last executing test programs: 39.069686182s ago: executing program 4 (id=179): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000009b000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095000000000000002f81c461b3fea834ceb0e17d9838c2830ca7ce46e581a192326a3698c79205e02f1561b0a3c595448e9f7024b45fb2006c9917fe2a42fcd2ce278009682dc8f7c867b177ec5bd50b92aedef35b6cd87b56690b4c96f63ab021ee1cf616d8af74911d5e51b76d2c31b8bece7b0f"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x65) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1014}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_ACTIVE={0x5, 0x1d, 0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x0, 0x298, 0x200, 0x200, 0x298, 0x330, 0x330, 0x330, 0x330, 0x330, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428) r2 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r2, 0x0, 0x15, 0x0, &(0x7f00000000c0)) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000b29600008000280012800a00010076786c616e"], 0x50}}, 0x4000000) 37.794483513s ago: executing program 4 (id=184): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000600)={0x54, r1, 0x1, 0x0, 0x20, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x1000000}, {0xc}}]}, 0x54}}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, r1, 0x400, 0x70bd26, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x100}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @handle=@pci={{0x8}, {0x11}}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x4000844) sendmsg$IEEE802154_LLSEC_DEL_KEY(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf252800000008002c000900000005002e000500000005002b0002800000"], 0x2c}, 0x1, 0x0, 0x0, 0x48000}, 0x0) 37.63791585s ago: executing program 4 (id=186): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x2, 0x20}]}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}, @restrict={0x0, 0x0, 0x0, 0x4}]}}, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x200003, '\x00', 0x0, r0, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 37.127460339s ago: executing program 4 (id=188): r0 = socket$netlink(0x10, 0x3, 0x6) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r1, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x10040040}, 0x4) syz_usb_connect$uac1(0x1, 0x84, &(0x7f0000000700)={{0x12, 0x1, 0x341, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x72, 0x3, 0x1, 0x1, 0x10, 0xb8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7, 0x2}, [@feature_unit={0x13, 0x24, 0x6, 0x4, 0x1, 0x6, [0x4, 0x5, 0x5, 0x6, 0x1, 0x7], 0xa}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x18, 0x3, 0x6, {0x7, 0x25, 0x1, 0x100, 0x6, 0x3}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x9e, 0x7, 0x6, {0x7, 0x25, 0x1, 0x1, 0x4f, 0xf8}}}}}}}]}}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) 34.436128365s ago: executing program 4 (id=198): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000440)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x82) (fail_nth: 3) 34.017175646s ago: executing program 4 (id=199): r0 = timerfd_create(0x0, 0x800) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) dup(r3) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000004000000060000000800000000000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000000000000000000000010000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r5, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_ro(r6, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0) read$FUSE(r7, &(0x7f0000000440)={0x2020}, 0x2020) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, 0x0, 0x40) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) io_submit(0x0, 0x1, &(0x7f0000000240)=[&(0x7f0000000580)={0x4000000001000000, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x60}]) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x40, r9, 0x1, 0x1, 0x0, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6_vti0\x00'}]}, 0x40}, 0x1, 0x40030000000000, 0x0, 0x4}, 0x0) socket$netlink(0x10, 0x3, 0x14) 18.933704096s ago: executing program 32 (id=199): r0 = timerfd_create(0x0, 0x800) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) dup(r3) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000004000000060000000800000000000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000000000000000000000010000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r5, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_ro(r6, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0) read$FUSE(r7, &(0x7f0000000440)={0x2020}, 0x2020) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, 0x0, 0x40) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) io_submit(0x0, 0x1, &(0x7f0000000240)=[&(0x7f0000000580)={0x4000000001000000, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x60}]) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x40, r9, 0x1, 0x1, 0x0, {0x2, 0x2, 0x2}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6_vti0\x00'}]}, 0x40}, 0x1, 0x40030000000000, 0x0, 0x4}, 0x0) socket$netlink(0x10, 0x3, 0x14) 8.78487349s ago: executing program 2 (id=277): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000600)=ANY=[], 0x48) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x0, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x80000100008b}, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r3, &(0x7f0000000240)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$bt_BT_FLUSHABLE(r3, 0x112, 0x8, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) 7.769280845s ago: executing program 2 (id=278): accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40000) syz_usb_connect(0x3, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x5f, 0xdf, 0x3e, 0x8, 0xeb1, 0x7007, 0x209, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe4, 0x5, 0x0, 0xff, 0x0, 0xff}}]}}]}}, 0x0) 7.613895578s ago: executing program 3 (id=279): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000001940), 0x101202, 0x0) write$FUSE_DIRENTPLUS(r4, &(0x7f00000020c0)={0xb8, 0xfffffffffffffff5, 0x0, [{{0x5, 0x1, 0x8, 0xffffffffffffff77, 0x7, 0x281, {0x6, 0x0, 0x6, 0x0, 0x8ed, 0x8, 0x9cc, 0x6, 0x200, 0x0, 0x8, 0xee01, 0x0, 0x0, 0x9}}, {0x5, 0x5, 0xf, 0x10000, '/dev/cpu/#/msr\x00'}}]}, 0xb8) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={0x0, 0xb8}, 0x1, 0xfffff000}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x3c1, 0x3, 0x390, 0x190, 0x6c, 0x0, 0x0, 0x0, 0x2c0, 0x258, 0x258, 0x2c0, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @private0, [], [], 'wlan1\x00', '\x00', {}, {}, 0x11}, 0x0, 0x128, 0x190, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0x7}}, @common=@inet=@multiport={{0x50}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}, {{@ipv6={@private0, @empty, [], [], 'lo\x00', 'erspan0\x00'}, 0x0, 0xf8, 0x130, 0x0, {}, [@common=@hl={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x2001}}, {0x28}}}}, 0x3f0) 7.185171614s ago: executing program 1 (id=281): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000000)={0x8, 0x2, 0x7}) 6.436256203s ago: executing program 3 (id=282): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38) 5.912928032s ago: executing program 1 (id=283): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x2c9ab000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) fadvise64(r0, 0x5851, 0x0, 0x4) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) 5.625092548s ago: executing program 0 (id=284): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0xe, &(0x7f00000011c0)=ANY=[@ANYBLOB="b702000000000080bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7050000080000001e2400000000000045040400010000001704000001000a00b7040000000100006a0af2fe000000008500000044000000b70000000000000095000000000000009e17f199a68b061b93d83298a8cdda1ce784909b849d5550ad855dab54d8877a6db61d69f2ffcaa10350e11cb97ce8df1bc9a0c4eeceb9171e43405d621ffbc9b0d8ca56b50f0c010d631f6dbc8486bc5d5bf2ca8285056892db03cf1c62dd7c08a90b189d190c341035de53a9a53608c10556e5734eb84049761451ce540c772e069f80cb201b2de17dfdb4b60939d5d6aed4062049b87e03e2cd18568136207304e26f7fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8000000000000000b91c61bd99dc89f12907af7dccd106cb937b450f859ce8292a79c3e40000b59b0fc46d6cec3c080a882add4e1179bd4a44f231a2d73148be428ba953df4aece69311687f4122073a236c3a32efa04137d46f0247d2638da3261c8162bb7c7824be6195a66d2e17e122040e11001131ce319045e5b3334e68475ac3f46aa2837f9004600daded9b19b35eebe52613c346e255421b23a278fd00004270b1cd5fc9aa2286ccca37db965d9dd366598f5ec993cb0cf127e2a46cfbdf63eea190d86a4d1b75ae98480100d33128954a7d093a54f7e75b3753508ca3c41685d1e407315e59d626c23b3f89a926e9382966853774e7dd1f1a2177cdf2802237c177d543e8da47a01f05e117e53518270239b69c117e2637c31085f4d8a596b6edab26afaf6605b231199f38a6fc7eb83714387450ea18eafbace8eec18a4b2c442e7b88a7611c1283bec84e1715fb9f4fcaf52c08058fc4f21c0ad71adabdd850aed3feec6eaab347bdf474e17b9aa345d1e6e3bb83f90230bdf53e7d0e5c3f914d905422b83f30936674ba8f0bffaf2305c0972df71fe5f4e01506471e897bced7798509e64df360d95f9a4099f864b0ba45efbdbd1d9db21a1d5c065567fd70aae68096827fa5c2d9bd20292344c7dcf6241447cfbb05b5d0fdb4e08afbac5397b64aa369922ed7ed8918f97294b6854210d2b93aaf92159dbaa2f186d4a420c68d6baf1c31de4f0bf478bfd51bb1e96ea849a80ae5a89be7e38474c7aade344d68324f9e12a6b9770e6bd12ae69efffaee58040753701af84c2924c1b5aea1650f42c9ae9820a33095f062fb88313d035ea405515a61a4be64f9fa0985c5be592090cc48291004609fdac2ab6100000000000000a84570c7c00d647daf8af334050b61e9b2d3f0adad1d1ff47be19b8da2799e9ecef8efabe73f92dbd0760f8bbd9c710bd1371e2b5d9a2ea2190f5e4f5cd641cdfe5d89f84a368ef7e6ff1eacdc0ec9e97b8f9c9e314661ea0aa8a104008d188b66b3a4aedeed9df4238a08fc2fb1007233cc2c87fcaa0cccd8ec03444471c1dd660c73acc17bff740d199a7c0c52c63c0408b5158e0000000c275eedb02f141113cf2c55b2c08c2c68cc99d2bb5840fba332e1c82862ec9b90104c48e41d32a47ac94ddee815dba8aeb5d3121cf247a81aef7805b020e9eec44cbe3055be69fe066824ba2292b9cdce41635fc00df96fb10a3a8cc60c4a76c65ebbb0640e0a29de94edf5cbefac1c5fa96e7080af804b22cabce10ea52f1018527f4aa39cdafa3eff63de2a7f50d042667820f6f86f276afb2b81da301e031351ee13013137e9d5cec0c84d7e3f82c6fd12eb98f9ea654bcb9ce59a2015183c6e65bb0537e611b830d74c30fb8207fca0990acdbb51e4e234026e00000000b3ebae3eb52c140953a350fcf0124b1a30b1afc29ea56f8413686d912eb8118d73ef9c6d3843ebcb555301c0205dd3040000002e334319c8979c322e92fbc2c400009f2404b941553843de114fdb03c19d606bd760c40f7f28360820b82d548198041562bcbd9edce223b54cf3c35823f3c446f0a20160ac181c96606dbc967673aca98d6f5637b20fd2809a29ea5e40139a19415f7fc5d852209bdfed74008651752b5e052412d3e00a44417b7caf91a173925a66ee6e30723e73f3b7d66d2a5d09ff40c0bc6e7a5cfef7f327018578892a23014c3629f2e41af619f0d9f0ec8d551415051ff94391c03f3501c928ed7818af61729278f84d4730ef28af4c202e0f175e2a5cbddc8b973e2701b33f1b963025220c04817010b6fb70"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={r6, 0x9}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000040)={r6, 0x7}, &(0x7f0000000180)=0x8) 4.707768791s ago: executing program 1 (id=285): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r1, {0x0, 0x8309}, {0xffff, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4, 0x0, 0x0, 0x1000], [0x0, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xfff}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xbff3}]}]}]}}]}, 0xac}, 0x1, 0x7a00}, 0x0) 4.686767289s ago: executing program 0 (id=286): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="02000000040000000800000001000000"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYBLOB], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r3}, 0x10) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x11, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r7, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 4.52514417s ago: executing program 3 (id=287): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@fallback=r0, 0x13, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x0, 0x0, 0x0], &(0x7f00000002c0)}, 0x40) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x90013c9e39e0e30e, &(0x7f0000000a00)={@multicast2, @dev}, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r4, &(0x7f0000000280)={0x6, 0x118, 0xfa00, {{0x0, 0x2, "0e5ed184e8980d13332bc8d353548ce2ee988b71c5389df5fcbfbaa2596bd241ea5bdee2a7a02b4f1cc948b5ca6f9511fa183f282f6e92b77718104f1977fd848ae2995a9639d1ebc93a2d8cba6e44b9f67228fb075a9ee56fafda1cc5b09caf1a1fed9469ff27940b4227bb217d3d4e13d74e0399edab9fd30264229c1501440e9c69ae2122c578b269815a303ea3fbae954b1b65ec6b968029d47ee356a216a3fb8c7dc063ee897423b42a0a3e2d4ce4463010c5b628baf4434ccd81f8c4d6ab1bcb59a68be78e7b24dacdcdd4b3a9b3dcd11ae916b2ae8d264910beb343ce70bf0a38f3564822a19293abb3530887dc163c0f863b0eea4dcc391f4a32aa08", 0xb, 0x3, 0x4, 0xd, 0x2e, 0x4, 0x1, 0x1}, r5}}, 0x120) r6 = signalfd(r3, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x20) r7 = socket$igmp(0x2, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCSIFADDR(r9, 0x8936, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x3f}, 0x78, r8}) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r6, 0x40bc5311, &(0x7f0000000440)={0x8, 0x2, 'client0\x00', 0x2, "e3c734dddc22be3d", "9a91a765052a24d6efa2b8635a87a01e50b3324df85a2ca1d459a31c3c0a2b7e", 0x9}) r10 = syz_open_dev$evdev(&(0x7f0000000080), 0xa, 0x80) ioctl$EVIOCGABS0(r10, 0x80184520, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_sock_diag(0x10, 0x3, 0x4) 4.367105394s ago: executing program 0 (id=288): r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r0, 0x0, 0x0) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61122400000000006113340000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000560300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c785fb77dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25f40c87bf25b750bbaa"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close_range(0xffffffffffffffff, r0, 0x2) bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) 4.299490475s ago: executing program 1 (id=289): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r0, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000140)='%pi6 \x00'}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0xe, 0x0, &(0x7f0000000180)="00823e1661579e9c1cfe3ccb12cd", 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.341356998s ago: executing program 3 (id=290): newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x100) setresuid(0x0, r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setfsgid(r2) 3.341129969s ago: executing program 0 (id=291): syz_usb_connect(0x1, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="04"], 0x9) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) 3.249829005s ago: executing program 1 (id=292): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x101) r1 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r1, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @dev}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r2) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x14, r3, 0x2, 0x70bd2c, 0x25dfdbfb}, 0x14}}, 0x4000081) 3.227678949s ago: executing program 3 (id=293): socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$nl_netfilter(0x10, 0x3, 0xc) fsopen(&(0x7f0000000080)='ext3\x00', 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) select(0x40, &(0x7f0000000000)={0x1, 0x2, 0x6, 0x7, 0x6, 0x8, 0x1, 0x100}, 0x0, &(0x7f0000000080)={0x7ff, 0xff, 0xffffffff, 0x2, 0xffffffffffffd2c5, 0x6, 0x6, 0x7}, &(0x7f0000000100)) 3.080758758s ago: executing program 2 (id=294): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e23, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7ff}}, 0x0, 0x0, 0x24, 0x0, "43cad7244bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8) setsockopt$inet_tcp_int(r0, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) socket$inet6(0x10, 0x2, 0x4) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) r2 = openat$adsp1(0xffffffffffffff9c, 0x0, 0xc0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCDELRT(r7, 0x890c, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000080)={0x15, 0x2, 0x0, "343d1000000000000000000001e6c900fcffffff1000000000000000000800", 0x3132564e}) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f00000000c0)={0x0, 0x1000}, 0x4) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x2d, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900"}) 3.064221965s ago: executing program 3 (id=295): ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000480)={0x0, "69693d35f5fa1127e1a67696fdac1ae5"}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) accept(0xffffffffffffffff, &(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, &(0x7f0000000040)=0x80) recvmmsg(r1, &(0x7f0000004dc0), 