last executing test programs: 15.185076324s ago: executing program 1 (id=8563): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000010000008500000086000000bf91000000000000b7020000000000008500000085000000b70000000000"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x0, 0x10, 0x0, 0x0, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) kcmp(r0, r0, 0x5, r1, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/udp\x00') pread64(r4, &(0x7f000001a240)=""/102400, 0x19000, 0x0) r5 = dup(0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x2, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) socket$nl_generic(0x10, 0x3, 0x10) 15.152933242s ago: executing program 2 (id=8564): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000), 0x4) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x82, &(0x7f0000000040)=@assoc_value, &(0x7f00000000c0)=0x8) (async, rerun: 32) ftruncate(0xffffffffffffffff, 0x0) (async, rerun: 32) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 32) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0) (async, rerun: 32) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000080)={0x41}, 0x10) (async) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000180)=@name={0x1e, 0x2, 0x0, {{0x41}, 0x2}}, 0x10) (async) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = dup(0xffffffffffffffff) ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000000000001000080"]) (async) ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f00000007c0)=ANY=[@ANYBLOB="3b00000000000000410101c0"]) (async) bind$tipc(r3, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x0, 0x10000}}, 0x10) r7 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000000)={0x41}, 0x10) (async, rerun: 32) bind$tipc(r2, 0x0, 0x0) (rerun: 32) ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000080)) (async) syz_io_uring_setup(0xee8, &(0x7f0000000280), &(0x7f00000001c0)=0x0, 0x0) syz_io_uring_submit(r8, 0x0, 0x0) r9 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) (async) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) (async) dup3(0xffffffffffffffff, r9, 0x0) 10.732566714s ago: executing program 0 (id=8565): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000580)={'#! ', './file0', [], 0xa, "2f7e9dcaf1ff52fe628549e7cbdb0770645bcca46a4cea4efcf407a03fd19b5a728c88f69945e43d2573919b045cf914bf677581cac47ad2e832916cdc716b3a192eadc71b636c53308a7c19f479277c49b3e025da82bd0fb3af1a0d62f70c3a2b241d51e09dea8954c628695ecc70a63c331221acc58c105801e5dd57379c51670afd3cbc1215e29eb4235040143828b66638870cfa3e65d3a1c590075a637530c320a6f49939c8e4beb8f9ffffffffffffff0035c8"}, 0xc1) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a40000002300000095"], &(0x7f0000000240)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) bpf$MAP_CREATE(0x300, &(0x7f00000000c0), 0x48) 10.660506408s ago: executing program 2 (id=8566): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e0009"], 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000140), 0x10001, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f15852313560608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"}) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="1f769a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) r2 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000080)='d', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) syz_open_dev$loop(0x0, 0x75f, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r5, 0x11af, 0xdfd2, 0x1, 0x0, 0x0) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) shutdown(r3, 0x1) recvmmsg(r3, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @hyper}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00'}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000100)=0x4, 0x8) syz_emit_vhci(0x0, 0x9) 10.528720931s ago: executing program 0 (id=8567): syz_usb_connect$hid(0x0, 0x49, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d34, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000016c0)={0x1, &(0x7f0000001680)=[{0x6}]}) openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x40000000, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)=0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) timer_settime(r7, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {r8, r9+60000000}}, 0x0) ioctl$TCSETSF(r5, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "7a58beca39ed2d5a99bbc4bff0ebd3e9bd5a8e"}) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0xe8c}, 0x2d, 0xfffffffffffffff9) r10 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$read(0xb, r10, &(0x7f0000000240)=""/112, 0x349b7f55) syz_emit_ethernet(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580000000002000000000000000000000000000010000180f70002800500010000000000300003801700018014000300fc000000000000000000000011000000140004"], 0x58}}, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x101, 0x2) 10.174419175s ago: executing program 3 (id=8568): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) syz_open_dev$vim2m(&(0x7f0000000140), 0x7, 0x2) prctl$PR_MCE_KILL(0x35, 0x1, 0x4) getpid() openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000140), 0x9) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) 9.556519371s ago: executing program 1 (id=8571): setitimer(0x0, &(0x7f0000000580)={{}, {0x6}}, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) mkdir(&(0x7f0000000140)='./control\x00', 0x0) close(r0) r1 = inotify_init1(0x0) fcntl$setstatus(r0, 0x4, 0x2c00) r2 = gettid() fcntl$setown(r0, 0x8, r2) fcntl$setsig(r1, 0xa, 0xe) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r3}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x20, 0xd, &(0x7f0000000500)=ANY=[@ANYRES32=r1, @ANYRES8=r2], &(0x7f0000000040)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r3, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r6 = syz_open_dev$evdev(&(0x7f0000000240), 0x0, 0x410442) ioctl$EVIOCGLED(r6, 0x80284504, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="fb", 0x1}], 0x1}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x0) quotactl$Q_SETQUOTA(0xffffffff80000802, &(0x7f0000000080)=@filename='./control\x00', 0x0, &(0x7f00000002c0)={0x7, 0x20, 0x3ff, 0x100000000, 0x8, 0x2, 0x2, 0x1, 0x8000}) rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8) inotify_add_watch(r1, &(0x7f00000003c0)='./control\x00', 0xa7000970) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$team(&(0x7f0000000c80), 0xffffffffffffffff) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000200)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_PORT_LIST_GET(r7, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000000400)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYRES64=r5, @ANYRES32=r10, @ANYBLOB="04000280", @ANYRESDEC, @ANYRESDEC=r1], 0x20}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@bloom_filter={0x1e, 0x81, 0x1, 0x1ff, 0x201, r3, 0x59, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, 0xa}, 0x48) rmdir(&(0x7f0000000540)='./control\x00') 9.150325914s ago: executing program 1 (id=8573): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000140)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000000240)={r2, 0x0, 0x0, 0x0, 0x0}) 9.023737435s ago: executing program 1 (id=8574): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (fail_nth: 5) 8.516479866s ago: executing program 1 (id=8575): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000440)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x2c, 0x0, "6970db5e1a5e59ab54053861b182c1aa5bfa09d21b699379ab04eb29ee95bfd4aa2e83662eefcca878e3677208de36650006bfdf10d35ddf3148573cbc274287f6f94c55fc2a25f51f91b69e87873ea1"}, 0xd8) r2 = socket$packet(0x11, 0x3, 0x300) r3 = syz_open_dev$loop(&(0x7f0000000180), 0x0, 0x0) ioctl$LOOP_SET_FD(r3, 0x4c00, 0xffffffffffffffff) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000780)="d80000001a0081074e81f782db4cb9040a1d0800fe007c05e8fe55a115001c000200142603600e12080005007a010401a800160020001d400d000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0) ioctl$sock_proto_private(r2, 0x89ee, &(0x7f00000001c0)="944b53671a56fe815931169b5777dbfba6a03d4f19cd02cc5b2514d75d0c1592d58c32772b6140b3d3b2166e67730916aa593d2e93eaeae3a34244cda6d12662b15a66cd4df35973c4d7bcdbf8bfede4d29e5af3065b2a6f3653222e6b57b8ba37bfa2be54eb47023c399728d9f251324ae5d875ab6d1f543ff21b808072d53769015ef96bc1655d3b0792328539ef9ac07b63eae55e4029edb09b64fd023daa29") r5 = socket$kcm(0x10, 0x3, 0x10) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2, {0x1}}, './file0\x00'}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {}, [{0x84, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_SKBMARK={0x8}]}]}, {0x4}, {0xc}, {0xfffffffffffffeba}}}]}]}, 0x98}}, 0x0) io_submit(0x0, 0x7, &(0x7f0000000740)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x2, r5, &(0x7f0000000280)="1bdedcd110da9346c17d847d602e45dee630a0d4ad9b043715df65f05a26bb935938d4840cd19f23b866096fd49fecacce69253f6a77e5be25ea7512dba432cef041295ccd96344b02d73d0cd1d96b36e140aead51e21aaa5814f92031", 0x5d, 0x0, 0x0, 0x1}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0xb, 0x3, 0xffffffffffffffff, &(0x7f0000000340)="63a3acd15a89738c2a80faa1912ffe5e1048f208645e090f1f5259013ba6d67463a80c0bd5e2e089bdc3a6f42af6", 0x2e, 0x9, 0x0, 0x2, r6}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x6, r3, &(0x7f00000003c0)="156f565faf6d454f8ba2cba9c1a228b320e91508bc305552bb1aa9286727e51a8498ffeee4fc56cfd5a54e2120438ba762d18afaf023fc20c341b4304df34051ccbb1761214e4397775d8f4590b41dfe68a01d7b0c57b76aa9be0f45a4754954dc488942a3a155d51a8b93eb5aed1763ae6fb41a9053234687b2909bcf87c197", 0x80, 0x200, 0x0, 0x2}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x1ff, r6, &(0x7f0000000480)="03dd7408c9164eb9013807333f9cd29f32f788c51196f731707f1dd87ac2ceefbaf1a3ff452b4fe315d318e7ed81cb1a9d599901bedfc8936585a5627e28d439ddd5b82ddd571a090cc4c14c838d7c4bc4c331ce5866dddbfba6465ae18c0e414c1d8081b32543a362252cb8d20e0b3aee560f2c368037759dbbd5a63f2cf3b50d8d1dda2a68c1676f84bdf24c8e124786e8f0298270d799fb9d67f6ca2616f2f4985fca49a28002e1c34fbb6610ad86", 0xb0, 0x8, 0x0, 0x1, r6}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x7, 0x2, r7, &(0x7f0000000580)="510189ce21d316aab3134873a4b0e29cb73a6d0042594a8eb8a3253ddc7b97bf6a7bbe2b1e91f3b225503617b31e4e05a67ac8bc136373c50cc937616eaa19a15a364c6e988883a78ffe5e4f21f6ba4c07185ba1f1ed3cdaefb7", 0x5a, 0x2, 0x0, 0x4, r6}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x1a67, r4, &(0x7f0000000640)="c7b729e9935a2916770354a6c4993102463ee9c6866ba78c4d322684526cbe56e4c6b58b211d75764dcd9c0abf57dfd06319b4d481fc00b58b", 0x39, 0x7, 0x0, 0x1, r6}, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x8, 0x101, r2, &(0x7f0000000880)="1c144d48be0f469f8c2f71341f17b6e79fc5d74788389eb185617d43198af01a7689dce6a55d9aeecaea048c77fb0fbafa198ec7fc397521e0d98d62379d7433bb5b47d6fec62d6637e5890b93b3306d64ba0cd8bb322951e7596970c9ff4e305364fab12f5f53f32caab5e66839c1209f92d60e2fd4048380b3ee789e1965ffb019d251949a947337f5ab98536785209f8a9d7951e695ecfe7207708546be7d21fe548b17b87c28c7dbe0df76cd8d52307dde3e685818c28c170145edf2", 0xbe, 0x3, 0x0, 0x3}]) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f00000009c0)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r8, 0xc0182101, &(0x7f0000000200)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000180)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r8, 0x40182103, &(0x7f0000000240)={r9, 0x1, r8, 0x3, 0x80000}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r8, 0x40082102, &(0x7f0000000080)=r9) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r8, 0xc0182101, &(0x7f0000000580)) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000100)={0x0, 0x3, r0, 0x99ed, 0x80000}) 7.424775746s ago: executing program 1 (id=8577): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58) socket$inet6(0xa, 0x2, 0x0) syz_open_dev$radio(0x0, 0x1, 0x2) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100), 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioperm(0x0, 0xbcf5, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) syz_open_dev$MSR(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='blkio.throttle.io_serviced\x00', 0x0, 0x0) timerfd_gettime(r3, &(0x7f0000000340)) r4 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$alg(r4, 0x0, 0x0, 0x0) memfd_create(&(0x7f0000000040)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xa1\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?$^\xe1Ob\xe1YV\xeb\x91\x83;\xeb\xf1\xd0\xce\xe5\x19T\xff\x01\x00\x00\xe2\xb8\xd9\xae\xcf>/\x05\x00\x00\x00\x15\x00\xbe`\'\xcb\xb6\xaf\xe4h\xfc\x14\x06\xb5\x03\x8a\xc40\xbe\xe3\x93A\x15\xec\xdb\xaa\t9\x11A\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfc\x00\xe3\xde\x00\x00\xa8\xcbo\x90\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x16\xdf\xb9q\xb6^r\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3U\xe6\xa9B\n\xc9%\x82\xed#?\xab\x1c\x11\x00\xc5\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x14M\x8b\xd0\xc0\xb8E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5\x00\x00\x00D~\xc9=\x95\xd4\x18\x97J\x1d\xb7\x11\xcbcE\x0eAU\xe6\x19*\x98}!\xde\xf1\xd3\xf7\x84\x9c\xb4\xf1\x17\xf9-\xc6\xba\xe3\xa8oz\b\xfe\xbc\x1b\xff$\xac=\xf2V**\x8f\x84Oq\xe3\xa16\x1d{f\x91\xbbBORJ\xbcm\xfb\xb0Q\x1c\xd9\x1bg\xf5\xc9p\xc5lo\x90\xb0\xd5\x90\x86\x19\xafC\xee7\x91O)\xf1\xf0\x00\x00\x00\x00\x00\x00\x00\x05t\v\x12\x03\xf5hRQ\b\x97\xc3d-\xfb\x12\x1e\xb2\xce\x9br*M\x10\xd5g\fwx\xb8\xa9\t\xc5\xf9W\x9b\x06\xcc\xa0\x1a\x03\v\x14n7\x92{\x8bH\x9d\x95\xe31\xf4hy\xf6%\xcdC\x9cT\xec57\xbd\xd5\x81\xd9\x13\xee\xdf\xef\xf3\x17H\xd2\xe3k\xe0\xe3^y\xe3\xbb(fEt\x15\xeb/\x90\xca\xde\x189\xdfN 7}|\xa8 2\xd9;\xfa\xeayZS\x10.\x8b,\xd0\x02J\xf8>\xe9\xf0\r\xc2A\xc8q\x89\"+\xa6\xa9^E94\x01\xb5\xba]\xa8\xe9\x86\xea\xe5\xbaH\x11\x8fLLJ(\xfb\x96\x15\xbb\a\xcbj\x1b\xfdL\x88\xbf\xd7\x00\x00\x00\x00\x00t\xdd\xe7z\x87N\x9a\xd1\xe8\xe6\xe5\xa5\rz\\ljD\x19|\x84\x90\xaa\x91\x93\xc7\xdf\xd2\xe9h', 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080), 0x10) recvmmsg(r4, &(0x7f0000002ac0)=[{{0x0, 0x0, &(0x7f0000002940)=[{&(0x7f0000001600)=""/137, 0x89}], 0x1}}], 0x40000a4, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) r5 = socket(0x0, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) signalfd(0xffffffffffffffff, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x10, 0xffffffffffffffff, 0x0) 7.320717855s ago: executing program 0 (id=8578): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4dd086d0492082a6d0000000109021b0001000000000904"], 0x0) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000100070000000900020073797a300000000014000780050015000000000008001240000000000d000300686173683a6e657400000000050005000a000000050004"], 0x5c}}, 0x0) (async, rerun: 64) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x28, 0x3, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) (rerun: 64) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000000)=ANY=[@ANYRES8=r0, @ANYRES8=r0, @ANYRES32=r0, @ANYRES16=r1, @ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io(r0, 0x0, 0x0) r2 = socket(0x840000000002, 0x3, 0x100) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r2, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x17, 0x0, 0x0) (async) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) (rerun: 32) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) (async, rerun: 64) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0x81) (async, rerun: 64) r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_SECURITY_LEVEL(r4, 0x0, 0x2, 0x0, &(0x7f0000000240)) (async) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async, rerun: 32) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000900)={0x44, &(0x7f0000000700), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32) syz_usb_control_io$uac1(r0, 0x0, 0x0) 6.862071954s ago: executing program 2 (id=8579): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) r4 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r4, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x11}}}, 0x1e) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$pptp(r4, &(0x7f0000000040)={0x18, 0x2, {0x0, @multicast1}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r5, 0x40047438, &(0x7f0000000180)=""/246) writev(r5, &(0x7f0000000680)=[{&(0x7f00000002c0)="2614", 0xf00}], 0x1) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r6, 0x40305839, &(0x7f0000000000)={0x0, 0x0, 0xefff, 0xfa64}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a0"], &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffe85) 6.744558283s ago: executing program 3 (id=8580): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2, 0x4, 0x0, 0x9}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x4, 0x4, 0x3}, 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0x7, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018100000", @ANYRES32=r1, @ANYBLOB="000000000000000018100000", @ANYRES32=r2, @ANYBLOB="000000000000000095"], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r3, 0xe0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 6.692538655s ago: executing program 0 (id=8581): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000010000008500000086000000bf91000000000000b7020000000000008500000085000000b70000000000"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x0, 0x10, 0x0, 0x0, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) kcmp(r0, r0, 0x5, r1, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/udp\x00') pread64(r4, &(0x7f000001a240)=""/102400, 0x19000, 0x0) r5 = dup(0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x2, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) socket$nl_generic(0x10, 0x3, 0x10) 4.728561663s ago: executing program 3 (id=8584): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000140)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000000240)={r2, 0x0, 0x0, 0x0, 0x0}) 3.964662369s ago: executing program 3 (id=8586): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0, r3}, 0x10) fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f00000003c0)=ANY=[], 0x8) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r4, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f00000000c0)="8252", 0x2}, {&(0x7f00000002c0)="df91", 0x2}], 0x2}}], 0x1, 0x4000c000) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/tty/drivers\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f0000004280)={0x2020}, 0x2020) preadv2(r5, &(0x7f0000000180)=[{&(0x7f0000000080)=""/67, 0x43}], 0x1, 0x0, 0x0, 0x0) read$FUSE(r5, &(0x7f00000062c0)={0x2020}, 0x2020) sendto$inet6(r4, &(0x7f0000000300), 0x4, 0x0, 0x0, 0xfffffffffffffdfd) epoll_create1(0x0) epoll_create(0x1ff) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x200000000000, 0x8000000000000000, 0x3, 0x0, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) 3.919297283s ago: executing program 4 (id=8587): sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r0 = socket$igmp6(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'macvlan1\x00', 0x0}) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000300)={0x1, 0x0, 0x0, r1}, 0xc) setsockopt$MRT6_DEL_MIF(r0, 0x29, 0x14, &(0x7f0000000000)={0x0, 0x0, 0x0, r1}, 0xc) 2.876343342s ago: executing program 4 (id=8588): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000440)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x2c, 0x0, "6970db5e1a5e59ab54053861b182c1aa5bfa09d21b699379ab04eb29ee95bfd4aa2e83662eefcca878e3677208de36650006bfdf10d35ddf3148573cbc274287f6f94c55fc2a25f51f91b69e87873ea1"}, 0xd8) r2 = socket$packet(0x11, 0x3, 0x300) r3 = syz_open_dev$loop(&(0x7f0000000180), 0x0, 0x0) ioctl$LOOP_SET_FD(r3, 0x4c00, 0xffffffffffffffff) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000780)="d80000001a0081074e81f782db4cb9040a1d0800fe007c05e8fe55a115001c000200142603600e12080005007a010401a800160020001d400d000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0) ioctl$sock_proto_private(r2, 