last executing test programs: 16.788937096s ago: executing program 4 (id=1596): r0 = socket$inet6(0xa, 0x6, 0x0) r1 = socket$qrtr(0x2a, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x80641, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x2, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) connect$qrtr(r1, &(0x7f0000000000), 0xc) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8) write(r1, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 14.888105989s ago: executing program 0 (id=1600): r0 = syz_clone(0x0, 0x0, 0xfffffcbd, 0x0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x3, 0x3) socket$inet(0x2, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000100007020000f8ffffffb703000008000000b70400000000925e850000000100000095000000000000000000000000000000072074809be9655a18ac3253266dc66eb3e6d5a1a65d9eb5dae8adeed9fa0e99c6ffffffffa186d1ae6f29a573bef99504f716e97516920800000097419e67dab156127e589a17db00a13e86d2d7175b4196eb10b670d338b6d683a5bcdf7ec508e9ef048256c13fc03ba301c03c82fc9d5d4dc2c6d38cbcf62149632b253bc8360378c3f3c631865f94aac6592c86ad7f6c0a2e13ea25f49132b7c4ab4e4ee908a33f95466dd8161113f5c37a6c5f809d8723ae757a70add18b3b94ecc0bdb34d98dea9551651cc0b56200f29b8d5df1ee3fddb5fe41695844b8d656d35b0e60cec700cdbceaafb7de6f66b65bf6d05d5665a27a4da2a92fce58fb96250328a07ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0x8, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xffffffff, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1, 0x0, 0x3}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000004000dd0a000000007f006301a400000000009505000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xb5, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = memfd_create(&(0x7f0000000340)='\xd9T7U\a\x92Hq\xd95\x02{t\xee\xfb \x1a\xfd\x88\x04\aV\x9b\xb5i\xbdj\xb8\x9cd|\xb9\x87\xa1\x93\xa6\xe2\xa8\x9e[Z\xb2\xffOV0\x01Y-u\xc5Y\xb6\xa1k\xe5>q\x90\xecZPq\xa3\x10N\x86?r\x90J\xfe\"\xc7\x8fI\xd4\'^\x15uO\xe3\x89\x88*-\x1e\xca09\x18C\xe5P\xea\x839\xcbUbS\xf9\x1aT\x9c\nTB\x16\xff\xc4dG\xb4k!\xf1\xe4\xae\xc0\xc0\n\xc3\xf2a85\xb2\xfbl&\xe5L~\xea \x8f#\v\x93%\x8d\xdc\x02\xdbbt6v\x8f\xc6p\xf8qW\x16\xce\xec\f\xec\x04\xcc\xc0\xa0Y\xb2\x17\xbc;\a*o\x82\xfc\xff\x1f\xae\x14\xaa\x8a\xf9\x06V@8\x8dAniG\xa8\xd4!\xbd\xd0\xc3\x9f\xf6\x1dw]\xd73\n\x92\xb1\xaeq\x1c\xc5\xe6\xfeV_9\x8d<\x1aBh!\xc4\xb2%[\xf8\x1e\xed\x1b5\xc2\xb9\x19V\xbe\xa6\x02BN\x14\x11Ya<\x89\x0e\x01N\\\xc2\x14\xfb\x1b\xa3r\xbd\xbb\xd9\xda\x92\xa4\x9bD\x1b\x98\xe3r\x93\x014\x1d\xa4=\xf8q\xd1\xf2\xfcd\xb4h\xa5\xfb\xa3\xf0{j', 0x2f367ab80f2fdc02) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) socket$inet(0x2, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@loopback, 0x20009, 0x1, 0x100, 0x1, 0x1ff, 0x4007}, 0x20) socket(0x10, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MON_GET(r4, 0x0, 0x0) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000080)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r5, @ANYBLOB="05"], 0x0) r6 = dup(r3) fcntl$addseals(r3, 0x409, 0x6) fallocate(r3, 0x0, 0x0, 0x8000005) pwritev(r6, &(0x7f0000001140)=[{&(0x7f0000000580)="07921ac3ddf4b8f6f329e2f6646a3f4e0eb219607f006d3ee23fab500dbaf76ccca0f5fc0af54fb823a6efc3a7f185cd1a9777b44367d8d890f46904454baefca7333090860de78aaff9883d406261fd20548e47145b5eeb1cef6b", 0x5b}], 0x1, 0xfffffffc, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1000, 0x3}) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000080)={0xfffffffffffffc9d, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r8, r7, 0x0) 14.360817334s ago: executing program 1 (id=1603): syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_change_link_key_complete={{0x9, 0x3}, {0xff, 0xc9}}}, 0x6) socket$key(0xf, 0x3, 0x2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000080)=@filename='./file0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000980)='erofs\x00', 0xc, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x0, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x3, [0x2], [0x2000], [], [0x400000000000001]}) syz_open_dev$loop(&(0x7f0000000240), 0x20364, 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000100)=@int=0xc419, 0x4) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc601}) r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000001a00), 0x2, 0x0) write$6lowpan_control(r5, &(0x7f0000001a40)='connect aa:aa:aa:aa:aa:10 2', 0x1b) creat(&(0x7f0000000000)='./file0\x00', 0x4) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @inquiry_info_with_rssi_and_pscan_mode={{0x22, 0x2e}, {0x3, [{@any, 0x3, 0x1, 0x4, "4ca990", 0x0, 0x9}, {@none, 0x6, 0x8, 0x9, "1d8444", 0xedb, 0xff}, {@any, 0x3, 0x9, 0x8, "7f00a6", 0x3, 0x8}]}}}, 0x31) 14.240865189s ago: executing program 4 (id=1604): add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="90", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{0x0}], 0x1}}], 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) shutdown(r4, 0x2) socket(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, 0x0, &(0x7f00000001c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="5400000010000100"/20, @ANYRES32, @ANYBLOB="7240146c00000000340012800c0001006d6163766c616e00240002800800010010000000100009"], 0x54}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x275a, 0x0) 13.220513204s ago: executing program 1 (id=1605): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x43, 0x92, 0xd5, 0x20, 0x54c, 0x6c3, 0xeb7a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x8, 0x87, 0x70, 0x7, [{{0x9, 0x4, 0xcb, 0x1, 0x1, 0x4f, 0x3e, 0xaf, 0xb5, [], [{{0x9, 0x5, 0xb, 0x2, 0x3ff, 0x7, 0x9, 0x5}}]}}]}}]}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2) ioctl$FS_IOC_SETFLAGS(r1, 0xc0189436, &(0x7f0000000100)=0x40000) 11.589614225s ago: executing program 4 (id=1608): pread64(0xffffffffffffffff, &(0x7f0000001780)=""/4096, 0x1000, 0x7) ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8}]}, 0x20}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000004380)={0x0, 0x0, 0x0}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$inet6(r3, &(0x7f0000007bc0)=[{{0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000001900)="a9cf", 0x2}, {&(0x7f0000001980)="5fb3450effde69bf04e3e44a973930e0b6f397ee7a964d6dbf627acb2d94", 0x1e}], 0x2}}], 0x1, 0x0) setsockopt$RXRPC_SECURITY_KEY(r3, 0x110, 0x1, &(0x7f0000000000)='/dev/cpu/#/msr\x00', 0xf) 11.39688233s ago: executing program 0 (id=1609): sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='swiotlb_bounced\x00', r0}, 0x18) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time\x00') setns(r1, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x7}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f00000002c0)=@assoc_value={r3, 0x2}, &(0x7f0000000300)=0x8) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60645d0100000000fe0000000000007bae020000c0bd0000000000000000060000000000000000001f00c2049a"], 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000012c35b400304106098c6000800010902120001000000000904"], 0x0) 10.27890156s ago: executing program 1 (id=1611): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x414280, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)}) ioctl$KVM_SET_CLOCK(r3, 0x4188aec6, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x20000000000000}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x8, 0x0, 0x0) r5 = syz_open_dev$ndb(&(0x7f0000000340), 0x0, 0x200) ioctl$BLKPG(r5, 0x1269, &(0x7f0000000440)={0x2, 0x0, 0x98, &(0x7f0000000380)={0xd, 0x39e2}}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$netlink(0x10, 0x3, 0x14) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) r7 = dup(r6) ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x0, 0x0, 0x2, 0x310, 0x4}}) r8 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r8, 0x0, 0x0) syz_usb_control_io$hid(r8, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, '#\r'}, @main=@item_4={0x3, 0x0, 0x8, "9fea28c8"}, @main=@item_4={0x3, 0x0, 0x9, "0600"}, @local=@item_012={0x2, 0x2, 0x2, "06c8"}, @global=@item_4={0x3, 0x1, 0x8, "0600"}, @main=@item_4={0x3, 0x0, 0x9, "d1d61e00"}, @main=@item_4={0x3, 0x0, 0xb, "0b77eae3"}, @main=@item_012={0x2, 0x0, 0x8, "c17b"}]}}, 0x0}, 0x0) r9 = socket$kcm(0x29, 0x2, 0x0) r10 = socket$kcm(0x2, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r9, 0x89e1, &(0x7f0000000100)={r10}) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2a8, 0x0, 0x940c, 0x3002, 0x0, 0x2c0, 0x328, 0x3d8, 0x3d8, 0x328, 0x3d8, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @private1, [0xffffff00, 0x0, 0xffffffff, 0xffffff00], [0xffffffff, 0xffffffff, 0xff000000, 0xff], 'geneve0\x00', 'veth1_to_bridge\x00', {0xff}, {0xff}, 0x11, 0x81, 0x6, 0x1d}, 0x0, 0xa8, 0xc8}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1, 0x2, 0xfffffffc, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x308) socket$inet_tcp(0x2, 0x1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 8.536712901s ago: executing program 2 (id=1616): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x20) mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x800000001, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000611218000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$nl_generic(0x10, 0x3, 0x10) utimes(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={{0x0, 0x2710}, {0x77359400}}) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r2) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e0000000800000000001800038014000380"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_RINGS_SET(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r4, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x100}, @ETHTOOL_A_RINGS_TX={0x8}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0xb}]}, 0x2c}}, 0x80) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000040)=0x91, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240), 0x48040, 0x0) mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000) getsockopt$bt_hci(r5, 0x0, 0x1, &(0x7f0000000380)=""/192, &(0x7f0000000300)=0xc0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) 7.628932942s ago: executing program 0 (id=1618): add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="90", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{0x0}], 0x1}}], 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) shutdown(r4, 0x2) socket(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, 0x0, &(0x7f00000001c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="5400000010000100"/20, @ANYRES32, @ANYBLOB="7240146c00000000340012800c0001006d6163766c616e00240002800800010010000000100009"], 0x54}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x275a, 0x0) 7.578196008s ago: executing program 4 (id=1619): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91", 0x3) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0xe5, 0x40000) r1 = syz_io_uring_setup(0x10c, 0x0, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 6.540389729s ago: executing program 0 (id=1621): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x1b, 0x20000038, r4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x60, 0x0, @fd=r3, 0x3, 0x0, 0x0, 0x2, 0x0, {0x0, r4}}) fspick(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00') lseek(r8, 0x8000, 0x1) faccessat2(0xffffffffffffffff, 0x0, 0x0, 0x1100) fchdir(0xffffffffffffffff) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000d40), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r10 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r10, &(0x7f0000000140)={0xa, 0x4e20}, 0x1c) listen(r10, 0x80080400) shutdown(r10, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="050000000000000000008e00000008000300", @ANYRES32=r9, @ANYBLOB="7ccb49712c5b20bac700edc30c46ffb90a68c6e486ccd005177449ebf2a2d935cdfe40c5a117"], 0x1c}}, 0x0) 6.039704019s ago: executing program 1 (id=1623): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x732}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000340)=0x4, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f00000002c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0x100}}}}}}}, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000006500)) r2 = socket$nl_route(0x10, 0x3, 0x0) iopl(0x3) set_robust_list(&(0x7f0000000280)={0x0, 0x8000000000000001}, 0x18) socket$nl_rdma(0x10, 0x3, 0x14) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x28}, 0x1, 0x1000000000000000}, 0x10) r3 = socket$kcm(0x29, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f00000001c0)=0x2, 0x4) 5.871726601s ago: executing program 2 (id=1624): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x10, 0x400000000080803, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x0, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}}) socket$nl_netfilter(0x10, 0x3, 0xc) getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000580)={@mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, 0x7fff, 0x8, 0x4, 0x0, 0x6, 0x20, r4}) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000050000000400000002"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000004000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socket$inet6_udp(0xa, 0x2, 0x0) r7 = socket$inet_smc(0x2b, 0x1, 0x0) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000600)={@map=r8, 0x2e, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x10, 0x4, &(0x7f0000000180)=ANY=[@ANYRES64=r9], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close(0xffffffffffffffff) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000fa00000006"], 0x50) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32, @ANYRESHEX=r1, @ANYRES32=0x0, @ANYRES8=r7, @ANYRESOCT=r1], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYRES64=r6, @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 5.388286197s ago: executing program 0 (id=1625): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x10, 0x400000000080803, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x0, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}}) socket$nl_netfilter(0x10, 0x3, 0xc) getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000580)={@mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, 0x7fff, 0x8, 0x4, 0x0, 0x6, 0x20, r4}) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000050000000400000002"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000004000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socket$inet6_udp(0xa, 0x2, 0x0) r7 = socket$inet_smc(0x2b, 0x1, 0x0) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000600)={@map=r8, 0x2e, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x10, 0x4, &(0x7f0000000180)=ANY=[@ANYRES64=r9], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) close(0xffffffffffffffff) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000fa00000006"], 0x50) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32, @ANYRESHEX=r1, @ANYRES32=0x0, @ANYRES8=r7, @ANYRESOCT=r1], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYRES64=r6, @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 4.370881486s ago: executing program 0 (id=1626): r0 = socket$inet6(0xa, 0x6, 0x0) r1 = socket$qrtr(0x2a, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x80641, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat$incfs(0xffffffffffffff9c, 0x0, 0x10841, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x2, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) connect$qrtr(r1, &(0x7f0000000000), 0xc) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8) write(r1, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.321778639s ago: executing program 1 (id=1627): r0 = socket(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800800", @ANYRES32=r3], 0x40}}, 0x0) 3.318464725s ago: executing program 2 (id=1628): r0 = add_key$user(&(0x7f0000000e00), &(0x7f0000000e40)={'syz', 0x1}, &(0x7f0000000e80)="da", 0x1, 0xfffffffffffffffc) socket$key(0xf, 0x3, 0x2) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x8000, 0x0) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x3) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0x40186f40, 0x20000502) read$msr(r2, &(0x7f000001b700)=""/102392, 0x18ff8) ioctl$TIOCGPGRP(r1, 0x5437, 0x0) keyctl$read(0xb, r0, &(0x7f0000000f40)=""/54, 0x36) 3.21816878s ago: executing program 3 (id=1629): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (rerun: 64) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/resume_offset', 0x0, 0x0) read$usbfs(r5, &(0x7f00000001c0)=""/93, 0x5d) (async, rerun: 32) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES32=r2, @ANYRESDEC=r4], 0x38}}, 0x0) (rerun: 32) 2.762109169s ago: executing program 1 (id=1630): pread64(0xffffffffffffffff, &(0x7f0000001780)=""/4096, 0x1000, 0x7) ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8}]}, 0x20}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000004380)={0x0, 0x0, 0x0}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$inet6(r3, &(0x7f0000007bc0)=[{{0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000001900)="a9cf", 0x2}, {&(0x7f0000001980)="5fb3450effde69bf04e3e44a973930e0b6f397ee7a964d6dbf627acb2d94", 0x1e}], 0x2}}], 0x1, 0x0) setsockopt$RXRPC_SECURITY_KEY(r3, 0x110, 0x1, &(0x7f0000000000)='/dev/cpu/#/msr\x00', 0xf) 2.72208081s ago: executing program 2 (id=1631): add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="90", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{0x0}], 0x1}}], 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, 0x0, 0x0) shutdown(r4, 0x2) socket(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, 0x0, &(0x7f00000001c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="5400000010000100"/20, @ANYRES32, @ANYBLOB="7240146c00000000340012800c0001006d6163766c616e00240002800800010010000000100009"], 0x54}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x275a, 0x0) 2.669017489s ago: executing program 4 (id=1632): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x541c, &(0x7f0000000240)) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x6a802, 