385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 215.394776][ T7385] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 215.711549][ T30] audit: type=1326 audit(1750101006.377:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7409 comm="syz.1.342" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f419af8e929 code=0x0 [ 215.869983][ T5875] usbhid 3-1:0.0: can't add hid device: -71 [ 216.399890][ T5875] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 216.417008][ T5875] usb 3-1: USB disconnect, device number 11 [ 218.744519][ T30] audit: type=1400 audit(1750101008.847:346): avc: denied { ioctl } for pid=7428 comm="syz.4.346" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 218.889919][ T7440] syz_tun: entered allmulticast mode [ 219.140551][ T7440] syz_tun: left allmulticast mode [ 219.516491][ T7457] FAULT_INJECTION: forcing a failure. [ 219.516491][ T7457] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 219.627182][ T7457] CPU: 0 UID: 0 PID: 7457 Comm: syz.4.354 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 219.627211][ T7457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.627220][ T7457] Call Trace: [ 219.627226][ T7457] [ 219.627233][ T7457] dump_stack_lvl+0x16c/0x1f0 [ 219.627265][ T7457] should_fail_ex+0x512/0x640 [ 219.627293][ T7457] _copy_to_user+0x32/0xd0 [ 219.627322][ T7457] snd_ctl_elem_list+0x444/0x520 [ 219.627348][ T7457] ? __pfx_snd_ctl_elem_list+0x10/0x10 [ 219.627365][ T7457] ? __might_fault+0xe3/0x190 [ 219.627400][ T7457] snd_ctl_ioctl+0x94f/0x1320 [ 219.627422][ T7457] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 219.627448][ T7457] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 219.627476][ T7457] ? hook_file_ioctl_common+0x145/0x410 [ 219.627499][ T7457] ? selinux_file_ioctl+0x180/0x270 [ 219.627520][ T7457] ? selinux_file_ioctl+0xb4/0x270 [ 219.627541][ T7457] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 219.627566][ T7457] __x64_sys_ioctl+0x18e/0x210 [ 219.627588][ T7457] do_syscall_64+0xcd/0x4c0 [ 219.627615][ T7457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.627632][ T7457] RIP: 0033:0x7ff9cfb8e929 [ 219.627647][ T7457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.627663][ T7457] RSP: 002b:00007ff9d0a3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 219.627681][ T7457] RAX: ffffffffffffffda RBX: 00007ff9cfdb5fa0 RCX: 00007ff9cfb8e929 [ 219.627692][ T7457] RDX: 0000200000000140 RSI: 00000000c0505510 RDI: 0000000000000003 [ 219.627702][ T7457] RBP: 00007ff9d0a3e090 R08: 0000000000000000 R09: 0000000000000000 [ 219.627711][ T7457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.627721][ T7457] R13: 0000000000000000 R14: 00007ff9cfdb5fa0 R15: 00007fff01f4aad8 [ 219.627746][ T7457] [ 219.814326][ C0] vkms_vblank_simulate: vblank timer overrun [ 221.309439][ T7472] netlink: 8 bytes leftover after parsing attributes in process `syz.2.356'. [ 221.380768][ T7472] : entered promiscuous mode [ 221.820967][ T7460] SELinux: security_context_str_to_sid (5] S9q#) failed with errno=-22 [ 221.841704][ T30] audit: type=1400 audit(1750101012.057:347): avc: denied { remove_name } for pid=7465 comm="syz.4.357" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 222.069883][ T30] audit: type=1400 audit(1750101012.057:348): avc: denied { unlink } for pid=7465 comm="syz.4.357" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 222.095862][ T30] audit: type=1400 audit(1750101012.747:349): avc: denied { firmware_load } for pid=7458 comm="syz.0.355" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 222.131848][ T5954] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 222.351728][ T30] audit: type=1400 audit(1750101013.077:350): avc: denied { write } for pid=7473 comm="syz.4.360" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 222.427583][ T7479] random: crng reseeded on system resumption [ 222.434616][ T5954] usb 4-1: Using ep0 maxpacket: 16 [ 222.450231][ T5954] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.464173][ T5954] usb 4-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 222.572336][ T5954] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.583926][ T30] audit: type=1400 audit(1750101013.157:351): avc: denied { write } for pid=7473 comm="syz.4.360" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 222.596208][ T5954] usb 4-1: config 0 descriptor?? [ 223.341975][ T7460] syz.0.355 (7460) used greatest stack depth: 19800 bytes left [ 223.423495][ T7488] netlink: 8 bytes leftover after parsing attributes in process `syz.1.363'. [ 224.716872][ T7470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.173576][ T7470] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.333467][ T7470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.367209][ T7470] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.498855][ T7503] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 225.935338][ T5954] usbhid 4-1:0.0: can't add hid device: -71 [ 226.495445][ T7511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.367'. [ 226.549842][ T7511] : entered promiscuous mode [ 226.752952][ T5954] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 226.766215][ T5954] usb 4-1: USB disconnect, device number 9 [ 227.291734][ T30] audit: type=1400 audit(1750101018.017:352): avc: denied { name_bind } for pid=7517 comm="syz.3.369" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 227.473217][ T7520] FAULT_INJECTION: forcing a failure. [ 227.473217][ T7520] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.547761][ T7520] CPU: 1 UID: 0 PID: 7520 Comm: syz.3.370 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 227.547790][ T7520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 227.547801][ T7520] Call Trace: [ 227.547808][ T7520] [ 227.547816][ T7520] dump_stack_lvl+0x16c/0x1f0 [ 227.547852][ T7520] should_fail_ex+0x512/0x640 [ 227.547886][ T7520] _copy_to_user+0x32/0xd0 [ 227.547914][ T7520] simple_read_from_buffer+0xcb/0x170 [ 227.547940][ T7520] proc_fail_nth_read+0x197/0x270 [ 227.547966][ T7520] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 227.547989][ T7520] ? rw_verify_area+0xcf/0x680 [ 227.548009][ T7520] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 227.548030][ T7520] vfs_read+0x1e1/0xc60 [ 227.548056][ T7520] ? __pfx___mutex_lock+0x10/0x10 [ 227.548083][ T7520] ? __pfx_vfs_read+0x10/0x10 [ 227.548117][ T7520] ? __fget_files+0x20e/0x3c0 [ 227.548153][ T7520] ksys_read+0x12a/0x250 [ 227.548174][ T7520] ? __pfx_ksys_read+0x10/0x10 [ 227.548195][ T7520] ? fput+0x70/0xf0 [ 227.548230][ T7520] do_syscall_64+0xcd/0x4c0 [ 227.548259][ T7520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.548278][ T7520] RIP: 0033:0x7f3c7ed8d33c [ 227.548292][ T7520] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 227.548309][ T7520] RSP: 002b:00007f3c7fb1f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 227.548327][ T7520] RAX: ffffffffffffffda RBX: 00007f3c7efb5fa0 RCX: 00007f3c7ed8d33c [ 227.548338][ T7520] RDX: 000000000000000f RSI: 00007f3c7fb1f0a0 RDI: 0000000000000004 [ 227.548349][ T7520] RBP: 00007f3c7fb1f090 R08: 0000000000000000 R09: 0000000000000000 [ 227.548359][ T7520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.548369][ T7520] R13: 0000000000000000 R14: 00007f3c7efb5fa0 R15: 00007ffcd3c9ff88 [ 227.548394][ T7520] [ 227.734435][ C1] vkms_vblank_simulate: vblank timer overrun [ 228.149687][ T7533] netlink: 8 bytes leftover after parsing attributes in process `syz.0.374'. [ 228.159003][ T7533] netlink: 12 bytes leftover after parsing attributes in process `syz.0.374'. [ 229.115543][ T30] audit: type=1400 audit(1750101019.847:353): avc: denied { ioctl } for pid=7538 comm="syz.3.377" path="socket:[13989]" dev="sockfs" ino=13989 ioctlcmd=0x9367 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 229.141133][ T7542] xt_hashlimit: max too large, truncated to 1048576 [ 229.186674][ T7546] netlink: 8 bytes leftover after parsing attributes in process `syz.1.375'. [ 230.429253][ T5948] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 230.635211][ T5948] usb 4-1: Using ep0 maxpacket: 16 [ 230.641402][ T30] audit: type=1400 audit(1750101021.357:354): avc: denied { create } for pid=7561 comm="syz.1.382" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 230.776381][ T5948] usb 4-1: config index 0 descriptor too short (expected 42, got 18) [ 230.795529][ T5948] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 219, using maximum allowed: 30 [ 231.270275][ T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 231.346258][ T5948] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 219 [ 231.516268][ T5948] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice= 7.06 [ 231.573170][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 231.576176][ T5948] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 231.630767][ T5948] usb 4-1: Product: syz [ 231.650958][ T9] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 231.660421][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.679494][ T9] usb 1-1: Product: syz [ 231.685084][ T9] usb 1-1: Manufacturer: syz [ 231.694588][ T9] usb 1-1: SerialNumber: syz [ 231.710633][ T9] usb 1-1: config 0 descriptor?? [ 231.719752][ T7574] netlink: 8 bytes leftover after parsing attributes in process `syz.1.386'. [ 231.730894][ T7574] netlink: 12 bytes leftover after parsing attributes in process `syz.1.386'. [ 231.788950][ T5948] usb 4-1: SerialNumber: syz [ 231.825613][ T5948] r8152-cfgselector 4-1: Unknown version 0x0000 [ 231.856458][ T5948] r8152-cfgselector 4-1: config 0 descriptor?? [ 232.335444][ T9] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 233.054600][ T5948] r8152-cfgselector 4-1: can't set config #0, error -71 [ 233.412460][ T5948] r8152-cfgselector 4-1: USB disconnect, device number 10 [ 234.376933][ T9] gspca_sunplus: reg_w_riv err -71 [ 234.383591][ T9] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 234.396961][ T9] usb 1-1: USB disconnect, device number 9 [ 234.427374][ T7601] netlink: 8 bytes leftover after parsing attributes in process `syz.4.392'. [ 237.318433][ T30] audit: type=1326 audit(1750101028.007:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7617 comm="syz.0.396" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7dd598e929 code=0x0 [ 237.563359][ T7634] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 238.233897][ T7636] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 239.134427][ T7645] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 239.734742][ T30] audit: type=1326 audit(1750101030.417:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7637 comm="syz.3.401" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3c7ed8e929 code=0x0 [ 240.004735][ T30] audit: type=1326 audit(1750101030.557:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7642 comm="syz.0.402" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7dd598e929 code=0x0 [ 240.187853][ T7656] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 241.262983][ T7659] netlink: 8 bytes leftover after parsing attributes in process `syz.1.405'. [ 242.001690][ T30] audit: type=1400 audit(1750101032.727:358): avc: denied { read } for pid=7668 comm="syz.1.408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 242.142641][ T30] audit: type=1400 audit(1750101032.867:359): avc: denied { execute } for pid=7668 comm="syz.1.408" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 242.751827][ T30] audit: type=1326 audit(1750101033.447:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7660 comm="syz.2.406" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8b4e38e929 code=0x0 [ 243.125685][ T7681] FAULT_INJECTION: forcing a failure. [ 243.125685][ T7681] name failslab, interval 1, probability 0, space 0, times 0 [ 243.143794][ T7681] CPU: 1 UID: 0 PID: 7681 Comm: syz.0.411 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 243.143822][ T7681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.143833][ T7681] Call Trace: [ 243.143840][ T7681] [ 243.143847][ T7681] dump_stack_lvl+0x16c/0x1f0 [ 243.143875][ T7681] should_fail_ex+0x512/0x640 [ 243.143897][ T7681] ? fs_reclaim_acquire+0xae/0x150 [ 243.143914][ T7681] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 243.143941][ T7681] should_failslab+0xc2/0x120 [ 243.143964][ T7681] __kmalloc_noprof+0xd2/0x510 [ 243.143984][ T7681] ? trace_kmalloc+0x2b/0xd0 [ 243.144007][ T7681] ? __kmalloc_noprof+0x242/0x510 [ 243.144029][ T7681] tomoyo_realpath_from_path+0xc2/0x6e0 [ 243.144054][ T7681] ? tomoyo_fill_path_info+0x233/0x420 [ 243.144074][ T7681] tomoyo_mount_acl+0x1ae/0x850 [ 243.144093][ T7681] ? kernel_text_address+0x8d/0x100 [ 243.144112][ T7681] ? __kernel_text_address+0xd/0x40 [ 243.144127][ T7681] ? unwind_get_return_address+0x59/0xa0 [ 243.144156][ T7681] ? arch_stack_walk+0xa6/0x100 [ 243.144175][ T7681] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 243.144202][ T7681] ? stack_trace_save+0x8e/0xc0 [ 243.144242][ T7681] ? tomoyo_domain+0xbb/0x150 [ 243.144256][ T7681] ? tomoyo_profile+0x47/0x60 [ 243.144285][ T7681] tomoyo_mount_permission+0x16d/0x420 [ 243.144304][ T7681] ? tomoyo_mount_permission+0x14f/0x420 [ 243.144326][ T7681] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 243.144362][ T7681] security_sb_mount+0x9b/0x260 [ 243.144384][ T7681] path_mount+0x128/0x2020 [ 243.144410][ T7681] ? kmem_cache_free+0x2d1/0x4d0 [ 243.144428][ T7681] ? __pfx_path_mount+0x10/0x10 [ 243.144455][ T7681] ? putname+0x154/0x1a0 [ 243.144481][ T7681] __x64_sys_mount+0x28d/0x310 [ 243.144506][ T7681] ? __pfx___x64_sys_mount+0x10/0x10 [ 243.144537][ T7681] do_syscall_64+0xcd/0x4c0 [ 243.144564][ T7681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.144580][ T7681] RIP: 0033:0x7f7dd598e929 [ 243.144594][ T7681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.144610][ T7681] RSP: 002b:00007f7dd67ba038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 243.144626][ T7681] RAX: ffffffffffffffda RBX: 00007f7dd5bb5fa0 RCX: 00007f7dd598e929 [ 243.144636][ T7681] RDX: 0000200000000540 RSI: 0000200000000500 RDI: 00002000000004c0 [ 243.144645][ T7681] RBP: 00007f7dd67ba090 R08: 0000000000000000 R09: 0000000000000000 [ 243.144655][ T7681] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000001 [ 243.144664][ T7681] R13: 0000000000000000 R14: 00007f7dd5bb5fa0 R15: 00007ffe76acd918 [ 243.144698][ T7681] [ 243.144794][ T7681] ERROR: Out of memory at tomoyo_realpath_from_path. [ 243.437440][ T30] audit: type=1400 audit(1750101034.167:361): avc: denied { mounton } for pid=7678 comm="syz.4.410" path="/78/file0" dev="tmpfs" ino=427 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 243.628711][ T30] audit: type=1400 audit(1750101034.187:362): avc: denied { read append } for pid=7678 comm="syz.4.410" dev="9p" ino=4611686018427387906 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 243.727774][ T30] audit: type=1400 audit(1750101034.187:363): avc: denied { open } for pid=7678 comm="syz.4.410" path="/78/file0" dev="9p" ino=4611686018427387906 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 243.837428][ T30] audit: type=1800 audit(1750101034.267:364): pid=7679 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.410" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 243.902367][ T7694] syz_tun: entered allmulticast mode [ 244.384735][ T7694] syz_tun: left allmulticast mode [ 244.731492][ T7704] netlink: 8 bytes leftover after parsing attributes in process `syz.2.417'. [ 245.046921][ T7705] netlink: 8 bytes leftover after parsing attributes in process `syz.4.416'. [ 245.983819][ T975] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 246.521889][ T975] usb 4-1: Using ep0 maxpacket: 8 [ 249.413354][ T7707] syz.3.419: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 249.601190][ T7707] CPU: 1 UID: 0 PID: 7707 Comm: syz.3.419 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 249.601221][ T7707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 249.601232][ T7707] Call Trace: [ 249.601238][ T7707] [ 249.601246][ T7707] dump_stack_lvl+0x16c/0x1f0 [ 249.601277][ T7707] warn_alloc+0x248/0x3a0 [ 249.601303][ T7707] ? __pfx_warn_alloc+0x10/0x10 [ 249.601336][ T7707] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 249.601355][ T7707] ? __vmalloc_node_noprof+0xad/0xf0 [ 249.601380][ T7707] __vmalloc_node_range_noprof+0x101b/0x14b0 [ 249.601409][ T7707] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 249.601433][ T7707] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 249.601461][ T7707] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 249.601479][ T7707] vmalloc_user_noprof+0x9e/0xe0 [ 249.601498][ T7707] ? vb2_vmalloc_alloc+0x135/0x3f0 [ 249.601516][ T7707] vb2_vmalloc_alloc+0x135/0x3f0 [ 249.601536][ T7707] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 249.601552][ T7707] __vb2_queue_alloc+0x8c6/0x1280 [ 249.601591][ T7707] vb2_core_reqbufs+0xa90/0xfe0 [ 249.601611][ T7707] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 249.601633][ T7707] ? vb2_verify_memory_type+0x2a3/0x620 [ 249.601657][ T7707] ? vb2_verify_memory_type+0x2db/0x620 [ 249.601692][ T7707] vb2_reqbufs+0x1a3/0x1f0 [ 249.601717][ T7707] ? __pfx_vb2_reqbufs+0x10/0x10 [ 249.601742][ T7707] ? lockdep_hardirqs_on+0x7c/0x110 [ 249.601769][ T7707] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 249.601792][ T7707] v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0 [ 249.601822][ T7707] v4l_reqbufs+0x14f/0x1e0 [ 249.601845][ T7707] __video_do_ioctl+0xb40/0xfc0 [ 249.601872][ T7707] ? __might_fault+0xe3/0x190 [ 249.601893][ T7707] ? __pfx___video_do_ioctl+0x10/0x10 [ 249.601926][ T7707] video_usercopy+0x4d0/0x1720 [ 249.601951][ T7707] ? __pfx___video_do_ioctl+0x10/0x10 [ 249.601975][ T7707] ? __pfx_video_usercopy+0x10/0x10 [ 249.602017][ T7707] v4l2_ioctl+0x1ba/0x250 [ 249.602037][ T7707] ? __pfx_v4l2_ioctl+0x10/0x10 [ 249.602060][ T7707] __x64_sys_ioctl+0x18e/0x210 [ 249.602084][ T7707] do_syscall_64+0xcd/0x4c0 [ 249.602113][ T7707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.602131][ T7707] RIP: 0033:0x7f3c7ed8e929 [ 249.602147][ T7707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.602164][ T7707] RSP: 002b:00007f3c7fb1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 249.602183][ T7707] RAX: ffffffffffffffda RBX: 00007f3c7efb5fa0 RCX: 00007f3c7ed8e929 [ 249.602196][ T7707] RDX: 0000200000000240 RSI: 00000000c0145608 RDI: 0000000000000003 [ 249.602207][ T7707] RBP: 00007f3c7ee10b39 R08: 0000000000000000 R09: 0000000000000000 [ 249.602218][ T7707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 249.602229][ T7707] R13: 0000000000000000 R14: 00007f3c7efb5fa0 R15: 00007ffcd3c9ff88 [ 249.602254][ T7707] [ 250.187639][ T7707] Mem-Info: [ 250.190985][ T7707] active_anon:12337 inactive_anon:0 isolated_anon:0 [ 250.190985][ T7707] active_file:2001 inactive_file:40634 isolated_file:0 [ 250.190985][ T7707] unevictable:768 dirty:440 writeback:0 [ 250.190985][ T7707] slab_reclaimable:11497 slab_unreclaimable:99785 [ 250.190985][ T7707] mapped:36311 shmem:4239 pagetables:1429 [ 250.190985][ T7707] sec_pagetables:3 bounce:0 [ 250.190985][ T7707] kernel_misc_reclaimable:0 [ 250.190985][ T7707] free:1303930 free_pcp:17575 free_cma:0 [ 250.446630][ T7738] netlink: 8 bytes leftover after parsing attributes in process `syz.1.425'. [ 250.494534][ T7738] : entered promiscuous mode [ 250.735013][ T7707] Node 0 active_anon:49248kB inactive_anon:0kB active_file:8004kB inactive_file:162336kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:145244kB dirty:1760kB writeback:0kB shmem:15420kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12548kB pagetables:5380kB sec_pagetables:12kB all_unreclaimable? no Balloon:0kB [ 250.825755][ T7707] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 250.857562][ T7707] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 250.887478][ T7707] lowmem_reserve[]: 0 2481 2482 2482 2482 [ 250.893425][ T7707] Node 0 DMA32 free:1316820kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:49040kB inactive_anon:0kB active_file:8004kB inactive_file:161000kB unevictable:1536kB writepending:1768kB present:3129332kB managed:2540624kB mlocked:0kB bounce:0kB free_pcp:33796kB local_pcp:17436kB free_cma:0kB [ 251.038952][ T7707] lowmem_reserve[]: 0 0 1 1 1 [ 251.046423][ T7707] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:1336kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB [ 251.294062][ T7707] lowmem_reserve[]: 0 0 0 0 0 [ 251.408215][ T7707] Node 1 Normal free:3881896kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:36868kB local_pcp:14340kB free_cma:0kB [ 251.440147][ T7707] lowmem_reserve[]: 0 0 0 0 0 [ 251.445426][ T7707] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 251.458947][ T7707] Node 0 DMA32: 26*4kB (UME) 34*8kB (UME) 26*16kB (UME) 162*32kB (ME) 110*64kB (ME) 284*128kB (UME) 206*256kB (UME) 114*512kB (UME) 51*1024kB (UME) 1*2048kB (E) 267*4096kB (UM) = 1308376kB [ 251.951597][ T975] usb 4-1: unable to get BOS descriptor or descriptor too short [ 252.174015][ T975] usb 4-1: unable to read config index 0 descriptor/start: -32 [ 252.312217][ T7707] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 252.331737][ T975] usb 4-1: chopping to 0 config(s) [ 252.348604][ T975] usb 4-1: can't read configurations, error -32 [ 252.391846][ T7707] Node 1 Normal: 169*4kB (UME) 47*8kB (UME) 50*16kB (UME) 59*32kB (UME) 27*64kB (UME) 7*128kB (UME) 5*256kB (UME) 5*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 944*4096kB (M) = 3881948kB [ 252.531925][ T7707] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 252.541556][ T7707] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 252.565370][ T7707] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 252.592095][ T975] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 253.083592][ T7707] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 253.094112][ T7707] 46871 total pagecache pages [ 253.098912][ T7707] 0 pages in swap cache [ 253.114426][ T7707] Free swap = 124996kB [ 253.119138][ T7707] Total swap = 124996kB [ 253.253185][ T975] usb 4-1: device descriptor read/64, error -32 [ 253.314958][ T7707] 2097051 pages RAM [ 253.349659][ T7707] 0 pages HighMem/MovableOnly [ 253.629199][ T975] usb usb4-port1: attempt power cycle [ 253.831738][ T7707] 429917 pages reserved [ 253.835959][ T7707] 0 pages cma reserved [ 253.956043][ T7770] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.433'. [ 254.062592][ T7773] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 254.896239][ T7779] netlink: 8 bytes leftover after parsing attributes in process `syz.1.434'. [ 255.868342][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.874737][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.741847][ T5954] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 259.416927][ T5954] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 259.443667][ T5954] usb 3-1: config 0 has no interfaces? [ 259.460361][ T5954] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 259.479335][ T5954] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.489321][ T30] audit: type=1400 audit(1750101050.227:365): avc: denied { listen } for pid=7820 comm="syz.4.448" lport=43803 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 259.514565][ T5954] usb 3-1: Product: syz [ 259.518807][ T5954] usb 3-1: Manufacturer: syz [ 259.524738][ T5954] usb 3-1: SerialNumber: syz [ 259.534486][ T5954] usb 3-1: config 0 descriptor?? [ 259.540329][ T30] audit: type=1400 audit(1750101050.267:366): avc: denied { accept } for pid=7820 comm="syz.4.448" lport=43803 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 259.665202][ T30] audit: type=1400 audit(1750101050.337:367): avc: denied { getopt } for pid=7820 comm="syz.4.448" lport=43803 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 259.689659][ T30] audit: type=1400 audit(1750101050.337:368): avc: denied { read } for pid=7820 comm="syz.4.448" lport=43803 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 259.721990][ T975] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 259.901804][ T975] usb 4-1: Using ep0 maxpacket: 16 [ 260.025531][ T7807] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 260.204078][ T7807] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 260.504567][ T975] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.507304][ T9] usb 3-1: USB disconnect, device number 12 [ 260.514569][ T975] usb 4-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 260.514595][ T975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.537058][ T975] usb 4-1: config 0 descriptor?? [ 261.725165][ T5875] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 261.748526][ T7817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.774170][ T7817] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.784356][ T7817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.806231][ T7817] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.875420][ T975] usbhid 4-1:0.0: can't add hid device: -71 [ 261.886043][ T975] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 261.913650][ T975] usb 4-1: USB disconnect, device number 14 [ 261.959480][ T30] audit: type=1400 audit(1750101052.687:369): avc: denied { map } for pid=7848 comm="syz.1.455" path="socket:[15336]" dev="sockfs" ino=15336 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 261.987687][ T5875] usb 1-1: Using ep0 maxpacket: 16 [ 262.013737][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 262.035731][ T7854] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 262.047512][ T7854] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 262.068401][ T30] audit: type=1400 audit(1750101052.767:370): avc: denied { remount } for pid=7848 comm="syz.1.455" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 262.090143][ T5875] usb 1-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 262.099917][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.114560][ T5875] usb 1-1: config 0 descriptor?? [ 262.802617][ T7837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 262.814389][ T7837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 262.854095][ T7837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 262.869592][ T7837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 262.947268][ T5875] usbhid 1-1:0.0: can't add hid device: -71 [ 262.968282][ T5875] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 263.759082][ T5875] usb 1-1: USB disconnect, device number 10 [ 264.514476][ T30] audit: type=1400 audit(1750101055.247:371): avc: denied { listen } for pid=7873 comm="syz.3.460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 264.711076][ T30] audit: type=1400 audit(1750101055.247:372): avc: denied { bind } for pid=7873 comm="syz.3.460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 265.742168][ T5901] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 265.981818][ T30] audit: type=1326 audit(1750101056.597:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7891 comm="syz.0.466" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7dd598e929 code=0x0 [ 266.051765][ T5901] usb 5-1: Using ep0 maxpacket: 8 [ 266.060496][ T5901] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 266.071662][ T5901] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.086201][ T5901] usb 5-1: Product: syz [ 266.092336][ T5901] usb 5-1: Manufacturer: syz [ 266.097073][ T5901] usb 5-1: SerialNumber: syz [ 266.120636][ T5901] usb 5-1: config 0 descriptor?? [ 266.136431][ T7897] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=16443 sclass=netlink_xfrm_socket pid=7897 comm=syz.1.467 [ 266.382333][ T42] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 266.522362][ T5901] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 266.635258][ T42] usb 3-1: Using ep0 maxpacket: 8 [ 266.682970][ T42] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 266.711083][ T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.738521][ T42] usb 3-1: Product: syz [ 266.752566][ T5948] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 266.760814][ T42] usb 3-1: Manufacturer: syz [ 266.774117][ T42] usb 3-1: SerialNumber: syz [ 266.792171][ T7905] loop6: detected capacity change from 0 to 524287999 [ 266.819211][ T5948] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 266.830546][ T42] usb 3-1: config 0 descriptor?? [ 267.031813][ T7911] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 267.182699][ T42] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 267.431251][ T5901] gspca_sunplus: reg_w_riv err -110 [ 267.449015][ T5901] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 267.462357][ T42] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 267.508876][ T42] usb 3-1: USB disconnect, device number 13 [ 268.886319][ T5908] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 268.958442][ T9] usb 5-1: USB disconnect, device number 10 [ 269.054279][ T5908] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 269.127224][ T5908] usb 3-1: config 0 interface 0 has no altsetting 0 [ 269.175572][ T5908] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 269.331907][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 269.340151][ T5908] usb 3-1: Product: syz [ 269.344812][ T5908] usb 3-1: Manufacturer: syz [ 269.358791][ T5908] usb 3-1: SerialNumber: syz [ 269.376401][ T5908] usb 3-1: config 0 descriptor?? [ 269.394665][ T5908] usb 3-1: selecting invalid altsetting 0 [ 269.738213][ T7942] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 270.529094][ T30] audit: type=1400 audit(1750101061.257:374): avc: denied { create } for pid=7947 comm="syz.1.479" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 271.323301][ T7961] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 272.201933][ T30] audit: type=1400 audit(1750101062.907:375): avc: denied { unlink } for pid=5826 comm="syz-executor" name="file0" dev="tmpfs" ino=564 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 273.171817][ T5948] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 273.307062][ T42] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 273.481686][ T5948] usb 5-1: Using ep0 maxpacket: 8 [ 273.810060][ T5948] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 273.821795][ T42] usb 1-1: Using ep0 maxpacket: 8 [ 273.831822][ T5948] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.913289][ T5948] usb 5-1: Product: syz [ 273.926860][ T42] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 274.213234][ T5948] usb 5-1: Manufacturer: syz [ 274.217861][ T5948] usb 5-1: SerialNumber: syz [ 274.248303][ T975] usb 3-1: USB disconnect, device number 14 [ 274.254812][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.266277][ T42] usb 1-1: Product: syz [ 274.270603][ T42] usb 1-1: Manufacturer: syz [ 274.280834][ T42] usb 1-1: SerialNumber: syz [ 274.282403][ T5948] usb 5-1: config 0 descriptor?? [ 274.317018][ T42] usb 1-1: config 0 descriptor?? [ 274.469112][ T7984] netlink: 16 bytes leftover after parsing attributes in process `syz.1.489'. [ 274.619302][ T42] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 274.638731][ T5948] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 274.768722][ T42] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 274.975880][ T42] usb 1-1: USB disconnect, device number 11 [ 276.131947][ T5948] gspca_sunplus: reg_w_riv err -110 [ 276.137490][ T5948] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 277.814853][ T8012] FAULT_INJECTION: forcing a failure. [ 277.814853][ T8012] name failslab, interval 1, probability 0, space 0, times 0 [ 277.829655][ T30] audit: type=1400 audit(1750101068.547:376): avc: denied { read } for pid=8010 comm="syz.3.496" name="rtc0" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 277.853614][ T8012] CPU: 1 UID: 0 PID: 8012 Comm: syz.0.497 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 277.853644][ T8012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 277.853655][ T8012] Call Trace: [ 277.853661][ T8012] [ 277.853676][ T8012] dump_stack_lvl+0x16c/0x1f0 [ 277.853708][ T8012] should_fail_ex+0x512/0x640 [ 277.853731][ T8012] ? fs_reclaim_acquire+0xae/0x150 [ 277.853750][ T8012] should_failslab+0xc2/0x120 [ 277.853776][ T8012] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 277.853797][ T8012] ? ima_inode_get+0x120/0x580 [ 277.853822][ T8012] ima_inode_get+0x120/0x580 [ 277.853845][ T8012] process_measurement+0x585/0x23e0 [ 277.853869][ T8012] ? find_held_lock+0x2b/0x80 [ 277.853889][ T8012] ? avc_has_perm_noaudit+0x117/0x3b0 [ 277.853906][ T8012] ? __pfx_process_measurement+0x10/0x10 [ 277.853933][ T8012] ? avc_has_perm+0x11a/0x1c0 [ 277.853949][ T8012] ? __pfx_avc_has_perm+0x10/0x10 [ 277.853986][ T8012] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 277.854009][ T8012] ? inode_to_bdi+0x9e/0x160 [ 277.854034][ T8012] ima_file_check+0xbc/0x100 [ 277.854055][ T8012] ? __pfx_ima_file_check+0x10/0x10 [ 277.854082][ T8012] security_file_post_open+0x8e/0x210 [ 277.854106][ T8012] path_openat+0x1404/0x2cb0 [ 277.854135][ T8012] ? __pfx_path_openat+0x10/0x10 [ 277.854157][ T8012] ? __lock_acquire+0xb8a/0x1c90 [ 277.854183][ T8012] do_filp_open+0x20b/0x470 [ 277.854204][ T8012] ? __pfx_do_filp_open+0x10/0x10 [ 277.854242][ T8012] ? alloc_fd+0x471/0x7d0 [ 277.854269][ T8012] do_sys_openat2+0x11b/0x1d0 [ 277.854285][ T8012] ? __pfx_do_sys_openat2+0x10/0x10 [ 277.854298][ T8012] ? bpf_trace_run2+0x265/0x590 [ 277.854323][ T8012] __x64_sys_openat+0x174/0x210 [ 277.854339][ T8012] ? __pfx___x64_sys_openat+0x10/0x10 [ 277.854359][ T8012] ? rcu_is_watching+0x12/0xc0 [ 277.854381][ T8012] do_syscall_64+0xcd/0x4c0 [ 277.854406][ T8012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.854422][ T8012] RIP: 0033:0x7f7dd598d290 [ 277.854436][ T8012] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 277.854451][ T8012] RSP: 002b:00007f7dd67b9f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 277.854467][ T8012] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7dd598d290 [ 277.854477][ T8012] RDX: 0000000000000002 RSI: 00007f7dd67b9fa0 RDI: 00000000ffffff9c [ 277.854487][ T8012] RBP: 00007f7dd67b9fa0 R08: 0000000000000000 R09: 0000000000000000 [ 277.854496][ T8012] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 277.854505][ T8012] R13: 0000000000000000 R14: 00007f7dd5bb5fa0 R15: 00007ffe76acd918 [ 277.854528][ T8012] [ 278.138774][ T30] audit: type=1400 audit(1750101068.547:377): avc: denied { open } for pid=8010 comm="syz.3.496" path="/dev/rtc0" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 278.163404][ T30] audit: type=1400 audit(1750101068.557:378): avc: denied { ioctl } for pid=8010 comm="syz.3.496" path="/dev/rtc0" dev="devtmpfs" ino=922 ioctlcmd=0x700a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 278.395470][ T9] usb 5-1: USB disconnect, device number 11 [ 279.087313][ T8029] random: crng reseeded on system resumption [ 281.230256][ T8049] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 281.832105][ T8065] FAULT_INJECTION: forcing a failure. [ 281.832105][ T8065] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 281.833511][ T8065] [ 281.833524][ T8065] ====================================================== [ 281.833530][ T8065] WARNING: possible circular locking dependency detected [ 281.833539][ T8065] 6.16.0-rc2-syzkaller #0 Not tainted [ 281.833549][ T8065] ------------------------------------------------------ [ 281.833555][ T8065] syz.1.507/8065 is trying to acquire lock: [ 281.833564][ T8065] ffffffff8e4d1dc0 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0 [ 281.833634][ T8065] [ 281.833634][ T8065] but task is already holding lock: [ 281.833639][ T8065] ffff8880b843bc98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 281.833679][ T8065] [ 281.833679][ T8065] which lock already depends on the new lock. [ 281.833679][ T8065] [ 281.833684][ T8065] [ 281.833684][ T8065] the existing dependency chain (in reverse order) is: [ 281.833690][ T8065] [ 281.833690][ T8065] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 281.833711][ T8065] _raw_spin_lock_nested+0x31/0x40 [ 281.833733][ T8065] raw_spin_rq_lock_nested+0x29/0x130 [ 281.833751][ T8065] task_rq_lock+0xcf/0x490 [ 281.833769][ T8065] cgroup_move_task+0x81/0x2a0 [ 281.833790][ T8065] css_set_move_task+0x288/0x5f0 [ 281.833804][ T8065] cgroup_post_fork+0x201/0x9e0 [ 281.833823][ T8065] copy_process+0x5cfc/0x76a0 [ 281.833844][ T8065] kernel_clone+0xfc/0x960 [ 281.833863][ T8065] user_mode_thread+0xc7/0x110 [ 281.833882][ T8065] rest_init+0x23/0x2b0 [ 281.833897][ T8065] start_kernel+0x3ee/0x4d0 [ 281.833920][ T8065] x86_64_start_reservations+0x18/0x30 [ 281.833942][ T8065] x86_64_start_kernel+0x130/0x190 [ 281.833962][ T8065] common_startup_64+0x13e/0x148 [ 281.833977][ T8065] [ 281.833977][ T8065] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 281.833998][ T8065] _raw_spin_lock_irqsave+0x3a/0x60 [ 281.834017][ T8065] try_to_wake_up+0xb2/0x1680 [ 281.834036][ T8065] __wake_up_common+0x135/0x1f0 [ 281.834061][ T8065] __wake_up+0x31/0x60 [ 281.834080][ T8065] tty_port_default_wakeup+0x2a/0x40 [ 281.834105][ T8065] serial8250_tx_chars+0x68e/0x860 [ 281.834130][ T8065] serial8250_handle_irq+0x761/0xcb0 [ 281.834144][ T8065] serial8250_default_handle_irq+0x9a/0x210 [ 281.834159][ T8065] serial8250_interrupt+0x103/0x210 [ 281.834175][ T8065] __handle_irq_event_percpu+0x229/0x7d0 [ 281.834194][ T8065] handle_irq_event+0xab/0x1e0 [ 281.834211][ T8065] handle_edge_irq+0x28e/0xab0 [ 281.834227][ T8065] __common_interrupt+0xdf/0x250 [ 281.834247][ T8065] common_interrupt+0xba/0xe0 [ 281.834263][ T8065] asm_common_interrupt+0x26/0x40 [ 281.834279][ T8065] kasan_quarantine_put+0x97/0x240 [ 281.834298][ T8065] kmem_cache_free+0x2d1/0x4d0 [ 281.834317][ T8065] unlink_anon_vmas+0x173/0x820 [ 281.834335][ T8065] free_pgtables+0x373/0xcb0 [ 281.834357][ T8065] exit_mmap+0x3fb/0xb90 [ 281.834371][ T8065] __mmput+0x12a/0x410 [ 281.834387][ T8065] mmput+0x62/0x70 [ 281.834403][ T8065] begin_new_exec+0x15a7/0x38b0 [ 281.834422][ T8065] load_elf_binary+0x892/0x4f00 [ 281.834443][ T8065] bprm_execve+0x8c0/0x1650 [ 281.834460][ T8065] do_execveat_common.isra.0+0x4a5/0x610 [ 281.834479][ T8065] __x64_sys_execve+0x8e/0xb0 [ 281.834497][ T8065] do_syscall_64+0xcd/0x4c0 [ 281.834520][ T8065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.834536][ T8065] [ 281.834536][ T8065] -> #2 (&tty->write_wait){-.-.}-{3:3}: [ 281.834557][ T8065] _raw_spin_lock_irqsave+0x3a/0x60 [ 281.834576][ T8065] __wake_up+0x1c/0x60 [ 281.834595][ T8065] tty_port_default_wakeup+0x2a/0x40 [ 281.834617][ T8065] serial8250_tx_chars+0x68e/0x860 [ 281.834645][ T8065] serial8250_handle_irq+0x761/0xcb0 [ 281.834660][ T8065] serial8250_default_handle_irq+0x9a/0x210 [ 281.834675][ T8065] serial8250_interrupt+0x103/0x210 [ 281.834691][ T8065] __handle_irq_event_percpu+0x229/0x7d0 [ 281.834709][ T8065] handle_irq_event+0xab/0x1e0 [ 281.834726][ T8065] handle_edge_irq+0x28e/0xab0 [ 281.834742][ T8065] __common_interrupt+0xdf/0x250 [ 281.834759][ T8065] common_interrupt+0xba/0xe0 [ 281.834774][ T8065] asm_common_interrupt+0x26/0x40 [ 281.834789][ T8065] _raw_spin_unlock_irqrestore+0x31/0x80 [ 281.834809][ T8065] uart_write+0x2a4/0xb30 [ 281.834830][ T8065] n_tty_write+0x40f/0x1160 [ 281.834844][ T8065] file_tty_write.constprop.0+0x504/0x9b0 [ 281.834867][ T8065] redirected_tty_write+0xd4/0x150 [ 281.834888][ T8065] vfs_write+0x6c4/0x1150 [ 281.834906][ T8065] ksys_write+0x12a/0x250 [ 281.834924][ T8065] do_syscall_64+0xcd/0x4c0 [ 281.834947][ T8065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.834962][ T8065] [ 281.834962][ T8065] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 281.834982][ T8065] _raw_spin_lock_irqsave+0x3a/0x60 [ 281.835001][ T8065] serial8250_console_write+0x181/0x1890 [ 281.835017][ T8065] console_flush_all+0x801/0xc60 [ 281.835035][ T8065] console_unlock+0xd8/0x210 [ 281.835051][ T8065] vprintk_emit+0x418/0x6d0 [ 281.835069][ T8065] _printk+0xc7/0x100 [ 281.835080][ T8065] register_console+0xc2d/0x11b0 [ 281.835099][ T8065] univ8250_console_init+0x5f/0x90 [ 281.835120][ T8065] console_init+0x14f/0x680 [ 281.835140][ T8065] start_kernel+0x29f/0x4d0 [ 281.835159][ T8065] x86_64_start_reservations+0x18/0x30 [ 281.835180][ T8065] x86_64_start_kernel+0x130/0x190 [ 281.835200][ T8065] common_startup_64+0x13e/0x148 [ 281.835213][ T8065] [ 281.835213][ T8065] -> #0 (console_owner){-.-.}-{0:0}: [ 281.835234][ T8065] __lock_acquire+0x126f/0x1c90 [ 281.835257][ T8065] lock_acquire+0x179/0x350 [ 281.835279][ T8065] console_lock_spinning_enable+0xb0/0xd0 [ 281.835297][ T8065] console_flush_all+0x7aa/0xc60 [ 281.835314][ T8065] console_unlock+0xd8/0x210 [ 281.835330][ T8065] vprintk_emit+0x418/0x6d0 [ 281.835348][ T8065] _printk+0xc7/0x100 [ 281.835360][ T8065] should_fail_ex+0x4e7/0x640 [ 281.835379][ T8065] copy_to_user_nofault+0xac/0x1c0 [ 281.835402][ T8065] bpf_probe_write_user+0xaf/0xf0 [ 281.835424][ T8065] bpf_prog_6303d92f98284ad8+0x44/0x4c [ 281.835437][ T8065] bpf_trace_run4+0x249/0x5a0 [ 281.835452][ T8065] __bpf_trace_sched_switch+0x145/0x190 [ 281.835470][ T8065] __traceiter_sched_switch+0x6f/0xc0 [ 281.835486][ T8065] __schedule+0x1bee/0x5de0 [ 281.835506][ T8065] preempt_schedule_common+0x44/0xc0 [ 281.835527][ T8065] preempt_schedule_thunk+0x16/0x30 [ 281.835546][ T8065] _raw_spin_unlock+0x3e/0x50 [ 281.835565][ T8065] alloc_fd+0x471/0x7d0 [ 281.835584][ T8065] do_sys_openat2+0xf7/0x1d0 [ 281.835598][ T8065] __x64_sys_openat+0x174/0x210 [ 281.835612][ T8065] do_syscall_64+0xcd/0x4c0 [ 281.835641][ T8065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.835656][ T8065] [ 281.835656][ T8065] other info that might help us debug this: [ 281.835656][ T8065] [ 281.835661][ T8065] Chain exists of: [ 281.835661][ T8065] console_owner --> &p->pi_lock --> &rq->__lock [ 281.835661][ T8065] [ 281.835685][ T8065] Possible unsafe locking scenario: [ 281.835685][ T8065] [ 281.835689][ T8065] CPU0 CPU1 [ 281.835694][ T8065] ---- ---- [ 281.835698][ T8065] lock(&rq->__lock); [ 281.835708][ T8065] lock(&p->pi_lock); [ 281.835720][ T8065] lock(&rq->__lock); [ 281.835731][ T8065] lock(console_owner); [ 281.835741][ T8065] [ 281.835741][ T8065] *** DEADLOCK *** [ 281.835741][ T8065] [ 281.835745][ T8065] 4 locks held by syz.1.507/8065: [ 281.835754][ T8065] #0: ffff8880b843bc98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 281.835794][ T8065] #1: ffffffff8e5c4840 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1cf/0x5a0 [ 281.835831][ T8065] #2: ffffffff8e5b2200 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100 [ 281.835865][ T8065] #3: ffffffff8e5b2270 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60 [ 281.835905][ T8065] [ 281.835905][ T8065] stack backtrace: [ 281.835915][ T8065] CPU: 1 UID: 0 PID: 8065 Comm: syz.1.507 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 281.835935][ T8065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 281.835946][ T8065] Call Trace: [ 281.835954][ T8065] [ 281.835961][ T8065] dump_stack_lvl+0x116/0x1f0 [ 281.835988][ T8065] print_circular_bug+0x275/0x350 [ 281.836013][ T8065] check_noncircular+0x14c/0x170 [ 281.836040][ T8065] __lock_acquire+0x126f/0x1c90 [ 281.836073][ T8065] lock_acquire+0x179/0x350 [ 281.836096][ T8065] ? console_lock_spinning_enable+0x9f/0xd0 [ 281.836116][ T8065] ? console_lock_spinning_enable+0x88/0xd0 [ 281.836137][ T8065] console_lock_spinning_enable+0xb0/0xd0 [ 281.836156][ T8065] ? console_lock_spinning_enable+0x9f/0xd0 [ 281.836174][ T8065] console_flush_all+0x7aa/0xc60 [ 281.836196][ T8065] ? __pfx_console_flush_all+0x10/0x10 [ 281.836218][ T8065] ? is_printk_cpu_sync_owner+0x32/0x40 [ 281.836242][ T8065] console_unlock+0xd8/0x210 [ 281.836260][ T8065] ? __pfx_console_unlock+0x10/0x10 [ 281.836279][ T8065] ? do_raw_spin_unlock+0x120/0x230 [ 281.836297][ T8065] ? _printk+0xc7/0x100 [ 281.836310][ T8065] ? __down_trylock_console_sem+0xb0/0x140 [ 281.836328][ T8065] vprintk_emit+0x418/0x6d0 [ 281.836348][ T8065] ? __pfx_vprintk_emit+0x10/0x10 [ 281.836370][ T8065] _printk+0xc7/0x100 [ 281.836383][ T8065] ? __pfx__printk+0x10/0x10 [ 281.836398][ T8065] ? __lock_acquire+0x622/0x1c90 [ 281.836422][ T8065] ? __pfx____ratelimit+0x10/0x10 [ 281.836448][ T8065] should_fail_ex+0x4e7/0x640 [ 281.836470][ T8065] copy_to_user_nofault+0xac/0x1c0 [ 281.836494][ T8065] bpf_probe_write_user+0xaf/0xf0 [ 281.836518][ T8065] bpf_prog_6303d92f98284ad8+0x44/0x4c [ 281.836532][ T8065] bpf_trace_run4+0x249/0x5a0 [ 281.836549][ T8065] ? __pfx_bpf_trace_run4+0x10/0x10 [ 281.836568][ T8065] ? __lock_acquire+0xb8a/0x1c90 [ 281.836594][ T8065] __bpf_trace_sched_switch+0x145/0x190 [ 281.836613][ T8065] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 281.836640][ T8065] ? plist_check_prev_next+0x12a/0x1a0 [ 281.836661][ T8065] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 281.836683][ T8065] __traceiter_sched_switch+0x6f/0xc0 [ 281.836699][ T8065] ? set_next_task_rt+0x403/0x6a0 [ 281.836724][ T8065] __schedule+0x1bee/0x5de0 [ 281.836751][ T8065] ? __pfx___schedule+0x10/0x10 [ 281.836772][ T8065] ? __lock_acquire+0xb8a/0x1c90 [ 281.836798][ T8065] ? mark_held_locks+0x49/0x80 [ 281.836822][ T8065] ? irqentry_exit+0x3b/0x90 [ 281.836845][ T8065] ? preempt_schedule_thunk+0x16/0x30 [ 281.836865][ T8065] preempt_schedule_common+0x44/0xc0 [ 281.836888][ T8065] preempt_schedule_thunk+0x16/0x30 [ 281.836910][ T8065] _raw_spin_unlock+0x3e/0x50 [ 281.836930][ T8065] alloc_fd+0x471/0x7d0 [ 281.836953][ T8065] do_sys_openat2+0xf7/0x1d0 [ 281.836968][ T8065] ? __pfx_do_sys_openat2+0x10/0x10 [ 281.836985][ T8065] ? __pfx___schedule+0x10/0x10 [ 281.837007][ T8065] __x64_sys_openat+0x174/0x210 [ 281.837023][ T8065] ? __pfx___x64_sys_openat+0x10/0x10 [ 281.837043][ T8065] do_syscall_64+0xcd/0x4c0 [ 281.837068][ T8065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.837085][ T8065] RIP: 0033:0x7f419af8e929 [ 281.837100][ T8065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 281.837117][ T8065] RSP: 002b:00007f419bda1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 281.837134][ T8065] RAX: ffffffffffffffda RBX: 00007f419b1b6160 RCX: 00007f419af8e929 [ 281.837146][ T8065] RDX: 0000000000000000 RSI: 0000200000004280 RDI: ffffffffffffff9c [ 281.837156][ T8065] RBP: 00007f419bda1090 R08: 0000000000000000 R09: 0000000000000000 [ 281.837166][ T8065] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000002 [ 281.837177][ T8065] R13: 0000000000000000 R14: 00007f419b1b6160 R15: 00007ffd7a087c38 [ 281.837194][ T8065] [ 282.999476][ T8065] CPU: 1 UID: 0 PID: 8065 Comm: syz.1.507 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 282.999498][ T8065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 282.999506][ T8065] Call Trace: [ 282.999515][ T8065] [ 282.999522][ T8065] dump_stack_lvl+0x116/0x1f0 [ 282.999546][ T8065] should_fail_ex+0x512/0x640 [ 282.999564][ T8065] copy_to_user_nofault+0xac/0x1c0 [ 282.999583][ T8065] bpf_probe_write_user+0xaf/0xf0 [ 282.999602][ T8065] bpf_prog_6303d92f98284ad8+0x44/0x4c [ 282.999613][ T8065] bpf_trace_run4+0x249/0x5a0 [ 282.999625][ T8065] ? __pfx_bpf_trace_run4+0x10/0x10 [ 282.999637][ T8065] ? __lock_acquire+0xb8a/0x1c90 [ 282.999654][ T8065] __bpf_trace_sched_switch+0x145/0x190 [ 282.999668][ T8065] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 282.999681][ T8065] ? plist_check_prev_next+0x12a/0x1a0 [ 282.999695][ T8065] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 282.999709][ T8065] __traceiter_sched_switch+0x6f/0xc0 [ 282.999723][ T8065] ? set_next_task_rt+0x403/0x6a0 [ 282.999740][ T8065] __schedule+0x1bee/0x5de0 [ 282.999758][ T8065] ? __pfx___schedule+0x10/0x10 [ 282.999771][ T8065] ? __lock_acquire+0xb8a/0x1c90 [ 282.999788][ T8065] ? mark_held_locks+0x49/0x80 [ 282.999803][ T8065] ? irqentry_exit+0x3b/0x90 [ 282.999819][ T8065] ? preempt_schedule_thunk+0x16/0x30 [ 282.999834][ T8065] preempt_schedule_common+0x44/0xc0 [ 282.999849][ T8065] preempt_schedule_thunk+0x16/0x30 [ 282.999863][ T8065] _raw_spin_unlock+0x3e/0x50 [ 282.999877][ T8065] alloc_fd+0x471/0x7d0 [ 282.999895][ T8065] do_sys_openat2+0xf7/0x1d0 [ 282.999907][ T8065] ? __pfx_do_sys_openat2+0x10/0x10 [ 282.999918][ T8065] ? __pfx___schedule+0x10/0x10 [ 282.999932][ T8065] __x64_sys_openat+0x174/0x210 [ 282.999942][ T8065] ? __pfx___x64_sys_openat+0x10/0x10 [ 282.999955][ T8065] do_syscall_64+0xcd/0x4c0 [ 282.999971][ T8065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.999982][ T8065] RIP: 0033:0x7f419af8e929 [ 282.999992][ T8065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.000003][ T8065] RSP: 002b:00007f419bda1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 283.000013][ T8065] RAX: ffffffffffffffda RBX: 00007f419b1b6160 RCX: 00007f419af8e929 [ 283.000020][ T8065] RDX: 0000000000000000 RSI: 0000200000004280 RDI: ffffffffffffff9c [ 283.000027][ T8065] RBP: 00007f419bda1090 R08: 0000000000000000 R09: 0000000000000000 [ 283.000033][ T8065] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000002 [ 283.000039][ T8065] R13: 0000000000000000 R14: 00007f419b1b6160 R15: 00007ffd7a087c38 [ 283.000049][ T8065] [ 283.000086][ C1] vkms_vblank_simulate: vblank timer overrun [ 283.264152][ C1] vkms_vblank_simulate: vblank timer overrun [ 283.288803][ T8059] netlink: 28 bytes leftover after parsing attributes in process `syz.2.508'. [ 283.461357][ T8020] PM: hibernation: Basic memory bitmaps freed