last executing test programs: 10.490891293s ago: executing program 1 (id=687): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) (fail_nth: 1) 10.086144162s ago: executing program 1 (id=690): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) r1 = syz_io_uring_setup(0x23d, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) rename(&(0x7f0000000140)='./file1\x00', 0x0) r4 = getpgid(0x0) r5 = syz_pidfd_open(r4, 0x0) r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0) pidfd_getfd(r5, r6, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) r7 = syz_io_uring_setup(0x1415, &(0x7f0000000280)={0x0, 0xa9e6, 0x1, 0x2, 0x75, 0x0, r1}, &(0x7f0000000480), &(0x7f0000000300)) io_uring_enter(r7, 0x1622, 0x676d, 0x0, 0x0, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r9}, 0x10) r10 = fsopen(&(0x7f0000000080)='bpf\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0) r11 = fsmount(r10, 0x0, 0x8) readlinkat(r11, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc) setgroups(0x0, 0x0) syz_usb_connect(0x1, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009a65d0860040800dee20102030109021b05000000000009040000f678eaf50009058402"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58) 8.426112388s ago: executing program 4 (id=698): socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_getattr(0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}], 0x1}, 0xa1}], 0x2, 0x0, 0x0) 7.341064585s ago: executing program 2 (id=699): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000180)={0xa0000008}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000d00), 0x4000) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x2125099, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) umount2(0x0, 0x9) unlink(&(0x7f0000000180)='./file0\x00') sendfile(r0, r0, 0x0, 0x200000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x3b0, 0x0, 0x43, 0xa0, 0x1d0, 0x98, 0x318, 0x178, 0x178, 0x318, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1b0, 0x1d0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x410) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x10) 7.019960384s ago: executing program 1 (id=701): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x1, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x7, 0x0) bind$pptp(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r3, 0x0, 0xfff7fffffffffff5}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) ioctl$TCSETSW(r2, 0x5403, 0x0) personality(0x500006) r8 = memfd_secret(0x0) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x3000009, 0x13, r8, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0x5000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000002100004000000000ff"]) ioctl$KVM_RUN(r9, 0xae80, 0x0) 6.898069518s ago: executing program 3 (id=702): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000180)={0xa0000008}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000d00), 0x4000) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x40) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f00000000c0)='./file0\x00', 0x9) unlink(&(0x7f0000000180)='./file0\x00') mount(&(0x7f0000000900)=@loop={'/dev/loop', 0x0}, &(0x7f0000000940)='./file0\x00', &(0x7f0000000980)='bfs\x00', 0x1000010, 0x0) sendfile(r0, r0, 0x0, 0x200000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x3b0, 0x0, 0x43, 0xa0, 0x1d0, 0x98, 0x318, 0x178, 0x178, 0x318, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1b0, 0x1d0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x410) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10) 5.694331757s ago: executing program 2 (id=703): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 4.707836763s ago: executing program 3 (id=705): ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_open_dev$cec(0x0, 0x0, 0x86a80) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) gettid() mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) r1 = userfaultfd(0x801) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) 4.569199922s ago: executing program 1 (id=706): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) rt_sigaction(0x21, 0x0, 0x0, 0x8, &(0x7f0000000580)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000001012caa1d5f3bbcc7bf010100000000000000000200000018809400018008000100ffffffff080002007f0000010c001968"], 0x38}}, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1000e) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, r4}}, 0x48) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote}, r6}}, 0x48) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x2d) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r7 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000100)={'vxcan1\x00', 0x0}) r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x1a1281) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r9, 0x5514, 0x0) connect$can_bcm(0xffffffffffffffff, &(0x7f00000001c0)={0x1d, r8}, 0x10) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2002003, &(0x7f0000000400)) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r10, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r10, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r10) sendmsg$NL80211_CMD_NEW_MPATH(r10, &(0x7f0000000600)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYRESOCT, @ANYRES32=r9, @ANYBLOB="02002bbd7000fcdbdf25170000000c009900b40000006c0000000a00060008021100000000000a001a00ffffffffffff00000a001a0008021100000000000a001a0008021100000100000a001a0008021100000100000a001a000802110000010000"], 0x68}, 0x1, 0x0, 0x0, 0x8001}, 0x4854) mount(&(0x7f0000000440)=@nullb, &(0x7f0000000300)='./cgroup\x00', &(0x7f00000001c0)='hfs\x00', 0x200480, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)) 4.568325942s ago: executing program 0 (id=707): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba", 0x34) r3 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r2, 0x0, 0xffffffffffff8000, 0x0) close(r5) close(r3) socket$nl_netfilter(0x10, 0x3, 0xc) splice(r1, 0x0, r3, 0x0, 0x1100000000f336, 0x0) 3.748738769s ago: executing program 0 (id=708): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x9, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f00000001c0)='GPL\x00', 0x5, 0xc9, &(0x7f00000003c0)=""/201, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) (async) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000000), 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb3d68000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x4000084) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000880)='ns\x00') setsockopt$inet6_mreq(r4, 0x29, 0x1c, 0x0, 0x0) r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x4) (async) r6 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r6, &(0x7f0000002700)=""/102392, 0x18ff8) (async) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYRES32=r7], 0x7c}}, 0x4000084) (async) sendmsg$NFT_BATCH(r7, 0x0, 0x4044010) write$dsp(0xffffffffffffffff, 0x0, 0x0) (async) mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x8) (async) fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0) (async) r8 = fsmount(r5, 0x0, 0x0) r9 = openat$cgroup_subtree(r8, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r9, &(0x7f0000000280)=ANY=[@ANYBLOB="2b72646d6120accf1dbe7909239f8eb702133329b4239b6c52836d6a0434b2c9d7a6a3d2f93e0e737163ea1b0951b7c06ae8638e16c47f3fa9721aa2e0eeff16a1d1014e4c3cca9c4154fcb56b3b1362c9ff60b349a545c44957f6f75698"], 0x6) 3.544319314s ago: executing program 3 (id=709): io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0xf0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) sendmsg$inet(r1, &(0x7f0000000640)={&(0x7f0000000400)={0x2, 0x4e20, @remote}, 0x10, 0x0, 0x0, &(0x7f00000005c0)=[@ip_ttl={{0x10, 0x0, 0x2, 0x7f}}], 0x10}, 0x804) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000540)=@data_frame={@a_msdu=@type01={{0x0, 0x2, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x3}, @device_b, @random="a7beed500208", @initial, {0x0, 0x6}, "", @void, @value=@ver_80211n={0x0, 0x5, 0x1, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1}}, @random="953139067e6e1d3667fa235f0b5c02784a12ecf4c15d285f0a5528dab9c5cc27c6b6a2113ce594584fb06c3d59a9938aa06bec82f37289e0b4c40c2387172773"}, 0x5c) socket(0x1e, 0x2, 0x3) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$alg(0x26, 0x5, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xbcb3, 0x0, 0x5, 0x41000}, 0x0, 0x0) pselect6(0x40, &(0x7f0000000000)={0x0, 0x40000000002, 0x8000000000000000, 0x8000f, 0x7fff, 0x0, 0x100, 0x10001000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x7ff, 0x4, 0xfffffffffffffffe, 0x0, 0x2, 0x7}, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000006) 3.543422209s ago: executing program 4 (id=710): socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x40, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_LABELS_MASK={0x10, 0x17, [0x0, 0x0, 0x0]}, @CTA_LABELS={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x8020}, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r3}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0x10, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffbff967, 0x0, 0x0, 0x0, 0xfffffffd}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_io_uring_setup(0x5c2, &(0x7f0000000740)={0x0, 0x79f5, 0x0, 0xffffffff}, &(0x7f0000000300)=0x0, &(0x7f00000002c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4) 3.345943941s ago: executing program 1 (id=711): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x240882, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async, rerun: 64) r4 = syz_open_dev$sg(&(0x7f0000000040), 0x9, 0x404400) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) (async, rerun: 64) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (rerun: 64) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async, rerun: 64) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 64) recvmmsg(r6, &(0x7f0000000d40)=[{{&(0x7f0000000340)=@nfc, 0x80, &(0x7f0000000a40)=[{&(0x7f00000001c0)=""/42, 0x2a}, {&(0x7f0000000e40)=""/241, 0xf1}, {&(0x7f0000000740)=""/190, 0xfffffffffffffe6b}, {&(0x7f0000000800)=""/187, 0xbb}, {&(0x7f0000000900)=""/178, 0xb2}, {&(0x7f0000000480)=""/41, 0x29}, {&(0x7f00000009c0)=""/107, 0x6b}], 0x7, &(0x7f0000000ac0)=""/207, 0xcf}, 0x9}, {{&(0x7f0000000bc0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000000e00)}, 0x4}], 0x2, 0x2, 0x0) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000008600)=ANY=[@ANYBLOB="2c0000003e00070efeffffff00000000017c000004004a800c00018006000600800a00000800028004001280"], 0x2c}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) (async, rerun: 32) syz_usb_connect(0x0, 0x0, 0x0, 0x0) (async, rerun: 32) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r4, 0x2283, &(0x7f00000000c0)=0x16) (async) close_range(r1, r3, 0x0) (async) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r10, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0xfe3b) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r11, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) (async, rerun: 32) sendmsg$nl_route_sched(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newqdisc={0x44, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x7fff, 0x0, 0x7}}}}]}, 0x44}}, 0x4000004) (async, rerun: 32) sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@delchain={0x24, 0x25, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0x0, 0xfff1}, {0xe, 0x3}}}, 0x24}}, 0x4040840) (async) write$UHID_CREATE2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000"/257], 0x119) 3.288972633s ago: executing program 2 (id=712): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010100000000000000002b00000008000300", @ANYRES32=r2, @ANYBLOB="040046000a003400020202020202"], 0x5c}}, 0x20004800) 2.954673076s ago: executing program 0 (id=713): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_to_bond\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0x18, &(0x7f0000000300)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', r1, @fallback=0x33, 0x0, 0x0, 0x0, 0xfffffffffffffe21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) 2.664472267s ago: executing program 2 (id=714): bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) connect$netrom(0xffffffffffffffff, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @bcast]}, 0x48) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r0, &(0x7f0000000000)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48) listen(r0, 0x80) accept$netrom(r0, 0x0, 0x0) 2.649107184s ago: executing program 0 (id=715): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffee, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={r0, 0x0, 0x0}, 0x10) (fail_nth: 1) 2.569140919s ago: executing program 1 (id=716): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000180)={0xa0000008}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000d00), 0x4000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r3}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x9, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x0, 0x61, 0x11, 0x2c}, [@ldst={0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0xbb}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x0, 0x2, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x40) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f00000000c0)='./file0\x00', 0x9) unlink(&(0x7f0000000180)='./file0\x00') mount(&(0x7f0000000900)=@loop={'/dev/loop', 0x0}, &(0x7f0000000940)='./file0\x00', &(0x7f0000000980)='bfs\x00', 0x1000010, 0x0) sendfile(r0, r0, 0x0, 0x200000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x3b0, 0x0, 0x43, 0xa0, 0x1d0, 0x98, 0x318, 0x178, 0x178, 0x318, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1b0, 0x1d0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x410) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10) 2.562999367s ago: executing program 4 (id=717): mknod(&(0x7f0000002a80)='./file0\x00', 0x6000, 0x7d5) open(&(0x7f0000004cc0)='./file0\x00', 0x2, 0x88) r0 = syz_open_dev$vim2m(&(0x7f0000000480), 0xbea, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x14, 0x2, 0x1, "110100005c000000463300", 0x49433553}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffee, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) 2.302219876s ago: executing program 0 (id=718): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba", 0x34) r3 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r2, 0x0, 0xffffffffffff8000, 0x0) close(r5) close(r3) socket$nl_netfilter(0x10, 0x3, 0xc) splice(r1, 0x0, r3, 0x0, 0x1100000000f336, 0x0) 2.301877385s ago: executing program 4 (id=719): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)) r1 = socket$inet(0x2, 0xa, 0x400) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b800000019000100000000f7ffffff00e0000002"], 0xb8}}, 0x4004) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11, 0x0, 0x4040}, 0x80) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.213773838s ago: executing program 4 (id=720): getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000004000000000000a20000000000a05000000000000000000070000000900010073797a30000000005c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003400000000810001180090001006c617374000000004c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000200003801c0000800800034000000002100002800c00028d08000180fffffffe140000001000010000000000000000000084000a"], 0xf0}}, 0x0) 2.159491173s ago: executing program 0 (id=721): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$video4linux(&(0x7f0000001540), 0x6, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r1, 0xc0585604, &(0x7f00000003c0)={0x1, 0x0, {0xd, 0x3, 0x2013, 0x8, 0x3, 0x2, 0x6dfd500da6727a8c, 0x1}}) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = socket(0xa, 0x1, 0x0) ioctl(r2, 0x8936, &(0x7f0000000000)) syz_open_dev$loop(0x0, 0x81, 0x2a82) r3 = fsopen(&(0x7f0000000240)='vfat\x00', 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r4, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10) writev(r4, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x77359400}, {0x77359400}}, 0x0) clock_gettime(0x0, &(0x7f0000000100)) munlockall() (fail_nth: 1) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x3938700}}, 0x0) shutdown(r4, 0x1) close_range(r3, 0xffffffffffffffff, 0x0) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='qnx4\x00', 0x20808c, 0x0) 1.097192491s ago: executing program 2 (id=722): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 1.091176554s ago: executing program 3 (id=723): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00', 0x4) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, 0x0, 0x0) 292.979839ms ago: executing program 4 (id=724): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0) 174.755498ms ago: executing program 3 (id=725): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010100000000000000002b00000008000300", @ANYRES32=r2, @ANYBLOB="040046000a0034000202020202020000080026006c"], 0x5c}}, 0x20004800) 16.192448ms ago: executing program 2 (id=726): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fgetxattr(r0, &(0x7f0000000000)=@known='system.sockprotoname\x00', &(0x7f0000000040)=""/61, 