0x0) r2 = dup(r1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x3c) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = dup(r5) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4e, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="0f080fae04a200400f01c426660f3a15e6160fc76bdbf08666350f2170260fed9c000066b9230b00000f32", 0x2b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003a00)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e21, 0x900000, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3}, 0x1c, &(0x7f0000001600)}}], 0x2, 0x80) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x4c, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x4880) ioctl$BLKRRPART(r2, 0x125f, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) pread64(0xffffffffffffffff, &(0x7f0000001880)=""/4096, 0x1000, 0x100) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bond0\x00'}) syz_clone(0x1242000, 0x0, 0x0, 0x0, 0x0, 0x0) statx(0xffffffffffffffff, 0x0, 0x4000, 0x2, 0x0) sendmsg$nl_route_sched(r8, 0x0, 0x0) dup(0xffffffffffffffff) 2.60751387s ago: executing program 3 (id=1633): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$SNAPSHOT_FREE(0xffffffffffffffff, 0x3305) ioctl$UI_GET_VERSION(0xffffffffffffffff, 0x405c5503, 0x0) 1.639312621s ago: executing program 2 (id=1634): r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000d80)={0x1f, 0xb, 0x0, "2ac0749f7a19d71029970ac5e8092a6c6bd27d45d01f1af84d4f7d0b48a36eb2"}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00') getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0xe42, &(0x7f0000000140)={0x0, 0x2119, 0x8}, &(0x7f0000000240)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r4 = io_uring_setup(0x1de0, &(0x7f0000000440)={0x0, 0x1, 0x400, 0x0, 0xfffffffe}) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0x1e, 0x20000002, r5) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xec79, 0x10100, 0xfffffffe, 0xe0, 0x0, r7}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x28, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000004c0)="60218e5ee84807126060644e03c129cfa4ba98b2d0c786ef69fc9c935ef9eb1cb8bfebed589eb198225c1754608741b7b4c757d8d59fb771050013b79fc2027db387bce3db02cbdd446f28f31a1fd555623a281472926a613c39bb0fcdf12bae928c54ef158282d2d0010e4a3169794b64685f7cd7a22ba7940df55e0eba68f60af9a0abee18e448e2877af16bd169b5864a05adea5db21617db5f659058671c94978cab358dcf36bf95f67578da465e3410ec65ae4198002e4c4f7c3e10278ac9defa490fa1303a679ef6b9700369e2b6c7c1f1b420d1b9172f6ccdb610dd29a67661d568", 0xe5, 0x21, 0x1, {0x0, r5}}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.415265011s ago: executing program 3 (id=1635): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x732}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000340)=0x4, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f00000002c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0x100}}}}}}}, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000006500)) r2 = socket$nl_route(0x10, 0x3, 0x0) iopl(0x3) set_robust_list(&(0x7f0000000280)={0x0, 0x8000000000000001}, 0x18) socket$nl_rdma(0x10, 0x3, 0x14) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x28}, 0x1, 0x1000000000000000}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000040)) prctl$PR_SET_SECUREBITS(0x1c, 0x14) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r4) r5 = socket$kcm(0x29, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r5, 0x119, 0x1, &(0x7f00000001c0)=0x2, 0x4) close(r5) 728.771003ms ago: executing program 3 (id=1636): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty, 0x4}}}, 0x108) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001400000000120800040043000000a80016000a00014006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x0) modify_ldt$write(0x1, &(0x7f0000000040)={0x0, 0x20001000}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) modify_ldt$read(0x0, &(0x7f0000000180)=""/238, 0xffffff9a) 531.967759ms ago: executing program 3 (id=1637): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x732}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000340)=0x4, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f00000002c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0x100}}}}}}}, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000006500)) r2 = socket$nl_route(0x10, 0x3, 0x0) iopl(0x3) set_robust_list(&(0x7f0000000280)={0x0, 0x8000000000000001}, 0x18) socket$nl_rdma(0x10, 0x3, 0x14) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x28}, 0x1, 0x1000000000000000}, 0x10) r3 = socket$kcm(0x29, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f00000001c0)=0x2, 0x4) 82.525045ms ago: executing program 4 (id=1638): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b36, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x166b1ab5eb710134) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = socket(0x15, 0x5, 0x0) getsockopt(r2, 0x200000000114, 0x271d, 0x0, &(0x7f0000000000)) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x4, 0xec00) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2, 0x1}) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000240)={0x48, 0x5, r5, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_IOAS_COPY(r4, 0x3b83, &(0x7f0000000480)={0x28, 0x2, r5, r5, 0x8, 0x9, 0x5}) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000080)=@req3={0x5, 0x400, 0x3, 0x61ad, 0x10001, 0x10001, 0xfffffffd}, 0x1c) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f00000004c0)={0x9, 0x3, 0x0, 0x2, 0x10, "01fcffffffffffe7"}) syz_open_dev$amidi(&(0x7f0000000100), 0x2, 0x68202) 67.700848ms ago: executing program 2 (id=1639): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$net_dm(&(0x7f0000000280), r1) sendmsg$NET_DM_CMD_START(r0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) socket$packet(0x11, 0x2, 0x300) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) r2 = syz_open_dev$vim2m(0x0, 0x0, 0x2) r3 = socket$l2tp6(0xa, 0x2, 0x73) bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @private2, 0x6}, 0x1c) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000240)={0x9, 0x2, 0x4}) ioctl$vim2m_VIDIOC_EXPBUF(r2, 0xc0405610, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x1ff, 0x100008b}, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0xe, 0xf, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x2, 0x4, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x7, 0x3, 0x8, 0xfffffffffffffffa, 0x0, 0x5, 0x8, 0x7, 0x3, 0x6}) socket$packet(0x11, 0x3, 0x300) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000480)='./file1\x00') bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)={0x1b, 0x0, 0x0, 0x1, 0x0, 0x1, 0xd, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x5, 0x0, @void, @value, @void, @value}, 0x50) r5 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) ftruncate(r5, 0xb5c) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r1) sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x70, r6, 0x280, 0x70bd2b, 0x25dfdbff, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "2395447dd8d05b88a9cb85a7d594beff7806d0cc89a7a8505926c58e576a5bd7"}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x3}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x24048820}, 0x24040881) 0s ago: executing program 3 (id=1640): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0xf, 0x6, 0x3, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x5, 0x0, @void, @value, @void, @value}, 0x50) getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0}, &(0x7f0000000180)=0x14) r3 = dup3(r0, r0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x5, 0x1, 0x9, 0x5, 0x44440, r1, 0x2, '\x00', r2, r3, 0x3, 0x3, 0x1, 0x0, @void, @value, @void, @value}, 0x50) kernel console output (not intermixed with test programs): alid bInterval 0, changing to 7 [ 328.865238][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 328.896432][ T25] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 328.930837][ T25] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 328.955819][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.007369][ T25] usb 2-1: config 0 descriptor?? [ 329.126065][ T9958] netlink: 76 bytes leftover after parsing attributes in process `syz.4.998'. [ 329.196159][ T9962] netlink: 4 bytes leftover after parsing attributes in process `syz.3.999'. [ 330.034963][ T25] input: HID 0955:7214 Haptics as /devices/virtual/input/input14 [ 330.230782][ T9945] random: crng reseeded on system resumption [ 330.249829][ T29] audit: type=1400 audit(1734152569.263:684): avc: denied { read write } for pid=9943 comm="syz.1.996" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 330.419140][ T8] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 330.443363][ T29] audit: type=1400 audit(1734152569.263:685): avc: denied { ioctl open } for pid=9943 comm="syz.1.996" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 330.447013][ T25] shield 0003:0955:7214.0014: Registered Thunderstrike controller [ 330.580507][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 330.625873][ T8] usb 5-1: config index 0 descriptor too short (expected 13330, got 18) [ 330.658397][ T25] shield 0003:0955:7214.0014: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 330.660936][ T8] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 330.976575][ T8] usb 5-1: New USB device found, idVendor=0abf, idProduct=0570, bcdDevice= 3.00 [ 331.025024][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.038641][ T9981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1004'. [ 331.064901][ T8] usb 5-1: config 0 descriptor?? [ 331.701680][ T5951] shield 0003:0955:7214.0014: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN [ 331.763108][ T5951] shield 0003:0955:7214.0014: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 331.775024][ T5951] shield 0003:0955:7214.0014: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 331.816214][ T5951] shield 0003:0955:7214.0014: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 333.090417][ T5870] usb 2-1: USB disconnect, device number 23 [ 333.187665][ T9999] FAULT_INJECTION: forcing a failure. [ 333.187665][ T9999] name failslab, interval 1, probability 0, space 0, times 0 [ 333.200440][ T9999] CPU: 0 UID: 0 PID: 9999 Comm: syz.2.1009 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 333.211097][ T9999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 333.221129][ T9999] Call Trace: [ 333.224388][ T9999] [ 333.227300][ T9999] dump_stack_lvl+0x16c/0x1f0 [ 333.231961][ T9999] should_fail_ex+0x497/0x5b0 [ 333.236624][ T9999] ? fs_reclaim_acquire+0xae/0x150 [ 333.241726][ T9999] should_failslab+0xc2/0x120 [ 333.246389][ T9999] __kmalloc_noprof+0xcb/0x510 [ 333.251138][ T9999] ? d_absolute_path+0x137/0x1b0 [ 333.256057][ T9999] tomoyo_encode2+0x100/0x3e0 [ 333.260723][ T9999] tomoyo_encode+0x29/0x50 [ 333.265140][ T9999] tomoyo_realpath_from_path+0x19d/0x720 [ 333.270793][ T9999] tomoyo_mount_acl+0x66d/0x880 [ 333.275655][ T9999] ? hlock_class+0x4e/0x130 [ 333.280170][ T9999] ? __lock_acquire+0x15a9/0x3c40 [ 333.285206][ T9999] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 333.290594][ T9999] ? __pfx___lock_acquire+0x10/0x10 [ 333.295800][ T9999] ? stack_trace_save+0x95/0xd0 [ 333.300685][ T9999] ? trace_lock_acquire+0x14e/0x1f0 [ 333.305905][ T9999] ? tomoyo_mount_permission+0x149/0x420 [ 333.311549][ T9999] ? lock_acquire+0x2f/0xb0 [ 333.316056][ T9999] ? tomoyo_mount_permission+0x149/0x420 [ 333.321701][ T9999] tomoyo_mount_permission+0x16e/0x420 [ 333.327159][ T9999] ? tomoyo_mount_permission+0x149/0x420 [ 333.332781][ T9999] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 333.338757][ T9999] ? get_current_fs_domain+0x184/0x1f0 [ 333.344218][ T9999] security_sb_mount+0x9b/0x260 [ 333.349063][ T9999] path_mount+0x129/0x1f20 [ 333.353475][ T9999] ? kmem_cache_free+0x152/0x4c0 [ 333.358409][ T9999] ? __pfx_path_mount+0x10/0x10 [ 333.363255][ T9999] ? putname+0x13c/0x180 [ 333.367498][ T9999] __x64_sys_mount+0x294/0x320 [ 333.372256][ T9999] ? __pfx___x64_sys_mount+0x10/0x10 [ 333.377543][ T9999] do_syscall_64+0xcd/0x250 [ 333.382045][ T9999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.387932][ T9999] RIP: 0033:0x7f398cf85d19 [ 333.392334][ T9999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.411932][ T9999] RSP: 002b:00007f398dddf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 333.420337][ T9999] RAX: ffffffffffffffda RBX: 00007f398d175fa0 RCX: 00007f398cf85d19 [ 333.428297][ T9999] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000020000140 [ 333.436257][ T9999] RBP: 00007f398dddf090 R08: 0000000000000000 R09: 0000000000000000 [ 333.444214][ T9999] R10: 0000000000208000 R11: 0000000000000246 R12: 0000000000000002 [ 333.452172][ T9999] R13: 0000000000000001 R14: 00007f398d175fa0 R15: 00007fffab4d54a8 [ 333.460147][ T9999] [ 333.463914][ T9999] ERROR: Out of memory at tomoyo_realpath_from_path. [ 333.494672][T10002] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1011'. [ 334.913872][T10014] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 335.891741][T10024] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 336.052720][T10026] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1016'. [ 336.150056][ T8] usb 5-1: string descriptor 0 read error: -32 [ 336.356259][ T29] audit: type=1326 audit(1734152575.373:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10030 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7ffc0000 [ 336.434779][ T29] audit: type=1326 audit(1734152575.373:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10030 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7ffc0000 [ 336.545843][ T29] audit: type=1326 audit(1734152575.373:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10030 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f5d5ed85d19 code=0x7ffc0000 [ 336.569229][ C0] vkms_vblank_simulate: vblank timer overrun [ 336.609930][ T25] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 336.636145][T10039] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1021'. [ 336.644026][ T29] audit: type=1326 audit(1734152575.373:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10030 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7ffc0000 [ 336.668322][ C0] vkms_vblank_simulate: vblank timer overrun [ 336.723818][ T29] audit: type=1326 audit(1734152575.373:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10030 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7ffc0000 [ 336.773902][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 336.803851][ T25] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 336.819336][ T25] usb 3-1: config 0 has no interface number 0 [ 336.825727][ T29] audit: type=1326 audit(1734152575.383:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10030 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5d5ed85d19 code=0x7ffc0000 [ 336.849089][ C0] vkms_vblank_simulate: vblank timer overrun [ 336.881151][ T25] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 336.911740][T10038] netlink: 23192 bytes leftover after parsing attributes in process `syz.0.1020'. [ 336.925644][ T25] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 336.942718][ T29] audit: type=1326 audit(1734152575.383:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10030 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7ffc0000 [ 336.979909][ T25] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 337.005456][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.053168][ T25] usb 3-1: config 0 descriptor?? [ 337.092789][ T5951] usb 5-1: USB disconnect, device number 30 [ 337.129956][ T29] audit: type=1326 audit(1734152575.383:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10030 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7ffc0000 [ 337.153382][ C0] vkms_vblank_simulate: vblank timer overrun [ 337.185840][ T29] audit: type=1326 audit(1734152575.383:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10030 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f5d5ed85d19 code=0x7ffc0000 [ 337.213454][ T29] audit: type=1326 audit(1734152575.383:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10030 comm="syz.0.1019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7ffc0000 [ 337.569862][T10046] vivid-004: ================= START STATUS ================= [ 337.581205][T10046] vivid-004: Radio HW Seek Mode: Bounded [ 337.587640][T10046] vivid-004: Radio Programmable HW Seek: false [ 337.595088][T10046] vivid-004: RDS Rx I/O Mode: Block I/O [ 337.600950][T10046] vivid-004: Generate RBDS Instead of RDS: false [ 337.607740][T10046] vivid-004: RDS Reception: true [ 337.613445][T10046] vivid-004: RDS Program Type: 0 inactive [ 337.620194][T10046] vivid-004: RDS PS Name: inactive [ 337.625796][T10046] vivid-004: RDS Radio Text: inactive [ 337.632798][T10046] vivid-004: RDS Traffic Announcement: false inactive [ 337.642611][T10046] vivid-004: RDS Traffic Program: false inactive [ 337.697642][T10046] vivid-004: RDS Music: false inactive [ 337.703567][T10046] vivid-004: ================== END STATUS ================== [ 338.828566][T10063] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 339.575291][ T25] input: HID 28bd:0071 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0071.0015/input/input15 [ 339.672128][ T25] input: HID 28bd:0071 Pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0071.0015/input/input16 [ 339.706257][T10069] bond_slave_0: entered promiscuous mode [ 339.712219][T10069] bond_slave_1: entered promiscuous mode [ 339.822075][T10069] bond_slave_0: left promiscuous mode [ 339.827908][T10069] bond_slave_1: left promiscuous mode [ 339.884413][ T25] uclogic 0003:28BD:0071.0015: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.2-1/input1 [ 340.665139][T10078] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1030'. [ 