last executing test programs: 12.667851267s ago: executing program 0 (id=1000): bind$packet(0xffffffffffffffff, 0x0, 0x426e59fc9dad529e) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)) socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/meminfo\x00', 0x0, 0x0) read$watch_queue(r2, &(0x7f0000000140)=""/4096, 0x1000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) r4 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r4, 0xc008551a, &(0x7f0000000340)=ANY=[]) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000240)={[&(0x7f00000000c0)='=\x8d5\x10\xe4\x00\bj\xfb', &(0x7f0000000080)='=\x8d5\x10\xe4\x00\bj\xfb']}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000001200)={'veth0_virt_wifi\x00'}) r5 = getpid() r6 = syz_pidfd_open(r5, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="4000000066001fff0000000000000000"], 0x40}}, 0x4000800) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_ADD_DEV(r6, 0xff08, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x10, 0x6, 0x2004002) sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000300)=ANY=[], 0x1c}}, 0x0) sendmmsg$alg(r9, &(0x7f00000000c0), 0x492492492492627, 0x0) bind$netlink(r8, &(0x7f0000000200)={0x10, 0x0, 0x25dfdbfb, 0x200}, 0xc) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000000)) ioctl$VIDIOC_G_STD(r2, 0x80085617, &(0x7f00000011c0)) 9.653502132s ago: executing program 2 (id=1007): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB="540000002000010000000000000000000a202000000000000005000008000d000a000000080004000e000000140001000000000000000000000000000000000114000100ff020000000000c3a4df86547b2ead00000000"], 0x54}}, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[], 0x1c}}, 0x4000054) setsockopt(0xffffffffffffffff, 0x4, 0x4, &(0x7f0000000840)="680614969fcdd69ddb9ed12ead965fe29d151ccb3b45fd965523bf31fdf0912a0ef051af6e39d790de34ff3b8d6f318aa45ec6e604ff", 0x36) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x810}, 0x20044000) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmmsg(r0, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000006c0)="cc5c84001214dbd9e5943aa8a315357330c56529d6b619a78687eea13ea02981afbb0fab70e8c3ab037cd82bd48f4947702a177974e7eff5f2ccdec909645f69e3dea5153157374459f6a21ba8609552d9ada54e81b0f19b55b77cf382ad229baa9decce1ea639a3", 0x68}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb74a9d08d9afa4c86a507485b0e6821ba9d82e6b8522a6eba1734eccbc5659567aa08b5b93be09bc2a6d6319acbd1", 0xae}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000880)="90b9f79fecb3ad0dc00ca95fb148a3ba4355cee5ce27d2", 0x17}], 0x2}}], 0x2, 0x11) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x20080, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000640), 0x200080, 0x0) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 9.352168133s ago: executing program 0 (id=1008): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000000c0)='./file1\x00') symlinkat(&(0x7f0000005e40)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00') r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x81}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) socket$pppl2tp(0x18, 0x1, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), r0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r4 = syz_open_dev$MSR(&(0x7f0000000200), 0xa, 0x0) read$msr(r4, &(0x7f0000002240)=""/102400, 0x19000) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f00000002c0)=0x2, 0xb, 0x2, &(0x7f0000000300)={0x77359400}, &(0x7f00000004c0)=0x1, 0x2) syz_open_dev$ttys(0xc, 0x2, 0x0) r7 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_S_PARM(r7, 0xc0cc5616, &(0x7f0000000080)={0xb, @output={0x1000, 0x0, {0x7, 0x74941c9d}, 0xda, 0x9cd2}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dd5b0c00ece30a0131cbf484109c49baa313a1c1573aa8794485d39d4fe0466219420c66b12f23f2bc8a7d47b7bd9789d8f2667674fd97d8760b6a55c62f5fbfcd5938b1172d1f44d9ee1433e7f61638a23bb21f2e28dac01d62b4f8be23cf292a", @ANYRES32=r7, @ANYRES8=r5], 0x48}, 0x1, 0x0, 0x0, 0x44041}, 0x20040010) socketpair$unix(0x1, 0x3, 0x0, 0x0) timer_settime(r6, 0x1, &(0x7f0000000240), &(0x7f0000000440)) sendmsg$nl_generic(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000740)={0x14, 0x33, 0x1, 0x70bd27, 0x25dfdbfe, {0x7}}, 0xfffffffffffffd3f}, 0x1, 0x0, 0x0, 0x10}, 0x488d0) 7.685243863s ago: executing program 2 (id=1011): socket$vsock_stream(0x28, 0x1, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46", 0xb5}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 7.247904237s ago: executing program 3 (id=1013): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async, rerun: 64) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) (async, rerun: 64) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 64) accept(0xffffffffffffffff, &(0x7f0000000000)=@x25, &(0x7f0000000080)=0x80) (async, rerun: 64) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0xfffffe98, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="8400000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c0002800500010000000000080007400000000010001700000000000000000000000000100016"], 0x84}}, 0x0) (async, rerun: 64) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 64) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="140b927bd9cadd00e800020105ed4c29774cf8af"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) (async) socket$kcm(0x11, 0x3, 0x0) (async, rerun: 32) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (rerun: 32) openat$nvram(0xffffffffffffff9c, 0x0, 0x14305, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async, rerun: 64) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) (async) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r5, 0x0, 0x0) (async) r6 = memfd_create(&(0x7f00000001c0)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xcc\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\xae\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5\x00\x00\x00\x00\x00\x00\x00\x05L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\x06\x00\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xaaw\xbe\xd0\xd0\xc8d\x96G\xcf\x066\x84\x82-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10\x04\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x2) (async) r7 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x3232, 0x100, 0x0, 0x3de}, &(0x7f0000000040)=0x0, &(0x7f0000000180)=0x0) io_uring_register$IORING_REGISTER_FILES(r7, 0x2, &(0x7f0000000300)=[r6], 0x1) (async, rerun: 32) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (rerun: 32) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x6000, @fd_index, 0x400000080001001, 0x0, 0x0, 0x22}) io_uring_enter(r7, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_DYING(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000) 7.139625075s ago: executing program 0 (id=1014): syz_usb_connect(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000056544820e1050804a74d989e030109022400010000000009040000022ec25d0009050900000000000009050301"], 0x0) (async) r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000056544820e1050804a74d989e030109022400010000000009040000022ec25d0009050900000000000009050301"], 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f0000000040)={0x0, 0x30, 0x9e, {0x9e, 0x5, "0be42a457ebb34e802901f6a1b687d09fefb2f8b850b3ee7424af83ad79bd4ace724db971596526604e517e7ceb9034f7421638a854635ab81eb1ae260e077a8ac0d0bea6a691eb86a5545e186d18efef0d72ea6d1bd833c22c316f7927293a625ce56fd99ae6088d83a7494f74f2b5e0e6724890e699640626a73b805ac280161ebd63dcda2e257a58945ba85c874349ddee51e12e4a6a1f4c567ba"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1007}}, &(0x7f0000000140)={0x0, 0xf, 0x92, {0x5, 0xf, 0x92, 0x6, [@generic={0x76, 0x10, 0x3, "36e526a116ab47509b3b09b5fb82e90568bfcf50994510a6d07f58e71d84fbcc4814a2a205b893e78b3d665e686d868cda278a53eb9999af6fb1b2da9675799772c215a9e92ba1c6c7246d7c81e6145e070d20c0d7b4f2fb6ffd880d4992da85e07dae32ab69cf42c433ce1763ac06b880ef01"}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x9, 0x9, 0x9, 0xf9}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x1, 0x2, 0xc}, @ptm_cap={0x3}]}}, &(0x7f0000000200)={0x20, 0x29, 0xf, {0xf, 0x29, 0xf9, 0x80, 0xc, 0x4, "860a5314", "736cbc58"}}, &(0x7f0000000240)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0xd8, 0x81, 0x0, 0xb, 0x2000, 0x9}}}, &(0x7f0000000700)={0x84, &(0x7f00000002c0)={0x20, 0xe, 0x8, "4e104482618dfb90"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0xdd}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x8e}, &(0x7f0000000380)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f00000003c0)={0x20, 0x0, 0x4, {0x2, 0x8}}, &(0x7f0000000400)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000000440)={0x40, 0x9, 0x1, 0x40}, &(0x7f0000000480)={0x40, 0xb, 0x2, "641c"}, &(0x7f00000004c0)={0x40, 0xf, 0x2, 0x4}, &(0x7f0000000500)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000000540)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000000580)={0x40, 0x19, 0x2, '},'}, &(0x7f0000000600)={0x40, 0x1a, 0x1, 0x8}, &(0x7f0000000640)={0x40, 0x1c, 0x1, 0x40}, &(0x7f0000000680)={0x40, 0x1e, 0x1, 0x4}, &(0x7f00000006c0)={0x40, 0x21, 0x1, 0x10}}) (async) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f0000000040)={0x0, 0x30, 0x9e, {0x9e, 0x5, "0be42a457ebb34e802901f6a1b687d09fefb2f8b850b3ee7424af83ad79bd4ace724db971596526604e517e7ceb9034f7421638a854635ab81eb1ae260e077a8ac0d0bea6a691eb86a5545e186d18efef0d72ea6d1bd833c22c316f7927293a625ce56fd99ae6088d83a7494f74f2b5e0e6724890e699640626a73b805ac280161ebd63dcda2e257a58945ba85c874349ddee51e12e4a6a1f4c567ba"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1007}}, &(0x7f0000000140)={0x0, 0xf, 0x92, {0x5, 0xf, 0x92, 0x6, [@generic={0x76, 0x10, 0x3, "36e526a116ab47509b3b09b5fb82e90568bfcf50994510a6d07f58e71d84fbcc4814a2a205b893e78b3d665e686d868cda278a53eb9999af6fb1b2da9675799772c215a9e92ba1c6c7246d7c81e6145e070d20c0d7b4f2fb6ffd880d4992da85e07dae32ab69cf42c433ce1763ac06b880ef01"}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x9, 0x9, 0x9, 0xf9}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x1, 0x2, 0xc}, @ptm_cap={0x3}]}}, &(0x7f0000000200)={0x20, 0x29, 0xf, {0xf, 0x29, 0xf9, 0x80, 0xc, 0x4, "860a5314", "736cbc58"}}, &(0x7f0000000240)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0xd8, 0x81, 0x0, 0xb, 0x2000, 0x9}}}, &(0x7f0000000700)={0x84, &(0x7f00000002c0)={0x20, 0xe, 0x8, "4e104482618dfb90"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0xdd}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x8e}, &(0x7f0000000380)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f00000003c0)={0x20, 0x0, 0x4, {0x2, 0x8}}, &(0x7f0000000400)={0x40, 0x7, 0x2, 0x6}, &(0x7f0000000440)={0x40, 0x9, 0x1, 0x40}, &(0x7f0000000480)={0x40, 0xb, 0x2, "641c"}, &(0x7f00000004c0)={0x40, 0xf, 0x2, 0x4}, &(0x7f0000000500)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3b}}, &(0x7f0000000540)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000000580)={0x40, 0x19, 0x2, '},'}, &(0x7f0000000600)={0x40, 0x1a, 0x1, 0x8}, &(0x7f0000000640)={0x40, 0x1c, 0x1, 0x40}, &(0x7f0000000680)={0x40, 0x1e, 0x1, 0x4}, &(0x7f00000006c0)={0x40, 0x21, 0x1, 0x10}}) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a60000000060a010400000000000000000a0000010900010073797a3100000000340004803000018008000100636d700024000280080001400010000408000240000700011000038009000100407327c3600000000900020073797a32"], 0x88}, 0x1, 0x0, 0x0, 0x6040850}, 0x20000040) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f0016000800000000000000200006400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a6683f5aeb4edbb57a5025ccca9e00360db398262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3c93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x4000050) r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902120001000000000904800000ff"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000a40)={0x24, &(0x7f0000000780)={0x40, 0x15, 0x3, "44d7ef"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000f40)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB='\x00\n\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$rtl8150(r3, &(0x7f0000000900)={0x14, &(0x7f00000007c0)={0x40, 0x6, 0xe0, {0xe0, 0xb, "c9be6865a9cb1a84dc01bdfc3d9f7c2d3edb649f895110e9fa97dabc63b2b7f964c8eed9eb4eef5d21f11fe4db4241e3f4bfe875aedd324a733668202276d14505e5d7a87c627677c01f4c5da27e65fadcffe84b8f0c594919f23087c610d63cbd49ac63fc45a76ca4e0f4e397b5d1ba6927f00f57930168b6af56afcb50b2b9d00e7efd25a80d159887428bc26e3b13cabb450e4afad6020a39fa6c4286e80e8c74a7e379b9af363155844f7e1300e653810e11aad3e6ebebed63dda47011bec55cc940d3433859995f9ccc48035f122819fef0bd4029b67e522f81ff70"}}, &(0x7f00000008c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x810}}}, &(0x7f0000000b40)={0x2c, &(0x7f0000000940)={0x40, 0x12, 0xc4, "8cf804afefab08535452f38e5edb8acba024cac9795e76f15c95f640ca4ae1b383698b051f5d0b55d4cc62d524fd1614871b6e9509e930f33b26703d000c6db17e1ad879e5c07540ab4708fcec1b1ad1eafcbdc8d0ed4ba4821091b71f9dd2c34de218364243d61e89b648afba4bf039b02424ff5c0d87f2b33c7499a2bf11853ada4fb30f0c8005420ab26214a5654148c369f43c67cd90fd240d3c62428e8ac940e79ff0f79caf84311ebe0df5b3656abfe0015aca2c9bfd3beec51b4e5f38975fd7e6"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000a80)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000ac0)={0xc0, 0x5, 0x5, "21e1bb22bd"}, &(0x7f0000000b00)={0x40, 0x5, 0x6, "f335e49a1238"}}) (async) syz_usb_control_io$rtl8150(r3, &(0x7f0000000900)={0x14, &(0x7f00000007c0)={0x40, 0x6, 0xe0, {0xe0, 0xb, "c9be6865a9cb1a84dc01bdfc3d9f7c2d3edb649f895110e9fa97dabc63b2b7f964c8eed9eb4eef5d21f11fe4db4241e3f4bfe875aedd324a733668202276d14505e5d7a87c627677c01f4c5da27e65fadcffe84b8f0c594919f23087c610d63cbd49ac63fc45a76ca4e0f4e397b5d1ba6927f00f57930168b6af56afcb50b2b9d00e7efd25a80d159887428bc26e3b13cabb450e4afad6020a39fa6c4286e80e8c74a7e379b9af363155844f7e1300e653810e11aad3e6ebebed63dda47011bec55cc940d3433859995f9ccc48035f122819fef0bd4029b67e522f81ff70"}}, &(0x7f00000008c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x810}}}, &(0x7f0000000b40)={0x2c, &(0x7f0000000940)={0x40, 0x12, 0xc4, "8cf804afefab08535452f38e5edb8acba024cac9795e76f15c95f640ca4ae1b383698b051f5d0b55d4cc62d524fd1614871b6e9509e930f33b26703d000c6db17e1ad879e5c07540ab4708fcec1b1ad1eafcbdc8d0ed4ba4821091b71f9dd2c34de218364243d61e89b648afba4bf039b02424ff5c0d87f2b33c7499a2bf11853ada4fb30f0c8005420ab26214a5654148c369f43c67cd90fd240d3c62428e8ac940e79ff0f79caf84311ebe0df5b3656abfe0015aca2c9bfd3beec51b4e5f38975fd7e6"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000a80)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000ac0)={0xc0, 0x5, 0x5, "21e1bb22bd"}, &(0x7f0000000b00)={0x40, 0x5, 0x6, "f335e49a1238"}}) socket$inet_icmp_raw(0x2, 0x3, 0x1) (async) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r4, &(0x7f0000000000)="105fd1a47e968cb4e3f1060a11f950289afaa74c643c489605ec8e932d82b081ae4940", 0x23, 0xc001, 0x0, 0x0) 7.073987461s ago: executing program 3 (id=1015): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8) 6.917201371s ago: executing program 3 (id=1016): r0 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0x14, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f00000014c0)={&(0x7f0000000fc0)=@phonet={0x23, 0xf, 0x5, 0x2c}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000080)="b0", 0x1}], 0x1}, 0x20000800) (fail_nth: 4) 6.619756809s ago: executing program 3 (id=1019): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, 0x0, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000003c0)={@mcast2, 0x2, 0x1, 0x3, 0x1, 0x4, 0x603}, &(0x7f0000000400)=0x20) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x4019) r1 = fsopen(&(0x7f0000000200)='ecryptfs\x00', 0x0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x1c, r4, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r4, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x40010) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x81) r7 = open(&(0x7f00000001c0)='./file0\x00', 0x418000, 0x185) r8 = io_uring_setup(0x891, &(0x7f0000000340)={0x0, 0x31b0, 0x0, 0x3, 0x336}) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r7, 0x1, &(0x7f0000000240)={0x0, r8}, 0x0) 6.44433837s ago: executing program 2 (id=1020): r0 = open_tree(0xffffffffffffff9c, 0x0, 0x801) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0) syz_emit_ethernet(0xae, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x78, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000400260004000000"}, {0x1, 0x1, "fe906d17efe3"}]}}}}}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0e00000004000000040000000400000008e00000", @ANYRES32, @ANYBLOB="00008000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r0, @ANYBLOB="8c7e64e94847442e4c4ae28a1e8aeeca1fedc6f47189a159c406016e519d1baa7e2e7f219a2e286f59fe65d429abeee3a0da4fd9a94a7e7cbff9640b2616090b9c77b16db29a1b6f25e3e5c029b5c3d167bb47ed95937acb024b1ce8356931d9da8e62e1671576c42a97ce9320cd2e45669fa136d7"], 0x50) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r3 = socket$packet(0x11, 0x2, 0x300) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x200, 0x159) name_to_handle_at(r4, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)=@xfs_parent={0x1c, 0x82, {0x2393d5b9, 0x3, 0x41, 0x9}}, &(0x7f0000000300), 0x1000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) iopl(0x3) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4000000) sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001200)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a8c000000030a0fdb00000000000000000a0000050900030073797a30000000000900010073797a31000000004c0008800c00024000deffff55c3dd9e0c00014000000000000000000c00024000000000000000000c00024000000000000000090c00014000000000000000060c000140000000000000026314000480080002403cb140bb080001400000000314000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) sendmsg$NFT_MSG_GETCHAIN(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)={0x14, 0x4, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x4040004}, 0x0) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x3}, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x3}, 0x4) close_range(r2, 0xffffffffffffffff, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000100)=0x204100) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000340), 0x109080, 0x0) ioctl$COMEDI_BUFCONFIG(0xffffffffffffffff, 0x8020640d, &(0x7f0000000080)={0x9, 0x81, 0x947, 0x1}) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r1, &(0x7f00000000c0), &(0x7f0000000680)=""/246}, 0x20) 5.927415895s ago: executing program 3 (id=1023): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11}, 0x94) socket$rds(0x15, 0x5, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001640), 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, 0x0) lstat(&(0x7f0000000200)='./file1\x00', &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000480)={{{@in6=@loopback, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private2}, 0x0, @in=@dev}}, &(0x7f0000000340)=0xe8) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r1, {0xee00}}, './file0\x00'}) newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x800) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x82, &(0x7f0000000600)={[{@name={'name', 0x3d, '/dev/iommu\x00'}}, {@clone_children}, {@favordynmods}, {@subsystem='perf_event'}, {@name}, {@cpuset_v2_mode}, {@name={'name', 0x3d, '/dev/snd/timer\x00'}}, {@clone_children}, {@name={'name', 0x3d, ',%(.'