0x0, 0x40000000, &(0x7f0000004ec0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = dup(r5) r7 = epoll_create1(0x0) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000001040)) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x41) rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') write$UHID_INPUT(r6, &(0x7f0000001040)={0xa, {"a2e3ad08ed6b52f99cfbf4c087f71e9b3d0963ff7fc6e5539b9b3b0a8b9b441b4552101b080d29558f0e1ac6e7049b3468959b189a242a9b4bf3988f7ef319520700ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x4, 0x11, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2.291403248s ago: executing program 1 (id=296): syz_usb_connect(0x5, 0xe4, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000017ffd340b1134200bbdf000000010902d200010000400009046a00067af4190009050f1020"], 0x0) 2.091634989s ago: executing program 2 (id=297): r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) sendto(r0, &(0x7f0000000040)="f4c3a1d8119a8d242d3b28eaa0dbc1379681ca729c93b2c1a1ea0c82c6d82e6bed6dc0eb064f1f87765557", 0x2b, 0x20028080, &(0x7f0000000180)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1}, 0x80) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_dev$video4linux(&(0x7f0000001380), 0x5, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)={0x90, 0x0, 0x0, {0x3, 0x0, 0x28, 0x0, 0x0, 0x20, {0x0, 0x0, 0x100, 0x0, 0x0, 0x4, 0x8000000, 0x0, 0x0, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) connect$llc(r0, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x10) close_range(0xffffffffffffffff, r0, 0x2) r4 = syz_init_net_socket$llc(0x1a, 0x802, 0x0) bind$llc(r4, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) close(r4) 1.143699564s ago: executing program 2 (id=298): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f000000e0c0), 0x10010) ioctl$int_in(r4, 0x5421, &(0x7f0000000000)=0x3) sendfile(r4, r5, &(0x7f0000000100)=0x6, 0x100000000010001) 1.065621047s ago: executing program 0 (id=299): r0 = gettid() prctl$PR_SCHED_CORE(0x3e, 0x2, r0, 0x1, &(0x7f0000000100)) getpgrp(r0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r2 = creat(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000380)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x8000, 0x4, {0x0, 0x1}, 0x3, 0x800}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, 0x0) r6 = syz_open_dev$dri(0x0, 0x3ffffffffffffffd, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000440)={r8, 0x2, 0x0, 0x0, 0x0, [], [], [0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x24, 0xa]}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000500)={0x0}) r9 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r9, 0x11b, 0x4, 0x0, 0x0) 34.64188ms ago: executing program 0 (id=300): bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) fcntl$setlease(r1, 0x400, 0x0) mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket(0x10, 0x3, 0x0) 0s ago: executing program 2 (id=301): openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/14], 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc6f, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r5 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r3, 0x0) pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r6, 0x81) keyctl$KEYCTL_WATCH_KEY(0x20, r5, r4, 0xffffffffffffffff) kernel console output (not intermixed with test programs): exists on: batadv_slave_0 [ 57.603877][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.614410][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.625084][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.635612][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.656902][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.668167][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.681443][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.692141][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.702899][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.713314][ T5819] veth0_vlan: entered promiscuous mode [ 57.727671][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.743440][ T5832] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.752762][ T5832] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.761908][ T5832] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.770978][ T5832] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.784779][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.795090][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.812298][ T5819] veth1_vlan: entered promiscuous mode [ 57.869502][ T3627] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.881577][ T3627] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.903463][ T5819] veth0_macvtap: entered promiscuous mode [ 57.913177][ T30] audit: type=1400 audit(1741841839.323:112): avc: denied { mounton } for pid=5829 comm="syz-executor" path="/root/syzkaller.wYt6UG/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 57.928881][ T3627] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.961149][ T3627] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.966515][ T30] audit: type=1400 audit(1741841839.363:113): avc: denied { mount } for pid=5829 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 57.998173][ T5825] Bluetooth: hci1: command tx timeout [ 57.998492][ T54] Bluetooth: hci0: command tx timeout [ 58.021392][ T30] audit: type=1400 audit(1741841839.363:114): avc: denied { mounton } for pid=5829 comm="syz-executor" path="/root/syzkaller.wYt6UG/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 58.048141][ T5819] veth1_macvtap: entered promiscuous mode [ 58.059038][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 58.067791][ T54] Bluetooth: hci2: command tx timeout [ 58.075409][ T5825] Bluetooth: hci3: command tx timeout [ 58.101160][ T30] audit: type=1400 audit(1741841839.363:115): avc: denied { mount } for pid=5829 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 58.105774][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.136005][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.139338][ T30] audit: type=1400 audit(1741841839.363:116): avc: denied { mounton } for pid=5829 comm="syz-executor" path="/root/syzkaller.wYt6UG/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 58.146436][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.178307][ T30] audit: type=1400 audit(1741841839.373:117): avc: denied { mounton } for pid=5829 comm="syz-executor" path="/root/syzkaller.wYt6UG/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7531 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 58.184235][ T5825] Bluetooth: hci4: command tx timeout [ 58.216232][ T30] audit: type=1400 audit(1741841839.373:118): avc: denied { unmount } for pid=5829 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 58.219647][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.236768][ T30] audit: type=1400 audit(1741841839.413:119): avc: denied { mounton } for pid=5829 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2724 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 58.251771][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.269143][ T30] audit: type=1400 audit(1741841839.413:120): avc: denied { mount } for pid=5829 comm="syz-executor" name="/" dev="gadgetfs" ino=7550 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 58.283841][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.312804][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.327595][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.337811][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.350146][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.371111][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.400174][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.421231][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.431191][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.442322][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.452263][ T5819] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.462815][ T5819] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.479386][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.481404][ T5899] Zero length message leads to an empty skb [ 58.510370][ T5819] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.519469][ T5819] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.528737][ T5819] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.538010][ T5819] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.581342][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.598703][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.639793][ T5826] veth0_vlan: entered promiscuous mode [ 58.700887][ T5826] veth1_vlan: entered promiscuous mode [ 58.728990][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.752146][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.774753][ T5826] veth0_macvtap: entered promiscuous mode [ 58.808124][ T5826] veth1_macvtap: entered promiscuous mode [ 58.835156][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.845779][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.859464][ T5906] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 58.860453][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.914575][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.925467][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.949155][ T5869] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 58.959545][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.969856][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.980713][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.992590][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.020656][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.032844][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.045053][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.057878][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.067994][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.078473][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.092322][ T5826] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.103800][ T5826] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.118326][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.127241][ T5869] usb 3-1: Using ep0 maxpacket: 16 [ 59.154146][ T5869] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 59.170652][ T5826] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.183064][ T5869] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 59.195615][ T5826] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.208849][ T5869] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 59.223679][ T5826] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.234937][ T5869] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 59.248737][ T5826] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.261172][ T3522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.280959][ T3522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.323675][ T5869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.372279][ T5869] usb 3-1: config 0 descriptor?? [ 59.379005][ T3522] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.398418][ T3522] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.437772][ T5919] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9'. [ 59.646136][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.750079][ T5935] ip6tnl0 speed is unknown, defaulting to 1000 [ 59.764540][ T5935] ip6tnl0 speed is unknown, defaulting to 1000 [ 59.777724][ T5935] ip6tnl0 speed is unknown, defaulting to 1000 [ 59.956136][ T5935] infiniband syz0: set active [ 59.961007][ T5935] infiniband syz0: added ip6tnl0 [ 60.510709][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.512282][ T5869] HID 045e:07da: Invalid code 65791 type 1 [ 60.524139][ T5825] Bluetooth: hci0: command tx timeout [ 60.524196][ T54] Bluetooth: hci1: command tx timeout [ 60.535911][ T5822] Bluetooth: hci2: command tx timeout [ 60.536675][ T5935] RDS/IB: syz0: added [ 60.541448][ T5827] Bluetooth: hci3: command tx timeout [ 60.545549][ T5935] smc: adding ib device syz0 with port count 1 [ 60.566774][ T5935] smc: ib device syz0 port 1 has pnetid [ 60.641864][ T5825] Bluetooth: hci4: command tx timeout [ 60.652704][ T5869] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0001/input/input5 [ 60.680318][ T977] ip6tnl0 speed is unknown, defaulting to 1000 [ 60.767398][ T5869] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 60.792989][ T976] ip6tnl0 speed is unknown, defaulting to 1000 [ 60.821264][ T5935] ip6tnl0 speed is unknown, defaulting to 1000 [ 60.899301][ T5935] ip6tnl0 speed is unknown, defaulting to 1000 [ 60.975354][ T5935] ip6tnl0 speed is unknown, defaulting to 1000 [ 61.051289][ T5935] ip6tnl0 speed is unknown, defaulting to 1000 [ 61.146236][ T5935] ip6tnl0 speed is unknown, defaulting to 1000 [ 61.302467][ T5869] usb 3-1: USB disconnect, device number 2 [ 61.667763][ T976] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 61.918370][ T976] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 61.930162][ T976] usb 1-1: config 0 interface 0 has no altsetting 0 [ 61.952536][ T976] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 61.985416][ T54] Bluetooth: hci1: Ignoring connect complete event for invalid link type [ 62.099247][ T976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.107360][ T976] usb 1-1: Product: syz [ 62.111556][ T976] usb 1-1: Manufacturer: syz [ 62.116301][ T976] usb 1-1: SerialNumber: syz [ 62.123148][ T976] usb 1-1: config 0 descriptor?? [ 62.625438][ T976] usb 1-1: selecting invalid altsetting 0 [ 62.707508][ T54] Bluetooth: hci1: command tx timeout [ 62.712944][ T54] Bluetooth: hci3: command tx timeout [ 62.718444][ T5827] Bluetooth: hci2: command tx timeout [ 62.723824][ T5827] Bluetooth: hci4: command tx timeout [ 62.729263][ T5136] Bluetooth: hci0: command tx timeout [ 62.776895][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 62.805878][ T30] kauditd_printk_skb: 63 callbacks suppressed [ 62.805893][ T30] audit: type=1400 audit(1741841844.213:184): avc: denied { create } for pid=5949 comm="syz.0.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 62.861939][ T976] usb 1-1: USB disconnect, device number 2 [ 62.936840][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 62.945533][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 63.012074][ T5962] warning: `syz.2.17' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 63.131762][ T30] audit: type=1400 audit(1741841844.543:185): avc: denied { create } for pid=5959 comm="syz.1.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 63.199412][ T5812] udevd[5812]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 63.238033][ T30] audit: type=1400 audit(1741841844.543:186): avc: denied { write } for pid=5959 comm="syz.1.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 63.316801][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 63.326690][ T30] audit: type=1400 audit(1741841844.543:187): avc: denied { wake_alarm } for pid=5959 comm="syz.1.16" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 63.423399][ T30] audit: type=1400 audit(1741841844.543:188): avc: denied { create } for pid=5959 comm="syz.1.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 63.526886][ T30] audit: type=1400 audit(1741841844.543:189): avc: denied { connect } for pid=5959 comm="syz.1.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 63.547581][ T30] audit: type=1400 audit(1741841844.543:190): avc: denied { shutdown } for pid=5959 comm="syz.1.