0x3d) syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793b10d1050120000701020301090212000100001a000904"], 0x0) 0s ago: executing program 3 (id=727): socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x10, 0x3, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x2000000000000079, &(0x7f0000000500)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x61900, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) r3 = openat$dir(0xffffff9c, 0x0, 0x0, 0x10) faccessat(r3, &(0x7f0000000400)='./file0\x00', 0x1cc) socket$packet(0x11, 0x3, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x0, 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x11) kernel console output (not intermixed with test programs): 748720823.702:89): avc: denied { mounton } for pid=5808 comm="syz-executor" path="/root/syzkaller.5o5Zmp/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 66.088076][ T5808] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 66.098408][ T5820] veth0_macvtap: entered promiscuous mode [ 66.108742][ T30] audit: type=1400 audit(1748720823.712:90): avc: denied { mount } for pid=5808 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 66.132335][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.140385][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.143714][ T30] audit: type=1400 audit(1748720823.712:91): avc: denied { mounton } for pid=5808 comm="syz-executor" path="/root/syzkaller.5o5Zmp/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 66.148783][ T5816] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.180718][ T30] audit: type=1400 audit(1748720823.712:92): avc: denied { mounton } for pid=5808 comm="syz-executor" path="/root/syzkaller.5o5Zmp/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=6127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 66.183990][ T5816] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.212055][ T30] audit: type=1400 audit(1748720823.722:93): avc: denied { unmount } for pid=5808 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 66.226817][ T5816] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.248045][ T30] audit: type=1400 audit(1748720823.732:94): avc: denied { mounton } for pid=5808 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2774 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 66.248581][ T5816] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.280568][ T30] audit: type=1400 audit(1748720823.732:95): avc: denied { mount } for pid=5808 comm="syz-executor" name="/" dev="gadgetfs" ino=6138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 66.316456][ T5820] veth1_macvtap: entered promiscuous mode [ 66.429642][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.464036][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.483579][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.499279][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.550698][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.703126][ T5820] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.760403][ T5820] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.769140][ T5820] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.930561][ T5820] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.022083][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.027334][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.047029][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.056838][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.331431][ T5826] Bluetooth: hci2: command tx timeout [ 67.430432][ T5826] Bluetooth: hci4: command tx timeout [ 67.435905][ T5812] Bluetooth: hci0: command tx timeout [ 67.441395][ T5819] Bluetooth: hci3: command tx timeout [ 67.446802][ T5819] Bluetooth: hci1: command tx timeout [ 67.593354][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.691339][ T5911] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 67.702498][ T5911] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 67.960274][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.348022][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.358337][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.931919][ T4361] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.944585][ T4361] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.854697][ T5825] Bluetooth: hci2: command tx timeout [ 69.860137][ T5825] Bluetooth: hci4: command tx timeout [ 69.865574][ T5825] Bluetooth: hci1: command tx timeout [ 69.871059][ T5826] Bluetooth: hci0: command tx timeout [ 69.876791][ T5826] Bluetooth: hci3: command tx timeout [ 69.883098][ T5825] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 69.895339][ T5825] CPU: 1 UID: 0 PID: 5825 Comm: kworker/u9:7 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 69.895365][ T5825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 69.895384][ T5825] Workqueue: hci1 hci_rx_work [ 69.895410][ T5825] Call Trace: [ 69.895417][ T5825] [ 69.895424][ T5825] dump_stack_lvl+0x16c/0x1f0 [ 69.895448][ T5825] sysfs_warn_dup+0x7f/0xa0 [ 69.895471][ T5825] sysfs_create_dir_ns+0x24b/0x2b0 [ 69.895491][ T5825] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 69.895510][ T5825] ? find_held_lock+0x2b/0x80 [ 69.895545][ T5825] ? do_raw_spin_unlock+0x172/0x230 [ 69.895575][ T5825] kobject_add_internal+0x2c4/0x9b0 [ 69.895604][ T5825] kobject_add+0x16e/0x240 [ 69.895628][ T5825] ? __pfx_kobject_add+0x10/0x10 [ 69.895654][ T5825] ? do_raw_spin_unlock+0x172/0x230 [ 69.895682][ T5825] ? kobject_put+0xab/0x5a0 [ 69.895713][ T5825] device_add+0x288/0x1a70 [ 69.895741][ T5825] ? __pfx_dev_set_name+0x10/0x10 [ 69.895759][ T5825] ? __pfx_device_add+0x10/0x10 [ 69.895787][ T5825] ? mgmt_send_event_skb+0x2fb/0x460 [ 69.895817][ T5825] hci_conn_add_sysfs+0x17e/0x230 [ 69.895842][ T5825] le_conn_complete_evt+0x1075/0x1d70 [ 69.895871][ T5825] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 69.895890][ T5825] ? hci_event_packet+0x459/0x11c0 [ 69.895920][ T5825] hci_le_conn_complete_evt+0x23c/0x370 [ 69.895948][ T5825] hci_le_meta_evt+0x354/0x5e0 [ 69.895970][ T5825] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 69.895996][ T5825] hci_event_packet+0x685/0x11c0 [ 69.896017][ T5825] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 69.896040][ T5825] ? __pfx_hci_event_packet+0x10/0x10 [ 69.896065][ T5825] ? kcov_remote_start+0x3c9/0x6d0 [ 69.896091][ T5825] ? lockdep_hardirqs_on+0x7c/0x110 [ 69.896118][ T5825] hci_rx_work+0x2c5/0x16b0 [ 69.896140][ T5825] ? rcu_is_watching+0x12/0xc0 [ 69.896161][ T5825] process_one_work+0x9cc/0x1b70 [ 69.896197][ T5825] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 69.896218][ T5825] ? __pfx_process_one_work+0x10/0x10 [ 69.896252][ T5825] ? assign_work+0x1a0/0x250 [ 69.896280][ T5825] worker_thread+0x6c8/0xf10 [ 69.896321][ T5825] ? __pfx_worker_thread+0x10/0x10 [ 69.896346][ T5825] kthread+0x3c2/0x780 [ 69.896375][ T5825] ? __pfx_kthread+0x10/0x10 [ 69.896401][ T5825] ? rcu_is_watching+0x12/0xc0 [ 69.896418][ T5825] ? __pfx_kthread+0x10/0x10 [ 69.896443][ T5825] ret_from_fork+0x5d4/0x6f0 [ 69.896463][ T5825] ? __pfx_kthread+0x10/0x10 [ 69.896487][ T5825] ret_from_fork_asm+0x1a/0x30 [ 69.896522][ T5825] [ 69.896545][ T5825] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 70.194425][ T5825] Bluetooth: hci1: failed to register connection device [ 70.314757][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 70.314772][ T30] audit: type=1400 audit(1748720828.012:132): avc: denied { append } for pid=5926 comm="syz.3.9" name="cec3" dev="devtmpfs" ino=963 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 70.358715][ T30] audit: type=1400 audit(1748720828.012:133): avc: denied { ioctl } for pid=5926 comm="syz.3.9" path="/dev/cec3" dev="devtmpfs" ino=963 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 70.839771][ T5946] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 70.852285][ T5946] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 71.209517][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.222601][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.383398][ T30] audit: type=1400 audit(1748720829.062:134): avc: denied { read append } for pid=5948 comm="syz.1.2" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 71.442497][ T30] audit: type=1400 audit(1748720829.062:135): avc: denied { open } for pid=5948 comm="syz.1.2" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 71.480589][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.482256][ T5947] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 71.490503][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.517643][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.527828][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 71.612332][ T5949] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 71.620102][ T5949] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 71.686226][ T30] audit: type=1400 audit(1748720829.132:136): avc: denied { create } for pid=5948 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 71.717691][ T5949] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 71.758100][ T5949] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 71.790075][ T30] audit: type=1400 audit(1748720829.242:137): avc: denied { create } for pid=5948 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 71.840682][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.847876][ T30] audit: type=1400 audit(1748720829.242:138): avc: denied { write } for pid=5948 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 71.870774][ T5949] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 71.877392][ T5949] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 72.007142][ T5949] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 72.072187][ T5949] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 72.098802][ T5949] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 72.209371][ T5949] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 72.455483][ T5949] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 72.472624][ T5949] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 72.574409][ T30] audit: type=1400 audit(1748720830.242:139): avc: denied { read write } for pid=5955 comm="syz.2.14" name="video36" dev="devtmpfs" ino=1044 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 72.650840][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 72.753271][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 72.855655][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 72.904419][ T5949] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 72.936333][ T5949] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 72.949397][ T5949] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 72.961183][ T30] audit: type=1400 audit(1748720830.242:140): avc: denied { open } for pid=5955 comm="syz.2.14" path="/dev/video36" dev="devtmpfs" ino=1044 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 73.052420][ T5949] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 73.112808][ T30] audit: type=1400 audit(1748720830.252:141): avc: denied { ioctl } for pid=5955 comm="syz.2.14" path="/dev/video36" dev="devtmpfs" ino=1044 ioctlcmd=0x5647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 73.250802][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 73.811029][ T5967] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 74.062439][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 74.087362][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 74.341259][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 74.530577][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 75.031116][ T5825] Bluetooth: hci4: command 0x0c1a tx timeout [ 76.003532][ T30] audit: type=1400 audit(1748720832.962:142): avc: denied { ioctl } for pid=5971 comm="syz.3.17" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=8268 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 76.151600][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 76.157633][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout [ 76.166813][ T24] cfg80211: failed to load regulatory.db [ 76.318959][ T30] audit: type=1400 audit(1748720834.012:143): avc: denied { read } for pid=5975 comm="syz.3.19" lport=42745 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 76.460433][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 76.545916][ T30] audit: type=1400 audit(1748720834.222:144): avc: denied { setopt } for pid=5975 comm="syz.3.19" lport=42745 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 76.771565][ T30] audit: type=1400 audit(1748720834.372:145): avc: denied { create } for pid=5980 comm="syz.2.18" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 76.809361][ T30] audit: type=1400 audit(1748720834.382:146): avc: denied { getopt } for pid=5980 comm="syz.2.18" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 77.091217][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 77.097472][ T5825] Bluetooth: hci4: command 0x0c1a tx timeout [ 77.307785][ T5986] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 77.319334][ T5986] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 78.064038][ T5993] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 78.075516][ T5993] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 78.330882][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 78.337041][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 78.530500][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 78.597282][ T30] audit: type=1400 audit(1748720836.282:147): avc: denied { write } for pid=5992 comm="syz.1.23" lport=55713 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 78.907877][ T5995] overlayfs: missing 'lowerdir' [ 79.170468][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 79.173535][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 79.293870][ T6011] overlayfs: missing 'lowerdir' [ 79.638308][ T6013] xt_hashlimit: overflow, rate too high: 0 [ 79.821933][ T6023] overlayfs: missing 'workdir' [ 80.133700][ T30] audit: type=1400 audit(1748720837.372:148): avc: denied { connect } for pid=6012 comm="syz.0.28" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 80.196301][ T30] audit: type=1400 audit(1748720837.372:149): avc: denied { write } for pid=6012 comm="syz.0.28" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 80.236447][ T30] audit: type=1400 audit(1748720837.812:150): avc: denied { create } for pid=6012 comm="syz.0.28" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 80.256425][ T30] audit: type=1400 audit(1748720837.822:151): avc: denied { read } for pid=6012 comm="syz.0.28" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 80.391858][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 80.711542][ T6034] xt_hashlimit: overflow, rate too high: 0 [ 80.766818][ T6032] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 80.828391][ T6032] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 80.971661][ T6027] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 81.359228][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 81.401184][ T30] audit: type=1400 audit(1748720838.692:152): avc: denied { map } for pid=6030 comm="syz.2.33" path="socket:[7658]" dev="sockfs" ino=7658 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 81.429118][ T30] audit: type=1400 audit(1748720838.712:153): avc: denied { accept } for pid=6030 comm="syz.2.33" path="socket:[7658]" dev="sockfs" ino=7658 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 81.429539][ T6027] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 81.535685][ T6027] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 81.564643][ T6027] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 81.606768][ T6027] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 82.770470][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 83.490486][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout [ 83.935790][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 83.935834][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 83.947854][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 84.216895][ T30] audit: type=1400 audit(1748720841.902:154): avc: denied { ioctl } for pid=6054 comm="syz.2.38" path="socket:[7689]" dev="sockfs" ino=7689 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 84.701763][ T30] audit: type=1400 audit(1748720842.402:155): avc: denied { create } for pid=6058 comm="syz.3.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 85.580458][ T30] audit: type=1400 audit(1748720843.172:156): avc: denied { read } for pid=6058 comm="syz.3.40" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 85.896073][ T30] audit: type=1400 audit(1748720843.172:157): avc: denied { open } for pid=6058 comm="syz.3.40" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 86.053002][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 86.070561][ T30] audit: type=1400 audit(1748720843.182:158): avc: denied { create } for pid=6058 comm="syz.3.