}}], [{@euid_gt={'euid>', r2}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@uid_eq={'uid', 0x3d, r3}}, {@uid_lt={'uid<', r4}}, {@appraise}, {@euid_lt={'euid<', r5}}, {@smackfsfloor={'smackfsfloor', 0x3d, '+%'}}, {@dont_hash}, {@dont_appraise}, {@appraise_type}]}) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x6, 0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x803}, 0x20004004) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r8, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r9}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x44045}, 0xc090) syz_open_dev$vim2m(&(0x7f00000001c0), 0x2, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000080)={0xf0f02a, 0x17}) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_connect(0x0, 0x5a, &(0x7f0000000380)=ANY=[], 0x0) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r10, 0xffffffffffffffff, 0x2000000000000000) 5.360766236s ago: executing program 0 (id=1026): r0 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, 0x0, 0x0) mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000180)='gfs2\x00', 0x2208004, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYRESOCT=r0, @ANYRESHEX=r0, @ANYBLOB="3c45070000000000140012800900010076657468000000006800028008001300", @ANYRES32=0x0, @ANYBLOB="d77aec391c3aead7b7e2943dc3a67ff3ec53360cfe127e1838843c8ef6a7a417c319c34d956713efcadfffee99d5aa6172aafa116eac982c459a9e98a69821433dc4deda140a92fad2218650c41b545a2ece12e4711787274617000000e62d57e716b35b02491490fcefd0387c005118b978b5f99dc5f536fc210c80978fe2c41f47f16b3307affeb4657e448df56d26af74ceda4b5d8757147e5c20e732940ab4268c0190832179aa7137f54c59693f88345f55568b5412be74dd47f4182d178592615ac6749f548512c7868be546"], 0x3c}, 0x1, 0x0, 0x0, 0x24004805}, 0x0) ioprio_get$pid(0x3, 0xffffffffffffffff) 5.141446822s ago: executing program 2 (id=1029): r0 = add_key(&(0x7f0000000300)='dns_resolver\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f0000000200)="75a1d70300", 0x5, 0xfffffffffffffffe) keyctl$read(0xb, r0, &(0x7f00000004c0)=""/243, 0xf3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x30) keyctl$revoke(0x3, r0) r1 = syz_usb_connect(0x2, 0x36, &(0x7f0000000140)=ANY=[], 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) 5.078297145s ago: executing program 4 (id=1030): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x400, 0x0) syz_open_dev$vim2m(0x0, 0x47b, 0x2) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c633774262eb5ab2c7b9c5cff6ce78185d8c4dc064744e042", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r6, 0xffffffffffffffff}) close_range(r0, r1, 0x0) ioctl$SYNC_IOC_FILE_INFO(r7, 0x40103e05, &(0x7f0000000180)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.060169575s ago: executing program 1 (id=1031): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB="540000002000010000000000000000000a202000000000000005000008000d000a000000080004000e000000140001000000000000000000000000000000000114000100ff020000000000c3a4df86547b2ead000000000000000001"], 0x54}}, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[], 0x1c}}, 0x4000054) setsockopt(0xffffffffffffffff, 0x4, 0x4, &(0x7f0000000840)="680614969fcdd69ddb9ed12ead965fe29d151ccb3b45fd965523bf31fdf0912a0ef051af6e39d790de34ff3b8d6f318aa45ec6e604ff", 0x36) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x810}, 0x20044000) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x20080, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000640), 0x200080, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 5.035495598s ago: executing program 0 (id=1032): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x3264, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x140, 0x64, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0x0, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x60, 0x3, 0x17, {0x17, 0x3e, "3d91419d0946052dcdcf01956ccce47b47d1aab0b5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, 0x0) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000008280), r1) sendmsg$DEVLINK_CMD_SB_POOL_GET(r1, &(0x7f00000084c0)={0x0, 0x0, &(0x7f0000008480)={&(0x7f00000082c0)={0x44, r3, 0x1, 0x70bd26, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xfffffffffffffe51, 0xb, 0x8001}, {0x6, 0x11, 0x40}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000084}, 0x40080) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x24, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_CQM={0x8, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x4}]}]}, 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x28, r7, 0x200, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x4, 0x40}}}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 4.075403743s ago: executing program 4 (id=1033): signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x3c, r4, 0x917, 0x70bd28, 0x25dfdbff, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_FD={0x8}]}, 0x3c}, 0x1, 0x620b}, 0x0) 3.177142579s ago: executing program 1 (id=1034): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, 0x0, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000003c0)={@mcast2, 0x2, 0x1, 0x3, 0x1, 0x4, 0x603}, &(0x7f0000000400)=0x20) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x4019) r1 = fsopen(&(0x7f0000000200)='ecryptfs\x00', 0x0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3) ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x1c, r4, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r4, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x40010) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x81) r7 = open(&(0x7f00000001c0)='./file0\x00', 0x418000, 0x185) r8 = io_uring_setup(0x891, &(0x7f0000000340)={0x0, 0x31b0, 0x0, 0x3, 0x336}) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r7, 0x1, &(0x7f0000000240)={0x0, r8}, 0x0) 2.9988767s ago: executing program 4 (id=1035): keyctl$search(0x18, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0x5, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0xc2c00, 0x21, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe85, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) syz_open_procfs(0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6000000002060101000000000000000000000003140007800800114000000000050015008f000000050005000a000000050001000700000005000400000000000900020073797a310000000011000300686173683a69702c706f7274"], 0x60}, 0x1, 0x0, 0x0, 0x20000805}, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000700), &(0x7f00000000c0)=0xc) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$SNDCTL_SEQ_THRESHOLD(0xffffffffffffffff, 0x4004510d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000440), 0x0, 0x0) lseek(0xffffffffffffffff, 0x1000000, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c8000000104010100eda1fdd3000000000000000a0000000600064000010000"], 0x1c}, 0x1, 0x0, 0x0, 0x200c8016}, 0x94) socket$kcm(0x29, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x13) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0x43403d05, &(0x7f0000000240)={0x17}) 2.604503345s ago: executing program 1 (id=1036): select(0x40, &(0x7f0000000080)={0x0, 0x0, 0xfffffffffffffff2}, &(0x7f00000000c0)={0x4}, 0x0, &(0x7f0000000100)={0x7fffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3e, &(0x7f0000000040)=0x3, 0x4) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6_vti0\x00'}) r0 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0xb930, 0x10, 0x3, 0x801}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x4, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185100}) r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80882) read$FUSE(r3, &(0x7f0000000400)={0x2020, 0x0, 0x0}, 0x2020) pipe2$9p(&(0x7f0000000040), 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000440)=ANY=[@ANYBLOB="dc0000002d00010027bd7000fcdbdf2504000000040012800a"], 0xdc}}, 0x8004) r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r7 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r7, 0xffff) fcntl$addseals(r7, 0x409, 0x7) ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x8000}) write$FUSE_INIT(r3, &(0x7f00000000c0)={0x50, 0x0, r4, {0x7, 0x2b, 0xe, 0x20000, 0x80, 0x3b02, 0x80000000, 0x2, 0x0, 0x0, 0x10, 0x8}}, 0x50) io_uring_enter(r0, 0x7277, 0x40006, 0x43, 0x0, 0x0) 2.567166812s ago: executing program 3 (id=1037): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8800) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000200)=@name={0x1e, 0x2, 0x0, {{0x2, 0x1}, 0x200000}}, 0x10) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) mprotect(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x1) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b80000001300e9990000000001000000fe8000000000000000000000000000bbac1414bb00000000000000000000000000000400100000000200002000000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000006c6abd2d714c8bcc967802459b26bd5ecf8e2e77d2f9b0b92810b27b114155270ff78047b235a351e90c46426685661833be53cf28aa26a54b30d76697fcc205074996622d4c61f995244ac3f63fd42c5840e4674c339d18adf4602052eccf96117caf4c32b4c070952ecdc5e64720873cc6ca87c96b1ab5ccd361e58e"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x2500, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1980, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x2060c0, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x6, 0x2) preadv(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000002140)=""/4096, 0x1000}], 0x1, 0x141, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000000)={0x10, 0x1, 0x1, "a90037e7f30f000080df4832c305f70000000000004840080000000000008300", 0x37303250}) 2.39018397s ago: executing program 4 (id=1038): bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x200) madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x19) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x3) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) r4 = socket(0x1e, 0x4, 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000100)='./file1/file0\x00', &(0x7f0000000180)='nsfs\x00', 0x40000, &(0x7f00000001c0)='[\x00') r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0xfffffffc}, 0x10) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000200)=[{&(0x7f00000000c0)="ee", 0xfe23}], 0x1}}], 0x400000000000181, 0x9200000000000080) recvmmsg(r4, &(0x7f0000002840), 0x0, 0x7ffeccc0, 0x0) unshare(0x28040680) r6 = timerfd_create(0x0, 0x0) timerfd_gettime(r6, &(0x7f0000000000)) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001000)={{0x14}, [@NFT_MSG_DELRULE={0x38, 0x8, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x3}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x60}}, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x9}]}) close_range(r8, 0xffffffffffffffff, 0x0) 2.342558455s ago: executing program 1 (id=1039): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffbffffb, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x36}, @call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f00000003c0)="6f11ba816056a1827a33ae059cf3", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) (fail_nth: 4) 1.68388521s ago: executing program 2 (id=1040): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, 0x0, 0x0, 0x4004000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x401, 0x0) ioctl$SNDCTL_SEQ_TESTMIDI(r4, 0x40045108, &(0x7f0000000080)=0x3) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=ANY=[@ANYBLOB="50000000061401"], 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x8080) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f00000000c0), &(0x7f0000000180)=0x4) 1.683689386s ago: executing program 1 (id=1041): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x700, &(0x7f0000000540)={&(0x7f0000000640)=ANY=[@ANYBLOB="680000001400010000000000fbdbdf25e00000010000000000000000000000000000000000000000000000000000000100000080000700"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000c000800f1ff070200009cfe0c0015"], 0x68}}, 0x4004040) 1.351123332s ago: executing program 0 (id=1042): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_MSRS_cpu(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x400000f2, 0x0, 0xd2}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0x80000001, 0x420386) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000400000000080005000100000014000200776730000000000000000000000000001400020077673000"/62], 0x44}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x4}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0xb6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000001d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}}, {{&(0x7f0000000280)=@abs={0x0, 0x0, 0x4e24}, 0x6e, 0x0, 0x0, &(0x7f00000018c0)=[@rights={{0x14, 0x1, 0x1, [r5]}}], 0x18, 0x20008880}}], 0x2, 0x4c054) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000005c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1}}]}}) 1.31328571s ago: executing program 4 (id=1043): setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x800000000000001, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_UNLINKAT={0x24, 0x14, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200}) io_uring_enter(0xffffffffffffffff, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) 1.074724986s ago: executing program 1 (id=1044): ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, &(0x7f00000003c0)={0x2, 0x7fff}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000e40)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4880}, 0x1) sendmmsg$inet6(r1, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="cd", 0x1}], 0x1}}], 0x4000000000000ec, 0x8001) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000180)=0x40) 795.601803ms ago: executing program 2 (id=1045): prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x4) r0 = socket(0x28, 0x5, 0x0) socket$kcm(0xa, 0x2, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0xffffffff}}], 0x18}, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f00000000c0)={0x6, 0x6, 0x0, 0x1, 0x0, 0x5f, 0x4}, 0xc) connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2711, @host}, 0x10) timer_create(0x3, 0x0, &(0x7f0000000080)) r1 = socket(0x1e, 0x5, 0x7) bind$vsock_stream(r1, &(0x7f0000000040), 0x10) listen(r1, 0x0) r2 = socket(0x28, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) r3 = accept4$unix(r1, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f00000006c0)=""/240, 0xf0}], 0x1}, 0x1ff}], 0x2, 0x20022, 0x0) r4 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x7, 0x2) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000240)=ANY=[@ANYBLOB="500000001000030728bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000300012800b0001006272696467650000200002800c002300060000000000000005002500010000000500170001000000"], 0x50}}, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000001c0)={0x1, @pix={0xfffffffc, 0x2, 0x38414761, 0x9, 0x10000101, 0x1200, 0x3, 0xffffbe00, 0x0, 0x8, 0x2, 0x5}}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x4000011) recvfrom$unix(r3, &(0x7f0000000280)=""/253, 0xfd, 0x5b5f0d7fb119a04, 0x0, 0x0) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) timer_settime(0x0, 0x1, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) rt_sigaction(0xe, &(0x7f0000000300)={&(0x7f0000000040)="f30f1efc66450f2832c482adbcaf07000000c4e1fd5aa13c9c43713ef2400f1ed3c4c2e93be7f2262e669f8f88a4a2e100430f12957b280000653ed9fa", 0x18000002, 0x0, {[0xffffffffffff7fff]}}, 0x0, 0x8, &(0x7f0000000280)) 0s ago: executing program 4 (id=1046): epoll_create(0x4) r0 = socket$inet6(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r3 = fcntl$dupfd(r2, 0x0, r2) write$sndseq(r3, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) write$sndseq(r3, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f00000002c0)={@private1}, 0x14) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x3a, [0x8000, 0x4, 0xf, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x4d, 0x6, 0x3, 0x1009, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x5, 0x3c5b, 0x80000001, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0x1, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0x7, 0x8, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0x4ea4, 0x0, 0x4, 0x7, 0x7fff, 0x7, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000008, 0x5f31, 0xd, 0xf, 0x2, 0x4, 0xb, 0x3, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0x2, 0x5, 0x9, 0x3, 0x3, 0x9, 0x7, 0x3, 0x3, 0xbc45, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x6, 0x5, 0x1, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x2, 0x6d03, 0x4fac, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x1c, 0x120000, 0xff, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x7, 0x501, 0x10000, 0x4, 0x7fff, 0x10000, 0x8000007f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xae, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x30b1d693, 0xa1f, 0xf40, 0x5, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) r4 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000004c0)={'wlan0\x00'}) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e21, 0x2, @remote, 0x1}, 0x1c) kernel console output (not intermixed with test programs): 3.623982][ T30] audit: type=1400 audit(1760675922.753:9185): avc: denied { read write } for pid=5817 comm="syz-executor" name="loop1" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 323.697307][ T30] audit: type=1400 audit(1760675922.753:9186): avc: denied { open } for pid=5817 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 323.722464][ C1] vkms_vblank_simulate: vblank timer overrun [ 323.782073][ T30] audit: type=1400 audit(1760675922.753:9187): avc: denied { ioctl } for pid=5817 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 323.807630][ C1] vkms_vblank_simulate: vblank timer overrun [ 323.822118][ T30] audit: type=1400 audit(1760675922.873:9188): avc: denied { read write } for pid=5813 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 323.838463][ T2332] pvrusb2: Invalid write control endpoint [ 323.866300][ T30] audit: type=1400 audit(1760675922.873:9189): avc: denied { open } for pid=5813 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 323.890398][ C1] vkms_vblank_simulate: vblank timer overrun [ 323.895062][ T2332] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 323.999853][ T30] audit: type=1400 audit(1760675922.873:9190): avc: denied { ioctl } for pid=5813 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 324.025452][ C1] vkms_vblank_simulate: vblank timer overrun [ 324.095160][ T2332] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 324.108080][ T30] audit: type=1400 audit(1760675922.903:9191): avc: denied { read write } for pid=8765 comm="syz.1.732" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 324.120074][ T2332] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 324.240972][ T8762] netlink: 24 bytes leftover after parsing attributes in process `syz.4.730'. [ 324.641103][ T2332] pvrusb2: Device being rendered inoperable [ 324.753011][ T2332] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 324.872141][ T2332] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 324.899001][ T2332] pvrusb2: Attached sub-driver cx25840 [ 324.945916][ T2332] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 324.982597][ T2332] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 325.117231][ T8772] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 325.169155][ T8772] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 325.311646][ T8772] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 325.422524][ T8772] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 325.680118][ T5896] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 325.681152][ T8793] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 326.420333][ T8803] lo speed is unknown, defaulting to 1000 [ 326.480569][ T5896] usb 4-1: Using ep0 maxpacket: 8 [ 326.495717][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 326.519917][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 326.685401][ T5896] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 326.851541][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 326.889817][ T5896] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 326.950433][ T5896] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 327.097512][ T5896] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.203418][ T5896] usb 4-1: config 0 descriptor?? [ 327.210386][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 327.355483][ T8809] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 327.361906][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 327.395342][ T8809] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 327.440420][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 327.507450][ T8809] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 327.599690][ T8809] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 327.731622][ T5819] Bluetooth: hci5: urb ffff88807daa1b00 submission failed (90) [ 328.029613][ T5896] usb 4-1: USB disconnect, device number 19 [ 328.314400][ T30] kauditd_printk_skb: 324 callbacks suppressed [ 328.314437][ T30] audit: type=1400 audit(1760675927.453:9516): avc: denied { create } for pid=8828 comm="syz.2.743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 328.450191][ T30] audit: type=1400 audit(1760675927.543:9517): avc: denied { write } for pid=8828 comm="syz.2.743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 328.800812][ T30] audit: type=1400 audit(1760675927.613:9518): avc: denied { read } for pid=8831 comm="syz.0.744" dev="nsfs" ino=4026533060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 329.000171][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 329.329307][ T30] audit: type=1400 audit(1760675927.613:9519): avc: denied { open } for pid=8831 comm="syz.0.744" path="net:[4026533060]" dev="nsfs" ino=4026533060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 329.352473][ C1] vkms_vblank_simulate: vblank timer overrun [ 329.364802][ T30] audit: type=1400 audit(1760675927.613:9520): avc: denied { create } for pid=8831 comm="syz.0.744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 329.446672][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 329.454366][ T30] audit: type=1400 audit(1760675927.623:9521): avc: denied { search } for pid=8829 comm="rm" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 329.476141][ T30] audit: type=1400 audit(1760675927.623:9522): avc: denied { search } for pid=8829 comm="rm" name="dhcpcd" dev="tmpfs" ino=1831 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 329.498036][ T30] audit: type=1400 audit(1760675927.623:9523): avc: denied { search } for pid=8829 comm="rm" name="hook-state" dev="tmpfs" ino=1835 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 329.524892][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 329.532821][ T30] audit: type=1400 audit(1760675927.623:9524): avc: denied { getattr } for pid=8829 comm="rm" path="/run/dhcpcd/hook-state/resolv.conf.netdevsim0.link" dev="tmpfs" ino=4868 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 329.558954][ T30] audit: type=1400 audit(1760675927.623:9525): avc: denied { search } for pid=8829 comm="rm" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 329.601002][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 330.791677][ T8853] netlink: 'syz.4.749': attribute type 1 has an invalid length. [ 330.903789][ T8859] netlink: 4 bytes leftover after parsing attributes in process `syz.4.749'. [ 330.905180][ T8853] 8021q: adding VLAN 0 to HW filter on device bond1 [ 331.117798][ T8862] FAULT_INJECTION: forcing a failure. [ 331.117798][ T8862] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.170866][ T8862] CPU: 0 UID: 0 PID: 8862 Comm: syz.1.751 Not tainted syzkaller #0 PREEMPT(full) [ 331.170892][ T8862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 331.170902][ T8862] Call Trace: [ 331.170908][ T8862] [ 331.170914][ T8862] dump_stack_lvl+0x16c/0x1f0 [ 331.170941][ T8862] should_fail_ex+0x512/0x640 [ 331.170967][ T8862] _copy_to_user+0x32/0xd0 [ 331.170993][ T8862] simple_read_from_buffer+0xcb/0x170 [ 331.171018][ T8862] proc_fail_nth_read+0x197/0x240 [ 331.171044][ T8862] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 331.171071][ T8862] ? rw_verify_area+0xcf/0x6c0 [ 331.171089][ T8862] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 331.171113][ T8862] vfs_read+0x1e4/0xcf0 [ 331.171138][ T8862] ? __pfx___mutex_lock+0x10/0x10 [ 331.171160][ T8862] ? __pfx_vfs_read+0x10/0x10 [ 331.171189][ T8862] ? __fget_files+0x20e/0x3c0 [ 331.171220][ T8862] ksys_read+0x12a/0x250 [ 331.171241][ T8862] ? __pfx_ksys_read+0x10/0x10 [ 331.171270][ T8862] do_syscall_64+0xcd/0xfa0 [ 331.171295][ T8862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.171313][ T8862] RIP: 0033:0x7fdddab8d8dc [ 331.171328][ T8862] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 331.171345][ T8862] RSP: 002b:00007fdddba02030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 331.171362][ T8862] RAX: ffffffffffffffda RBX: 00007fdddade5fa0 RCX: 00007fdddab8d8dc [ 331.171373][ T8862] RDX: 000000000000000f RSI: 00007fdddba020a0 RDI: 0000000000000003 [ 331.171383][ T8862] RBP: 00007fdddba02090 R08: 0000000000000000 R09: 0000000000000000 [ 331.171393][ T8862] R10: 0000000000000036 R11: 0000000000000246 R12: 0000000000000001 [ 331.171403][ T8862] R13: 00007fdddade6038 R14: 00007fdddade5fa0 R15: 00007fffd4f147e8 [ 331.171429][ T8862] [ 332.674344][ T8859] bond1 (unregistering): Released all slaves [ 333.035704][ T8878] autofs: Unknown parameter '[ôiMàÊJñ)y' [ 333.160656][ T8880] netlink: 512 bytes leftover after parsing attributes in process `syz.2.757'. [ 333.253099][ T8882] FAULT_INJECTION: forcing a failure. [ 333.253099][ T8882] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 333.300616][ T8882] CPU: 1 UID: 0 PID: 8882 Comm: syz.4.758 Not tainted syzkaller #0 PREEMPT(full) [ 333.300642][ T8882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 333.300653][ T8882] Call Trace: [ 333.300659][ T8882] [ 333.300666][ T8882] dump_stack_lvl+0x16c/0x1f0 [ 333.300697][ T8882] should_fail_ex+0x512/0x640 [ 333.300714][ T8882] _copy_from_user+0x2e/0xd0 [ 333.300729][ T8882] get_timespec64+0x8b/0x240 [ 333.300742][ T8882] ? __pfx_get_timespec64+0x10/0x10 [ 333.300756][ T8882] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 333.300776][ T8882] __x64_sys_clock_nanosleep+0x1ce/0x4a0 [ 333.300788][ T8882] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 333.300803][ T8882] do_syscall_64+0xcd/0xfa0 [ 333.300818][ T8882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.300829][ T8882] RIP: 0033:0x7f9ea378eec9 [ 333.300841][ T8882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.300857][ T8882] RSP: 002b:00007f9ea4679038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 333.300873][ T8882] RAX: ffffffffffffffda RBX: 00007f9ea39e5fa0 RCX: 00007f9ea378eec9 [ 333.300883][ T8882] RDX: 0000200000000000 RSI: 0000000000ca9a3b RDI: 00000000fffffff2 [ 333.300894][ T8882] RBP: 00007f9ea4679090 R08: 0000000000000000 R09: 0000000000000000 [ 333.300904][ T8882] R10: 9999999999999999 R11: 0000000000000246 R12: 0000000000000001 [ 333.300913][ T8882] R13: 00007f9ea39e6038 R14: 00007f9ea39e5fa0 R15: 00007ffffbfdca28 [ 333.300930][ T8882] [ 333.407248][ T30] kauditd_printk_skb: 195 callbacks suppressed [ 333.407262][ T30] audit: type=1400 audit(1760675932.543:9721): avc: denied { read } for pid=8889 comm="syz.3.759" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 333.411063][ C1] vkms_vblank_simulate: vblank timer overrun [ 333.870425][ T5868] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 333.920226][ T30] audit: type=1400 audit(1760675932.543:9722): avc: denied { open } for pid=8889 comm="syz.3.759" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 333.945186][ T30] audit: type=1400 audit(1760675932.663:9724): avc: denied { read write open } for pid=8884 comm="syz.0.756" path="/dev/radio1" dev="devtmpfs" ino=956 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 333.974359][ T30] audit: type=1400 audit(1760675932.693:9725): avc: denied { read } for pid=8889 comm="syz.3.759" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 333.997130][ T30] audit: type=1400 audit(1760675932.693:9726): avc: denied { read open } for pid=8889 comm="syz.3.759" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 334.021088][ T30] audit: type=1400 audit(1760675932.693:9727): avc: denied { prog_load } for pid=8889 comm="syz.3.759" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 334.093845][ T30] audit: type=1400 audit(1760675932.693:9728): avc: denied { bpf } for pid=8889 comm="syz.3.759" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 334.114683][ T5868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 334.126161][ T5868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 334.192519][ T30] audit: type=1400 audit(1760675932.703:9729): avc: denied { ioctl } for pid=8879 comm="syz.2.757" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 334.227469][ T5868] usb 3-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.00 [ 334.247673][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.627610][ T30] audit: type=1400 audit(1760675932.663:9723): avc: denied { create } for pid=8884 comm="syz.0.756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 334.653396][ T5868] usb 3-1: config 0 descriptor?? [ 334.820448][ T30] audit: type=1400 audit(1760675932.813:9730): avc: denied { map_create } for pid=8889 comm="syz.3.759" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 334.993040][ T8900] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 335.039960][ T8900] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 335.081360][ T5868] waltop 0003:172F:0038.000D: hidraw0: USB HID v0.00 Device [HID 172f:0038] on usb-dummy_hcd.2-1/input0 [ 335.090831][ T8900] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 335.144346][ T8900] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 335.535067][ T5868] usb 3-1: USB disconnect, device number 10 [ 335.799543][ T8911] fido_id[8911]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 336.103714][ T8914] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 336.248691][ T8914] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 336.291713][ T8914] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 336.369186][ T8914] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 337.070408][ T8934] FAULT_INJECTION: forcing a failure. [ 337.070408][ T8934] name failslab, interval 1, probability 0, space 0, times 0 [ 337.083117][ T8934] CPU: 1 UID: 0 PID: 8934 Comm: syz.2.769 Not tainted syzkaller #0 PREEMPT(full) [ 337.083141][ T8934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 337.083150][ T8934] Call Trace: [ 337.083156][ T8934] [ 337.083162][ T8934] dump_stack_lvl+0x16c/0x1f0 [ 337.083187][ T8934] should_fail_ex+0x512/0x640 [ 337.083212][ T8934] should_failslab+0xc2/0x120 [ 337.083232][ T8934] kmem_cache_alloc_noprof+0x75/0x6e0 [ 337.083249][ T8934] ? dst_alloc+0x99/0x1a0 [ 337.083271][ T8934] ? dst_alloc+0x99/0x1a0 [ 337.083286][ T8934] dst_alloc+0x99/0x1a0 [ 337.083301][ T8934] ? fib_validate_source+0x13b/0x730 [ 337.083319][ T8934] rt_dst_alloc+0x35/0x3a0 [ 337.083340][ T8934] ip_route_input_slow+0x16cb/0x3fa0 [ 337.083355][ T8934] ? __pfx_ip_route_input_slow+0x10/0x10 [ 337.083372][ T8934] ? __pfx_ipt_do_table+0x10/0x10 [ 337.083388][ T8934] ? __pfx_iptable_mangle_hook+0x10/0x10 [ 337.083402][ T8934] ip_route_input_noref+0x120/0x2e0 [ 337.083415][ T8934] ? __pfx_ip_route_input_noref+0x10/0x10 [ 337.083429][ T8934] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 337.083444][ T8934] ip_rcv_finish_core+0x46f/0x2290 [ 337.083460][ T8934] ip_rcv+0x1c0/0x600 [ 337.083473][ T8934] ? __pfx_ip_rcv+0x10/0x10 [ 337.083484][ T8934] __netif_receive_skb_one_core+0x197/0x1e0 [ 337.083498][ T8934] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 337.083509][ T8934] ? lock_acquire+0x179/0x350 [ 337.083525][ T8934] ? __phys_addr+0xe8/0x180 [ 337.083538][ T8934] __netif_receive_skb+0x1d/0x160 [ 337.083549][ T8934] netif_receive_skb+0x137/0x7b0 [ 337.083559][ T8934] ? __pfx_netif_receive_skb+0x10/0x10 [ 337.083575][ T8934] tun_rx_batched.isra.0+0x3ee/0x740 [ 337.083592][ T8934] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 337.083610][ T8934] ? tun_get_user+0x1ded/0x3cc0 [ 337.083624][ T8934] ? rcu_is_watching+0x12/0xc0 [ 337.083637][ T8934] tun_get_user+0x28b2/0x3cc0 [ 337.083658][ T8934] ? __pfx_tun_get_user+0x10/0x10 [ 337.083674][ T8934] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 337.083698][ T8934] ? find_held_lock+0x2b/0x80 [ 337.083709][ T8934] ? tun_get+0x191/0x370 [ 337.083726][ T8934] tun_chr_write_iter+0xdc/0x210 [ 337.083742][ T8934] vfs_write+0x7d3/0x11d0 [ 337.083756][ T8934] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 337.083773][ T8934] ? __pfx_vfs_write+0x10/0x10 [ 337.083785][ T8934] ? find_held_lock+0x2b/0x80 [ 337.083803][ T8934] ksys_write+0x12a/0x250 [ 337.083816][ T8934] ? __pfx_ksys_write+0x10/0x10 [ 337.083833][ T8934] do_syscall_64+0xcd/0xfa0 [ 337.083847][ T8934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.083858][ T8934] RIP: 0033:0x7f495d78d97f [ 337.083868][ T8934] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 337.083878][ T8934] RSP: 002b:00007f495e666000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 337.083889][ T8934] RAX: ffffffffffffffda RBX: 00007f495d9e5fa0 RCX: 00007f495d78d97f [ 337.083896][ T8934] RDX: 0000000000000036 RSI: 0000200000000240 RDI: 00000000000000c8 [ 337.083902][ T8934] RBP: 00007f495e666090 R08: 0000000000000000 R09: 0000000000000000 [ 337.083908][ T8934] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000001 [ 337.083914][ T8934] R13: 00007f495d9e6038 R14: 00007f495d9e5fa0 R15: 00007ffc806244d8 [ 337.083928][ T8934] [ 337.407784][ C1] vkms_vblank_simulate: vblank timer overrun [ 337.691591][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 337.750188][ T5868] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 338.320163][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 338.329654][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 338.375738][ T8943] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 338.400230][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 340.499709][ T30] kauditd_printk_skb: 174 callbacks suppressed [ 340.499729][ T30] audit: type=1400 audit(1760675939.603:9905): avc: denied { ioctl } for pid=8935 comm="syz.2.770" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 340.611476][ T30] audit: type=1400 audit(1760675939.713:9906): avc: denied { read write } for pid=5818 comm="syz-executor" name="loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 340.642919][ T30] audit: type=1400 audit(1760675939.743:9907): avc: denied { open } for pid=5818 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 340.668305][ T30] audit: type=1400 audit(1760675939.743:9908): avc: denied { ioctl } for pid=5818 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=651 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 340.699084][ T30] audit: type=1326 audit(1760675939.823:9909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8939 comm="syz.3.771" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4979b8eec9 code=0x0 [ 340.728863][ T5868] usb 3-1: unable to read config index 0 descriptor/all [ 340.736371][ T30] audit: type=1400 audit(1760675939.863:9910): avc: denied { prog_load } for pid=8946 comm="syz.4.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 340.761848][ T30] audit: type=1400 audit(1760675939.863:9911): avc: denied { bpf } for pid=8946 comm="syz.4.773" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 340.783842][ T5868] usb 3-1: can't read configurations, error -71 [ 340.820162][ T30] audit: type=1400 audit(1760675939.863:9912): avc: denied { read write } for pid=5823 comm="syz-executor" name="loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 340.845255][ T30] audit: type=1400 audit(1760675939.893:9913): avc: denied { read write open } for pid=5823 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 340.897319][ T30] audit: type=1400 audit(1760675939.893:9914): avc: denied { ioctl } for pid=5823 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 340.975374][ T8952] batadv_slave_1: entered promiscuous mode [ 341.107874][ T8952] veth0: entered promiscuous mode [ 341.156799][ T847] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 341.159700][ T8951] veth0: left promiscuous mode [ 341.295001][ T8951] batadv_slave_1: left promiscuous mode [ 341.443924][ T847] usb 5-1: Using ep0 maxpacket: 8 [ 341.477358][ T847] usb 5-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30 [ 341.500165][ T847] usb 5-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 341.520404][ T847] usb 5-1: config 0 interface 0 has no altsetting 0 [ 341.527051][ T847] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c07, bcdDevice= 0.00 [ 341.540073][ T847] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.592335][ T847] usb 5-1: config 0 descriptor?? [ 341.650140][ T5868] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 341.680312][ T3088] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 341.890129][ T3088] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 341.900357][ T5868] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 341.903645][ T3088] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 341.920318][ T5868] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1 [ 341.921187][ T3088] usb 2-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 342.020777][ T5868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10 [ 342.029948][ T3088] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.033803][ T5868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 342.050660][ T5868] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 342.074759][ T5868] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 342.085331][ T3088] usb 2-1: config 0 descriptor?? [ 342.158031][ T5868] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 342.167495][ T847] corsair-psu 0003:1B1C:1C07.000E: unknown main item tag 0x1 [ 342.180131][ T847] corsair-psu 0003:1B1C:1C07.000E: item fetching failed at offset 3/5 [ 342.202524][ T847] corsair-psu 0003:1B1C:1C07.000E: probe with driver corsair-psu failed with error -22 [ 342.213146][ T5868] usb 3-1: Manufacturer: syz [ 342.226188][ T5868] usb 3-1: config 0 descriptor?? [ 342.370281][ T5896] usb 5-1: USB disconnect, device number 14 [ 342.396620][ T3088] usb 2-1: string descriptor 0 read error: -71 [ 342.551844][ T3088] usb 2-1: USB disconnect, device number 9 [ 342.903784][ T847] usb 3-1: USB disconnect, device number 12 [ 344.670309][ T5896] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 344.840742][ T5896] usb 1-1: Using ep0 maxpacket: 32 [ 344.850447][ T5896] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 344.889530][ T5896] usb 1-1: config 0 has no interface number 0 [ 344.906381][ T5896] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 344.920689][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.936082][ T5896] usb 1-1: Product: syz [ 344.947007][ T5896] usb 1-1: Manufacturer: syz [ 344.958841][ T5896] usb 1-1: SerialNumber: syz [ 344.976307][ T5896] usb 1-1: config 0 descriptor?? [ 345.003927][ T5896] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 345.467014][ T9012] kAFS: No cell specified [ 345.500249][ T30] kauditd_printk_skb: 258 callbacks suppressed [ 345.500290][ T30] audit: type=1400 audit(1760675944.633:10173): avc: denied { mounton } for pid=9006 comm="syz.4.790" path="/154/bus" dev="tmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 346.240565][ T30] audit: type=1400 audit(1760675944.683:10174): avc: denied { unlink } for pid=9006 comm="syz.4.790" name="#2b" dev="tmpfs" ino=837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 346.280105][ T30] audit: type=1400 audit(1760675944.703:10175): avc: denied { mount } for pid=9006 comm="syz.4.790" name="/" dev="overlay" ino=832 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 346.310201][ T30] audit: type=1400 audit(1760675944.753:10176): avc: denied { read } for pid=9006 comm="syz.4.790" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 346.338742][ T9016] gfs2: error -5 reading superblock [ 346.344102][ T30] audit: type=1400 audit(1760675944.753:10177): avc: denied { open } for pid=9006 comm="syz.4.790" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 346.377523][ T30] audit: type=1400 audit(1760675944.763:10178): avc: denied { ioctl } for pid=9006 comm="syz.4.790" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 346.493665][ T30] audit: type=1400 audit(1760675945.403:10179): avc: denied { read } for pid=9011 comm="syz.1.791" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 346.520362][ T30] audit: type=1400 audit(1760675945.403:10180): avc: denied { read open } for pid=9011 comm="syz.1.791" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 346.547991][ T30] audit: type=1400 audit(1760675945.473:10181): avc: denied { mounton } for pid=9011 comm="syz.1.791" path="/syzcgroup/unified/syz1" dev="cgroup2" ino=68 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 346.580340][ T30] audit: type=1400 audit(1760675945.603:10182): avc: denied { read write } for pid=5813 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 347.035618][ T9031] netlink: 8 bytes leftover after parsing attributes in process `syz.4.794'. [ 347.709966][ T5896] usb 1-1: qt2_attach - failed to power on unit: -71 [ 347.785580][ T5896] quatech2 1-1:0.51: probe with driver quatech2 failed with error -71 [ 348.147592][ T5896] usb 1-1: USB disconnect, device number 20 [ 348.315873][ T9047] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 348.323231][ T9047] IPv6: NLM_F_CREATE should be set when creating new route [ 348.430140][ T5868] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 348.629520][ T9051] netlink: 24 bytes leftover after parsing attributes in process `syz.4.802'. [ 348.632680][ T5868] usb 3-1: config 5 has an invalid interface number: 45 but max is 2 [ 348.656333][ T5868] usb 3-1: config 5 has an invalid interface number: 130 but max is 2 [ 348.682835][ T5868] usb 3-1: config 5 has an invalid descriptor of length 214, skipping remainder of the config [ 348.702508][ T5868] usb 3-1: config 5 has 2 interfaces, different from the descriptor's value: 3 [ 348.737020][ T5868] usb 3-1: config 5 has no interface number 0 [ 348.745780][ T5868] usb 3-1: config 5 has no interface number 1 [ 348.786060][ T5868] usb 3-1: config 5 interface 45 altsetting 1 endpoint 0x5 has invalid maxpacket 512, setting to 64 [ 348.797369][ T5868] usb 3-1: config 5 interface 45 altsetting 1 has a duplicate endpoint with address 0x8, skipping [ 348.810041][ T5868] usb 3-1: config 5 interface 45 altsetting 1 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 348.821562][ T5868] usb 3-1: config 5 interface 45 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 348.927861][ T5868] usb 3-1: config 5 interface 45 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 8 [ 348.939007][ T5868] usb 3-1: config 5 interface 45 altsetting 1 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 348.951533][ T5868] usb 3-1: config 5 interface 45 altsetting 1 has an endpoint descriptor with address 0x24, changing to 0x4 [ 348.970430][ T5868] usb 3-1: config 5 interface 45 altsetting 1 bulk endpoint 0xA has invalid maxpacket 16 [ 348.984979][ T5868] usb 3-1: config 5 interface 130 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 349.493422][ T9058] gfs2: error -5 reading superblock [ 349.607915][ T5868] usb 3-1: config 5 interface 45 has no altsetting 0 [ 349.625045][ T5868] usb 3-1: config 5 interface 130 has no altsetting 0 [ 349.652960][ T5868] usb 3-1: New USB device found, idVendor=19d2, idProduct=ff4d, bcdDevice=c1.ec [ 349.664757][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.730581][ T5868] usb 3-1: Product: syz [ 349.734773][ T5868] usb 3-1: Manufacturer: Ð [ 349.748047][ T5868] usb 3-1: SerialNumber: syz [ 349.762654][ T9038] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 349.772060][ T9038] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 349.992123][ T9038] netlink: 3 bytes leftover after parsing attributes in process `syz.2.799'. [ 350.410714][ T9069] netlink: 8 bytes leftover after parsing attributes in process `syz.4.808'. [ 350.811623][ T30] kauditd_printk_skb: 174 callbacks suppressed [ 350.811640][ T30] audit: type=1400 audit(1760675949.183:10357): avc: denied { execmem } for pid=9063 comm="syz.4.