341.549829][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 341.549847][ T29] audit: type=1400 audit(1734152580.573:703): avc: denied { listen } for pid=10083 comm="syz.4.1031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 342.576581][T10096] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 343.660023][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 343.856436][T10110] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1040'. [ 343.874999][T10106] netlink: 23192 bytes leftover after parsing attributes in process `syz.4.1034'. [ 343.911821][ T5897] usb 3-1: USB disconnect, device number 21 [ 343.951033][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 344.457130][T10120] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1042'. [ 346.772305][T10139] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1048'. [ 347.114695][ T29] audit: type=1400 audit(1734152586.133:704): avc: denied { getopt } for pid=10127 comm="syz.1.1045" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 347.285920][T10152] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1049'. [ 347.911536][T10162] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1051'. [ 348.470628][T10175] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1053'. [ 349.511732][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 349.925667][T10193] netlink: 852 bytes leftover after parsing attributes in process `syz.2.1058'. [ 350.946359][T10210] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1061'. [ 351.017054][T10216] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1062'. [ 351.698952][T10226] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1064'. [ 352.040345][ T970] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 352.440221][ T8] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 352.530631][ T970] usb 5-1: Using ep0 maxpacket: 8 [ 352.555672][ T970] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.569494][ T970] usb 5-1: New USB device found, idVendor=0b48, idProduct=1006, bcdDevice=c0.0a [ 352.578862][ T970] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.587349][ T970] usb 5-1: Product: syz [ 352.591722][ T970] usb 5-1: Manufacturer: syz [ 352.596296][ T970] usb 5-1: SerialNumber: syz [ 352.746485][ T29] audit: type=1400 audit(1734152591.643:705): avc: denied { write } for pid=10247 comm="syz.3.1069" name="usbmon4" dev="devtmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 352.996161][ T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 353.006810][ T8] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 353.022932][ T970] usb 5-1: config 0 descriptor?? [ 353.034916][ T970] ttusb_dec_send_command: command bulk message failed: error -22 [ 353.062339][ T970] ttusb-dec 5-1:0.0: probe with driver ttusb-dec failed with error -22 [ 353.084251][ T8] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 353.095902][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 353.158357][ T8] usb 3-1: SerialNumber: syz [ 353.263715][ T8] usb 3-1: bad CDC descriptors [ 353.303650][ T8] usb-storage 3-1:1.0: USB Mass Storage device detected [ 353.340399][ T8] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 353.379673][ T29] audit: type=1326 audit(1734152592.403:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10259 comm="syz.3.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 353.409641][ T25] usb 5-1: USB disconnect, device number 31 [ 353.449522][T10244] netlink: 23192 bytes leftover after parsing attributes in process `syz.0.1068'. [ 353.469023][ T29] audit: type=1326 audit(1734152592.463:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10259 comm="syz.3.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 353.493808][ T29] audit: type=1326 audit(1734152592.463:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10259 comm="syz.3.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 353.850029][ T29] audit: type=1326 audit(1734152592.463:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10259 comm="syz.3.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 354.300756][ T8] usb 3-1: USB disconnect, device number 22 [ 354.341362][ T29] audit: type=1326 audit(1734152592.463:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10259 comm="syz.3.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 354.431314][ T29] audit: type=1326 audit(1734152592.463:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10259 comm="syz.3.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 354.551903][T10285] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 354.598698][ T29] audit: type=1326 audit(1734152592.463:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10259 comm="syz.3.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 354.690138][ T29] audit: type=1326 audit(1734152592.463:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10259 comm="syz.3.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 355.397358][ T29] audit: type=1326 audit(1734152592.463:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10259 comm="syz.3.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 358.035664][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 358.035754][ T29] audit: type=1400 audit(1734152597.063:749): avc: denied { getopt } for pid=10324 comm="syz.1.1082" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 358.749864][ T5870] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 358.849797][ T5951] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 358.988719][ T5870] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 359.105126][ T5870] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 359.249588][ T5870] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 359.479775][ T5951] usb 4-1: Using ep0 maxpacket: 32 [ 359.568119][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.576481][ T5870] usb 5-1: Product: ᑙ [ 359.584531][ T5870] usb 5-1: Manufacturer: 錧铍렳짿ᰔ좞᩶⁇ꓻత罛硖敚밽售饌淞엙ᅣᶧﲮꩉ갾㺋䣬峐铑弗⥡醼澑峸쉼䙰袽씊⹴ꐻ䣔풠浣좞ࣽꨮ蛥栙琙Ↄ盻묖催喑⻊㻩짋擰ᢰṹ稖䤦땯庚㛟ࠁ즗஝렕⏵ꀪ봓꾙풔戮䋒쌹㟓䮿돓巣䡳踉ᴚ萝㧬 [ 359.596422][ T5951] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 359.613225][ T5870] usb 5-1: SerialNumber: 㪹ϑ筸躁屃뚱栐솚칁ꩋ⽁륍᛹폫醝넭᳣ꄩ絎﫜镝ᮈᖍ눁꧱쀛萳㬇瀂꘥맖￙ [ 359.623234][ T5951] usb 4-1: config 0 has no interfaces? [ 359.623343][ T5951] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 360.389653][T10352] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 360.398752][ T5951] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.488967][ T5951] usb 4-1: config 0 descriptor?? [ 360.675292][T10329] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 361.115083][ T8] usb 4-1: USB disconnect, device number 20 [ 361.477067][T10379] input: syz0 as /devices/virtual/input/input17 [ 362.332819][ T8] usb 2-1: new low-speed USB device number 24 using dummy_hcd [ 362.511677][ T8] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 362.573561][ T8] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 362.616440][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.901738][ T5951] usb 3-1: new low-speed USB device number 23 using dummy_hcd [ 363.040169][T10397] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1096'. [ 363.064213][T10402] FAULT_INJECTION: forcing a failure. [ 363.064213][T10402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 363.085750][T10402] CPU: 0 UID: 0 PID: 10402 Comm: syz.0.1097 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 363.096540][T10402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 363.106603][T10402] Call Trace: [ 363.109888][T10402] [ 363.112823][T10402] dump_stack_lvl+0x16c/0x1f0 [ 363.117516][T10402] should_fail_ex+0x497/0x5b0 [ 363.122299][T10402] _copy_to_user+0x32/0xd0 [ 363.126739][T10402] simple_read_from_buffer+0xd0/0x160 [ 363.132133][T10402] proc_fail_nth_read+0x198/0x270 [ 363.137177][T10402] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 363.142744][T10402] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 363.148304][T10402] vfs_read+0x1df/0xbe0 [ 363.152470][T10402] ? __fget_files+0x1fc/0x3a0 [ 363.157160][T10402] ? __pfx___mutex_lock+0x10/0x10 [ 363.162204][T10402] ? __pfx_vfs_read+0x10/0x10 [ 363.166895][T10402] ? __fget_files+0x206/0x3a0 [ 363.171592][T10402] ksys_read+0x12b/0x250 [ 363.175844][T10402] ? __pfx_ksys_read+0x10/0x10 [ 363.180623][T10402] do_syscall_64+0xcd/0x250 [ 363.185142][T10402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 363.191048][T10402] RIP: 0033:0x7f5d5ed8472c [ 363.195465][T10402] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 363.215066][T10402] RSP: 002b:00007f5d5fbb2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 363.223472][T10402] RAX: ffffffffffffffda RBX: 00007f5d5ef75fa0 RCX: 00007f5d5ed8472c [ 363.231432][T10402] RDX: 000000000000000f RSI: 00007f5d5fbb20a0 RDI: 0000000000000004 [ 363.239390][T10402] RBP: 00007f5d5fbb2090 R08: 0000000000000000 R09: 0000000000000000 [ 363.247351][T10402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 363.255310][T10402] R13: 0000000000000000 R14: 00007f5d5ef75fa0 R15: 00007ffc89b03d58 [ 363.263285][T10402] [ 363.274976][T10410] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10410 comm=syz.1.1090 [ 363.291328][ T5951] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 363.299343][ T5951] usb 3-1: config 0 has no interface number 0 [ 363.350711][ T5951] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 363.375890][ T5951] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 363.396308][ T5951] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.416053][ T5951] usb 3-1: config 0 descriptor?? [ 363.446184][ T5951] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 363.631103][T10397] ceph: No mds server is up or the cluster is laggy [ 363.716855][ T29] audit: type=1400 audit(1734152602.743:750): avc: denied { bind } for pid=10385 comm="syz.2.1093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 363.796591][ T5951] usb 3-1: USB disconnect, device number 23 [ 363.830777][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 364.767397][ T8] usb 2-1: string descriptor 0 read error: -71 [ 364.774079][ T8] hub 2-1:32.0: bad descriptor, ignoring hub [ 364.780456][ T8] hub 2-1:32.0: probe with driver hub failed with error -5 [ 364.998952][ T8] usb 2-1: USB disconnect, device number 24 [ 365.389929][ T5870] usb 5-1: 0:2 : does not exist [ 365.527189][ T5870] usb 5-1: USB disconnect, device number 32 [ 367.430429][ T5813] udevd[5813]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 367.660747][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 368.139776][ T5897] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 368.239608][ T29] audit: type=1400 audit(1734152607.253:751): avc: denied { set_context_mgr } for pid=10487 comm="syz.4.1115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 368.311737][ T5897] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 368.312511][ T29] audit: type=1400 audit(1734152607.263:752): avc: denied { map } for pid=10487 comm="syz.4.1115" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 368.324764][ T5897] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 368.401868][ T5897] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 368.437044][ T5897] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.439173][ T29] audit: type=1400 audit(1734152607.393:753): avc: denied { call } for pid=10487 comm="syz.4.1115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 368.470467][ T5897] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 368.504899][ T5897] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 368.507620][ T29] audit: type=1400 audit(1734152607.393:754): avc: denied { transfer } for pid=10487 comm="syz.4.1115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 368.531748][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 368.546820][T10501] FAULT_INJECTION: forcing a failure. [ 368.546820][T10501] name failslab, interval 1, probability 0, space 0, times 0 [ 368.562237][ T5897] usb 3-1: Product: syz [ 368.579956][T10501] CPU: 0 UID: 0 PID: 10501 Comm: syz.1.1117 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 368.580179][ T5897] usb 3-1: Manufacturer: syz [ 368.590726][T10501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 368.590764][T10501] Call Trace: [ 368.590772][T10501] [ 368.590781][T10501] dump_stack_lvl+0x16c/0x1f0 [ 368.590810][T10501] should_fail_ex+0x497/0x5b0 [ 368.590837][T10501] ? fs_reclaim_acquire+0xae/0x150 [ 368.626085][T10501] should_failslab+0xc2/0x120 [ 368.630780][T10501] __kmalloc_cache_noprof+0x68/0x410 [ 368.636088][T10501] snd_pcm_oss_change_params_locked+0x1d6/0x3a60 [ 368.642436][T10501] ? rcu_is_watching+0x12/0xc0 [ 368.644473][ T5897] cdc_wdm 3-1:1.0: skipping garbage [ 368.647205][T10501] ? __mutex_lock+0x1cc/0xa60 [ 368.647236][T10501] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 368.663842][T10501] ? __mutex_lock+0x1cc/0xa60 [ 368.666474][ T5897] cdc_wdm 3-1:1.0: skipping garbage [ 368.668519][T10501] ? __pfx___mutex_lock+0x10/0x10 [ 368.678755][T10501] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 368.684761][T10501] snd_pcm_oss_get_active_substream+0x168/0x1d0 [ 368.691022][T10501] snd_pcm_oss_ioctl+0x3194/0x3780 [ 368.696147][T10501] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 368.696715][ T5897] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 368.701604][T10501] ? selinux_file_ioctl+0x180/0x270 [ 368.701633][T10501] ? selinux_file_ioctl+0xb4/0x270 [ 368.717806][T10501] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 368.719711][ T5897] cdc_wdm 3-1:1.0: Unknown control protocol [ 368.723268][T10501] __x64_sys_ioctl+0x190/0x200 [ 368.723305][T10501] do_syscall_64+0xcd/0x250 [ 368.723333][T10501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.744319][T10501] RIP: 0033:0x7f8a59985d19 [ 368.748738][T10501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.768353][T10501] RSP: 002b:00007f8a5a863038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 368.776776][T10501] RAX: ffffffffffffffda RBX: 00007f8a59b76080 RCX: 00007f8a59985d19 [ 368.784756][T10501] RDX: 0000000020000040 RSI: 00000000c0045005 RDI: 0000000000000003 [ 368.792737][T10501] RBP: 00007f8a5a863090 R08: 0000000000000000 R09: 0000000000000000 [ 368.800711][T10501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 368.808689][T10501] R13: 0000000000000000 R14: 00007f8a59b76080 R15: 00007ffd319d28d8 [ 368.816682][T10501] [ 369.018022][ T29] audit: type=1400 audit(1734152608.023:755): avc: denied { write } for pid=10508 comm="syz.0.1118" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 369.041037][ T29] audit: type=1400 audit(1734152608.023:756): avc: denied { map } for pid=10508 comm="syz.0.1118" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 369.042508][T10470] cdc_wdm 3-1:1.0: Error submitting int urb - -90 [ 369.310198][ T5897] usb 4-1: new low-speed USB device number 21 using dummy_hcd [ 369.464253][T10529] tmpfs: Bad value for 'mpol' [ 369.543255][T10530] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1121'. [ 371.364836][ T5897] usb 4-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 371.375165][ T5897] usb 4-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 371.384376][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.458877][ T5870] usb 3-1: USB disconnect, device number 24 [ 371.807210][ T8] usb 5-1: new full-speed USB device number 33 using dummy_hcd [ 371.880781][T10544] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10544 comm=syz.3.1113 [ 371.940017][ T5870] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 371.961360][ T8] usb 5-1: config 96 has an invalid interface number: 112 but max is 2 [ 371.971223][ T8] usb 5-1: config 96 contains an unexpected descriptor of type 0x1, skipping [ 371.996500][ T8] usb 5-1: config 96 has an invalid descriptor of length 0, skipping remainder of the config [ 372.027668][ T8] usb 5-1: config 96 has 1 interface, different from the descriptor's value: 3 [ 372.054933][ T8] usb 5-1: config 96 has no interface number 0 [ 372.606527][ T8] usb 5-1: config 96 interface 112 altsetting 9 has 2 endpoint descriptors, different from the interface descriptor's value: 11 [ 372.620956][ T8] usb 5-1: config 96 interface 112 has no altsetting 0 [ 372.628352][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.650587][ T8] usb 5-1: New USB device found, idVendor=045e, idProduct=04ce, bcdDevice=84.e1 [ 372.677428][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.700416][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.729857][ T8] usb 5-1: Product: С [ 372.736136][ T8] usb 5-1: Manufacturer: ࠬ [ 372.743165][ T5870] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 372.754432][ T8] usb 5-1: SerialNumber: о [ 372.762201][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.793730][ T5870] usb 3-1: config 0 descriptor?? [ 373.077502][ T5897] usb 4-1: string descriptor 0 read error: -71 [ 373.088678][ T5897] hub 4-1:32.0: bad descriptor, ignoring hub [ 373.130475][ T5897] hub 4-1:32.0: probe with driver hub failed with error -5 [ 373.271348][ T5897] usb 4-1: USB disconnect, device number 21 [ 373.647460][ T5813] udevd[5813]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 374.300329][ T5870] uclogic 0003:256C:006D.0016: interface is invalid, ignoring [ 374.595952][ T25] usb 3-1: USB disconnect, device number 25 [ 374.759359][T10601] loop7: detected capacity change from 0 to 16384 [ 375.067154][ T8] usb 5-1: USB disconnect, device number 33 [ 375.350801][T10608] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1128'. [ 377.184641][ T29] audit: type=1400 audit(1734152616.093:757): avc: denied { write } for pid=10612 comm="syz.2.1134" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 378.468323][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.475050][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.521366][T10639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1140'. [ 