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 63.620491][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 63.629966][ T30] audit: type=1400 audit(1741841844.793:191): avc: denied { unlink } for pid=5964 comm="syz.1.18" name="#1" dev="tmpfs" ino=43 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 63.662681][ T30] audit: type=1400 audit(1741841844.803:192): avc: denied { mount } for pid=5964 comm="syz.1.18" name="/" dev="overlay" ino=38 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 63.685567][ T30] audit: type=1400 audit(1741841845.073:193): avc: denied { create } for pid=5970 comm="syz.1.20" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 63.722454][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 63.828092][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 63.836401][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 64.077164][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 64.146792][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 64.583967][ T5866] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 64.837389][ T5866] usb 3-1: Using ep0 maxpacket: 8 [ 65.001295][ T5866] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 65.147833][ T5989] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 65.424003][ T5990] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 65.937276][ T5866] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 66.061913][ T5981] ip6tnl0 speed is unknown, defaulting to 1000 [ 66.325188][ T5866] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 66.340132][ T5866] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 66.351834][ T5866] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 66.371149][ T5866] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.405492][ T5866] usb 3-1: can't set config #1, error -71 [ 66.415268][ T5866] usb 3-1: USB disconnect, device number 3 [ 68.353814][ T6017] netlink: 28 bytes leftover after parsing attributes in process `syz.3.29'. [ 69.111297][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 69.111313][ T30] audit: type=1400 audit(1741841849.443:217): avc: denied { create } for pid=6011 comm="syz.3.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 69.147375][ T30] audit: type=1400 audit(1741841849.703:218): avc: denied { read write } for pid=6011 comm="syz.3.29" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 69.172032][ T30] audit: type=1400 audit(1741841849.703:219): avc: denied { open } for pid=6011 comm="syz.3.29" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 69.486775][ T30] audit: type=1400 audit(1741841850.853:220): avc: denied { create } for pid=6014 comm="syz.1.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 69.969600][ T30] audit: type=1400 audit(1741841850.863:221): avc: denied { write } for pid=6014 comm="syz.1.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 70.063816][ T6024] xt_hashlimit: Unknown mode mask 2000, kernel too old? [ 70.083351][ T6024] netlink: 8 bytes leftover after parsing attributes in process `syz.1.33'. [ 70.096742][ T30] audit: type=1400 audit(1741841850.863:222): avc: denied { connect } for pid=6014 comm="syz.1.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 70.194341][ T6026] ptrace attach of "./syz-executor exec"[5823] was attempted by " [ 70.648690][ T30] audit: type=1400 audit(1741841850.863:223): avc: denied { name_connect } for pid=6014 comm="syz.1.30" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 70.739693][ C0] vkms_vblank_simulate: vblank timer overrun [ 71.127743][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.134259][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.386746][ T6037] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 72.076685][ T30] audit: type=1400 audit(1741841853.483:224): avc: denied { ioctl } for pid=6041 comm="syz.4.37" path="socket:[8882]" dev="sockfs" ino=8882 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 72.258242][ T30] audit: type=1400 audit(1741841853.483:225): avc: denied { create } for pid=6041 comm="syz.4.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 72.295941][ T30] audit: type=1400 audit(1741841853.703:226): avc: denied { read write } for pid=6045 comm="syz.2.39" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 73.362289][ T6059] netlink: 20 bytes leftover after parsing attributes in process `syz.2.40'. [ 73.866808][ T5821] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 74.376671][ T977] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 74.505761][ T6069] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 74.536732][ T977] usb 5-1: device descriptor read/64, error -71 [ 74.567959][ T5821] usb 1-1: Using ep0 maxpacket: 8 [ 74.577966][ T5821] usb 1-1: no configurations [ 74.582670][ T5821] usb 1-1: can't read configurations, error -22 [ 74.603575][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 74.603588][ T30] audit: type=1326 audit(1741841856.013:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6070 comm="syz.1.44" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc18258d169 code=0x0 [ 74.651435][ T6074] capability: warning: `syz.3.45' uses deprecated v2 capabilities in a way that may be insecure [ 74.718672][ T5821] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 74.744438][ T30] audit: type=1400 audit(1741841856.153:230): avc: denied { setopt } for pid=6078 comm="syz.3.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 74.769954][ T30] audit: type=1400 audit(1741841856.183:231): avc: denied { bind } for pid=6078 comm="syz.3.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 74.790635][ T30] audit: type=1400 audit(1741841856.203:232): avc: denied { bind } for pid=6078 comm="syz.3.46" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 74.816641][ T977] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 74.865314][ T30] audit: type=1400 audit(1741841856.273:233): avc: denied { connect } for pid=6078 comm="syz.3.46" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 74.888876][ T5821] usb 1-1: Using ep0 maxpacket: 8 [ 74.904607][ T5821] usb 1-1: no configurations [ 74.909356][ T5821] usb 1-1: can't read configurations, error -22 [ 74.917803][ T5821] usb usb1-port1: attempt power cycle [ 74.956678][ T977] usb 5-1: device descriptor read/64, error -71 [ 75.077500][ T977] usb usb5-port1: attempt power cycle [ 75.257313][ T5821] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 75.287370][ T5821] usb 1-1: Using ep0 maxpacket: 8 [ 75.306010][ T5821] usb 1-1: no configurations [ 75.311855][ T5821] usb 1-1: can't read configurations, error -22 [ 75.487610][ T5821] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 75.599068][ T5821] usb 1-1: Using ep0 maxpacket: 8 [ 75.719374][ T5821] usb 1-1: no configurations [ 75.726612][ T5821] usb 1-1: can't read configurations, error -22 [ 75.912184][ T5821] usb usb1-port1: unable to enumerate USB device [ 75.986693][ T30] audit: type=1400 audit(1741841857.393:234): avc: denied { getopt } for pid=6086 comm="syz.1.49" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 76.051707][ T30] audit: type=1400 audit(1741841857.393:235): avc: denied { name_connect } for pid=6086 comm="syz.1.49" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 76.114797][ T30] audit: type=1400 audit(2000000000.000:236): avc: denied { name_bind } for pid=6088 comm="syz.3.50" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 76.198325][ T6089] nvme_fabrics: missing parameter 'transport=%s' [ 76.220508][ T6089] nvme_fabrics: missing parameter 'nqn=%s' [ 76.229248][ T46] cfg80211: failed to load regulatory.db [ 76.236366][ T30] audit: type=1400 audit(2000000000.000:237): avc: denied { node_bind } for pid=6088 comm="syz.3.50" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 76.263185][ T30] audit: type=1400 audit(2000000000.040:238): avc: denied { accept } for pid=6086 comm="syz.1.49" lport=38278 faddr=::ffff:172.20.255.187 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 76.498506][ T6097] smc: net device ip6_vti0 applied user defined pnetid SYZ0 [ 76.761956][ T6097] smc: ib device syz0 ibport 1 applied user defined pnetid SYZ0 [ 76.915984][ T6102] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 77.717007][ T6102] infiniband syz2: set active [ 77.721699][ T6102] infiniband syz2: added veth1_vlan [ 77.747190][ T6102] RDS/IB: syz2: added [ 77.751541][ T6102] smc: adding ib device syz2 with port count 1 [ 77.757832][ T6102] smc: ib device syz2 port 1 has pnetid [ 78.934292][ T6117] 8021q: adding VLAN 0 to HW filter on device bond1 [ 79.653560][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 79.653575][ T30] audit: type=1400 audit(2000000003.170:246): avc: denied { setopt } for pid=6120 comm="syz.3.57" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 79.684987][ T30] audit: type=1400 audit(2000000003.170:247): avc: denied { read } for pid=6120 comm="syz.3.57" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 79.931342][ T30] audit: type=1400 audit(2000000003.930:248): avc: denied { audit_read } for pid=6124 comm="syz.2.59" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 79.952181][ C0] vkms_vblank_simulate: vblank timer overrun [ 79.968135][ T6125] block device autoloading is deprecated and will be removed. [ 79.976725][ T6125] syz.2.59: attempt to access beyond end of device [ 79.976725][ T6125] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 80.299616][ T30] audit: type=1400 audit(2000000004.290:249): avc: denied { create } for pid=6128 comm="syz.3.61" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 80.386444][ T30] audit: type=1400 audit(2000000004.290:250): avc: denied { read } for pid=6128 comm="syz.3.61" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 80.469084][ T30] audit: type=1400 audit(2000000004.290:251): avc: denied { open } for pid=6128 comm="syz.3.61" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 80.644425][ T30] audit: type=1400 audit(2000000004.290:252): avc: denied { ioctl } for pid=6128 comm="syz.3.61" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 80.668818][ C0] vkms_vblank_simulate: vblank timer overrun [ 81.631665][ T6134] ALSA: mixer_oss: invalid OSS volume 'VOLUM' [ 81.688411][ T30] audit: type=1400 audit(2000000004.820:253): avc: denied { read } for pid=6134 comm="syz.4.63" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 82.296828][ T6146] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 82.690084][ T30] audit: type=1400 audit(2000000004.820:254): avc: denied { open } for pid=6134 comm="syz.4.63" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 82.690121][ T30] audit: type=1400 audit(2000000004.820:255): avc: denied { ioctl } for pid=6134 comm="syz.4.63" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 82.917054][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.999644][ C0] vkms_vblank_simulate: vblank timer overrun [ 84.661654][ T6151] ALSA: mixer_oss: invalid OSS volume 'VOLUM' [ 84.831858][ T6164] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60945 sclass=netlink_route_socket pid=6164 comm=syz.4.69 [ 84.937692][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 84.937707][ T30] audit: type=1400 audit(2000000008.940:258): avc: denied { mounton } for pid=6162 comm="syz.4.69" path="/proc/44/task" dev="proc" ino=9216 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 84.965918][ C0] vkms_vblank_simulate: vblank timer overrun [ 85.123727][ T6170] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 85.586784][ T977] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 86.316959][ T977] usb 1-1: Using ep0 maxpacket: 16 [ 86.399782][ T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 86.412640][ T6178] syz.2.72: attempt to access beyond end of device [ 86.412640][ T6178] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 86.431835][ T977] usb 1-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00 [ 86.492039][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.671385][ T6184] ptrace attach of "./syz-executor exec"[5823] was attempted by " [ 86.690357][ T977] usb 1-1: config 0 descriptor?? [ 86.781372][ C0] vkms_vblank_simulate: vblank timer overrun [ 86.840935][ T6181] syz.4.73: attempt to access beyond end of device [ 86.840935][ T6181] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 87.070188][ T6191] process 'syz.4.76' launched './file0' with NULL argv: empty string added [ 87.189869][ T5928] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 87.214286][ T30] audit: type=1400 audit(2000000011.200:259): avc: denied { execute_no_trans } for pid=6187 comm="syz.4.76" path="/13/file0" dev="tmpfs" ino=88 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 87.419087][ T30] audit: type=1400 audit(2000000011.390:260): avc: denied { read } for pid=6189 comm="syz.3.77" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 87.455392][ T30] audit: type=1400 audit(2000000011.390:261): avc: denied { open } for pid=6189 comm="syz.3.77" path="/14/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 87.489789][ T30] audit: type=1400 audit(2000000011.390:262): avc: denied { ioctl } for pid=6189 comm="syz.3.77" path="/14/file0/file0" dev="fuse" ino=0 ioctlcmd=0x70c8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 87.546630][ T5928] usb 2-1: Using ep0 maxpacket: 16 [ 87.585126][ T5928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.618700][ T5928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.629105][ T6199] FAULT_INJECTION: forcing a failure. [ 87.629105][ T6199] name failslab, interval 1, probability 0, space 0, times 1 [ 87.642014][ T6199] CPU: 1 UID: 0 PID: 6199 Comm: syz.4.80 Not tainted 6.14.0-rc6-syzkaller-00016-g0fed89a961ea #0 [ 87.642031][ T6199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 87.642039][ T6199] Call Trace: [ 87.642042][ T6199] [ 87.642047][ T6199] dump_stack_lvl+0x16c/0x1f0 [ 87.642070][ T6199] should_fail_ex+0x50a/0x650 [ 87.642095][ T6199] should_failslab+0xc2/0x120 [ 87.642112][ T6199] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 87.642127][ T6199] ? trace_lock_acquire+0x14e/0x1f0 [ 87.642145][ T6199] ? skb_clone+0x190/0x3f0 [ 87.642163][ T6199] skb_clone+0x190/0x3f0 [ 87.642180][ T6199] dev_queue_xmit_nit+0x38f/0xbc0 [ 87.642209][ T6199] ? netif_skb_features+0x3b0/0xd50 [ 87.642235][ T6199] dev_hard_start_xmit+0x283/0x7b0 [ 87.642261][ T6199] __dev_queue_xmit+0x7f0/0x43e0 [ 87.642295][ T6199] ? __pfx___dev_queue_xmit+0x10/0x10 [ 87.642337][ T6199] ? __asan_memcpy+0x3c/0x60 [ 87.642367][ T6199] ? __asan_memcpy+0x3c/0x60 [ 87.642392][ T6199] ? __skb_clone+0x570/0x760 [ 87.642424][ T6199] netlink_deliver_tap+0xa87/0xd30 [ 87.642453][ T6199] netlink_unicast+0x5e1/0x7f0 [ 87.642482][ T6199] ? __pfx_netlink_unicast+0x10/0x10 [ 87.642511][ T6199] netlink_sendmsg+0x8b8/0xd70 [ 87.642538][ T6199] ? __pfx_netlink_sendmsg+0x10/0x10 [ 87.642566][ T6199] ____sys_sendmsg+0xaaf/0xc90 [ 87.642584][ T6199] ? copy_msghdr_from_user+0x10b/0x160 [ 87.642607][ T6199] ? __pfx_____sys_sendmsg+0x10/0x10 [ 87.642637][ T6199] ___sys_sendmsg+0x135/0x1e0 [ 87.642661][ T6199] ? __pfx____sys_sendmsg+0x10/0x10 [ 87.642694][ T6199] ? __pfx_lock_release+0x10/0x10 [ 87.642714][ T6199] ? trace_lock_acquire+0x14e/0x1f0 [ 87.642736][ T6199] ? __fget_files+0x206/0x3a0 [ 87.642759][ T6199] __sys_sendmsg+0x16e/0x220 [ 87.642780][ T6199] ? __pfx___sys_sendmsg+0x10/0x10 [ 87.642814][ T6199] do_syscall_64+0xcd/0x250 [ 87.642836][ T6199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.642856][ T6199] RIP: 0033:0x7fc32238d169 [ 87.642868][ T6199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.642881][ T6199] RSP: 002b:00007fc323201038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 87.642896][ T6199] RAX: ffffffffffffffda RBX: 00007fc3225a5fa0 RCX: 00007fc32238d169 [ 87.642906][ T6199] RDX: 0000000020040000 RSI: 0000400000000000 RDI: 0000000000000003 [ 87.642914][ T6199] RBP: 00007fc323201090 R08: 0000000000000000 R09: 0000000000000000 [ 87.642923][ T6199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 87.642932][ T6199] R13: 0000000000000000 R14: 00007fc3225a5fa0 R15: 00007fffef6cb608 [ 87.642954][ T6199] [ 87.918352][ T977] pantherlord 0003:0E8F:0003.0002: item fetching failed at offset 3/5 [ 87.927161][ T977] pantherlord 0003:0E8F:0003.0002: parse failed [ 87.933795][ T977] pantherlord 0003:0E8F:0003.0002: probe with driver pantherlord failed with error -22 [ 87.976715][ T30] audit: type=1400 audit(2000000011.950:263): avc: denied { getopt } for pid=6195 comm="syz.2.