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 350.871754][ T5868] option 3-1:5.45: GSM modem (1-port) converter detected [ 350.921234][ T30] audit: type=1400 audit(1760675949.373:10358): avc: denied { allowed } for pid=9059 comm="syz.0.805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 350.983853][ T30] audit: type=1400 audit(1760675949.373:10359): avc: denied { create } for pid=9059 comm="syz.0.805" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 351.006400][ T30] audit: type=1400 audit(1760675949.373:10360): avc: denied { map } for pid=9059 comm="syz.0.805" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=22832 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 351.015972][ T5868] usb 3-1: USB disconnect, device number 13 [ 351.060107][ T30] audit: type=1400 audit(1760675949.373:10361): avc: denied { read write } for pid=9059 comm="syz.0.805" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=22832 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 351.142321][ T30] audit: type=1400 audit(1760675949.393:10362): avc: denied { read write } for pid=9059 comm="syz.0.805" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 351.184213][ T5868] option 3-1:5.45: device disconnected [ 351.414778][ T30] audit: type=1400 audit(1760675949.393:10363): avc: denied { open } for pid=9059 comm="syz.0.805" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 351.448202][ T30] audit: type=1400 audit(1760675949.493:10364): avc: denied { create } for pid=9063 comm="syz.4.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 351.712431][ T30] audit: type=1400 audit(1760675949.503:10365): avc: denied { getopt } for pid=9063 comm="syz.4.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 351.847224][ T5813] audit: audit_backlog=65 > audit_backlog_limit=64 [ 352.360465][ T3088] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 352.940326][ T3088] usb 5-1: Using ep0 maxpacket: 8 [ 352.956364][ T3088] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 352.983291][ T3088] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 352.997436][ T3088] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 353.017615][ T3088] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 353.175962][ T3088] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 353.954162][ T3088] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.042802][ T3088] hub 5-1:1.0: bad descriptor, ignoring hub [ 354.048751][ T3088] hub 5-1:1.0: probe with driver hub failed with error -5 [ 354.140742][ T3088] cdc_wdm 5-1:1.0: skipping garbage [ 354.146023][ T3088] cdc_wdm 5-1:1.0: skipping garbage [ 354.209050][ T3088] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 354.247728][ T3088] cdc_wdm 5-1:1.0: Unknown control protocol [ 354.334649][ T3088] usb 5-1: USB disconnect, device number 15 [ 355.168378][ T9112] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=9112 comm=syz.3.819 [ 355.885047][ T30] kauditd_printk_skb: 202 callbacks suppressed [ 355.885063][ T30] audit: type=1400 audit(1760675955.023:10563): avc: denied { read write } for pid=5808 comm="syz-executor" name="loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 355.940257][ T30] audit: type=1400 audit(1760675955.023:10564): avc: denied { open } for pid=5808 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 355.967091][ T30] audit: type=1400 audit(1760675955.023:10565): avc: denied { ioctl } for pid=5808 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 355.994816][ T30] audit: type=1400 audit(1760675955.063:10566): avc: denied { read write } for pid=5813 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 356.019457][ T30] audit: type=1400 audit(1760675955.063:10567): avc: denied { open } for pid=5813 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 356.649496][ T9125] FAULT_INJECTION: forcing a failure. [ 356.649496][ T9125] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 356.664546][ T9125] CPU: 1 UID: 0 PID: 9125 Comm: syz.0.821 Not tainted syzkaller #0 PREEMPT(full) [ 356.664572][ T9125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 356.664583][ T9125] Call Trace: [ 356.664589][ T9125] [ 356.664595][ T9125] dump_stack_lvl+0x16c/0x1f0 [ 356.664622][ T9125] should_fail_ex+0x512/0x640 [ 356.664649][ T9125] _copy_to_user+0x32/0xd0 [ 356.664673][ T9125] simple_read_from_buffer+0xcb/0x170 [ 356.664697][ T9125] proc_fail_nth_read+0x197/0x240 [ 356.664723][ T9125] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 356.664748][ T9125] ? rw_verify_area+0xcf/0x6c0 [ 356.664767][ T9125] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 356.664792][ T9125] vfs_read+0x1e4/0xcf0 [ 356.664815][ T9125] ? __pfx___mutex_lock+0x10/0x10 [ 356.664837][ T9125] ? __pfx_vfs_read+0x10/0x10 [ 356.664865][ T9125] ? __fget_files+0x20e/0x3c0 [ 356.664895][ T9125] ksys_read+0x12a/0x250 [ 356.664914][ T9125] ? __pfx_ksys_read+0x10/0x10 [ 356.664942][ T9125] do_syscall_64+0xcd/0xfa0 [ 356.664964][ T9125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.664981][ T9125] RIP: 0033:0x7f2fc4d8d8dc [ 356.664995][ T9125] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 356.665010][ T9125] RSP: 002b:00007f2fc5c72030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 356.665026][ T9125] RAX: ffffffffffffffda RBX: 00007f2fc4fe6180 RCX: 00007f2fc4d8d8dc [ 356.665037][ T9125] RDX: 000000000000000f RSI: 00007f2fc5c720a0 RDI: 0000000000000004 [ 356.665047][ T9125] RBP: 00007f2fc5c72090 R08: 0000000000000000 R09: 0000000000000000 [ 356.665056][ T9125] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 356.665065][ T9125] R13: 00007f2fc4fe6218 R14: 00007f2fc4fe6180 R15: 00007ffca2b56468 [ 356.665091][ T9125] [ 356.666942][ T30] audit: type=1400 audit(1760675955.063:10568): avc: denied { ioctl } for pid=5813 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 357.508467][ T30] audit: type=1400 audit(1760675955.103:10569): avc: denied { prog_load } for pid=9115 comm="syz.3.822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 357.528343][ T30] audit: type=1400 audit(1760675955.103:10570): avc: denied { bpf } for pid=9115 comm="syz.3.822" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 357.573828][ T30] audit: type=1400 audit(1760675955.133:10571): avc: denied { execmem } for pid=9115 comm="syz.3.822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 357.599537][ T30] audit: type=1400 audit(1760675955.273:10572): avc: denied { read write } for pid=5823 comm="syz-executor" name="loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 358.173570][ T9144] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 358.270310][ T5896] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 358.440070][ T5896] usb 1-1: Using ep0 maxpacket: 32 [ 359.052380][ T5896] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 359.060547][ T5896] usb 1-1: config 0 has no interface number 0 [ 359.103783][ T5896] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 359.113255][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.121397][ T5896] usb 1-1: Product: syz [ 359.126902][ T5896] usb 1-1: Manufacturer: syz [ 359.131747][ T5896] usb 1-1: SerialNumber: syz [ 359.142227][ T5896] usb 1-1: config 0 descriptor?? [ 359.151070][ T5896] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 359.452739][ T9158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.829'. [ 359.881075][ T5896] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 359.919102][ T5896] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 360.157928][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 360.169105][ T5896] usb 1-1: USB disconnect, device number 21 [ 360.187061][ T5896] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 360.220098][ T10] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 360.244610][ T5896] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 360.302851][ T5896] quatech2 1-1:0.51: device disconnected [ 360.380504][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 360.407969][ T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 360.425228][ T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 360.437763][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 360.449785][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 360.462317][ T10] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 360.472407][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.514067][ T10] hub 3-1:1.0: bad descriptor, ignoring hub [ 360.540067][ T5923] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 360.544565][ T10] hub 3-1:1.0: probe with driver hub failed with error -5 [ 360.588802][ T10] cdc_wdm 3-1:1.0: skipping garbage [ 360.610536][ T10] cdc_wdm 3-1:1.0: skipping garbage [ 360.705299][ T10] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 360.742160][ T10] cdc_wdm 3-1:1.0: Unknown control protocol [ 360.924952][ T9161] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 360.947546][ T30] kauditd_printk_skb: 222 callbacks suppressed [ 360.947591][ T30] audit: type=1400 audit(1760675960.003:10795): avc: denied { read write } for pid=9159 comm="syz.2.830" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 361.025098][ T9161] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 361.145916][ T30] audit: type=1400 audit(1760675960.033:10796): avc: denied { open } for pid=9159 comm="syz.2.830" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 361.310169][ T30] audit: type=1400 audit(1760675960.043:10797): avc: denied { ioctl } for pid=9159 comm="syz.2.830" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 361.360518][ T30] audit: type=1400 audit(1760675960.323:10798): avc: denied { read write } for pid=5808 comm="syz-executor" name="loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 361.390346][ T5923] usb 4-1: device descriptor read/64, error -71 [ 361.451096][ T30] audit: type=1400 audit(1760675960.323:10799): avc: denied { open } for pid=5808 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 361.475562][ T30] audit: type=1400 audit(1760675960.323:10800): avc: denied { ioctl } for pid=5808 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 361.501864][ T30] audit: type=1400 audit(1760675960.373:10801): avc: denied { ioctl } for pid=9162 comm="syz.3.831" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 361.527390][ T10] usb 3-1: USB disconnect, device number 14 [ 361.660490][ T5923] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 362.270117][ T30] audit: type=1400 audit(1760675960.443:10802): avc: denied { ioctl } for pid=9162 comm="syz.3.831" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 362.295448][ T30] audit: type=1400 audit(1760675960.663:10803): avc: denied { ioctl } for pid=9162 comm="syz.3.831" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 362.330098][ T30] audit: type=1400 audit(1760675960.733:10804): avc: denied { allowed } for pid=9170 comm="syz.0.833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 362.530372][ T5923] usb 4-1: device descriptor read/64, error -71 [ 362.648333][ T5923] usb usb4-port1: attempt power cycle [ 363.190478][ T5923] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 363.394641][ T5923] usb 4-1: device descriptor read/8, error -71 [ 363.484475][ T9181] netlink: 68 bytes leftover after parsing attributes in process `syz.0.836'. [ 363.644593][ T9181] netlink: 56 bytes leftover after parsing attributes in process `syz.0.836'. [ 363.766795][ T9195] random: crng reseeded on system resumption [ 364.420765][ T9195] netlink: 16 bytes leftover after parsing attributes in process `syz.2.840'. [ 364.430711][ T9202] bridge4: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 364.657630][ T9209] netlink: 'syz.3.843': attribute type 1 has an invalid length. [ 364.769908][ T9209] 8021q: adding VLAN 0 to HW filter on device bond1 [ 364.904751][ T9215] netlink: 4 bytes leftover after parsing attributes in process `syz.3.843'. [ 365.430118][ T3088] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 365.590371][ T3088] usb 2-1: Using ep0 maxpacket: 8 [ 365.598389][ T3088] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 365.608821][ T3088] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 365.619469][ T3088] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 365.776920][ T3088] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 365.795938][ T3088] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 365.805253][ T3088] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.871915][ T3088] hub 2-1:1.0: bad descriptor, ignoring hub [ 365.880101][ T5923] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 365.892369][ T9215] bond1 (unregistering): Released all slaves [ 365.955062][ T3088] hub 2-1:1.0: probe with driver hub failed with error -5 [ 365.964384][ T30] kauditd_printk_skb: 266 callbacks suppressed [ 365.964399][ T30] audit: type=1400 audit(1760675965.103:11071): avc: denied { ioctl } for pid=9224 comm="syz.2.848" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 365.970954][ T9233] netlink: 'syz.0.849': attribute type 29 has an invalid length. [ 366.036115][ T3088] cdc_wdm 2-1:1.0: skipping garbage [ 366.044412][ T3088] cdc_wdm 2-1:1.0: skipping garbage [ 366.116849][ T3088] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 366.151873][ T3088] cdc_wdm 2-1:1.0: Unknown control protocol [ 366.159252][ T9214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 366.170390][ T5923] usb 3-1: device descriptor read/64, error -71 [ 366.202153][ T30] audit: type=1400 audit(1760675965.293:11072): avc: denied { read write } for pid=9211 comm="syz.1.845" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 366.202346][ T9214] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 366.233331][ C1] vkms_vblank_simulate: vblank timer overrun [ 366.341982][ T30] audit: type=1400 audit(1760675965.293:11073): avc: denied { read write open } for pid=9211 comm="syz.1.845" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 366.397200][ T30] audit: type=1400 audit(1760675965.293:11074): avc: denied { ioctl } for pid=9211 comm="syz.1.845" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 366.461012][ T9233] netlink: 'syz.0.849': attribute type 29 has an invalid length. [ 366.510109][ T5923] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 366.529771][ T30] audit: type=1400 audit(1760675965.443:11075): avc: denied { ioctl } for pid=9224 comm="syz.2.848" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 366.571616][ T9233] netlink: 500 bytes leftover after parsing attributes in process `syz.0.849'. [ 366.616194][ T30] audit: type=1400 audit(1760675965.533:11076): avc: denied { ioctl } for pid=9224 comm="syz.2.848" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 366.646166][ T30] audit: type=1400 audit(1760675965.623:11077): avc: denied { read write } for pid=5813 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 366.690223][ T5923] usb 3-1: device descriptor read/64, error -71 [ 366.697227][ T30] audit: type=1400 audit(1760675965.623:11078): avc: denied { read write open } for pid=5813 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 366.856180][ T30] audit: type=1400 audit(1760675965.623:11079): avc: denied { ioctl } for pid=5813 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 366.884627][ T10] usb 2-1: USB disconnect, device number 10 [ 366.901118][ T5923] usb usb3-port1: attempt power cycle [ 366.920472][ T30] audit: type=1400 audit(1760675965.653:11080): avc: denied { ioctl } for pid=9224 comm="syz.2.848" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 366.942151][ T9233] netlink: 56 bytes leftover after parsing attributes in process `syz.0.849'. [ 367.290216][ T5923] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 367.321068][ T5923] usb 3-1: device descriptor read/8, error -71 [ 367.750109][ T5923] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 367.793132][ T5923] usb 3-1: device descriptor read/8, error -71 [ 368.030903][ T5923] usb usb3-port1: unable to enumerate USB device [ 368.606999][ T9255] netlink: 'syz.3.857': attribute type 1 has an invalid length. [ 368.765497][ T9255] 8021q: adding VLAN 0 to HW filter on device bond1 [ 368.815455][ T9260] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 368.822751][ T9260] IPv6: NLM_F_CREATE should be set when creating new route [ 368.851678][ T9263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.857'. [ 369.197277][ T9262] netlink: 'syz.1.860': attribute type 1 has an invalid length. [ 369.258742][ T9267] netlink: 24 bytes leftover after parsing attributes in process `syz.2.861'. [ 369.301196][ T9265] netlink: 4 bytes leftover after parsing attributes in process `syz.1.860'. [ 369.400114][ T847] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 369.573890][ T847] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 369.584260][ T847] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1 [ 369.622003][ T847] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10 [ 369.636689][ T9263] bond1 (unregistering): Released all slaves [ 369.716082][ T847] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 369.738385][ T9262] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR [ 369.743904][ T847] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 369.779631][ T847] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 369.823292][ T847] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 369.852395][ T847] usb 1-1: Manufacturer: syz [ 369.873949][ T847] usb 1-1: config 0 descriptor?? [ 369.932028][ T9280] netlink: 184 bytes leftover after parsing attributes in process `syz.4.863'. [ 370.160426][ T3088] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 370.263656][ T9293] netlink: 4 bytes leftover after parsing attributes in process `syz.4.867'. [ 370.299497][ T9293] team1: entered promiscuous mode [ 370.304743][ T9293] team1: entered allmulticast mode [ 370.325032][ T3088] usb 2-1: Using ep0 maxpacket: 8 [ 370.641765][ T3088] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 370.650418][ T847] usb 1-1: USB disconnect, device number 22 [ 370.651723][ T3088] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 370.699902][ T3088] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 370.759432][ T3088] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 370.796450][ T3088] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 370.812638][ T3088] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.015461][ T30] kauditd_printk_skb: 237 callbacks suppressed [ 371.015477][ T30] audit: type=1400 audit(1760675970.153:11318): avc: denied { write } for pid=9295 comm="syz.4.869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 371.080362][ T3088] usb 2-1: GET_CAPABILITIES returned 0 [ 371.108244][ T3088] usbtmc 2-1:16.0: can't read capabilities [ 371.127079][ T9304] tipc: Can't bind to reserved service type 2 [ 371.618862][ T30] audit: type=1400 audit(1760675970.193:11319): avc: denied { ioctl } for pid=9281 comm="syz.1.864" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 371.901369][ T30] audit: type=1400 audit(1760675970.193:11320): avc: denied { ioctl } for pid=9281 