0x89ee, &(0x7f00000001c0)="944b53671a56fe815931169b5777dbfba6a03d4f19cd02cc5b2514d75d0c1592d58c32772b6140b3d3b2166e67730916aa593d2e93eaeae3a34244cda6d12662b15a66cd4df35973c4d7bcdbf8bfede4d29e5af3065b2a6f3653222e6b57b8ba37bfa2be54eb47023c399728d9f251324ae5d875ab6d1f543ff21b808072d53769015ef96bc1655d3b0792328539ef9ac07b63eae55e4029edb09b64fd023daa29") r5 = socket$kcm(0x10, 0x3, 0x10) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2, {0x1}}, './file0\x00'}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {}, [{0x84, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_SKBMARK={0x8}]}]}, {0x4}, {0xc}, {0xfffffffffffffeba}}}]}]}, 0x98}}, 0x0) io_submit(0x0, 0x7, &(0x7f0000000740)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x2, r5, &(0x7f0000000280)="1bdedcd110da9346c17d847d602e45dee630a0d4ad9b043715df65f05a26bb935938d4840cd19f23b866096fd49fecacce69253f6a77e5be25ea7512dba432cef041295ccd96344b02d73d0cd1d96b36e140aead51e21aaa5814f92031", 0x5d, 0x0, 0x0, 0x1}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0xb, 0x3, 0xffffffffffffffff, &(0x7f0000000340)="63a3acd15a89738c2a80faa1912ffe5e1048f208645e090f1f5259013ba6d67463a80c0bd5e2e089bdc3a6f42af6", 0x2e, 0x9, 0x0, 0x2, r6}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x6, r3, &(0x7f00000003c0)="156f565faf6d454f8ba2cba9c1a228b320e91508bc305552bb1aa9286727e51a8498ffeee4fc56cfd5a54e2120438ba762d18afaf023fc20c341b4304df34051ccbb1761214e4397775d8f4590b41dfe68a01d7b0c57b76aa9be0f45a4754954dc488942a3a155d51a8b93eb5aed1763ae6fb41a9053234687b2909bcf87c197", 0x80, 0x200, 0x0, 0x2}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x1ff, r6, &(0x7f0000000480)="03dd7408c9164eb9013807333f9cd29f32f788c51196f731707f1dd87ac2ceefbaf1a3ff452b4fe315d318e7ed81cb1a9d599901bedfc8936585a5627e28d439ddd5b82ddd571a090cc4c14c838d7c4bc4c331ce5866dddbfba6465ae18c0e414c1d8081b32543a362252cb8d20e0b3aee560f2c368037759dbbd5a63f2cf3b50d8d1dda2a68c1676f84bdf24c8e124786e8f0298270d799fb9d67f6ca2616f2f4985fca49a28002e1c34fbb6610ad86", 0xb0, 0x8, 0x0, 0x1, r6}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x7, 0x2, r7, &(0x7f0000000580)="510189ce21d316aab3134873a4b0e29cb73a6d0042594a8eb8a3253ddc7b97bf6a7bbe2b1e91f3b225503617b31e4e05a67ac8bc136373c50cc937616eaa19a15a364c6e988883a78ffe5e4f21f6ba4c07185ba1f1ed3cdaefb7", 0x5a, 0x2, 0x0, 0x4, r6}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x1a67, r4, &(0x7f0000000640)="c7b729e9935a2916770354a6c4993102463ee9c6866ba78c4d322684526cbe56e4c6b58b211d75764dcd9c0abf57dfd06319b4d481fc00b58b", 0x39, 0x7, 0x0, 0x1, r6}, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x8, 0x101, r2, &(0x7f0000000880)="1c144d48be0f469f8c2f71341f17b6e79fc5d74788389eb185617d43198af01a7689dce6a55d9aeecaea048c77fb0fbafa198ec7fc397521e0d98d62379d7433bb5b47d6fec62d6637e5890b93b3306d64ba0cd8bb322951e7596970c9ff4e305364fab12f5f53f32caab5e66839c1209f92d60e2fd4048380b3ee789e1965ffb019d251949a947337f5ab98536785209f8a9d7951e695ecfe7207708546be7d21fe548b17b87c28c7dbe0df76cd8d52307dde3e685818c28c170145edf2", 0xbe, 0x3, 0x0, 0x3}]) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f00000009c0)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r8, 0xc0182101, &(0x7f0000000200)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000180)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r8, 0x40182103, &(0x7f0000000240)={r9, 0x1, r8, 0x3, 0x80000}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r8, 0x40082102, &(0x7f0000000080)=r9) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r8, 0xc0182101, &(0x7f0000000580)) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000100)={0x0, 0x3, r0, 0x99ed, 0x80000}) 2.549990952s ago: executing program 3 (id=8589): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0) ioctl$SNDCTL_DSP_GETISPACE(r0, 0x541b, &(0x7f00000001c0)) 2.222963951s ago: executing program 3 (id=8590): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) syz_open_dev$vim2m(&(0x7f0000000140), 0x7, 0x2) prctl$PR_MCE_KILL(0x35, 0x1, 0x4) getpid() openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000140), 0x9) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) 1.969409991s ago: executing program 2 (id=8591): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000000)='./file0\x00') chroot(&(0x7f00000001c0)='./file0/../file0/../file0\x00') umount2(&(0x7f0000000240)='./file0/../file0/../file0\x00', 0x9) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x2, &(0x7f0000000240)=[{0x3c}, {0x6, 0x8}]}) r1 = syz_io_uring_setup(0x46bb, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000040), &(0x7f0000000140)) io_uring_enter(r1, 0x2918, 0x5478, 0x14, 0x0, 0x0) 1.365216199s ago: executing program 4 (id=8592): write$smackfs_access(0xffffffffffffffff, &(0x7f0000000300)={'\'mackfstransmute', 0x20, '.@[$).,', 0x20, 'wal'}, 0x1d) 1.252714286s ago: executing program 4 (id=8593): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) socket$inet6_dccp(0xa, 0x6, 0x0) r0 = socket(0x1e, 0x5, 0x0) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000000), 0x4) 1.225510446s ago: executing program 0 (id=8594): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x4) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{}]}) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(r1, 0x84, 0x81, &(0x7f0000000080)=""/4096, &(0x7f0000001080)=0x1000) accept(r0, &(0x7f0000000080)=@can, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0xd, &(0x7f0000000000)="0200f7ff08801d00", 0x8) r3 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0) r4 = accept$packet(0xffffffffffffffff, 0x0, 0x0) setsockopt$packet_fanout_data(r4, 0x107, 0x16, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc2001}]}) r5 = fanotify_init(0x0, 0x0) fchmod(r5, 0x0) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r6, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) ioctl$CEC_ADAP_S_PHYS_ADDR(r3, 0x40026102, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x9, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b40000000000000069113600000000b5c9a02a93c5067872ce0005000000000000009500740000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x27}, 0x90) r7 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000001540), 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) ioctl$PTP_SYS_OFFSET_PRECISE(r7, 0xc0403d08, 0x0) r8 = socket$kcm(0x29, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000001500)={'bridge_slave_0\x00', &(0x7f0000001400)=@ethtool_drvinfo={0x3, "a2a759c787538673bbe73db44acb7f55589eccd01d9cf630b3a438c7e7d47f38", "5b6fb27071be33f21c14d86d660ea66695829ab19603f8b14e2b9cd0877922a6", "dc77f478bb111f07afe5c36b1f985450ee0a442f3f61147f180e070f5891c27b", "8d4d55b71d650608c443dc78771f8621a1080f950b836887637ae10538ecf2b2", "b144faa62ddb0be27cdeb270146561a9ff8fed539e811ddd2ac5213c6ff51e1b", "8130f62a8fa0562aa7d1ea59"}}) 1.179305512s ago: executing program 4 (id=8595): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async, rerun: 64) r0 = getpid() (rerun: 64) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) (async) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x15, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="b700000000000000070000000900000095000000000000001e5286574356940658273ad1326fc65be4b1037a74cfb5af100fc4e94d123d9b22a7561b8850821bc1f80000a3e3b79b0d96030000000000000004bfffe68fe46421a161eedd1a5cee316f68f7617859f06c8efd5da6abe446649c322209b1af93c6c999058168ad0a70992124d19c7c9cc22ff9a6b9a058363dd6039ab938480e8697f8715bcb18e1fd077390947ba783148e0e7b604a6c47b33c43a3ffff92ec8bbde1af40f29cfcf0836a70a2f6b1192abdf24ca363492393e1c2a3b190180c6b74c38cae7761f7f2530320bdcc7cbd97aefd846ac8f823402eea2bdeaf5e99514e64e36cad5eba82010b2d149aa72e5f070000000000000000000000002904000000003a4a01000100f0e0dbb9821d9c5402474d5866ce5eb60188d83ac741b45aeacac594cf09de9b460f48b96ae8a0ee478e46c8ca3e4c5d2b3cb4ad480100000000000000dcbf36b7e8be59ca4b46266cf75bea8a22ab71895d954dc6d28864144c73391770690a9301cbe97565d5000000000000000455355d5d55f551df82ea475a3e1ec56d000000008a3426574f4730d0fbec5b005ebb633b29ee04d6657ce7478d67cac87fdd75f3461b34a96b1b8d2434e00c488337a6a7ae59a0ba01c12809c5a0b5b80c05a5f7eac3604cb21d779f46993a29525325498f2de711c92588fcc183d26f25386e22b236d1e4b5c1289890edebe32d17159217a960051b9a274473c836cfa41a673f5f63ed6dc6bdea0796d12b15bec79a75b7da9574893726a6e65c5009ec8d4b533e46a9694853deed3969fe2d6a7b8a7cf38ecd3b9cb369051efddc89bcc3f4b558f4aabf7afd"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195}, 0x48) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x34, &(0x7f00000000c0)=r1, 0x4) (async) mkdir(0x0, 0x0) (async, rerun: 64) r3 = socket$isdn(0x22, 0x3, 0x3) (rerun: 64) ioctl$IMCLEAR_L2(r3, 0x80044946, &(0x7f0000000080)=0x6) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) (async) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x7c}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x90) 815.569621ms ago: executing program 2 (id=8596): r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_DIRTYFB(r0, 0xc01864b1, &(0x7f0000000240)={r1, 0x0, 0x0, 0x0, 0x0}) 480.458058ms ago: executing program 2 (id=8597): sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, 0x0}, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGABS20(r1, 0x40044591, 0x0) write$char_usb(r0, &(0x7f0000000040)="e2", 0x1b18) r2 = socket$inet6(0xa, 0x2, 0x3a) r3 = dup(r2) bind$unix(r3, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x8, 0x3a, 0x0, @remote, @local, {[], @echo_reply={0x81, 0x0, 0x0, 0x200}}}}}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r7, &(0x7f0000001a40)={0x1f, 0xffff, 0x3}, 0x6) r8 = openat$ttyS3(0xffffff9c, &(0x7f0000000840), 0x0, 0x0) ioctl$TIOCCONS(r8, 0x541d) clock_gettime(0x3, &(0x7f0000000040)) write(r7, &(0x7f0000000000)="2e000300010003", 0x7) 295.127362ms ago: executing program 4 (id=8598): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='svcrdma_post_recv\x00'}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x5b) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) msgrcv(0x0, 0x0, 0x55, 0x0, 0x6800) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x0) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f00000003c0)={0x6, &(0x7f0000000240)=[{0x3f31, 0x8, 0x0, 0x7}, {0x6, 0x4, 0xc4, 0x8}, {0x0, 0x1, 0x3a, 0xfffeffff}, {0x7, 0xc, 0x1, 0x5}, {0x401, 0x2, 0x6, 0xfffffff0}, {0x8, 0x5, 0x5, 0x6}]}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000100)={'ip6gre0\x00', 0x0, 0x29, 0x5, 0x7f, 0x2, 0x42, @remote, @dev={0xfe, 0x80, '\x00', 0x29}, 0x700, 0x700, 0x5, 0x3}}) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x98, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x98}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x58, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x58}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=@newqdisc={0x38, 0x24, 0x200, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0xffff, 0xe}, {0x0, 0x7}, {0x8, 0xffe0}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x1}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x38}, 0x1, 0x0, 0x0, 0x100}, 0x488c4) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'syztnl2\x00', &(0x7f00000002c0)={'ip_vti0\x00', 0x0, 0x7800, 0x80, 0xbaf, 0x7, {{0x23, 0x4, 0x0, 0x2d, 0x8c, 0x64, 0x0, 0x3, 0x4, 0x0, @private=0xa010100, @rand_addr=0x64010102, {[@timestamp={0x44, 0x2c, 0x9, 0x0, 0x7, [0xfffffff1, 0xe0b, 0x2, 0x69e, 0x9, 0xfff, 0xf99f, 0x3, 0xc4, 0xb757]}, @rr={0x7, 0xf, 0x1b, [@dev={0xac, 0x14, 0x14, 0x13}, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @generic={0x7, 0x4, "34a6"}, @generic={0x0, 0x10, "1ad13f71a01b5407c49bc34e03c0"}, @lsrr={0x83, 0x27, 0xec, [@multicast1, @local, @rand_addr=0x64010100, @loopback, @private=0xa010100, @loopback, @rand_addr=0x64010100, @local, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r1, r6, 0x25, 0x1d, @val=@tcx={@prog_fd=r0}}, 0x40) 0s ago: executing program 0 (id=8599): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000440), 0x41, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0xbdff, 0x0, "ec28a1ba80a20507"}) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, &(0x7f0000000240)=@add_del={0x2, &(0x7f00000000c0)='wg2\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1}, 0x6e) sched_setaffinity(0x0, 0x0, 0x0) r4 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) ppoll(0x0, 0x0, 0x0, &(0x7f00000000c0)={[0x8001a0ffffffff]}, 0x8) ioctl$int_in(r5, 0x5452, &(0x7f0000000180)=0xffffffffffffffff) fcntl$setsig(r5, 0xa, 0x12) ppoll(&(0x7f0000000100)=[{r6, 0x2}], 0x1, 0x0, &(0x7f0000000080)={[0x8001a0ffffffff]}, 0x8) dup2(r5, r6) fcntl$setown(r6, 0x8, r4) tkill(r4, 0x13) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_open_pts(r0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x10012, r7, 0x0) ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000040)=0x3) kernel console output (not intermixed with test programs): to=fd [ 2295.983960][ T1301] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2295.993292][ T1301] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2296.009532][ T1152] hid (null): bogus close delimiter [ 2296.014908][T12936] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 2296.023815][ T1152] hid (null): invalid report_count 58028 [ 2296.030562][ T1152] hid (null): unknown global tag 0xd [ 2296.039723][ T1152] hid-generic 0003:0158:0100.007B: unknown main item tag 0x0 [ 2296.047379][ T1152] hid-generic 0003:0158:0100.007B: unknown main item tag 0x0 [ 2296.054851][ T1152] hid-generic 0003:0158:0100.007B: bogus close delimiter [ 2296.062027][ T1152] hid-generic 0003:0158:0100.007B: item 0 0 2 10 parsing failed [ 2296.073264][ T1152] hid-generic 0003:0158:0100.007B: probe with driver hid-generic failed with error -22 [ 2296.197750][T12936] usb 1-1: Using ep0 maxpacket: 32 [ 2296.215443][ T307] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 2296.227106][T12936] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2296.247063][ T1325] fuse: Bad value for 'fd' [ 2296.250288][T12936] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2296.262617][T12936] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 2296.278672][ T1301] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8347'. [ 2296.282384][T12936] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 2296.322251][T12936] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 2296.333353][T12936] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 2296.358261][T12936] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2296.369838][T12936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2296.390196][T12936] usb 1-1: Product: syz [ 2296.394430][T12936] usb 1-1: Manufacturer: syz [ 2296.395631][ T1326] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8354'. [ 2296.404447][T12936] usb 1-1: SerialNumber: syz [ 2296.421920][ T307] usb 4-1: Using ep0 maxpacket: 16 [ 2296.456211][ T307] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 2296.479995][ T307] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 2296.500968][ T307] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 2296.515492][ T1329] batadv0: entered promiscuous mode [ 2296.521882][ T307] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2296.531373][ T1329] vlan2: entered promiscuous mode [ 2296.537381][ T1329] vlan2: entered allmulticast mode [ 2296.544657][ T1329] batadv0: entered allmulticast mode [ 2296.555892][ T307] usb 4-1: config 0 descriptor?? [ 2296.574271][ T1329] batadv0: left allmulticast mode [ 2296.583247][ T1329] batadv0: left promiscuous mode [ 2296.694442][T12936] cdc_ncm 1-1:1.0: bind() failure [ 2296.711967][T12936] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 2296.723810][T12936] cdc_ncm 1-1:1.1: bind() failure [ 2296.748434][T12936] usb 1-1: USB disconnect, device number 88 [ 2297.046362][ T1323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2297.055637][ T1323] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2297.066150][ T307] hid (null): invalid report_size 812540268 [ 2297.079895][ T307] hid-generic 0003:0158:0100.007C: unknown main item tag 0x1 [ 2297.087489][ T307] hid-generic 0003:0158:0100.007C: unexpected long global item [ 2297.100586][ T307] hid-generic 0003:0158:0100.007C: probe with driver hid-generic failed with error -22 [ 2297.309357][ T307] usb 4-1: USB disconnect, device number 81 [ 2297.667464][T25155] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 2297.813461][ T1343] hub 6-0:1.0: USB hub found [ 2297.820199][ T1343] hub 6-0:1.0: 1 port detected [ 2298.815244][T25155] usb 5-1: Using ep0 maxpacket: 16 [ 2298.854305][T25155] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 2298.886874][ T1175] usb 3-1: USB disconnect, device number 43 [ 2298.917250][T25155] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 2298.978315][T25155] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 2299.012809][T25155] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2299.083263][T25155] usb 5-1: config 0 descriptor?? [ 2299.265527][ T1355] netlink: 44 bytes leftover after parsing attributes in process `syz.1.8363'. [ 2299.663524][ T29] kauditd_printk_skb: 2585 callbacks suppressed [ 2299.663547][ T29] audit: type=1400 audit(2000000809.020:27009): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=1334 comm="syz.4.8358" saddr=172.20.20.170 daddr=224.0.0.1 netif=wpan0 [ 2299.757086][ T29] audit: type=1400 audit(2000000809.070:27010): lsm=SMACK fn=smack_task_setscheduler action=granted subject="_" object="_" requested=w pid=1358 comm="kvm-nx-lpage-re" opid=1358 ocomm="kvm-nx-lpage-re" [ 2299.763341][ T1335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2299.825938][ T1335] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2299.875617][ T29] audit: type=1400 audit(2000000809.110:27011): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1334 comm="syz.4.8358" name="newroot" dev="tmpfs" ino=2 [ 2299.909535][T25155] hid (null): invalid report_size 812540268 [ 2299.937815][ T29] audit: type=1400 audit(2000000809.110:27012): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1334 comm="syz.4.8358" name="/" dev="devtmpfs" ino=1 [ 2299.964047][T25155] hid-generic 0003:0158:0100.007D: unknown main item tag 0x1 [ 2299.980613][T25155] hid-generic 0003:0158:0100.007D: unexpected long global item [ 2300.008718][T25155] hid-generic 0003:0158:0100.007D: probe with driver hid-generic failed with error -22 [ 2300.021628][ T29] audit: type=1400 audit(2000000809.110:27013): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=rw pid=1334 comm="syz.4.8358" name="raw-gadget" dev="devtmpfs" ino=733 [ 2300.077889][ T29] audit: type=1400 audit(2000000809.110:27014): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=1334 comm="syz.4.8358" path="/dev/raw-gadget" dev="devtmpfs" ino=733 [ 2300.119959][ T29] audit: type=1400 audit(2000000809.120:27015): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=w pid=1334 comm="syz.4.8358" path="/dev/raw-gadget" dev="devtmpfs" ino=733 [ 2300.123208][T28756] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2300.165469][T28761] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2300.172025][T28761] audit: audit_lost=880 audit_rate_limit=0 audit_backlog_limit=64 [ 2300.196001][ T5148] usb 5-1: USB disconnect, device number 60 [ 2301.295249][ T1379] hub 6-0:1.0: USB hub found [ 2301.300258][ T1379] hub 6-0:1.0: 1 port detected [ 2302.245923][ T1391] tipc: Started in network mode [ 2302.264002][ T1391] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 2302.283049][ T1391] tipc: Enabled bearer , priority 0 [ 2302.298513][ T1391] tipc: Enabled bearer , priority 0 [ 2302.448370][ T46] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 2303.299812][ T307] tipc: Node number set to 10136234 [ 2303.329139][ T1395] FAULT_INJECTION: forcing a failure. [ 2303.329139][ T1395] name failslab, interval 1, probability 0, space 0, times 0 [ 2303.442134][ T1395] CPU: 0 PID: 1395 Comm: syz.2.8378 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2303.451930][ T1395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2303.462049][ T1395] Call Trace: [ 2303.465397][ T1395] [ 2303.468364][ T1395] dump_stack_lvl+0x241/0x360 [ 2303.473091][ T1395] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2303.478334][ T1395] ? __pfx__printk+0x10/0x10 [ 2303.482973][ T1395] ? __pfx___might_resched+0x10/0x10 [ 2303.488304][ T1395] ? alloc_pages_mpol_noprof+0x417/0x680 [ 2303.494001][ T1395] should_fail_ex+0x3b0/0x4e0 [ 2303.495640][ T46] usb 5-1: Using ep0 maxpacket: 16 [ 2303.498699][ T1395] ? __pmd_alloc+0x110/0x630 [ 2303.508438][ T1395] should_failslab+0x9/0x20 [ 2303.512964][ T1395] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 2303.518453][ T1395] __pmd_alloc+0x110/0x630 [ 2303.522887][ T1395] ? __pfx___pmd_alloc+0x10/0x10 [ 2303.527845][ T1395] ? mt_find+0x226/0x850 [ 2303.532129][ T1395] handle_mm_fault+0xe0d/0x19d0 [ 2303.537010][ T1395] ? vma_pgtable_walk_end+0x55/0x80 [ 2303.542236][ T1395] ? __pfx_handle_mm_fault+0x10/0x10 [ 2303.547580][ T1395] ? __pfx_find_vma+0x10/0x10 [ 2303.552297][ T1395] ? vma_is_secretmem+0xd/0x50 [ 2303.557102][ T1395] ? check_vma_flags+0x500/0x5a0 [ 2303.562068][ T1395] __get_user_pages+0x6ec/0x16a0 [ 2303.567125][ T1395] ? __gup_longterm_locked+0x1ec9/0x2a80 [ 2303.572780][ T1395] ? validate_chain+0x11e/0x5900 [ 2303.577738][ T1395] ? __pfx___get_user_pages+0x10/0x10 [ 2303.583131][ T1395] ? __pfx_validate_chain+0x10/0x10 [ 2303.588349][ T1395] ? __lock_acquire+0x1346/0x1fd0 [ 2303.593394][ T1395] __gup_longterm_locked+0x1ff6/0x2a80 [ 2303.598895][ T1395] ? __pfx___gup_longterm_locked+0x10/0x10 [ 2303.604725][ T1395] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2303.610807][ T1395] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2303.617153][ T1395] ? gup_fast_fallback+0x221d/0x2b50 [ 2303.622548][ T1395] gup_fast_fallback+0x2742/0x2b50 [ 2303.627706][ T1395] ? __pfx_gup_fast_fallback+0x10/0x10 [ 2303.633211][ T1395] ? mtree_load+0x1ef/0x940 [ 2303.637727][ T1395] ? __pfx_lock_release+0x10/0x10 [ 2303.642794][ T1395] ? __se_sys_get_mempolicy+0x5c9/0x1600 [ 2303.648442][ T1395] ? is_valid_gup_args+0x124/0x200 [ 2303.653756][ T1395] get_user_pages_fast+0xcc/0x160 [ 2303.658887][ T1395] ? __pfx_get_user_pages_fast+0x10/0x10 [ 2303.664629][ T1395] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 2303.670629][ T1395] __se_sys_get_mempolicy+0x610/0x1600 [ 2303.676203][ T1395] ? __pfx___se_sys_get_mempolicy+0x10/0x10 [ 2303.682114][ T1395] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2303.688295][ T1395] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2303.694635][ T1395] ? do_syscall_64+0x100/0x230 [ 2303.699416][ T1395] ? __x64_sys_get_mempolicy+0x20/0xc0 [ 2303.704897][ T1395] do_syscall_64+0xf3/0x230 [ 2303.709415][ T1395] ? clear_bhb_loop+0x35/0x90 [ 2303.714108][ T1395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2303.720014][ T1395] RIP: 0033:0x7ff765175a99 [ 2303.724523][ T1395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2303.744159][ T1395] RSP: 002b:00007ff765f46048 EFLAGS: 00000246 ORIG_RAX: 00000000000000ef [ 2303.752612][ T1395] RAX: ffffffffffffffda RBX: 00007ff765303f60 RCX: 00007ff765175a99 [ 2303.760683][ T1395] RDX: 0000000001000004 RSI: 0000000020000180 RDI: 0000000000000000 [ 2303.768660][ T1395] RBP: 00007ff765f460a0 R08: 0000000000000003 R09: 0000000000000000 [ 2303.776665][ T1395] R10: 0000000020ffd000 R11: 0000000000000246 R12: 0000000000000001 [ 2303.784652][ T1395] R13: 000000000000000b R14: 00007ff765303f60 R15: 00007fff0b383088 [ 2303.792659][ T1395] [ 2303.828319][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 2303.874845][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 2303.954951][ T46] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 2303.984795][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2304.028868][ T1403] Bluetooth: MGMT ver 1.23 [ 2304.034722][ T46] usb 5-1: config 0 descriptor?? [ 2304.602913][ T1381] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2304.632952][ T1381] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2305.169919][ T46] hid (null): invalid report_size 812540268 [ 2305.195366][ T29] kauditd_printk_skb: 2260 callbacks suppressed [ 2305.195388][ T29] audit: type=1400 audit(2000000814.530:29006): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=r pid=1380 comm="syz.4.8375" path="/dev/raw-gadget" dev="devtmpfs" ino=733 [ 2305.360889][T28761] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2305.368126][ T1409] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2305.379221][ T46] hid-generic 0003:0158:0100.007E: unknown main item tag 0x1 [ 2305.384985][ T1409] audit: audit_lost=971 audit_rate_limit=0 audit_backlog_limit=64 [ 2305.394553][ T1409] audit: backlog limit exceeded [ 2305.400395][T28761] audit: audit_lost=972 audit_rate_limit=0 audit_backlog_limit=64 [ 2305.410576][ T29] audit: type=1400 audit(2000000814.530:29007): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=w pid=1380 comm="syz.4.8375" path="/dev/raw-gadget" dev="devtmpfs" ino=733 [ 2305.414859][ T46] hid-generic 0003:0158:0100.007E: unexpected long global item [ 2305.455190][T28761] audit: backlog limit exceeded [ 2305.460780][T28761] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2305.465016][ T1409] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2305.526007][ T46] hid-generic 0003:0158:0100.007E: probe with driver hid-generic failed with error -22 [ 2305.575121][ T46] usb 5-1: USB disconnect, device number 61 [ 2306.020699][ T1418] hub 6-0:1.0: USB hub found [ 2306.026704][ T1418] hub 6-0:1.0: 1 port detected [ 2307.560041][ T1428] FAULT_INJECTION: forcing a failure. [ 2307.560041][ T1428] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2307.633154][ T1428] CPU: 0 PID: 1428 Comm: syz.1.8389 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2307.642950][ T1428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2307.653033][ T1428] Call Trace: [ 2307.656334][ T1428] [ 2307.659282][ T1428] dump_stack_lvl+0x241/0x360 [ 2307.664163][ T1428] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2307.669393][ T1428] ? __pfx__printk+0x10/0x10 [ 2307.674044][ T1428] ? snprintf+0xda/0x120 [ 2307.678322][ T1428] should_fail_ex+0x3b0/0x4e0 [ 2307.683035][ T1428] _copy_to_user+0x2f/0xb0 [ 2307.687491][ T1428] simple_read_from_buffer+0xca/0x150 [ 2307.692896][ T1428] proc_fail_nth_read+0x1e9/0x250 [ 2307.697956][ T1428] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2307.703529][ T1428] ? rw_verify_area+0x52a/0x6b0 [ 2307.708410][ T1428] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2307.713979][ T1428] vfs_read+0x204/0xbc0 [ 2307.718168][ T1428] ? __pfx_lock_release+0x10/0x10 [ 2307.723234][ T1428] ? __pfx_vfs_read+0x10/0x10 [ 2307.727945][ T1428] ? __fget_files+0x29/0x470 [ 2307.732572][ T1428] ? __fget_files+0x3f6/0x470 [ 2307.737307][ T1428] ksys_read+0x1a0/0x2c0 [ 2307.741609][ T1428] ? __pfx_ksys_read+0x10/0x10 [ 2307.746413][ T1428] ? do_syscall_64+0x100/0x230 [ 2307.751204][ T1428] ? do_syscall_64+0xb6/0x230 [ 2307.755906][ T1428] do_syscall_64+0xf3/0x230 [ 2307.760435][ T1428] ? clear_bhb_loop+0x35/0x90 [ 2307.765146][ T1428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2307.771063][ T1428] RIP: 0033:0x7f910557457c [ 2307.775505][ T1428] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 2307.795138][ T1428] RSP: 002b:00007f9106313040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2307.803571][ T1428] RAX: ffffffffffffffda RBX: 00007f9105703f60 RCX: 00007f910557457c [ 2307.811574][ T1428] RDX: 000000000000000f RSI: 00007f91063130b0 RDI: 0000000000000003 [ 2307.819562][ T1428] RBP: 00007f91063130a0 R08: 0000000000000000 R09: 0000000000000000 [ 2307.827546][ T1428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2307.835543][ T1428] R13: 000000000000000b R14: 00007f9105703f60 R15: 00007fff680928f8 [ 2307.843565][ T1428] [ 2307.956737][ T1175] IPVS: starting estimator thread 0... [ 2308.074937][ T1429] IPVS: using max 18 ests per chain, 43200 per kthread [ 2308.132160][ T1434] FAULT_INJECTION: forcing a failure. [ 2308.132160][ T1434] name failslab, interval 1, probability 0, space 0, times 0 [ 2308.184606][ T1434] CPU: 0 PID: 1434 Comm: syz.3.8392 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2308.194409][ T1434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2308.204499][ T1434] Call Trace: [ 2308.207808][ T1434] [ 2308.210781][ T1434] dump_stack_lvl+0x241/0x360 [ 2308.215503][ T1434] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2308.220739][ T1434] ? __pfx__printk+0x10/0x10 [ 2308.225359][ T1434] ? __pfx___might_resched+0x10/0x10 [ 2308.230689][ T1434] should_fail_ex+0x3b0/0x4e0 [ 2308.235408][ T1434] ? skb_clone+0x20c/0x390 [ 2308.239863][ T1434] should_failslab+0x9/0x20 [ 2308.244495][ T1434] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 2308.249929][ T1434] ? __virt_addr_valid+0x183/0x530 [ 2308.255081][ T1434] skb_clone+0x20c/0x390 [ 2308.259370][ T1434] pfkey_sendmsg+0x43d/0x1050 [ 2308.264100][ T1434] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 2308.269254][ T1434] ? tomoyo_socket_sendmsg_permission+0x288/0x420 [ 2308.275713][ T1434] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 2308.282521][ T1434] ? __pfx___might_resched+0x10/0x10 [ 2308.287848][ T1434] ? __might_fault+0xaa/0x120 [ 2308.292583][ T1434] ? __pfx_lock_release+0x10/0x10 [ 2308.297639][ T1434] ? __import_iovec+0x536/0x820 [ 2308.302529][ T1434] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2308.307848][ T1434] ? security_socket_sendmsg+0x87/0xb0 [ 2308.313344][ T1434] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 2308.318488][ T1434] __sock_sendmsg+0x221/0x270 [ 2308.323209][ T1434] ____sys_sendmsg+0x525/0x7d0 [ 2308.328045][ T1434] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2308.333497][ T1434] __sys_sendmsg+0x2b0/0x3a0 [ 2308.338144][ T1434] ? __pfx___sys_sendmsg+0x10/0x10 [ 2308.343302][ T1434] ? vfs_write+0x7c4/0xc90 [ 2308.347828][ T1434] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2308.354211][ T1434] ? do_syscall_64+0x100/0x230 [ 2308.359020][ T1434] ? do_syscall_64+0xb6/0x230 [ 2308.363734][ T1434] do_syscall_64+0xf3/0x230 [ 2308.368276][ T1434] ? clear_bhb_loop+0x35/0x90 [ 2308.372990][ T1434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2308.378914][ T1434] RIP: 0033:0x7f88b0f75a99 [ 2308.383360][ T1434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2308.403013][ T1434] RSP: 002b:00007f88b1e11048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2308.411482][ T1434] RAX: ffffffffffffffda RBX: 00007f88b1103f60 RCX: 00007f88b0f75a99 [ 2308.419487][ T1434] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000008 [ 2308.427485][ T1434] RBP: 00007f88b1e110a0 R08: 0000000000000000 R09: 0000000000000000 [ 2308.435355][ T307] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 2308.435467][ T1434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2308.451023][ T1434] R13: 000000000000000b R14: 00007f88b1103f60 R15: 00007ffe55dc6218 [ 2308.459045][ T1434] [ 2308.645438][ T307] usb 3-1: Using ep0 maxpacket: 32 [ 2308.663817][ T307] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 2308.684104][ T307] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2308.858170][ T307] usb 3-1: config 0 descriptor?? [ 2308.890337][ T307] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 2309.081957][ T1431] syz.2.8390[1431] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2309.082132][ T1431] syz.2.8390[1431] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 2309.612600][ T307] gspca_nw80x: reg_w err -71 [ 2309.680997][ T307] nw80x 3-1:0.0: probe with driver nw80x failed with error -71 [ 2309.723781][ T307] usb 3-1: USB disconnect, device number 44 [ 2310.035979][ T1462] hub 6-0:1.0: USB hub found [ 2310.041066][ T1462] hub 6-0:1.0: 1 port detected [ 2310.212040][ T29] kauditd_printk_skb: 3095 callbacks suppressed [ 2310.212087][ T29] audit: type=1400 audit(2000000819.540:31402): lsm=SMACK fn=smack_unix_may_send action=granted subject="_" object="_" requested=w pid=4754 comm="dhcpcd" [ 2310.417436][ T29] audit: type=1400 audit(2000000819.540:31403): lsm=SMACK fn=smack_unix_may_send action=granted subject="_" object="_" requested=w pid=4754 comm="dhcpcd" [ 2310.692069][T28740] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2310.699437][ T1456] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2310.714971][ T1456] audit: audit_lost=1216 audit_rate_limit=0 audit_backlog_limit=64 [ 2310.723036][T28740] audit: audit_lost=1217 audit_rate_limit=0 audit_backlog_limit=64 [ 2310.731136][ T29] audit: type=1400 audit(2000000819.550:31404): lsm=SMACK fn=smack_unix_may_send action=granted subject="_" object="_" requested=w pid=4754 comm="dhcpcd" [ 2310.783338][ T1456] audit: backlog limit exceeded [ 2310.789299][T28746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2310.796753][T28740] audit: backlog limit exceeded [ 2311.391262][ T1471] hub 6-0:1.0: USB hub found [ 2311.397426][ T1471] hub 6-0:1.0: 1 port detected [ 2312.403819][ T1477] netlink: 84 bytes leftover after parsing attributes in process `syz.2.8403'. [ 2312.475337][ T1477] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8403'. [ 2312.669802][ T1484] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8406'. [ 2313.531387][ T5103] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2313.542183][ T5103] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2313.552372][ T5103] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2313.562134][ T5103] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2313.571050][ T5103] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 2313.578491][ T5103] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2314.690055][ T1514] hub 6-0:1.0: USB hub found [ 2314.696000][ T1514] hub 6-0:1.0: 1 port detected [ 2315.485767][ T29] kauditd_printk_skb: 2535 callbacks suppressed [ 2315.485787][ T29] audit: type=1400 audit(2000000824.840:33437): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=28746 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 2315.507543][ T1515] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2315.512583][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2315.518456][ T1515] audit: audit_lost=1386 audit_rate_limit=0 audit_backlog_limit=64 [ 2315.524931][ C1] audit: audit_lost=1387 audit_rate_limit=0 audit_backlog_limit=64 [ 2315.524952][ C1] audit: backlog limit exceeded [ 2315.555232][ T1515] audit: backlog limit exceeded [ 2315.560913][T28746] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2315.567676][ T1513] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2315.567936][ T1515] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2315.660448][ T5103] Bluetooth: hci3: command tx timeout [ 2315.760052][ T1493] chnl_net:caif_netlink_parms(): no params data found [ 2317.143317][ T1493] bridge0: port 1(bridge_slave_0) entered blocking state [ 2317.158551][ T1493] bridge0: port 1(bridge_slave_0) entered disabled state [ 2317.182808][ T1493] bridge_slave_0: entered allmulticast mode [ 2317.219335][ T1493] bridge_slave_0: entered promiscuous mode [ 2317.240338][ T1493] bridge0: port 2(bridge_slave_1) entered blocking state [ 2317.275232][ T1493] bridge0: port 2(bridge_slave_1) entered disabled state [ 2317.301439][ T1493] bridge_slave_1: entered allmulticast mode [ 2317.330254][ T1493] bridge_slave_1: entered promiscuous mode [ 2317.351357][ T1538] ipt_REJECT: TCP_RESET invalid for non-tcp [ 2317.415477][ T1536] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8420'. [ 2317.433607][ T1538] syz.2.8422 (1538): attempted to duplicate a private mapping with mremap. This is not supported. [ 2317.655880][ T1493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2317.731479][ T1493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2317.735148][ T5103] Bluetooth: hci3: command tx timeout [ 2317.795726][ T5095] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 2317.880207][ T1542] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8420'. [ 2318.005183][ T5095] usb 5-1: Using ep0 maxpacket: 32 [ 2318.024375][ T5095] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2318.071873][ T5095] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2318.094303][ T1493] team0: Port device team_slave_0 added [ 2318.120281][ T5095] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 2318.162142][ T1493] team0: Port device team_slave_1 added [ 2318.168436][ T5095] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2318.234938][ T5095] hub 5-1:4.0: USB hub found [ 2318.451243][ T5095] hub 5-1:4.0: 1 port detected [ 2318.491390][ T1103] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2318.533017][ T1493] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2318.547349][ T1493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2318.573622][ C0] vkms_vblank_simulate: vblank timer overrun [ 2318.592600][ T1493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2318.614532][ T1493] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2318.623630][ T1493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2318.746741][ T1493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2318.902837][ T1103] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2319.288810][ T5095] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 2319.339169][ T5095] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 2319.437976][ T1103] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2319.471217][ T5095] usb 5-1: USB disconnect, device number 62 [ 2319.673363][ T1103] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2319.753972][ T1493] hsr_slave_0: entered promiscuous mode [ 2319.788556][ T1493] hsr_slave_1: entered promiscuous mode [ 2319.815008][ T5103] Bluetooth: hci3: command tx timeout [ 2319.880113][ T1493] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2319.908568][ T1573] FAULT_INJECTION: forcing a failure. [ 2319.908568][ T1573] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2319.930296][ T1493] Cannot create hsr debugfs directory [ 2319.945351][ T1573] CPU: 1 PID: 1573 Comm: syz.2.8429 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2319.955148][ T1573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2319.965542][ T1573] Call Trace: [ 2319.968943][ T1573] [ 2319.971910][ T1573] dump_stack_lvl+0x241/0x360 [ 2319.976830][ T1573] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2319.982072][ T1573] ? __pfx__printk+0x10/0x10 [ 2319.986757][ T1573] should_fail_ex+0x3b0/0x4e0 [ 2319.991578][ T1573] strncpy_from_user+0x36/0x2e0 [ 2319.996482][ T1573] ? kmem_cache_alloc_noprof+0x185/0x2a0 [ 2320.002260][ T1573] getname_flags+0xf1/0x540 [ 2320.006827][ T1573] __se_sys_statx+0x1a2/0x2b0 [ 2320.011583][ T1573] ? __fget_files+0x3f6/0x470 [ 2320.016313][ T1573] ? __pfx___se_sys_statx+0x10/0x10 [ 2320.021572][ T1573] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2320.027615][ T1573] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2320.033997][ T1573] ? do_syscall_64+0x100/0x230 [ 2320.038814][ T1573] ? __x64_sys_statx+0x20/0xc0 [ 2320.043799][ T1573] do_syscall_64+0xf3/0x230 [ 2320.048357][ T1573] ? clear_bhb_loop+0x35/0x90 [ 2320.053089][ T1573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2320.059123][ T1573] RIP: 0033:0x7ff765175a99 [ 2320.063580][ T1573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2320.083321][ T1573] RSP: 002b:00007ff765f04048 EFLAGS: 00000246 ORIG_RAX: 000000000000014c [ 2320.091808][ T1573] RAX: ffffffffffffffda RBX: 00007ff765304110 RCX: 00007ff765175a99 [ 2320.099958][ T1573] RDX: 0000000000000000 RSI: 0000000020000140 RDI: ffffffffffffff9c [ 2320.107986][ T1573] RBP: 00007ff765f040a0 R08: 0000000000000000 R09: 0000000000000000 [ 2320.116006][ T1573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2320.124009][ T1573] R13: 000000000000006e R14: 00007ff765304110 R15: 00007fff0b383088 [ 2320.132014][ T1573] [ 2320.466385][ T1578] netlink: 9 bytes leftover after parsing attributes in process `syz.2.8431'. [ 2320.504477][ T1578] 1·: renamed from c0· (while UP) [ 2320.519672][ T29] kauditd_printk_skb: 3836 callbacks suppressed [ 2320.519694][ T29] audit: type=1400 audit(2000000829.880:36860): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1581 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 2320.551280][T28761] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2320.559268][T28761] audit: audit_lost=1527 audit_rate_limit=0 audit_backlog_limit=64 [ 2320.573752][ T1578] A link change request failed with some changes committed already. Interface c1· may have been left with an inconsistent configuration, please check. [ 2320.590062][T28761] audit: backlog limit exceeded [ 2320.595471][ T29] audit: type=1400 audit(2000000829.880:36861): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1581 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 2320.615401][T28761] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2320.622030][T28761] audit: audit_lost=1528 audit_rate_limit=0 audit_backlog_limit=64 [ 2320.639600][T28761] audit: backlog limit exceeded [ 2320.645264][ T29] audit: type=1400 audit(2000000829.880:36862): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1581 comm="syz-executor" name="296" dev="tmpfs" ino=1629 [ 2320.650141][ T1585] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2320.846428][ T1586] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8431'. [ 2320.921256][ T1578] 9pnet_fd: Insufficient options for proto=fd [ 2320.986861][ T1103] bridge_slave_1: left allmulticast mode [ 2320.993640][ T1103] bridge_slave_1: left promiscuous mode [ 2321.033566][ T1103] bridge0: port 2(bridge_slave_1) entered disabled state [ 2321.068890][ T1103] bridge_slave_0: left allmulticast mode [ 2321.088477][ T1103] bridge_slave_0: left promiscuous mode [ 2321.107609][ T1103] bridge0: port 1(bridge_slave_0) entered disabled state [ 2321.496540][T26135] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2321.512541][T26135] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2321.523572][T26135] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2321.534015][T26135] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2321.542291][T26135] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 2321.552177][T26135] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2321.900467][ T5103] Bluetooth: hci3: command tx timeout [ 2322.552826][ T1103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2322.576156][ T1103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2322.604706][ T1103] bond0 (unregistering): Released all slaves [ 2323.045646][ T1614] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8441'. [ 2323.468684][ T1610] infiniband syz2: set active [ 2323.482035][ T1610] infiniband syz2: added team_slave_1 [ 2323.636173][ T1610] RDS/IB: syz2: added [ 2323.641414][ T1610] smc: adding ib device syz2 with port count 1 [ 2323.655587][ T5103] Bluetooth: hci0: command tx timeout [ 2323.663893][ T1610] smc: ib device syz2 port 1 has pnetid [ 2325.634419][ T29] kauditd_printk_skb: 1475 callbacks suppressed [ 2325.634439][ T29] audit: type=1400 audit(2000000834.990:38243): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=28756 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 2325.664958][ T29] audit: type=1400 audit(2000000835.020:38244): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=28756 comm="syz-executor" name="/" dev="sysfs" ino=1 [ 2325.715343][ T29] audit: type=1400 audit(2000000835.020:38245): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=28756 comm="syz-executor" name="fs" dev="sysfs" ino=2 [ 2325.734974][ T29] audit: type=1400 audit(2000000835.020:38246): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=28756 comm="syz-executor" name="fuse" dev="sysfs" ino=5251 [ 2325.735141][ T5103] Bluetooth: hci0: command tx timeout [ 2325.754205][ C0] vkms_vblank_simulate: vblank timer overrun [ 2325.754349][ T29] audit: type=1400 audit(2000000835.020:38247): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=28756 comm="syz-executor" name="/" dev="fusectl" ino=1 [ 2325.785480][ T29] audit: type=1400 audit(2000000835.020:38248): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=28756 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 [ 2325.805764][ C0] vkms_vblank_simulate: vblank timer overrun [ 2325.812526][ T29] audit: type=1400 audit(2000000835.020:38249): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=28756 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 [ 2325.843828][ T29] audit: type=1400 audit(2000000835.150:38250): lsm=SMACK fn=smack_task_kill action=granted subject="_" object="_" requested=w pid=28761 comm="syz-executor" opid=1608 ocomm="syz.1.8441" [ 2325.862560][ T29] audit: type=1400 audit(2000000835.150:38251): lsm=SMACK fn=smack_task_kill action=granted subject="_" object="_" requested=w pid=28761 comm="syz-executor" opid=1608 ocomm="syz.1.8441" [ 2325.882060][ T29] audit: type=1400 audit(2000000835.170:38252): lsm=SMACK fn=smack_task_kill action=granted subject="_" object="_" requested=w pid=28746 comm="syz-executor" opid=1609 ocomm="syz.2.8440" [ 2327.815086][ T5103] Bluetooth: hci0: command tx timeout [ 2328.856663][ T1619] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8442'. [ 2329.318015][ T1493] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 2329.363589][ T1493] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 2329.452546][ T1594] chnl_net:caif_netlink_parms(): no params data found [ 2329.508877][ T1493] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 2329.546308][ T1493] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 2329.664869][ T1620] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8442'. [ 2329.894892][ T5103] Bluetooth: hci0: command tx timeout [ 2330.144988][ T1594] bridge0: port 1(bridge_slave_0) entered blocking state [ 2330.152174][ T1594] bridge0: port 1(bridge_slave_0) entered disabled state [ 2330.215684][ T1594] bridge_slave_0: entered allmulticast mode [ 2330.235532][ T1594] bridge_slave_0: entered promiscuous mode [ 2330.266805][ T1594] bridge0: port 2(bridge_slave_1) entered blocking state [ 2330.274601][ T1594] bridge0: port 2(bridge_slave_1) entered disabled state [ 2330.326412][ T1594] bridge_slave_1: entered allmulticast mode [ 2330.334132][ T1594] bridge_slave_1: entered promiscuous mode [ 2330.528535][ T1594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2330.565160][ T1594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2330.817925][ T1594] team0: Port device team_slave_0 added [ 2330.839629][ T1594] team0: Port device team_slave_1 added [ 2330.889051][ T1493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2331.131794][ T29] kauditd_printk_skb: 555 callbacks suppressed [ 2331.131813][ T29] audit: type=1400 audit(2000000840.490:38775): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=28746 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 2331.183302][T28746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2331.192588][ T1493] 8021q: adding VLAN 0 to HW filter on device team0 [ 2331.206616][T28746] audit: audit_lost=1572 audit_rate_limit=0 audit_backlog_limit=64 [ 2331.213913][ T1594] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2331.214532][T28746] audit: backlog limit exceeded [ 2331.227019][ T29] audit: type=1400 audit(2000000840.520:38776): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=29 comm="kauditd" saddr=10.128.0.169 src=30008 daddr=10.128.1.240 dest=56138 netif=eth0 [ 2331.244903][ T1594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2331.275118][T28746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2331.275140][T28746] audit: audit_lost=1573 audit_rate_limit=0 audit_backlog_limit=64 [ 2331.294021][ T29] audit: type=1400 audit(2000000840.520:38777): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=29 comm="kauditd" saddr=10.128.0.169 src=30008 daddr=10.128.1.240 dest=56138 netif=eth0 [ 2331.317771][T28746] audit: backlog limit exceeded [ 2331.322794][T28746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2331.355032][ T1594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2331.415650][ T1594] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2331.445125][ T1594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2331.552743][ T1594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2331.638037][ T307] bridge0: port 1(bridge_slave_0) entered blocking state [ 2331.645255][ T307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2331.709473][ T307] bridge0: port 2(bridge_slave_1) entered blocking state [ 2331.716638][ T307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2332.017468][ T1594] hsr_slave_0: entered promiscuous mode [ 2332.075244][ T1594] hsr_slave_1: entered promiscuous mode [ 2332.095415][ T1594] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2332.127736][ T1594] Cannot create hsr debugfs directory [ 2332.212246][ T1493] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2332.284167][ T1493] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2333.409807][ T1594] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2333.789344][ T1594] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2333.876871][T26135] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2333.893896][T26135] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2333.902825][T26135] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2334.039634][T26135] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2334.066390][T26135] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 2334.074306][T26135] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2334.137742][ T5103] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 2334.152552][ T5103] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 2334.185281][ T5103] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 2334.203494][ T5103] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 2334.213148][ T1594] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2334.245588][ T5103] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 2334.255221][ T5103] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 2334.515693][ T1493] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2334.760603][ T1594] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2335.365595][ T1493] veth0_vlan: entered promiscuous mode [ 2335.420656][ T1493] veth1_vlan: entered promiscuous mode [ 2335.744289][ T1493] veth0_macvtap: entered promiscuous mode [ 2335.815129][ T1103] hsr_slave_0: left promiscuous mode [ 2335.831578][ T1103] 0·: left promiscuous mode [ 2335.851902][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2335.875216][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2335.906560][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2335.914012][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2336.017930][ T1103] veth1_macvtap: left promiscuous mode [ 2336.023525][ T1103] veth0_macvtap: left promiscuous mode [ 2336.055287][ T1103] veth1_vlan: left promiscuous mode [ 2336.065054][ T1103] veth0_vlan: left promiscuous mode [ 2336.135046][ T5103] Bluetooth: hci2: command tx timeout [ 2336.456592][ T5103] Bluetooth: hci6: command tx timeout [ 2336.476650][ T29] kauditd_printk_skb: 1888 callbacks suppressed [ 2336.476672][ T29] audit: type=1400 audit(2000000845.840:40643): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=w pid=1651 comm="syz.2.8449" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=170128 [ 2336.558637][ T29] audit: type=1400 audit(2000000845.840:40644): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=r pid=1651 comm="syz.2.8449" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=170128 [ 2336.603940][ T29] audit: type=1400 audit(2000000845.840:40645): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1651 comm="syz.2.8449" name="newroot" dev="tmpfs" ino=2 [ 2336.639255][ T29] audit: type=1400 audit(2000000845.840:40646): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1651 comm="syz.2.8449" name="/" dev="devtmpfs" ino=1 [ 2336.664843][ T29] audit: type=1400 audit(2000000845.840:40647): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=r pid=1651 comm="syz.2.8449" name="full" dev="devtmpfs" ino=7 [ 2336.699647][ T29] audit: type=1400 audit(2000000845.840:40648): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=1651 comm="syz.2.8449" path="/dev/full" dev="devtmpfs" ino=7 [ 2336.729493][ T29] audit: type=1400 audit(2000000846.020:40649): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=27 comm="kdevtmpfs" name="/" dev="devtmpfs" ino=1 [ 2336.802407][ T29] audit: type=1400 audit(2000000846.020:40650): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=27 comm="kdevtmpfs" path="/tap63" dev="devtmpfs" ino=4628 [ 2337.034611][ T29] audit: type=1400 audit(2000000846.390:40651): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=1601 comm="syz.3.8438" saddr=10.128.0.169 src=30008 daddr=10.128.1.240 dest=56138 netif=eth0 [ 2337.270407][ T29] audit: type=1400 audit(2000000846.630:40652): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=30008 daddr=10.128.1.240 dest=56138 netif=eth0 [ 2338.180949][ T1103] team0 (unregistering): Port device team_slave_1 removed [ 2338.217312][ T5103] Bluetooth: hci2: command tx timeout [ 2338.378608][ T1103] team0 (unregistering): Port device team_slave_0 removed [ 2338.545192][ T5103] Bluetooth: hci6: command tx timeout [ 2340.098628][ T1493] veth1_macvtap: entered promiscuous mode [ 2340.306649][ T1594] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2340.308715][ T5103] Bluetooth: hci2: command tx timeout [ 2340.329017][ T1594] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2340.454396][ T1594] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2340.484921][ T1594] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2340.550238][ T1493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2340.595298][ T1493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2340.605480][ T1493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2340.616298][ T1493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2340.626274][ T5103] Bluetooth: hci6: command tx timeout [ 2340.626295][ T1493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2340.654888][ T1493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2340.678501][ T1493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2340.689150][ T1493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2340.705037][ T1493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2340.715623][ T1493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2340.736226][ T1493] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2340.750914][ T1493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2340.764964][ T1493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2340.779016][ T1493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2340.789975][ T1493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2340.799936][ T1493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2340.816059][ T1493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2340.831610][ T1493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2340.844906][ T1493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2340.854986][ T1493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2340.865608][ T1493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2340.888640][ T1493] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2340.987325][ T1493] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2341.064989][ T1493] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2341.073762][ T1493] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2341.102198][ T1493] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2341.700826][T28746] audit_log_start: 719 callbacks suppressed [ 2341.700841][T28746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2341.713583][ T29] audit: type=1400 audit(2000000851.060:41264): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=28746 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 2341.744457][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2341.751080][ C1] audit: audit_lost=1618 audit_rate_limit=0 audit_backlog_limit=64 [ 2341.753129][T28746] audit: audit_lost=1619 audit_rate_limit=0 audit_backlog_limit=64 [ 2341.759005][ C1] audit: backlog limit exceeded [ 2341.759394][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2341.767253][ T29] audit: type=1400 audit(2000000851.060:41265): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=28746 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 2341.771817][ C1] audit: audit_lost=1620 audit_rate_limit=0 audit_backlog_limit=64 [ 2341.788114][T28746] audit: backlog limit exceeded [ 2341.852447][ T7105] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2342.028991][ T7105] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2342.202636][ T7105] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2342.352453][ T3828] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2342.377422][ T5103] Bluetooth: hci2: command tx timeout [ 2342.383333][ T3828] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2342.503292][ T7105] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2342.537953][ T1679] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8455'. [ 2342.555204][ T1679] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8455'. [ 2342.697770][ T1644] chnl_net:caif_netlink_parms(): no params data found [ 2342.705095][ T5103] Bluetooth: hci6: command tx timeout [ 2342.802568][ T1646] chnl_net:caif_netlink_parms(): no params data found [ 2343.031794][ T3828] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2343.064905][ T3828] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2343.393324][ T1644] bridge0: port 1(bridge_slave_0) entered blocking state [ 2343.435033][ T1644] bridge0: port 1(bridge_slave_0) entered disabled state [ 2343.442327][ T1644] bridge_slave_0: entered allmulticast mode [ 2343.454601][ T1644] bridge_slave_0: entered promiscuous mode [ 2343.503811][ T7105] bridge_slave_1: left allmulticast mode [ 2343.510176][ T7105] bridge_slave_1: left promiscuous mode [ 2343.516296][ T7105] bridge0: port 2(bridge_slave_1) entered disabled state [ 2343.536980][ T7105] bridge_slave_0: left allmulticast mode [ 2343.543179][ T7105] bridge_slave_0: left promiscuous mode [ 2343.549368][ T7105] bridge0: port 1(bridge_slave_0) entered disabled state [ 2343.570738][ T7105] bridge_slave_1: left allmulticast mode [ 2343.586754][ T7105] bridge_slave_1: left promiscuous mode [ 2343.592564][ T7105] bridge0: port 2(bridge_slave_1) entered disabled state [ 2343.615911][ T7105] bridge_slave_0: left allmulticast mode [ 2343.621601][ T7105] bridge_slave_0: left promiscuous mode [ 2343.636820][ T7105] bridge0: port 1(bridge_slave_0) entered disabled state [ 2343.735036][ T5146] usb 1-1: new high-speed USB device number 89 using dummy_hcd [ 2343.944896][ T5146] usb 1-1: Using ep0 maxpacket: 16 [ 2343.958371][ T5146] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 2344.018911][ T5146] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 2344.047845][ T5146] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 2344.067082][ T5146] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2344.110910][ T5146] usb 1-1: config 0 descriptor?? [ 2344.654105][ T1701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2344.685445][ T1701] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2344.731965][ T5146] hid (null): invalid report_size 812540268 [ 2344.752209][ T5146] hid-generic 0003:0158:0100.007F: unknown main item tag 0x1 [ 2344.768656][ T5146] hid-generic 0003:0158:0100.007F: unexpected long global item [ 2344.795361][ T5146] hid-generic 0003:0158:0100.007F: probe with driver hid-generic failed with error -22 [ 2344.858700][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 2344.868630][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 2345.736234][ T7105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2345.762651][ T7105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2345.790284][ T7105] bond0 (unregistering): Released all slaves [ 2346.197285][ T7105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2346.216717][ T7105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2346.232266][ T7105] bond0 (unregistering): Released all slaves [ 2346.261132][ T1644] bridge0: port 2(bridge_slave_1) entered blocking state [ 2346.270982][ T1644] bridge0: port 2(bridge_slave_1) entered disabled state [ 2346.279267][ T1644] bridge_slave_1: entered allmulticast mode [ 2346.294257][ T1644] bridge_slave_1: entered promiscuous mode [ 2346.419297][T25155] usb 1-1: USB disconnect, device number 89 [ 2346.496866][ T1594] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2346.561745][ T1644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2346.588293][ T1644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2346.707728][ T29] kauditd_printk_skb: 1904 callbacks suppressed [ 2346.707749][ T29] audit: type=1400 audit(2000000856.050:43025): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1702 comm="syz.2.8460" name="1703-5" dev="debugfs" ino=170619 [ 2346.786517][ T1646] bridge0: port 1(bridge_slave_0) entered blocking state [ 2346.793702][ T1646] bridge0: port 1(bridge_slave_0) entered disabled state [ 2346.801886][ T29] audit: type=1400 audit(2000000856.070:43026): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1702 comm="syz.2.8460" name="1703-5" dev="debugfs" ino=170619 [ 2346.822406][ T1646] bridge_slave_0: entered allmulticast mode [ 2346.858559][ T1646] bridge_slave_0: entered promiscuous mode [ 2346.864961][ T29] audit: type=1400 audit(2000000856.070:43027): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1702 comm="syz.2.8460" name="1703-5" dev="debugfs" ino=170619 [ 2346.878906][ T7105] tipc: Disabling bearer [ 2346.915738][ T7105] tipc: Left network mode [ 2346.924494][T28746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2346.954389][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2346.961040][ C1] audit: audit_lost=1669 audit_rate_limit=0 audit_backlog_limit=64 [ 2346.969011][ C1] audit: backlog limit exceeded [ 2346.974281][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2346.980846][ C1] audit: audit_lost=1670 audit_rate_limit=0 audit_backlog_limit=64 [ 2346.988787][ C1] audit: backlog limit exceeded [ 2347.076126][ T1644] team0: Port device team_slave_0 added [ 2347.105856][ T1646] bridge0: port 2(bridge_slave_1) entered blocking state [ 2347.107275][ T1706] FAULT_INJECTION: forcing a failure. [ 2347.107275][ T1706] name failslab, interval 1, probability 0, space 0, times 0 [ 2347.113583][ T1646] bridge0: port 2(bridge_slave_1) entered disabled state [ 2347.178144][ T1646] bridge_slave_1: entered allmulticast mode [ 2347.185992][ T1646] bridge_slave_1: entered promiscuous mode [ 2347.197253][ T1644] team0: Port device team_slave_1 added [ 2347.224918][ T1706] CPU: 1 PID: 1706 Comm: syz.2.8461 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2347.234682][ T1706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2347.244757][ T1706] Call Trace: [ 2347.248060][ T1706] [ 2347.251051][ T1706] dump_stack_lvl+0x241/0x360 [ 2347.255778][ T1706] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2347.261017][ T1706] ? __pfx__printk+0x10/0x10 [ 2347.265649][ T1706] ? __pfx___might_resched+0x10/0x10 [ 2347.271416][ T1706] should_fail_ex+0x3b0/0x4e0 [ 2347.276144][ T1706] ? skb_clone+0x20c/0x390 [ 2347.280606][ T1706] should_failslab+0x9/0x20 [ 2347.285145][ T1706] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 2347.290536][ T1706] ? __virt_addr_valid+0x183/0x530 [ 2347.295670][ T1706] skb_clone+0x20c/0x390 [ 2347.299943][ T1706] pfkey_sendmsg+0x43d/0x1050 [ 2347.304648][ T1706] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 2347.309772][ T1706] ? tomoyo_socket_sendmsg_permission+0x288/0x420 [ 2347.316215][ T1706] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 2347.323002][ T1706] ? __pfx___might_resched+0x10/0x10 [ 2347.328310][ T1706] ? __might_fault+0xaa/0x120 [ 2347.333041][ T1706] ? __pfx_lock_release+0x10/0x10 [ 2347.338088][ T1706] ? __import_iovec+0x536/0x820 [ 2347.342959][ T1706] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2347.348432][ T1706] ? security_socket_sendmsg+0x87/0xb0 [ 2347.353910][ T1706] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 2347.359059][ T1706] __sock_sendmsg+0x221/0x270 [ 2347.363775][ T1706] ____sys_sendmsg+0x525/0x7d0 [ 2347.368583][ T1706] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2347.373941][ T1706] __sys_sendmsg+0x2b0/0x3a0 [ 2347.378601][ T1706] ? __pfx___sys_sendmsg+0x10/0x10 [ 2347.383728][ T1706] ? vfs_write+0x7c4/0xc90 [ 2347.388198][ T1706] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2347.394636][ T1706] ? do_syscall_64+0x100/0x230 [ 2347.399538][ T1706] ? do_syscall_64+0xb6/0x230 [ 2347.404241][ T1706] do_syscall_64+0xf3/0x230 [ 2347.408768][ T1706] ? clear_bhb_loop+0x35/0x90 [ 2347.413482][ T1706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2347.419387][ T1706] RIP: 0033:0x7ff765175a99 [ 2347.423811][ T1706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2347.443430][ T1706] RSP: 002b:00007ff765f46048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2347.451885][ T1706] RAX: ffffffffffffffda RBX: 00007ff765303f60 RCX: 00007ff765175a99 [ 2347.459881][ T1706] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 2347.467864][ T1706] RBP: 00007ff765f460a0 R08: 0000000000000000 R09: 0000000000000000 [ 2347.475844][ T1706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2347.483824][ T1706] R13: 000000000000000b R14: 00007ff765303f60 R15: 00007fff0b383088 [ 2347.491823][ T1706] [ 2347.494974][ C1] vkms_vblank_simulate: vblank timer overrun [ 2347.632466][ T1594] 8021q: adding VLAN 0 to HW filter on device team0 [ 2347.746489][ T1644] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2347.753640][ T1644] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2347.830379][ T1710] netlink: 'syz.0.8463': attribute type 1 has an invalid length. [ 2347.874982][ T1710] netlink: 9320 bytes leftover after parsing attributes in process `syz.0.8463'. [ 2347.884143][ T1710] netlink: 'syz.0.8463': attribute type 1 has an invalid length. [ 2347.912496][ T1644] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2347.985026][ T1644] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2347.991996][ T1644] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2348.055780][ T1710] netlink: 'syz.0.8463': attribute type 2 has an invalid length. [ 2348.063609][ T1710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8463'. [ 2348.086396][ T1644] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2348.191679][ T1716] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8464'. [ 2348.217268][T12936] bridge0: port 1(bridge_slave_0) entered blocking state [ 2348.224426][T12936] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2348.249512][ T1646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2348.315053][ T1177] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 2348.402597][T12936] bridge0: port 2(bridge_slave_1) entered blocking state [ 2348.409785][T12936] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2348.470756][ T1646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2348.517217][ T1177] usb 3-1: config 1 has an invalid descriptor of length 125, skipping remainder of the config [ 2348.541585][ T1177] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 2348.593032][ T1177] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 2348.620685][ T1177] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 2348.629754][ T1177] usb 3-1: SerialNumber: syz [ 2348.728832][ T1646] team0: Port device team_slave_0 added [ 2348.766178][ T1646] team0: Port device team_slave_1 added [ 2348.978654][ T1712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2348.987459][ T1712] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2349.090729][ T1177] usb 3-1: 0:2 : does not exist [ 2349.100133][ T1177] usb 3-1: unit 48 not found! [ 2349.247551][ T1644] hsr_slave_0: entered promiscuous mode [ 2349.257912][ T1177] usb 3-1: USB disconnect, device number 45 [ 2349.275390][ T1644] hsr_slave_1: entered promiscuous mode [ 2349.326648][ T1644] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2349.378106][ T1644] Cannot create hsr debugfs directory [ 2350.330829][ T1646] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2350.364830][ T1646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2350.390774][ C1] vkms_vblank_simulate: vblank timer overrun [ 2350.491663][ T1646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2350.815307][ T1646] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2350.847592][ T1646] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2350.942282][ T1646] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2351.242214][ T1646] hsr_slave_0: entered promiscuous mode [ 2351.294293][ T1646] hsr_slave_1: entered promiscuous mode [ 2351.364222][ T1646] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2351.374936][ T1646] Cannot create hsr debugfs directory [ 2351.665045][ T5095] usb 1-1: new high-speed USB device number 90 using dummy_hcd [ 2351.719078][ T29] kauditd_printk_skb: 2617 callbacks suppressed [ 2351.719096][ T29] audit: type=1400 audit(2000000861.070:45344): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1644 comm="syz-executor" name="/" dev="sda1" ino=2 [ 2351.801778][ T1742] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2351.830263][ T29] audit: type=1400 audit(2000000861.070:45345): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1644 comm="syz-executor" name="/" dev="sysfs" ino=1 [ 2351.836434][ T1742] audit: audit_lost=1772 audit_rate_limit=0 audit_backlog_limit=64 [ 2351.848907][ C1] vkms_vblank_simulate: vblank timer overrun [ 2351.909393][ T29] audit: type=1400 audit(2000000861.070:45346): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1644 comm="syz-executor" name="bus" dev="sysfs" ino=8 [ 2351.952502][ T29] audit: type=1400 audit(2000000861.070:45347): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1644 comm="syz-executor" name="netdevsim" dev="sysfs" ino=21787 [ 2351.969057][ T1742] audit: backlog limit exceeded [ 2351.999401][ T1743] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2352.006178][ T1742] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2352.015206][ T1740] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2352.048079][ T5095] usb 1-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2352.075006][ T5095] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2352.108550][ T5095] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 2352.138448][ T5095] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 2352.165045][ T5095] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 2352.195750][ T5095] usb 1-1: Manufacturer: syz [ 2352.200478][ T5095] usb 1-1: SerialNumber: syz [ 2352.725029][ T1740] sp0: Synchronizing with TNC [ 2353.529517][ T5095] yealink 1-1:36.0: invalid payload size 0, expected 16 [ 2353.557557][ T5095] input: Yealink usb-p1k as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:36.0/input/input171 [ 2353.636790][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 2353.643823][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 2353.650808][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 2353.657799][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 2353.664813][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 2353.671811][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 2353.678847][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 2353.685883][ C1] yealink 1-1:36.0: urb_ctl_callback - urb status -71 [ 2353.692695][ C1] yealink 1-1:36.0: urb_ctl_callback - usb_submit_urb failed -90 [ 2353.837198][ T7105] hsr_slave_0: left promiscuous mode [ 2353.872329][ T7105] 1·: left promiscuous mode [ 2353.883851][ T5095] usb 1-1: USB disconnect, device number 90 [ 2353.890317][ T7105] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2353.910127][ T7105] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2353.931354][ T7105] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2353.966788][ T7105] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2354.005781][ T7105] hsr_slave_0: left promiscuous mode [ 2354.012294][ T7105] 1·: left promiscuous mode [ 2354.031623][ T7105] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2354.049964][ T7105] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2354.072636][ T7105] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2354.083843][ T7105] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2354.279315][ T7105] veth1_macvtap: left promiscuous mode [ 2354.295867][ T7105] veth0_macvtap: left promiscuous mode [ 2354.301601][ T7105] veth1_vlan: left promiscuous mode [ 2354.315026][ T7105] veth0_vlan: left promiscuous mode [ 2354.324288][ T7105] veth1_macvtap: left promiscuous mode [ 2354.335608][ T7105] veth0_macvtap: left promiscuous mode [ 2354.345328][ T7105] veth1_vlan: left promiscuous mode [ 2354.350715][ T7105] veth0_vlan: left promiscuous mode [ 2356.733156][ T1493] audit_log_start: 1055 callbacks suppressed [ 2356.733176][ T1493] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2356.754949][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2356.761513][ C1] audit: audit_lost=1858 audit_rate_limit=0 audit_backlog_limit=64 [ 2356.765200][ T29] audit: type=1400 audit(2000000864.390:46151): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1752 comm="syz.0.8471" name="7" dev="tmpfs" ino=47 [ 2356.769465][ C1] audit: backlog limit exceeded [ 2356.794293][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2356.800908][ C1] audit: audit_lost=1859 audit_rate_limit=0 audit_backlog_limit=64 [ 2356.808878][ C1] audit: backlog limit exceeded [ 2356.814142][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2356.820720][ C1] audit: audit_lost=1860 audit_rate_limit=0 audit_backlog_limit=64 [ 2356.845006][ T7105] infiniband syz2: set down [ 2356.997160][ T1762] FAULT_INJECTION: forcing a failure. [ 2356.997160][ T1762] name failslab, interval 1, probability 0, space 0, times 0 [ 2357.047343][ T1762] CPU: 1 PID: 1762 Comm: syz.0.8473 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2357.057139][ T1762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2357.067223][ T1762] Call Trace: [ 2357.070564][ T1762] [ 2357.073515][ T1762] dump_stack_lvl+0x241/0x360 [ 2357.078232][ T1762] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2357.083459][ T1762] ? __pfx__printk+0x10/0x10 [ 2357.088096][ T1762] ? ref_tracker_alloc+0x332/0x490 [ 2357.093264][ T1762] should_fail_ex+0x3b0/0x4e0 [ 2357.098007][ T1762] ? skb_clone+0x20c/0x390 [ 2357.102475][ T1762] should_failslab+0x9/0x20 [ 2357.107042][ T1762] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 2357.112467][ T1762] skb_clone+0x20c/0x390 [ 2357.116760][ T1762] __netlink_deliver_tap+0x3cc/0x7c0 [ 2357.122105][ T1762] ? netlink_deliver_tap+0x2e/0x1b0 [ 2357.127338][ T1762] netlink_deliver_tap+0x19d/0x1b0 [ 2357.132471][ T1762] netlink_unicast+0x7be/0x990 [ 2357.137254][ T1762] ? __pfx_netlink_unicast+0x10/0x10 [ 2357.142547][ T1762] ? __virt_addr_valid+0x183/0x530 [ 2357.147687][ T1762] ? __check_object_size+0x49c/0x900 [ 2357.152995][ T1762] ? bpf_lsm_netlink_send+0x9/0x10 [ 2357.158158][ T1762] netlink_sendmsg+0x8e4/0xcb0 [ 2357.162960][ T1762] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2357.168264][ T1762] ? __import_iovec+0x536/0x820 [ 2357.173138][ T1762] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2357.178452][ T1762] ? security_socket_sendmsg+0x87/0xb0 [ 2357.183975][ T1762] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2357.189282][ T1762] __sock_sendmsg+0x221/0x270 [ 2357.193974][ T1762] ____sys_sendmsg+0x525/0x7d0 [ 2357.198766][ T1762] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2357.204088][ T1762] __sys_sendmsg+0x2b0/0x3a0 [ 2357.208711][ T1762] ? __pfx___sys_sendmsg+0x10/0x10 [ 2357.213837][ T1762] ? vfs_write+0x7c4/0xc90 [ 2357.218321][ T1762] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2357.224673][ T1762] ? do_syscall_64+0x100/0x230 [ 2357.229462][ T1762] ? do_syscall_64+0xb6/0x230 [ 2357.234153][ T1762] do_syscall_64+0xf3/0x230 [ 2357.238684][ T1762] ? clear_bhb_loop+0x35/0x90 [ 2357.243392][ T1762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2357.249304][ T1762] RIP: 0033:0x7f011ff75a99 [ 2357.253725][ T1762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2357.273345][ T1762] RSP: 002b:00007f0120e1a048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2357.281773][ T1762] RAX: ffffffffffffffda RBX: 00007f0120103f60 RCX: 00007f011ff75a99 [ 2357.289756][ T1762] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 2357.297734][ T1762] RBP: 00007f0120e1a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2357.305742][ T1762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2357.313718][ T1762] R13: 000000000000000b R14: 00007f0120103f60 R15: 00007ffe1e036808 [ 2357.321725][ T1762] [ 2358.458496][ T7105] team0 (unregistering): Port device team_slave_1 removed [ 2358.486666][ T3828] smc: removing ib device syz2 [ 2358.567766][ T7105] team0 (unregistering): Port device team_slave_0 removed [ 2361.011751][ T7105] team0 (unregistering): Port device team_slave_1 removed [ 2361.170458][ T7105] team0 (unregistering): Port device team_slave_0 removed [ 2362.062509][ T29] kauditd_printk_skb: 183 callbacks suppressed [ 2362.062532][ T29] audit: type=1400 audit(2000000871.420:46332): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=1601 comm="syz.3.8438" saddr=10.128.0.169 src=30008 daddr=10.128.1.240 dest=56138 netif=eth0 [ 2362.563665][ T29] audit: type=1400 audit(2000000871.920:46333): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=0 comm="swapper/1" saddr=10.128.0.169 src=30008 daddr=10.128.1.240 dest=56138 netif=eth0 [ 2362.681341][ T1594] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2362.794641][ T1493] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2362.802331][T28746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2362.810147][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2362.816328][ T1646] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2362.816797][ C1] audit: audit_lost=1862 audit_rate_limit=0 audit_backlog_limit=64 [ 2362.823183][ T1646] audit: audit_lost=1863 audit_rate_limit=0 audit_backlog_limit=64 [ 2362.831088][ C1] audit: backlog limit exceeded [ 2362.832086][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2364.536957][ T1646] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2364.680579][ T1644] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 2364.742730][ T1776] netlink: 'syz.0.8477': attribute type 10 has an invalid length. [ 2364.846627][ T1776] macvlan0: entered promiscuous mode [ 2364.878130][ T1776] macvlan0: entered allmulticast mode [ 2364.911961][ T1776] veth1_vlan: entered allmulticast mode [ 2364.990436][ T1776] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 2365.085918][ T1644] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 2365.460159][ T1785] hub 6-0:1.0: USB hub found [ 2365.466124][ T1785] hub 6-0:1.0: 1 port detected [ 2366.095921][ T1644] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 2366.336283][ T1646] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2366.517749][ T1644] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 2366.599896][ T1788] FAULT_INJECTION: forcing a failure. [ 2366.599896][ T1788] name failslab, interval 1, probability 0, space 0, times 0 [ 2366.675134][ T1788] CPU: 1 PID: 1788 Comm: syz.0.8479 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2366.684916][ T1788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2366.695012][ T1788] Call Trace: [ 2366.698353][ T1788] [ 2366.701308][ T1788] dump_stack_lvl+0x241/0x360 [ 2366.706053][ T1788] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2366.711300][ T1788] ? __pfx__printk+0x10/0x10 [ 2366.715929][ T1788] ? ref_tracker_alloc+0x332/0x490 [ 2366.721086][ T1788] should_fail_ex+0x3b0/0x4e0 [ 2366.725808][ T1788] ? skb_clone+0x20c/0x390 [ 2366.730265][ T1788] should_failslab+0x9/0x20 [ 2366.734805][ T1788] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 2366.740217][ T1788] skb_clone+0x20c/0x390 [ 2366.744480][ T1788] __netlink_deliver_tap+0x3cc/0x7c0 [ 2366.749790][ T1788] ? netlink_deliver_tap+0x2e/0x1b0 [ 2366.755002][ T1788] netlink_deliver_tap+0x19d/0x1b0 [ 2366.760127][ T1788] netlink_unicast+0x7be/0x990 [ 2366.764908][ T1788] ? __pfx_netlink_unicast+0x10/0x10 [ 2366.770195][ T1788] ? __virt_addr_valid+0x183/0x530 [ 2366.775320][ T1788] ? __check_object_size+0x49c/0x900 [ 2366.780648][ T1788] ? bpf_lsm_netlink_send+0x9/0x10 [ 2366.785774][ T1788] netlink_sendmsg+0x8e4/0xcb0 [ 2366.790559][ T1788] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2366.795853][ T1788] ? __import_iovec+0x536/0x820 [ 2366.800717][ T1788] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2366.806016][ T1788] ? security_socket_sendmsg+0x87/0xb0 [ 2366.811528][ T1788] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2366.816825][ T1788] __sock_sendmsg+0x221/0x270 [ 2366.821513][ T1788] ____sys_sendmsg+0x525/0x7d0 [ 2366.826301][ T1788] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2366.831613][ T1788] __sys_sendmsg+0x2b0/0x3a0 [ 2366.836220][ T1788] ? __pfx___sys_sendmsg+0x10/0x10 [ 2366.841342][ T1788] ? vfs_write+0x7c4/0xc90 [ 2366.845803][ T1788] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2366.852143][ T1788] ? do_syscall_64+0x100/0x230 [ 2366.856920][ T1788] ? do_syscall_64+0xb6/0x230 [ 2366.861606][ T1788] do_syscall_64+0xf3/0x230 [ 2366.866132][ T1788] ? clear_bhb_loop+0x35/0x90 [ 2366.870825][ T1788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2366.876741][ T1788] RIP: 0033:0x7f011ff75a99 [ 2366.881167][ T1788] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2366.900781][ T1788] RSP: 002b:00007f0120e1a048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2366.909204][ T1788] RAX: ffffffffffffffda RBX: 00007f0120103f60 RCX: 00007f011ff75a99 [ 2366.917182][ T1788] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004 [ 2366.925158][ T1788] RBP: 00007f0120e1a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2366.933135][ T1788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2366.941108][ T1788] R13: 000000000000000b R14: 00007f0120103f60 R15: 00007ffe1e036808 [ 2366.949123][ T1788] [ 2367.076376][ T29] kauditd_printk_skb: 2588 callbacks suppressed [ 2367.076400][ T29] audit: type=1400 audit(2000000876.420:48351): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1493 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 2367.141296][ T1493] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2367.194555][T28746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2367.205369][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2367.211920][ C1] audit: audit_lost=2055 audit_rate_limit=0 audit_backlog_limit=64 [ 2367.219917][ C1] audit: backlog limit exceeded [ 2367.224895][ T1493] audit: audit_lost=2056 audit_rate_limit=0 audit_backlog_limit=64 [ 2367.225762][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2367.232834][ T1493] audit: backlog limit exceeded [ 2367.239316][ C1] audit: audit_lost=2057 audit_rate_limit=0 audit_backlog_limit=64 [ 2367.336546][ T1646] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2367.448619][ T1794] FAULT_INJECTION: forcing a failure. [ 2367.448619][ T1794] name failslab, interval 1, probability 0, space 0, times 0 [ 2367.530891][ T1794] CPU: 1 PID: 1794 Comm: syz.2.8482 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2367.540657][ T1794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2367.550738][ T1794] Call Trace: [ 2367.554057][ T1794] [ 2367.556991][ T1794] dump_stack_lvl+0x241/0x360 [ 2367.561675][ T1794] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2367.566919][ T1794] ? __pfx__printk+0x10/0x10 [ 2367.571523][ T1794] ? ref_tracker_alloc+0x332/0x490 [ 2367.576645][ T1794] should_fail_ex+0x3b0/0x4e0 [ 2367.581327][ T1794] ? skb_clone+0x20c/0x390 [ 2367.585758][ T1794] should_failslab+0x9/0x20 [ 2367.590282][ T1794] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 2367.595676][ T1794] skb_clone+0x20c/0x390 [ 2367.599933][ T1794] __netlink_deliver_tap+0x3cc/0x7c0 [ 2367.605264][ T1794] ? netlink_deliver_tap+0x2e/0x1b0 [ 2367.610474][ T1794] netlink_deliver_tap+0x19d/0x1b0 [ 2367.615608][ T1794] netlink_unicast+0x7be/0x990 [ 2367.620378][ T1794] ? __pfx_netlink_unicast+0x10/0x10 [ 2367.625784][ T1794] ? __virt_addr_valid+0x183/0x530 [ 2367.631001][ T1794] ? __check_object_size+0x49c/0x900 [ 2367.636315][ T1794] ? bpf_lsm_netlink_send+0x9/0x10 [ 2367.641429][ T1794] netlink_sendmsg+0x8e4/0xcb0 [ 2367.646219][ T1794] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2367.651510][ T1794] ? __import_iovec+0x536/0x820 [ 2367.656368][ T1794] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2367.661659][ T1794] ? security_socket_sendmsg+0x87/0xb0 [ 2367.667129][ T1794] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2367.672420][ T1794] __sock_sendmsg+0x221/0x270 [ 2367.677106][ T1794] ____sys_sendmsg+0x525/0x7d0 [ 2367.681968][ T1794] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2367.687302][ T1794] __sys_sendmsg+0x2b0/0x3a0 [ 2367.691902][ T1794] ? __pfx___sys_sendmsg+0x10/0x10 [ 2367.697020][ T1794] ? vfs_write+0x7c4/0xc90 [ 2367.701470][ T1794] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2367.707814][ T1794] ? do_syscall_64+0x100/0x230 [ 2367.712585][ T1794] ? do_syscall_64+0xb6/0x230 [ 2367.717284][ T1794] do_syscall_64+0xf3/0x230 [ 2367.721794][ T1794] ? clear_bhb_loop+0x35/0x90 [ 2367.726477][ T1794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2367.732382][ T1794] RIP: 0033:0x7ff765175a99 [ 2367.736819][ T1794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2367.756453][ T1794] RSP: 002b:00007ff765f46048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2367.764883][ T1794] RAX: ffffffffffffffda RBX: 00007ff765303f60 RCX: 00007ff765175a99 [ 2367.772876][ T1794] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004 [ 2367.780851][ T1794] RBP: 00007ff765f460a0 R08: 0000000000000000 R09: 0000000000000000 [ 2367.788826][ T1794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2367.796813][ T1794] R13: 000000000000000b R14: 00007ff765303f60 R15: 00007fff0b383088 [ 2367.804825][ T1794] [ 2368.527606][ T1646] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2369.949829][ T1594] veth0_vlan: entered promiscuous mode [ 2370.179626][ T1644] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2370.224585][ T1594] veth1_vlan: entered promiscuous mode [ 2371.246553][ T1644] 8021q: adding VLAN 0 to HW filter on device team0 [ 2371.366558][T25155] bridge0: port 1(bridge_slave_0) entered blocking state [ 2371.373756][T25155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2371.433881][T25155] bridge0: port 2(bridge_slave_1) entered blocking state [ 2371.441065][T25155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2371.797292][ T1646] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2371.822141][ T1594] veth0_macvtap: entered promiscuous mode [ 2371.866153][ T1646] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2371.890475][ T1646] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2371.939993][ T1594] veth1_macvtap: entered promiscuous mode [ 2371.959713][ T1646] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2371.999713][ T7105] IPVS: stop unused estimator thread 0... [ 2372.016887][T25155] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 2372.074420][ T1594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2372.088002][ T29] kauditd_printk_skb: 999 callbacks suppressed [ 2372.088020][ T29] audit: type=1400 audit(2000000881.450:49186): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1815 comm="modprobe" name="etc" dev="sda1" ino=115 [ 2372.113658][ T1594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2372.145402][ T1815] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2372.154985][ T29] audit: type=1400 audit(2000000881.480:49187): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1815 comm="modprobe" name="/" dev="sda1" ino=2 [ 2372.183756][ T1815] audit: audit_lost=2113 audit_rate_limit=0 audit_backlog_limit=64 [ 2372.193826][ T1594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2372.193835][ T1815] audit: backlog limit exceeded [ 2372.193855][ T1594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2372.216254][ T29] audit: type=1400 audit(2000000881.480:49188): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1815 comm="modprobe" name="etc" dev="sda1" ino=115 [ 2372.245389][ T1815] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2372.255112][ T1814] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2372.261695][ T1814] audit: audit_lost=2114 audit_rate_limit=0 audit_backlog_limit=64 [ 2372.274926][ T1815] audit: audit_lost=2115 audit_rate_limit=0 audit_backlog_limit=64 [ 2372.299289][T25155] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 2372.304805][ T1594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2372.320505][T25155] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2372.350167][T25155] usb 3-1: config 0 descriptor?? [ 2372.359358][ T1594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2372.373802][T25155] cp210x 3-1:0.0: cp210x converter detected [ 2372.386334][ T1594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2372.432382][ T1594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2372.466938][ T1594] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2372.577397][ T1594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2372.637549][ T1594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2372.681323][ T1594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2372.704799][ T1594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2372.734980][ T1594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2372.772526][ T1594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2372.793019][ T1594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2372.804022][ T1594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2372.841815][ T1594] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2372.939952][ T1594] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2372.979133][ T1594] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2373.002649][ T1594] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2373.036945][ T1594] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2373.097472][T25155] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -121 [ 2373.125495][T25155] cp210x 3-1:0.0: GPIO initialisation failed: -121 [ 2373.183990][T25155] usb 3-1: cp210x converter now attached to ttyUSB0 [ 2373.320392][ T1814] netlink: 148 bytes leftover after parsing attributes in process `syz.2.8486'. [ 2373.379385][ T5146] usb 3-1: USB disconnect, device number 46 [ 2373.413204][ T5146] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 2373.425305][ T5146] cp210x 3-1:0.0: device disconnected [ 2373.514116][ T3828] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2373.544789][ T3828] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2373.683171][ T1644] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2373.713416][T29933] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2373.737829][T29933] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2373.751735][ T1646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2373.889401][ T1826] netlink: 'syz.0.8489': attribute type 15 has an invalid length. [ 2373.912585][ T1646] 8021q: adding VLAN 0 to HW filter on device team0 [ 2373.951254][ T1644] veth0_vlan: entered promiscuous mode [ 2374.611443][ T1644] veth1_vlan: entered promiscuous mode [ 2374.691588][ T5146] bridge0: port 1(bridge_slave_0) entered blocking state [ 2374.698801][ T5146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2374.762334][ T5146] bridge0: port 2(bridge_slave_1) entered blocking state [ 2374.769598][ T5146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2375.050940][ T1841] FAULT_INJECTION: forcing a failure. [ 2375.050940][ T1841] name failslab, interval 1, probability 0, space 0, times 0 [ 2375.076130][ T1841] CPU: 1 PID: 1841 Comm: syz.2.8492 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2375.085919][ T1841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2375.096014][ T1841] Call Trace: [ 2375.099316][ T1841] [ 2375.102293][ T1841] dump_stack_lvl+0x241/0x360 [ 2375.107017][ T1841] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2375.112248][ T1841] ? __pfx__printk+0x10/0x10 [ 2375.116874][ T1841] ? ref_tracker_alloc+0x332/0x490 [ 2375.122026][ T1841] should_fail_ex+0x3b0/0x4e0 [ 2375.126740][ T1841] ? skb_clone+0x20c/0x390 [ 2375.131197][ T1841] should_failslab+0x9/0x20 [ 2375.135739][ T1841] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 2375.141173][ T1841] skb_clone+0x20c/0x390 [ 2375.145495][ T1841] __netlink_deliver_tap+0x3cc/0x7c0 [ 2375.150841][ T1841] ? netlink_deliver_tap+0x2e/0x1b0 [ 2375.156094][ T1841] netlink_deliver_tap+0x19d/0x1b0 [ 2375.161241][ T1841] netlink_unicast+0x7be/0x990 [ 2375.166053][ T1841] ? __pfx_netlink_unicast+0x10/0x10 [ 2375.171371][ T1841] ? __virt_addr_valid+0x183/0x530 [ 2375.176526][ T1841] ? __check_object_size+0x49c/0x900 [ 2375.181853][ T1841] ? bpf_lsm_netlink_send+0x9/0x10 [ 2375.187004][ T1841] netlink_sendmsg+0x8e4/0xcb0 [ 2375.191822][ T1841] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2375.197145][ T1841] ? __import_iovec+0x536/0x820 [ 2375.202042][ T1841] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2375.207367][ T1841] ? security_socket_sendmsg+0x87/0xb0 [ 2375.212865][ T1841] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2375.218184][ T1841] __sock_sendmsg+0x221/0x270 [ 2375.222901][ T1841] ____sys_sendmsg+0x525/0x7d0 [ 2375.227716][ T1841] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2375.233062][ T1841] __sys_sendmsg+0x2b0/0x3a0 [ 2375.237711][ T1841] ? __pfx___sys_sendmsg+0x10/0x10 [ 2375.242857][ T1841] ? vfs_write+0x7c4/0xc90 [ 2375.247355][ T1841] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2375.253715][ T1841] ? do_syscall_64+0x100/0x230 [ 2375.258513][ T1841] ? do_syscall_64+0xb6/0x230 [ 2375.263226][ T1841] do_syscall_64+0xf3/0x230 [ 2375.267770][ T1841] ? clear_bhb_loop+0x35/0x90 [ 2375.272487][ T1841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2375.278418][ T1841] RIP: 0033:0x7ff765175a99 [ 2375.282865][ T1841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2375.302508][ T1841] RSP: 002b:00007ff765f46048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2375.310992][ T1841] RAX: ffffffffffffffda RBX: 00007ff765303f60 RCX: 00007ff765175a99 [ 2375.318982][ T1841] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 2375.326972][ T1841] RBP: 00007ff765f460a0 R08: 0000000000000000 R09: 0000000000000000 [ 2375.334967][ T1841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2375.342960][ T1841] R13: 000000000000000b R14: 00007ff765303f60 R15: 00007fff0b383088 [ 2375.350960][ T1841] [ 2375.354041][ C1] vkms_vblank_simulate: vblank timer overrun [ 2375.362059][ T1841] netlink: 'syz.2.8492': attribute type 18 has an invalid length. [ 2376.146693][ T1644] veth0_macvtap: entered promiscuous mode [ 2376.348016][ T1644] veth1_macvtap: entered promiscuous mode [ 2376.400514][ T1644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2376.412519][ T1644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2376.436066][ T1644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2376.455810][ T1644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2376.466500][ T1644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2376.477855][ T1644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2376.487846][ T1644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2376.499319][ T1644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2376.523097][ T1644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2376.557184][ T1644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2376.580665][ T1644] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2376.595432][ T1851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8497'. [ 2376.630006][ T1644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2376.674924][ T1644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2376.737417][ T1644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2376.805100][ T1644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2376.852208][ T1644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2376.903703][ T1644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2376.944152][ T1644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2376.965821][ T1860] netlink: 'syz.0.8498': attribute type 1 has an invalid length. [ 2376.990036][ T1644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2377.001522][ T1860] netlink: 9320 bytes leftover after parsing attributes in process `syz.0.8498'. [ 2377.040367][ T1860] netlink: 'syz.0.8498': attribute type 1 has an invalid length. [ 2377.048425][ T1644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2377.085846][ T1644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2377.109126][ T29] kauditd_printk_skb: 3481 callbacks suppressed [ 2377.109145][ T29] audit: type=1400 audit(2000000886.470:52007): lsm=SMACK fn=smack_file_open action=granted subject="_" object="_" requested=r pid=1859 comm="syz.0.8498" path="/proc/sys/net/ipv4/vs/secure_tcp" dev="proc" ino=170791 [ 2377.140497][ T1860] netlink: 'syz.0.8498': attribute type 2 has an invalid length. [ 2377.177925][ T1644] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2377.211674][ T1860] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8498'. [ 2377.291120][ T29] audit: type=1400 audit(2000000886.470:52008): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=r pid=1859 comm="syz.0.8498" path="/proc/sys/net/ipv4/vs/secure_tcp" dev="proc" ino=170791 [ 2377.331462][T28746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2377.340414][ T1863] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2377.356939][ T1644] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2377.357803][ T1863] audit: audit_lost=2337 audit_rate_limit=0 audit_backlog_limit=64 [ 2377.384280][T28746] audit: audit_lost=2338 audit_rate_limit=0 audit_backlog_limit=64 [ 2377.393818][ T1863] audit: backlog limit exceeded [ 2377.399524][ T1644] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2377.418751][T28746] audit: backlog limit exceeded [ 2377.419673][ T29] audit: type=1400 audit(2000000886.500:52009): lsm=SMACK fn=smack_task_setscheduler action=granted subject="_" object="_" requested=w pid=1859 comm="syz.0.8498" opid=1859 ocomm="syz.0.8498" [ 2377.424059][ T1863] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2377.461318][ T1644] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2377.487595][ T1644] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2377.876296][ T7141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2377.884218][ T7141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2378.163163][ T1868] netlink: 36 bytes leftover after parsing attributes in process `syz.2.8499'. [ 2378.700492][T22260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2378.805229][T22260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2379.266905][ T1873] hub 6-0:1.0: USB hub found [ 2379.273038][ T1873] hub 6-0:1.0: 1 port detected [ 2379.964483][ T1646] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2380.253289][ T1646] veth0_vlan: entered promiscuous mode [ 2380.326345][ T1646] veth1_vlan: entered promiscuous mode [ 2380.561656][ T1646] veth0_macvtap: entered promiscuous mode [ 2380.609966][ T1646] veth1_macvtap: entered promiscuous mode [ 2380.940679][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2381.018738][ T1892] hub 6-0:1.0: USB