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 86.090255][ T30] audit: type=1400 audit(1748720843.202:159): avc: denied { sys_admin } for pid=6058 comm="syz.3.40" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 86.180382][ T6074] overlayfs: missing 'lowerdir' [ 86.718697][ T30] audit: type=1400 audit(1748720844.412:160): avc: denied { create } for pid=6079 comm="syz.1.45" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 88.282255][ T6085] overlayfs: missing 'workdir' [ 88.354842][ T30] audit: type=1400 audit(1748720846.042:161): avc: denied { read } for pid=6081 comm="syz.0.46" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 88.394667][ T30] audit: type=1400 audit(1748720846.042:162): avc: denied { open } for pid=6081 comm="syz.0.46" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 88.418358][ T30] audit: type=1400 audit(1748720846.072:163): avc: denied { ioctl } for pid=6081 comm="syz.0.46" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 88.459437][ T30] audit: type=1400 audit(1748720846.072:164): avc: denied { set_context_mgr } for pid=6081 comm="syz.0.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 88.490901][ T30] audit: type=1400 audit(1748720846.082:165): avc: denied { append } for pid=6081 comm="syz.0.46" name="001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 89.220643][ T6109] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 89.232107][ T6109] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 91.172715][ T6126] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 91.183929][ T6126] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 91.296982][ T6127] overlayfs: missing 'lowerdir' [ 91.892320][ T6134] overlayfs: missing 'lowerdir' [ 92.438443][ T30] audit: type=1400 audit(1748720850.132:166): avc: denied { name_bind } for pid=6139 comm="syz.0.59" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 92.583810][ T30] audit: type=1400 audit(1748720850.132:167): avc: denied { node_bind } for pid=6139 comm="syz.0.59" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 92.757951][ T6144] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 92.769508][ T6144] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 93.790264][ T30] audit: type=1400 audit(1748720851.462:168): avc: denied { name_bind } for pid=6147 comm="syz.0.62" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 94.000186][ T6155] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 94.011647][ T6155] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 94.615083][ T30] audit: type=1400 audit(1748720851.462:169): avc: denied { node_bind } for pid=6147 comm="syz.0.62" saddr=::1 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 94.912204][ T6162] Zero length message leads to an empty skb [ 95.061447][ T30] audit: type=1400 audit(1748720852.602:170): avc: denied { map_create } for pid=6159 comm="syz.3.64" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 97.359189][ T6184] overlayfs: missing 'lowerdir' [ 99.159985][ T6200] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 100.491226][ T6222] overlayfs: overlapping lowerdir path [ 100.505224][ T6223] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 102.142347][ T6238] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 102.174107][ T6240] overlayfs: missing 'lowerdir' [ 104.865627][ T30] audit: type=1400 audit(1748720862.202:171): avc: denied { create } for pid=6259 comm="syz.1.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 105.000585][ T30] audit: type=1400 audit(1748720862.202:172): avc: denied { getopt } for pid=6259 comm="syz.1.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 105.027760][ T30] audit: type=1400 audit(1748720862.202:173): avc: denied { setopt } for pid=6259 comm="syz.1.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 106.317151][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 106.325850][ T6256] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 106.338228][ T6256] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 106.344968][ T6256] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 106.369256][ T6256] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 106.380104][ T6256] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 106.990557][ T6297] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 107.002001][ T6297] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 107.728750][ T6296] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 107.768446][ T6296] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 108.402848][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 108.408962][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 108.415044][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout [ 108.451252][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 109.080909][ T30] audit: type=1400 audit(1748720866.782:174): avc: denied { bind } for pid=6307 comm="syz.3.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 109.779993][ T30] audit: type=1400 audit(1748720867.042:175): avc: denied { setopt } for pid=6307 comm="syz.3.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 110.094554][ T30] audit: type=1400 audit(1748720867.042:176): avc: denied { accept } for pid=6307 comm="syz.3.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 110.187114][ T30] audit: type=1400 audit(1748720867.042:177): avc: denied { write } for pid=6307 comm="syz.3.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 110.336332][ T30] audit: type=1400 audit(1748720867.042:178): avc: denied { read } for pid=6307 comm="syz.3.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 110.415075][ T30] audit: type=1400 audit(1748720867.052:179): avc: denied { ioctl } for pid=6307 comm="syz.3.102" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 110.494800][ T6326] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 110.506199][ T6326] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 112.783658][ T30] audit: type=1400 audit(1748720870.172:180): avc: denied { read } for pid=6334 comm="syz.3.112" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 112.810095][ T30] audit: type=1400 audit(1748720870.172:181): avc: denied { open } for pid=6334 comm="syz.3.112" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 112.838879][ T30] audit: type=1400 audit(1748720870.172:182): avc: denied { ioctl } for pid=6334 comm="syz.3.112" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 112.904688][ T30] audit: type=1400 audit(1748720870.222:183): avc: denied { name_connect } for pid=6343 comm="syz.2.113" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 117.170464][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 117.178175][ T6373] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 117.242999][ T6402] overlayfs: overlapping lowerdir path [ 117.334009][ T6403] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 118.090600][ T6373] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 118.138609][ T6373] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 118.185875][ T6373] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 118.298556][ T6373] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 118.906079][ T6420] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 118.912747][ T6420] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 118.919222][ T6420] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 118.927988][ T6420] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 118.935042][ T6420] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 119.448020][ T6434] overlayfs: missing 'lowerdir' [ 120.502194][ T6438] overlayfs: overlapping lowerdir path [ 120.596372][ T6432] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 120.771058][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 120.930737][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 120.936851][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 120.943095][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 121.010558][ T5825] Bluetooth: hci4: command 0x0c1a tx timeout [ 122.771887][ T30] audit: type=1400 audit(1748720880.472:184): avc: denied { read write } for pid=6461 comm="syz.2.146" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 122.939951][ T30] audit: type=1400 audit(1748720880.472:185): avc: denied { open } for pid=6461 comm="syz.2.146" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 124.158222][ T6478] overlayfs: missing 'workdir' [ 124.791286][ T5825] Bluetooth: hci1: command 0x0c1a tx timeout [ 125.964005][ T30] audit: type=1400 audit(1748720882.782:186): avc: denied { write } for pid=6461 comm="syz.2.146" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 125.987666][ T6460] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 126.004905][ T6460] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 126.048321][ T6460] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 126.058502][ T30] audit: type=1400 audit(1748720882.982:187): avc: denied { append } for pid=6461 comm="syz.2.146" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 126.099004][ T6460] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 126.115232][ T6460] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 126.291807][ T30] audit: type=1400 audit(1748720883.932:188): avc: denied { map_read map_write } for pid=6488 comm="syz.4.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 128.380551][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout [ 128.386710][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 128.392736][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout [ 128.398773][ T5825] Bluetooth: hci2: command 0x0c1a tx timeout [ 129.124982][ T6519] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 129.133886][ T6519] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 130.223790][ T6530] overlayfs: missing 'workdir' [ 130.664109][ T30] audit: type=1400 audit(1748720888.352:189): avc: denied { create } for pid=6532 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 130.737287][ T30] audit: type=1400 audit(1748720888.352:190): avc: denied { map } for pid=6532 comm="syz.3.164" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=8881 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 130.931757][ T30] audit: type=1400 audit(1748720888.352:191): avc: denied { read write } for pid=6532 comm="syz.3.164" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=8881 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 131.015084][ T6540] overlayfs: overlapping lowerdir path [ 131.093541][ T6541] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 131.423590][ T30] audit: type=1400 audit(1748720888.392:192): avc: denied { listen } for pid=6532 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 131.454866][ T30] audit: type=1400 audit(1748720888.392:193): avc: denied { accept } for pid=6532 comm="syz.3.164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 131.535091][ T6544] syz_tun: entered allmulticast mode [ 131.571714][ T6543] syz_tun: left allmulticast mode [ 131.695002][ T30] audit: type=1400 audit(1748720889.232:194): avc: denied { setopt } for pid=6543 comm="syz.1.167" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 131.875735][ T30] audit: type=1400 audit(1748720889.572:195): avc: denied { shutdown } for pid=6550 comm="syz.1.170" lport=57565 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 132.009599][ T6555] overlayfs: missing 'lowerdir' [ 132.385009][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.391383][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.507908][ T6565] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 133.113427][ T6566] xt_hashlimit: overflow, rate too high: 0 [ 133.661987][ T6575] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 134.996290][ T6562] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 135.010375][ T5825] Bluetooth: hci1: command 0x0c1a tx timeout [ 135.659035][ T6562] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 135.673770][ T6562] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 135.684757][ T6562] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 135.697356][ T6562] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 136.315668][ T30] audit: type=1400 audit(1748720894.012:196): avc: denied { read } for pid=6589 comm="syz.1.181" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 136.364062][ T30] audit: type=1400 audit(1748720894.012:197): avc: denied { open } for pid=6589 comm="syz.1.181" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 136.387497][ C0] vkms_vblank_simulate: vblank timer overrun [ 136.849696][ T30] audit: type=1400 audit(1748720894.012:198): avc: denied { ioctl } for pid=6589 comm="syz.1.181" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x640d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 137.010382][ T5812] Bluetooth: hci0: command 0x0c1a tx timeout [ 137.701108][ T30] audit: type=1400 audit(1748720895.392:199): avc: denied { mount } for pid=6599 comm="syz.1.185" name="/" dev="ramfs" ino=9590 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 137.775672][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 137.782512][ T5812] Bluetooth: hci4: command 0x0c1a tx timeout [ 137.788601][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 138.444474][ T30] audit: type=1400 audit(1748720896.132:200): avc: denied { unmount } for pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 138.903600][ T6620] netlink: 1624 bytes leftover after parsing attributes in process `syz.3.188'. [ 140.450453][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 140.599772][ T6610] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 140.613682][ T6610] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 140.995059][ T6610] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 141.022006][ T6610] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 141.029224][ T6610] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 142.285847][ T30] audit: type=1400 audit(1748720899.982:201): avc: denied { ioctl } for pid=6651 comm="syz.0.196" path="socket:[9006]" dev="sockfs" ino=9006 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 142.286070][ T6652] syz.0.196 uses obsolete (PF_INET,SOCK_PACKET) [ 142.594868][ T6658] overlayfs: overlapping lowerdir path [ 142.681260][ T6659] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 142.746851][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 143.020774][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 143.090366][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout [ 143.096485][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 143.143243][ T6618] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 143.149606][ T6618] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 143.158496][ T6618] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 143.165816][ T6618] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 143.191994][ T6618] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 144.260401][ T6665] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 144.271515][ T6665] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 144.278017][ T6665] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 144.287063][ T6665] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 144.296018][ T6665] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 145.634584][ T6691] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 145.969370][ T6691] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 146.118067][ T6688] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 146.605086][ T6688] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 146.614081][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout [ 146.620103][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 146.626152][ T5812] Bluetooth: hci4: command 0x0c1a tx timeout [ 146.642754][ T6688] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 146.694091][ T6688] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 146.709786][ T6688] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 147.170476][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 148.696964][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 148.696990][ T5812] Bluetooth: hci0: command 0x0c1a tx timeout [ 148.774926][ T5812] Bluetooth: hci4: command 0x0c1a tx timeout [ 148.774933][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 149.125168][ T6721] xt_hashlimit: overflow, rate too high: 0 [ 151.695588][ T6741] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 151.707512][ T6741] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 152.700905][ T6754] xt_hashlimit: overflow, rate too high: 0 [ 153.688278][ T6775] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 153.699641][ T6775] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 154.593591][ T6777] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 156.364558][ T6767] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 156.372484][ T6767] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 156.555684][ T6799] overlayfs: missing 'workdir' [ 156.851304][ T6767] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 156.873234][ T5812] Bluetooth: hci1: command 0x0c1a tx timeout [ 156.895502][ T6767] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 156.929555][ T6767] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 