comm="syz.1.864" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 371.994657][ T3088] usb 2-1: USB disconnect, device number 11 [ 372.148337][ T30] audit: type=1400 audit(1760675970.263:11321): avc: denied { create } for pid=9297 comm="syz.3.870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 372.365534][ T30] audit: type=1400 audit(1760675970.263:11322): avc: denied { bind } for pid=9297 comm="syz.3.870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 372.386597][ T30] audit: type=1400 audit(1760675970.283:11323): avc: denied { create } for pid=9297 comm="syz.3.870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 372.407512][ T30] audit: type=1400 audit(1760675970.823:11324): avc: denied { write } for pid=9297 comm="syz.3.870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 372.494680][ T30] audit: type=1400 audit(1760675970.823:11325): avc: denied { nlmsg_write } for pid=9297 comm="syz.3.870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 372.657924][ T30] audit: type=1400 audit(1760675970.823:11326): avc: denied { create } for pid=9281 comm="syz.1.864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 372.691250][ T30] audit: type=1400 audit(1760675970.823:11327): avc: denied { write } for pid=9281 comm="syz.1.864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 372.911350][ T9320] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 375.055194][ T9337] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 375.061517][ T9337] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 375.067594][ T9337] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 375.096588][ T9337] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 375.351216][ T5868] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 375.651243][ T5868] usb 1-1: device descriptor read/64, error -71 [ 375.750200][ T9357] rdma_op ffff88807e2dd1f0 conn xmit_rdma 0000000000000000 [ 376.093238][ T30] kauditd_printk_skb: 174 callbacks suppressed [ 376.093259][ T30] audit: type=1400 audit(1760675975.223:11502): avc: denied { ioctl } for pid=9344 comm="syz.0.880" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 376.151713][ T30] audit: type=1400 audit(1760675975.293:11503): avc: denied { ioctl } for pid=9344 comm="syz.0.880" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 376.255326][ T5868] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 376.272790][ T30] audit: type=1400 audit(1760675975.293:11504): avc: denied { read write } for pid=5823 comm="syz-executor" name="loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 376.378799][ T30] audit: type=1400 audit(1760675975.293:11505): avc: denied { open } for pid=5823 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 376.412877][ T5868] usb 1-1: device descriptor read/64, error -71 [ 376.586168][ T5868] usb usb1-port1: attempt power cycle [ 376.594534][ T30] audit: type=1400 audit(1760675975.293:11506): avc: denied { ioctl } for pid=5823 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 376.875460][ T5812] Bluetooth: hci1: command 0x0c1a tx timeout [ 376.889868][ T30] audit: type=1400 audit(1760675975.403:11507): avc: denied { ioctl } for pid=9344 comm="syz.0.880" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 377.052497][ T30] audit: type=1400 audit(1760675975.413:11508): avc: denied { read write } for pid=5813 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 377.083825][ T9346] audit: audit_backlog=65 > audit_backlog_limit=64 [ 377.092969][ T9377] audit: audit_backlog=65 > audit_backlog_limit=64 [ 377.100152][ T9346] audit: audit_lost=51 audit_rate_limit=0 audit_backlog_limit=64 [ 377.120642][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 377.120867][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 377.160115][ T5868] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 377.180808][ T5868] usb 1-1: device descriptor read/8, error -71 [ 377.230743][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 377.327699][ T9380] netlink: 4 bytes leftover after parsing attributes in process `syz.4.888'. [ 377.660736][ T5868] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 377.691070][ T5868] usb 1-1: device descriptor read/8, error -71 [ 377.810456][ T5868] usb usb1-port1: unable to enumerate USB device [ 378.084448][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.090931][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.581884][ T5868] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 378.605623][ T9394] netlink: zone id is out of range [ 378.615911][ T9394] netlink: zone id is out of range [ 378.650205][ T9394] netlink: zone id is out of range [ 378.656906][ T9394] netlink: zone id is out of range [ 378.871938][ T5868] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 378.889109][ T5868] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1 [ 378.920092][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10 [ 378.934489][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 378.944292][ T5868] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 378.961288][ T5868] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 379.033850][ T5868] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 379.042056][ T5868] usb 4-1: Manufacturer: syz [ 379.051995][ T5868] usb 4-1: config 0 descriptor?? [ 380.217516][ T5889] usb 4-1: USB disconnect, device number 24 [ 381.117976][ T30] kauditd_printk_skb: 206 callbacks suppressed [ 381.117989][ T30] audit: type=1400 audit(1760675980.253:11697): avc: denied { create } for pid=9403 comm="syz.4.896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 381.232413][ T30] audit: type=1400 audit(1760675980.283:11698): avc: denied { create } for pid=9407 comm="syz.0.897" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 381.360623][ T30] audit: type=1400 audit(1760675980.293:11699): avc: denied { read write } for pid=5813 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 381.427241][ T9405] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 381.440295][ T9405] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 381.442888][ T30] audit: type=1400 audit(1760675980.293:11700): avc: denied { open } for pid=5813 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 381.487331][ T9405] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 381.519433][ T9405] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 382.400374][ T5889] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 382.438827][ T30] audit: type=1400 audit(1760675980.313:11702): avc: denied { create } for pid=9407 comm="syz.0.897" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 382.459386][ T30] audit: type=1400 audit(1760675980.293:11701): avc: denied { ioctl } for pid=5813 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 382.486656][ T30] audit: type=1400 audit(1760675980.323:11703): avc: denied { create } for pid=9407 comm="syz.0.897" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 382.506463][ T30] audit: type=1400 audit(1760675980.333:11704): avc: denied { prog_load } for pid=9407 comm="syz.0.897" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 382.530097][ T30] audit: type=1400 audit(1760675980.333:11705): avc: denied { bpf } for pid=9407 comm="syz.0.897" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 382.551834][ T30] audit: type=1400 audit(1760675980.343:11706): avc: denied { setopt } for pid=9407 comm="syz.0.897" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 382.601802][ T5889] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 382.654598][ T5889] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1 [ 382.717626][ T5889] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10 [ 382.797016][ T5889] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 382.916852][ T5889] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 382.960774][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 382.969849][ T5889] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 382.979549][ T5889] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 382.989863][ T5889] usb 4-1: Manufacturer: syz [ 382.998614][ T5889] usb 4-1: config 0 descriptor?? [ 383.121718][ T3611] tipc: Subscription rejected, illegal request [ 383.204730][ T9436] netlink: 64 bytes leftover after parsing attributes in process `syz.0.904'. [ 383.358490][ T9432] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 383.376957][ T5868] usb 4-1: USB disconnect, device number 25 [ 383.532477][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 383.532486][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout [ 383.532561][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 384.040725][ T9444] bridge5: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 384.359219][ T9441] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 385.136338][ T9441] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 385.146628][ T9441] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 385.165877][ T9441] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 385.930116][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 386.241095][ T30] kauditd_printk_skb: 221 callbacks suppressed [ 386.241127][ T30] audit: type=1400 audit(1760675985.353:11928): avc: denied { name_bind } for pid=9460 comm="syz.1.913" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 386.745831][ T30] audit: type=1400 audit(1760675985.363:11929): avc: denied { create } for pid=9459 comm="syz.0.912" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 386.799472][ T30] audit: type=1400 audit(1760675985.363:11930): avc: denied { setopt } for pid=9459 comm="syz.0.912" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 386.821066][ T30] audit: type=1400 audit(1760675985.373:11931): avc: denied { write } for pid=9459 comm="syz.0.912" name="mcfilter" dev="proc" ino=4026533184 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 386.900186][ T5889] usb 5-1: new low-speed USB device number 16 using dummy_hcd [ 386.923564][ T30] audit: type=1400 audit(1760675985.373:11932): avc: denied { write } for pid=9459 comm="syz.0.912" path="/proc/583/net/mcfilter" dev="proc" ino=4026533184 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 387.210906][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 387.217121][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 387.223620][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 387.352792][ T30] audit: type=1400 audit(1760675985.413:11933): avc: denied { node_bind } for pid=9460 comm="syz.1.913" saddr=::ffff:172.20.20.11 src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 387.377126][ T30] audit: type=1400 audit(1760675985.713:11934): avc: denied { read write } for pid=5808 comm="syz-executor" name="loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 387.525724][ T9478] gfs2: error -5 reading superblock [ 387.543499][ T30] audit: type=1400 audit(1760675985.713:11935): avc: denied { open } for pid=5808 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 387.568252][ T30] audit: type=1400 audit(1760675985.713:11936): avc: denied { ioctl } for pid=5808 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 387.840291][ T30] audit: type=1400 audit(1760675985.723:11937): avc: denied { read write } for pid=9466 comm="syz.4.914" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 387.880840][ T5889] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 387.900488][ T5889] usb 5-1: config 0 has no interface number 0 [ 387.914090][ T5889] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 387.938061][ T5889] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 387.960095][ T5889] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 387.973184][ T9477] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 387.990138][ T5889] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 388.010715][ T5889] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 388.022537][ T9477] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 388.041725][ T5889] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 388.041753][ T9477] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 388.060726][ T5889] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 388.061200][ T9477] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 388.209768][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.279581][ T9484] netlink: 64 bytes leftover after parsing attributes in process `syz.1.918'. [ 388.423578][ T5889] usb 5-1: config 0 descriptor?? [ 388.436757][ T9467] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 388.446155][ T9467] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 388.473753][ T5889] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 388.865117][ T5889] usb 5-1: USB disconnect, device number 16 [ 388.871120][ C1] ldusb 5-1:0.55: usb_submit_urb failed (-19) [ 388.900081][ T847] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 388.915247][ T5889] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 389.062595][ T847] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 389.120922][ T847] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1 [ 389.177167][ T3088] kernel read not supported for file /usbmon0 (pid: 3088 comm: kworker/1:2) [ 389.197160][ T9493] ldusb: No device or device unplugged -19 [ 389.197723][ T847] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10 [ 389.220671][ T847] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 389.231433][ T847] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 389.246270][ T847] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 389.311008][ T847] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 389.319094][ T847] usb 3-1: Manufacturer: syz [ 389.338257][ T847] usb 3-1: config 0 descriptor?? [ 389.563539][ T3088] usb 3-1: USB disconnect, device number 19 [ 389.865004][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout [ 390.090241][ T5826] Bluetooth: hci4: command 0x0c1a tx timeout [ 390.090271][ T5812] Bluetooth: hci3: command 0x0c1a tx timeout [ 390.102401][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 390.543844][ T9508] FAULT_INJECTION: forcing a failure. [ 390.543844][ T9508] name failslab, interval 1, probability 0, space 0, times 0 [ 390.556977][ T9508] CPU: 0 UID: 0 PID: 9508 Comm: syz.3.925 Not tainted syzkaller #0 PREEMPT(full) [ 390.557000][ T9508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 390.557008][ T9508] Call Trace: [ 390.557012][ T9508] [ 390.557016][ T9508] dump_stack_lvl+0x16c/0x1f0 [ 390.557034][ T9508] should_fail_ex+0x512/0x640 [ 390.557048][ T9508] ? __kmalloc_noprof+0xca/0x880 [ 390.557061][ T9508] should_failslab+0xc2/0x120 [ 390.557077][ T9508] __kmalloc_noprof+0xdd/0x880 [ 390.557089][ T9508] ? io_cache_alloc_new+0x45/0xf0 [ 390.557107][ T9508] ? io_cache_alloc_new+0x45/0xf0 [ 390.557120][ T9508] io_cache_alloc_new+0x45/0xf0 [ 390.557135][ T9508] __io_prep_rw+0x21d/0x1090 [ 390.557145][ T9508] ? find_held_lock+0x2b/0x80 [ 390.557156][ T9508] ? __pfx___io_prep_rw+0x10/0x10 [ 390.557164][ T9508] ? __io_alloc_req_refill+0x18f/0x5e0 [ 390.557184][ T9508] ? __io_alloc_req_refill+0x33a/0x5e0 [ 390.557202][ T9508] io_prep_rw+0x76/0x2c0 [ 390.557211][ T9508] ? __pfx_io_prep_rw+0x10/0x10 [ 390.557225][ T9508] io_prep_readv+0x20/0xa0 [ 390.557236][ T9508] io_submit_sqes+0x855/0x2710 [ 390.557255][ T9508] __do_sys_io_uring_enter+0xd69/0x1630 [ 390.557270][ T9508] ? __fget_files+0x20e/0x3c0 [ 390.557285][ T9508] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 390.557298][ T9508] ? fput+0x9b/0xd0 [ 390.557308][ T9508] ? ksys_write+0x1ac/0x250 [ 390.557321][ T9508] ? __pfx_ksys_write+0x10/0x10 [ 390.557338][ T9508] do_syscall_64+0xcd/0xfa0 [ 390.557352][ T9508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.557365][ T9508] RIP: 0033:0x7f4979b8eec9 [ 390.557374][ T9508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 390.557385][ T9508] RSP: 002b:00007f497aa3e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 390.557396][ T9508] RAX: ffffffffffffffda RBX: 00007f4979de6090 RCX: 00007f4979b8eec9 [ 390.557402][ T9508] RDX: 0000000000000000 RSI: 00000000000847ba RDI: 0000000000000007 [ 390.557408][ T9508] RBP: 00007f497aa3e090 R08: 0000000000000000 R09: 0000000000000000 [ 390.557414][ T9508] R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000001 [ 390.557420][ T9508] R13: 00007f4979de6128 R14: 00007f4979de6090 R15: 00007ffd9b899558 [ 390.557434][ T9508] [ 391.259562][ T30] kauditd_printk_skb: 208 callbacks suppressed [ 391.259578][ T30] audit: type=1400 audit(1760675990.393:12146): avc: denied { prog_load } for pid=9520 comm="syz.4.929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 391.291285][ T30] audit: type=1400 audit(1760675990.393:12147): avc: denied { bpf } for pid=9520 comm="syz.4.929" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 391.312972][ T30] audit: type=1400 audit(1760675990.393:12148): avc: denied { perfmon } for pid=9520 comm="syz.4.929" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 391.454362][ T30] audit: type=1400 audit(1760675990.393:12149): avc: denied { prog_run } for pid=9520 comm="syz.4.929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 391.475894][ T30] audit: type=1400 audit(1760675990.453:12150): avc: denied { read write } for pid=5808 comm="syz-executor" name="loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 391.956275][ T30] audit: type=1400 audit(1760675990.453:12151): avc: denied { open } for pid=5808 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 391.981196][ T30] audit: type=1400 audit(1760675990.453:12152): avc: denied { ioctl } for pid=5808 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 391.981587][ T9514] netlink: 16 bytes leftover after parsing attributes in process `syz.1.926'. [ 392.008756][ T30] audit: type=1400 audit(1760675990.453:12153): avc: denied { create } for pid=9509 comm="syz.1.926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 392.033034][ T9511] input: syz0 as /devices/virtual/input/input21 [ 392.081325][ T30] audit: type=1400 audit(1760675990.483:12154): avc: denied { write } for pid=9509 comm="syz.1.926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 392.104925][ T30] audit: type=1400 audit(1760675990.483:12155): avc: denied { read } for pid=9509 comm="syz.1.926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 392.242799][ T9534] gfs2: error -5 reading superblock [ 392.326807][ T9535] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=257 sclass=netlink_route_socket pid=9535 comm=syz.2.932 [ 393.671572][ T9545] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 393.680197][ T9545] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 393.693751][ T9545] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 393.742297][ T9545] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 394.212202][ T5868] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 394.274032][ T9565] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 394.430139][ T5868] usb 5-1: Using ep0 maxpacket: 8 [ 394.451304][ T5868] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 394.479403][ T5868] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 394.689019][ T5868] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.704629][ T5868] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 394.745451][ T5868] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 394.754704][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.803612][ T5868] hub 5-1:1.0: bad descriptor, ignoring hub [ 394.838809][ T5868] hub 5-1:1.0: probe with driver hub failed with error -5 [ 394.859701][ T5868] cdc_wdm 5-1:1.0: skipping garbage [ 394.866032][ T5868] cdc_wdm 5-1:1.0: skipping garbage [ 394.878883][ T5868] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 394.893414][ T5868] cdc_wdm 5-1:1.0: Unknown control protocol [ 395.064714][ T9551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 395.094171][ T9551] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 395.135146][ T9549] cdc_wdm 5-1:1.0: Error submitting int urb - -90 [ 395.147227][ T5868] usb 5-1: USB disconnect, device number 17 [ 395.520348][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 395.637137][ T9585] FAULT_INJECTION: forcing a failure. [ 395.637137][ T9585] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 395.650645][ T9585] CPU: 1 UID: 0 PID: 9585 Comm: syz.3.944 Not tainted syzkaller #0 PREEMPT(full) [ 395.650668][ T9585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 395.650678][ T9585] Call Trace: [ 395.650684][ T9585] [ 395.650691][ T9585] dump_stack_lvl+0x16c/0x1f0 [ 395.650717][ T9585] should_fail_ex+0x512/0x640 [ 395.650742][ T9585] _copy_from_user+0x2e/0xd0 [ 395.650766][ T9585] vt_ioctl+0x299d/0x30a0 [ 395.650785][ T9585] ? __pfx___schedule+0x10/0x10 [ 395.650808][ T9585] ? __pfx_vt_ioctl+0x10/0x10 [ 395.650841][ T9585] ? rcu_is_watching+0x12/0xc0 [ 395.650858][ T9585] ? irqentry_exit+0x3b/0x90 [ 395.650878][ T9585] ? lockdep_hardirqs_on+0x7c/0x110 [ 395.650904][ T9585] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 395.650934][ T9585] ? tty_jobctrl_ioctl+0x152/0xe00 [ 395.650955][ T9585] ? __pfx_vt_ioctl+0x10/0x10 [ 395.650973][ T9585] tty_ioctl+0x661/0x1680 [ 395.651000][ T9585] ? __pfx_tty_ioctl+0x10/0x10 [ 395.651024][ T9585] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 395.651067][ T9585] ? selinux_file_ioctl+0x180/0x270 [ 395.651088][ T9585] ? selinux_file_ioctl+0xb4/0x270 [ 395.651112][ T9585] ? __pfx_tty_ioctl+0x10/0x10 [ 395.651138][ T9585] __x64_sys_ioctl+0x18e/0x210 [ 395.651161][ T9585] do_syscall_64+0xcd/0xfa0 [ 395.651183][ T9585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.651201][ T9585] RIP: 0033:0x7f4979b8eec9 [ 395.651215][ T9585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 395.651231][ T9585] RSP: 002b:00007f497aa1d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 395.651248][ T9585] RAX: ffffffffffffffda RBX: 00007f4979de6180 RCX: 00007f4979b8eec9 [ 395.651259][ T9585] RDX: 00002000000006c0 RSI: 000000000000560a RDI: 0000000000000008 [ 395.651269][ T9585] RBP: 00007f497aa1d090 R08: 0000000000000000 R09: 0000000000000000 [ 395.651279][ T9585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 395.651289][ T9585] R13: 00007f4979de6218 R14: 00007f4979de6180 R15: 00007ffd9b899558 [ 395.651314][ T9585] [ 395.868368][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 395.874432][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 395.880663][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 396.274770][ T30] kauditd_printk_skb: 229 callbacks suppressed [ 396.274780][ T30] audit: type=1400 audit(1760675995.413:12385): avc: denied { read write } for pid=5813 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 396.562854][ T30] audit: type=1400 audit(1760675995.453:12386): avc: denied { read write open } for pid=5813 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 396.733792][ T9594] netlink: 24 bytes leftover after parsing attributes in process `syz.4.948'. [ 396.943319][ T30] audit: type=1400 audit(1760675995.453:12387): avc: denied { ioctl } for pid=5813 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 397.457276][ T30] audit: type=1400 audit(1760675995.453:12388): avc: denied { read } for pid=9583 comm="syz.2.946" path="socket:[24764]" dev="sockfs" ino=24764 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 397.482518][ T30] audit: type=1400 audit(1760675995.483:12389): avc: denied { read } for pid=9583 comm="syz.2.946" path="socket:[24764]" dev="sockfs" ino=24764 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 397.513251][ T30] audit: type=1400 audit(1760675995.483:12390): avc: denied { read } for pid=9583 comm="syz.2.946" path="socket:[24764]" dev="sockfs" ino=24764 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 397.722244][ T5818] audit: audit_backlog=65 > audit_backlog_limit=64 [ 397.734881][ T9608] audit: audit_backlog=65 > audit_backlog_limit=64 [ 397.771102][ T5818] audit: audit_lost=58 audit_rate_limit=0 audit_backlog_limit=64 [ 397.771175][ T9608] audit: audit_lost=59 audit_rate_limit=0 audit_backlog_limit=64 [ 398.279690][ T9613] FAULT_INJECTION: forcing a failure. [ 398.279690][ T9613] name failslab, interval 1, probability 0, space 0, times 0 [ 398.292599][ T9613] CPU: 0 UID: 0 PID: 9613 Comm: syz.4.953 Not tainted syzkaller #0 PREEMPT(full) [ 398.292616][ T9613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 398.292622][ T9613] Call Trace: [ 398.292626][ T9613] [ 398.292630][ T9613] dump_stack_lvl+0x16c/0x1f0 [ 398.292647][ T9613] should_fail_ex+0x512/0x640 [ 398.292661][ T9613] ? __lock_acquire+0x622/0x1c90 [ 398.292676][ T9613] should_failslab+0xc2/0x120 [ 398.292694][ T9613] kmem_cache_alloc_noprof+0x75/0x6e0 [ 398.292707][ T9613] ? inet_frag_find+0x6d3/0x21a0 [ 398.292727][ T9613] ? inet_frag_find+0x6d3/0x21a0 [ 398.292741][ T9613] inet_frag_find+0x6d3/0x21a0 [ 398.292759][ T9613] ? __pfx_ip4_obj_cmpfn+0x10/0x10 [ 398.292774][ T9613] ? is_bpf_text_address+0x94/0x1a0 [ 398.292793][ T9613] ? __pfx_inet_frag_find+0x10/0x10 [ 398.292815][ T9613] ip_defrag+0x2ea/0x2880 [ 398.292830][ T9613] ? stack_depot_save_flags+0x29/0x9c0 [ 398.292848][ T9613] ? __pfx_ip_defrag+0x10/0x10 [ 398.292866][ T9613] ? ipv4_conntrack_defrag+0x3ee/0x600 [ 398.292882][ T9613] ipv4_conntrack_defrag+0x404/0x600 [ 398.292897][ T9613] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 398.292915][ T9613] ? __pfx_ipv4_conntrack_defrag+0x10/0x10 [ 398.292929][ T9613] nf_hook_slow+0xbe/0x200 [ 398.292944][ T9613] nf_hook.constprop.0+0x424/0x750 [ 398.292956][ T9613] ? __pfx_ip_rcv_finish+0x10/0x10 [ 398.292969][ T9613] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 398.292983][ T9613] ? __pfx_ip_rcv_finish+0x10/0x10 [ 398.292996][ T9613] ? ip_rcv_core+0x934/0xe80 [ 398.293010][ T9613] ? __pfx_ip_rcv+0x10/0x10 [ 398.293021][ T9613] ip_rcv+0x7d/0x600 [ 398.293033][ T9613] ? __pfx_ip_rcv+0x10/0x10 [ 398.293044][ T9613] __netif_receive_skb_one_core+0x197/0x1e0 [ 398.293057][ T9613] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 398.293069][ T9613] ? lock_acquire+0x179/0x350 [ 398.293087][ T9613] ? __phys_addr+0xe8/0x180 [ 398.293100][ T9613] __netif_receive_skb+0x1d/0x160 [ 398.293111][ T9613] netif_receive_skb+0x137/0x7b0 [ 398.293122][ T9613] ? __pfx_netif_receive_skb+0x10/0x10 [ 398.293137][ T9613] tun_rx_batched.isra.0+0x3ee/0x740 [ 398.293154][ T9613] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 398.293172][ T9613] ? tun_get_user+0x1ded/0x3cc0 [ 398.293186][ T9613] ? rcu_is_watching+0x12/0xc0 [ 398.293198][ T9613] tun_get_user+0x28b2/0x3cc0 [ 398.293219][ T9613] ? __pfx_tun_get_user+0x10/0x10 [ 398.293235][ T9613] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 398.293254][ T9613] ? find_held_lock+0x2b/0x80 [ 398.293264][ T9613] ? tun_get+0x191/0x370 [ 398.293281][ T9613] tun_chr_write_iter+0xdc/0x210 [ 398.293297][ T9613] vfs_write+0x7d3/0x11d0 [ 398.293311][ T9613] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 398.293328][ T9613] ? __pfx_vfs_write+0x10/0x10 [ 398.293340][ T9613] ? find_held_lock+0x2b/0x80 [ 398.293359][ T9613] ksys_write+0x12a/0x250 [ 398.293371][ T9613] ? __pfx_ksys_write+0x10/0x10 [ 398.293389][ T9613] do_syscall_64+0xcd/0xfa0 [ 398.293403][ T9613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.293414][ T9613] RIP: 0033:0x7f9ea378d97f [ 398.293423][ T9613] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 398.293434][ T9613] RSP: 002b:00007f9ea4658000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 398.293444][ T9613] RAX: ffffffffffffffda RBX: 00007f9ea39e6090 RCX: 00007f9ea378d97f [ 398.293451][ T9613] RDX: 0000000000000032 RSI: 0000200000000300 RDI: 00000000000000c8 [ 398.293458][ T9613] RBP: 00007f9ea4658090 R08: 0000000000000000 R09: 0000000000000000 [ 398.293464][ T9613] R10: 0000000000000032 R11: 0000000000000293 R12: 0000000000000001 [ 398.293470][ T9613] R13: 00007f9ea39e6128 R14: 00007f9ea39e6090 R15: 00007ffffbfdca28 [ 398.293484][ T9613] [ 399.204300][ T9627] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 400.231149][ T9642] netlink: 68 bytes leftover after parsing attributes in process `syz.1.959'. [ 400.652657][ T9] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 400.682594][ T9644] netlink: 24 bytes leftover after parsing attributes in process `syz.1.961'. [ 400.849958][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 400.912519][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1 [ 401.076511][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10 [ 401.130569][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 401.143593][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 401.168560][ T9] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 401.185480][ T9] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 401.193645][ T9] usb 5-1: Manufacturer: syz [ 401.218570][ T9] usb 5-1: config 0 descriptor?? [ 401.281779][ T9657] FAULT_INJECTION: forcing a failure. [ 401.281779][ T9657] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 401.306881][ T30] kauditd_printk_skb: 259 callbacks suppressed [ 401.306898][ T30] audit: type=1400 audit(1760676000.443:12633): avc: denied { create } for pid=9658 comm="syz.1.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 401.370101][ T30] audit: type=1400 audit(1760676000.493:12634): avc: denied { write } for pid=9658 comm="syz.1.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 401.391319][ T9657] CPU: 0 UID: 0 PID: 9657 Comm: syz.2.963 Not tainted syzkaller #0 PREEMPT(full) [ 401.391334][ T9657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 401.391340][ T9657] Call Trace: [ 401.391344][ T9657] [ 401.391348][ T9657] dump_stack_lvl+0x16c/0x1f0 [ 401.391366][ T9657] should_fail_ex+0x512/0x640 [ 401.391383][ T9657] _copy_from_user+0x2e/0xd0 [ 401.391398][ T9657] do_pagemap_scan+0xc3/0xcf0 [ 401.391417][ T9657] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 401.391435][ T9657] ? __pfx_do_pagemap_scan+0x10/0x10 [ 401.391450][ T9657] ? do_vfs_ioctl+0x128/0x14f0 [ 401.391463][ T9657] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 401.391474][ T9657] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 401.391500][ T9657] ? selinux_file_ioctl+0x180/0x270 [ 401.391514][ T9657] ? selinux_file_ioctl+0xb4/0x270 [ 401.391529][ T9657] do_pagemap_cmd+0x58/0x80 [ 401.391544][ T9657] ? __pfx_do_pagemap_cmd+0x10/0x10 [ 401.391560][ T9657] __x64_sys_ioctl+0x18e/0x210 [ 401.391573][ T9657] do_syscall_64+0xcd/0xfa0 [ 401.391586][ T9657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.391597][ T9657] RIP: 0033:0x7f495d78eec9 [ 401.391607][ T9657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 401.391617][ T9657] RSP: 002b:00007f495e666038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 401.391628][ T9657] RAX: ffffffffffffffda RBX: 00007f495d9e5fa0 RCX: 00007f495d78eec9 [ 401.391635][ T9657] RDX: 0000200000000140 RSI: 00000000c0606610 RDI: 0000000000000003 [ 401.391641][ T9657] RBP: 00007f495e666090 R08: 0000000000000000 R09: 0000000000000000 [ 401.391647][ T9657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 401.391653][ T9657] R13: 00007f495d9e6038 R14: 00007f495d9e5fa0 R15: 00007ffc806244d8 [ 401.391667][ T9657] [ 401.417582][ T30] audit: type=1400 audit(1760676000.533:12635): avc: denied { create } for pid=9658 comm="syz.1.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 401.614267][ T9] usb 5-1: USB disconnect, device number 18 [ 401.675388][ T30] audit: type=1400 audit(1760676000.533:12636): avc: denied { write } for pid=9658 comm="syz.1.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 401.711031][ T30] audit: type=1400 audit(1760676000.573:12637): avc: denied { read write } for pid=5823 comm="syz-executor" name="loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 401.738345][ T30] audit: type=1400 audit(1760676000.573:12638): avc: denied { open } for pid=5823 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 401.763310][ T30] audit: type=1400 audit(1760676000.573:12639): avc: denied { ioctl } for pid=5823 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 401.791427][ T30] audit: type=1400 audit(1760676000.763:12640): avc: denied { create } for pid=9658 comm="syz.1.964" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 401.812644][ T30] audit: type=1400 audit(1760676000.783:12641): avc: denied { read write } for pid=5813 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 401.889469][ T30] audit: type=1400 audit(1760676000.783:12642): avc: denied { open } for pid=5813 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 401.924151][ T9665] bridge3: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 402.715656][ T9666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 403.525380][ T9682] netlink: 'syz.4.969': attribute type 1 has an invalid length. [ 403.605116][ T9690] netlink: 24 bytes leftover after parsing attributes in process `syz.3.972'. [ 403.616976][ T9691] netlink: 4 bytes leftover after parsing attributes in process `syz.4.969'. [ 403.627842][ T9682] 8021q: adding VLAN 0 to HW filter on device bond1 [ 404.210687][ T3088] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 404.227156][ T9691] bond1 (unregistering): Released all slaves [ 404.390102][ T3088] usb 1-1: Using ep0 maxpacket: 8 [ 404.416766][ T3088] usb 1-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30 [ 404.435225][ T3088] usb 1-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 404.654654][ T9708] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 404.993379][ T3088] usb 1-1: config 0 interface 0 has no altsetting 0 [ 405.001361][ T3088] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c07, bcdDevice= 0.00 [ 405.023143][ T3088] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.056813][ T9708] overlayfs: failed lookup in lower (/, name='file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', err=-66): unsupported object type [ 406.498055][ T9708] overlayfs: failed lookup in lower (/, name='file0', err=-66): unsupported object type [ 406.510984][ T30] kauditd_printk_skb: 179 callbacks suppressed [ 406.511000][ T30] audit: type=1400 audit(1760676005.653:12822): avc: denied { create } for pid=9711 comm="syz.1.976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 406.521215][ T3088] usb 1-1: config 0 descriptor?? [ 406.633228][ T30] audit: type=1400 audit(1760676005.653:12823): avc: denied { create } for pid=9711 comm="syz.1.976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 407.264355][ T30] audit: type=1400 audit(1760676005.653:12824): avc: denied { bind } for pid=9711 comm="syz.1.976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 407.322764][ T3088] usbhid 1-1:0.0: can't add hid device: -71 [ 407.328719][ T3088] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 407.371607][ T9715] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 407.377830][ T9715] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 407.381504][ T30] audit: type=1400 audit(1760676005.653:12825): avc: denied { setopt } for pid=9711 comm="syz.1.976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 407.431732][ T3088] usb 1-1: USB disconnect, device number 27 [ 407.439471][ T9715] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 407.477025][ T30] audit: type=1400 audit(1760676005.873:12826): avc: denied { ioctl } for pid=9693 comm="syz.0.973" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x550a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 407.506044][ T30] audit: type=1400 audit(1760676005.873:12827): avc: denied { read } for pid=9711 comm="syz.1.976" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 407.540721][ T30] audit: type=1400 audit(1760676005.873:12828): avc: denied { open } for pid=9711 comm="syz.1.976" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 407.565708][ T9715] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 407.571728][ T30] audit: type=1400 audit(1760676005.953:12829): avc: denied { read write } for pid=9704 comm="syz.2.977" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 407.595994][ T30] audit: type=1400 audit(1760676005.953:12830): avc: denied { open } for pid=9704 comm="syz.2.977" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 407.640771][ T30] audit: type=1400 audit(1760676005.953:12831): avc: denied { allowed } for pid=9704 comm="syz.2.977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 409.400295][ T5812] Bluetooth: hci1: command 0x0c1a tx timeout [ 409.412053][ T9735] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 409.449049][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 409.457076][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 409.543685][ T9743] tipc: Started in network mode [ 409.549002][ T9743] tipc: Node identity 5efb678479e5, cluster identity 4711 [ 409.556685][ T9743] tipc: Enabled bearer , priority 0 [ 409.565924][ T9743] syzkaller0: entered promiscuous mode [ 409.571710][ T9743] syzkaller0: entered allmulticast mode [ 409.600143][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 410.025881][ T9755] netlink: 24 bytes leftover after parsing attributes in process `syz.1.986'. [ 410.177928][ T9739] tipc: Resetting bearer [ 410.206132][ T9739] tipc: Disabling bearer [ 411.597394][ T30] kauditd_printk_skb: 222 callbacks suppressed [ 411.597406][ T30] audit: type=1400 audit(1760676010.729:13054): avc: denied { create } for pid=9777 comm="syz.0.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 411.819543][ T9781] bridge6: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 411.840206][ T30] audit: type=1400 audit(1760676010.769:13055): avc: denied { create } for pid=9777 comm="syz.0.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 411.964397][ T30] audit: type=1400 audit(1760676010.769:13056): avc: denied { write } for pid=9777 comm="syz.0.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 412.828833][ T30] audit: type=1400 audit(1760676010.769:13057): avc: denied { setopt } for pid=9777 comm="syz.0.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 413.112162][ T30] audit: type=1400 audit(1760676010.769:13058): avc: denied { connect } for pid=9777 comm="syz.0.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 413.212528][ T30] audit: type=1400 audit(1760676010.769:13059): avc: denied { create } for pid=9777 comm="syz.0.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 413.340293][ T9] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 413.378026][ T9796] audit: audit_lost=65 audit_rate_limit=0 audit_backlog_limit=64 [ 413.442098][ T9796] audit: out of memory in audit_log_start [ 413.460394][ T30] audit: type=1400 audit(1760676010.769:13060): avc: denied { create } for pid=9777 comm="syz.0.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 413.471646][ T9796] openvswitch: netlink: IP tunnel dst address not specified [ 413.535918][ T30] audit: type=1400 audit(1760676010.769:13061): avc: denied { connect } for pid=9777 comm="syz.0.