379.753187][T10657] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 381.730035][T10676] FAULT_INJECTION: forcing a failure. [ 381.730035][T10676] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 382.396729][T10676] CPU: 0 UID: 0 PID: 10676 Comm: syz.0.1150 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 382.407508][T10676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 382.417555][T10676] Call Trace: [ 382.420819][T10676] [ 382.423730][T10676] dump_stack_lvl+0x16c/0x1f0 [ 382.428401][T10676] should_fail_ex+0x497/0x5b0 [ 382.433068][T10676] _copy_from_iter+0x2a1/0x1560 [ 382.437927][T10676] ? trace_lock_acquire+0x14e/0x1f0 [ 382.443133][T10676] ? __alloc_skb+0x1fe/0x380 [ 382.447721][T10676] ? __pfx__copy_from_iter+0x10/0x10 [ 382.453020][T10676] ? __virt_addr_valid+0x1a4/0x590 [ 382.458152][T10676] ? __virt_addr_valid+0x5e/0x590 [ 382.463191][T10676] ? __phys_addr_symbol+0x30/0x80 [ 382.468218][T10676] ? __check_object_size+0x488/0x710 [ 382.473487][T10676] netlink_sendmsg+0x813/0xd70 [ 382.478250][T10676] ? __pfx_netlink_sendmsg+0x10/0x10 [ 382.483547][T10676] ____sys_sendmsg+0xaaf/0xc90 [ 382.488297][T10676] ? copy_msghdr_from_user+0x10b/0x160 [ 382.493753][T10676] ? __pfx_____sys_sendmsg+0x10/0x10 [ 382.499028][T10676] ___sys_sendmsg+0x135/0x1e0 [ 382.503693][T10676] ? __pfx____sys_sendmsg+0x10/0x10 [ 382.508881][T10676] ? __pfx_lock_release+0x10/0x10 [ 382.513885][T10676] ? trace_lock_acquire+0x14e/0x1f0 [ 382.519071][T10676] ? __fget_files+0x206/0x3a0 [ 382.523731][T10676] __sys_sendmsg+0x16e/0x220 [ 382.528318][T10676] ? __pfx___sys_sendmsg+0x10/0x10 [ 382.533450][T10676] do_syscall_64+0xcd/0x250 [ 382.537936][T10676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.543809][T10676] RIP: 0033:0x7f5d5ed85d19 [ 382.548201][T10676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.567799][T10676] RSP: 002b:00007f5d5fbb2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 382.576189][T10676] RAX: ffffffffffffffda RBX: 00007f5d5ef75fa0 RCX: 00007f5d5ed85d19 [ 382.584136][T10676] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 382.592086][T10676] RBP: 00007f5d5fbb2090 R08: 0000000000000000 R09: 0000000000000000 [ 382.600033][T10676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 382.607978][T10676] R13: 0000000000000000 R14: 00007f5d5ef75fa0 R15: 00007ffc89b03d58 [ 382.615936][T10676] [ 383.628218][ T2323] pvrusb2: request_firmware fatal error with code=-110 [ 383.664104][ T2323] pvrusb2: Failure uploading firmware1 [ 383.686710][ T2323] pvrusb2: Device initialization was not successful. [ 384.486402][ T2323] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 384.496556][ T2323] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 384.509517][ T2323] usb 1-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 384.518719][ T2323] usb 1-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 384.537681][ T5898] pvrusb2: Device being rendered inoperable [ 384.958617][T10707] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 385.142477][T10724] netlink: 23192 bytes leftover after parsing attributes in process `syz.3.1158'. [ 385.664955][T10733] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1154'. [ 385.959940][ T29] audit: type=1400 audit(1734152624.973:758): avc: denied { mounton } for pid=10740 comm="syz.3.1162" path="/proc/766/task" dev="proc" ino=24345 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 386.208405][T10746] FAULT_INJECTION: forcing a failure. [ 386.208405][T10746] name failslab, interval 1, probability 0, space 0, times 0 [ 386.222305][T10746] CPU: 1 UID: 0 PID: 10746 Comm: syz.4.1160 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 386.233083][T10746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 386.243147][T10746] Call Trace: [ 386.246425][T10746] [ 386.249360][T10746] dump_stack_lvl+0x16c/0x1f0 [ 386.254049][T10746] should_fail_ex+0x497/0x5b0 [ 386.258733][T10746] ? fs_reclaim_acquire+0xae/0x150 [ 386.264030][T10746] should_failslab+0xc2/0x120 [ 386.268716][T10746] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 386.274092][T10746] ? __pfx___might_resched+0x10/0x10 [ 386.279385][T10746] ? __anon_vma_prepare+0xae/0x5e0 [ 386.284504][T10746] __anon_vma_prepare+0xae/0x5e0 [ 386.289452][T10746] __vmf_anon_prepare+0x11c/0x240 [ 386.294481][T10746] do_wp_page+0x1355/0x47c0 [ 386.298990][T10746] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 386.304629][T10746] ? __pfx_do_wp_page+0x10/0x10 [ 386.309480][T10746] ? rcu_is_watching+0x12/0xc0 [ 386.314260][T10746] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 386.319643][T10746] ? lock_acquire+0x2f/0xb0 [ 386.324152][T10746] ? __handle_mm_fault+0xdfa/0x2a40 [ 386.329362][T10746] __handle_mm_fault+0x1ade/0x2a40 [ 386.334487][T10746] ? __pfx___handle_mm_fault+0x10/0x10 [ 386.339947][T10746] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 386.345601][T10746] ? find_vma+0xc0/0x140 [ 386.349853][T10746] ? __pfx_find_vma+0x10/0x10 [ 386.354542][T10746] handle_mm_fault+0x3fa/0xaa0 [ 386.359316][T10746] do_user_addr_fault+0x7a3/0x13f0 [ 386.364439][T10746] exc_page_fault+0x5c/0xc0 [ 386.368947][T10746] asm_exc_page_fault+0x26/0x30 [ 386.373801][T10746] RIP: 0010:__put_user_4+0x11/0x20 [ 386.378916][T10746] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 386.398525][T10746] RSP: 0018:ffffc9001015fde0 EFLAGS: 00050202 [ 386.404595][T10746] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000200001c8 [ 386.412567][T10746] RDX: ffff888058f10000 RSI: ffffffff87027094 RDI: ffffffff8bd1d340 [ 386.420538][T10746] RBP: 1ffff9200202bfc3 R08: 0000000000000000 R09: fffffbfff20be2b2 [ 386.428512][T10746] R10: ffffffff905f1597 R11: 0000000000000000 R12: ffff88807f323400 [ 386.436481][T10746] R13: ffff888034960e00 R14: 0000000000000004 R15: 00000000200001c0 [ 386.444464][T10746] ? mon_bin_ioctl+0x234/0xcd0 [ 386.449245][T10746] mon_bin_ioctl+0x243/0xcd0 [ 386.453848][T10746] ? __pfx_mon_bin_ioctl+0x10/0x10 [ 386.458972][T10746] ? selinux_file_ioctl+0x180/0x270 [ 386.464440][T10746] ? selinux_file_ioctl+0xb4/0x270 [ 386.469560][T10746] ? __pfx_mon_bin_ioctl+0x10/0x10 [ 386.474676][T10746] __x64_sys_ioctl+0x190/0x200 [ 386.479451][T10746] do_syscall_64+0xcd/0x250 [ 386.483960][T10746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.489859][T10746] RIP: 0033:0x7fb241f85d19 [ 386.494275][T10746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 386.513888][T10746] RSP: 002b:00007fb242e0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 386.522308][T10746] RAX: ffffffffffffffda RBX: 00007fb242176160 RCX: 00007fb241f85d19 [ 386.530289][T10746] RDX: 00000000200001c0 RSI: 00000000c0109207 RDI: 0000000000000004 [ 386.538262][T10746] RBP: 00007fb242e0e090 R08: 0000000000000000 R09: 0000000000000000 [ 386.546235][T10746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 386.554211][T10746] R13: 0000000000000000 R14: 00007fb242176160 R15: 00007ffc4c450598 [ 386.562203][T10746] [ 387.761726][ T29] audit: type=1400 audit(1734152626.783:759): avc: denied { ioctl } for pid=10755 comm="syz.4.1164" path="socket:[24382]" dev="sockfs" ino=24382 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 387.869751][T10770] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 387.899644][T10772] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1165'. [ 390.681210][T10827] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 391.003342][T10811] x_tables: ip_tables: sctp match: only valid for protocol 132 [ 391.229802][ T25] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 391.519818][ T29] audit: type=1326 audit(1734152630.533:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10836 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7fc00000 [ 391.596062][ T29] audit: type=1326 audit(1734152630.533:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10836 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7fc00000 [ 391.677997][ T29] audit: type=1326 audit(1734152630.533:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10836 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7fc00000 [ 391.789868][ T29] audit: type=1326 audit(1734152630.533:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10836 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7fc00000 [ 391.853990][ T29] audit: type=1326 audit(1734152630.533:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10836 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7fc00000 [ 391.911063][ T29] audit: type=1326 audit(1734152630.533:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10836 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7fc00000 [ 392.051751][ T29] audit: type=1326 audit(1734152630.533:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10836 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7fc00000 [ 392.147267][ T29] audit: type=1326 audit(1734152630.533:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10836 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7fc00000 [ 392.249077][ T29] audit: type=1326 audit(1734152630.533:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10836 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7fc00000 [ 392.279898][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 392.286491][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 392.297573][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 392.309308][ T25] usb 5-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 392.363118][ T29] audit: type=1326 audit(1734152630.533:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10836 comm="syz.0.1178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d5ed85d19 code=0x7fc00000 [ 392.423659][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.433809][ T25] usb 5-1: config 0 descriptor?? [ 393.107178][T10875] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1183'. [ 393.161962][T10871] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1181'. [ 393.176358][ T25] usbhid 5-1:0.0: can't add hid device: -71 [ 393.199911][ T25] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 393.223440][ T25] usb 5-1: USB disconnect, device number 34 [ 394.139975][ T5870] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 394.313483][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.334834][ T5870] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 394.354314][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.386209][ T5870] usb 5-1: config 0 descriptor?? [ 394.692596][ T5870] usbhid 5-1:0.0: can't add hid device: -71 [ 394.692656][ T5870] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 394.706329][ T5870] usb 5-1: USB disconnect, device number 35 [ 394.749236][T10909] tmpfs: Bad value for 'mpol' [ 394.789932][ T7758] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 395.006724][ T7758] usb 3-1: Using ep0 maxpacket: 32 [ 395.014189][ T7758] usb 3-1: config 2 has an invalid interface number: 126 but max is 0 [ 395.249762][ T5870] usb 5-1: new full-speed USB device number 36 using dummy_hcd [ 395.792994][ T7758] usb 3-1: config 2 has no interface number 0 [ 395.799191][ T7758] usb 3-1: config 2 interface 126 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 395.809590][ T7758] usb 3-1: config 2 interface 126 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 395.821933][ T7758] usb 3-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=ea.37 [ 395.831185][ T7758] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.839216][ T7758] usb 3-1: Product: syz [ 395.844874][ T7758] usb 3-1: Manufacturer: syz [ 395.861436][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 395.872669][ T5870] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 395.892717][ T7758] usb 3-1: SerialNumber: syz [ 396.026123][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.039074][T10902] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 396.051303][ T5870] usb 5-1: config 0 descriptor?? [ 396.062487][T10902] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 396.084341][ T7758] kvaser_usb 3-1:2.126: error -ENODEV: Cannot get usb endpoint(s) [ 396.291002][ T25] usb 3-1: USB disconnect, device number 26 [ 396.464902][ T5870] usbhid 5-1:0.0: can't add hid device: -71 [ 396.472012][ T5870] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 396.510735][ T5870] usb 5-1: USB disconnect, device number 36 [ 398.950546][ T29] kauditd_printk_skb: 5207 callbacks suppressed [ 398.950558][ T29] audit: type=1400 audit(1734152637.983:5977): avc: denied { execute } for pid=10961 comm="syz.1.1201" path="/dev/dsp" dev="devtmpfs" ino=1283 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 398.980485][ C0] vkms_vblank_simulate: vblank timer overrun [ 398.989196][T10962] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1199'. [ 399.028026][T10970] fuse: Unknown parameter '0xffffffffffffffff' [ 399.153583][ T29] audit: type=1400 audit(1734152638.183:5978): avc: denied { write } for pid=10973 comm="syz.4.1204" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 399.176824][ C0] vkms_vblank_simulate: vblank timer overrun [ 399.191324][T10971] binder_alloc: 10961: binder_alloc_buf, no vma [ 399.733235][T10978] syz.2.1203 (10978): drop_caches: 2 [ 399.796013][T10970] syz.2.1203 (10970): drop_caches: 2 [ 399.807187][T10978] syz.2.1203 (10978): drop_caches: 2 [ 399.817451][T10970] syz.2.1203 (10970): drop_caches: 2 [ 399.906947][ T29] audit: type=1400 audit(1734152638.933:5979): avc: denied { view } for pid=10982 comm="syz.3.1206" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 400.111630][T10988] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 400.133757][T10988] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 400.155436][ T29] audit: type=1400 audit(1734152639.183:5980): avc: denied { sqpoll } for pid=10984 comm="syz.3.1207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 400.188632][T10988] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 400.218413][T10988] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 400.280119][T10988] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 400.286046][T10988] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 400.297801][T10988] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 400.307169][T10988] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 400.366542][T10993] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1208'. [ 400.384964][T10988] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 400.392007][T10988] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 401.228387][ T29] audit: type=1400 audit(1734152640.203:5981): avc: denied { ioctl } for pid=11003 comm="syz.3.1212" path="socket:[25393]" dev="sockfs" ino=25393 ioctlcmd=0x891a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 402.162902][ T5129] Bluetooth: hci0: command 0x0406 tx timeout [ 402.220147][ T5129] Bluetooth: hci1: command 0x0406 tx timeout [ 402.299792][ T5129] Bluetooth: hci4: command 0x0406 tx timeout [ 402.300391][ T5827] Bluetooth: hci2: command 0x0406 tx timeout [ 402.459775][ T5827] Bluetooth: hci3: command 0x0405 tx timeout [ 403.157354][T11022] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1217'. [ 403.442209][T11042] overlayfs: failed to resolve './file0': -2 [ 404.019950][T11045] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 404.220007][ T5827] Bluetooth: hci0: command 0x0406 tx timeout [ 404.233844][ T25] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 404.300452][ T5827] Bluetooth: hci1: command 0x0406 tx timeout [ 404.399888][ T25] usb 4-1: Using ep0 maxpacket: 32 [ 404.411381][ T25] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 404.433112][ T25] usb 4-1: New USB device strings: Mfr=23, Product=2, SerialNumber=3 [ 404.449048][ T25] usb 4-1: Product: syz [ 404.449559][ T5827] Bluetooth: hci4: command 0x0406 tx timeout [ 404.460849][ T5827] Bluetooth: hci2: command 0x0406 tx timeout [ 404.507953][ T25] usb 4-1: Manufacturer: syz [ 404.543146][ T25] usb 4-1: SerialNumber: syz [ 404.549844][ T5827] Bluetooth: hci3: command 0x0405 tx timeout [ 404.761908][ T25] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 404.863311][ T25] gspca_stk1135: reg_w 0x2 err -71 [ 404.869495][ T25] gspca_stk1135: serial bus timeout: status=0x00 [ 404.882276][ T25] gspca_stk1135: Sensor write failed [ 404.887619][ T25] gspca_stk1135: serial bus timeout: status=0x00 [ 404.894042][ T25] gspca_stk1135: Sensor write failed [ 404.899348][ T25] gspca_stk1135: serial bus timeout: status=0x00 [ 404.905740][ T25] gspca_stk1135: Sensor read failed [ 404.911005][ T25] gspca_stk1135: serial bus timeout: status=0x00 [ 404.917385][ T25] gspca_stk1135: Sensor read failed [ 404.922637][ T25] gspca_stk1135: Detected sensor type unknown (0x0) [ 404.929258][ T25] gspca_stk1135: serial bus timeout: status=0x00 [ 404.935630][ T25] gspca_stk1135: Sensor read failed [ 404.940880][ T25] gspca_stk1135: serial bus timeout: status=0x00 [ 404.948800][ T25] gspca_stk1135: Sensor read failed [ 404.948836][ T25] gspca_stk1135: serial bus timeout: status=0x00 [ 404.948848][ T25] gspca_stk1135: Sensor write failed [ 404.948874][ T25] gspca_stk1135: serial bus timeout: status=0x00 [ 404.948884][ T25] gspca_stk1135: Sensor write failed [ 404.948935][ T25] stk1135 4-1:64.0: probe with driver stk1135 failed with error -71 [ 404.975449][ T29] audit: type=1400 audit(1734152643.983:5982): avc: denied { read } for pid=11055 comm="syz.0.1226" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 404.975480][ T29] audit: type=1400 audit(1734152643.983:5983): avc: denied { open } for pid=11055 comm="syz.0.1226" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 405.121377][ T25] usb 4-1: USB disconnect, device number 22 [ 405.593490][ T5827] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 406.347142][ T29] audit: type=1400 audit(1734152645.373:5984): avc: denied { read write } for pid=11060 comm="syz.2.1228" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 