158.460605][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 158.930508][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 158.936538][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 159.010371][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 159.532506][ T6786] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 159.558431][ T6786] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 159.619118][ T6786] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 159.654054][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 159.660527][ T6786] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 159.675889][ T6786] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 161.820418][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 161.826558][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 161.832905][ T5812] Bluetooth: hci4: command 0x0c1a tx timeout [ 161.839038][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 161.954299][ T6830] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 161.960977][ T6830] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 161.967390][ T6830] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 162.225804][ T6830] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 162.235776][ T6830] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 164.240542][ T5825] Bluetooth: hci2: command 0x0c1a tx timeout [ 164.246584][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 164.252912][ T5825] Bluetooth: hci1: command 0x0c1a tx timeout [ 164.295689][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 164.302029][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 167.688245][ T6918] overlayfs: missing 'lowerdir' [ 168.332418][ T6920] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 168.343468][ T6920] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 170.018051][ T6940] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 170.029137][ T6940] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 170.450441][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 170.450575][ T6924] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 171.307449][ T6924] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 171.314606][ T6924] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 171.322255][ T6924] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 171.333797][ T6924] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 172.146662][ T6954] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 172.153522][ T6954] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 172.159979][ T6954] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 172.174617][ T6954] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 172.183069][ T6954] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 172.699280][ T30] audit: type=1400 audit(1748720929.962:202): avc: denied { create } for pid=6956 comm="syz.4.276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 172.736244][ T30] audit: type=1400 audit(1748720929.972:203): avc: denied { bind } for pid=6956 comm="syz.4.276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 173.138871][ T30] audit: type=1400 audit(1748720929.972:204): avc: denied { listen } for pid=6956 comm="syz.4.276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 173.159087][ T30] audit: type=1400 audit(1748720929.982:205): avc: denied { accept } for pid=6956 comm="syz.4.276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 174.028164][ T6973] overlayfs: missing 'lowerdir' [ 174.170538][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 174.211205][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 174.217328][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 174.223423][ T5812] Bluetooth: hci0: command 0x0c1a tx timeout [ 174.229501][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 174.961071][ T6980] overlayfs: overlapping lowerdir path [ 175.980633][ T30] audit: type=1400 audit(1748720933.452:206): avc: denied { setopt } for pid=6983 comm="syz.4.284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 176.070143][ T6994] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 176.444339][ T30] audit: type=1400 audit(1748720933.462:207): avc: denied { write } for pid=6983 comm="syz.4.284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 176.507066][ T6995] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 176.518372][ T6995] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 176.642503][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 176.649069][ T30] audit: type=1400 audit(1748720933.702:208): avc: denied { create } for pid=6983 comm="syz.4.284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 176.668737][ T30] audit: type=1400 audit(1748720933.752:209): avc: denied { create } for pid=6983 comm="syz.4.284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 176.886372][ T30] audit: type=1400 audit(1748720934.172:210): avc: denied { mount } for pid=6985 comm="syz.3.286" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 178.555168][ T30] audit: type=1400 audit(1748720936.252:211): avc: denied { unmount } for pid=5808 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 181.180326][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 181.714854][ T7014] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 181.730449][ T7014] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 181.737596][ T7014] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 181.745183][ T7014] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 181.751436][ T7014] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 181.758484][ T7014] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 182.170661][ T7022] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 182.177088][ T7022] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 182.190524][ T7022] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 182.199994][ T7022] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 182.226700][ T7022] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 183.500011][ T7064] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 183.511170][ T7064] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 183.857312][ T7058] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 183.867391][ T7058] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 183.876772][ T7058] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 183.897305][ T7058] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 183.905348][ T7058] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 185.300748][ T7068] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 185.306842][ T7068] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 185.319315][ T7068] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 185.325523][ T7068] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 185.338496][ T7068] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 185.442818][ T7090] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 185.453920][ T7090] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 187.413009][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 187.413068][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout [ 187.425050][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 187.431250][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout [ 188.566381][ T7085] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 188.598465][ T7085] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 188.979714][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 189.028410][ T7085] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 189.050732][ T7085] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 189.063393][ T7085] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 189.091541][ T7085] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 189.481138][ T30] audit: type=1400 audit(1748720947.162:212): avc: denied { ioctl } for pid=7123 comm="syz.3.317" path="socket:[10577]" dev="sockfs" ino=10577 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 189.959823][ T7142] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 189.973972][ T7142] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 190.003089][ T7141] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 190.014159][ T7141] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 190.127223][ T30] audit: type=1400 audit(1748720947.822:213): avc: denied { name_bind } for pid=7143 comm="syz.4.324" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 190.610357][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout [ 190.766839][ T7149] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 190.780369][ T7149] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 190.993898][ T30] audit: type=1400 audit(1748720948.682:214): avc: denied { connect } for pid=7154 comm="syz.0.327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 191.095327][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 191.102154][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 191.182530][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 191.315474][ T30] audit: type=1400 audit(1748720948.732:215): avc: denied { write } for pid=7154 comm="syz.0.327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 191.591859][ T30] audit: type=1400 audit(1748720949.292:216): avc: denied { bind } for pid=7164 comm="syz.3.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 191.663031][ T30] audit: type=1400 audit(1748720949.322:217): avc: denied { write } for pid=7164 comm="syz.3.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 192.187704][ T7153] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 192.198814][ T7153] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 192.861065][ T7177] netlink: 8 bytes leftover after parsing attributes in process `syz.2.335'. [ 193.048199][ T30] audit: type=1400 audit(1748720950.742:218): avc: denied { ioctl } for pid=7180 comm="syz.4.337" path="socket:[11451]" dev="sockfs" ino=11451 ioctlcmd=0x52c8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 193.180503][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 193.394129][ T7189] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 193.830915][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.876658][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.035506][ T7185] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 194.054610][ T7185] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 194.094799][ T7185] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 194.104998][ T7185] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 194.133330][ T7185] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 194.929828][ T7198] overlayfs: overlapping lowerdir path [ 195.017591][ T7199] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 195.401457][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 196.131424][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 196.137507][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 196.148634][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 196.210633][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 196.583197][ T30] audit: type=1400 audit(1748720954.262:219): avc: denied { setopt } for pid=7217 comm="syz.3.347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 198.210432][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 198.216563][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 198.495988][ T7265] overlayfs: overlapping lowerdir path [ 198.587037][ T7266] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 199.011076][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 199.245501][ T7227] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 200.074835][ T7227] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 200.101122][ T7227] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 200.112233][ T7227] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 200.122528][ T7227] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 200.140237][ T7227] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 200.153407][ T7227] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 200.213107][ T30] audit: type=1400 audit(1748720957.902:220): avc: denied { ioctl } for pid=7279 comm="syz.3.369" path="socket:[11620]" dev="sockfs" ino=11620 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 200.451350][ T7291] netlink: 'syz.1.371': attribute type 72 has an invalid length. [ 200.760765][ T7284] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 200.770806][ T7284] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 200.781749][ T7284] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 200.796507][ T7284] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 200.811789][ T7284] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 201.342002][ T30] audit: type=1400 audit(1748720959.042:221): avc: denied { sys_module } for pid=7305 comm="syz.4.379" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 202.123610][ T30] audit: type=1400 audit(1748720959.822:222): avc: denied { create } for pid=7324 comm="syz.0.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 202.146794][ T30] audit: type=1400 audit(1748720959.852:223): avc: denied { connect } for pid=7324 comm="syz.0.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 202.197609][ T30] audit: type=1400 audit(1748720959.892:224): avc: denied { bind } for pid=7324 comm="syz.0.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 202.218398][ T30] audit: type=1400 audit(1748720959.902:225): avc: denied { listen } for pid=7324 comm="syz.0.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 202.238305][ T30] audit: type=1400 audit(1748720959.902:226): avc: denied { accept } for pid=7324 comm="syz.0.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 202.258637][ T30] audit: type=1400 audit(1748720959.952:227): avc: denied { write } for pid=7324 comm="syz.0.384" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netrom_socket permissive=1 [ 202.830666][ T7335] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 202.839406][ T7335] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 202.874508][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 202.881076][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 202.887406][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 202.894559][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 203.030833][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 203.425098][ T7303] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 203.505054][ T30] audit: type=1400 audit(1748720961.202:228): avc: denied { create } for pid=7339 comm="syz.2.388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 203.536347][ T7344] netlink: 'syz.0.387': attribute type 72 has an invalid length. [ 203.612710][ T7303] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 203.618704][ T7303] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 203.641226][ T7303] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 203.674468][ T7303] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 205.080743][ T7378] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 205.089625][ T7378] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 205.490444][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout [ 205.650879][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 205.651228][ T5826] Bluetooth: hci2: command 0x0c1a tx timeout [ 205.730810][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 206.370542][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 206.377345][ T7349] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 206.620558][ T7349] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 206.626564][ T7349] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 206.671944][ T7349] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 206.721306][ T7349] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 207.250653][ T7430] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 208.524964][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 208.656232][ T7444] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 208.880400][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 208.886599][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 208.892844][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 209.341474][ T7460] netlink: 200 bytes leftover after parsing attributes in process `syz.1.425'. [ 210.063011][ T7475] overlayfs: overlapping lowerdir path [ 210.610524][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 210.965892][ T7481] process 'syz.4.426' launched '/dev/fd/6' with NULL argv: empty string added [ 210.975067][ T30] audit: type=1400 audit(1748720968.662:229): avc: denied { execute } for pid=7461 comm="syz.4.426" dev="tmpfs" ino=71 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 211.007157][ T30] audit: type=1400 audit(1748720968.692:230): avc: denied { execute_no_trans } for pid=7461 comm="syz.4.426" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=71 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 211.102633][ T30] audit: type=1400 audit(1748720968.732:231): avc: denied { create } for pid=7480 comm="syz.3.433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 211.143446][ T30] audit: type=1400 audit(1748720968.742:232): avc: denied { ioctl } for pid=7480 comm="syz.3.433" path="socket:[11018]" dev="sockfs" ino=11018 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 211.445879][ T7497] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 212.484924][ T7521] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 212.956431][ T7507] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 213.014372][ T7507] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 213.075268][ T7507] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 213.391823][ T7507] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 213.407178][ T7507] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 213.571780][ T7507] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 215.010372][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 215.010378][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 215.460448][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 215.466899][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 215.650406][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 216.245247][ T7562] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 216.312162][ T7562] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 216.319225][ T7562] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 216.337562][ T7562] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 216.356874][ T7562] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 216.373539][ T7562] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 218.210966][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 218.370406][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 218.370437][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 218.376438][ T5825] Bluetooth: hci2: command 0x0c1a tx timeout [ 218.382471][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout [ 219.003896][ T7610] overlayfs: overlapping lowerdir path [ 219.098688][ T7611] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 220.500325][ T5825] Bluetooth: hci4: command 0x0c1a tx timeout [ 220.781291][ T7651] overlayfs: missing 'lowerdir' [ 221.490682][ T5825] Bluetooth: hci1: command 0x0c1a tx timeout [ 221.497181][ T7614] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 222.147936][ T7614] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 222.181724][ T7614] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 222.201250][ T7614] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 222.207980][ T7614] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 222.239998][ T7614] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 222.253933][ T7614] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 223.596562][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 224.602872][ T7701] overlayfs: missing 'lowerdir' [ 224.608890][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 224.616447][ T5825] Bluetooth: hci2: command 0x0c1a tx timeout [ 224.620358][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 224.740013][ T7702] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 225.650547][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout [ 226.705933][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 227.850671][ T5812] Bluetooth: hci0: command 0x0c1a tx timeout [ 228.025643][ T7738] overlayfs: missing 'workdir' [ 228.516507][ T7744] netlink: 136 bytes leftover after parsing attributes in process `syz.0.509'. [ 228.820681][ T5812] Bluetooth: hci4: command 0x0c1a tx timeout [ 229.665350][ T7772] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 229.674259][ T7772] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 230.010501][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 232.441557][ T7794] overlayfs: missing 'workdir' [ 232.563603][ T7791] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 234.710058][ T7829] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 234.787697][ T7829] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 234.796298][ T7829] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 234.821018][ T7829] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 235.059847][ T7839] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 235.072304][ T7839] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 235.592640][ T7829] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 235.603021][ T7829] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 235.610058][ T7829] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 236.720332][ T5812] Bluetooth: hci1: command 0x0c1a tx timeout [ 236.835476][ T7853] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 236.857108][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 236.863294][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout [ 237.670376][ T5812] Bluetooth: hci4: command 0x0c1a tx timeout [ 237.676479][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout [ 237.833573][ T7860] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 237.859756][ T7860] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 238.968730][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 239.730338][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 239.787570][ T7883] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 239.794844][ T7883] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 239.832008][ T7883] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 240.037110][ T7883] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 240.046611][ T7883] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 240.052927][ T7883] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 240.763993][ T7883] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 241.567662][ T7916] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 241.579088][ T7916] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 241.789915][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 241.900417][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout [ 242.060338][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 242.130565][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 242.870495][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 243.624455][ T7946] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 243.820447][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 244.210640][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 247.773382][ T30] audit: type=1400 audit(1748721005.452:233): avc: denied { write } for pid=8000 comm="syz.3.585" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 248.237574][ T8012] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 248.248980][ T8012] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 249.030339][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 249.090874][ T7986] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 250.049571][ T7986] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 250.058269][ T7986] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 250.085234][ T7986] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 250.177035][ T7986] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 250.391210][ T7986] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 251.173522][ T5812] Bluetooth: hci0: command 0x0c1a tx timeout [ 251.378420][ T30] audit: type=1400 audit(1748721009.072:234): avc: denied { create } for pid=8049 comm="syz.0.602" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 251.913949][ T8078] tmpfs: Unknown parameter 'usrqulimit' [ 252.033531][ T8079] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 252.045272][ T8079] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 252.189596][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 252.210713][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout [ 252.349377][ T8078] Invalid option length (0) for dns_resolver key [ 252.460482][ T5812] Bluetooth: hci4: command 0x0c1a tx timeout [ 252.530178][ T30] audit: type=1400 audit(1748721010.222:235): avc: denied { getopt } for pid=8075 comm="syz.3.611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 252.655228][ T8083] wireguard0: entered promiscuous mode [ 252.661596][ T8083] wireguard0: entered allmulticast mode [ 252.668209][ T8086] FAULT_INJECTION: forcing a failure. [ 252.668209][ T8086] name failslab, interval 1, probability 0, space 0, times 0 [ 252.698269][ T8086] CPU: 1 UID: 0 PID: 8086 Comm: syz.4.613 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 252.698294][ T8086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 252.698304][ T8086] Call Trace: [ 252.698310][ T8086] [ 252.698316][ T8086] dump_stack_lvl+0x16c/0x1f0 [ 252.698347][ T8086] should_fail_ex+0x512/0x640 [ 252.698368][ T8086] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 252.698392][ T8086] should_failslab+0xc2/0x120 [ 252.698412][ T8086] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 252.698431][ T8086] ? _kstrtoull+0x145/0x200 [ 252.698448][ T8086] ? kasprintf+0xc7/0x100 [ 252.698476][ T8086] kvasprintf+0xbc/0x160 [ 252.698501][ T8086] ? __pfx_kvasprintf+0x10/0x10 [ 252.698526][ T8086] ? __lock_acquire+0x622/0x1c90 [ 252.698556][ T8086] kasprintf+0xc7/0x100 [ 252.698579][ T8086] ? __pfx_kasprintf+0x10/0x10 [ 252.698607][ T8086] ? find_held_lock+0x2b/0x80 [ 252.698642][ T8086] logfc+0x114/0x660 [ 252.698664][ T8086] ? __pfx_logfc+0x10/0x10 [ 252.698680][ T8086] ? cred_has_capability.isra.0+0x193/0x2f0 [ 252.698704][ T8086] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 252.698743][ T8086] ceph_get_tree+0x18f3/0x1ec0 [ 252.698764][ T8086] ? bpf_lsm_capable+0x9/0x10 [ 252.698788][ T8086] ? security_capable+0x7e/0x260 [ 252.698809][ T8086] vfs_get_tree+0x8e/0x340 [ 252.698833][ T8086] vfs_cmd_create+0xd7/0x2a0 [ 252.698856][ T8086] __do_sys_fsconfig+0x7b8/0xbe0 [ 252.698880][ T8086] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 252.698900][ T8086] ? fput+0x70/0xf0 [ 252.698931][ T8086] do_syscall_64+0xcd/0x4c0 [ 252.698953][ T8086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.698971][ T8086] RIP: 0033:0x7f91ae78e969 [ 252.698986][ T8086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.699001][ T8086] RSP: 002b:00007f91af632038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 252.699018][ T8086] RAX: ffffffffffffffda RBX: 00007f91ae9b5fa0 RCX: 00007f91ae78e969 [ 252.699029][ T8086] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 252.699038][ T8086] RBP: 00007f91af632090 R08: 0000000000000000 R09: 0000000000000000 [ 252.699047][ T8086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.699057][ T8086] R13: 0000000000000000 R14: 00007f91ae9b5fa0 R15: 00007fff0d9ebb38 [ 252.699080][ T8086] [ 252.953508][ T5812] Bluetooth: hci1: command 0x0c1a tx timeout [ 253.023168][ T30] audit: type=1400 audit(1748721010.722:236): avc: denied { create } for pid=8091 comm="syz.0.616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 253.063809][ T30] audit: type=1400 audit(1748721010.722:237): avc: denied { ioctl } for pid=8091 comm="syz.0.616" path="socket:[12844]" dev="sockfs" ino=12844 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 253.149311][ T30] audit: type=1400 audit(1748721010.832:238): avc: denied { create } for pid=8101 comm="syz.2.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 253.169978][ T30] audit: type=1400 audit(1748721010.832:239): avc: denied { bind } for pid=8101 comm="syz.2.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 253.190704][ T30] audit: type=1400 audit(1748721010.832:240): avc: denied { listen } for pid=8101 comm="syz.2.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 253.215070][ T30] audit: type=1400 audit(1748721010.832:241): avc: denied { connect } for pid=8101 comm="syz.2.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 253.251415][ T5812] Bluetooth: hci0: command 0x0c1a tx timeout [ 253.296314][ T8102] delete_channel: no stack [ 253.300935][ T8102] delete_channel: no stack [ 254.413362][ T8125] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 254.425368][ T8125] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 255.226183][ T5918] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 255.252650][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.258943][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.330387][ T5812] Bluetooth: hci0: command 0x0c1a tx timeout [ 255.363327][ T8133] capability: warning: `syz.3.627' uses deprecated v2 capabilities in a way that may be insecure [ 255.388299][ T30] audit: type=1400 audit(1748721013.082:242): avc: denied { write } for pid=8131 comm="syz.3.627" path="socket:[12891]" dev="sockfs" ino=12891 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 255.390412][ T5918] usb 5-1: Using ep0 maxpacket: 32 [ 255.625412][ T5918] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.640469][ T5918] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 255.660114][ T30] audit: type=1400 audit(1748721013.082:243): avc: denied { write } for pid=8131 comm="syz.3.627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 255.687399][ T5918] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 255.702495][ T5918] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 255.728256][ T5918] usb 5-1: Product: syz [ 255.738068][ T5918] usb 5-1: Manufacturer: syz [ 255.743366][ T5918] usb 5-1: SerialNumber: syz [ 255.781305][ T5918] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input5 [ 255.794721][ T30] audit: type=1400 audit(1748721013.492:244): avc: denied { read } for pid=5169 comm="acpid" name="mouse1" dev="devtmpfs" ino=2813 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 255.830041][ T30] audit: type=1400 audit(1748721013.492:245): avc: denied { open } for pid=5169 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=2813 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 255.976898][ T5891] usb 5-1: USB disconnect, device number 2 [ 256.016472][ T5891] appletouch 5-1:1.0: input: appletouch disconnected [ 256.210422][ T5812] Bluetooth: hci1: command 0x0c1a tx timeout [ 256.217758][ T8114] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 256.557197][ T8147] Bluetooth: MGMT ver 1.23 [ 257.321525][ T8114] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 257.329341][ T8114] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 257.338958][ T8114] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 257.345367][ T8114] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 257.352117][ T8114] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 257.720322][ T8152] warning: `syz.3.633' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 257.851297][ T8162] ======================================================= [ 257.851297][ T8162] WARNING: The mand mount option has been deprecated and [ 257.851297][ T8162] and is ignored by this kernel. Remove the mand [ 257.851297][ T8162] option from the mount to silence this warning. [ 257.851297][ T8162] ======================================================= [ 257.886724][ T8162] new mount options do not match the existing superblock, will be ignored [ 257.920065][ T8162] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 258.290476][ T5812] Bluetooth: hci1: command 0x0c1a tx timeout [ 258.338474][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 258.338487][ T30] audit: type=1400 audit(1748721016.032:249): avc: denied { write } for pid=8168 comm="syz.0.640" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 258.367262][ T5918] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 258.533037][ T5918] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.553629][ T5918] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.577506][ T5918] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 258.599824][ T5918] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 258.614522][ T8181] FAULT_INJECTION: forcing a failure. [ 258.614522][ T8181] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 258.627819][ T5918] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.641899][ T5918] usb 5-1: config 0 descriptor?? [ 258.650547][ T1204] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 258.679314][ T8181] CPU: 0 UID: 0 PID: 8181 Comm: syz.3.642 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 258.679340][ T8181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 258.679350][ T8181] Call Trace: [ 258.679356][ T8181] [ 258.679362][ T8181] dump_stack_lvl+0x16c/0x1f0 [ 258.679386][ T8181] should_fail_ex+0x512/0x640 [ 258.679413][ T8181] _copy_from_user+0x2e/0xd0 [ 258.679439][ T8181] copy_msghdr_from_user+0x98/0x160 [ 258.679459][ T8181] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 258.679498][ T8181] ___sys_sendmsg+0xfe/0x1d0 [ 258.679520][ T8181] ? __pfx____sys_sendmsg+0x10/0x10 [ 258.679537][ T8181] ? __lock_acquire+0x622/0x1c90 [ 258.679595][ T8181] __sys_sendmsg+0x16d/0x220 [ 258.679616][ T8181] ? __pfx___sys_sendmsg+0x10/0x10 [ 258.679655][ T8181] do_syscall_64+0xcd/0x4c0 [ 258.679678][ T8181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.679696][ T8181] RIP: 0033:0x7f027a58e969 [ 258.679710][ T8181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.679726][ T8181] RSP: 002b:00007f027b389038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 258.679743][ T8181] RAX: ffffffffffffffda RBX: 00007f027a7b6080 RCX: 00007f027a58e969 [ 258.679754][ T8181] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003 [ 258.679764][ T8181] RBP: 00007f027b389090 R08: 0000000000000000 R09: 0000000000000000 [ 258.679774][ T8181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 258.679784][ T8181] R13: 0000000000000001 R14: 00007f027a7b6080 R15: 00007fff611d0078 [ 258.679806][ T8181] [ 258.847290][ T8181] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 258.878575][ T8176] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 258.957135][ T1204] usb 1-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid maxpacket 50660, setting to 1024 [ 258.968708][ T1204] usb 1-1: config 0 interface 0 has no altsetting 0 [ 258.975564][ T1204] usb 1-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 258.986538][ T1204] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.065841][ T1204] usb 1-1: config 0 descriptor?? [ 259.118451][ T30] audit: type=1326 audit(1748721016.802:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz.4.