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 413.556243][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 413.578826][ T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1 [ 413.627483][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 10 [ 413.666054][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 413.890372][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 413.989552][ T9] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 413.999042][ T9] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 414.008742][ T9805] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1000'. [ 414.009494][ T9] usb 3-1: Manufacturer: syz [ 414.030304][ T9] usb 3-1: config 0 descriptor?? [ 415.212656][ T3088] usb 3-1: USB disconnect, device number 20 [ 415.306979][ T9812] FAULT_INJECTION: forcing a failure. [ 415.306979][ T9812] name failslab, interval 1, probability 0, space 0, times 0 [ 415.331250][ T9812] CPU: 0 UID: 0 PID: 9812 Comm: syz.2.1002 Not tainted syzkaller #0 PREEMPT(full) [ 415.331277][ T9812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 415.331287][ T9812] Call Trace: [ 415.331293][ T9812] [ 415.331300][ T9812] dump_stack_lvl+0x16c/0x1f0 [ 415.331327][ T9812] should_fail_ex+0x512/0x640 [ 415.331350][ T9812] ? kmem_cache_alloc_node_noprof+0x65/0x770 [ 415.331374][ T9812] should_failslab+0xc2/0x120 [ 415.331399][ T9812] kmem_cache_alloc_node_noprof+0x78/0x770 [ 415.331418][ T9812] ? do_raw_spin_lock+0x12c/0x2b0 [ 415.331443][ T9812] ? __alloc_skb+0x2b2/0x380 [ 415.331467][ T9812] ? __alloc_skb+0x2b2/0x380 [ 415.331482][ T9812] __alloc_skb+0x2b2/0x380 [ 415.331500][ T9812] ? __pfx___alloc_skb+0x10/0x10 [ 415.331517][ T9812] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 415.331537][ T9812] ? avc_compute_av+0x4e4/0x7f0 [ 415.331561][ T9812] alloc_skb_with_frags+0xe0/0x860 [ 415.331583][ T9812] ? __pfx_avc_perm_nonode+0x10/0x10 [ 415.331604][ T9812] sock_alloc_send_pskb+0x7f9/0x980 [ 415.331622][ T9812] ? avc_has_perm_noaudit+0x2bd/0x3b0 [ 415.331655][ T9812] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 415.331672][ T9812] ? selinux_socket_getpeersec_dgram+0x1a4/0x370 [ 415.331695][ T9812] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 415.331719][ T9812] ? __pfx_avc_has_perm+0x10/0x10 [ 415.331733][ T9812] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 415.331759][ T9812] unix_dgram_sendmsg+0x3e9/0x17f0 [ 415.331783][ T9812] ? __pfx_sock_has_perm+0x10/0x10 [ 415.331805][ T9812] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 415.331829][ T9812] ? __import_iovec+0x1dd/0x650 [ 415.331851][ T9812] ? __might_fault+0xe3/0x190 [ 415.331869][ T9812] ? __might_fault+0x13b/0x190 [ 415.331891][ T9812] unix_seqpacket_sendmsg+0x12a/0x1c0 [ 415.331916][ T9812] ____sys_sendmsg+0xa98/0xc70 [ 415.331942][ T9812] ? copy_msghdr_from_user+0x10a/0x160 [ 415.331962][ T9812] ? __pfx_____sys_sendmsg+0x10/0x10 [ 415.331998][ T9812] ___sys_sendmsg+0x134/0x1d0 [ 415.332020][ T9812] ? __pfx____sys_sendmsg+0x10/0x10 [ 415.332037][ T9812] ? __lock_acquire+0x622/0x1c90 [ 415.332090][ T9812] __sys_sendmsg+0x16d/0x220 [ 415.332110][ T9812] ? __pfx___sys_sendmsg+0x10/0x10 [ 415.332147][ T9812] do_syscall_64+0xcd/0xfa0 [ 415.332169][ T9812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.332183][ T9812] RIP: 0033:0x7f495d78eec9 [ 415.332195][ T9812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 415.332209][ T9812] RSP: 002b:00007f495e666038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 415.332223][ T9812] RAX: ffffffffffffffda RBX: 00007f495d9e5fa0 RCX: 00007f495d78eec9 [ 415.332232][ T9812] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000006 [ 415.332240][ T9812] RBP: 00007f495e666090 R08: 0000000000000000 R09: 0000000000000000 [ 415.332249][ T9812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 415.332257][ T9812] R13: 00007f495d9e6038 R14: 00007f495d9e5fa0 R15: 00007ffc806244d8 [ 415.332276][ T9812] [ 415.642889][ T9807] netlink: 12 bytes leftover after parsing attributes in process `syz.3.997'. [ 415.654469][ T9807] netlink: 20 bytes leftover after parsing attributes in process `syz.3.997'. [ 416.428662][ T9818] virtiofs: Unknown parameter 'always 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 18 nlmon0 : 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 20 batadv0 : 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 21 vxcan0 : 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 22 vxcan1 : 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 23 veth0 : 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 24 veth1 : 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 25 wg0 : 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 26 wg1 : 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 28 veth0_to_bridge: 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 29 bridge_slave_0: 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 30 veth1_to_bridge: 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 31 bridge_slave_1: 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 32 veth0_to_bond: 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 33 bond_slave_0: 1 V3 [ 416.428662][ T9818] 010000E0 1 0:00000000 0 [ 416.428662][ T9818] 34 veth1_to_bond: 1 V3 [ 416.428662][ T9818] 010000E0 1 [ 416.655256][ T30] kauditd_printk_skb: 179 callbacks suppressed [ 416.655273][ T30] audit: type=1400 audit(1760676015.789:13241): avc: denied { read write } for pid=5823 comm="syz-executor" name="loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 416.673002][ T9828] siw: device registration error -23 [ 417.037286][ T30] audit: type=1400 audit(1760676015.789:13242): avc: denied { read write open } for pid=5823 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 417.458237][ T30] audit: type=1400 audit(1760676015.789:13243): avc: denied { ioctl } for pid=5823 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 417.521108][ T30] audit: type=1400 audit(1760676015.789:13244): avc: denied { create } for pid=9827 comm="syz.4.1004" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 417.542212][ T30] audit: type=1400 audit(1760676015.789:13245): avc: denied { write } for pid=9827 comm="syz.4.1004" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 417.633572][ T30] audit: type=1400 audit(1760676016.079:13246): avc: denied { read } for pid=9823 comm="syz.3.1005" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 417.678956][ T30] audit: type=1400 audit(1760676016.079:13247): avc: denied { open } for pid=9823 comm="syz.3.1005" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 417.766255][ T30] audit: type=1400 audit(1760676016.139:13248): avc: denied { read write } for pid=5808 comm="syz-executor" name="loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 417.817172][ T30] audit: type=1400 audit(1760676016.139:13249): avc: denied { open } for pid=5808 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 418.100948][ T9832] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 418.123534][ T9832] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 418.141975][ T30] audit: type=1400 audit(1760676016.139:13250): avc: denied { ioctl } for pid=5808 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=647 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 418.177979][ T9832] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 418.190229][ T9832] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 418.917912][ T9855] openvswitch: netlink: IP tunnel dst address not specified [ 419.420881][ T9864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.467557][ T9864] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 419.590402][ T5923] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 419.605040][ T5819] Bluetooth: hci1: command 0x0c1a tx timeout [ 419.740185][ T5923] usb 1-1: Using ep0 maxpacket: 32 [ 419.753032][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 419.781073][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 419.829860][ T5923] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=4d.a7 [ 419.872653][ T5923] usb 1-1: New USB device strings: Mfr=152, Product=158, SerialNumber=3 [ 419.910290][ T5923] usb 1-1: Product: syz [ 419.914496][ T5923] usb 1-1: Manufacturer: syz [ 419.919099][ T5923] usb 1-1: SerialNumber: syz [ 419.976003][ T5923] usb 1-1: config 0 descriptor?? [ 420.088767][ T5923] usb 1-1: no audio or video endpoints found [ 420.170441][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 420.252348][ T5812] Bluetooth: hci2: command 0x0c1a tx timeout [ 420.259457][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 420.504442][ T9892] input: syz1 as /devices/virtual/input/input22 [ 420.528726][ T9892] FAULT_INJECTION: forcing a failure. [ 420.528726][ T9892] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 420.566223][ T9892] CPU: 1 UID: 0 PID: 9892 Comm: syz.1.1024 Not tainted syzkaller #0 PREEMPT(full) [ 420.566248][ T9892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 420.566259][ T9892] Call Trace: [ 420.566265][ T9892] [ 420.566272][ T9892] dump_stack_lvl+0x16c/0x1f0 [ 420.566298][ T9892] should_fail_ex+0x512/0x640 [ 420.566322][ T9892] _copy_from_user+0x2e/0xd0 [ 420.566345][ T9892] input_event_from_user+0x133/0x3b0 [ 420.566372][ T9892] ? __pfx_input_event_from_user+0x10/0x10 [ 420.566397][ T9892] ? __pfx___might_resched+0x10/0x10 [ 420.566414][ T9892] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 420.566433][ T9892] ? input_event+0xb6/0xd0 [ 420.566457][ T9892] uinput_write+0xbb4/0x12b0 [ 420.566482][ T9892] ? __pfx_uinput_write+0x10/0x10 [ 420.566501][ T9892] ? bpf_lsm_file_permission+0x9/0x10 [ 420.566523][ T9892] ? security_file_permission+0x71/0x210 [ 420.566549][ T9892] ? rw_verify_area+0xcf/0x6c0 [ 420.566569][ T9892] ? __pfx_uinput_write+0x10/0x10 [ 420.566586][ T9892] vfs_write+0x2a0/0x11d0 [ 420.566613][ T9892] ? __pfx_vfs_write+0x10/0x10 [ 420.566631][ T9892] ? find_held_lock+0x2b/0x80 [ 420.566648][ T9892] ? __fget_files+0x204/0x3c0 [ 420.566673][ T9892] ? __fget_files+0x20e/0x3c0 [ 420.566702][ T9892] ksys_write+0x1f8/0x250 [ 420.566723][ T9892] ? __pfx_ksys_write+0x10/0x10 [ 420.566751][ T9892] do_syscall_64+0xcd/0xfa0 [ 420.566774][ T9892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.566792][ T9892] RIP: 0033:0x7fdddab8eec9 [ 420.566806][ T9892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.566822][ T9892] RSP: 002b:00007fdddba02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 420.566840][ T9892] RAX: ffffffffffffffda RBX: 00007fdddade5fa0 RCX: 00007fdddab8eec9 [ 420.566852][ T9892] RDX: 000000000000045c RSI: 0000200000000a40 RDI: 0000000000000003 [ 420.566862][ T9892] RBP: 00007fdddba02090 R08: 0000000000000000 R09: 0000000000000000 [ 420.566872][ T9892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 420.566882][ T9892] R13: 00007fdddade6038 R14: 00007fdddade5fa0 R15: 00007fffd4f147e8 [ 420.566907][ T9892] [ 420.916029][ T10] usb 1-1: USB disconnect, device number 28 [ 421.128592][ T9909] gfs2: error -5 reading superblock [ 421.150141][ T5868] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 421.300951][ T5868] usb 4-1: Using ep0 maxpacket: 8 [ 421.310256][ T5868] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 421.333582][ T5868] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 421.530691][ T10] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 421.720103][ T30] kauditd_printk_skb: 282 callbacks suppressed [ 421.720135][ T30] audit: type=1400 audit(1760676020.769:13530): avc: denied { execute } for pid=9917 comm="syz.4.1030" name="file0" dev="tmpfs" ino=1092 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 421.926909][ T5896] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 421.935423][ T5868] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 421.954074][ T5868] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 421.990685][ T30] audit: type=1400 audit(1760676020.779:13531): avc: denied { execute_no_trans } for pid=9917 comm="syz.4.1030" path="/203/file0" dev="tmpfs" ino=1092 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 422.016243][ T5868] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 422.021246][ T30] audit: type=1400 audit(1760676020.659:13529): avc: denied { ioctl } for pid=9919 comm="syz.0.1032" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 422.053362][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.054400][ T30] audit: type=1400 audit(1760676021.059:13532): avc: denied { ioctl } for pid=9919 comm="syz.0.1032" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 422.158167][ T5896] usb 3-1: device descriptor read/64, error -71 [ 422.166979][ T30] audit: type=1400 audit(1760676021.069:13533): avc: denied { ioctl } for pid=9915 comm="syz.2.1029" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 422.175145][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 422.192811][ T30] audit: type=1400 audit(1760676021.069:13534): avc: denied { create } for pid=9920 comm="syz.1.1031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 422.216743][ T5868] hub 4-1:1.0: bad descriptor, ignoring hub [ 422.385242][ T5868] hub 4-1:1.0: probe with driver hub failed with error -5 [ 422.394998][ T30] audit: type=1400 audit(1760676021.089:13535): avc: denied { create } for pid=9920 comm="syz.1.1031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 422.401705][ T5868] cdc_wdm 4-1:1.0: skipping garbage [ 422.417018][ T5896] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 422.424728][ T10] usb 1-1: New USB device found, idVendor=1e7d, idProduct=3264, bcdDevice= 0.00 [ 422.448895][ T9889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 422.544728][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.552853][ T30] audit: type=1400 audit(1760676021.089:13536): avc: denied { write } for pid=9920 comm="syz.1.1031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 422.573833][ T5868] cdc_wdm 4-1:1.0: skipping garbage [ 422.579951][ T9889] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.586783][ T10] usb 1-1: config 0 descriptor?? [ 422.588161][ T5896] usb 3-1: device descriptor read/64, error -71 [ 422.594652][ T5868] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 423.090534][ T30] audit: type=1400 audit(1760676021.089:13537): avc: denied { read } for pid=9920 comm="syz.1.1031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 423.135488][ T30] audit: type=1400 audit(1760676021.129:13538): avc: denied { ioctl } for pid=9920 comm="syz.1.1031" path="socket:[25260]" dev="sockfs" ino=25260 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 423.159728][ T5868] cdc_wdm 4-1:1.0: Unknown control protocol [ 423.192760][ T5896] usb usb3-port1: attempt power cycle [ 423.214059][ T5868] usb 4-1: USB disconnect, device number 26 [ 423.550533][ T5896] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 423.630036][ T5896] usb 3-1: device descriptor read/8, error -71 [ 423.632838][ T10] isku 0003:1E7D:3264.000F: hidraw0: USB HID v0.00 Device [HID 1e7d:3264] on usb-dummy_hcd.0-1/input0 [ 423.788128][ T9947] netlink: 184 bytes leftover after parsing attributes in process `syz.1.1036'. [ 423.839533][ T9921] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1032'. [ 423.890948][ T5896] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 423.922872][ T10] usb 1-1: USB disconnect, device number 29 [ 423.947655][ T5896] usb 3-1: device descriptor read/8, error -71 [ 424.096787][ T5896] usb usb3-port1: unable to enumerate USB device [ 424.112427][ T9956] FAULT_INJECTION: forcing a failure. [ 424.112427][ T9956] name failslab, interval 1, probability 0, space 0, times 0 [ 424.134287][ T9956] CPU: 1 UID: 0 PID: 9956 Comm: syz.1.1039 Not tainted syzkaller #0 PREEMPT(full) [ 424.134313][ T9956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 424.134323][ T9956] Call Trace: [ 424.134329][ T9956] [ 424.134336][ T9956] dump_stack_lvl+0x16c/0x1f0 [ 424.134363][ T9956] should_fail_ex+0x512/0x640 [ 424.134385][ T9956] ? __kvmalloc_node_noprof+0x12e/0x9c0 [ 424.134411][ T9956] should_failslab+0xc2/0x120 [ 424.134437][ T9956] __kvmalloc_node_noprof+0x141/0x9c0 [ 424.134460][ T9956] ? bpf_test_run_xdp_live+0x140/0x500 [ 424.134480][ T9956] ? find_held_lock+0x2b/0x80 [ 424.134501][ T9956] ? bpf_test_run_xdp_live+0x140/0x500 [ 424.134520][ T9956] bpf_test_run_xdp_live+0x140/0x500 [ 424.134542][ T9956] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 424.134566][ T9956] ? find_held_lock+0x2b/0x80 [ 424.134587][ T9956] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 424.134624][ T9956] ? 0xffffffffa02052c0 [ 424.134640][ T9956] ? 0xffffffffa02052c0 [ 424.134653][ T9956] ? 0xffffffffa02052c0 [ 424.134672][ T9956] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 424.134695][ T9956] bpf_prog_test_run_xdp+0x87e/0x1670 [ 424.134723][ T9956] ? __fget_files+0x204/0x3c0 [ 424.134747][ T9956] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 424.134770][ T9956] ? __might_fault+0xa0/0x190 [ 424.134794][ T9956] ? fput+0x9b/0xd0 [ 424.134809][ T9956] ? __bpf_prog_get+0x97/0x2a0 [ 424.134835][ T9956] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 424.134856][ T9956] __sys_bpf+0x1035/0x4980 [ 424.134881][ T9956] ? __pfx___sys_bpf+0x10/0x10 [ 424.134900][ T9956] ? find_held_lock+0x2b/0x80 [ 424.134920][ T9956] ? find_held_lock+0x2b/0x80 [ 424.134944][ T9956] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 424.134983][ T9956] ? fput+0x9b/0xd0 [ 424.134998][ T9956] ? ksys_write+0x1ac/0x250 [ 424.135019][ T9956] ? __pfx_ksys_write+0x10/0x10 [ 424.135045][ T9956] __x64_sys_bpf+0x78/0xc0 [ 424.135064][ T9956] ? lockdep_hardirqs_on+0x7c/0x110 [ 424.135084][ T9956] do_syscall_64+0xcd/0xfa0 [ 424.135108][ T9956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.135125][ T9956] RIP: 0033:0x7fdddab8eec9 [ 424.135140][ T9956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.135156][ T9956] RSP: 002b:00007fdddba02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 424.135173][ T9956] RAX: ffffffffffffffda RBX: 00007fdddade5fa0 RCX: 00007fdddab8eec9 [ 424.135184][ T9956] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 424.135194][ T9956] RBP: 00007fdddba02090 R08: 0000000000000000 R09: 0000000000000000 [ 424.135203][ T9956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 424.135213][ T9956] R13: 00007fdddade6038 R14: 00007fdddade5fa0 R15: 00007fffd4f147e8 [ 424.135238][ T9956] [ 424.836208][ T9967] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1040'. [ 426.506173][ T9975] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 427.547292][ T30] kauditd_printk_skb: 200 callbacks suppressed [ 427.547309][ T30] audit: type=1400 audit(1760676026.679:13739): avc: denied { read write } for pid=9978 comm="syz.4.1046" name="sg0" dev="devtmpfs" ino=747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 441.314217][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 441.335105][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.253268][ T30] audit: type=1400 audit(1760676026.679:13740): avc: denied { open } for pid=9978 comm="syz.4.1046" path="/dev/sg0" dev="devtmpfs" ino=747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 452.250002][ C0] sched: DL replenish lagged too much [ 501.090797][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.109205][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 555.239939][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 555.246912][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5174/1:b..l P9971/1:b..l P5823/1:b..l P2/1:b..l P5803/1:b..l P5868/1:b..l P6511/1:b..l [ 555.261839][ C1] rcu: (detected by 1, t=10504 jiffies, g=33021, q=1287405 ncpus=2) [ 555.269900][ C1] task:udevd state:R running task stack:25592 pid:6511 tgid:6511 ppid:5185 task_flags:0x40014c flags:0x00080001 [ 555.284405][ C1] Call Trace: [ 555.287694][ C1] [ 555.290628][ C1] __schedule+0x1190/0x5de0 [ 555.295149][ C1] ? __pfx___schedule+0x10/0x10 [ 555.299996][ C1] ? __lock_acquire+0x622/0x1c90 [ 555.304940][ C1] ? mark_held_locks+0x49/0x80 [ 555.309705][ C1] preempt_schedule_irq+0x51/0x90 [ 555.314729][ C1] irqentry_exit+0x36/0x90 [ 555.319142][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 555.325115][ C1] RIP: 0010:unwind_next_frame+0x163a/0x20a0 [ 555.331012][ C1] Code: c1 ea 03 80 3c 02 00 0f 85 56 05 00 00 49 8d 7d 08 49 8b 5d 38 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 29 05 00 00 49 8d 7d 10 49 8b 6d 08 48 b8 00 00 00 00 00 fc [ 555.350617][ C1] RSP: 0018:ffffc9000ca47430 EFLAGS: 00000246 [ 555.356687][ C1] RAX: dffffc0000000000 RBX: ffffc9000ca47dd8 RCX: ffffc9000ca48000 [ 555.364655][ C1] RDX: 1ffff92001948e95 RSI: ffffc9000ca47db0 RDI: ffffc9000ca474a8 [ 555.372623][ C1] RBP: ffff888035f9cb01 R08: 0000000000000001 R09: 0000000000000000 [ 555.380592][ C1] R10: 0000000000000000 R11: 0000000000007ab5 R12: ffffc9000ca474f0 [ 555.388561][ C1] R13: ffffc9000ca474a0 R14: ffffc9000ca47dd8 R15: ffffc9000ca474d4 [ 555.396592][ C1] ? __mmput+0x12a/0x410 [ 555.400878][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 555.407045][ C1] arch_stack_walk+0x94/0x100 [ 555.411739][ C1] ? mmput+0x62/0x70 [ 555.415633][ C1] stack_trace_save+0x8e/0xc0 [ 555.420313][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 555.425681][ C1] ? __lock_acquire+0x622/0x1c90 [ 555.430628][ C1] save_stack+0x160/0x1f0 [ 555.434959][ C1] ? __pfx_save_stack+0x10/0x10 [ 555.439808][ C1] ? free_unref_folios+0xa31/0x1610 [ 555.445004][ C1] ? folios_put_refs+0x4be/0x750 [ 555.449941][ C1] ? free_pages_and_swap_cache+0x245/0x4a0 [ 555.455746][ C1] ? __tlb_batch_free_encoded_pages+0xf9/0x290 [ 555.461897][ C1] ? tlb_finish_mmu+0x168/0x7c0 [ 555.466741][ C1] ? exit_mmap+0x3fc/0xb90 [ 555.471161][ C1] ? __mmput+0x12a/0x410 [ 555.475409][ C1] ? page_ext_put+0x3e/0xd0 [ 555.479914][ C1] __reset_page_owner+0x84/0x1a0 [ 555.484849][ C1] free_unref_folios+0xa31/0x1610 [ 555.489879][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 555.495688][ C1] folios_put_refs+0x4be/0x750 [ 555.500458][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 555.505752][ C1] ? __lock_acquire+0x622/0x1c90 [ 555.510699][ C1] free_pages_and_swap_cache+0x245/0x4a0 [ 555.516348][ C1] ? __pfx_free_pages_and_swap_cache+0x10/0x10 [ 555.522554][ C1] ? __pfx___might_resched+0x10/0x10 [ 555.527847][ C1] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 555.533832][ C1] tlb_finish_mmu+0x168/0x7c0 [ 555.538511][ C1] exit_mmap+0x3fc/0xb90 [ 555.542763][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 555.547556][ C1] ? arch_uprobe_clear_state+0x16/0x150 [ 555.553117][ C1] __mmput+0x12a/0x410 [ 555.557186][ C1] mmput+0x62/0x70 [ 555.560902][ C1] do_exit+0x7c7/0x2bf0 [ 555.565060][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 555.570089][ C1] ? __pfx_do_exit+0x10/0x10 [ 555.574680][ C1] ? rcu_is_watching+0x12/0xc0 [ 555.579439][ C1] do_group_exit+0xd3/0x2a0 [ 555.583940][ C1] __x64_sys_exit_group+0x3e/0x50 [ 555.588962][ C1] x64_sys_call+0x150b/0x1730 [ 555.593633][ C1] do_syscall_64+0xcd/0xfa0 [ 555.598138][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.604025][ C1] RIP: 0033:0x7f52e64f16c5 [ 555.608435][ C1] RSP: 002b:00007ffe361d4958 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 555.616843][ C1] RAX: ffffffffffffffda RBX: 000055d800c22f80 RCX: 00007f52e64f16c5 [ 555.624811][ C1] RDX: 00000000000000e7 RSI: fffffffffffffe68 RDI: 0000000000000000 [ 555.632778][ C1] RBP: 