406.370349][ C0] vkms_vblank_simulate: vblank timer overrun [ 406.404421][ T29] audit: type=1400 audit(1734152645.373:5985): avc: denied { open } for pid=11060 comm="syz.2.1228" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 406.478829][ T5827] Bluetooth: hci0: unexpected event for opcode 0x202a [ 406.634150][T11084] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11084 comm=syz.4.1231 [ 407.300275][ T5951] usb 5-1: new low-speed USB device number 37 using dummy_hcd [ 407.836879][ T5870] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 407.999775][ T5870] usb 3-1: Using ep0 maxpacket: 8 [ 408.005967][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 408.021610][ T5951] usb 5-1: unable to get BOS descriptor or descriptor too short [ 408.031507][ T5951] usb 5-1: config 8 has an invalid interface number: 145 but max is 0 [ 408.129760][ T5951] usb 5-1: config 8 has no interface number 0 [ 408.396281][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 408.406179][ T5870] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 408.419167][ T5870] usb 3-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00 [ 408.428591][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.443139][ T5870] usb 3-1: config 0 descriptor?? [ 408.457562][ T5951] usb 5-1: config 8 interface 145 has no altsetting 0 [ 408.662786][ T5819] Bluetooth: hci2: command 0x0406 tx timeout [ 408.793261][ T5951] usb 5-1: string descriptor 0 read error: -22 [ 408.799785][ T5951] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=83.cc [ 408.854358][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.032003][ T5951] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 409.071522][ T5870] usbhid 3-1:0.0: can't add hid device: -71 [ 409.077892][ T5870] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 409.117667][ T5870] usb 3-1: USB disconnect, device number 27 [ 409.540725][ T5951] gspca_sunplus: reg_r err -110 [ 409.800894][ T5951] usb 5-1: USB disconnect, device number 37 [ 410.143848][T11111] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode [ 410.165693][T11111] macvtap1: entered promiscuous mode [ 410.196869][T11111] macvtap1: entered allmulticast mode [ 410.220700][T11111] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 410.231979][ T29] audit: type=1400 audit(1734152649.263:5986): avc: denied { relabelfrom } for pid=11110 comm="syz.2.1239" name="NETLINK" dev="sockfs" ino=26658 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 410.261256][ T29] audit: type=1400 audit(1734152649.293:5987): avc: denied { relabelto } for pid=11110 comm="syz.2.1239" name="NETLINK" dev="sockfs" ino=26658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1 [ 410.330235][T11111] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11111 comm=syz.2.1239 [ 411.238446][T11119] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 411.244834][T11119] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 411.306670][T11119] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 411.312686][T11119] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 411.352710][T11119] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 411.358676][T11119] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 411.366978][T11119] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 411.372946][T11119] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 411.625266][ T29] audit: type=1400 audit(1734152650.643:5988): avc: denied { create } for pid=11120 comm="syz.1.1242" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 412.084002][ T29] audit: type=1400 audit(1734152650.643:5989): avc: denied { write } for pid=11120 comm="syz.1.1242" path="socket:[26681]" dev="sockfs" ino=26681 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 412.430700][T11132] netlink: 1280 bytes leftover after parsing attributes in process `syz.1.1246'. [ 412.467779][T11132] openvswitch: netlink: Flow actions attr not present in new flow. [ 413.530327][T11143] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1248'. [ 414.687724][ T29] audit: type=1400 audit(1734152653.713:5990): avc: denied { listen } for pid=11153 comm="syz.0.1251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 414.716321][T11155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1251'. [ 414.958937][T11166] netlink: 23192 bytes leftover after parsing attributes in process `syz.2.1255'. [ 414.999302][T11169] netlink: 1280 bytes leftover after parsing attributes in process `syz.4.1257'. [ 415.012093][T11169] openvswitch: netlink: Flow actions attr not present in new flow. [ 415.367837][T11174] x_tables: unsorted entry at hook 2 [ 415.593988][T11179] ubi0: attaching mtd0 [ 415.657759][T11179] ubi0: scanning is finished [ 415.703032][T11179] ubi0: empty MTD device detected [ 416.037237][T11184] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1261'. [ 416.754946][T11179] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 416.762609][T11179] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 416.866080][T11179] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 416.893412][T11179] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 416.911496][T11179] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 416.918285][T11179] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 416.926462][T11179] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2234854146 [ 417.020873][T11179] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 417.059227][T11186] ubi0: background thread "ubi_bgt0d" started, PID 11186 [ 418.351884][ T29] audit: type=1400 audit(1734152657.383:5991): avc: denied { shutdown } for pid=11199 comm="syz.0.1266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 418.405518][ T29] audit: type=1400 audit(1734152657.433:5992): avc: denied { write } for pid=11202 comm="syz.3.1267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 418.451366][ T29] audit: type=1400 audit(1734152657.433:5993): avc: denied { read } for pid=11202 comm="syz.3.1267" path="socket:[25944]" dev="sockfs" ino=25944 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 418.544980][ T29] audit: type=1400 audit(1734152657.543:5994): avc: denied { read append } for pid=11199 comm="syz.0.1266" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 418.647206][ T29] audit: type=1400 audit(1734152657.543:5995): avc: denied { open } for pid=11199 comm="syz.0.1266" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 420.332280][T11240] dlm: no local IP address has been set [ 420.338221][T11240] dlm: cannot start dlm midcomms -107 [ 420.940340][ T29] audit: type=1326 audit(1734152659.893:5996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11254 comm="syz.4.1278" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb241f85d19 code=0x0 [ 421.345384][ T29] audit: type=1400 audit(1734152660.153:5997): avc: denied { append } for pid=11244 comm="syz.3.1276" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 421.372804][ T29] audit: type=1400 audit(1734152660.223:5998): avc: denied { bind } for pid=11244 comm="syz.3.1276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 421.841133][T11267] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60520 sclass=netlink_route_socket pid=11267 comm=syz.0.1282 [ 423.431403][T11277] syz.0.1284: attempt to access beyond end of device [ 423.431403][T11277] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 424.949492][ T29] audit: type=1400 audit(1734152663.963:5999): avc: denied { append } for pid=11294 comm="syz.4.1287" name="sg0" dev="devtmpfs" ino=749 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 425.498413][ T29] audit: type=1400 audit(1734152663.963:6000): avc: denied { read } for pid=11294 comm="syz.4.1287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 425.618560][ T7758] libceph: connect (1)[c::]:6789 error -101 [ 425.624669][ T7758] libceph: mon0 (1)[c::]:6789 connect error [ 425.902552][ T7758] libceph: connect (1)[c::]:6789 error -101 [ 425.908536][ T7758] libceph: mon0 (1)[c::]:6789 connect error [ 426.014529][T11304] ceph: No mds server is up or the cluster is laggy [ 426.073312][T11317] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1293'. [ 426.566396][T11331] FAULT_INJECTION: forcing a failure. [ 426.566396][T11331] name failslab, interval 1, probability 0, space 0, times 0 [ 426.585984][T11331] CPU: 0 UID: 0 PID: 11331 Comm: syz.4.1299 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 426.596753][T11331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 426.606785][T11331] Call Trace: [ 426.610039][T11331] [ 426.612948][T11331] dump_stack_lvl+0x16c/0x1f0 [ 426.617609][T11331] should_fail_ex+0x497/0x5b0 [ 426.622266][T11331] ? fs_reclaim_acquire+0xae/0x150 [ 426.627360][T11331] should_failslab+0xc2/0x120 [ 426.632015][T11331] __kmalloc_noprof+0xcb/0x510 [ 426.636755][T11331] ? __pfx_lock_release+0x10/0x10 [ 426.641769][T11331] ? trace_lock_acquire+0x14e/0x1f0 [ 426.646958][T11331] tomoyo_encode2+0x100/0x3e0 [ 426.651624][T11331] tomoyo_encode+0x29/0x50 [ 426.656033][T11331] tomoyo_mount_acl+0x145/0x880 [ 426.660871][T11331] ? hlock_class+0x4e/0x130 [ 426.665366][T11331] ? __lock_acquire+0x15a9/0x3c40 [ 426.670377][T11331] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 426.675733][T11331] ? __pfx___lock_acquire+0x10/0x10 [ 426.680914][T11331] ? stack_trace_save+0x95/0xd0 [ 426.685762][T11331] ? __pfx_lock_release+0x10/0x10 [ 426.690778][T11331] ? trace_lock_acquire+0x14e/0x1f0 [ 426.695961][T11331] ? tomoyo_mount_permission+0x149/0x420 [ 426.701588][T11331] ? lock_acquire+0x2f/0xb0 [ 426.706080][T11331] ? tomoyo_mount_permission+0x149/0x420 [ 426.711701][T11331] tomoyo_mount_permission+0x16e/0x420 [ 426.717151][T11331] ? tomoyo_mount_permission+0x149/0x420 [ 426.722766][T11331] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 426.728731][T11331] ? get_current_fs_domain+0x184/0x1f0 [ 426.734176][T11331] security_sb_mount+0x9b/0x260 [ 426.739004][T11331] path_mount+0x129/0x1f20 [ 426.743415][T11331] ? kmem_cache_free+0x152/0x4c0 [ 426.748332][T11331] ? __pfx_path_mount+0x10/0x10 [ 426.753180][T11331] ? putname+0x13c/0x180 [ 426.757412][T11331] __x64_sys_mount+0x294/0x320 [ 426.762163][T11331] ? __pfx___x64_sys_mount+0x10/0x10 [ 426.767439][T11331] do_syscall_64+0xcd/0x250 [ 426.771935][T11331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.777809][T11331] RIP: 0033:0x7fb241f85d19 [ 426.782203][T11331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.801790][T11331] RSP: 002b:00007fb242e50038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 426.810188][T11331] RAX: ffffffffffffffda RBX: 00007fb242175fa0 RCX: 00007fb241f85d19 [ 426.818142][T11331] RDX: 0000000020000180 RSI: 0000000020000040 RDI: 0000000000000000 [ 426.826097][T11331] RBP: 00007fb242e50090 R08: 0000000020000080 R09: 0000000000000000 [ 426.834065][T11331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 426.842021][T11331] R13: 0000000000000000 R14: 00007fb242175fa0 R15: 00007ffc4c450598 [ 426.849987][T11331] [ 427.026325][T11336] netlink: 23192 bytes leftover after parsing attributes in process `syz.2.1301'. [ 427.473079][T11333] netlink: 'syz.4.1300': attribute type 10 has an invalid length. [ 427.497171][T11333] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 427.507651][T11332] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 427.619322][T11341] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1303'. [ 427.629834][ T5870] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 427.870005][ T5870] usb 3-1: Using ep0 maxpacket: 16 [ 427.881567][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 97, changing to 10 [ 427.893569][ T5870] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24929, setting to 1024 [ 428.011646][T11345] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 428.421332][ T5870] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 428.435340][ T5870] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 428.444883][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.467604][ T5870] usb 3-1: config 0 descriptor?? [ 428.723733][ T29] audit: type=1400 audit(1734152667.753:6001): avc: denied { create } for pid=11352 comm="syz.3.1306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 428.747348][T11353] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long [ 428.990083][ T5870] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0017/input/input18 [ 429.116125][ T5870] microsoft 0003:045E:07DA.0017: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 429.230101][ T25] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 429.366586][ T29] audit: type=1400 audit(1734152668.393:6002): avc: denied { write } for pid=11337 comm="syz.2.1302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 429.400742][ T5897] usb 3-1: USB disconnect, device number 28 [ 429.440879][ T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 429.451445][ T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 429.489846][ T25] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 429.512951][ T25] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 429.522226][T11364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1309'. [ 429.533843][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 429.543039][ T25] usb 2-1: SerialNumber: syz [ 429.553218][ T25] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 429.561959][ T25] usb-storage 2-1:1.0: USB Mass Storage device detected [ 429.578215][ T25] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 429.790057][T11371] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1311'. [ 430.028857][T11374] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1312'. [ 430.046192][T11374] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1312'. [ 430.326564][T11386] macvlan2: entered promiscuous mode [ 430.351683][ T5870] usb 2-1: USB disconnect, device number 25 [ 431.180184][T11402] bridge0: port 4(erspan0) entered blocking state [ 431.187306][T11402] bridge0: port 4(erspan0) entered disabled state [ 431.194722][T11402] erspan0: entered allmulticast mode [ 431.205572][T11402] erspan0: entered promiscuous mode [ 431.213876][T11402] bridge0: port 4(erspan0) entered blocking state [ 431.220394][T11402] bridge0: port 4(erspan0) entered forwarding state [ 431.671629][T11382] block nbd2: shutting down sockets [ 431.684730][ T29] audit: type=1400 audit(1734152670.693:6003): avc: denied { map } for pid=11396 comm="syz.3.1319" path="socket:[26119]" dev="sockfs" ino=26119 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 431.708443][ T29] audit: type=1400 audit(1734152670.693:6004): avc: denied { read } for pid=11396 comm="syz.3.1319" path="socket:[26119]" dev="sockfs" ino=26119 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 433.474663][T11418] netlink: 'syz.0.1324': attribute type 4 has an invalid length. [ 433.487272][T11418] netlink: 'syz.0.1324': attribute type 4 has an invalid length. [ 433.507091][ T29] audit: type=1400 audit(1734152672.533:6005): avc: denied { mount } for pid=11417 comm="syz.0.1324" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 433.608289][T11427] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1323'. [ 433.689967][T11431] netlink: 'syz.3.1331': attribute type 4 has an invalid length. [ 433.698067][T11432] netlink: 'syz.3.1331': attribute type 4 has an invalid length. [ 433.706838][T11431] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1331'. [ 433.719420][T11432] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1331'. [ 433.771432][ T25] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 433.847256][T11437] netlink: 23192 bytes leftover after parsing attributes in process `syz.0.1330'. [ 433.981335][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 434.014610][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 434.105402][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 434.177295][ T25] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 434.209972][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.262424][ T25] usb 3-1: config 0 descriptor?? [ 434.302018][ T25] hub 3-1:0.0: USB hub found [ 434.539397][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:2. Sending cookies. [ 434.560356][ T25] hub 3-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 434.644212][T11448] bridge0: port 3(erspan0) entered blocking state [ 434.651569][T11448] bridge0: port 3(erspan0) entered disabled state [ 434.658965][T11448] erspan0: entered allmulticast mode [ 434.670749][T11448] erspan0: entered promiscuous mode [ 435.087154][T11446] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 435.130972][T11446] kvm: pic: non byte read [ 435.138428][T11446] kvm: pic: level sensitive irq not supported [ 435.139156][T11446] kvm: pic: non byte read [ 435.150883][T11446] kvm: pic: non byte read [ 435.155535][T11446] kvm: pic: non byte read [ 435.183036][T11446] kvm: pic: non byte read [ 435.187848][T11446] kvm: pic: non byte read [ 435.194735][T11446] kvm: pic: non byte read [ 435.199547][T11446] kvm: pic: non byte read [ 435.702306][T11446] kvm: pic: non byte read [ 435.751654][ T5870] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 435.763446][T11446] kvm: pic: non byte read [ 435.778231][T11446] kvm: pic: single mode not supported [ 435.901170][T11457] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1336'. [ 435.932112][ T5870] usb 2-1: Using ep0 maxpacket: 32 [ 435.991053][ T5870] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 436.001703][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.010067][ T5870] usb 2-1: Product: syz [ 436.034809][ T5870] usb 2-1: Manufacturer: syz [ 436.049585][ T5870] usb 2-1: SerialNumber: syz [ 436.068664][ T5870] usb 2-1: config 0 descriptor?? [ 436.166097][ T29] audit: type=1400 audit(1734152675.193:6006): avc: denied { mount } for pid=11467 comm="syz.4.1339" name="/" dev="autofs" ino=26226 