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 88.010974][ T5928] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 88.024825][ T5928] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 88.054766][ T6200] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 88.091498][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.095940][ T3522] Bluetooth: hci5: Frame reassembly failed (-84) [ 88.102544][ T5928] usb 2-1: config 0 descriptor?? [ 88.118607][ T30] audit: type=1400 audit(2000000012.040:264): avc: denied { setopt } for pid=6208 comm="syz.3.81" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 88.138409][ T30] audit: type=1400 audit(2000000012.040:265): avc: denied { read } for pid=6208 comm="syz.3.81" name="sg0" dev="devtmpfs" ino=717 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 88.162032][ T30] audit: type=1400 audit(2000000012.040:266): avc: denied { open } for pid=6208 comm="syz.3.81" path="/dev/sg0" dev="devtmpfs" ino=717 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 88.189080][ T30] audit: type=1400 audit(2000000012.040:267): avc: denied { ioctl } for pid=6208 comm="syz.3.81" path="/dev/sg0" dev="devtmpfs" ino=717 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 88.597111][ T6213] rdma_rxe: rxe_newlink: failed to add ip6tnl0 [ 89.068610][ T5928] HID 045e:07da: Invalid code 65791 type 1 [ 89.077901][ T5928] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0003/input/input6 [ 89.091153][ T5928] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 89.158691][ T5866] usb 1-1: USB disconnect, device number 7 [ 89.880546][ T977] usb 2-1: USB disconnect, device number 2 [ 90.146829][ T5827] Bluetooth: hci5: command 0x1003 tx timeout [ 90.150135][ T54] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 90.270616][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 90.270631][ T30] audit: type=1400 audit(2000000014.270:269): avc: denied { bind } for pid=6231 comm="syz.0.87" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 90.438291][ T54] Bluetooth: hci4: unexpected event 0x03 length: 17 > 11 [ 90.450894][ T6230] binder: 6229:6230 ioctl c0306201 400000000000 returned -22 [ 90.475175][ T30] audit: type=1400 audit(2000000014.450:270): avc: denied { getopt } for pid=6229 comm="syz.4.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 90.532332][ T6238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.89'. [ 90.646671][ T30] audit: type=1400 audit(2000000014.550:271): avc: denied { listen } for pid=6234 comm="syz.0.88" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 90.753117][ T30] audit: type=1400 audit(2000000014.570:272): avc: denied { create } for pid=6237 comm="syz.1.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 90.866818][ T30] audit: type=1400 audit(2000000014.570:273): avc: denied { getopt } for pid=6237 comm="syz.1.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 90.886397][ T30] audit: type=1400 audit(2000000014.570:274): avc: denied { create } for pid=6237 comm="syz.1.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 90.905865][ T30] audit: type=1326 audit(2000000014.740:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.4.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32238d169 code=0x7ffc0000 [ 90.957127][ T30] audit: type=1326 audit(2000000014.740:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.4.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32238d169 code=0x7ffc0000 [ 90.981510][ T30] audit: type=1326 audit(2000000014.750:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.4.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc32238d169 code=0x7ffc0000 [ 91.006115][ T30] audit: type=1326 audit(2000000014.750:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6240 comm="syz.4.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc32238d169 code=0x7ffc0000 [ 91.066684][ T977] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 91.216660][ T977] usb 5-1: Using ep0 maxpacket: 32 [ 91.228380][ T977] usb 5-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 91.237850][ T977] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.258766][ T977] usb 5-1: config 0 descriptor?? [ 91.266275][ T977] gspca_main: sq930x-2.14.0 probing 041e:403c [ 91.284659][ T6254] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 91.699679][ T6262] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 92.118366][ T6271] block nbd3: not configured, cannot reconfigure [ 92.329871][ T6277] syz.4.92 uses obsolete (PF_INET,SOCK_PACKET) [ 92.550966][ T6281] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_1, syncid = 3, id = 0 [ 92.677808][ T977] gspca_sq930x: ucbus_write failed -110 [ 92.684333][ T977] sq930x 5-1:0.0: probe with driver sq930x failed with error -110 [ 92.741133][ T6285] netlink: 8 bytes leftover after parsing attributes in process `syz.0.100'. [ 92.846398][ T977] usb 5-1: USB disconnect, device number 5 [ 93.211729][ T6296] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 94.163031][ T977] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 94.346595][ T977] usb 3-1: Using ep0 maxpacket: 8 [ 94.361972][ T977] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 94.378685][ T977] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 94.407940][ T977] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 94.439396][ T977] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 94.475391][ T977] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 94.503418][ T977] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.539113][ T977] hub 3-1:1.0: bad descriptor, ignoring hub [ 94.561666][ T977] hub 3-1:1.0: probe with driver hub failed with error -5 [ 94.592539][ T977] cdc_wdm 3-1:1.0: skipping garbage [ 94.613412][ T6317] sctp: [Deprecated]: syz.0.109 (pid 6317) Use of int in max_burst socket option. [ 94.613412][ T6317] Use struct sctp_assoc_value instead [ 94.615491][ T977] cdc_wdm 3-1:1.0: skipping garbage [ 94.669830][ T977] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 94.682227][ T977] cdc_wdm 3-1:1.0: Unknown control protocol [ 94.926850][ T977] usb 3-1: USB disconnect, device number 4 [ 95.314370][ T30] kauditd_printk_skb: 101 callbacks suppressed [ 95.314410][ T30] audit: type=1326 audit(2000000019.310:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6327 comm="syz.3.112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93fd8d169 code=0x7fc00000 [ 95.542694][ T977] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 95.620088][ T30] audit: type=1326 audit(2000000019.320:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6327 comm="syz.3.112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd93fd8d169 code=0x7fc00000 [ 95.695188][ T6337] audit: audit_backlog=65 > audit_backlog_limit=64 [ 95.712081][ T6337] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 95.719788][ T977] usb 3-1: Using ep0 maxpacket: 8 [ 95.724539][ T977] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 95.725898][ T30] audit: type=1326 audit(2000000019.320:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6327 comm="syz.3.112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93fd8d169 code=0x7fc00000 [ 95.745569][ T977] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 95.772129][ T977] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 95.786427][ T977] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 95.799160][ T6337] audit: backlog limit exceeded [ 95.807652][ T977] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 95.826663][ T977] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.826830][ T5866] IPVS: starting estimator thread 0... [ 95.858078][ T6342] netlink: 'syz.0.114': attribute type 2 has an invalid length. [ 95.869053][ T30] audit: type=1326 audit(2000000019.320:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6327 comm="syz.3.112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93fd8d169 code=0x7fc00000 [ 95.917131][ T6342] netlink: 'syz.0.114': attribute type 1 has an invalid length. [ 95.935894][ T977] hub 3-1:1.0: bad descriptor, ignoring hub [ 95.943540][ T30] audit: type=1326 audit(2000000019.320:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6327 comm="syz.3.112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93fd8d169 code=0x7fc00000 [ 95.968183][ T6345] IPVS: using max 55 ests per chain, 132000 per kthread [ 95.997563][ T977] hub 3-1:1.0: probe with driver hub failed with error -5 [ 96.005189][ T30] audit: type=1326 audit(2000000019.320:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6327 comm="syz.3.112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93fd8d169 code=0x7fc00000 [ 96.028684][ T46] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 96.048681][ T977] cdc_wdm 3-1:1.0: skipping garbage [ 96.054005][ T977] cdc_wdm 3-1:1.0: skipping garbage [ 96.057094][ T30] audit: type=1326 audit(2000000019.320:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6327 comm="syz.3.112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd93fd8d169 code=0x7fc00000 [ 96.085442][ T977] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 96.103659][ T977] cdc_wdm 3-1:1.0: Unknown control protocol [ 96.135955][ T6306] netlink: 'syz.2.105': attribute type 10 has an invalid length. [ 96.197988][ T46] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 96.208643][ T46] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 96.219285][ T46] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 96.252348][ T46] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 96.263277][ T5866] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 96.271647][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.286650][ T46] usb 5-1: Product: syz [ 96.290959][ T46] usb 5-1: Manufacturer: syz [ 96.300223][ T46] usb 5-1: SerialNumber: syz [ 96.437103][ T5866] usb 4-1: Using ep0 maxpacket: 32 [ 96.444492][ T5866] usb 4-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6 [ 96.454964][ T5866] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.482229][ T5866] usb 4-1: config 0 descriptor?? [ 96.520938][ T5866] usb 4-1: dvb_usb_v2: found a 'Anysee' in warm state [ 96.529487][ T46] usblp 5-1:1.0: usblp1: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 96.546986][ T5866] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 96.554543][ T5866] dvb_usb_anysee 4-1:0.0: probe with driver dvb_usb_anysee failed with error -22 [ 96.731894][ T6348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 96.747287][ T6348] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 96.767612][ T46] usb 4-1: USB disconnect, device number 2 [ 96.934722][ T6358] team0: entered promiscuous mode [ 96.940384][ T6358] team_slave_0: entered promiscuous mode [ 96.947158][ T6358] team_slave_1: entered promiscuous mode [ 96.972812][ T6358] netlink: 8 bytes leftover after parsing attributes in process `syz.0.120'. [ 96.988500][ T6358] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 97.039889][ T6357] team0: left promiscuous mode [ 97.046873][ T6357] team_slave_0: left promiscuous mode [ 97.062228][ T6357] team_slave_1: left promiscuous mode [ 97.281628][ T6360] netlink: 16 bytes leftover after parsing attributes in process `syz.0.121'. [ 97.476806][ T46] usb 3-1: USB disconnect, device number 5 [ 97.776670][ T5866] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 97.832912][ T46] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 97.917709][ T5866] usb 4-1: device descriptor read/64, error -71 [ 98.051363][ T46] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 64 [ 98.094183][ T46] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 98.176967][ T5866] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 98.199731][ T46] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 98.243743][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.368578][ T5866] usb 4-1: device descriptor read/64, error -71 [ 98.528703][ T5866] usb usb4-port1: attempt power cycle [ 98.649265][ T46] usb 3-1: GET_CAPABILITIES returned 0 [ 98.676027][ T6333] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 98.713222][ T46] usbtmc 3-1:16.0: can't read capabilities [ 98.853189][ T6369] FAULT_INJECTION: forcing a failure. [ 98.853189][ T6369] name failslab, interval 1, probability 0, space 0, times 0 [ 98.883946][ T6382] ipt_REJECT: ECHOREPLY no longer supported. [ 98.885163][ T46] usb 5-1: USB disconnect, device number 6 [ 98.903112][ T6369] CPU: 1 UID: 0 PID: 6369 Comm: syz.2.123 Not tainted 6.14.0-rc6-syzkaller-00016-g0fed89a961ea #0 [ 98.903130][ T6369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 98.903141][ T6369] Call Trace: [ 98.903145][ T6369] [ 98.903151][ T6369] dump_stack_lvl+0x16c/0x1f0 [ 98.903175][ T6369] should_fail_ex+0x50a/0x650 [ 98.903196][ T6369] ? fs_reclaim_acquire+0xae/0x150 [ 98.903220][ T6369] ? tomoyo_realpath_from_path+0xb9/0x720 [ 98.903242][ T6369] should_failslab+0xc2/0x120 [ 98.903269][ T6369] __kmalloc_noprof+0xcb/0x510 [ 98.903284][ T6369] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 98.903309][ T6369] tomoyo_realpath_from_path+0xb9/0x720 [ 98.903330][ T6369] ? tomoyo_path_number_perm+0x235/0x590 [ 98.903348][ T6369] ? tomoyo_path_number_perm+0x235/0x590 [ 98.903364][ T6369] tomoyo_path_number_perm+0x248/0x590 [ 98.903378][ T6369] ? tomoyo_path_number_perm+0x235/0x590 [ 98.903395][ T6369] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 98.903425][ T6369] ? __pfx_lock_release+0x10/0x10 [ 98.903441][ T6369] ? trace_lock_acquire+0x14e/0x1f0 [ 98.903457][ T6369] ? lock_acquire+0x2f/0xb0 [ 98.903472][ T6369] ? __fget_files+0x40/0x3a0 [ 98.903487][ T6369] ? __fget_files+0x206/0x3a0 [ 98.903501][ T6369] security_file_ioctl+0x9b/0x240 [ 98.903520][ T6369] __x64_sys_ioctl+0xb7/0x200 [ 98.903543][ T6369] do_syscall_64+0xcd/0x250 [ 98.903564][ T6369] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.903582][ T6369] RIP: 0033:0x7fae4cf8d169 [ 98.903593][ T6369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.903606][ T6369] RSP: 002b:00007fae4dda5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 98.903621][ T6369] RAX: ffffffffffffffda RBX: 00007fae4d1a5fa0 RCX: 00007fae4cf8d169 [ 98.903631][ T6369] RDX: 0000400000000080 RSI: 00000000c0145b0d RDI: 0000000000000004 [ 98.903640][ T6369] RBP: 00007fae4dda5090 R08: 0000000000000000 R09: 0000000000000000 [ 98.903648][ T6369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.903656][ T6369] R13: 0000000000000000 R14: 00007fae4d1a5fa0 R15: 00007ffeaf96feb8 [ 98.903677][ T6369] [ 98.903741][ T6369] ERROR: Out of memory at tomoyo_realpath_from_path. [ 99.168128][ T5866] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 99.208333][ T5866] usb 4-1: device descriptor read/8, error -71 [ 99.228556][ T46] usblp1: removed [ 99.320608][ T5869] usb 3-1: USB disconnect, device number 6 [ 99.668056][ T5866] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 99.675618][ T5868] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 99.722570][ T5866] usb 4-1: device descriptor read/8, error -71 [ 99.817015][ T46] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 99.850169][ T5866] usb usb4-port1: unable to enumerate USB device [ 99.861003][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.996791][ T5868] usb 2-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00 [ 100.036694][ T46] usb 5-1: Using ep0 maxpacket: 32 [ 100.081968][ T46] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 100.103628][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.152874][ T46] usb 5-1: config 0 has no interface number 0 [ 100.161022][ T46] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 100.173148][ T5868] usb 2-1: config 0 descriptor?? [ 100.182697][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.206091][ T46] usb 5-1: Product: syz [ 100.210990][ T46] usb 5-1: Manufacturer: syz [ 100.215629][ T46] usb 5-1: SerialNumber: syz [ 100.246684][ T46] usb 5-1: config 0 descriptor?? [ 100.266891][ T46] smsc95xx v2.0.0 [ 100.498353][ T30] kauditd_printk_skb: 67 callbacks suppressed [ 100.498385][ T30] audit: type=1400 audit(2000000024.490:454): avc: denied { write } for pid=6395 comm="syz.0.132" name="igmp" dev="proc" ino=4026533136 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 100.786258][ T6402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.813659][ T6402] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.836434][ T6382] team0 (unregistering): Port device team_slave_0 removed [ 100.880488][ T30] audit: type=1400 audit(2000000024.860:455): avc: denied { rename } for pid=5179 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 101.338097][ T30] audit: type=1400 audit(2000000024.860:456): avc: denied { unlink } for pid=5179 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 101.348449][ T6382] team0 (unregistering): Port device team_slave_1 removed [ 101.360673][ T30] audit: type=1400 audit(2000000024.860:457): avc: denied { create } for pid=5179 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 101.396889][ T5869] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 101.529355][ T6404] veth0_to_bond: entered promiscuous mode [ 