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ae78e969 code=0x7ffc0000 [ 259.191247][ T8172] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 259.251112][ T30] audit: type=1326 audit(1748721016.802:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz.4.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ae78e969 code=0x7ffc0000 [ 259.284876][ T30] audit: type=1326 audit(1748721016.812:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz.4.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f91ae78e969 code=0x7ffc0000 [ 259.310512][ T8180] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 259.311112][ T5918] usbhid 5-1:0.0: can't add hid device: -71 [ 259.316619][ T8180] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 259.316737][ T8180] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 259.316844][ T8180] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 259.316957][ T8180] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 259.320780][ T30] audit: type=1326 audit(1748721016.852:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz.4.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ae78e969 code=0x7ffc0000 [ 259.325119][ T5918] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 259.333653][ T30] audit: type=1326 audit(1748721016.852:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz.4.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ae78e969 code=0x7ffc0000 [ 259.406423][ T30] audit: type=1326 audit(1748721016.852:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz.4.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f91ae78e969 code=0x7ffc0000 [ 259.456065][ T30] audit: type=1326 audit(1748721016.852:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz.4.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ae78e969 code=0x7ffc0000 [ 259.457899][ T5918] usb 5-1: USB disconnect, device number 3 [ 259.481916][ T30] audit: type=1326 audit(1748721016.862:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz.4.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f91ae78e969 code=0x7ffc0000 [ 259.614561][ T30] audit: type=1326 audit(1748721016.862:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz.4.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f91ae78e969 code=0x7ffc0000 [ 259.917543][ T1204] nintendo 0003:057E:200E.0001: hidraw0: USB HID v81.04 Device [HID 057e:200e] on usb-dummy_hcd.0-1/input0 [ 260.070713][ T1204] nintendo 0003:057E:200E.0001: Failed charging grip handshake [ 260.101929][ T1204] nintendo 0003:057E:200E.0001: Failed to initialize controller; ret=-110 [ 260.133708][ T1204] nintendo 0003:057E:200E.0001: probe - fail = -110 [ 260.143204][ T1204] nintendo 0003:057E:200E.0001: probe with driver nintendo failed with error -110 [ 260.167313][ T1204] usb 1-1: USB disconnect, device number 2 [ 260.211930][ T8197] fido_id[8197]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 260.930343][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 261.138471][ T8210] FAULT_INJECTION: forcing a failure. [ 261.138471][ T8210] name failslab, interval 1, probability 0, space 0, times 0 [ 261.160366][ T8210] CPU: 0 UID: 0 PID: 8210 Comm: syz.0.650 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 261.160392][ T8210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 261.160402][ T8210] Call Trace: [ 261.160408][ T8210] [ 261.160415][ T8210] dump_stack_lvl+0x16c/0x1f0 [ 261.160438][ T8210] should_fail_ex+0x512/0x640 [ 261.160461][ T8210] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 261.160482][ T8210] should_failslab+0xc2/0x120 [ 261.160500][ T8210] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 261.160517][ T8210] ? getname_flags.part.0+0x4c/0x550 [ 261.160544][ T8210] getname_flags.part.0+0x4c/0x550 [ 261.160570][ T8210] getname_flags+0x93/0xf0 [ 261.160586][ T8210] do_sys_openat2+0xb8/0x1d0 [ 261.160607][ T8210] ? __pfx_do_sys_openat2+0x10/0x10 [ 261.160631][ T8210] ? __fget_files+0x20e/0x3c0 [ 261.160654][ T8210] __x64_sys_openat+0x174/0x210 [ 261.160675][ T8210] ? __pfx___x64_sys_openat+0x10/0x10 [ 261.160696][ T8210] ? ksys_write+0x1ac/0x250 [ 261.160723][ T8210] do_syscall_64+0xcd/0x4c0 [ 261.160745][ T8210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.160762][ T8210] RIP: 0033:0x7f0f5198d2d0 [ 261.160776][ T8210] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 261.160791][ T8210] RSP: 002b:00007f0f528dbb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 261.160807][ T8210] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0f5198d2d0 [ 261.160817][ T8210] RDX: 0000000000000002 RSI: 00007f0f528dbc10 RDI: 00000000ffffff9c [ 261.160827][ T8210] RBP: 00007f0f528dbc10 R08: 0000000000000000 R09: 00007f0f528db986 [ 261.160837][ T8210] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 261.160846][ T8210] R13: 0000000000000001 R14: 00007f0f51bb5fa0 R15: 00007fffb8977238 [ 261.160869][ T8210] [ 261.368221][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 261.375317][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 261.383864][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 261.389882][ T5819] Bluetooth: hci0: command 0x0c1a tx timeout [ 262.530747][ T5891] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 262.690863][ T8233] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 262.785802][ T8233] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 262.792421][ T5891] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 262.794331][ T8233] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 262.907268][ T8233] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 262.971458][ T8233] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 263.088075][ T8239] FAULT_INJECTION: forcing a failure. [ 263.088075][ T8239] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 263.101543][ T8239] CPU: 0 UID: 0 PID: 8239 Comm: syz.4.660 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 263.101566][ T8239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.101577][ T8239] Call Trace: [ 263.101588][ T8239] [ 263.101595][ T8239] dump_stack_lvl+0x16c/0x1f0 [ 263.101618][ T8239] should_fail_ex+0x512/0x640 [ 263.101645][ T8239] _copy_to_user+0x32/0xd0 [ 263.101673][ T8239] simple_read_from_buffer+0xcb/0x170 [ 263.101702][ T8239] proc_fail_nth_read+0x197/0x270 [ 263.101731][ T8239] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 263.101759][ T8239] ? rw_verify_area+0xcf/0x680 [ 263.101784][ T8239] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 263.101811][ T8239] vfs_read+0x1e1/0xc60 [ 263.101841][ T8239] ? __pfx___mutex_lock+0x10/0x10 [ 263.101861][ T8239] ? __pfx_vfs_read+0x10/0x10 [ 263.101894][ T8239] ? __fget_files+0x20e/0x3c0 [ 263.101910][ T8239] ? rcu_watching_snap_stopped_since+0xd0/0x110 [ 263.101937][ T8239] ksys_read+0x12a/0x250 [ 263.101952][ T8239] ? __pfx_ksys_read+0x10/0x10 [ 263.101976][ T8239] do_syscall_64+0xcd/0x4c0 [ 263.101997][ T8239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.102015][ T8239] RIP: 0033:0x7f91ae78d37c [ 263.102029][ T8239] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 263.102046][ T8239] RSP: 002b:00007f91af611030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 263.102062][ T8239] RAX: ffffffffffffffda RBX: 00007f91ae9b6080 RCX: 00007f91ae78d37c [ 263.102073][ T8239] RDX: 000000000000000f RSI: 00007f91af6110a0 RDI: 0000000000000007 [ 263.102083][ T8239] RBP: 00007f91af611090 R08: 0000000000000000 R09: 0000000000000000 [ 263.102093][ T8239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 263.102103][ T8239] R13: 0000000000000000 R14: 00007f91ae9b6080 R15: 00007fff0d9ebb38 [ 263.102127][ T8239] [ 263.111395][ T5891] usb 2-1: config 0 has no interfaces? [ 263.370301][ T5891] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 263.379534][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.503086][ T5891] usb 2-1: config 0 descriptor?? [ 263.972220][ T8246] FAULT_INJECTION: forcing a failure. [ 263.972220][ T8246] name failslab, interval 1, probability 0, space 0, times 0 [ 263.984906][ T8246] CPU: 0 UID: 0 PID: 8246 Comm: syz.4.661 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 263.984930][ T8246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.984939][ T8246] Call Trace: [ 263.984946][ T8246] [ 263.984952][ T8246] dump_stack_lvl+0x16c/0x1f0 [ 263.984976][ T8246] should_fail_ex+0x512/0x640 [ 263.985000][ T8246] ? fs_reclaim_acquire+0xae/0x150 [ 263.985026][ T8246] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 263.985049][ T8246] should_failslab+0xc2/0x120 [ 263.985068][ T8246] __kmalloc_noprof+0xd2/0x510 [ 263.985091][ T8246] tomoyo_realpath_from_path+0xc2/0x6e0 [ 263.985116][ T8246] ? tomoyo_profile+0x47/0x60 [ 263.985144][ T8246] tomoyo_path_number_perm+0x245/0x580 [ 263.985163][ T8246] ? tomoyo_path_number_perm+0x237/0x580 [ 263.985185][ T8246] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 263.985206][ T8246] ? find_held_lock+0x2b/0x80 [ 263.985256][ T8246] ? find_held_lock+0x2b/0x80 [ 263.985282][ T8246] ? hook_file_ioctl_common+0x145/0x410 [ 263.985313][ T8246] ? __fget_files+0x20e/0x3c0 [ 263.985336][ T8246] security_file_ioctl+0x9b/0x240 [ 263.985360][ T8246] __x64_sys_ioctl+0xb7/0x210 [ 263.985387][ T8246] do_syscall_64+0xcd/0x4c0 [ 263.985409][ T8246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.985426][ T8246] RIP: 0033:0x7f91ae78e969 [ 263.985440][ T8246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.985455][ T8246] RSP: 002b:00007f91af611038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 263.985471][ T8246] RAX: ffffffffffffffda RBX: 00007f91ae9b6080 RCX: 00007f91ae78e969 [ 263.985482][ T8246] RDX: 0000200000000100 RSI: 00000000c020aa00 RDI: 0000000000000005 [ 263.985492][ T8246] RBP: 00007f91af611090 R08: 0000000000000000 R09: 0000000000000000 [ 263.985501][ T8246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 263.985511][ T8246] R13: 0000000000000000 R14: 00007f91ae9b6080 R15: 00007fff0d9ebb38 [ 263.985535][ T8246] [ 263.985547][ T8246] ERROR: Out of memory at tomoyo_realpath_from_path. [ 264.357331][ T8253] vxfs: WRONG superblock magic 00000000 at 1 [ 264.395667][ T30] kauditd_printk_skb: 122 callbacks suppressed [ 264.395677][ T30] audit: type=1400 audit(1748721022.072:381): avc: denied { read } for pid=8226 comm="syz.1.656" path="socket:[14224]" dev="sockfs" ino=14224 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 264.430719][ T8253] vxfs: WRONG superblock magic 00000000 at 8 [ 264.444651][ T8253] vxfs: can't find superblock. [ 264.491068][ T1204] usb 2-1: USB disconnect, device number 2 [ 264.660354][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 264.825482][ T8260] FAULT_INJECTION: forcing a failure. [ 264.825482][ T8260] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 264.838595][ T8260] CPU: 0 UID: 0 PID: 8260 Comm: syz.4.664 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 264.838617][ T8260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 264.838628][ T8260] Call Trace: [ 264.838634][ T8260] [ 264.838641][ T8260] dump_stack_lvl+0x16c/0x1f0 [ 264.838665][ T8260] should_fail_ex+0x512/0x640 [ 264.838693][ T8260] _copy_to_user+0x32/0xd0 [ 264.838721][ T8260] simple_read_from_buffer+0xcb/0x170 [ 264.838751][ T8260] proc_fail_nth_read+0x197/0x270 [ 264.838781][ T8260] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 264.838811][ T8260] ? rw_verify_area+0xcf/0x680 [ 264.838835][ T8260] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 264.838863][ T8260] vfs_read+0x1e1/0xc60 [ 264.838892][ T8260] ? __pfx___mutex_lock+0x10/0x10 [ 264.838913][ T8260] ? __pfx_vfs_read+0x10/0x10 [ 264.838946][ T8260] ? __fget_files+0x20e/0x3c0 [ 264.838972][ T8260] ksys_read+0x12a/0x250 [ 264.838987][ T8260] ? __pfx_ksys_read+0x10/0x10 [ 264.839000][ T8260] ? madvise_unlock+0xf6/0x190 [ 264.839021][ T8260] ? do_madvise+0x11c/0x170 [ 264.839047][ T8260] do_syscall_64+0xcd/0x4c0 [ 264.839069][ T8260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.839087][ T8260] RIP: 0033:0x7f91ae78d37c [ 264.839101][ T8260] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 264.839117][ T8260] RSP: 002b:00007f91af5f0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 264.839134][ T8260] RAX: ffffffffffffffda RBX: 00007f91ae9b6160 RCX: 00007f91ae78d37c [ 264.839145][ T8260] RDX: 000000000000000f RSI: 00007f91af5f00a0 RDI: 0000000000000007 [ 264.839155][ T8260] RBP: 00007f91af5f0090 R08: 0000000000000000 R09: 0000000000000000 [ 264.839165][ T8260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.839175][ T8260] R13: 0000000000000000 R14: 00007f91ae9b6160 R15: 00007fff0d9ebb38 [ 264.839199][ T8260] [ 265.034146][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 265.040285][ T5812] Bluetooth: hci0: command 0x0c1a tx timeout [ 265.046370][ T5825] Bluetooth: hci4: command 0x0c1a tx timeout [ 265.052454][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 266.107756][ T8279] FAULT_INJECTION: forcing a failure. [ 266.107756][ T8279] name failslab, interval 1, probability 0, space 0, times 0 [ 266.124042][ T8279] CPU: 0 UID: 0 PID: 8279 Comm: syz.4.671 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 266.124067][ T8279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 266.124077][ T8279] Call Trace: [ 266.124083][ T8279] [ 266.124090][ T8279] dump_stack_lvl+0x16c/0x1f0 [ 266.124114][ T8279] should_fail_ex+0x512/0x640 [ 266.124134][ T8279] ? fs_reclaim_acquire+0xae/0x150 [ 266.124159][ T8279] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 266.124181][ T8279] should_failslab+0xc2/0x120 [ 266.124199][ T8279] __kmalloc_noprof+0xd2/0x510 [ 266.124220][ T8279] tomoyo_realpath_from_path+0xc2/0x6e0 [ 266.124243][ T8279] ? tomoyo_profile+0x47/0x60 [ 266.124271][ T8279] tomoyo_path_number_perm+0x245/0x580 [ 266.124288][ T8279] ? tomoyo_path_number_perm+0x237/0x580 [ 266.124309][ T8279] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 266.124326][ T8279] ? find_held_lock+0x2b/0x80 [ 266.124368][ T8279] ? find_held_lock+0x2b/0x80 [ 266.124388][ T8279] ? hook_file_ioctl_common+0x145/0x410 [ 266.124414][ T8279] ? __fget_files+0x20e/0x3c0 [ 266.124433][ T8279] security_file_ioctl+0x9b/0x240 [ 266.124451][ T8279] __x64_sys_ioctl+0xb7/0x210 [ 266.124476][ T8279] do_syscall_64+0xcd/0x4c0 [ 266.124493][ T8279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.124506][ T8279] RIP: 0033:0x7f91ae78e969 [ 266.124518][ T8279] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.124530][ T8279] RSP: 002b:00007f91af632038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 266.124544][ T8279] RAX: ffffffffffffffda RBX: 00007f91ae9b5fa0 RCX: 00007f91ae78e969 [ 266.124553][ T8279] RDX: 0000200000000000 RSI: 00000000c020aa04 RDI: 0000000000000003 [ 266.124561][ T8279] RBP: 00007f91af632090 R08: 0000000000000000 R09: 0000000000000000 [ 266.124569][ T8279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.124577][ T8279] R13: 0000000000000000 R14: 00007f91ae9b5fa0 R15: 00007fff0d9ebb38 [ 266.124595][ T8279] [ 266.124773][ T8279] ERROR: Out of memory at tomoyo_realpath_from_path. [ 266.478659][ T8282] Cannot find add_set index 0 as target [ 266.583430][ T8291] FAULT_INJECTION: forcing a failure. [ 266.583430][ T8291] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 266.598054][ T8291] CPU: 1 UID: 0 PID: 8291 Comm: syz.1.675 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 266.598075][ T8291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 266.598084][ T8291] Call Trace: [ 266.598089][ T8291] [ 266.598095][ T8291] dump_stack_lvl+0x16c/0x1f0 [ 266.598115][ T8291] should_fail_ex+0x512/0x640 [ 266.598138][ T8291] _copy_from_user+0x2e/0xd0 [ 266.598159][ T8291] copy_msghdr_from_user+0x98/0x160 [ 266.598179][ T8291] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 266.598211][ T8291] ___sys_sendmsg+0xfe/0x1d0 [ 266.598231][ T8291] ? __pfx____sys_sendmsg+0x10/0x10 [ 266.598247][ T8291] ? __lock_acquire+0x622/0x1c90 [ 266.598300][ T8291] __sys_sendmsg+0x16d/0x220 [ 266.598320][ T8291] ? __pfx___sys_sendmsg+0x10/0x10 [ 266.598356][ T8291] do_syscall_64+0xcd/0x4c0 [ 266.598378][ T8291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.598396][ T8291] RIP: 0033:0x7f0046f8e969 [ 266.598409][ T8291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.598426][ T8291] RSP: 002b:00007f0047d2c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 266.598442][ T8291] RAX: ffffffffffffffda RBX: 00007f00471b5fa0 RCX: 00007f0046f8e969 [ 266.598452][ T8291] RDX: 0000000004004890 RSI: 0000200000000040 RDI: 0000000000000003 [ 266.598462][ T8291] RBP: 00007f0047d2c090 R08: 0000000000000000 R09: 0000000000000000 [ 266.598477][ T8291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.598487][ T8291] R13: 0000000000000000 R14: 00007f00471b5fa0 R15: 00007fff4860e1e8 [ 266.598509][ T8291] [ 266.764611][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 267.029516][ T30] audit: type=1400 audit(1748721024.722:382): avc: denied { bind } for pid=8302 comm="syz.1.676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 267.049953][ T8297] 9pnet: p9_errstr2errno: server reported unknown error [ 269.291726][ T30] audit: type=1400 audit(1748721026.852:383): avc: denied { create } for pid=8310 comm="syz.1.681" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 269.488988][ T8321] pim6reg: entered allmulticast mode [ 269.513446][ T8321] pim6reg: left allmulticast mode [ 269.560130][ T8328] FAULT_INJECTION: forcing a failure. [ 269.560130][ T8328] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.599370][ T8328] CPU: 0 UID: 0 PID: 8328 Comm: syz.1.687 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 269.599398][ T8328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 269.599409][ T8328] Call Trace: [ 269.599415][ T8328] [ 269.599421][ T8328] dump_stack_lvl+0x16c/0x1f0 [ 269.599446][ T8328] should_fail_ex+0x512/0x640 [ 269.599480][ T8328] _copy_from_user+0x2e/0xd0 [ 269.599506][ T8328] copy_msghdr_from_user+0x98/0x160 [ 269.599526][ T8328] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 269.599552][ T8328] ? __lock_acquire+0x622/0x1c90 [ 269.599577][ T8328] ___sys_recvmsg+0xdb/0x1a0 [ 269.599596][ T8328] ? __pfx____sys_recvmsg+0x10/0x10 [ 269.599636][ T8328] __sys_recvmsg+0x16a/0x220 [ 269.599656][ T8328] ? __pfx___sys_recvmsg+0x10/0x10 [ 269.599698][ T8328] do_syscall_64+0xcd/0x4c0 [ 269.599720][ T8328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.599738][ T8328] RIP: 0033:0x7f0046f8e969 [ 269.599752][ T8328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.599769][ T8328] RSP: 002b:00007f0047d2c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 269.599787][ T8328] RAX: ffffffffffffffda RBX: 00007f00471b5fa0 RCX: 00007f0046f8e969 [ 269.599798][ T8328] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004 [ 269.599808][ T8328] RBP: 00007f0047d2c090 R08: 0000000000000000 R09: 0000000000000000 [ 269.599818][ T8328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.599828][ T8328] R13: 0000000000000000 R14: 00007f00471b5fa0 R15: 00007fff4860e1e8 [ 269.599853][ T8328] [ 269.824833][ T30] audit: type=1400 audit(1748721027.522:384): avc: denied { read } for pid=8329 comm="syz.4.688" name="usbmon9" dev="devtmpfs" ino=743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 269.908590][ T30] audit: type=1400 audit(1748721027.522:385): avc: denied { open } for pid=8329 comm="syz.4.688" path="/dev/usbmon9" dev="devtmpfs" ino=743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 269.932986][ T30] audit: type=1400 audit(1748721027.522:386): avc: denied { ioctl } for pid=8329 comm="syz.4.688" path="/dev/usbmon9" dev="devtmpfs" ino=743 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 269.967595][ T30] audit: type=1400 audit(1748721027.602:387): avc: denied { create } for pid=8338 comm="syz.2.691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 269.988655][ T30] audit: type=1400 audit(1748721027.662:388): avc: denied { read } for pid=8338 comm="syz.2.691" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 270.099859][ T30] audit: type=1400 audit(1748721027.662:389): avc: denied { open } for pid=8338 comm="syz.2.691" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 270.101960][ T8342] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11) [ 270.124001][ T30] audit: type=1400 audit(1748721027.662:390): avc: denied { ioctl } for pid=8338 comm="syz.2.691" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 270.129910][ T8342] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 270.195518][ T30] audit: type=1400 audit(1748721027.722:391): avc: denied { read append } for pid=8338 comm="syz.2.691" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 270.224982][ T8342] vhci_hcd vhci_hcd.0: Device attached [ 270.241662][ T30] audit: type=1400 audit(1748721027.722:392): avc: denied { open } for pid=8338 comm="syz.2.691" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 270.265746][ T30] audit: type=1400 audit(1748721027.752:393): avc: denied { create } for pid=8329 comm="syz.4.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 270.400364][ T58] vhci_hcd: vhci_device speed not set [ 270.413471][ T8343] vhci_hcd: connection closed [ 270.414849][ T1158] vhci_hcd: stop threads [ 270.430336][ T1204] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 270.433355][ T1158] vhci_hcd: release socket [ 270.447848][ T1158] vhci_hcd: disconnect device [ 270.470425][ T58] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 270.478431][ T58] usb 41-1: enqueue for inactive port 0 [ 270.539742][ T8352] FAULT_INJECTION: forcing a failure. [ 270.539742][ T8352] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 270.553106][ T8352] CPU: 0 UID: 0 PID: 8352 Comm: syz.2.693 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 270.553128][ T8352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 270.553137][ T8352] Call Trace: [ 270.553143][ T8352] [ 270.553149][ T8352] dump_stack_lvl+0x16c/0x1f0 [ 270.553171][ T8352] should_fail_ex+0x512/0x640 [ 270.553195][ T8352] _copy_from_user+0x2e/0xd0 [ 270.553218][ T8352] copy_msghdr_from_user+0x98/0x160 [ 270.553237][ T8352] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 270.553260][ T8352] ? lockdep_hardirqs_on+0x7c/0x110 [ 270.553287][ T8352] ? find_held_lock+0x2b/0x80 [ 270.553318][ T8352] ___sys_recvmsg+0xdb/0x1a0 [ 270.553337][ T8352] ? __pfx____sys_recvmsg+0x10/0x10 [ 270.553353][ T8352] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 270.553371][ T8352] ? rcu_preempt_deferred_qs_irqrestore+0x4f5/0xbc0 [ 270.553416][ T8352] __sys_recvmsg+0x16a/0x220 [ 270.553436][ T8352] ? __pfx___sys_recvmsg+0x10/0x10 [ 270.553464][ T8352] ? rcu_read_unlock_trace_special+0x2aa/0x3f0 [ 270.553487][ T8352] ? rcu_is_watching+0x12/0xc0 [ 270.553505][ T8352] do_syscall_64+0xcd/0x4c0 [ 270.553526][ T8352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.553543][ T8352] RIP: 0033:0x7feeba78e969 [ 270.553558][ T8352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.553575][ T8352] RSP: 002b:00007feeb85d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 270.553592][ T8352] RAX: ffffffffffffffda RBX: 00007feeba9b6080 RCX: 00007feeba78e969 [ 270.553603][ T8352] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000006 [ 270.553613][ T8352] RBP: 00007feeb85d5090 R08: 0000000000000000 R09: 0000000000000000 [ 270.553624][ T8352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 270.553633][ T8352] R13: 0000000000000000 R14: 00007feeba9b6080 R15: 00007ffd44e256a8 [ 270.553656][ T8352] [ 270.783086][ T58] vhci_hcd: vhci_device speed not set [ 270.961726][ T1204] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 270.970007][ T1204] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 270.978181][ T1204] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 270.987049][ T1204] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 270.997892][ T1204] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 271.008118][ T1204] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 271.017872][ T1204] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 271.033534][ T1204] usb 2-1: string descriptor 0 read error: -22 [ 271.039770][ T1204] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 271.056109][ T1204] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.084432][ T1204] usb 2-1: config 0 descriptor?? [ 271.094702][ T1204] hub 2-1:0.0: bad descriptor, ignoring hub [ 271.101911][ T1204] hub 2-1:0.0: probe with driver hub failed with error -5 [ 271.154751][ T1204] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input6 [ 271.394841][ T8361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.694'. [ 271.405797][ T8361] netlink: 12 bytes leftover after parsing attributes in process `syz.3.694'. [ 271.515591][ T8363] FAULT_INJECTION: forcing a failure. [ 271.515591][ T8363] name failslab, interval 1, probability 0, space 0, times 0 [ 271.528312][ T8363] CPU: 1 UID: 0 PID: 8363 Comm: syz.2.695 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 271.528337][ T8363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 271.528347][ T8363] Call Trace: [ 271.528353][ T8363] [ 271.528360][ T8363] dump_stack_lvl+0x16c/0x1f0 [ 271.528384][ T8363] should_fail_ex+0x512/0x640 [ 271.528407][ T8363] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 271.528436][ T8363] should_failslab+0xc2/0x120 [ 271.528455][ T8363] __kmalloc_cache_noprof+0x6a/0x3e0 [ 271.528479][ T8363] ? __schedule+0x1181/0x5de0 [ 271.528494][ T8363] ? __lock_acquire+0xb8a/0x1c90 [ 271.528514][ T8363] ? alloc_pipe_info+0x10e/0x590 [ 271.528537][ T8363] alloc_pipe_info+0x10e/0x590 [ 271.528559][ T8363] splice_direct_to_actor+0x77d/0xa30 [ 271.528590][ T8363] ? __pfx_direct_splice_actor+0x10/0x10 [ 271.528606][ T8363] ? __pfx___schedule+0x10/0x10 [ 271.528626][ T8363] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 271.528662][ T8363] do_splice_direct+0x174/0x240 [ 271.528690][ T8363] ? __pfx_do_splice_direct+0x10/0x10 [ 271.528718][ T8363] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 271.528749][ T8363] ? rw_verify_area+0x18c/0x680 [ 271.528772][ T8363] ? rw_verify_area+0xcf/0x680 [ 271.528799][ T8363] do_sendfile+0xb06/0xe50 [ 271.528830][ T8363] ? __pfx_do_sendfile+0x10/0x10 [ 271.528860][ T8363] ? rcu_is_watching+0x12/0xc0 [ 271.528875][ T8363] ? irqentry_exit+0x3b/0x90 [ 271.528897][ T8363] __x64_sys_sendfile64+0x1d8/0x220 [ 271.528918][ T8363] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 271.528948][ T8363] do_syscall_64+0xcd/0x4c0 [ 271.528969][ T8363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.528986][ T8363] RIP: 0033:0x7feeba78e969 [ 271.529000][ T8363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.529017][ T8363] RSP: 002b:00007feeb85b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 271.529033][ T8363] RAX: ffffffffffffffda RBX: 00007feeba9b6160 RCX: 00007feeba78e969 [ 271.529044][ T8363] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 271.529054][ T8363] RBP: 00007feeb85b4090 R08: 0000000000000000 R09: 0000000000000000 [ 271.529064][ T8363] R10: 0000000000200000 R11: 0000000000000246 R12: 0000000000000001 [ 271.529074][ T8363] R13: 0000000000000000 R14: 00007feeba9b6160 R15: 00007ffd44e256a8 [ 271.529099][ T8363] [ 271.766882][ T8362] xt_connbytes: Forcing CT accounting to be enabled [ 271.773621][ T8362] set match dimension is over the limit! [ 271.822577][ T5918] usb 2-1: USB disconnect, device number 3 [ 272.252237][ T8369] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 272.263684][ T8369] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 272.973600][ T8374] set match dimension is over the limit! [ 274.271266][ T8382] syz.3.702: attempt to access beyond end of device [ 274.271266][ T8382] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 274.339765][ T8382] xt_connbytes: Forcing CT accounting to be enabled [ 274.346445][ T8382] set match dimension is over the limit! [ 275.857984][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 275.858001][ T30] audit: type=1400 audit(1748721033.552:398): avc: denied { ioctl } for pid=8397 comm="syz.1.706" path="/dev/uinput" dev="devtmpfs" ino=920 ioctlcmd=0x5564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 276.063463][ T30] audit: type=1400 audit(1748721033.592:399): avc: denied { read write } for pid=8397 comm="syz.1.706" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 276.198054][ T30] audit: type=1400 audit(1748721033.592:400): avc: denied { open } for pid=8397 comm="syz.1.706" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 276.351507][ T30] audit: type=1400 audit(1748721033.622:401): avc: denied { create } for pid=8397 comm="syz.1.706" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 276.411821][ T30] audit: type=1400 audit(1748721033.632:402): avc: denied { ioctl } for pid=8397 comm="syz.1.706" path="socket:[14660]" dev="sockfs" ino=14660 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 276.496376][ T30] audit: type=1400 audit(1748721033.632:403): avc: denied { write } for pid=8397 comm="syz.1.706" name="001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 276.626954][ T8410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 276.643288][ T30] audit: type=1400 audit(1748721034.342:404): avc: denied { read write } for pid=8408 comm="syz.1.711" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 276.696575][ T8410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 277.120554][ T30] audit: type=1400 audit(1748721034.372:405): avc: denied { open } for pid=8408 comm="syz.1.711" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 277.152595][ T8410] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 277.152619][ T8418] netlink: 48 bytes leftover after parsing attributes in process `syz.2.712'. [ 277.202411][ T30] audit: type=1400 audit(1748721034.802:406): avc: denied { write } for pid=8405 comm="syz.3.709" name="sg0" dev="devtmpfs" ino=771 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 277.227579][ T8416] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 277.228703][ T30] audit: type=1400 audit(1748721034.812:407): avc: denied { open } for pid=8405 comm="syz.3.709" path="/dev/sg0" dev="devtmpfs" ino=771 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 277.321982][ T8424] FAULT_INJECTION: forcing a failure. [ 277.321982][ T8424] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 277.363009][ T8424] CPU: 0 UID: 0 PID: 8424 Comm: syz.0.715 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 277.363035][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 277.363045][ T8424] Call Trace: [ 277.363051][ T8424] [ 277.363057][ T8424] dump_stack_lvl+0x16c/0x1f0 [ 277.363080][ T8424] should_fail_ex+0x512/0x640 [ 277.363107][ T8424] _copy_from_user+0x2e/0xd0 [ 277.363132][ T8424] __sys_bpf+0x21d/0x4d80 [ 277.363155][ T8424] ? __pfx___sys_bpf+0x10/0x10 [ 277.363174][ T8424] ? ksys_write+0x190/0x250 [ 277.363193][ T8424] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 277.363226][ T8424] ? fput+0x70/0xf0 [ 277.363245][ T8424] ? ksys_write+0x1ac/0x250 [ 277.363259][ T8424] ? __pfx_ksys_write+0x10/0x10 [ 277.363279][ T8424] __x64_sys_bpf+0x78/0xc0 [ 277.363299][ T8424] ? lockdep_hardirqs_on+0x7c/0x110 [ 277.363317][ T8424] do_syscall_64+0xcd/0x4c0 [ 277.363338][ T8424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.363355][ T8424] RIP: 0033:0x7f0f5198e969 [ 277.363370][ T8424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.363387][ T8424] RSP: 002b:00007f0f528dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 277.363403][ T8424] RAX: ffffffffffffffda RBX: 00007f0f51bb5fa0 RCX: 00007f0f5198e969 [ 277.363414][ T8424] RDX: 0000000000000010 RSI: 0000200000000440 RDI: 000000000000000f [ 277.363430][ T8424] RBP: 00007f0f528dc090 R08: 0000000000000000 R09: 0000000000000000 [ 277.363440][ T8424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 277.363450][ T8424] R13: 0000000000000000 R14: 00007f0f51bb5fa0 R15: 00007fffb8977238 [ 277.363475][ T8424] [ 278.489358][ T8443] FAULT_INJECTION: forcing a failure. [ 278.489358][ T8443] name failslab, interval 1, probability 0, space 0, times 0 [ 278.502599][ T8443] CPU: 0 UID: 0 PID: 8443 Comm: syz.0.721 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 278.502622][ T8443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 278.502633][ T8443] Call Trace: [ 278.502639][ T8443] [ 278.502646][ T8443] dump_stack_lvl+0x16c/0x1f0 [ 278.502671][ T8443] should_fail_ex+0x512/0x640 [ 278.502693][ T8443] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 278.502713][ T8443] should_failslab+0xc2/0x120 [ 278.502733][ T8443] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 278.502751][ T8443] ? mas_alloc_nodes+0x18b/0x8b0 [ 278.502772][ T8443] mas_alloc_nodes+0x18b/0x8b0 [ 278.502795][ T8443] mas_node_count_gfp+0x105/0x130 [ 278.502814][ T8443] mas_preallocate+0x53e/0xcd0 [ 278.502841][ T8443] ? __pfx_mas_preallocate+0x10/0x10 [ 278.502872][ T8443] ? __asan_memset+0x23/0x50 [ 278.502901][ T8443] commit_merge+0x29a/0x1020 [ 278.502933][ T8443] ? __pfx_commit_merge+0x10/0x10 [ 278.502964][ T8443] ? vma_merge_existing_range+0x113c/0x1cd0 [ 278.502993][ T8443] ? dup_anon_vma.constprop.0+0x74/0x320 [ 278.503024][ T8443] vma_merge_existing_range+0xc50/0x1cd0 [ 278.503060][ T8443] ? __pfx_vma_merge_existing_range+0x10/0x10 [ 278.503096][ T8443] vma_modify+0x87/0x510 [ 278.503115][ T8443] vma_modify_flags+0x212/0x2d0 [ 278.503132][ T8443] ? __pfx_vma_modify_flags+0x10/0x10 [ 278.503148][ T8443] ? mtree_range_walk+0x718/0xc00 [ 278.503181][ T8443] mlock_fixup+0x27c/0xe50 [ 278.503203][ T8443] apply_mlockall_flags+0x2d4/0x470 [ 278.503222][ T8443] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 278.503240][ T8443] ? __pfx___might_resched+0x10/0x10 [ 278.503265][ T8443] ? __pfx_down_write_killable+0x10/0x10 [ 278.503288][ T8443] ? __pfx_ksys_write+0x10/0x10 [ 278.503309][ T8443] __do_sys_munlockall+0xc5/0x280 [ 278.503329][ T8443] do_syscall_64+0xcd/0x4c0 [ 278.503350][ T8443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.503368][ T8443] RIP: 0033:0x7f0f5198e969 [ 278.503383][ T8443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.503400][ T8443] RSP: 002b:00007f0f5289a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 278.503416][ T8443] RAX: ffffffffffffffda RBX: 00007f0f51bb6160 RCX: 00007f0f5198e969 [ 278.503428][ T8443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 278.503443][ T8443] RBP: 00007f0f5289a090 R08: 0000000000000000 R09: 0000000000000000 [ 278.503453][ T8443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 278.503463][ T8443] R13: 0000000000000000 R14: 00007f0f51bb6160 R15: 00007fffb8977238 [ 278.503488][ T8443] [ 278.762751][ T8443] vmg ffffc900032f7c80 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 278.773224][ T8443] vmg ffffc900032f7c80 state: mm ffff8880771fcb40 pgoff 200000000 [ 278.773224][ T8443] vmi ffffc900032f7e38 [200000000000,200000800000) [ 278.773224][ T8443] prev ffff888079088640 middle ffff888079088640 next 0000000000000000 target 0000000000000000 [ 278.773224][ T8443] start 200000000000 end 200000800000 flags 8100077 [ 278.773224][ T8443] file 0000000000000000 anon_vma ffff888077dcc000 policy 0000000000000000 [ 278.773224][ T8443] uffd_ctx 0000000000000000 [ 278.773224][ T8443] anon_name 0000000000000000 [ 278.773224][ T8443] state 0 [ 278.773224][ T8443] just_expand 0 [ 278.773224][ T8443] __adjust_middle_start 0 __adjust_next_start 0 [ 278.773224][ T8443] __remove_middle 0 __remove_next 0 [ 278.926118][ T8443] vmg ffffc900032f7c80 mm: [ 278.930752][ T8443] mm ffff8880771fcb40 task_size 140737488351232 [ 278.930752][ T8443] mmap_base 139703786295296 mmap_legacy_base 47929008873472 [ 278.930752][ T8443] pgd ffff888032bf4000 mm_users 4 mm_count 1 pgtables_bytes 135168 map_count 36 [ 278.930752][ T8443] hiwater_rss 14ed hiwater_vm 5f8c total_vm 5fef locked_vm 800 [ 278.930752][ T8443] pinned_vm 0 data_vm 23fb exec_vm 1a4 stack_vm 21 [ 278.930752][ T8443] start_code 7f0f51849000 end_code 7f0f519eadf9 start_data 7f0f51b90000 end_data 7f0f51b90000 [ 278.930752][ T8443] start_brk 55556a0ff000 brk 55556a133000 start_stack 7fffb8977aa0 [ 278.930752][ T8443] arg_start 7fffb8977f6d arg_end 7fffb8977f81 env_start 7fffb8977f81 env_end 7fffb8977fe9 [ 278.930752][ T8443] binfmt ffffffff8e812e20 flags 800007fd [ 278.930752][ T8443] ioctx_table 0000000000000000 [ 278.930752][ T8443] owner ffff8880355e2440 exe_file ffff88803406e380 [ 278.930752][ T8443] notifier_subscriptions 0000000000000000 [ 278.930752][ T8443] numa_next_scan 4294965046 numa_scan_offset 0 numa_scan_seq 0 [ 278.930752][ T8443] tlb_flush_pending 0 [ 278.930752][ T8443] def_flags: 0x0() [ 279.031445][ T8443] vmg ffffc900032f7c80 prev: [ 279.036076][ T8443] vma ffff888079088640 start 0000200000000000 end 0000200000800000 mm ffff8880771fcb40 [ 279.036076][ T8443] prot 25 anon_vma ffff888077dcc000 vm_ops 0000000000000000 [ 279.036076][ T8443] pgoff 200000000 file 0000000000000000 private_data 0000000000000000 [ 279.036076][ T8443] refcnt 1 [ 279.036076][ T8443] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty) [ 279.073326][ T8443] vmg ffffc900032f7c80 middle: [ 279.078139][ T8443] vma ffff888079088640 start 0000200000000000 end 0000200000800000 mm ffff8880771fcb40 [ 279.078139][ T8443] prot 25 anon_vma ffff888077dcc000 vm_ops 0000000000000000 [ 279.078139][ T8443] pgoff 200000000 file 0000000000000000 private_data 0000000000000000 [ 279.078139][ T8443] refcnt 1 [ 279.078139][ T8443] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty) [ 279.115616][ T8443] vmg ffffc900032f7c80 next: (NULL) [ 279.120974][ T8443] vmg ffffc900032f7c80 vmi: [ 279.125525][ T8443] MAS: tree=ffff8880771fcb80 enode=ffff88807846ee0c [ 279.125566][ T8443] (ma_active) [ 279.132401][ T8443] Store Type: [ 279.135728][ T8443] node_store [ 279.142302][ T8443] [6/10] index=200000000000 last=2000007fffff [ 279.148407][ T8443] min=0 max=55556a120fff alloc=0000000000000000, depth=1, flags=0 [ 279.156704][ T8443] maple_tree(ffff8880771fcb80) flags 30B, height 2 root ffff88802a95be1e [ 279.165187][ T8443] 0-ffffffffffffffff: node ffff88802a95be00 depth 0 type 3 parent ffff8880771fcb81 contents: 3555690fe000 29b9e56c4000 18c000 ffff800047688000 0 0 0 0 0 0 | 03 03| ffff88807846ee0c 55556A120FFF ffff888035347a0c 7F0F517FFFFF ffff88807846ec0c 7F0F5289BFFF ffff88807846e80c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 279.203305][ T8443] 0-55556a120fff: node ffff88807846ee00 depth 1 type 1 parent ffff88802a95be06 contents: 0000000000000000 110C22FFFF ffff888079088280 110E22FFFF 0000000000000000 1B2E61FFFF ffff888079088140 1B2E65FFFF 0000000000000000 1FFFFFFFEFFF ffff8880790883c0 1FFFFFFFFFFF ffff888079088640 2000007FFFFF ffff88807cd343c0 200000FFFFFF ffff888079088500 200001000FFF 0000000000000000 55556A0FEFFF ffff888079088780 55556A120FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 279.250416][ T8443] 0-110c22ffff: 0000000000000000 [ 279.255767][ T8443] 110c230000-110e22ffff: ffff888079088280 [ 279.261970][ T8443] 110e230000-1b2e61ffff: 0000000000000000 [ 279.268116][ T8443] 1b2e620000-1b2e65ffff: ffff888079088140 [ 279.274239][ T8443] 1b2e660000-1fffffffefff: 0000000000000000 [ 279.280586][ T8443] 1ffffffff000-1fffffffffff: ffff8880790883c0 [ 279.287032][ T8443] 200000000000-2000007fffff: ffff888079088640 [ 279.294432][ T8443] 200000800000-200000ffffff: ffff88807cd343c0 [ 279.301052][ T8443] 200001000000-200001000fff: ffff888079088500 [ 279.307582][ T8443] 200001001000-55556a0fefff: 0000000000000000 [ 279.314074][ T8443] 55556a0ff000-55556a120fff: ffff888079088780 [ 279.320594][ T8443] 55556a121000-7f0f517fffff: node ffff888035347a00 depth 1 type 1 parent ffff88802a95be0e contents: ffff888079088dc0 55556A132FFF 0000000000000000 7F0F4F7F6FFF ffff8880790888c0 7F0F4F7F7FFF ffff888079088a00 7F0F4FFF7FFF ffff888079088c80 7F0F4FFF8FFF ffff888026d80780 7F0F507F8FFF ffff888026d803c0 7F0F507FAFFF ffff888026d80140 7F0F50BFAFFF ffff888032e50dc0 7F0F50BFCFFF ffff888032e50b40 7F0F50FFCFFF ffff888032e50140 7F0F50FFEFFF ffff888032e503c0 7F0F513FEFFF ffff888032e50640 7F0F513FFFFF ffff888032e508c0 7F0F517FFFFF 0000000000000000 0 000000000000000d [ 279.372032][ T8443] 55556a121000-55556a132fff: ffff888079088dc0 [ 279.378498][ T8443] 55556a133000-7f0f4f7f6fff: 0000000000000000 [ 279.385017][ T8443] 7f0f4f7f7000-7f0f4f7f7fff: ffff8880790888c0 [ 279.391529][ T8443] 7f0f4f7f8000-7f0f4fff7fff: ffff888079088a00 [ 279.398280][ T8443] 7f0f4fff8000-7f0f4fff8fff: ffff888079088c80 [ 279.404890][ T8443] 7f0f4fff9000-7f0f507f8fff: ffff888026d80780 [ 279.411419][ T8443] 7f0f507f9000-7f0f507fafff: ffff888026d803c0 [ 279.417884][ T8443] 7f0f507fb000-7f0f50bfafff: ffff888026d80140 [ 279.424377][ T8443] 7f0f50bfb000-7f0f50bfcfff: ffff888032e50dc0 [ 279.430898][ T8443] 7f0f50bfd000-7f0f50ffcfff: ffff888032e50b40 [ 279.437339][ T8443] 7f0f50ffd000-7f0f50ffefff: ffff888032e50140 [ 279.443880][ T8443] 7f0f50fff000-7f0f513fefff: ffff888032e503c0 [ 279.450367][ T8443] 7f0f513ff000-7f0f513fffff: ffff888032e50640 [ 279.456833][ T8443] 7f0f51400000-7f0f517fffff: ffff888032e508c0 [ 279.463321][ T8443] 7f0f51800000-7f0f5289bfff: node ffff88807846ec00 depth 1 type 1 parent ffff88802a95be16 contents: ffff888032e50280 7F0F51848FFF ffff888032e50500 7F0F519EAFFF ffff888032e50780 7F0F51A97FFF ffff888032e50000 7F0F51B7CFFF ffff888032e50c80 7F0F51B85FFF 0000000000000000 7F0F51B8FFFF ffff888036867b40 7F0F526EDFFF 0000000000000000 7F0F52879FFF ffff88807cd34140 7F0F5287AFFF ffff88807cd34000 7F0F5289AFFF ffff88807cd34a00 7F0F5289BFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 279.512016][ T8443] 7f0f51800000-7f0f51848fff: ffff888032e50280 [ 279.518499][ T8443] 7f0f51849000-7f0f519eafff: ffff888032e50500 [ 279.525120][ T8443] 7f0f519eb000-7f0f51a97fff: ffff888032e50780 [ 279.531624][ T8443] 7f0f51a98000-7f0f51b7cfff: ffff888032e50000 [ 279.538130][ T8443] 7f0f51b7d000-7f0f51b85fff: ffff888032e50c80 [ 279.544687][ T8443] 7f0f51b86000-7f0f51b8ffff: 0000000000000000 [ 279.551226][ T8443] 7f0f51b90000-7f0f526edfff: ffff888036867b40 [ 279.557811][ T8443] 7f0f526ee000-7f0f52879fff: 0000000000000000 [ 279.564420][ T8443] 7f0f5287a000-7f0f5287afff: ffff88807cd34140 [ 279.571169][ T8443] 7f0f5287b000-7f0f5289afff: ffff88807cd34000 [ 279.577726][ T8443] 7f0f5289b000-7f0f5289bfff: ffff88807cd34a00 [ 279.584296][ T8443] 7f0f5289c000-ffffffffffffffff: node ffff88807846e800 depth 1 type 1 parent ffff88802a95be1e contents: ffff888022b218c0 7F0F528BBFFF ffff88807cd34280 7F0F528BCFFF ffff888022b21640 7F0F528DCFFF ffff888078c283c0 7F0F528E0FFF ffff888078c28280 7F0F528E2FFF ffff888078c28140 7F0F528E4FFF 0000000000000000 7FFFB8956FFF ffff888078c28000 7FFFB8977FFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 279.683464][ T8443] 7f0f5289c000-7f0f528bbfff: ffff888022b218c0 [ 279.724684][ T8443] 7f0f528bc000-7f0f528bcfff: ffff88807cd34280 [ 279.745387][ T8442] xt_connbytes: Forcing CT accounting to be enabled [ 279.767522][ T8443] 7f0f528bd000-7f0f528dcfff: ffff888022b21640 [ 279.782313][ T8442] Cannot find set identified by id 0 to match [ 279.784285][ T8451] netlink: 40 bytes leftover after parsing attributes in process `syz.3.725'. [ 279.797333][ T8443] 7f0f528dd000-7f0f528e0fff: ffff888078c283c0 [ 279.809204][ T8443] 7f0f528e1000-7f0f528e2fff: ffff888078c28280 [ 279.823125][ T8443] 7f0f528e3000-7f0f528e4fff: ffff888078c28140 [ 279.832389][ T8443] 7f0f528e5000-7fffb8956fff: 0000000000000000 [ 279.850483][ T8443] 7fffb8957000-7fffb8977fff: ffff888078c28000 [ 279.857046][ T8443] 7fffb8978000-ffffffffffffffff: 0000000000000000 [ 279.877326][ T8443] ------------[ cut here ]------------ [ 279.882927][ T8443] WARNING: CPU: 1 PID: 8443 at mm/vma.c:768 vma_merge_existing_range+0x5d1/0x1cd0 [ 279.892320][ T8443] Modules linked in: [ 279.896463][ T8443] CPU: 1 UID: 0 PID: 8443 Comm: syz.0.721 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 279.908984][ T8443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 279.919939][ T8443] RIP: 0010:vma_merge_existing_range+0x5d1/0x1cd0 [ 279.927470][ T8443] Code: 00 00 00 48 89 d8 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d4 ae 6c 09 e8 8f 3f a9 ff 48 c7 c6 a0 fe bb 8b 48 89 df e8 90 78 f2 ff 90 <0f> 0b 90 e9 9d fc ff ff e8 72 3f a9 ff 48 8b 54 24 20 48 b8 00 00 [ 279.947722][ T8443] RSP: 0018:ffffc900032f7b20 EFLAGS: 00010293 [ 279.953871][ T8443] RAX: 0000000000000000 RBX: ffffc900032f7c80 RCX: ffffffff8b72d883 [ 279.961933][ T8443] RDX: ffff8880347ea440 RSI: ffffffff8212ac20 RDI: 0000000000000006 [ 279.969967][ T8443] RBP: ffff888079088640 R08: 0000000000000006 R09: ffffffffffffffff [ 279.978106][ T8443] R10: ffffffffffffffff R11: 0000000000000001 R12: 0000200000800000 [ 279.986169][ T8443] R13: ffffc900032f7ca0 R14: ffff888079088640 R15: 0000200000000000 [ 279.994490][ T8443] FS: 00007f0f5289a6c0(0000) GS:ffff88812486e000(0000) knlGS:0000000000000000 [ 280.003534][ T8443] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 280.010798][ T8443] CR2: 0000001b2ecf8ff8 CR3: 0000000032bf4000 CR4: 00000000003526f0 [ 280.019522][ T8443] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 280.027575][ T8443] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 280.035593][ T8443] Call Trace: [ 280.038872][ T8443] [ 280.041851][ T8443] ? __pfx_vma_merge_existing_range+0x10/0x10 [ 280.047971][ T8443] vma_modify+0x87/0x510 [ 280.052246][ T8443] vma_modify_flags+0x212/0x2d0 [ 280.057110][ T8443] ? __pfx_vma_modify_flags+0x10/0x10 [ 280.062553][ T8443] ? mtree_range_walk+0x718/0xc00 [ 280.067598][ T8443] ? mas_walk+0x6a6/0x910 [ 280.071976][ T8443] mlock_fixup+0x27c/0xe50 [ 280.076406][ T8443] apply_mlockall_flags+0x2d4/0x470 [ 280.081908][ T8443] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 280.087869][ T8443] ? __pfx___might_resched+0x10/0x10 [ 280.093223][ T8443] ? __pfx_down_write_killable+0x10/0x10 [ 280.098885][ T8443] ? __pfx_ksys_write+0x10/0x10 [ 280.103798][ T8443] __do_sys_munlockall+0xc5/0x280 [ 280.108840][ T8443] do_syscall_64+0xcd/0x4c0 [ 280.114105][ T8443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.120757][ T8443] RIP: 0033:0x7f0f5198e969 [ 280.125201][ T8443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.144939][ T8443] RSP: 002b:00007f0f5289a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 280.153439][ T8443] RAX: ffffffffffffffda RBX: 00007f0f51bb6160 RCX: 00007f0f5198e969 [ 280.161516][ T8443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 280.169509][ T8443] RBP: 00007f0f5289a090 R08: 0000000000000000 R09: 0000000000000000 [ 280.177554][ T8443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 280.185567][ T8443] R13: 0000000000000000 R14: 00007f0f51bb6160 R15: 00007fffb8977238 [ 280.190487][ T1204] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 280.193597][ T8443] [ 280.204099][ T8443] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 280.211367][ T8443] CPU: 1 UID: 0 PID: 8443 Comm: syz.0.721 Not tainted 6.15.0-syzkaller-10401-gdee264c16a63 #0 PREEMPT(full) [ 280.222885][ T8443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 280.232924][ T8443] Call Trace: [ 280.236186][ T8443] [ 280.239099][ T8443] dump_stack_lvl+0x3d/0x1f0 [ 280.243680][ T8443] panic+0x71c/0x800 [ 280.247565][ T8443] ? __pfx_panic+0x10/0x10 [ 280.251967][ T8443] ? show_trace_log_lvl+0x29b/0x3e0 [ 280.257154][ T8443] ? check_panic_on_warn+0x1f/0xb0 [ 280.262256][ T8443] ? vma_merge_existing_range+0x5d1/0x1cd0 [ 280.268054][ T8443] check_panic_on_warn+0xab/0xb0 [ 280.272979][ T8443] __warn+0xf6/0x3c0 [ 280.276859][ T8443] ? vma_merge_existing_range+0x5d1/0x1cd0 [ 280.282656][ T8443] report_bug+0x3c3/0x580 [ 280.286970][ T8443] ? vma_merge_existing_range+0x5d1/0x1cd0 [ 280.292771][ T8443] handle_bug+0x184/0x210 [ 280.297101][ T8443] exc_invalid_op+0x17/0x50 [ 280.301606][ T8443] asm_exc_invalid_op+0x1a/0x20 [ 280.306438][ T8443] RIP: 0010:vma_merge_existing_range+0x5d1/0x1cd0 [ 280.312842][ T8443] Code: 00 00 00 48 89 d8 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d4 ae 6c 09 e8 8f 3f a9 ff 48 c7 c6 a0 fe bb 8b 48 89 df e8 90 78 f2 ff 90 <0f> 0b 90 e9 9d fc ff ff e8 72 3f a9 ff 48 8b 54 24 20 48 b8 00 00 [ 280.332434][ T8443] RSP: 0018:ffffc900032f7b20 EFLAGS: 00010293 [ 280.338486][ T8443] RAX: 0000000000000000 RBX: ffffc900032f7c80 RCX: ffffffff8b72d883 [ 280.346438][ T8443] RDX: ffff8880347ea440 RSI: ffffffff8212ac20 RDI: 0000000000000006 [ 280.354393][ T8443] RBP: ffff888079088640 R08: 0000000000000006 R09: ffffffffffffffff [ 280.362391][ T8443] R10: ffffffffffffffff R11: 0000000000000001 R12: 0000200000800000 [ 280.370342][ T8443] R13: ffffc900032f7ca0 R14: ffff888079088640 R15: 0000200000000000 [ 280.378316][ T8443] ? mt_dump_node+0xcd3/0x16d0 [ 280.383070][ T8443] ? vma_merge_existing_range+0x5d0/0x1cd0 [ 280.388875][ T8443] ? __pfx_vma_merge_existing_range+0x10/0x10 [ 280.394939][ T8443] vma_modify+0x87/0x510 [ 280.399164][ T8443] vma_modify_flags+0x212/0x2d0 [ 280.404014][ T8443] ? __pfx_vma_modify_flags+0x10/0x10 [ 280.409366][ T8443] ? mtree_range_walk+0x718/0xc00 [ 280.414385][ T8443] ? mas_walk+0x6a6/0x910 [ 280.418698][ T8443] mlock_fixup+0x27c/0xe50 [ 280.423102][ T8443] apply_mlockall_flags+0x2d4/0x470 [ 280.428283][ T8443] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 280.433984][ T8443] ? __pfx___might_resched+0x10/0x10 [ 280.439259][ T8443] ? __pfx_down_write_killable+0x10/0x10 [ 280.444877][ T8443] ? __pfx_ksys_write+0x10/0x10 [ 280.449729][ T8443] __do_sys_munlockall+0xc5/0x280 [ 280.454737][ T8443] do_syscall_64+0xcd/0x4c0 [ 280.459229][ T8443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.465120][ T8443] RIP: 0033:0x7f0f5198e969 [ 280.469516][ T8443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.489105][ T8443] RSP: 002b:00007f0f5289a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 280.497501][ T8443] RAX: ffffffffffffffda RBX: 00007f0f51bb6160 RCX: 00007f0f5198e969 [ 280.505469][ T8443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 280.513422][ T8443] RBP: 00007f0f5289a090 R08: 0000000000000000 R09: 0000000000000000 [ 280.521375][ T8443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 280.529328][ T8443] R13: 0000000000000000 R14: 00007f0f51bb6160 R15: 00007fffb8977238 [ 280.537295][ T8443] [ 280.540476][ T8443] Kernel Offset: disabled [ 280.544779][ T8443] Rebooting in 86400 seconds..