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 436.259415][ T8] libceph: connect (1)[c::]:6789 error -101 [ 436.265841][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 436.530175][ T8] libceph: connect (1)[c::]:6789 error -101 [ 436.536271][ T8] libceph: mon0 (1)[c::]:6789 connect error [ 437.052777][ T7758] libceph: connect (1)[c::]:6789 error -101 [ 437.059537][ T7758] libceph: mon0 (1)[c::]:6789 connect error [ 437.349907][ T7758] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 437.489421][ T25] usbhid 3-1:0.0: can't add hid device: -71 [ 437.497223][ T25] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 437.519936][ T7758] usb 4-1: Using ep0 maxpacket: 8 [ 437.533477][T11471] ceph: No mds server is up or the cluster is laggy [ 437.542236][ T25] usb 3-1: USB disconnect, device number 29 [ 437.679767][ T7758] usb 4-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 4.c9 [ 437.689218][ T7758] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.699113][ T7758] usb 4-1: Product: syz [ 437.703390][ T7758] usb 4-1: Manufacturer: syz [ 437.718260][ T7758] usb 4-1: SerialNumber: syz [ 437.785015][ T7758] usb 4-1: config 0 descriptor?? [ 437.800872][ T7758] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 437.815565][ T7758] ftdi_sio ttyUSB0: unknown device type: 0x4c9 [ 437.859780][ T5870] peak_usb 2-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 438.447062][ T29] audit: type=1400 audit(1734152677.473:6007): avc: denied { shutdown } for pid=11479 comm="syz.3.1343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 438.519804][ T29] audit: type=1400 audit(1734152677.523:6008): avc: denied { read } for pid=11479 comm="syz.3.1343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 438.570363][ T5870] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -71 [ 438.603816][ T5870] usb 2-1: USB disconnect, device number 26 [ 439.690571][ T5870] usb 4-1: USB disconnect, device number 23 [ 439.713395][ T5870] ftdi_sio 4-1:0.0: device disconnected [ 439.926263][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.935548][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.091366][T11524] ceph: No mds server is up or the cluster is laggy [ 442.289749][ T5897] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 442.429895][ T5897] usb 2-1: device descriptor read/64, error -71 [ 442.670282][ T5897] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 442.709981][T11540] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1357'. [ 442.899829][ T5897] usb 2-1: device descriptor read/64, error -71 [ 443.009899][ T5897] usb usb2-port1: attempt power cycle [ 443.711525][T11555] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1364'. [ 443.945076][ T29] audit: type=1400 audit(1734152682.953:6009): avc: denied { map } for pid=11554 comm="syz.3.1364" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 443.966891][ T5897] usb usb2-port1: Cannot enable. Maybe the USB cable is bad? [ 444.083200][T11568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1367'. [ 444.788937][ T29] audit: type=1400 audit(1734152682.953:6010): avc: denied { ioctl } for pid=11554 comm="syz.3.1364" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x563b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 444.813678][ T29] audit: type=1400 audit(1734152683.103:6011): avc: denied { setopt } for pid=11563 comm="syz.4.1367" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 445.052462][ T2323] pvrusb2: request_firmware fatal error with code=-110 [ 445.059354][ T2323] pvrusb2: Failure uploading firmware1 [ 445.090620][ T2323] pvrusb2: Device initialization was not successful. [ 445.170463][ T5897] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 445.200059][ T2323] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 445.230084][ T2323] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 445.379444][ T5897] usb 2-1: Using ep0 maxpacket: 16 [ 445.388427][ T5897] usb 2-1: too many configurations: 48, using maximum allowed: 8 [ 445.534259][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 445.580557][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 445.646157][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 445.680009][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 445.707156][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 445.727310][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 445.748509][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 445.785649][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 445.822469][ T5897] usb 2-1: New USB device found, idVendor=044f, idProduct=b300, bcdDevice= 0.00 [ 445.842814][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=33 [ 445.859078][ T5897] usb 2-1: SerialNumber: syz [ 446.075573][ T25] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 446.455355][ T5897] usb 2-1: config 0 descriptor?? [ 446.958344][ T25] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 446.969338][ T25] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 446.986226][ T5898] pvrusb2: Device being rendered inoperable [ 447.014249][ T25] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 447.034564][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 447.068792][ T25] usb 3-1: SerialNumber: syz [ 447.080020][T11588] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 447.161849][ T5897] usbhid 2-1:0.0: can't add hid device: -71 [ 447.169090][ T5897] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 447.203318][ T5897] usb 2-1: USB disconnect, device number 30 [ 447.386710][T11597] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9610 sclass=netlink_route_socket pid=11597 comm=syz.2.1368 [ 447.494273][ T25] usb 3-1: skipping empty audio interface (v1) [ 447.527410][ T25] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 447.569844][ T25] usb 3-1: USB disconnect, device number 30 [ 447.600508][ T5813] udevd[5813]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 447.792762][ T29] audit: type=1400 audit(1734152686.823:6012): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 448.067146][ T29] audit: type=1326 audit(1734152687.093:6013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 448.138848][ T29] audit: type=1326 audit(1734152687.123:6014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 448.200597][ T29] audit: type=1326 audit(1734152687.123:6015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 448.259238][ T29] audit: type=1326 audit(1734152687.123:6016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 448.300812][T11621] loop8: detected capacity change from 0 to 7 [ 448.374512][ T29] audit: type=1326 audit(1734152687.123:6017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 449.263050][ T29] audit: type=1326 audit(1734152687.123:6018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 449.290021][ T29] audit: type=1326 audit(1734152687.123:6019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 449.599001][T11616] block nbd2: shutting down sockets [ 449.653284][ T29] audit: type=1326 audit(1734152687.123:6020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 449.677343][ T29] audit: type=1326 audit(1734152687.123:6021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 449.702575][ T29] audit: type=1326 audit(1734152687.123:6022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f71d2384680 code=0x7ffc0000 [ 449.729759][ T29] audit: type=1326 audit(1734152687.123:6023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f71d2387547 code=0x7ffc0000 [ 449.754087][ T29] audit: type=1326 audit(1734152687.123:6024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 449.777557][ T29] audit: type=1326 audit(1734152687.123:6025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f71d2387547 code=0x7ffc0000 [ 449.801932][ T29] audit: type=1326 audit(1734152687.123:6026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f71d238497a code=0x7ffc0000 [ 449.826278][ T29] audit: type=1326 audit(1734152687.123:6027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11610 comm="syz.3.1380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71d2385d19 code=0x7ffc0000 [ 450.280950][T11633] netlink: 23192 bytes leftover after parsing attributes in process `syz.3.1385'. [ 450.370570][ T5870] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 450.433991][T11644] FAULT_INJECTION: forcing a failure. [ 450.433991][T11644] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 450.449159][T11644] CPU: 0 UID: 0 PID: 11644 Comm: syz.4.1389 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 450.459911][T11644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 450.469947][T11644] Call Trace: [ 450.473203][T11644] [ 450.476113][T11644] dump_stack_lvl+0x16c/0x1f0 [ 450.480773][T11644] should_fail_ex+0x497/0x5b0 [ 450.485446][T11644] _copy_from_user+0x2e/0xd0 [ 450.490036][T11644] input_event_from_user+0x134/0x3b0 [ 450.495330][T11644] ? __pfx_input_event_from_user+0x10/0x10 [ 450.501126][T11644] ? __pfx___might_resched+0x10/0x10 [ 450.506397][T11644] ? input_inject_event+0x193/0x370 [ 450.511584][T11644] evdev_write+0x377/0x750 [ 450.515990][T11644] ? __pfx_evdev_write+0x10/0x10 [ 450.520917][T11644] ? bpf_lsm_file_permission+0x9/0x10 [ 450.526279][T11644] ? security_file_permission+0x71/0x210 [ 450.531919][T11644] ? __pfx_evdev_write+0x10/0x10 [ 450.536841][T11644] vfs_write+0x24c/0x1150 [ 450.541153][T11644] ? __fget_files+0x1fc/0x3a0 [ 450.545807][T11644] ? __pfx_lock_release+0x10/0x10 [ 450.550813][T11644] ? __pfx_vfs_write+0x10/0x10 [ 450.555552][T11644] ? lock_acquire+0x2f/0xb0 [ 450.560034][T11644] ? __fget_files+0x40/0x3a0 [ 450.564604][T11644] ? __fget_files+0x206/0x3a0 [ 450.569262][T11644] ksys_write+0x207/0x250 [ 450.573569][T11644] ? __pfx_ksys_write+0x10/0x10 [ 450.578399][T11644] do_syscall_64+0xcd/0x250 [ 450.582894][T11644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.588766][T11644] RIP: 0033:0x7fb241f85d19 [ 450.593167][T11644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.612761][T11644] RSP: 002b:00007fb242e50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 450.621156][T11644] RAX: ffffffffffffffda RBX: 00007fb242175fa0 RCX: 00007fb241f85d19 [ 450.629106][T11644] RDX: 00000000000012d8 RSI: 0000000020000040 RDI: 0000000000000003 [ 450.637073][T11644] RBP: 00007fb242e50090 R08: 0000000000000000 R09: 0000000000000000 [ 450.645025][T11644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 450.653063][T11644] R13: 0000000000000000 R14: 00007fb242175fa0 R15: 00007ffc4c450598 [ 450.661148][T11644] [ 450.669851][ T5898] usb 3-1: new low-speed USB device number 31 using dummy_hcd [ 450.760281][ T5870] usb 2-1: Using ep0 maxpacket: 32 [ 450.769307][ T5870] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 450.785222][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 450.796258][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 450.809887][ T5870] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 450.830078][ T5870] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 450.839407][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.847598][ T5870] usb 2-1: Product: syz [ 450.853136][ T5898] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 450.869509][T11646] FAULT_INJECTION: forcing a failure. [ 450.869509][T11646] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 450.869591][ T5898] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 450.882845][T11646] CPU: 1 UID: 0 PID: 11646 Comm: syz.3.1392 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 450.895137][ T5870] usb 2-1: Manufacturer: syz [ 450.902531][T11646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 450.902547][T11646] Call Trace: [ 450.902554][T11646] [ 450.902563][T11646] dump_stack_lvl+0x16c/0x1f0 [ 450.902590][T11646] should_fail_ex+0x497/0x5b0 [ 450.902619][T11646] _copy_from_user+0x2e/0xd0 [ 450.902646][T11646] copy_msghdr_from_user+0x99/0x160 [ 450.914178][ T5870] usb 2-1: SerialNumber: syz [ 450.917247][T11646] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 450.930594][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.932767][T11646] ___sys_sendmsg+0xff/0x1e0 [ 450.932803][T11646] ? __pfx____sys_sendmsg+0x10/0x10 [ 450.932838][T11646] ? __pfx_lock_release+0x10/0x10 [ 450.932859][T11646] ? trace_lock_acquire+0x14e/0x1f0 [ 450.932895][T11646] ? __fget_files+0x206/0x3a0 [ 450.984964][ T5870] usb 2-1: config 0 descriptor?? [ 450.985505][T11646] __sys_sendmsg+0x16e/0x220 [ 450.995078][T11646] ? __pfx___sys_sendmsg+0x10/0x10 [ 451.000231][T11646] do_syscall_64+0xcd/0x250 [ 451.004753][T11646] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.010657][T11646] RIP: 0033:0x7f71d2385d19 [ 451.015078][T11646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.034696][T11646] RSP: 002b:00007f71d3257038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 451.043123][T11646] RAX: ffffffffffffffda RBX: 00007f71d2575fa0 RCX: 00007f71d2385d19 [ 451.051105][T11646] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004 [ 451.059081][T11646] RBP: 00007f71d3257090 R08: 0000000000000000 R09: 0000000000000000 [ 451.067056][T11646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.075035][T11646] R13: 0000000000000000 R14: 00007f71d2575fa0 R15: 00007ffe13f2cdc8 [ 451.083033][T11646] [ 451.186451][T11657] binder: 11656:11657 ioctl c0306201 20000480 returned -22 [ 451.211004][ T25] usb 2-1: USB disconnect, device number 31 [ 451.528103][T11658] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11658 comm=syz.2.1390 [ 451.735043][T11675] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 452.354131][T11687] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1406'. [ 453.388292][ T5898] usb 3-1: string descriptor 0 read error: -71 [ 453.402141][ T5898] hub 3-1:32.0: bad descriptor, ignoring hub [ 453.415735][ T5898] hub 3-1:32.0: probe with driver hub failed with error -5 [ 453.481604][ T5898] usb 3-1: USB disconnect, device number 31 [ 453.571343][ T7758] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 453.730345][ T7758] usb 5-1: Using ep0 maxpacket: 16 [ 453.743143][ T7758] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 453.754911][ T7758] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 453.779402][ T7758] usb 5-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 453.825275][ T7758] usb 5-1: config 0 interface 0 has no altsetting 0 [ 453.843674][ T7758] usb 5-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 453.875413][ T7758] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.909435][ T7758] usb 5-1: config 0 descriptor?? [ 454.399133][ T7758] usbhid 5-1:0.0: can't add hid device: -71 [ 454.405368][ T7758] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 454.426028][ T7758] usb 5-1: USB disconnect, device number 38 [ 454.518783][T11710] netlink: 1068 bytes leftover after parsing attributes in process `syz.3.1414'. [ 454.989797][ T7758] usb 3-1: new full-speed USB device number 32 using dummy_hcd [ 455.440815][ T7758] usb 3-1: not running at top speed; connect to a high speed hub [ 455.460447][ T7758] usb 3-1: config 95 has an invalid interface number: 1 but max is 0 [ 455.485950][ T7758] usb 3-1: config 95 has no interface number 0 [ 455.492359][ T5898] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 455.505712][ T7758] usb 3-1: config 95 interface 1 has no altsetting 0 [ 455.524555][ T7758] usb 3-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79 [ 455.543837][ T7758] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.555965][ T7758] usb 3-1: Product: syz [ 455.560954][ T7758] usb 3-1: Manufacturer: syz [ 455.566551][ T7758] usb 3-1: SerialNumber: syz [ 455.601661][T11723] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1419'. [ 455.659783][ T5898] usb 5-1: Using ep0 maxpacket: 32 [ 455.683896][ T5898] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 455.738529][ T5898] usb 5-1: config 0 has no interfaces? [ 455.765385][ T5898] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 455.782804][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.783538][T11727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 455.799744][T11727] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 455.801511][ T5898] usb 5-1: config 0 descriptor?? [ 455.868915][ T7758] usb 3-1: USB disconnect, device number 32 [ 456.042958][T11730] netlink: 'syz.3.1421': attribute type 1 has an invalid length. [ 456.113805][ T25] usb 1-1: new low-speed USB device number 26 using dummy_hcd [ 456.119809][ T5813] udevd[5813]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 456.409086][ T7758] usb 5-1: USB disconnect, device number 39 [ 456.455640][ T25] usb 1-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 456.465975][ T25] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 456.475366][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.967656][T11742] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11742 comm=syz.0.1420 [ 457.063938][T11744] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2051 sclass=netlink_route_socket pid=11744 comm=syz.2.1426 [ 457.245030][T11751] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 457.605628][ T7758] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 457.835559][T11764] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1433'. [ 457.934012][ T7758] usb 4-1: Using ep0 maxpacket: 32 [ 457.941100][ T7758] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 457.951566][ T7758] usb 4-1: config 0 has no interfaces? [ 457.957144][ T7758] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 457.966456][ T7758] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.979577][ T7758] usb 4-1: config 0 descriptor?? [ 458.974971][ T25] usb 1-1: string descriptor 0 read error: -71 [ 459.026968][ T5918] libceph: connect (1)[c::]:6789 error -101 [ 459.033096][ T5918] libceph: mon0 (1)[c::]:6789 connect error [ 459.187969][ T25] hub 1-1:32.0: bad descriptor, ignoring hub [ 459.203207][ T25] hub 1-1:32.0: probe with driver hub failed with error -5 [ 459.325683][ T25] usb 1-1: USB disconnect, device number 26 [ 459.336408][ T29] kauditd_printk_skb: 48 callbacks suppressed [ 459.336423][ T29] audit: type=1326 audit(1734152698.363:6076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11793 comm="syz.4.