101.559508][ T30] audit: type=1400 audit(2000000024.990:458): avc: denied { setopt } for pid=6386 comm="syz.4.129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 101.636632][ T30] audit: type=1400 audit(2000000025.630:459): avc: denied { mount } for pid=6395 comm="syz.0.132" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 102.056948][ T5928] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 102.076651][ T5869] usb 4-1: Using ep0 maxpacket: 8 [ 102.083024][ T5869] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 102.093172][ T5869] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 102.105161][ T5869] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 102.121746][ T5868] usbhid 2-1:0.0: can't add hid device: -71 [ 102.123558][ T5869] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 102.143021][ T5868] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 102.146606][ T5869] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 102.155222][ T5868] usb 2-1: USB disconnect, device number 3 [ 102.178342][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.193791][ T5869] hub 4-1:1.0: bad descriptor, ignoring hub [ 102.200754][ T5869] hub 4-1:1.0: probe with driver hub failed with error -5 [ 102.213951][ T5869] cdc_wdm 4-1:1.0: skipping garbage [ 102.219617][ T5869] cdc_wdm 4-1:1.0: skipping garbage [ 102.236403][ T5869] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 102.236609][ T5928] usb 3-1: Using ep0 maxpacket: 32 [ 102.245506][ T5869] cdc_wdm 4-1:1.0: Unknown control protocol [ 102.268201][ T5928] usb 3-1: config 0 has an invalid interface number: 145 but max is 1 [ 102.280813][ T6413] netlink: 'syz.0.135': attribute type 10 has an invalid length. [ 102.288842][ T5928] usb 3-1: config 0 has an invalid interface number: 43 but max is 1 [ 102.298690][ T5928] usb 3-1: config 0 has no interface number 0 [ 102.304932][ T5928] usb 3-1: config 0 has no interface number 1 [ 102.311727][ T5928] usb 3-1: config 0 interface 43 altsetting 250 bulk endpoint 0xF has invalid maxpacket 1023 [ 102.318665][ T6413] batman_adv: batadv0: Adding interface: wlan1 [ 102.322072][ T5928] usb 3-1: config 0 interface 43 altsetting 250 has a duplicate endpoint with address 0x2, skipping [ 102.330892][ T6413] batman_adv: batadv0: The MTU of interface wlan1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.339630][ T5928] usb 3-1: config 0 interface 43 altsetting 250 has an endpoint descriptor with address 0xCE, changing to 0x8E [ 102.365076][ T6413] batman_adv: batadv0: Not using interface wlan1 (retrying later): interface not active [ 102.388707][ T5928] usb 3-1: config 0 interface 43 altsetting 250 endpoint 0x8E has an invalid bInterval 180, changing to 11 [ 102.400691][ T5928] usb 3-1: config 0 interface 43 altsetting 250 endpoint 0x8E has invalid maxpacket 16902, setting to 1024 [ 102.412480][ T5928] usb 3-1: config 0 interface 43 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 102.425978][ T5928] usb 3-1: config 0 interface 145 has no altsetting 0 [ 102.433508][ T5928] usb 3-1: config 0 interface 43 has no altsetting 0 [ 102.442891][ T5928] usb 3-1: New USB device found, idVendor=06cd, idProduct=0104, bcdDevice=c8.6a [ 102.452265][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.460531][ T5928] usb 3-1: Product: syz [ 102.464903][ T5928] usb 3-1: Manufacturer: syz [ 102.469635][ T5928] usb 3-1: SerialNumber: syz [ 102.474803][ T30] audit: type=1400 audit(2000000026.470:460): avc: denied { listen } for pid=6414 comm="syz.0.136" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 102.497235][ T5928] usb 3-1: config 0 descriptor?? [ 102.558789][ T30] audit: type=1326 audit(2000000026.560:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6414 comm="syz.0.136" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feae5b8d169 code=0x0 [ 102.568570][ T6404] veth0_to_bond: left promiscuous mode [ 102.620441][ T46] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 102.637857][ T46] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 102.647225][ T977] usb 4-1: USB disconnect, device number 7 [ 102.648764][ T46] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 102.677508][ T46] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 102.750381][ T46] usb 5-1: USB disconnect, device number 7 [ 102.856351][ T30] audit: type=1400 audit(2000000026.850:462): avc: denied { read append } for pid=6423 comm="syz.4.139" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 102.881362][ T30] audit: type=1400 audit(2000000026.850:463): avc: denied { open } for pid=6423 comm="syz.4.139" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 103.026719][ T977] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 103.038212][ T5821] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 103.196695][ T5821] usb 4-1: Using ep0 maxpacket: 8 [ 103.204840][ T5821] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 103.223196][ T5821] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 103.233001][ T5821] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 103.247126][ T5821] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 103.259536][ T5821] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 103.272898][ T5821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.364876][ T6436] binder: 6433:6436 ioctl 4018620d 0 returned -22 [ 103.400080][ T5821] hub 4-1:1.0: bad descriptor, ignoring hub [ 103.445867][ T5821] hub 4-1:1.0: probe with driver hub failed with error -5 [ 103.688132][ T6399] netlink: 'syz.3.133': attribute type 10 has an invalid length. [ 103.690975][ T977] usb 2-1: device descriptor read/64, error -71 [ 103.704549][ T5821] cdc_wdm 4-1:1.0: skipping garbage [ 103.719768][ T5821] cdc_wdm 4-1:1.0: skipping garbage [ 103.728302][ T5821] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 103.734364][ T5821] cdc_wdm 4-1:1.0: Unknown control protocol [ 103.941475][ T977] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 104.187257][ T977] usb 2-1: device descriptor read/64, error -71 [ 104.300695][ T977] usb usb2-port1: attempt power cycle [ 104.325210][ T5928] keyspan_pda 3-1:0.145: required endpoints missing [ 104.349644][ T5928] keyspan_pda 3-1:0.43: Keyspan PDA converter detected [ 104.375716][ T5928] usb 3-1: Keyspan PDA converter now attached to ttyUSB0 [ 104.377744][ T5869] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 104.393988][ T5928] usb 3-1: USB disconnect, device number 7 [ 104.438679][ T5928] keyspan_pda ttyUSB0: Keyspan PDA converter now disconnected from ttyUSB0 [ 104.463630][ T5928] keyspan_pda 3-1:0.43: device disconnected [ 104.566611][ T5869] usb 1-1: Using ep0 maxpacket: 8 [ 104.577431][ T5869] usb 1-1: config 1 has an invalid interface number: 128 but max is 1 [ 104.610123][ T5869] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 104.630493][ T5869] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 104.668324][ T5869] usb 1-1: config 1 has no interface number 0 [ 104.674424][ T5869] usb 1-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.692032][ T977] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 104.741925][ T5869] usb 1-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.759220][ T977] usb 2-1: device descriptor read/8, error -71 [ 104.773957][ T5869] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 104.791936][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.815739][ T5869] usb 1-1: Product: syz [ 104.827604][ T5869] usb 1-1: Manufacturer: syz [ 104.841391][ T5869] usb 1-1: SerialNumber: syz [ 104.868488][ T5821] usb 4-1: USB disconnect, device number 8 [ 104.871723][ T5869] cdc_wdm 1-1:1.128: skipping garbage [ 104.986094][ T5869] cdc_wdm 1-1:1.128: cdc-wdm0: USB WDM device [ 105.001396][ T5869] cdc_wdm 1-1:1.128: Unknown control protocol [ 105.007601][ T977] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 105.048147][ T977] usb 2-1: device descriptor read/8, error -71 [ 105.582041][ T5928] usb 1-1: USB disconnect, device number 8 [ 105.686863][ T977] usb usb2-port1: unable to enumerate USB device [ 106.714600][ T5827] Bluetooth: hci4: command 0x0405 tx timeout [ 106.872188][ T6474] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 106.962203][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 106.962213][ T30] audit: type=1400 audit(2000000030.950:473): avc: denied { shutdown } for pid=6471 comm="syz.0.153" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 107.618673][ T30] audit: type=1400 audit(2000000031.620:474): avc: denied { mount } for pid=6473 comm="syz.3.152" name="/" dev="configfs" ino=1171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 107.674133][ T30] audit: type=1400 audit(2000000031.660:475): avc: denied { execute } for pid=6485 comm="syz.0.156" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=11079 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 107.700198][ C0] vkms_vblank_simulate: vblank timer overrun [ 107.937353][ T30] audit: type=1400 audit(2000000031.930:476): avc: denied { ioctl } for pid=6485 comm="syz.0.156" path="socket:[11086]" dev="sockfs" ino=11086 ioctlcmd=0x89ef scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 108.540745][ T6496] ip6erspan0: entered promiscuous mode [ 108.743554][ T30] audit: type=1400 audit(2000000032.540:477): avc: denied { setopt } for pid=6497 comm="syz.2.160" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 108.879358][ T30] audit: type=1400 audit(2000000032.730:478): avc: denied { map } for pid=6497 comm="syz.2.160" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 108.902744][ C0] vkms_vblank_simulate: vblank timer overrun [ 108.922732][ T30] audit: type=1400 audit(2000000032.730:479): avc: denied { write execute } for pid=6497 comm="syz.2.160" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 110.173563][ T6516] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 110.282978][ T6517] netlink: 128 bytes leftover after parsing attributes in process `syz.4.164'. [ 111.169408][ T30] audit: type=1400 audit(2000000035.170:480): avc: denied { create } for pid=6523 comm="syz.0.166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 111.586078][ T30] audit: type=1400 audit(2000000035.580:481): avc: denied { getopt } for pid=6531 comm="syz.1.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 111.662568][ T30] audit: type=1400 audit(2000000035.620:482): avc: denied { watch watch_reads } for pid=6531 comm="syz.1.169" path="/25" dev="tmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 111.907987][ T5821] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 112.031497][ T6537] netlink: 256 bytes leftover after parsing attributes in process `syz.1.170'. [ 112.042219][ T30] audit: type=1400 audit(2000000036.020:483): avc: denied { open } for pid=6534 comm="syz.1.170" path="/dev/ttyq6" dev="devtmpfs" ino=381 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 112.525130][ T5821] usb 4-1: Using ep0 maxpacket: 8 [ 112.541225][ T5821] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 112.554710][ T5821] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 112.572747][ T5821] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 112.585146][ T5821] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024 [ 112.725165][ T5821] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 112.737396][ T5821] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 112.761937][ T5821] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 112.771395][ T6542] netlink: 216 bytes leftover after parsing attributes in process `syz.1.172'. [ 113.297316][ T6542] netlink: 24 bytes leftover after parsing attributes in process `syz.1.172'. [ 113.312262][ T6542] netlink: 16 bytes leftover after parsing attributes in process `syz.1.172'. [ 113.367943][ T30] audit: type=1400 audit(2000000036.840:484): avc: denied { nlmsg_read } for pid=6538 comm="syz.0.171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 113.390434][ T5821] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.398575][ T5821] usb 4-1: Product: syz [ 113.403172][ T5821] usb 4-1: Manufacturer: syz [ 113.408557][ T5821] usb 4-1: SerialNumber: syz [ 113.419517][ T5821] usb 4-1: config 0 descriptor?? [ 113.426366][ T6533] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 113.707650][ T5868] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 113.729369][ T6552] netlink: 12 bytes leftover after parsing attributes in process `syz.0.175'. [ 113.858029][ T5868] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 113.868350][ T5868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.884688][ T5868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.899301][ T5868] usb 3-1: New USB device found, idVendor=044f, idProduct=b65a, bcdDevice= 0.00 [ 113.909050][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.922063][ T5868] usb 3-1: config 0 descriptor?? [ 114.362394][ T5868] thrustmaster 0003:044F:B65A.0004: item fetching failed at offset 5/7 [ 114.379718][ T5868] thrustmaster 0003:044F:B65A.0004: parse failed [ 114.397716][ T5868] thrustmaster 0003:044F:B65A.0004: probe with driver thrustmaster failed with error -22 [ 114.561525][ T6547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.573565][ T6547] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.757567][ T5868] usb 3-1: USB disconnect, device number 8 [ 115.653257][ T6569] netlink: 8 bytes leftover after parsing attributes in process `syz.4.179'. [ 115.734031][ T6569] netlink: 12 bytes leftover after parsing attributes in process `syz.4.179'. [ 115.746614][ T5821] rc_core: IR keymap rc-snapstream-firefly not found [ 115.840505][ T5821] Registered IR keymap rc-empty [ 115.931752][ T977] IPVS: starting estimator thread 0... [ 115.952425][ T30] audit: type=1400 audit(2000000039.930:485): avc: denied { name_bind } for pid=6574 comm="syz.2.181" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 115.975535][ T5821] rc rc0: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 115.987933][ T6573] ptrace attach of "./syz-executor exec"[5819] was attempted by " [ 115.994802][ T5821] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input7 [ 116.161044][ T30] audit: type=1400 audit(2000000040.160:486): avc: denied { create } for pid=6578 comm="syz.3.182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 116.274484][ T6584] netlink: 4 bytes leftover after parsing attributes in process `syz.1.183'. [ 116.284773][ T6576] IPVS: using max 37 ests per chain, 88800 per kthread [ 116.759908][ T5821] input: syz syz mouse as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input8 [ 116.778627][ T5821] usb 4-1: USB disconnect, device number 9 [ 116.784491][ C1] ati_remote 4-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19 [ 116.954599][ T6589] dccp_invalid_packet: P.type (CLOSEREQ) not Data || [Data]Ack, while P.X == 0 [ 117.020175][ T6594] syz.3.182: attempt to access beyond end of device [ 117.020175][ T6594] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 117.034188][ T5893] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 117.041968][ T6594] SQUASHFS error: Failed to read block 0x0: -5 [ 117.048243][ T6594] unable to read squashfs_super_block [ 117.125329][ T30] audit: type=1400 audit(2000000041.120:487): avc: denied { read } for pid=6595 comm="syz.4.188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 117.148462][ T6598] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=6598 comm=syz.4.188 [ 117.320315][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.336664][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.894316][ T5893] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 118.012658][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.026865][ T5869] usb 5-1: new low-speed USB device number 8 using dummy_hcd [ 118.061269][ T5893] usb 2-1: config 0 descriptor?? [ 118.072691][ T30] audit: type=1400 audit(2000000042.070:488): avc: denied { watch } for pid=6607 comm="syz.2.190" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=67 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 118.230989][ T5869] usb 5-1: unable to get BOS descriptor or descriptor too short [ 118.247825][ T5869] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 118.258397][ T5869] usb 5-1: config 1 has no interface number 1 [ 118.265113][ T5869] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 118.279764][ T5869] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 158, changing to 4 [ 118.296315][ T5869] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 1023, setting to 0 [ 118.350232][ T5869] usb 5-1: string descriptor 0 read error: -22 [ 118.356471][ T5869] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 118.366980][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.524232][ T5869] usb 5-1: low speed audio streaming not supported [ 118.551871][ T5893] usbhid 2-1:0.0: can't add hid device: -71 [ 118.556645][ T5868] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 118.558013][ T5893] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 118.624011][ T5893] usb 2-1: USB disconnect, device number 8 [ 118.681631][ T5869] usb 5-1: USB disconnect, device number 8 [ 118.715195][ T5868] usb 1-1: config 0 interface 0 has no altsetting 0 [ 118.722780][ T5868] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 118.747333][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.761968][ T5868] usb 1-1: config 0 descriptor?? [ 118.769985][ T6615] XFS (nullb0): Invalid superblock magic number [ 119.035085][ T6623] ptrace attach of "./syz-executor exec"[5832] was attempted by " [ 119.132289][ T30] audit: type=1400 audit(2000000043.100:489): avc: denied { create } for pid=6611 comm="syz.2.191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 119.396747][ T30] audit: type=1400 audit(2000000043.240:490): avc: denied { write } for pid=6626 comm="syz.3.195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 119.473534][ T30] audit: type=1400 audit(2000000043.470:491): avc: denied { connect } for pid=6626 comm="syz.3.195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 119.499067][ T30] audit: type=1400 audit(2000000043.500:492): avc: denied { write } for pid=6626 comm="syz.3.195" path="socket:[12398]" dev="sockfs" ino=12398 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 119.565139][ T30] audit: type=1400 audit(2000000043.560:493): avc: denied { mounton } for pid=6635 comm="syz.4.198" path="/40/file1/file0" dev="autofs" ino=12403 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 119.589062][ T6636] FAULT_INJECTION: forcing a failure. [ 119.589062][ T6636] name failslab, interval 1, probability 0, space 0, times 0 [ 119.601943][ T6636] CPU: 1 UID: 0 PID: 6636 Comm: syz.4.198 Not tainted 6.14.0-rc6-syzkaller-00016-g0fed89a961ea #0 [ 119.601963][ T6636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 119.601971][ T6636] Call Trace: [ 119.601976][ T6636] [ 119.601981][ T6636] dump_stack_lvl+0x16c/0x1f0 [ 119.602009][ T6636] should_fail_ex+0x50a/0x650 [ 119.602035][ T6636] ? fs_reclaim_acquire+0xae/0x150 [ 119.602060][ T6636] should_failslab+0xc2/0x120 [ 119.602078][ T6636] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 119.602096][ T6636] ? alloc_empty_file+0x73/0x1e0 [ 119.602117][ T6636] alloc_empty_file+0x73/0x1e0 [ 119.602135][ T6636] path_openat+0xe1/0x2d80 [ 119.602149][ T6636] ? hlock_class+0x4e/0x130 [ 119.602166][ T6636] ? __lock_acquire+0x15a9/0x3c40 [ 119.602193][ T6636] ? __pfx_path_openat+0x10/0x10 [ 119.602209][ T6636] ? __pfx___lock_acquire+0x10/0x10 [ 119.602228][ T6636] ? lock_acquire.part.0+0x11b/0x380 [ 119.602248][ T6636] ? find_held_lock+0x2d/0x110 [ 119.602268][ T6636] do_filp_open+0x20c/0x470 [ 119.602284][ T6636] ? __pfx_do_filp_open+0x10/0x10 [ 119.602299][ T6636] ? find_held_lock+0x2d/0x110 [ 119.602329][ T6636] ? alloc_fd+0x41f/0x760 [ 119.602350][ T6636] do_sys_openat2+0x17a/0x1e0 [ 119.602375][ T6636] ? __pfx_do_sys_openat2+0x10/0x10 [ 119.602397][ T6636] ? __fget_files+0x206/0x3a0 [ 119.602416][ T6636] __x64_sys_openat+0x175/0x210 [ 119.602437][ T6636] ? __pfx___x64_sys_openat+0x10/0x10 [ 119.602457][ T6636] ? ksys_write+0x1ba/0x250 [ 119.602479][ T6636] do_syscall_64+0xcd/0x250 [ 119.602504][ T6636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.602527][ T6636] RIP: 0033:0x7fc32238d169 [ 119.602540][ T6636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.602555][ T6636] RSP: 002b:00007fc323201038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 119.602571][ T6636] RAX: ffffffffffffffda RBX: 00007fc3225a5fa0 RCX: 00007fc32238d169 [ 119.602581][ T6636] RDX: 0000000000000000 RSI: 00004000000001c0 RDI: ffffffffffffff9c [ 119.602591][ T6636] RBP: 00007fc323201090 R08: 0000000000000000 R09: 0000000000000000 [ 119.602600][ T6636] R10: 0000000000000082 R11: 0000000000000246 R12: 0000000000000001 [ 119.602609][ T6636] R13: 0000000000000000 R14: 00007fc3225a5fa0 R15: 00007fffef6cb608 [ 119.602629][ T6636] [ 119.834314][ C1] vkms_vblank_simulate: vblank timer overrun [ 120.049175][ T6610] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2566 sclass=netlink_route_socket pid=6610 comm=syz.0.192 [ 120.110226][ T5868] video4linux radio48: keene_cmd_main failed (-71) [ 120.117263][ T5868] radio-keene 1-1:0.0: V4L2 device registered as radio48 [ 120.125968][ T5868] usb 1-1: USB disconnect, device number 9 [ 122.321974][ T6669] netlink: 32 bytes leftover after parsing attributes in process `syz.3.207'. [ 122.347037][ T30] audit: type=1400 audit(2000000046.340:494): avc: denied { create } for pid=6668 comm="syz.2.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 122.368647][ T6669] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 122.400407][ T6670] mmap: syz.2.208 (6670) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 122.403568][ T30] audit: type=1400 audit(2000000046.340:495): avc: denied { bind } for pid=6668 comm="syz.2.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 122.439623][ T30] audit: type=1400 audit(2000000046.370:496): avc: denied { listen } for pid=6667 comm="syz.3.207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 122.472749][ T30] audit: type=1400 audit(2000000046.370:497): avc: denied { write } for pid=6667 comm="syz.3.207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 122.526946][ T6674] ======================================================= [ 122.526946][ T6674] WARNING: The mand mount option has been deprecated and [ 122.526946][ T6674] and is ignored by this kernel. Remove the mand [ 122.526946][ T6674] option from the mount to silence this warning. [ 122.526946][ T6674] ======================================================= [ 122.561791][ C1] vkms_vblank_simulate: vblank timer overrun [ 122.630436][ T30] audit: type=1400 audit(2000000046.630:498): avc: denied { mounton } for pid=6673 comm="syz.3.209" path="/45/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 122.743334][ T6677] netlink: 76 bytes leftover after parsing attributes in process `syz.2.210'. [ 123.182764][ T30] audit: type=1400 audit(2000000047.180:499): avc: denied { unmount } for pid=5832 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 124.028817][ T6692] ip6tnl0 speed is unknown, defaulting to 1000 [ 125.303630][ T30] audit: type=1400 audit(2000000049.300:500): avc: denied { map } for pid=6704 comm="syz.0.216" path="socket:[12519]" dev="sockfs" ino=12519 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 125.704311][ T6713] syz.0.217: attempt to access beyond end of device [ 125.704311][ T6713] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 126.346620][ T5868] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 126.510905][ T6723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.220'. [ 127.207019][ T5868] usb 1-1: Using ep0 maxpacket: 32 [ 127.215272][ T5868] usb 1-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6 [ 127.226331][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.236239][ T5868] usb 1-1: config 0 descriptor?? [ 127.244139][ T5868] usb 1-1: dvb_usb_v2: found a 'Anysee' in warm state [ 127.602982][ T5868] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 127.616164][ T5868] dvb_usb_anysee 1-1:0.0: probe with driver dvb_usb_anysee failed with error -22 [ 127.631226][ T30] audit: type=1400 audit(2000000051.630:501): avc: denied { sqpoll } for pid=6716 comm="syz.0.221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 127.656815][ T5869] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 127.667507][ T5868] usb 1-1: USB disconnect, device number 10 [ 127.816796][ T5869] usb 4-1: Using ep0 maxpacket: 8 [ 127.823078][ T5869] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 127.832207][ T5869] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 127.844938][ T5869] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 127.854869][ T5869] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 127.904857][ T5869] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 127.924551][ T5869] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 127.934790][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.032289][ T30] audit: type=1326 audit(2000000052.030:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6743 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18258d169 code=0x7ffc0000 [ 128.063485][ T30] audit: type=1326 audit(2000000052.030:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6743 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18258d169 code=0x7ffc0000 [ 128.095215][ T30] audit: type=1326 audit(2000000052.030:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6743 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc18258d169 code=0x7ffc0000 [ 128.124484][ T30] audit: type=1326 audit(2000000052.030:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6743 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18258d169 code=0x7ffc0000 [ 128.154802][ T30] audit: type=1326 audit(2000000052.030:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6743 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18258d169 code=0x7ffc0000 [ 128.187606][ T30] audit: type=1326 audit(2000000052.030:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6743 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7fc18258d169 code=0x7ffc0000 [ 128.210292][ T5869] usb 4-1: GET_CAPABILITIES returned 0 [ 128.212147][ T30] audit: type=1326 audit(2000000052.030:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6743 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18258d169 code=0x7ffc0000 [ 128.220277][ T5869] usbtmc 4-1:16.0: can't read capabilities [ 128.264457][ T30] audit: type=1326 audit(2000000052.030:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6743 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18258d169 code=0x7ffc0000 [ 128.294795][ T30] audit: type=1326 audit(2000000052.030:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6743 comm="syz.1.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc18258d169 code=0x7ffc0000 [ 129.282549][ T5893] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 129.718731][ T6751] netlink: 'syz.2.229': attribute type 10 has an invalid length. [ 129.786765][ T5893] usb 2-1: Using ep0 maxpacket: 32 [ 129.868768][ T5893] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 129.883116][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.897114][ T5893] usb 2-1: config 0 descriptor?? [ 129.935865][ T5893] gspca_main: sq930x-2.14.0 probing 041e:403c [ 130.043647][ T5868] usb 4-1: USB disconnect, device number 10 [ 130.179022][ T6746] ALSA: mixer_oss: invalid OSS volume 'VOLUM' [ 130.506734][ T977] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 130.622421][ T6766] Bluetooth: (null): Invalid header checksum [ 130.658212][ T977] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 130.667738][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.678541][ T977] usb 1-1: config 0 descriptor?? [ 130.687912][ T977] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 130.956660][ T5868] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 131.030306][ T5893] gspca_sq930x: ucbus_write failed -71 [ 131.035986][ T5893] sq930x 2-1:0.0: probe with driver sq930x failed with error -71 [ 131.051143][ T5893] usb 2-1: USB disconnect, device number 9 [ 131.226811][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.237963][ T5868] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 131.247092][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.263218][ T5868] usb 4-1: config 0 descriptor?? [ 131.474113][ T5868] usbhid 4-1:0.0: can't add hid device: -71 [ 131.481258][ T5868] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 131.492887][ T5868] usb 4-1: USB disconnect, device number 11 [ 131.596328][ T6779] netlink: 4 bytes leftover after parsing attributes in process `syz.1.237'. [ 132.499709][ T977] gspca_stv06xx: I2C: Read error writing address: -71 [ 132.556826][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.563151][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.570344][ T5868] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 132.577422][ T977] usb 1-1: USB disconnect, device number 11 [ 132.641153][ T30] kauditd_printk_skb: 123 callbacks suppressed [ 132.641169][ T30] audit: type=1400 audit(2000000056.640:634): avc: denied { setopt } for pid=6787 comm="syz.1.240" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 132.766749][ T5868] usb 4-1: Using ep0 maxpacket: 32 [ 132.777040][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.837356][ T5868] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 132.909177][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.058183][ T5868] usb 4-1: config 0 descriptor?? [ 133.074714][ T5868] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 133.091588][ T5868] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 133.300280][ T30] audit: type=1400 audit(2000000057.250:635): avc: denied { create } for pid=6793 comm="syz.1.241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 133.592308][ T6800] IPVS: set_ctl: invalid protocol: 29027 28.3.0.2:0 [ 133.805459][ T6803] FAULT_INJECTION: forcing a failure. [ 133.805459][ T6803] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 133.856648][ T6803] CPU: 0 UID: 0 PID: 6803 Comm: syz.0.243 Not tainted 6.14.0-rc6-syzkaller-00016-g0fed89a961ea #0 [ 133.856671][ T6803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 133.856680][ T6803] Call Trace: [ 133.856685][ T6803] [ 133.856691][ T6803] dump_stack_lvl+0x16c/0x1f0 [ 133.856718][ T6803] should_fail_ex+0x50a/0x650 [ 133.856745][ T6803] _copy_from_user+0x2e/0xd0 [ 133.856763][ T6803] snd_seq_write+0x3ea/0x6c0 [ 133.856788][ T6803] ? __pfx_snd_seq_write+0x10/0x10 [ 133.856806][ T6803] ? bpf_lsm_file_permission+0x9/0x10 [ 133.856823][ T6803] ? security_file_permission+0x71/0x210 [ 133.856848][ T6803] ? rw_verify_area+0xcf/0x680 [ 133.856871][ T6803] ? __pfx_snd_seq_write+0x10/0x10 [ 133.856888][ T6803] vfs_write+0x24c/0x1150 [ 133.856903][ T6803] ? __fget_files+0x1fc/0x3a0 [ 133.856919][ T6803] ? __pfx_lock_release+0x10/0x10 [ 133.856941][ T6803] ? __pfx_vfs_write+0x10/0x10 [ 133.856965][ T6803] ? lock_acquire+0x2f/0xb0 [ 133.856985][ T6803] ? __fget_files+0x40/0x3a0 [ 133.857002][ T6803] ? __fget_files+0x206/0x3a0 [ 133.857024][ T6803] ksys_write+0x207/0x250 [ 133.857038][ T6803] ? __pfx_ksys_write+0x10/0x10 [ 133.857058][ T6803] do_syscall_64+0xcd/0x250 [ 133.857079][ T6803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.857100][ T6803] RIP: 0033:0x7feae5b8d169 [ 133.857112][ T6803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.857127][ T6803] RSP: 002b:00007feae695c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 133.857148][ T6803] RAX: ffffffffffffffda RBX: 00007feae5da5fa0 RCX: 00007feae5b8d169 [ 133.857159][ T6803] RDX: 000000000001001a RSI: 0000400000000000 RDI: 0000000000000003 [ 133.857169][ T6803] RBP: 00007feae695c090 R08: 0000000000000000 R09: 0000000000000000 [ 133.857178][ T6803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 133.857188][ T6803] R13: 0000000000000000 R14: 00007feae5da5fa0 R15: 00007ffda818df18 [ 133.857209][ T6803] [ 134.251601][ T6807] xt_l2tp: v2 sid > 0xffff: 262144 [ 134.329768][ T30] audit: type=1400 audit(2000000058.330:636): avc: denied { create } for pid=6812 comm="syz.1.247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 134.360849][ T30] audit: type=1400 audit(2000000058.330:637): avc: denied { setopt } for pid=6812 comm="syz.1.247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 134.389204][ T30] audit: type=1326 audit(2000000058.390:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6815 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4cf8d169 code=0x7ffc0000 [ 134.420901][ T5821] usb 4-1: USB disconnect, device number 12 [ 134.430131][ T5821] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 134.441226][ T6817] netlink: 'syz.1.247': attribute type 1 