hub found [ 2381.024791][ T1892] hub 6-0:1.0: 1 port detected [ 2381.284471][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2381.324620][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2381.664903][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2381.676647][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2381.687330][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2381.712354][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2381.750954][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2381.784892][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2381.825164][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2381.843096][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2381.873487][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2381.925851][ T1646] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2381.943637][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2381.966555][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2381.997628][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2382.090534][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2382.120560][ T29] kauditd_printk_skb: 3162 callbacks suppressed [ 2382.120582][ T29] audit: type=1400 audit(2000000891.480:54315): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1895 comm="syz.2.8506" name="newroot" dev="tmpfs" ino=2 [ 2382.197270][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2382.198205][ T29] audit: type=1400 audit(2000000891.480:54316): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1895 comm="syz.2.8506" name="/" dev="proc" ino=1 [ 2382.424878][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2383.306445][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2383.310595][ T1902] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2383.324341][ T1899] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2383.331161][ T29] audit: type=1400 audit(2000000891.480:54317): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1895 comm="syz.2.8506" name="/" dev="proc" ino=1 [ 2383.334984][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2383.350222][ T1644] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2383.371167][ T1899] audit: audit_lost=2625 audit_rate_limit=0 audit_backlog_limit=64 [ 2383.398127][ T29] audit: type=1400 audit(2000000891.480:54318): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=1895 comm="syz.2.8506" name="1103" dev="proc" ino=171587 [ 2383.404858][ T1902] audit: audit_lost=2626 audit_rate_limit=0 audit_backlog_limit=64 [ 2383.425715][ T1899] audit: backlog limit exceeded [ 2383.454022][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2383.490244][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2383.518227][ T1646] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2383.600353][ T1646] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2383.654337][ T1646] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2383.893420][ T1646] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2383.956894][ T1646] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2383.997869][ T1646] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2384.023440][ T1646] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2384.117657][ T1911] netlink: 'syz.0.8508': attribute type 1 has an invalid length. [ 2384.165102][ T1911] netlink: 9320 bytes leftover after parsing attributes in process `syz.0.8508'. [ 2384.217464][ T1911] netlink: 'syz.0.8508': attribute type 1 has an invalid length. [ 2384.225576][ T1911] netlink: 'syz.0.8508': attribute type 2 has an invalid length. [ 2384.255982][ T1911] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8508'. [ 2384.532795][ T1103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2384.589192][ T1103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2384.834490][T22260] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2384.874813][T22260] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2386.799522][ T1938] cgroup: noprefix used incorrectly [ 2387.105377][T12936] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 2387.138816][ T29] kauditd_printk_skb: 3284 callbacks suppressed [ 2387.138839][ T29] audit: type=1400 audit(2000000896.500:56757): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=w pid=1940 comm="syz.4.8516" path="/dev/raw-gadget" dev="devtmpfs" ino=733 [ 2387.220124][ T1493] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2387.228557][ T1493] audit: audit_lost=2909 audit_rate_limit=0 audit_backlog_limit=64 [ 2387.236858][ T1493] audit: backlog limit exceeded [ 2387.241818][ T1493] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2387.250255][ T1493] audit: audit_lost=2910 audit_rate_limit=0 audit_backlog_limit=64 [ 2387.265118][ T1945] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2387.265148][ T1493] audit: backlog limit exceeded [ 2387.271734][ T1945] audit: audit_lost=2911 audit_rate_limit=0 audit_backlog_limit=64 [ 2387.276861][ T1493] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2387.500321][T12936] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2387.521502][T12936] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 2387.696861][T12936] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2387.730152][T12936] usb 5-1: config 0 descriptor?? [ 2388.258536][ T1953] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8519'. [ 2388.450794][ T1953] netlink: 92 bytes leftover after parsing attributes in process `syz.0.8519'. [ 2388.525994][ T1953] vlan0: entered allmulticast mode [ 2388.527823][ T1957] netlink: 'syz.1.8521': attribute type 1 has an invalid length. [ 2388.531147][ T1953] veth0_vlan: entered allmulticast mode [ 2388.581823][ T1957] netlink: 9320 bytes leftover after parsing attributes in process `syz.1.8521'. [ 2388.627107][ T1957] netlink: 'syz.1.8521': attribute type 1 has an invalid length. [ 2388.657868][ T1957] netlink: 'syz.1.8521': attribute type 2 has an invalid length. [ 2388.688602][ T1957] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8521'. [ 2388.775946][ T1958] netlink: 32 bytes leftover after parsing attributes in process `syz.3.8520'. [ 2388.935294][ T5103] Bluetooth: hci2: command 0x0406 tx timeout [ 2389.305891][ T1975] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8524'. [ 2389.424467][ T1975] bad cache= option: none [ 2389.424467][ T1975] [ 2389.453686][ T1975] CIFS: VFS: bad cache= option: none [ 2391.015204][ T5103] Bluetooth: hci2: command 0x0406 tx timeout [ 2391.904068][T12936] usb 5-1: USB disconnect, device number 63 [ 2392.205447][ T29] kauditd_printk_skb: 2595 callbacks suppressed [ 2392.205471][ T29] audit: type=1400 audit(2000000901.470:59087): lsm=SMACK fn=smack_task_setscheduler action=granted subject="_" object="_" requested=w pid=2000 comm="syz.4.8530" opid=2000 ocomm="syz.4.8530" [ 2392.310247][ T1493] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2392.317009][ T1493] audit: audit_lost=3001 audit_rate_limit=0 audit_backlog_limit=64 [ 2392.324205][ T1594] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2392.325339][ T1493] audit: backlog limit exceeded [ 2392.336676][ T1493] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2392.336732][ T1999] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2392.343187][ T1493] audit: audit_lost=3002 audit_rate_limit=0 audit_backlog_limit=64 [ 2392.360982][ T1594] audit: audit_lost=3003 audit_rate_limit=0 audit_backlog_limit=64 [ 2392.384921][ T1493] audit: backlog limit exceeded [ 2393.574998][ T2021] netlink: 'syz.2.8535': attribute type 1 has an invalid length. [ 2393.595063][ T2021] netlink: 9320 bytes leftover after parsing attributes in process `syz.2.8535'. [ 2393.631229][ T2021] netlink: 'syz.2.8535': attribute type 1 has an invalid length. [ 2393.667685][ T2021] netlink: 'syz.2.8535': attribute type 2 has an invalid length. [ 2393.696818][ T2021] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8535'. [ 2394.145820][ T5176] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 2394.365956][ T5176] usb 2-1: Using ep0 maxpacket: 8 [ 2394.391896][ T5176] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2394.424599][ T5176] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 2394.454860][ T5176] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 2394.490734][ T5176] usb 2-1: SerialNumber: syz [ 2394.507688][ T5176] usb 2-1: config 0 descriptor?? [ 2394.516791][ T5176] usb 2-1: Found UVC 0.00 device (05ac:8501) [ 2394.532094][ T5176] uvcvideo 2-1:0.0: Entity type for entity Output 255 was not initialized! [ 2394.562632][ T5176] usb 2-1: Failed to create links for entity 255 [ 2394.576410][ T5176] usb 2-1: Failed to register entities (-22). [ 2394.996285][ T2042] ebt_among: wrong size: 2080 against expected 2280, rounded to 2280 [ 2395.555346][ T1152] usb 2-1: USB disconnect, device number 79 [ 2397.522465][ T29] kauditd_printk_skb: 2786 callbacks suppressed [ 2397.522485][ T29] audit: type=1400 audit(2000000906.870:61550): lsm=SMACK fn=smack_task_kill action=granted subject="_" object="_" requested=w pid=1644 comm="syz-executor" opid=2026 ocomm="syz.1.8536" [ 2397.678536][ T2063] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2397.686099][ T2064] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2397.696276][ T1493] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2397.701670][ T1646] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2397.702958][ C1] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2397.715961][ C1] audit: audit_lost=3112 audit_rate_limit=0 audit_backlog_limit=64 [ 2397.723868][ C1] audit: backlog limit exceeded [ 2397.729161][ C1] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2397.735687][ C1] audit: audit_lost=3113 audit_rate_limit=0 audit_backlog_limit=64 [ 2398.130378][ T2074] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2399.165119][ T1177] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 2399.347467][ T1177] usb 2-1: device descriptor read/64, error -71 [ 2399.437024][ T2100] netlink: 68 bytes leftover after parsing attributes in process `syz.3.8551'. [ 2399.557911][ T2100] netlink: 68 bytes leftover after parsing attributes in process `syz.3.8551'. [ 2399.684991][ T1177] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 2399.854984][ T1177] usb 2-1: device descriptor read/64, error -71 [ 2399.996587][ T1177] usb usb2-port1: attempt power cycle [ 2400.415291][ T1177] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 2400.478437][ T1177] usb 2-1: device descriptor read/8, error -71 [ 2400.595903][ T2117] trusted_key: encrypted_key: key trusted:syz not found [ 2400.775359][ T1177] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 2400.973534][ T1177] usb 2-1: device descriptor read/8, error -71 [ 2401.916458][ T1177] usb usb2-port1: unable to enumerate USB device [ 2402.055382][T26135] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 2402.066974][T26135] Bluetooth: hci3: Injecting HCI hardware error event [ 2402.079215][ T5103] Bluetooth: hci3: hardware error 0x00 [ 2402.739866][ T29] kauditd_printk_skb: 4583 callbacks suppressed [ 2402.739914][ T29] audit: type=1400 audit(2000000911.970:64556): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=2127 comm="syz.1.8557" saddr=10.128.0.169 src=30008 daddr=10.128.1.240 dest=56138 netif=eth0 [ 2403.486864][ T29] audit: type=1400 audit(2000000912.090:64557): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=2127 comm="syz.1.8557" name="newroot" dev="tmpfs" ino=2 [ 2403.580406][ T1644] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2403.580455][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2403.593658][ C1] audit: audit_lost=3643 audit_rate_limit=0 audit_backlog_limit=64 [ 2403.601573][ C1] audit: backlog limit exceeded [ 2403.607378][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2403.613915][ C1] audit: audit_lost=3644 audit_rate_limit=0 audit_backlog_limit=64 [ 2403.621832][ C1] audit: backlog limit exceeded [ 2403.626976][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2404.080250][ T2149] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8561'. [ 2404.115790][ T2149] FAULT_INJECTION: forcing a failure. [ 2404.115790][ T2149] name failslab, interval 1, probability 0, space 0, times 0 [ 2404.153035][ T2149] CPU: 1 PID: 2149 Comm: syz.0.8561 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2404.162837][ T2149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2404.172942][ T2149] Call Trace: [ 2404.176263][ T2149] [ 2404.179229][ T2149] dump_stack_lvl+0x241/0x360 [ 2404.183972][ T2149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2404.189201][ T2149] ? __pfx__printk+0x10/0x10 [ 2404.193839][ T2149] ? ref_tracker_alloc+0x332/0x490 [ 2404.198995][ T2149] should_fail_ex+0x3b0/0x4e0 [ 2404.203713][ T2149] ? skb_clone+0x20c/0x390 [ 2404.208220][ T2149] should_failslab+0x9/0x20 [ 2404.212760][ T2149] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 2404.218339][ T2149] skb_clone+0x20c/0x390 [ 2404.222617][ T2149] __netlink_deliver_tap+0x3cc/0x7c0 [ 2404.227934][ T2149] ? netlink_deliver_tap+0x2e/0x1b0 [ 2404.233148][ T2149] netlink_deliver_tap+0x19d/0x1b0 [ 2404.238276][ T2149] netlink_unicast+0x7be/0x990 [ 2404.243059][ T2149] ? __pfx_netlink_unicast+0x10/0x10 [ 2404.248360][ T2149] ? __virt_addr_valid+0x183/0x530 [ 2404.253495][ T2149] ? __check_object_size+0x49c/0x900 [ 2404.258808][ T2149] ? bpf_lsm_netlink_send+0x9/0x10 [ 2404.264024][ T2149] netlink_sendmsg+0x8e4/0xcb0 [ 2404.268833][ T2149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2404.274138][ T2149] ? __import_iovec+0x536/0x820 [ 2404.279005][ T2149] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2404.284299][ T2149] ? security_socket_sendmsg+0x87/0xb0 [ 2404.289773][ T2149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2404.295075][ T2149] __sock_sendmsg+0x221/0x270 [ 2404.299769][ T2149] ____sys_sendmsg+0x525/0x7d0 [ 2404.304992][ T2149] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2404.310320][ T2149] __sys_sendmsg+0x2b0/0x3a0 [ 2404.314944][ T2149] ? __pfx___sys_sendmsg+0x10/0x10 [ 2404.320087][ T2149] ? vfs_write+0x7c4/0xc90 [ 2404.324563][ T2149] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2404.330920][ T2149] ? do_syscall_64+0x100/0x230 [ 2404.335704][ T2149] ? do_syscall_64+0xb6/0x230 [ 2404.340394][ T2149] do_syscall_64+0xf3/0x230 [ 2404.344909][ T2149] ? clear_bhb_loop+0x35/0x90 [ 2404.349632][ T2149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2404.355757][ T2149] RIP: 0033:0x7f011ff75a99 [ 2404.360185][ T2149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2404.379844][ T2149] RSP: 002b:00007f0120e1a048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2404.388274][ T2149] RAX: ffffffffffffffda RBX: 00007f0120103f60 RCX: 00007f011ff75a99 [ 2404.396248][ T2149] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000006 [ 2404.404223][ T2149] RBP: 00007f0120e1a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2404.412210][ T2149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2404.420190][ T2149] R13: 000000000000000b R14: 00007f0120103f60 R15: 00007ffe1e036808 [ 2404.428182][ T2149] [ 2406.198549][ T5103] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 2408.206088][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 2408.212671][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 2408.222818][ T29] kauditd_printk_skb: 1023 callbacks suppressed [ 2408.222872][ T29] audit: type=1400 audit(2000000917.570:65403): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=2153 comm="syz.2.8564" name="newroot" dev="tmpfs" ino=2 [ 2408.225588][ T2156] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2408.234881][ T5103] Bluetooth: hci3: Opcode 0x2046 failed: -110 [ 2408.251402][ T2156] audit: audit_lost=3705 audit_rate_limit=0 audit_backlog_limit=64 [ 2408.275043][ T1646] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2408.276286][ T2156] audit: backlog limit exceeded [ 2408.283381][ T1646] audit: audit_lost=3706 audit_rate_limit=0 audit_backlog_limit=64 [ 2408.288915][ T2156] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2408.296671][ T1646] audit: backlog limit exceeded [ 2408.310451][ T29] audit: type=1400 audit(2000000917.570:65404): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=2153 comm="syz.2.8564" name="/" dev="devtmpfs" ino=1 [ 2408.312126][ T2156] audit: audit_lost=3707 audit_rate_limit=0 audit_backlog_limit=64 [ 2408.914843][ T5176] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 2409.024981][T12936] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 2409.099566][ T5176] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2409.127120][ T5176] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 2409.152913][ T5176] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2409.185079][T12936] usb 1-1: device descriptor read/64, error -71 [ 2409.198626][ T5176] usb 3-1: config 0 descriptor?? [ 2409.464922][T12936] usb 1-1: new high-speed USB device number 92 using dummy_hcd [ 2409.638454][T12936] usb 1-1: device descriptor read/64, error -71 [ 2409.765230][T12936] usb usb1-port1: attempt power cycle [ 2410.175065][T12936] usb 1-1: new high-speed USB device number 93 using dummy_hcd [ 2410.230012][T12936] usb 1-1: device descriptor read/8, error -71 [ 2410.264915][ T5146] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 2410.265979][ T2192] FAULT_INJECTION: forcing a failure. [ 2410.265979][ T2192] name failslab, interval 1, probability 0, space 0, times 0 [ 2410.302644][ T2192] CPU: 1 PID: 2192 Comm: syz.1.8574 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2410.312418][ T2192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2410.322486][ T2192] Call Trace: [ 2410.325777][ T2192] [ 2410.328717][ T2192] dump_stack_lvl+0x241/0x360 [ 2410.333413][ T2192] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2410.338624][ T2192] ? __pfx__printk+0x10/0x10 [ 2410.343231][ T2192] ? __pfx___might_resched+0x10/0x10 [ 2410.348540][ T2192] should_fail_ex+0x3b0/0x4e0 [ 2410.353238][ T2192] ? smack_sk_alloc_security+0xed/0x250 [ 2410.358827][ T2192] should_failslab+0x9/0x20 [ 2410.363374][ T2192] kmalloc_trace_noprof+0x6c/0x2c0 [ 2410.368518][ T2192] smack_sk_alloc_security+0xed/0x250 [ 2410.373935][ T2192] security_sk_alloc+0x75/0xb0 [ 2410.378726][ T2192] sk_prot_alloc+0xfa/0x210 [ 2410.383248][ T2192] ? sk_alloc+0x26/0x370 [ 2410.387509][ T2192] sk_alloc+0x38/0x370 [ 2410.391598][ T2192] ? bpf_test_init+0x15a/0x180 [ 2410.396397][ T2192] ? bpf_ctx_init+0x162/0x1b0 [ 2410.401165][ T2192] bpf_prog_test_run_skb+0x3bd/0x1820 [ 2410.406571][ T2192] ? __pfx_lock_release+0x10/0x10 [ 2410.411636][ T2192] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 2410.417467][ T2192] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 2410.423291][ T2192] bpf_prog_test_run+0x33a/0x3b0 [ 2410.428251][ T2192] __sys_bpf+0x48d/0x810 [ 2410.432510][ T2192] ? __pfx___sys_bpf+0x10/0x10 [ 2410.437320][ T2192] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2410.443428][ T2192] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2410.449808][ T2192] ? do_syscall_64+0x100/0x230 [ 2410.454607][ T2192] __x64_sys_bpf+0x7c/0x90 [ 2410.459050][ T2192] do_syscall_64+0xf3/0x230 [ 2410.463568][ T2192] ? clear_bhb_loop+0x35/0x90 [ 2410.468268][ T2192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2410.474175][ T2192] RIP: 0033:0x7fd4da975a99 [ 2410.478606][ T2192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2410.498237][ T2192] RSP: 002b:00007fd4db7d0048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 2410.506671][ T2192] RAX: ffffffffffffffda RBX: 00007fd4dab03f60 RCX: 00007fd4da975a99 [ 2410.514666][ T2192] RDX: 0000000000000050 RSI: 0000000020000000 RDI: 000000000000000a [ 2410.522647][ T2192] RBP: 00007fd4db7d00a0 R08: 0000000000000000 R09: 0000000000000000 [ 2410.530627][ T2192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2410.538604][ T2192] R13: 000000000000000b R14: 00007fd4dab03f60 R15: 00007ffe3630ed58 [ 2410.546598][ T2192] [ 2410.671604][ T5146] usb 5-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05 [ 2410.694826][ T5146] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2410.712144][T12936] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 2410.725603][ T5146] usb 5-1: Product: syz [ 2410.730558][ T5146] usb 5-1: Manufacturer: syz [ 2410.741362][ T5146] usb 5-1: SerialNumber: syz [ 2410.756123][T12936] usb 1-1: device descriptor read/8, error -71 [ 2410.763772][ T5146] usb 5-1: config 0 descriptor?? [ 2410.784018][ T5146] go7007 5-1:0.0: probe with driver go7007 failed with error -12 [ 2410.855235][ T2199] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8575'. [ 2410.867054][ T2199] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8575'. [ 2410.886692][T12936] usb usb1-port1: unable to enumerate USB device [ 2411.618652][ T5176] usb 5-1: USB disconnect, device number 64 [ 2412.060946][ T2208] FAULT_INJECTION: forcing a failure. [ 2412.060946][ T2208] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2412.088363][ T5176] usb 3-1: USB disconnect, device number 47 [ 2412.094435][ T2208] CPU: 1 PID: 2208 Comm: syz.4.8576 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2412.104281][ T2208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2412.114341][ T2208] Call Trace: [ 2412.117627][ T2208] [ 2412.120560][ T2208] dump_stack_lvl+0x241/0x360 [ 2412.125278][ T2208] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2412.130500][ T2208] ? __pfx__printk+0x10/0x10 [ 2412.135142][ T2208] ? __pfx_lock_release+0x10/0x10 [ 2412.140201][ T2208] should_fail_ex+0x3b0/0x4e0 [ 2412.144915][ T2208] _copy_from_user+0x2f/0xe0 [ 2412.149575][ T2208] copy_msghdr_from_user+0xae/0x680 [ 2412.154823][ T2208] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 2412.160680][ T2208] __sys_sendmsg+0x23d/0x3a0 [ 2412.165283][ T2208] ? __pfx___sys_sendmsg+0x10/0x10 [ 2412.170420][ T2208] ? vfs_write+0x7c4/0xc90 [ 2412.174874][ T2208] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2412.181207][ T2208] ? do_syscall_64+0x100/0x230 [ 2412.185980][ T2208] ? do_syscall_64+0xb6/0x230 [ 2412.190666][ T2208] do_syscall_64+0xf3/0x230 [ 2412.195188][ T2208] ? clear_bhb_loop+0x35/0x90 [ 2412.199890][ T2208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2412.205805][ T2208] RIP: 0033:0x7f7ba5b75a99 [ 2412.210252][ T2208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2412.229871][ T2208] RSP: 002b:00007f7ba55de048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2412.238382][ T2208] RAX: ffffffffffffffda RBX: 00007f7ba5d04110 RCX: 00007f7ba5b75a99 [ 2412.246361][ T2208] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000008 [ 2412.254358][ T2208] RBP: 00007f7ba55de0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2412.262333][ T2208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2412.270322][ T2208] R13: 000000000000006e R14: 00007f7ba5d04110 R15: 00007ffe0315b438 [ 2412.278325][ T2208] [ 2412.484886][ T1177] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 2413.347732][ T2237] hub 6-0:1.0: USB hub found [ 2413.353730][ T2237] hub 6-0:1.0: 1 port detected [ 2413.474307][ T29] kauditd_printk_skb: 3072 callbacks suppressed [ 2413.474359][ T29] audit: type=1400 audit(2000000922.660:67735): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=2230 comm="syz.4.8582" name="newroot" dev="tmpfs" ino=2 [ 2413.950996][ T29] audit: type=1400 audit(2000000922.660:67736): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=2230 comm="syz.4.8582" name="/" dev="devtmpfs" ino=1 [ 2413.969705][ C0] vkms_vblank_simulate: vblank timer overrun [ 2414.081950][ T2238] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2414.088182][ T1594] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2414.095922][ T2238] audit: audit_lost=3959 audit_rate_limit=0 audit_backlog_limit=64 [ 2414.095997][ T1594] audit: audit_lost=3960 audit_rate_limit=0 audit_backlog_limit=64 [ 2414.112189][ T1594] audit: backlog limit exceeded [ 2414.115444][ C1] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2414.119459][ T1594] audit: audit_backlog=66 > audit_backlog_limit=64 [ 2414.123590][ C1] audit: audit_lost=3961 audit_rate_limit=0 audit_backlog_limit=64 [ 2414.647054][ T2247] FAULT_INJECTION: forcing a failure. [ 2414.647054][ T2247] name failslab, interval 1, probability 0, space 0, times 0 [ 2414.661189][ T2247] CPU: 1 PID: 2247 Comm: syz.4.8585 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2414.670936][ T2247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2414.680995][ T2247] Call Trace: [ 2414.684277][ T2247] [ 2414.687208][ T2247] dump_stack_lvl+0x241/0x360 [ 2414.691910][ T2247] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2414.697136][ T2247] ? __pfx__printk+0x10/0x10 [ 2414.701743][ T2247] should_fail_ex+0x3b0/0x4e0 [ 2414.706443][ T2247] ? fib6_add+0x3dc/0x4430 [ 2414.710888][ T2247] should_failslab+0x9/0x20 [ 2414.715429][ T2247] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 2414.720853][ T2247] fib6_add+0x3dc/0x4430 [ 2414.725130][ T2247] ? __pfx_lock_acquire+0x10/0x10 [ 2414.730166][ T2247] ? __pfx_fib6_add+0x10/0x10 [ 2414.734865][ T2247] ? do_raw_spin_lock+0x14f/0x370 [ 2414.739913][ T2247] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 2414.745726][ T2247] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 2414.751099][ T2247] ? ip6_route_add+0x76/0x160 [ 2414.755785][ T2247] ip6_route_add+0x8b/0x160 [ 2414.760308][ T2247] ipv6_route_ioctl+0x588/0x870 [ 2414.765169][ T2247] ? __pfx_ipv6_route_ioctl+0x10/0x10 [ 2414.770561][ T2247] ? __might_fault+0xc6/0x120 [ 2414.775272][ T2247] inet6_ioctl+0x21a/0x280 [ 2414.779695][ T2247] ? __pfx_inet6_ioctl+0x10/0x10 [ 2414.784649][ T2247] sock_do_ioctl+0x158/0x460 [ 2414.789244][ T2247] ? __pfx_sock_do_ioctl+0x10/0x10 [ 2414.794378][ T2247] ? __asan_memset+0x23/0x50 [ 2414.798988][ T2247] ? smack_file_ioctl+0x2a1/0x3a0 [ 2414.804023][ T2247] sock_ioctl+0x629/0x8e0 [ 2414.808355][ T2247] ? __pfx_sock_ioctl+0x10/0x10 [ 2414.813231][ T2247] ? __fget_files+0x3f6/0x470 [ 2414.817915][ T2247] ? __fget_files+0x29/0x470 [ 2414.822535][ T2247] ? bpf_lsm_file_ioctl+0x9/0x10 [ 2414.827483][ T2247] ? security_file_ioctl+0x87/0xb0 [ 2414.832601][ T2247] ? __pfx_sock_ioctl+0x10/0x10 [ 2414.837479][ T2247] __se_sys_ioctl+0xfc/0x170 [ 2414.842077][ T2247] do_syscall_64+0xf3/0x230 [ 2414.846607][ T2247] ? clear_bhb_loop+0x35/0x90 [ 2414.851290][ T2247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2414.857189][ T2247] RIP: 0033:0x7f7ba5b75a99 [ 2414.861604][ T2247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2414.881210][ T2247] RSP: 002b:00007f7ba6878048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2414.889638][ T2247] RAX: ffffffffffffffda RBX: 00007f7ba5d03f60 RCX: 00007f7ba5b75a99 [ 2414.897611][ T2247] RDX: 0000000020000040 RSI: 000000000000890b RDI: 0000000000000004 [ 2414.905599][ T2247] RBP: 00007f7ba68780a0 R08: 0000000000000000 R09: 0000000000000000 [ 2414.913581][ T2247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2414.921572][ T2247] R13: 000000000000000b R14: 00007f7ba5d03f60 R15: 00007ffe0315b438 [ 2414.929555][ T2247] [ 2416.790527][ T2262] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8588'. [ 2416.823849][ T2262] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8588'. [ 2418.487190][ T29] kauditd_printk_skb: 2780 callbacks suppressed [ 2418.487212][ T29] audit: type=1400 audit(2000000927.840:69118): lsm=SMACK fn=smack_file_ioctl action=granted subject="_" object="_" requested=w pid=2286 comm="syz.0.8594" path="/dev/cec0" dev="devtmpfs" ino=866 [ 2418.574959][ T29] audit: type=1400 audit(2000000927.850:69119): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=2286 comm="syz.0.8594" name="newroot" dev="tmpfs" ino=2 [ 2418.643736][T28746] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2418.653584][ T29] audit: type=1400 audit(2000000927.850:69120): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=2286 comm="syz.0.8594" name="/" dev="devtmpfs" ino=1 [ 2418.679479][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2418.686102][ C1] audit: audit_lost=4433 audit_rate_limit=0 audit_backlog_limit=64 [ 2418.694090][ C1] audit: backlog limit exceeded [ 2418.699455][ C1] audit: audit_backlog=65 > audit_backlog_limit=64 [ 2418.706023][ C1] audit: audit_lost=4434 audit_rate_limit=0 audit_backlog_limit=64 [ 2418.713928][ C1] audit: backlog limit exceeded [ 2418.965242][ T2295] Bluetooth: MGMT ver 1.23 [ 2419.790044][ T2302] ================================================================== [ 2419.798262][ T2302] BUG: KASAN: slab-use-after-free in uprobe_mmap+0xb9a/0x11a0 [ 2419.805773][ T2302] Read of size 8 at addr ffff88806c747570 by task syz.0.8599/2302 [ 2419.813612][ T2302] [ 2419.815984][ T2302] CPU: 1 PID: 2302 Comm: syz.0.8599 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2419.825732][ T2302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2419.835807][ T2302] Call Trace: [ 2419.839089][ T2302] [ 2419.842026][ T2302] dump_stack_lvl+0x241/0x360 [ 2419.846907][ T2302] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2419.852208][ T2302] ? __pfx__printk+0x10/0x10 [ 2419.856806][ T2302] ? _printk+0xd5/0x120 [ 2419.860962][ T2302] ? __virt_addr_valid+0x183/0x530 [ 2419.866089][ T2302] ? __virt_addr_valid+0x183/0x530 [ 2419.871215][ T2302] print_report+0x169/0x550 [ 2419.875729][ T2302] ? __virt_addr_valid+0x183/0x530 [ 2419.880865][ T2302] ? __virt_addr_valid+0x183/0x530 [ 2419.885991][ T2302] ? __virt_addr_valid+0x45f/0x530 [ 2419.891129][ T2302] ? __phys_addr+0xba/0x170 [ 2419.895650][ T2302] ? uprobe_mmap+0xb9a/0x11a0 [ 2419.900370][ T2302] kasan_report+0x143/0x180 [ 2419.904894][ T2302] ? uprobe_mmap+0xb9a/0x11a0 [ 2419.909586][ T2302] uprobe_mmap+0xb9a/0x11a0 [ 2419.914114][ T2302] ? __pfx_uprobe_mmap+0x10/0x10 [ 2419.919083][ T2302] mmap_region+0x1891/0x2090 [ 2419.923694][ T2302] ? mark_lock+0x9a/0x350 [ 2419.928049][ T2302] ? __pfx_mmap_region+0x10/0x10 [ 2419.933003][ T2302] ? mm_get_unmapped_area+0xa5/0xd0 [ 2419.938231][ T2302] ? cap_mmap_addr+0x163/0x2c0 [ 2419.943014][ T2302] ? __get_unmapped_area+0x2f0/0x360 [ 2419.948324][ T2302] do_mmap+0x8ad/0xfa0 [ 2419.952426][ T2302] ? __pfx_do_mmap+0x10/0x10 [ 2419.957030][ T2302] ? __pfx_down_write_killable+0x10/0x10 [ 2419.962701][ T2302] ? __pfx_ima_file_mmap+0x10/0x10 [ 2419.967827][ T2302] ? security_mmap_file+0x178/0x1a0 [ 2419.973041][ T2302] vm_mmap_pgoff+0x1dd/0x3d0 [ 2419.977649][ T2302] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 2419.982767][ T2302] ? __fget_files+0x29/0x470 [ 2419.987460][ T2302] ? __fget_files+0x3f6/0x470 [ 2419.992173][ T2302] ksys_mmap_pgoff+0x4f1/0x720 [ 2419.996958][ T2302] ? __x64_sys_mmap+0x7f/0x140 [ 2420.001741][ T2302] do_syscall_64+0xf3/0x230 [ 2420.006275][ T2302] ? clear_bhb_loop+0x35/0x90 [ 2420.010968][ T2302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2420.016885][ T2302] RIP: 0033:0x7f011ff75a99 [ 2420.021318][ T2302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2420.041030][ T2302] RSP: 002b:00007f0120dd8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 2420.049466][ T2302] RAX: ffffffffffffffda RBX: 00007f0120104110 RCX: 00007f011ff75a99 [ 2420.057455][ T2302] RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000000020001000 [ 2420.065432][ T2302] RBP: 00007f011ffe4e5d R08: 0000000000000008 R09: 0000000000000000 [ 2420.073408][ T2302] R10: 0000000000010012 R11: 0000000000000246 R12: 0000000000000000 [ 2420.081383][ T2302] R13: 000000000000006e R14: 00007f0120104110 R15: 00007ffe1e036808 [ 2420.089374][ T2302] [ 2420.092396][ T2302] [ 2420.094721][ T2302] Allocated by task 2139: [ 2420.099067][ T2302] kasan_save_track+0x3f/0x80 [ 2420.103769][ T2302] __kasan_kmalloc+0x98/0xb0 [ 2420.108368][ T2302] kmalloc_trace_noprof+0x19c/0x2c0 [ 2420.113580][ T2302] bpf_raw_tp_link_attach+0x2a0/0x6e0 [ 2420.118966][ T2302] bpf_raw_tracepoint_open+0x1c2/0x240 [ 2420.124473][ T2302] __sys_bpf+0x3c0/0x810 [ 2420.128733][ T2302] __x64_sys_bpf+0x7c/0x90 [ 2420.133170][ T2302] do_syscall_64+0xf3/0x230 [ 2420.137693][ T2302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2420.143619][ T2302] [ 2420.145957][ T2302] Freed by task 0: [ 2420.149680][ T2302] kasan_save_track+0x3f/0x80 [ 2420.154389][ T2302] kasan_save_free_info+0x40/0x50 [ 2420.159443][ T2302] poison_slab_object+0xe0/0x150 [ 2420.164387][ T2302] __kasan_slab_free+0x37/0x60 [ 2420.169158][ T2302] kfree+0x149/0x360 [ 2420.173067][ T2302] rcu_core+0xafd/0x1830 [ 2420.177323][ T2302] handle_softirqs+0x2c4/0x970 [ 2420.182115][ T2302] __irq_exit_rcu+0xf4/0x1c0 [ 2420.186727][ T2302] irq_exit_rcu+0x9/0x30 [ 2420.190993][ T2302] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 2420.196646][ T2302] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2420.202638][ T2302] [ 2420.204964][ T2302] Last potentially related work creation: [ 2420.210675][ T2302] kasan_save_stack+0x3f/0x60 [ 2420.215360][ T2302] __kasan_record_aux_stack+0xac/0xc0 [ 2420.220742][ T2302] call_rcu+0x167/0xa70 [ 2420.224913][ T2302] bpf_link_release+0x7b/0x90 [ 2420.229616][ T2302] __fput+0x24a/0x8a0 [ 2420.233600][ T2302] task_work_run+0x24f/0x310 [ 2420.238203][ T2302] syscall_exit_to_user_mode+0x168/0x370 [ 2420.243840][ T2302] do_syscall_64+0x100/0x230 [ 2420.248435][ T2302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2420.254335][ T2302] [ 2420.256658][ T2302] The buggy address belongs to the object at ffff88806c747500 [ 2420.256658][ T2302] which belongs to the cache kmalloc-128 of size 128 [ 2420.270708][ T2302] The buggy address is located 112 bytes inside of [ 2420.270708][ T2302] freed 128-byte region [ffff88806c747500, ffff88806c747580) [ 2420.284507][ T2302] [ 2420.286837][ T2302] The buggy address belongs to the physical page: [ 2420.293259][ T2302] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6c747 [ 2420.302029][ T2302] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 2420.309156][ T2302] page_type: 0xffffefff(slab) [ 2420.313839][ T2302] raw: 00fff00000000000 ffff888015041a00 ffffea0001b91780 dead000000000002 [ 2420.322453][ T2302] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 2420.331144][ T2302] page dumped because: kasan: bad access detected [ 2420.337573][ T2302] page_owner tracks the page as allocated [ 2420.343287][ T2302] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 9, tgid 9 (kworker/0:1), ts 308241473027, free_ts 308089471203 [ 2420.363550][ T2302] post_alloc_hook+0x1f3/0x230 [ 2420.368332][ T2302] get_page_from_freelist+0x2e4c/0x2f10 [ 2420.373902][ T2302] __alloc_pages_noprof+0x256/0x6c0 [ 2420.379123][ T2302] alloc_slab_page+0x5f/0x120 [ 2420.383818][ T2302] allocate_slab+0x5a/0x2f0 [ 2420.388329][ T2302] ___slab_alloc+0xcd1/0x14b0 [ 2420.393017][ T2302] __slab_alloc+0x58/0xa0 [ 2420.397356][ T2302] kmalloc_node_track_caller_noprof+0x281/0x440 [ 2420.403624][ T2302] krealloc_noprof+0x7d/0x120 [ 2420.408308][ T2302] nf_ct_ext_add+0x1a2/0x3e0 [ 2420.412928][ T2302] init_conntrack+0x8bf/0x1310 [ 2420.417752][ T2302] nf_conntrack_in+0xd59/0x1880 [ 2420.422623][ T2302] nf_hook_slow+0xc3/0x220 [ 2420.427066][ T2302] nf_hook+0x2c4/0x450 [ 2420.431158][ T2302] __ip_local_out+0x3d9/0x4e0 [ 2420.435852][ T2302] ip_local_out+0x26/0x70 [ 2420.440219][ T2302] page last free pid 8216 tgid 8216 stack trace: [ 2420.446564][ T2302] free_unref_page+0xd19/0xea0 [ 2420.451351][ T2302] __put_partials+0xeb/0x130 [ 2420.455968][ T2302] put_cpu_partial+0x17c/0x250 [ 2420.460745][ T2302] __slab_free+0x2ea/0x3d0 [ 2420.465170][ T2302] qlist_free_all+0x9e/0x140 [ 2420.469766][ T2302] kasan_quarantine_reduce+0x14f/0x170 [ 2420.475235][ T2302] __kasan_slab_alloc+0x23/0x80 [ 2420.480116][ T2302] __kmalloc_noprof+0x1a3/0x400 [ 2420.484978][ T2302] tomoyo_realpath_from_path+0xcf/0x5e0 [ 2420.490547][ T2302] tomoyo_path_number_perm+0x23a/0x880 [ 2420.496020][ T2302] security_file_ioctl+0x75/0xb0 [ 2420.500984][ T2302] __se_sys_ioctl+0x47/0x170 [ 2420.505608][ T2302] do_syscall_64+0xf3/0x230 [ 2420.510120][ T2302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2420.516025][ T2302] [ 2420.518350][ T2302] Memory state around the buggy address: [ 2420.523982][ T2302] ffff88806c747400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2420.532058][ T2302] ffff88806c747480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2420.540123][ T2302] >ffff88806c747500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2420.548180][ T2302] ^ [ 2420.555922][ T2302] ffff88806c747580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 2420.563992][ T2302] ffff88806c747600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 2420.572055][ T2302] ================================================================== [ 2420.584346][ T2302] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 2420.591567][ T2302] CPU: 1 PID: 2302 Comm: syz.0.8599 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 2420.601298][ T2302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 2420.611358][ T2302] Call Trace: [ 2420.614640][ T2302] [ 2420.617578][ T2302] dump_stack_lvl+0x241/0x360 [ 2420.622287][ T2302] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2420.627499][ T2302] ? __pfx__printk+0x10/0x10 [ 2420.632105][ T2302] ? lock_release+0xbf/0x9f0 [ 2420.636712][ T2302] ? vscnprintf+0x5d/0x90 [ 2420.641055][ T2302] panic+0x349/0x860 [ 2420.644958][ T2302] ? check_panic_on_warn+0x21/0xb0 [ 2420.650085][ T2302] ? __pfx_panic+0x10/0x10 [ 2420.654505][ T2302] ? mark_lock+0x9a/0x350 [ 2420.658846][ T2302] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 2420.664757][ T2302] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2420.670664][ T2302] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 2420.677018][ T2302] ? print_report+0x502/0x550 [ 2420.681731][ T2302] check_panic_on_warn+0x86/0xb0 [ 2420.686689][ T2302] ? uprobe_mmap+0xb9a/0x11a0 [ 2420.691378][ T2302] end_report+0x77/0x160 [ 2420.695630][ T2302] kasan_report+0x154/0x180 [ 2420.700143][ T2302] ? uprobe_mmap+0xb9a/0x11a0 [ 2420.704840][ T2302] uprobe_mmap+0xb9a/0x11a0 [ 2420.709366][ T2302] ? __pfx_uprobe_mmap+0x10/0x10 [ 2420.714323][ T2302] mmap_region+0x1891/0x2090 [ 2420.718930][ T2302] ? mark_lock+0x9a/0x350 [ 2420.723289][ T2302] ? __pfx_mmap_region+0x10/0x10 [ 2420.728252][ T2302] ? mm_get_unmapped_area+0xa5/0xd0 [ 2420.733476][ T2302] ? cap_mmap_addr+0x163/0x2c0 [ 2420.738277][ T2302] ? __get_unmapped_area+0x2f0/0x360 [ 2420.743582][ T2302] do_mmap+0x8ad/0xfa0 [ 2420.747674][ T2302] ? __pfx_do_mmap+0x10/0x10 [ 2420.752282][ T2302] ? __pfx_down_write_killable+0x10/0x10 [ 2420.757933][ T2302] ? __pfx_ima_file_mmap+0x10/0x10 [ 2420.763060][ T2302] ? security_mmap_file+0x178/0x1a0 [ 2420.768281][ T2302] vm_mmap_pgoff+0x1dd/0x3d0 [ 2420.772884][ T2302] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 2420.778005][ T2302] ? __fget_files+0x29/0x470 [ 2420.782611][ T2302] ? __fget_files+0x3f6/0x470 [ 2420.787307][ T2302] ksys_mmap_pgoff+0x4f1/0x720 [ 2420.792087][ T2302] ? __x64_sys_mmap+0x7f/0x140 [ 2420.796877][ T2302] do_syscall_64+0xf3/0x230 [ 2420.801386][ T2302] ? clear_bhb_loop+0x35/0x90 [ 2420.806078][ T2302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2420.811984][ T2302] RIP: 0033:0x7f011ff75a99 [ 2420.816422][ T2302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2420.836040][ T2302] RSP: 002b:00007f0120dd8048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 2420.844475][ T2302] RAX: ffffffffffffffda RBX: 00007f0120104110 RCX: 00007f011ff75a99 [ 2420.852458][ T2302] RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000000020001000 [ 2420.860439][ T2302] RBP: 00007f011ffe4e5d R08: 0000000000000008 R09: 0000000000000000 [ 2420.868417][ T2302] R10: 0000000000010012 R11: 0000000000000246 R12: 0000000000000000 [ 2420.876394][ T2302] R13: 000000000000006e R14: 00007f0120104110 R15: 00007ffe1e036808 [ 2420.884380][ T2302] [ 2420.887700][ T2302] Kernel Offset: disabled [ 2420.892025][ T2302] Rebooting in 86400 seconds..