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb241f85d19 code=0x7ffc0000 [ 459.366102][ T29] audit: type=1326 audit(1734152698.363:6077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11793 comm="syz.4.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb241f85d19 code=0x7ffc0000 [ 459.389693][ T29] audit: type=1326 audit(1734152698.363:6078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11793 comm="syz.4.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7fb241f85d19 code=0x7ffc0000 [ 459.413392][ T29] audit: type=1326 audit(1734152698.363:6079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11793 comm="syz.4.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb241f85d19 code=0x7ffc0000 [ 459.438020][T11787] ceph: No mds server is up or the cluster is laggy [ 459.444732][ T29] audit: type=1326 audit(1734152698.363:6080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11793 comm="syz.4.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb241f85d19 code=0x7ffc0000 [ 459.468367][ T29] audit: type=1326 audit(1734152698.363:6081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11793 comm="syz.4.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb241f85d19 code=0x7ffc0000 [ 459.491967][ T29] audit: type=1326 audit(1734152698.363:6082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11793 comm="syz.4.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb241f85d19 code=0x7ffc0000 [ 459.515491][ T29] audit: type=1326 audit(1734152698.363:6083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11793 comm="syz.4.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fb241f85d19 code=0x7ffc0000 [ 459.539281][ T29] audit: type=1326 audit(1734152698.363:6084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11793 comm="syz.4.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb241f85d19 code=0x7ffc0000 [ 459.562967][ T29] audit: type=1326 audit(1734152698.393:6085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11793 comm="syz.4.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb241f85d19 code=0x7ffc0000 [ 459.564058][T11795] pimreg: entered allmulticast mode [ 459.597076][ T5918] libceph: connect (1)[c::]:6789 error -101 [ 459.602767][T11798] pimreg: left allmulticast mode [ 459.603219][ T5918] libceph: mon0 (1)[c::]:6789 connect error [ 459.769821][ T5898] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 459.969908][ T5898] usb 5-1: Using ep0 maxpacket: 32 [ 459.982441][ T5898] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 460.614746][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 461.061533][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 461.079716][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 461.094447][ T5898] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 461.118963][ T5898] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 461.128764][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.184288][ T5898] usb 5-1: Product: syz [ 461.188985][ T5898] usb 5-1: Manufacturer: syz [ 461.194995][ T5898] usb 5-1: SerialNumber: syz [ 461.317112][ T5898] usb 5-1: config 0 descriptor?? [ 462.629966][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.636964][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.648938][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.660281][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.671020][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.680488][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.687763][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.698602][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.705539][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.712729][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.720152][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.726781][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.737660][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.748975][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.757206][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.768727][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.774864][ T5870] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 462.783966][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.795031][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.801123][ T7758] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 462.809960][ T5898] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 462.816123][ T5898] input input19: Timeout waiting for response from device. [ 462.845724][ T5898] usb 5-1: USB disconnect, device number 40 [ 462.949982][ T5870] usb 1-1: Using ep0 maxpacket: 16 [ 462.956830][ T5870] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.968779][ T5870] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.979336][ T7758] usb 3-1: Using ep0 maxpacket: 32 [ 462.984612][ T5870] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 462.998293][ T5870] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 462.998637][ T7758] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 463.018042][ T7758] usb 3-1: config 0 has no interfaces? [ 463.024085][ T7758] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 463.036380][ T5870] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.050569][ T7758] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.059955][ T5870] usb 1-1: config 0 descriptor?? [ 463.081728][ T7758] usb 3-1: config 0 descriptor?? [ 463.192412][T11836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1456'. [ 463.727107][ T5870] microsoft 0003:045E:07DA.0018: ignoring exceeding usage max [ 463.757989][ T25] usb 3-1: USB disconnect, device number 33 [ 463.763882][ T5870] microsoft 0003:045E:07DA.0018: No inputs registered, leaving [ 463.770331][ T5870] microsoft 0003:045E:07DA.0018: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 463.818223][ T5870] microsoft 0003:045E:07DA.0018: no inputs found [ 463.937373][ T5870] microsoft 0003:045E:07DA.0018: could not initialize ff, continuing anyway [ 463.979615][ T5870] usb 1-1: USB disconnect, device number 27 [ 464.060713][T11848] FAULT_INJECTION: forcing a failure. [ 464.060713][T11848] name failslab, interval 1, probability 0, space 0, times 0 [ 464.073458][T11848] CPU: 0 UID: 0 PID: 11848 Comm: syz.1.1459 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 464.084225][T11848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 464.094281][T11848] Call Trace: [ 464.097559][T11848] [ 464.100491][T11848] dump_stack_lvl+0x16c/0x1f0 [ 464.105178][T11848] should_fail_ex+0x497/0x5b0 [ 464.109863][T11848] ? fs_reclaim_acquire+0xae/0x150 [ 464.114986][T11848] should_failslab+0xc2/0x120 [ 464.119669][T11848] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 464.125480][T11848] ? __pfx_mark_lock+0x10/0x10 [ 464.130249][T11848] ? __alloc_skb+0x2b1/0x380 [ 464.134852][T11848] __alloc_skb+0x2b1/0x380 [ 464.139279][T11848] ? __pfx___alloc_skb+0x10/0x10 [ 464.144227][T11848] ? __free_zapped_classes+0x2e0/0x320 [ 464.149706][T11848] mgmt_cmd_status+0x43/0x520 [ 464.154388][T11848] ? irqentry_exit+0x3b/0x90 [ 464.158985][T11848] set_fast_connectable+0x3b9/0x6b0 [ 464.164199][T11848] ? __pfx_set_fast_connectable+0x10/0x10 [ 464.169933][T11848] ? __pfx_set_fast_connectable+0x10/0x10 [ 464.175670][T11848] ? __pfx_mgmt_init_hdev+0x10/0x10 [ 464.180882][T11848] hci_sock_sendmsg+0x1528/0x25e0 [ 464.185930][T11848] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 464.191317][T11848] sock_write_iter+0x4fe/0x5b0 [ 464.196087][T11848] ? __pfx_sock_write_iter+0x10/0x10 [ 464.201388][T11848] ? bpf_lsm_file_permission+0x9/0x10 [ 464.206766][T11848] ? security_file_permission+0x71/0x210 [ 464.212409][T11848] vfs_write+0x5ae/0x1150 [ 464.216745][T11848] ? __pfx_sock_write_iter+0x10/0x10 [ 464.222039][T11848] ? __pfx_vfs_write+0x10/0x10 [ 464.226804][T11848] ? __fget_files+0x40/0x3a0 [ 464.231414][T11848] ksys_write+0x207/0x250 [ 464.235748][T11848] ? __pfx_ksys_write+0x10/0x10 [ 464.240608][T11848] do_syscall_64+0xcd/0x250 [ 464.245126][T11848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.251027][T11848] RIP: 0033:0x7f8a59985d19 [ 464.255441][T11848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.275141][T11848] RSP: 002b:00007f8a5a842038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 464.283564][T11848] RAX: ffffffffffffffda RBX: 00007f8a59b76160 RCX: 00007f8a59985d19 [ 464.291538][T11848] RDX: 0000000000000007 RSI: 0000000020000340 RDI: 0000000000000007 [ 464.299509][T11848] RBP: 00007f8a5a842090 R08: 0000000000000000 R09: 0000000000000000 [ 464.307484][T11848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 464.315433][T11848] R13: 0000000000000000 R14: 00007f8a59b76160 R15: 00007ffd319d28d8 [ 464.323390][T11848] [ 464.505162][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 464.505179][ T29] audit: type=1400 audit(1734152703.533:6102): avc: denied { load_policy } for pid=11845 comm="syz.4.1460" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 464.531964][T11846] SELinux: truncated policydb string identifier [ 464.538824][T11846] SELinux: failed to load policy [ 465.026321][ T5897] usb 4-1: USB disconnect, device number 24 [ 465.687410][T11861] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 465.914556][T11866] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1467'. [ 467.042342][T11880] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1468'. [ 468.389946][ T29] audit: type=1400 audit(1734152707.153:6103): avc: denied { create } for pid=11886 comm="syz.1.1473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 469.087928][T11914] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1481'. [ 469.721817][ T29] audit: type=1400 audit(1734152708.733:6104): avc: denied { bind } for pid=11927 comm="syz.3.1485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 470.201491][ T29] audit: type=1400 audit(1734152708.733:6105): avc: denied { node_bind } for pid=11927 comm="syz.3.1485" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 470.239017][ T29] audit: type=1400 audit(1734152708.733:6106): avc: denied { write } for pid=11927 comm="syz.3.1485" laddr=172.20.20.170 lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 470.260965][ C0] vkms_vblank_simulate: vblank timer overrun [ 470.797762][T11951] syz_tun: entered allmulticast mode [ 470.889450][ T29] audit: type=1400 audit(1734152709.913:6107): avc: denied { ioctl } for pid=11952 comm="syz.4.1492" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 470.914503][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.045157][T11956] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1493'. [ 472.516947][ T5870] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 472.680916][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 472.692847][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 472.704912][T11975] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 472.719141][ T5870] usb 5-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 472.748723][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 472.767994][ T5870] usb 5-1: config 0 descriptor?? [ 473.104960][ T29] audit: type=1400 audit(1734152712.133:6108): avc: denied { read } for pid=11962 comm="syz.4.1496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 473.356964][ T7758] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 473.484648][ T29] audit: type=1400 audit(1734152712.163:6109): avc: denied { nlmsg_read } for pid=11981 comm="syz.2.1503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 473.623642][ T7758] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 473.649769][ T7758] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 473.677000][ T7758] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 473.699758][ T7758] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.714264][ T7758] usb 2-1: config 0 descriptor?? [ 473.826654][ T5870] usbhid 5-1:0.0: can't add hid device: -71 [ 473.845688][ T5870] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 473.859197][ T5870] usb 5-1: USB disconnect, device number 41 [ 474.034773][T11991] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1505'. [ 474.048456][T11991] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.056218][T11991] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.236093][ T7758] arvo 0003:1E7D:30D4.0019: unknown main item tag 0x0 [ 474.246265][ T7758] arvo 0003:1E7D:30D4.0019: unknown main item tag 0x0 [ 474.257359][ T7758] arvo 0003:1E7D:30D4.0019: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.1-1/input0 [ 475.079900][ T29] audit: type=1400 audit(1734152714.083:6110): avc: denied { setopt } for pid=12008 comm="syz.0.1509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 476.373655][ T25] usb 2-1: USB disconnect, device number 32 [ 476.684060][ T29] audit: type=1400 audit(1734152715.713:6111): avc: denied { write } for pid=12025 comm="syz.0.1515" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 476.707506][ T29] audit: type=1400 audit(1734152715.713:6112): avc: denied { ioctl } for pid=12025 comm="syz.0.1515" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 476.732494][ C0] vkms_vblank_simulate: vblank timer overrun [ 477.463573][T12030] vlan2: entered promiscuous mode [ 477.468776][T12030] vlan2: entered allmulticast mode [ 477.913882][ T29] audit: type=1400 audit(1734152716.933:6113): avc: denied { getopt } for pid=12021 comm="syz.3.1513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 478.273245][ T29] audit: type=1326 audit(1734152717.303:6114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12048 comm="syz.2.1519" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f398cf85d19 code=0x0 [ 478.440011][ T5897] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 478.630158][ T5897] usb 5-1: Using ep0 maxpacket: 32 [ 478.873356][ T5897] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 478.909814][ T5897] usb 5-1: config 0 has no interfaces? [ 478.915684][ T5897] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 478.957464][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.160949][ T5897] usb 5-1: config 0 descriptor?? [ 479.180382][T12058] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1521'. [ 479.610893][ T5918] usb 5-1: USB disconnect, device number 42 [ 480.926862][T12069] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 480.997874][ T29] audit: type=1400 audit(1734152720.023:6115): avc: denied { create } for pid=12076 comm="syz.4.1528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 481.074156][ T29] audit: type=1400 audit(1734152720.053:6116): avc: denied { ioctl } for pid=12076 comm="syz.4.1528" path="socket:[31042]" dev="sockfs" ino=31042 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 481.099101][ C0] vkms_vblank_simulate: vblank timer overrun [ 481.501793][T12084] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 481.628310][ T7758] libceph: connect (1)[c::]:6789 error -101 [ 481.636508][ T7758] libceph: mon0 (1)[c::]:6789 connect error [ 481.948269][ T5898] libceph: connect (1)[c::]:6789 error -101 [ 481.959915][ T5898] libceph: mon0 (1)[c::]:6789 connect error [ 481.976078][T12087] ceph: No mds server is up or the cluster is laggy [ 482.579986][ T5897] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 482.643470][T12107] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1533'. [ 482.950791][T12109] macvlan2: entered promiscuous mode [ 483.009833][ T5897] usb 5-1: Using ep0 maxpacket: 32 [ 483.355036][ T5897] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 483.380044][ T5897] usb 5-1: config 0 has no interfaces? [ 483.414711][ T5897] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 483.424716][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.443666][ T5897] usb 5-1: config 0 descriptor?? [ 483.649829][ T5898] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 483.761376][ T7758] usb 5-1: USB disconnect, device number 43 [ 483.809855][ T5898] usb 2-1: Using ep0 maxpacket: 16 [ 483.823241][ T5898] usb 2-1: config 0 interface 0 altsetting 242 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 483.836838][ T5898] usb 2-1: config 0 interface 0 has no altsetting 0 [ 483.847274][ T5898] usb 2-1: New USB device found, idVendor=2040, idProduct=d364, bcdDevice=4e.5d [ 483.856589][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.865519][ T5898] usb 2-1: Product: syz [ 483.881281][ T5898] usb 2-1: Manufacturer: syz [ 483.896444][ T5898] usb 2-1: SerialNumber: syz [ 483.946245][ T5898] usb 2-1: config 0 descriptor?? [ 484.168876][ T7758] usb 2-1: USB disconnect, device number 33 [ 489.753085][T12196] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1563'. [ 490.240422][ T5898] libceph: connect (1)[c::]:6789 error -101 [ 490.325051][ T5898] libceph: mon0 (1)[c::]:6789 connect error [ 490.466053][T12196] ceph: No mds server is up or the cluster is laggy [ 490.548964][ T29] audit: type=1400 audit(1734152729.573:6117): avc: denied { bind } for pid=12204 comm="syz.3.1566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 490.574923][ T29] audit: type=1400 audit(1734152729.603:6118): avc: denied { listen } for pid=12204 comm="syz.3.1566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 490.594648][ T29] audit: type=1400 audit(1734152729.603:6119): avc: denied { accept } for pid=12204 comm="syz.3.1566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 490.886207][T12187] delete_channel: no stack [ 491.367810][ T5898] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 491.639918][ T5898] usb 