has an invalid length. [ 134.442636][ T30] audit: type=1326 audit(2000000058.390:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6815 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4cf8d169 code=0x7ffc0000 [ 134.462556][ T6817] netlink: 4 bytes leftover after parsing attributes in process `syz.1.247'. [ 134.472186][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.484020][ T30] audit: type=1326 audit(2000000058.440:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6815 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fae4cf8d169 code=0x7ffc0000 [ 134.510650][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.517720][ T30] audit: type=1326 audit(2000000058.440:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6815 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4cf8d169 code=0x7ffc0000 [ 134.540920][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.549719][ T30] audit: type=1326 audit(2000000058.440:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6815 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae4cf8d169 code=0x7ffc0000 [ 134.572910][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.588083][ T30] audit: type=1326 audit(2000000058.440:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6815 comm="syz.2.248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7fae4cf8d169 code=0x7ffc0000 [ 134.611194][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.698335][ T6821] ptrace attach of "./syz-executor exec"[5829] was attempted by " [ 134.716617][ T5928] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 134.807613][ C1] vkms_vblank_simulate: vblank timer overrun [ 135.120323][ T5928] usb 3-1: Using ep0 maxpacket: 32 [ 135.134974][ T5928] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 135.151532][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.188311][ T5928] usb 3-1: config 0 descriptor?? [ 135.219658][ T5928] gspca_main: sq930x-2.14.0 probing 041e:403c [ 135.741058][ T5827] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 135.750047][ T5827] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 135.794449][ T5827] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 135.805563][ T5827] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 135.820188][ T5827] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 135.827707][ T5827] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 136.009136][ T6827] ip6tnl0 speed is unknown, defaulting to 1000 [ 136.138985][ T6832] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 136.162910][ T6832] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 136.447155][ T3556] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.481810][ T6832] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 136.539267][ T6832] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 136.570942][ T6832] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 136.610388][ T3556] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.622973][ T6832] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 136.654096][ T6832] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 136.691268][ T6832] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 136.721738][ T3556] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.750302][ T6832] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 136.795665][ T6832] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 136.820469][ T6832] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 136.837034][ T6832] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 136.856296][ T6832] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 136.863847][ T6832] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 136.871467][ T3556] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.887509][ T6832] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 136.916852][ T5928] gspca_sq930x: ucbus_write failed -110 [ 136.996224][ T5928] sq930x 3-1:0.0: probe with driver sq930x failed with error -110 [ 137.066718][ T5928] usb 3-1: USB disconnect, device number 9 [ 137.154531][ T6827] chnl_net:caif_netlink_parms(): no params data found [ 137.231897][ T3556] bridge_slave_1: left allmulticast mode [ 137.246901][ T3556] bridge_slave_1: left promiscuous mode [ 137.254263][ T3556] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.467775][ T3556] bridge_slave_0: left allmulticast mode [ 137.482005][ T3556] bridge_slave_0: left promiscuous mode [ 137.489243][ T3556] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.703268][ T30] kauditd_printk_skb: 68 callbacks suppressed [ 137.703280][ T30] audit: type=1400 audit(2000000061.700:712): avc: denied { setopt } for pid=6861 comm="syz.2.259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 137.731210][ T6862] netlink: 4 bytes leftover after parsing attributes in process `syz.2.259'. [ 138.147789][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 138.557171][ T5827] Bluetooth: hci1: command 0x0c1a tx timeout [ 138.579439][ T6871] serio: Serial port ptm1 [ 138.707658][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 138.797655][ T30] audit: type=1400 audit(2000000062.800:713): avc: denied { write } for pid=6876 comm="syz.2.263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 138.851047][ T30] audit: type=1400 audit(2000000062.820:714): avc: denied { nlmsg_read } for pid=6876 comm="syz.2.263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 138.871621][ C1] vkms_vblank_simulate: vblank timer overrun [ 138.891913][ T54] Bluetooth: hci4: command 0x0405 tx timeout [ 138.891927][ T5827] Bluetooth: hci5: command 0x041b tx timeout [ 138.922144][ T30] audit: type=1400 audit(2000000062.820:715): avc: denied { map } for pid=6876 comm="syz.2.263" path="socket:[13008]" dev="sockfs" ino=13008 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 138.946612][ T30] audit: type=1400 audit(2000000062.820:716): avc: denied { read accept } for pid=6876 comm="syz.2.263" path="socket:[13008]" dev="sockfs" ino=13008 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 140.186603][ T5869] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 140.342656][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 140.473456][ T3556] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 140.490006][ T3556] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 140.500986][ T3556] bond0 (unregistering): Released all slaves [ 140.541198][ T6891] tmpfs: Unknown parameter 'êùŠ6Rýu¤' [ 140.558199][ T5869] usb 2-1: Using ep0 maxpacket: 8 [ 140.582582][ T5869] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 140.586638][ T5928] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 140.594093][ T5869] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 140.614920][ T5869] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 140.623121][ T5869] usb 2-1: Product: syz [ 140.628386][ T5827] Bluetooth: hci1: command 0x0c1a tx timeout [ 140.636219][ T5869] usb 2-1: Manufacturer: syz [ 140.640959][ T5869] usb 2-1: SerialNumber: syz [ 140.672811][ T3556] bond1 (unregistering): Released all slaves [ 140.693692][ T6874] netlink: 20 bytes leftover after parsing attributes in process `syz.0.262'. [ 140.706114][ T6888] ip6tnl0 speed is unknown, defaulting to 1000 [ 140.746791][ T5928] usb 1-1: Using ep0 maxpacket: 32 [ 140.759541][ T5928] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.778391][ T5928] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.788628][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 140.798023][ T5821] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 140.810888][ T3556] IPVS: stopping master sync thread 6281 ... [ 140.821617][ T5928] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 140.842058][ T5928] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 140.876406][ T5928] usb 1-1: Product: syz [ 140.882991][ T5869] usb 2-1: Invalid connection information received from device [ 140.883003][ T5928] usb 1-1: Manufacturer: syz [ 140.886765][ T5928] hub 1-1:4.0: USB hub found [ 140.947855][ T5827] Bluetooth: hci5: command 0x041b tx timeout [ 140.956771][ T5827] Bluetooth: hci4: command 0x0405 tx timeout [ 140.977917][ T5821] usb 4-1: Using ep0 maxpacket: 16 [ 140.987353][ T5821] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.987662][ T6827] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.005881][ T5821] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 141.021630][ T5821] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 141.023308][ T6827] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.036807][ T5821] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.046631][ T5821] usb 4-1: Product: syz [ 141.050848][ T5821] usb 4-1: Manufacturer: syz [ 141.050913][ T6827] bridge_slave_0: entered allmulticast mode [ 141.055453][ T5821] usb 4-1: SerialNumber: syz [ 141.068422][ T5821] usb 4-1: config 0 descriptor?? [ 141.096877][ T5928] hub 1-1:4.0: 2 ports detected [ 141.107572][ T6827] bridge_slave_0: entered promiscuous mode [ 141.123269][ T6827] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.124378][ T30] audit: type=1400 audit(2000000065.120:717): avc: denied { read } for pid=6898 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 141.130901][ T6827] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.153877][ T30] audit: type=1400 audit(2000000065.120:718): avc: denied { open } for pid=6898 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 141.185677][ T30] audit: type=1400 audit(2000000065.120:719): avc: denied { getattr } for pid=6898 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 141.210898][ C1] vkms_vblank_simulate: vblank timer overrun [ 141.217035][ T6827] bridge_slave_1: entered allmulticast mode [ 141.217784][ T6827] bridge_slave_1: entered promiscuous mode [ 141.403750][ T6827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 141.415484][ T5821] usb 4-1: USB disconnect, device number 13 [ 141.433583][ T30] audit: type=1400 audit(2000000065.430:720): avc: denied { write } for pid=6897 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1705 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 141.456555][ C1] vkms_vblank_simulate: vblank timer overrun [ 141.471220][ T30] audit: type=1400 audit(2000000065.430:721): avc: denied { add_name } for pid=6897 comm="dhcpcd-run-hook" name="resolv.conf.eth2.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 141.493554][ C1] vkms_vblank_simulate: vblank timer overrun [ 141.510581][ T6827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 141.636997][ T6827] team0: Port device team_slave_0 added [ 141.651908][ T6827] team0: Port device team_slave_1 added [ 141.693683][ T3556] hsr_slave_0: left promiscuous mode [ 141.703656][ T3556] hsr_slave_1: left promiscuous mode [ 141.715759][ T3556] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 141.729339][ T3556] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 141.737676][ T3556] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.745085][ T3556] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 141.759817][ T3556] veth1_macvtap: left promiscuous mode [ 141.765683][ T3556] veth0_macvtap: left promiscuous mode [ 141.772458][ T3556] veth1_vlan: left promiscuous mode [ 141.777994][ T3556] veth0_vlan: left promiscuous mode [ 142.386729][ T5827] Bluetooth: hci0: command 0x0c1a tx timeout [ 142.655267][ T3556] team0 (unregistering): Port device team_slave_1 removed [ 142.706841][ T5827] Bluetooth: hci1: command 0x0c1a tx timeout [ 142.717557][ T3556] team0 (unregistering): Port device team_slave_0 removed [ 142.806418][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 142.807031][ T6924] Cannot find set identified by id 0 to match [ 142.813019][ T30] audit: type=1400 audit(2000000066.800:728): avc: denied { append } for pid=6922 comm="syz.2.270" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 142.842923][ C1] vkms_vblank_simulate: vblank timer overrun [ 142.851836][ T5821] hub 1-1:4.0: hub_ext_port_status failed (err = -32) [ 142.866685][ T5827] Bluetooth: hci3: command 0x0c1a tx timeout [ 143.026826][ T54] Bluetooth: hci5: command 0x041b tx timeout [ 143.036350][ T5827] Bluetooth: hci4: command 0x0405 tx timeout [ 143.382728][ T976] usb 2-1: USB disconnect, device number 10 [ 143.722251][ C1] raw-gadget.1 gadget.0: ignoring, device is not running [ 143.748019][ T977] usb 1-1: USB disconnect, device number 12 [ 143.757906][ T30] audit: type=1400 audit(2000000067.750:729): avc: denied { read write } for pid=6926 comm="syz.1.271" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 144.102323][ T30] audit: type=1400 audit(2000000067.750:730): avc: denied { ioctl open } for pid=6926 comm="syz.1.271" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 144.812495][ T6827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 144.833381][ T6827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.859998][ T6827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 144.875771][ T6919] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-xor(2) [ 144.901339][ T6827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 144.908870][ T6827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 144.936066][ T6827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 145.022495][ T6827] hsr_slave_0: entered promiscuous mode [ 145.047035][ T977] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 145.055995][ T6827] hsr_slave_1: entered promiscuous mode [ 145.073977][ T6827] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 145.087807][ T6827] Cannot create hsr debugfs directory [ 145.106926][ T5827] Bluetooth: hci5: command 0x041b tx timeout [ 145.240044][ T977] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 146.301675][ T30] audit: type=1400 audit(2000000070.190:731): avc: denied { write } for pid=6943 comm="syz.1.276" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 146.320598][ T977] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 146.320625][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.327519][ T977] usb 1-1: config 0 descriptor?? [ 146.695921][ T977] pwc: Askey VC010 type 2 USB webcam detected. [ 146.701309][ T6827] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 146.812999][ T6827] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 147.154887][ T6827] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 147.186756][ T54] Bluetooth: hci5: command 0x041b tx timeout [ 147.197660][ T977] pwc: send_video_command error -71 [ 147.202904][ T977] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 147.211573][ T977] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71 [ 147.222238][ T977] usb 1-1: USB disconnect, device number 13 [ 147.280531][ T6827] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 147.345446][ T6962] xt_CT: No such helper "snmp" [ 147.637255][ T977] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 147.912474][ T977] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 147.955472][ T977] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 148.011902][ T6827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.045796][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.112546][ T977] usb 1-1: config 0 descriptor?? [ 148.144086][ T6827] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.183010][ T977] pwc: Askey VC010 type 2 USB webcam detected. [ 148.218080][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 148.233423][ T977] pwc: send_video_command error -32 [ 148.238874][ T977] pwc: Failed to set video mode CIF@30 fps; return code = -32 [ 148.250135][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.257297][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.415168][ T2910] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.422355][ T2910] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.484044][ T977] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -32 [ 148.726786][ T5821] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 149.027521][ T977] usb 1-1: USB disconnect, device number 14 [ 149.256654][ T5821] usb 3-1: Using ep0 maxpacket: 8 [ 149.267115][ T5827] Bluetooth: hci5: command 0x041b tx timeout [ 149.311818][ T5821] usb 3-1: config 0 has an invalid interface number: 228 but max is 0 [ 149.338691][ T5821] usb 3-1: config 0 has no interface number 0 [ 149.355079][ T5821] usb 3-1: config 0 interface 228 has no altsetting 0 [ 149.399441][ T5821] usb 3-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.09 [ 149.425350][ T5821] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.427365][ T6998] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6998 comm=syz.0.286 [ 149.451894][ T5821] usb 3-1: Product: syz [ 149.454901][ T6827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.486071][ T5821] usb 3-1: Manufacturer: syz [ 149.645169][ T5821] usb 3-1: SerialNumber: syz [ 149.660847][ T5821] usb 3-1: config 0 descriptor?? [ 149.673375][ T5821] go7007 3-1:0.228: probe with driver go7007 failed with error -12 [ 149.879263][ T30] audit: type=1400 audit(2000000073.680:732): avc: denied { bind } for pid=7010 comm="syz.0.288" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 150.227256][ T976] usb 3-1: USB disconnect, device number 10 [ 150.678068][ T6827] veth0_vlan: entered promiscuous mode [ 150.702416][ T6827] veth1_vlan: entered promiscuous mode [ 150.741451][ T6827] veth0_macvtap: entered promiscuous mode [ 150.783547][ T30] audit: type=1400 audit(2000000074.780:733): avc: denied { bind } for pid=7032 comm="syz.1.