1-1: Using ep0 maxpacket: 16 [ 491.662743][ T5898] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 491.674398][ T5898] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 491.865131][T12227] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 491.920956][ T5898] usb 1-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00 [ 492.040110][ T7758] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 492.051549][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.164692][ T5898] usb 1-1: config 0 descriptor?? [ 492.279753][ T7758] usb 4-1: Using ep0 maxpacket: 32 [ 492.288170][ T7758] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 492.310373][ T7758] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 492.321097][ T7758] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 492.350047][ T7758] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.418164][ T7758] usb 4-1: config 0 descriptor?? [ 492.471220][ T7758] hub 4-1:0.0: USB hub found [ 492.870362][ T7758] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 494.033183][ T5898] usb 1-1: USB disconnect, device number 28 [ 494.094061][T12245] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1574'. [ 494.273164][T12251] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1577'. [ 494.457278][ T5897] libceph: connect (1)[c::]:6789 error -101 [ 494.463433][ T5897] libceph: mon0 (1)[c::]:6789 connect error [ 494.731127][ T5918] libceph: connect (1)[c::]:6789 error -101 [ 494.738450][ T5918] libceph: mon0 (1)[c::]:6789 connect error [ 495.266683][ T5897] libceph: connect (1)[c::]:6789 error -101 [ 495.290415][ T5897] libceph: mon0 (1)[c::]:6789 connect error [ 495.312481][T12251] ceph: No mds server is up or the cluster is laggy [ 495.380580][ T7758] usbhid 4-1:0.0: can't add hid device: -71 [ 495.386583][ T7758] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 495.422868][ T7758] usb 4-1: USB disconnect, device number 25 [ 495.578097][T12268] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 497.117178][T12282] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1584'. [ 497.645707][ T29] audit: type=1400 audit(1734152736.243:6120): avc: denied { map } for pid=12286 comm="syz.0.1587" path="socket:[31718]" dev="sockfs" ino=31718 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 498.512321][T12302] netlink: 23192 bytes leftover after parsing attributes in process `syz.2.1591'. [ 499.084886][T12308] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1594'. [ 501.039161][T12304] ceph: No mds server is up or the cluster is laggy [ 501.360677][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.367202][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.170445][ T25] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 502.671106][ T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 502.682206][ T25] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 502.991159][ T25] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 503.081255][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 503.125495][ T25] usb 1-1: SerialNumber: syz [ 503.392208][ T25] usb 1-1: 0:2 : does not exist [ 503.397145][ T25] usb 1-1: unit 5: unexpected type 0x0a [ 503.425469][ T25] usb 1-1: USB disconnect, device number 29 [ 503.429859][ T5898] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 503.669891][ T5898] usb 2-1: Using ep0 maxpacket: 32 [ 503.681551][ T5898] usb 2-1: config 8 has an invalid interface number: 203 but max is 0 [ 503.693663][ T5898] usb 2-1: config 8 has no interface number 0 [ 503.700504][ T5898] usb 2-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023 [ 503.711023][ T5898] usb 2-1: config 8 interface 203 has no altsetting 0 [ 503.721652][ T5813] udevd[5813]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 503.748926][ T5898] usb 2-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 503.789038][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.809317][ T5898] usb 2-1: Product: syz [ 503.819450][ T5898] usb 2-1: Manufacturer: syz [ 503.846352][ T5898] usb 2-1: SerialNumber: syz [ 503.867517][T12349] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 504.867484][ T5898] port100 2-1:8.203: NFC: Could not find bulk-in or bulk-out endpoint [ 504.946294][ T5898] usb 2-1: USB disconnect, device number 34 [ 505.741076][T12375] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 506.388475][T12380] sctp: [Deprecated]: syz.0.1609 (pid 12380) Use of struct sctp_assoc_value in delayed_ack socket option. [ 506.388475][T12380] Use struct sctp_sack_info instead [ 506.709720][ T5918] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 506.879756][ T25] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 507.016891][T12392] binder: BINDER_SET_CONTEXT_MGR already set [ 507.046767][ T5918] usb 1-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98 [ 507.055204][T12392] binder: 12391:12392 ioctl 4018620d 20004a80 returned -16 [ 507.060406][ T5918] usb 1-1: New USB device strings: Mfr=0, Product=8, SerialNumber=0 [ 507.071201][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 507.078843][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 507.101068][ T5918] usb 1-1: Product: syz [ 507.110172][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 507.127969][ T5918] usb 1-1: config 0 descriptor?? [ 507.153893][ T5918] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 507.161734][ T25] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 507.239719][ T5918] ftdi_sio ttyUSB0: unknown device type: 0xc698 [ 507.246107][ T25] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 507.286551][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.335950][ T25] usb 2-1: config 0 descriptor?? [ 507.406906][T12395] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1615'. [ 507.410020][ T5866] usb 1-1: USB disconnect, device number 30 [ 507.506894][ T5866] ftdi_sio 1-1:0.0: device disconnected [ 507.767075][ T25] microsoft 0003:045E:07DA.001A: ignoring exceeding usage max [ 507.861025][ T25] microsoft 0003:045E:07DA.001A: No inputs registered, leaving [ 507.949589][ T25] microsoft 0003:045E:07DA.001A: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 507.961301][ T25] microsoft 0003:045E:07DA.001A: no inputs found [ 507.967721][ T25] microsoft 0003:045E:07DA.001A: could not initialize ff, continuing anyway [ 508.216364][ T5866] usb 2-1: USB disconnect, device number 35 [ 511.816030][T12432] bridge0: port 3(erspan0) entered blocking state [ 511.822878][T12432] bridge0: port 3(erspan0) entered disabled state [ 511.830075][T12432] erspan0: entered allmulticast mode [ 511.840314][T12432] erspan0: entered promiscuous mode [ 512.747506][T12418] hub 2-0:1.0: USB hub found [ 512.753144][T12418] hub 2-0:1.0: 1 port detected [ 512.768479][ T29] audit: type=1400 audit(1734152751.793:6121): avc: denied { getopt } for pid=12417 comm="syz.3.1622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 512.826514][ T29] audit: type=1400 audit(1734152751.853:6122): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 513.188634][T12442] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1627'. [ 513.219862][T12442] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1627'. [ 513.628036][ T29] audit: type=1400 audit(1734152752.653:6123): avc: denied { map } for pid=12447 comm="syz.4.1632" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 513.808799][ T29] audit: type=1400 audit(1734152752.683:6124): avc: denied { execute } for pid=12447 comm="syz.4.1632" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 514.665666][T12449] nullb0: AHDI p1 [ 515.362267][T12472] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 621.099585][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 621.106572][ C0] rcu: 1-...!: (1 GPs behind) idle=4dd4/0/0x1 softirq=42934/42934 fqs=0 [ 621.116270][ C0] rcu: (detected by 0, t=10502 jiffies, g=38689, q=560 ncpus=2) [ 621.124001][ C0] Sending NMI from CPU 0 to CPUs 1: [ 621.124031][ C1] NMI backtrace for cpu 1 [ 621.124043][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 621.124066][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 621.124077][ C1] RIP: 0010:__lock_acquire+0xb8a/0x3c40 [ 621.124104][ C1] Code: 89 c7 89 44 24 60 01 d8 c1 c7 04 89 44 24 58 89 7c 24 68 48 b8 00 00 00 00 00 fc ff df 48 8b 54 24 38 48 c1 ea 03 0f b6 04 02 <84> c0 74 08 3c 03 0f 8e 33 27 00 00 41 0f b7 47 20 66 25 ff 1f 66 [ 621.124122][ C1] RSP: 0018:ffffc90000a18b38 EFLAGS: 00000802 [ 621.124137][ C1] RAX: 0000000000000000 RBX: ffffffffffffffff RCX: ffffffff81767752 [ 621.124150][ C1] RDX: 1ffff11003ad9a70 RSI: 0000000000000008 RDI: 00000000ffffffff [ 621.124163][ C1] RBP: 000000000000004b R08: 0000000000000000 R09: fffffbfff2dc99c4 [ 621.124175][ C1] R10: ffffffff96e4ce27 R11: 0000000000000001 R12: 0000000000000002 [ 621.124186][ C1] R13: ffff88801d6cc880 R14: 0000000000000003 R15: ffff88801d6cd360 [ 621.124199][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 621.124217][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 621.124231][ C1] CR2: 0000000020032000 CR3: 000000000df7e000 CR4: 00000000003526f0 [ 621.124243][ C1] DR0: 0000000000100000 DR1: 0000000000000005 DR2: 0000000000000005 [ 621.124255][ C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 621.124267][ C1] Call Trace: [ 621.124273][ C1] [ 621.124281][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 621.124319][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 621.124338][ C1] ? nmi_handle+0x1ac/0x5d0 [ 621.124358][ C1] ? __lock_acquire+0xb8a/0x3c40 [ 621.124378][ C1] ? default_do_nmi+0x6a/0x160 [ 621.124406][ C1] ? exc_nmi+0x170/0x1e0 [ 621.124432][ C1] ? end_repeat_nmi+0xf/0x53 [ 621.124459][ C1] ? __lock_acquire+0xf32/0x3c40 [ 621.124479][ C1] ? __lock_acquire+0xb8a/0x3c40 [ 621.124499][ C1] ? __lock_acquire+0xb8a/0x3c40 [ 621.124520][ C1] ? __lock_acquire+0xb8a/0x3c40 [ 621.124539][ C1] [ 621.124545][ C1] [ 621.124556][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 621.124578][ C1] ? lock_acquire.part.0+0x11b/0x380 [ 621.124600][ C1] lock_acquire.part.0+0x11b/0x380 [ 621.124620][ C1] ? advance_sched+0xd8/0xc60 [ 621.124639][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 621.124661][ C1] ? rcu_is_watching+0x12/0xc0 [ 621.124685][ C1] ? trace_lock_acquire+0x14e/0x1f0 [ 621.124713][ C1] ? advance_sched+0xd8/0xc60 [ 621.124730][ C1] ? lock_acquire+0x2f/0xb0 [ 621.124748][ C1] ? advance_sched+0xd8/0xc60 [ 621.124766][ C1] ? __pfx_advance_sched+0x10/0x10 [ 621.124782][ C1] _raw_spin_lock+0x2e/0x40 [ 621.124799][ C1] ? advance_sched+0xd8/0xc60 [ 621.124815][ C1] advance_sched+0xd8/0xc60 [ 621.124834][ C1] ? timerqueue_del+0x83/0x150 [ 621.124861][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 621.124886][ C1] ? __pfx_advance_sched+0x10/0x10 [ 621.124903][ C1] __hrtimer_run_queues+0x20a/0xae0 [ 621.124932][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 621.124957][ C1] ? read_tsc+0x9/0x20 [ 621.124985][ C1] hrtimer_interrupt+0x392/0x8e0 [ 621.125015][ C1] __sysvec_apic_timer_interrupt+0x10f/0x400 [ 621.125038][ C1] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 621.125060][ C1] [ 621.125066][ C1] [ 621.125072][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 621.125098][ C1] RIP: 0010:acpi_safe_halt+0x1a/0x20 [ 621.125124][ C1] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 b8 95 da 74 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 48 27 b4 00 fb f4 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 621.125141][ C1] RSP: 0018:ffffc900001a7d58 EFLAGS: 00000246 [ 621.125156][ C1] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8b292679 [ 621.125168][ C1] RDX: 0000000000000001 RSI: ffff88801da97000 RDI: ffff88801da97064 [ 621.125180][ C1] RBP: ffff88801da97064 R08: 0000000000000001 R09: ffffed10170e6fed [ 621.125192][ C1] R10: ffff8880b8737f6b R11: 0000000000000000 R12: ffff888140fd0800 [ 621.125205][ C1] R13: ffffffff8ee14e20 R14: 0000000000000001 R15: 0000000000000000 [ 621.125220][ C1] ? ct_kernel_exit+0x139/0x190 [ 621.125244][ C1] acpi_idle_enter+0xc5/0x160 [ 621.125270][ C1] cpuidle_enter_state+0xaa/0x4f0 [ 621.125299][ C1] ? __pfx_tsc_verify_tsc_adjust+0x10/0x10 [ 621.125320][ C1] cpuidle_enter+0x4e/0xa0 [ 621.125347][ C1] do_idle+0x310/0x3f0 [ 621.125366][ C1] ? __pfx_do_idle+0x10/0x10 [ 621.125388][ C1] cpu_startup_entry+0x4f/0x60 [ 621.125407][ C1] start_secondary+0x222/0x2b0 [ 621.125435][ C1] ? __pfx_start_secondary+0x10/0x10 [ 621.125465][ C1] common_startup_64+0x13e/0x148 [ 621.125493][ C1] [ 621.126029][ C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g38689 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 621.595198][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 621.605163][ C0] rcu: RCU grace-period kthread stack dump: [ 621.611041][ C0] task:rcu_preempt state:R running task stack:26464 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 621.622813][ C0] Call Trace: [ 621.626086][ C0] [ 621.629033][ C0] __schedule+0xe58/0x5ad0 [ 621.633471][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 621.638709][ C0] ? __pfx___schedule+0x10/0x10 [ 621.643572][ C0] ? schedule+0x298/0x350 [ 621.647917][ C0] ? __pfx_lock_release+0x10/0x10 [ 621.652958][ C0] ? lock_acquire+0x2f/0xb0 [ 621.657465][ C0] ? schedule+0x1fd/0x350 [ 621.661807][ C0] schedule+0xe7/0x350 [ 621.665886][ C0] schedule_timeout+0x124/0x280 [ 621.670759][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 621.676146][ C0] ? __pfx_process_timeout+0x10/0x10 [ 621.681451][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 621.687279][ C0] ? prepare_to_swait_event+0xf3/0x470 [ 621.692761][ C0] rcu_gp_fqs_loop+0x1eb/0xb00 [ 621.697550][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 621.702847][ C0] ? rcu_gp_init+0xc82/0x1630 [ 621.707534][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 621.712751][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 621.718569][ C0] rcu_gp_kthread+0x271/0x380 [ 621.723261][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 621.728468][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 621.733687][ C0] ? __kthread_parkme+0x148/0x220 [ 621.738731][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 621.743937][ C0] kthread+0x2c1/0x3a0 [ 621.748014][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 621.753233][ C0] ? __pfx_kthread+0x10/0x10 [ 621.757854][ C0] ret_from_fork+0x45/0x80 [ 621.762281][ C0] ? __pfx_kthread+0x10/0x10 [ 621.766881][ C0] ret_from_fork_asm+0x1a/0x30 [ 621.771670][ C0] [ 621.774684][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 621.781000][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 [ 621.791329][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 621.801396][ C0] RIP: 0010:acpi_safe_halt+0x1a/0x20 [ 621.806700][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 b8 95 da 74 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 48 27 b4 00 fb f4 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 621.826312][ C0] RSP: 0018:ffffffff8de07d70 EFLAGS: 00000246 [ 621.832384][ C0] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8b292679 [ 621.840356][ C0] RDX: 0000000000000001 RSI: ffff88801da96800 RDI: ffff88801da96864 [ 621.848328][ C0] RBP: ffff88801da96864 R08: 0000000000000001 R09: ffffed10170c6fed [ 621.856301][ C0] R10: ffff8880b8637f6b R11: 0000000000000000 R12: ffff8881472b1800 [ 621.864269][ C0] R13: ffffffff8ee14e20 R14: 0000000000000000 R15: 0000000000000000 [ 621.872250][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 621.881187][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 621.887775][ C0] CR2: 000000110c30ed91 CR3: 0000000035a6e000 CR4: 00000000003526f0 [ 621.895752][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 621.903726][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 621.911697][ C0] Call Trace: [ 621.914982][ C0] [ 621.917839][ C0] ? rcu_check_gp_kthread_starvation+0x31b/0x450 [ 621.924192][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 621.929407][ C0] ? rcu_sched_clock_irq+0x247a/0x3310 [ 621.934890][ C0] ? timekeeping_advance+0x72e/0xa90 [ 621.940183][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 621.945829][ C0] ? __asan_memcpy+0x3c/0x60 [ 621.950433][ C0] ? rcu_is_watching+0x12/0xc0 [ 621.955215][ C0] ? update_process_times+0x178/0x2d0 [ 621.960594][ C0] ? __pfx_update_process_times+0x10/0x10 [ 621.966318][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 621.971786][ C0] ? update_wall_time+0x1c/0x40 [ 621.976641][ C0] ? tick_nohz_handler+0x376/0x530 [ 621.981763][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 621.987232][ C0] ? __hrtimer_run_queues+0x5fb/0xae0 [ 621.992620][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 621.998345][ C0] ? read_tsc+0x9/0x20 [ 622.002433][ C0] ? hrtimer_interrupt+0x392/0x8e0 [ 622.007569][ C0] ? __sysvec_apic_timer_interrupt+0x10f/0x400 [ 622.013730][ C0] ? sysvec_apic_timer_interrupt+0x9f/0xc0 [ 622.019538][ C0] [ 622.022465][ C0] [ 622.025396][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 622.031562][ C0] ? ct_kernel_exit+0x139/0x190 [ 622.036419][ C0] ? acpi_safe_halt+0x1a/0x20 [ 622.041110][ C0] acpi_idle_enter+0xc5/0x160 [ 622.045798][ C0] cpuidle_enter_state+0xaa/0x4f0 [ 622.050848][ C0] ? __pfx_tsc_verify_tsc_adjust+0x10/0x10 [ 622.056666][ C0] cpuidle_enter+0x4e/0xa0 [ 622.061094][ C0] do_idle+0x310/0x3f0 [ 622.065172][ C0] ? __pfx_do_idle+0x10/0x10 [ 622.069769][ C0] ? do_idle+0x4/0x3f0 [ 622.073842][ C0] cpu_startup_entry+0x4f/0x60 [ 622.078609][ C0] rest_init+0x16b/0x2b0 [ 622.082859][ C0] ? acpi_subsystem_init+0x133/0x180 [ 622.088159][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 622.093715][ C0] start_kernel+0x3e4/0x4d0 [ 622.098244][ C0] x86_64_start_reservations+0x18/0x30 [ 622.103723][ C0] x86_64_start_kernel+0xb2/0xc0 [ 622.108679][ C0] common_startup_64+0x13e/0x148 [ 622.113659][ C0] [ 622.117050][ C0] vkms_vblank_simulate: vblank timer overrun