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 150.786343][ T6827] veth1_macvtap: entered promiscuous mode [ 150.831681][ T30] audit: type=1400 audit(2000000074.780:734): avc: denied { name_bind } for pid=7032 comm="syz.1.292" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 150.846895][ T6827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.853856][ T977] usb 1-1: new low-speed USB device number 15 using dummy_hcd [ 150.884333][ T30] audit: type=1400 audit(2000000074.780:735): avc: denied { node_bind } for pid=7032 comm="syz.1.292" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 150.919936][ T6827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.933252][ T30] audit: type=1400 audit(2000000074.780:736): avc: denied { listen } for pid=7032 comm="syz.1.292" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 150.937930][ T6827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.975781][ T6827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.986019][ T6827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.997169][ T6827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.007397][ T6827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.053528][ T6827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.098421][ T6827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 151.105161][ T30] audit: type=1400 audit(2000000074.850:737): avc: denied { accept } for pid=7032 comm="syz.1.292" lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 151.154608][ T6827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.462090][ T5827] Bluetooth: hci5: command 0x041b tx timeout [ 151.464297][ T977] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 151.490144][ T6827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.500691][ T977] usb 1-1: config 179 has no interface number 0 [ 151.514812][ T6827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.523740][ T977] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 151.525658][ T6827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.546641][ T6827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.554241][ T977] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8 [ 151.557388][ T6827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.578504][ T6827] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.587273][ T977] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 151.590291][ T6827] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.611307][ T6827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 151.622061][ T6827] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.631220][ T6827] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.641381][ T6827] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.660863][ T977] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8 [ 151.689173][ T6827] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.695765][ T977] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 151.721872][ T977] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 151.737749][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.833308][ T7024] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 151.833410][ T7024] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 151.969519][ T30] audit: type=1400 audit(2000000075.950:738): avc: denied { sys_chroot } for pid=7052 comm="dhcpcd" capability=18 scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1 [ 151.991398][ T976] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 152.196846][ T5827] Bluetooth: hci3: unexpected event 0x01 length: 6 > 1 [ 152.200454][ T5866] usb 1-1: USB disconnect, device number 15 [ 152.200459][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 152.226715][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 152.673256][ T30] audit: type=1400 audit(2000000075.950:739): avc: denied { setgid } for pid=7052 comm="dhcpcd" capability=6 scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1 [ 152.707538][ T30] audit: type=1400 audit(2000000075.950:740): avc: denied { setrlimit } for pid=7052 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1 [ 152.736775][ T30] audit: type=1400 audit(2000000076.150:741): avc: denied { connect } for pid=7053 comm="syz.2.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 152.785849][ T976] usb 2-1: config 0 has an invalid interface number: 106 but max is 0 [ 152.816153][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 152.824230][ T976] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.870454][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 152.876815][ T976] usb 2-1: config 0 has no interface number 0 [ 152.883834][ T976] usb 2-1: config 0 interface 106 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 152.883870][ T976] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 152.883889][ T976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.925157][ T976] usb 2-1: config 0 descriptor?? [ 153.048781][ T3445] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.068086][ T3445] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.575212][ T976] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 153.894618][ T12] usb 2-1: Failed to submit usb control message: -71 [ 153.931197][ T12] usb 2-1: unable to send the bmi data to the device: -71 [ 153.958409][ T976] usb 2-1: USB disconnect, device number 11 [ 153.990595][ T12] usb 2-1: unable to get target info from device [ 154.032821][ T6827] ================================================================== [ 154.040912][ T6827] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0 [ 154.048644][ T6827] Write of size 8 at addr ffff88803372f808 by task syz-executor/6827 [ 154.056700][ T6827] [ 154.059017][ T6827] CPU: 1 UID: 0 PID: 6827 Comm: syz-executor Not tainted 6.14.0-rc6-syzkaller-00016-g0fed89a961ea #0 [ 154.059037][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 154.059047][ T6827] Call Trace: [ 154.059053][ T6827] [ 154.059059][ T6827] dump_stack_lvl+0x116/0x1f0 [ 154.059086][ T6827] print_report+0xc3/0x670 [ 154.059104][ T6827] ? __virt_addr_valid+0x5e/0x590 [ 154.059122][ T6827] ? __phys_addr+0xc6/0x150 [ 154.059139][ T6827] kasan_report+0xd9/0x110 [ 154.059156][ T6827] ? binder_add_device+0xa4/0xb0 [ 154.059177][ T6827] ? binder_add_device+0xa4/0xb0 [ 154.059198][ T6827] binder_add_device+0xa4/0xb0 [ 154.059218][ T6827] binderfs_binder_device_create.isra.0+0x95f/0xb70 [ 154.059246][ T6827] binderfs_fill_super+0x8d6/0x1360 [ 154.059272][ T6827] ? __pfx_binderfs_fill_super+0x10/0x10 [ 154.059302][ T6827] ? shrinker_register+0x1a8/0x260 [ 154.059327][ T6827] ? sget_fc+0x808/0xc20 [ 154.059351][ T6827] ? __pfx_set_anon_super_fc+0x10/0x10 [ 154.059375][ T6827] ? __pfx_binderfs_fill_super+0x10/0x10 [ 154.059398][ T6827] get_tree_nodev+0xda/0x190 [ 154.059412][ T6827] vfs_get_tree+0x8b/0x340 [ 154.059434][ T6827] path_mount+0x14e6/0x1f10 [ 154.059453][ T6827] ? kmem_cache_free+0x2e2/0x4d0 [ 154.059469][ T6827] ? __pfx_path_mount+0x10/0x10 [ 154.059488][ T6827] ? putname+0x13c/0x180 [ 154.059507][ T6827] __x64_sys_mount+0x28f/0x310 [ 154.059525][ T6827] ? __pfx___x64_sys_mount+0x10/0x10 [ 154.059546][ T6827] do_syscall_64+0xcd/0x250 [ 154.059569][ T6827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.059593][ T6827] RIP: 0033:0x7f863f18e90a [ 154.059607][ T6827] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.059623][ T6827] RSP: 002b:00007ffe9bdb4eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 154.059640][ T6827] RAX: ffffffffffffffda RBX: 00007f863f20e663 RCX: 00007f863f18e90a [ 154.059651][ T6827] RDX: 00007f863f21dda7 RSI: 00007f863f20e663 RDI: 00007f863f21dda7 [ 154.059662][ T6827] RBP: 00007f863f20e8ac R08: 0000000000000000 R09: 00007f863f3a6738 [ 154.059672][ T6827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f863f1eb1a8 [ 154.059681][ T6827] R13: 00007f863f1eb180 R14: 0000000000000009 R15: 0000000000000000 [ 154.059695][ T6827] [ 154.059701][ T6827] [ 154.086691][ T12] usb 2-1: could not get target info (-71) [ 154.086734][ T12] usb 2-1: could not probe fw (-71) [ 154.091402][ T6827] Allocated by task 5813: [ 154.091413][ T6827] kasan_save_stack+0x33/0x60 [ 154.091432][ T6827] kasan_save_track+0x14/0x30 [ 154.311408][ T6827] __kasan_kmalloc+0xaa/0xb0 [ 154.315981][ T6827] kernfs_fop_open+0x28b/0xdb0 [ 154.320728][ T6827] do_dentry_open+0x735/0x1c40 [ 154.325466][ T6827] vfs_open+0x82/0x3f0 [ 154.329517][ T6827] path_openat+0x1e88/0x2d80 [ 154.334083][ T6827] do_filp_open+0x20c/0x470 [ 154.338562][ T6827] do_sys_openat2+0x17a/0x1e0 [ 154.343220][ T6827] __x64_sys_openat+0x175/0x210 [ 154.348051][ T6827] do_syscall_64+0xcd/0x250 [ 154.352535][ T6827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.358412][ T6827] [ 154.360712][ T6827] Freed by task 5813: [ 154.364663][ T6827] kasan_save_stack+0x33/0x60 [ 154.369319][ T6827] kasan_save_track+0x14/0x30 [ 154.373974][ T6827] kasan_save_free_info+0x3b/0x60 [ 154.378982][ T6827] __kasan_slab_free+0x51/0x70 [ 154.383722][ T6827] kfree+0x2c4/0x4d0 [ 154.387605][ T6827] kernfs_fop_release+0x12c/0x1e0 [ 154.392610][ T6827] __fput+0x3ff/0xb70 [ 154.396573][ T6827] __fput_sync+0xa1/0xc0 [ 154.400796][ T6827] __x64_sys_close+0x86/0x100 [ 154.405452][ T6827] do_syscall_64+0xcd/0x250 [ 154.409943][ T6827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.415816][ T6827] [ 154.418119][ T6827] The buggy address belongs to the object at ffff88803372f800 [ 154.418119][ T6827] which belongs to the cache kmalloc-512 of size 512 [ 154.432147][ T6827] The buggy address is located 8 bytes inside of [ 154.432147][ T6827] freed 512-byte region [ffff88803372f800, ffff88803372fa00) [ 154.445743][ T6827] [ 154.448044][ T6827] The buggy address belongs to the physical page: [ 154.454428][ T6827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3372c [ 154.463165][ T6827] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 154.471640][ T6827] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 154.479160][ T6827] page_type: f5(slab) [ 154.483119][ T6827] raw: 00fff00000000040 ffff88801b041c80 ffffea0001e48300 dead000000000002 [ 154.491683][ T6827] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 154.500245][ T6827] head: 00fff00000000040 ffff88801b041c80 ffffea0001e48300 dead000000000002 [ 154.508892][ T6827] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 154.517538][ T6827] head: 00fff00000000002 ffffea0000cdcb01 ffffffffffffffff 0000000000000000 [ 154.526184][ T6827] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 154.534829][ T6827] page dumped because: kasan: bad access detected [ 154.541214][ T6827] page_owner tracks the page as allocated [ 154.546903][ T6827] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5211, tgid 5211 (udevadm), ts 18407989926, free_ts 17686896680 [ 154.567809][ T6827] post_alloc_hook+0x181/0x1b0 [ 154.572555][ T6827] get_page_from_freelist+0xfce/0x2f80 [ 154.577990][ T6827] __alloc_frozen_pages_noprof+0x221/0x2470 [ 154.583860][ T6827] alloc_pages_mpol+0x1fc/0x540 [ 154.588691][ T6827] new_slab+0x23d/0x330 [ 154.592829][ T6827] ___slab_alloc+0xc5d/0x1720 [ 154.597489][ T6827] __slab_alloc.constprop.0+0x56/0xb0 [ 154.602845][ T6827] __kmalloc_cache_noprof+0xfa/0x410 [ 154.608116][ T6827] kernfs_fop_open+0x28b/0xdb0 [ 154.612874][ T6827] do_dentry_open+0x735/0x1c40 [ 154.617616][ T6827] vfs_open+0x82/0x3f0 [ 154.621663][ T6827] path_openat+0x1e88/0x2d80 [ 154.626228][ T6827] do_filp_open+0x20c/0x470 [ 154.630718][ T6827] do_sys_openat2+0x17a/0x1e0 [ 154.635384][ T6827] __x64_sys_openat+0x175/0x210 [ 154.640223][ T6827] do_syscall_64+0xcd/0x250 [ 154.644719][ T6827] page last free pid 25 tgid 25 stack trace: [ 154.650682][ T6827] free_frozen_pages+0x6db/0xfb0 [ 154.655602][ T6827] rcu_core+0x79d/0x14d0 [ 154.659826][ T6827] handle_softirqs+0x213/0x8f0 [ 154.664572][ T6827] run_ksoftirqd+0x3a/0x60 [ 154.668969][ T6827] smpboot_thread_fn+0x661/0xa30 [ 154.673894][ T6827] kthread+0x3af/0x750 [ 154.677943][ T6827] ret_from_fork+0x45/0x80 [ 154.682339][ T6827] ret_from_fork_asm+0x1a/0x30 [ 154.687083][ T6827] [ 154.689384][ T6827] Memory state around the buggy address: [ 154.694988][ T6827] ffff88803372f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 154.703026][ T6827] ffff88803372f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 154.711063][ T6827] >ffff88803372f800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.719098][ T6827] ^ [ 154.723400][ T6827] ffff88803372f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.731437][ T6827] ffff88803372f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 154.739473][ T6827] ================================================================== [ 155.051239][ T6827] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 155.058470][ T6827] CPU: 0 UID: 0 PID: 6827 Comm: syz-executor Not tainted 6.14.0-rc6-syzkaller-00016-g0fed89a961ea #0 [ 155.069317][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 155.079367][ T6827] Call Trace: [ 155.082640][ T6827] [ 155.085564][ T6827] dump_stack_lvl+0x3d/0x1f0 [ 155.090157][ T6827] panic+0x71d/0x800 [ 155.094051][ T6827] ? __pfx_panic+0x10/0x10 [ 155.098462][ T6827] ? irqentry_exit+0x3b/0x90 [ 155.103050][ T6827] ? lockdep_hardirqs_on+0x7c/0x110 [ 155.108248][ T6827] ? preempt_schedule_thunk+0x1a/0x30 [ 155.113621][ T6827] ? preempt_schedule_common+0x44/0xc0 [ 155.119080][ T6827] ? check_panic_on_warn+0x1f/0xb0 [ 155.124187][ T6827] check_panic_on_warn+0xab/0xb0 [ 155.129119][ T6827] end_report+0x117/0x180 [ 155.133443][ T6827] kasan_report+0xe9/0x110 [ 155.137856][ T6827] ? binder_add_device+0xa4/0xb0 [ 155.142791][ T6827] ? binder_add_device+0xa4/0xb0 [ 155.147727][ T6827] binder_add_device+0xa4/0xb0 [ 155.152487][ T6827] binderfs_binder_device_create.isra.0+0x95f/0xb70 [ 155.159079][ T6827] binderfs_fill_super+0x8d6/0x1360 [ 155.164286][ T6827] ? __pfx_binderfs_fill_super+0x10/0x10 [ 155.169931][ T6827] ? shrinker_register+0x1a8/0x260 [ 155.175044][ T6827] ? sget_fc+0x808/0xc20 [ 155.179287][ T6827] ? __pfx_set_anon_super_fc+0x10/0x10 [ 155.184748][ T6827] ? __pfx_binderfs_fill_super+0x10/0x10 [ 155.190384][ T6827] get_tree_nodev+0xda/0x190 [ 155.194966][ T6827] vfs_get_tree+0x8b/0x340 [ 155.199382][ T6827] path_mount+0x14e6/0x1f10 [ 155.203879][ T6827] ? kmem_cache_free+0x2e2/0x4d0 [ 155.208808][ T6827] ? __pfx_path_mount+0x10/0x10 [ 155.213639][ T6827] ? putname+0x13c/0x180 [ 155.217866][ T6827] __x64_sys_mount+0x28f/0x310 [ 155.222611][ T6827] ? __pfx___x64_sys_mount+0x10/0x10 [ 155.227879][ T6827] do_syscall_64+0xcd/0x250 [ 155.232370][ T6827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.238247][ T6827] RIP: 0033:0x7f863f18e90a [ 155.242641][ T6827] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.262231][ T6827] RSP: 002b:00007ffe9bdb4eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 155.270641][ T6827] RAX: ffffffffffffffda RBX: 00007f863f20e663 RCX: 00007f863f18e90a [ 155.278593][ T6827] RDX: 00007f863f21dda7 RSI: 00007f863f20e663 RDI: 00007f863f21dda7 [ 155.286548][ T6827] RBP: 00007f863f20e8ac R08: 0000000000000000 R09: 00007f863f3a6738 [ 155.294499][ T6827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f863f1eb1a8 [ 155.302450][ T6827] R13: 00007f863f1eb180 R14: 0000000000000009 R15: 0000000000000000 [ 155.310407][ T6827] [ 155.313609][ T6827] Kernel Offset: disabled [ 155.317909][ T6827] Rebooting in 86400 seconds..