000055d8009eb2c0 R08: 0000000000000000 R09: 0000000000000000 [ 555.640747][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 555.648717][ C1] R13: 00007ffe361d49a0 R14: 0000000000000000 R15: 0000000000000000 [ 555.656698][ C1] [ 555.659717][ C1] task:kworker/0:4 state:R running task stack:22136 pid:5868 tgid:5868 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 555.673295][ C1] Workqueue: events_power_efficient gc_worker [ 555.679380][ C1] Call Trace: [ 555.682654][ C1] [ 555.685588][ C1] __schedule+0x1190/0x5de0 [ 555.690098][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 555.695904][ C1] ? debug_object_activate+0x2ec/0x4c0 [ 555.701368][ C1] ? __pfx___schedule+0x10/0x10 [ 555.706220][ C1] ? __mod_timer+0x8ed/0xd30 [ 555.710810][ C1] ? rcu_is_watching+0x12/0xc0 [ 555.715577][ C1] ? mark_held_locks+0x49/0x80 [ 555.720346][ C1] preempt_schedule_irq+0x51/0x90 [ 555.725370][ C1] irqentry_exit+0x36/0x90 [ 555.729786][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 555.735761][ C1] RIP: 0010:gc_worker+0x2d5/0x16e0 [ 555.740879][ C1] Code: 00 00 48 c7 c7 68 e5 83 90 e8 57 b4 12 f8 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 35 d6 36 f8 58 48 85 db 0f 85 d4 0f 00 00 b6 da 36 f8 8b 1d 60 87 fd 06 41 89 dc 31 ff 41 83 e4 01 44 89 [ 555.760489][ C1] RSP: 0018:ffffc900043cfb48 EFLAGS: 00000293 [ 555.766559][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff89866939 [ 555.774530][ C1] RDX: ffff88803005a480 RSI: ffffffff89866948 RDI: 0000000000000007 [ 555.782500][ C1] RBP: ffffffff9afbf2ac R08: 0000000000000007 R09: 0000000000000000 [ 555.790468][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888030e00000 [ 555.798464][ C1] R13: 0000000000040000 R14: dffffc0000000000 R15: 0000000000001960 [ 555.806442][ C1] ? gc_worker+0xe19/0x16e0 [ 555.810967][ C1] ? gc_worker+0xe28/0x16e0 [ 555.815493][ C1] ? gc_worker+0xe28/0x16e0 [ 555.820010][ C1] ? __pfx_gc_worker+0x10/0x10 [ 555.824778][ C1] ? rcu_is_watching+0x12/0xc0 [ 555.829542][ C1] process_one_work+0x9cf/0x1b70 [ 555.834488][ C1] ? __pfx_psi_avgs_work+0x10/0x10 [ 555.839603][ C1] ? __pfx_process_one_work+0x10/0x10 [ 555.844990][ C1] ? assign_work+0x1a0/0x250 [ 555.849585][ C1] worker_thread+0x6c8/0xf10 [ 555.854194][ C1] ? __pfx_worker_thread+0x10/0x10 [ 555.859313][ C1] kthread+0x3c5/0x780 [ 555.863386][ C1] ? __pfx_kthread+0x10/0x10 [ 555.867983][ C1] ? rcu_is_watching+0x12/0xc0 [ 555.872749][ C1] ? __pfx_kthread+0x10/0x10 [ 555.877348][ C1] ret_from_fork+0x675/0x7d0 [ 555.881942][ C1] ? __pfx_kthread+0x10/0x10 [ 555.886537][ C1] ret_from_fork_asm+0x1a/0x30 [ 555.891321][ C1] [ 555.894335][ C1] task:syz-executor state:R running task stack:25912 pid:5803 tgid:5803 ppid:5798 task_flags:0x40050c flags:0x00080002 [ 555.907828][ C1] Call Trace: [ 555.911102][ C1] [ 555.914034][ C1] __schedule+0x1190/0x5de0 [ 555.918555][ C1] ? __pfx___schedule+0x10/0x10 [ 555.923410][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 555.928440][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 555.933813][ C1] preempt_schedule_common+0x44/0xc0 [ 555.939098][ C1] preempt_schedule_thunk+0x16/0x30 [ 555.944316][ C1] _raw_spin_unlock+0x3e/0x50 [ 555.948994][ C1] unmap_page_range+0xf71/0x41b0 [ 555.953959][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 555.959337][ C1] ? mas_next_slot+0x12d3/0x1cb0 [ 555.964304][ C1] ? uprobe_munmap+0x20/0x600 [ 555.968987][ C1] unmap_single_vma.constprop.0+0x153/0x240 [ 555.974893][ C1] unmap_vmas+0x218/0x470 [ 555.979230][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 555.984105][ C1] exit_mmap+0x1b2/0xb90 [ 555.988359][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 555.993144][ C1] ? arch_uprobe_clear_state+0x16/0x150 [ 555.998699][ C1] __mmput+0x12a/0x410 [ 556.002764][ C1] mmput+0x62/0x70 [ 556.006480][ C1] do_exit+0x7c7/0x2bf0 [ 556.010635][ C1] ? find_held_lock+0x2b/0x80 [ 556.015314][ C1] ? __pfx_do_exit+0x10/0x10 [ 556.019899][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 556.024920][ C1] ? find_held_lock+0x2b/0x80 [ 556.029594][ C1] do_group_exit+0xd3/0x2a0 [ 556.034096][ C1] get_signal+0x2671/0x26d0 [ 556.038602][ C1] ? css_rstat_updated+0x1c2/0x510 [ 556.043715][ C1] ? __pfx_get_signal+0x10/0x10 [ 556.048566][ C1] ? __do_sys_wait4+0xd1/0x170 [ 556.053331][ C1] arch_do_signal_or_restart+0x8f/0x7c0 [ 556.058881][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 556.065054][ C1] exit_to_user_mode_loop+0x85/0x130 [ 556.070348][ C1] do_syscall_64+0x426/0xfa0 [ 556.074942][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.080830][ C1] RIP: 0033:0x7f2fc4d84fd3 [ 556.085241][ C1] RSP: 002b:00007ffca2b569b8 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 556.093654][ C1] RAX: fffffffffffffe00 RBX: 00000000000016b0 RCX: 00007f2fc4d84fd3 [ 556.101622][ C1] RDX: 0000000040000000 RSI: 00007ffca2b569cc RDI: 00000000ffffffff [ 556.109597][ C1] RBP: 00007ffca2b569cc R08: 0000000000000000 R09: 0000000000000000 [ 556.117567][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 556.125541][ C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 556.133527][ C1] [ 556.136544][ C1] task:kthreadd state:R running task stack:26568 pid:2 tgid:2 ppid:0 task_flags:0x208040 flags:0x00080000 [ 556.150029][ C1] Call Trace: [ 556.153306][ C1] [ 556.156237][ C1] __schedule+0x1190/0x5de0 [ 556.160752][ C1] ? __lock_acquire+0x622/0x1c90 [ 556.165698][ C1] ? __pfx___schedule+0x10/0x10 [ 556.170556][ C1] ? mark_held_locks+0x49/0x80 [ 556.175328][ C1] preempt_schedule_irq+0x51/0x90 [ 556.180351][ C1] irqentry_exit+0x36/0x90 [ 556.184764][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 556.190740][ C1] RIP: 0010:lock_acquire+0x62/0x350 [ 556.195939][ C1] Code: 87 0b 12 83 f8 07 0f 87 bc 02 00 00 89 c0 48 0f a3 05 a2 1f ea 0e 0f 82 74 02 00 00 8b 35 1a 50 ea 0e 85 f6 0f 85 8d 00 00 00 <48> 8b 44 24 30 65 48 2b 05 b9 86 0b 12 0f 85 c7 02 00 00 48 83 c4 [ 556.215569][ C1] RSP: 0018:ffffc900000775a8 EFLAGS: 00000206 [ 556.221639][ C1] RAX: 0000000000000046 RBX: ffffffff8e3c4460 RCX: 000000004b011683 [ 556.229607][ C1] RDX: 0000000000000000 RSI: ffffffff8dade4c2 RDI: ffffffff8bf1ea40 [ 556.237576][ C1] RBP: 0000000000000002 R08: dc99f69f2cbac664 R09: 0000000000000000 [ 556.245546][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 556.253520][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 556.261514][ C1] ? unwind_next_frame+0x3f4/0x20a0 [ 556.266724][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 556.272882][ C1] unwind_next_frame+0xd1/0x20a0 [ 556.277824][ C1] ? unwind_next_frame+0xbd/0x20a0 [ 556.282939][ C1] ? kernel_clone+0xfc/0x930 [ 556.287550][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 556.293725][ C1] arch_stack_walk+0x94/0x100 [ 556.298408][ C1] ? kernel_clone+0xfc/0x930 [ 556.303000][ C1] stack_trace_save+0x8e/0xc0 [ 556.307679][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 556.313056][ C1] ? __lock_acquire+0x622/0x1c90 [ 556.317999][ C1] save_stack+0x160/0x1f0 [ 556.322328][ C1] ? __pfx_save_stack+0x10/0x10 [ 556.327175][ C1] ? __free_frozen_pages+0x7df/0x1160 [ 556.332540][ C1] ? qlist_free_all+0x4d/0x120 [ 556.337303][ C1] ? kasan_quarantine_reduce+0x195/0x1e0 [ 556.342937][ C1] ? __kasan_slab_alloc+0x69/0x90 [ 556.347959][ C1] ? __kmalloc_cache_noprof+0x274/0x780 [ 556.353499][ C1] ? set_kthread_struct+0xcb/0x380 [ 556.358608][ C1] ? copy_process+0x310e/0x76a0 [ 556.363459][ C1] ? kernel_clone+0xfc/0x930 [ 556.368051][ C1] ? page_ext_put+0x3e/0xd0 [ 556.372558][ C1] __reset_page_owner+0x84/0x1a0 [ 556.377501][ C1] __free_frozen_pages+0x7df/0x1160 [ 556.382702][ C1] qlist_free_all+0x4d/0x120 [ 556.387298][ C1] kasan_quarantine_reduce+0x195/0x1e0 [ 556.392758][ C1] __kasan_slab_alloc+0x69/0x90 [ 556.397610][ C1] __kmalloc_cache_noprof+0x274/0x780 [ 556.402982][ C1] ? set_kthread_struct+0xcb/0x380 [ 556.408096][ C1] ? set_kthread_struct+0xcb/0x380 [ 556.413205][ C1] set_kthread_struct+0xcb/0x380 [ 556.418141][ C1] copy_process+0x310e/0x76a0 [ 556.422915][ C1] ? trace_pelt_se_tp+0xf1/0x160 [ 556.427968][ C1] ? __lock_acquire+0xb71/0x1c90 [ 556.432930][ C1] ? __pfx_copy_process+0x10/0x10 [ 556.437962][ C1] ? lock_acquire+0x179/0x350 [ 556.442639][ C1] ? find_held_lock+0x2b/0x80 [ 556.447316][ C1] kernel_clone+0xfc/0x930 [ 556.451729][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 556.456925][ C1] ? finish_task_switch.isra.0+0x221/0xc10 [ 556.462752][ C1] ? __pfx_kernel_clone+0x10/0x10 [ 556.467795][ C1] ? __pfx_kthread+0x10/0x10 [ 556.472386][ C1] kernel_thread+0xd7/0x120 [ 556.476892][ C1] ? __pfx_kernel_thread+0x10/0x10 [ 556.482010][ C1] ? __pfx_kthread+0x10/0x10 [ 556.486604][ C1] ? find_held_lock+0x2b/0x80 [ 556.491279][ C1] ? kthreadd+0x495/0x800 [ 556.495614][ C1] kthreadd+0x503/0x800 [ 556.499769][ C1] ? __pfx_kthreadd+0x10/0x10 [ 556.504454][ C1] ret_from_fork+0x675/0x7d0 [ 556.509043][ C1] ? __pfx_kthreadd+0x10/0x10 [ 556.513724][ C1] ret_from_fork_asm+0x1a/0x30 [ 556.518499][ C1] [ 556.521509][ C1] task:syz-executor state:R running task stack:22568 pid:5823 tgid:5823 ppid:5805 task_flags:0x400140 flags:0x00080001 [ 556.534999][ C1] Call Trace: [ 556.538276][ C1] [ 556.541205][ C1] __schedule+0x1190/0x5de0 [ 556.545710][ C1] ? stack_depot_save_flags+0x29/0x9c0 [ 556.551175][ C1] ? kasan_save_stack+0x33/0x60 [ 556.556028][ C1] ? kasan_save_track+0x14/0x30 [ 556.560876][ C1] ? __kasan_slab_alloc+0x89/0x90 [ 556.565909][ C1] ? __pfx___schedule+0x10/0x10 [ 556.570756][ C1] ? __lock_acquire+0x622/0x1c90 [ 556.575703][ C1] ? mark_held_locks+0x49/0x80 [ 556.580470][ C1] preempt_schedule_irq+0x51/0x90 [ 556.585494][ C1] irqentry_exit+0x36/0x90 [ 556.589913][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 556.595885][ C1] RIP: 0010:lock_release+0x8f/0x2f0 [ 556.601085][ C1] Code: 01 00 00 65 4c 8b 35 78 8d 0b 12 41 8b b6 2c 0b 00 00 85 f6 0f 85 ff 00 00 00 48 81 3b 40 65 ab 93 0f 84 f2 00 00 00 9c 41 5d 48 c7 c7 b0 63 bf 8d e8 84 88 cd 09 65 ff 05 f5 ce 0b 12 8b 0d [ 556.620867][ C1] RSP: 0018:ffffc900042af578 EFLAGS: 00000202 [ 556.626933][ C1] RAX: 0000000000000000 RBX: ffffffff8e3c4460 RCX: 00000000a50b99d9 [ 556.634904][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 556.642874][ C1] RBP: 00007f495d78d5ba R08: 0db9c5f01e67c53a R09: 0000000000000000 [ 556.650846][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff81a76758 [ 556.658817][ C1] R13: 0000000000000202 R14: ffff88807d5a4900 R15: ffff88807d5a4900 [ 556.666795][ C1] ? is_module_text_address+0x148/0x220 [ 556.672365][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 556.678521][ C1] is_module_text_address+0x14d/0x220 [ 556.683901][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 556.690050][ C1] kernel_text_address+0x81/0x100 [ 556.695088][ C1] __kernel_text_address+0xd/0x40 [ 556.700115][ C1] unwind_get_return_address+0x59/0xa0 [ 556.705578][ C1] arch_stack_walk+0xa6/0x100 [ 556.710266][ C1] stack_trace_save+0x8e/0xc0 [ 556.714943][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 556.720313][ C1] ? __lock_acquire+0x622/0x1c90 [ 556.725260][ C1] save_stack+0x160/0x1f0 [ 556.729591][ C1] ? __pfx_save_stack+0x10/0x10 [ 556.734443][ C1] ? __free_frozen_pages+0x7df/0x1160 [ 556.739812][ C1] ? qlist_free_all+0x4d/0x120 [ 556.744580][ C1] ? kasan_quarantine_reduce+0x195/0x1e0 [ 556.750214][ C1] ? __kasan_slab_alloc+0x69/0x90 [ 556.755238][ C1] ? __kmalloc_noprof+0x2e8/0x880 [ 556.760259][ C1] ? tomoyo_encode2+0x100/0x3e0 [ 556.765109][ C1] ? tomoyo_encode+0x29/0x50 [ 556.769696][ C1] ? tomoyo_realpath_from_path+0x18f/0x6e0 [ 556.775506][ C1] ? tomoyo_path_perm+0x274/0x460 [ 556.780542][ C1] ? security_inode_getattr+0x116/0x290 [ 556.786108][ C1] ? vfs_fstat+0x4b/0xe0 [ 556.790345][ C1] ? vfs_fstatat+0xbc/0xf0 [ 556.794753][ C1] ? __do_sys_newfstatat+0x97/0x120 [ 556.799962][ C1] ? do_syscall_64+0xcd/0xfa0 [ 556.804634][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.810697][ C1] ? page_ext_put+0x3e/0xd0 [ 556.815204][ C1] __reset_page_owner+0x84/0x1a0 [ 556.820142][ C1] __free_frozen_pages+0x7df/0x1160 [ 556.825345][ C1] qlist_free_all+0x4d/0x120 [ 556.829934][ C1] kasan_quarantine_reduce+0x195/0x1e0 [ 556.835389][ C1] __kasan_slab_alloc+0x69/0x90 [ 556.840244][ C1] __kmalloc_noprof+0x2e8/0x880 [ 556.845095][ C1] ? tomoyo_encode2+0x100/0x3e0 [ 556.849952][ C1] ? tomoyo_encode2+0x100/0x3e0 [ 556.854803][ C1] tomoyo_encode2+0x100/0x3e0 [ 556.859486][ C1] tomoyo_encode+0x29/0x50 [ 556.863905][ C1] tomoyo_realpath_from_path+0x18f/0x6e0 [ 556.869555][ C1] tomoyo_path_perm+0x274/0x460 [ 556.874401][ C1] ? tomoyo_path_perm+0x260/0x460 [ 556.879430][ C1] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 556.884829][ C1] ? find_held_lock+0x2b/0x80 [ 556.889501][ C1] ? __might_fault+0xe3/0x190 [ 556.894179][ C1] ? __might_fault+0xe3/0x190 [ 556.898853][ C1] ? __might_fault+0x13b/0x190 [ 556.903619][ C1] security_inode_getattr+0x116/0x290 [ 556.908998][ C1] vfs_fstat+0x4b/0xe0 [ 556.913066][ C1] vfs_fstatat+0xbc/0xf0 [ 556.917302][ C1] __do_sys_newfstatat+0x97/0x120 [ 556.922329][ C1] ? __pfx___do_sys_newfstatat+0x10/0x10 [ 556.927953][ C1] ? __pfx_do_sys_openat2+0x10/0x10 [ 556.933162][ C1] ? xfd_validate_state+0x61/0x180 [ 556.938282][ C1] do_syscall_64+0xcd/0xfa0 [ 556.942783][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 556.948670][ C1] RIP: 0033:0x7f495d78d5ba [ 556.953078][ C1] RSP: 002b:00007ffc806236a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000106 [ 556.961489][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f495d78d5ba [ 556.969463][ C1] RDX: 00007ffc806236b0 RSI: 00007f495d84ef42 RDI: 0000000000000003 [ 556.977442][ C1] RBP: 00007ffc806236b0 R08: 0000000000000000 R09: 0000000000000000 [ 556.985406][ C1] R10: 0000000000001000 R11: 0000000000000206 R12: 00007ffc806248b0 [ 556.993376][ C1] R13: 00007f495d811d7d R14: 0000000000069452 R15: 00007ffc806248f0 [ 557.001360][ C1] [ 557.004372][ C1] task:syz.0.1042 state:R running task stack:27160 pid:9971 tgid:9971 ppid:5808 task_flags:0x40044c flags:0x00080003 [ 557.017870][ C1] Call Trace: [ 557.021144][ C1] [ 557.024070][ C1] __schedule+0x1190/0x5de0 [ 557.028593][ C1] ? arch_stack_walk+0x88/0x100 [ 557.033464][ C1] ? __pfx___schedule+0x10/0x10 [ 557.038321][ C1] ? mark_held_locks+0x49/0x80 [ 557.043084][ C1] preempt_schedule_irq+0x51/0x90 [ 557.048106][ C1] irqentry_exit+0x36/0x90 [ 557.052518][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 557.058501][ C1] RIP: 0010:lock_release+0x4b/0x2f0 [ 557.063704][ C1] Code: 44 24 10 31 c0 0f 1f 44 00 00 65 8b 05 d2 8d 0b 12 83 f8 07 0f 87 38 02 00 00 89 c0 48 0f a3 05 5b 26 ea 0e 0f 82 b1 01 00 00 <8b> 3d d3 56 ea 0e 85 ff 0f 84 25 01 00 00 65 8b 05 38 cf 0b 12 85 [ 557.083309][ C1] RSP: 0018:ffffc9000bad6fe0 EFLAGS: 00000202 [ 557.089377][ C1] RAX: 0000000000000001 RBX: ffffffff8e3c4460 RCX: ffffc9000bad8001 [ 557.097433][ C1] RDX: 0000000000000000 RSI: ffffffff8bf1e9c0 RDI: ffffffff8ddb0ee0 [ 557.105400][ C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 557.113380][ C1] R10: 0000000000000000 R11: 0000000000013eb4 R12: ffffffff816c4914 [ 557.121349][ C1] R13: ffffc9000bad7098 R14: ffffc9000bad78b8 R15: ffffc9000bad70cc [ 557.129318][ C1] ? unwind_next_frame+0x3f4/0x20a0 [ 557.134548][ C1] unwind_next_frame+0x3f9/0x20a0 [ 557.139577][ C1] ? dentry_unlink_inode+0x29c/0x480 [ 557.144867][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 557.151020][ C1] arch_stack_walk+0x94/0x100 [ 557.155705][ C1] ? __dentry_kill+0x1d0/0x600 [ 557.160469][ C1] stack_trace_save+0x8e/0xc0 [ 557.165143][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 557.170519][ C1] kasan_save_stack+0x33/0x60 [ 557.175198][ C1] ? kasan_save_stack+0x33/0x60 [ 557.180046][ C1] ? kasan_save_track+0x14/0x30 [ 557.184913][ C1] ? __kasan_slab_alloc+0x89/0x90 [ 557.189932][ C1] ? kmem_cache_alloc_noprof+0x250/0x6e0 [ 557.195557][ C1] ? kmem_alloc_batch+0x49/0x170 [ 557.200501][ C1] ? debug_objects_fill_pool+0x23f/0x520 [ 557.206131][ C1] ? debug_object_activate+0x10b/0x4c0 [ 557.211582][ C1] ? __call_rcu_common.constprop.0+0x35/0xa10 [ 557.217650][ C1] ? security_inode_free+0xa4/0x170 [ 557.222845][ C1] ? __destroy_inode+0x201/0x730 [ 557.227777][ C1] ? destroy_inode+0x91/0x1b0 [ 557.232444][ C1] ? evict+0x5b4/0x920 [ 557.236506][ C1] ? iput.part.0+0x6a9/0xb00 [ 557.241089][ C1] ? iput+0x35/0x40 [ 557.244887][ C1] ? dentry_unlink_inode+0x29c/0x480 [ 557.250262][ C1] kasan_save_track+0x14/0x30 [ 557.254940][ C1] __kasan_slab_alloc+0x89/0x90 [ 557.259790][ C1] kmem_cache_alloc_noprof+0x250/0x6e0 [ 557.265245][ C1] ? kmem_alloc_batch+0x49/0x170 [ 557.270190][ C1] ? kmem_alloc_batch+0x49/0x170 [ 557.275127][ C1] kmem_alloc_batch+0x49/0x170 [ 557.279898][ C1] debug_objects_fill_pool+0x23f/0x520 [ 557.285349][ C1] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 557.291330][ C1] ? __pfx_inode_free_by_rcu+0x10/0x10 [ 557.296791][ C1] debug_object_activate+0x10b/0x4c0 [ 557.302078][ C1] ? deactivate_super+0x4a/0x100 [ 557.307020][ C1] ? __pfx_debug_object_activate+0x10/0x10 [ 557.312822][ C1] ? __lock_acquire+0xb8a/0x1c90 [ 557.317769][ C1] ? find_held_lock+0x2b/0x80 [ 557.322445][ C1] ? __pfx_inode_free_by_rcu+0x10/0x10 [ 557.327902][ C1] __call_rcu_common.constprop.0+0x35/0xa10 [ 557.333797][ C1] ? preempt_count_add+0x76/0x150 [ 557.338827][ C1] security_inode_free+0xa4/0x170 [ 557.343850][ C1] __destroy_inode+0x201/0x730 [ 557.348612][ C1] destroy_inode+0x91/0x1b0 [ 557.353110][ C1] evict+0x5b4/0x920 [ 557.357000][ C1] ? __pfx_evict+0x10/0x10 [ 557.361414][ C1] ? iput.part.0+0x6a1/0xb00 [ 557.366002][ C1] iput.part.0+0x6a9/0xb00 [ 557.370417][ C1] iput+0x35/0x40 [ 557.374046][ C1] dentry_unlink_inode+0x29c/0x480 [ 557.379162][ C1] __dentry_kill+0x1d0/0x600 [ 557.383749][ C1] dput.part.0+0x4b1/0x9b0 [ 557.388163][ C1] dput+0x1f/0x30 [ 557.391789][ C1] find_next_child+0x18f/0x280 [ 557.396554][ C1] __simple_recursive_removal+0x2c4/0x610 [ 557.402275][ C1] ? __pfx_remove_one+0x10/0x10 [ 557.407132][ C1] debugfs_remove+0x5d/0x80 [ 557.411659][ C1] kvm_destroy_vm_debugfs+0xc6/0x250 [ 557.416955][ C1] kvm_put_kvm+0xfe/0xb00 [ 557.421286][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 557.426487][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 557.431686][ C1] ? __pfx_kvm_vm_release+0x10/0x10 [ 557.436889][ C1] kvm_vm_release+0x3c/0x50 [ 557.441394][ C1] __fput+0x402/0xb70 [ 557.445387][ C1] task_work_run+0x150/0x240 [ 557.450001][ C1] ? __pfx_task_work_run+0x10/0x10 [ 557.455127][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 557.460339][ C1] do_exit+0x86f/0x2bf0 [ 557.464503][ C1] ? __pfx_do_exit+0x10/0x10 [ 557.469088][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 557.474111][ C1] ? find_held_lock+0x2b/0x80 [ 557.478786][ C1] do_group_exit+0xd3/0x2a0 [ 557.483290][ C1] get_signal+0x2671/0x26d0 [ 557.487792][ C1] ? down_write_killable+0x216/0x250 [ 557.493090][ C1] ? __pfx_get_signal+0x10/0x10 [ 557.497938][ C1] ? vm_mmap_pgoff+0x103/0x470 [ 557.502710][ C1] arch_do_signal_or_restart+0x8f/0x7c0 [ 557.508293][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 557.514461][ C1] ? ksys_mmap_pgoff+0x85/0x5c0 [ 557.519322][ C1] ? xfd_validate_state+0x61/0x180 [ 557.524442][ C1] exit_to_user_mode_loop+0x85/0x130 [ 557.529738][ C1] do_syscall_64+0x426/0xfa0 [ 557.534333][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.540225][ C1] RIP: 0033:0x7f2fc4d8ef03 [ 557.544648][ C1] RSP: 002b:00007ffca2b56408 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 557.553056][ C1] RAX: fffffffffffffffc RBX: 00007f2fc37f76c0 RCX: 00007f2fc4d8ef03 [ 557.561021][ C1] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000 [ 557.568987][ C1] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 557.576956][ C1] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffca2b56560 [ 557.584924][ C1] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 557.592911][ C1] [ 557.595925][ C1] task:klogd state:R running task stack:24728 pid:5174 tgid:5174 ppid:1 task_flags:0x400100 flags:0x00080001 [ 557.609414][ C1] Call Trace: [ 557.612691][ C1] [ 557.615622][ C1] __schedule+0x1190/0x5de0 [ 557.620123][ C1] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 557.626809][ C1] ? try_to_wake_up+0xa5d/0x1870 [ 557.631759][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 557.636964][ C1] ? __pfx___schedule+0x10/0x10 [ 557.641824][ C1] ? autoremove_wake_function+0x3d/0x150 [ 557.647453][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 557.652825][ C1] preempt_schedule_common+0x44/0xc0 [ 557.658112][ C1] preempt_schedule_thunk+0x16/0x30 [ 557.663315][ C1] _raw_spin_unlock_irqrestore+0x61/0x80 [ 557.668949][ C1] sock_def_readable+0x15b/0x600 [ 557.673886][ C1] unix_dgram_sendmsg+0xd1b/0x17f0 [ 557.679003][ C1] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 557.684565][ C1] __sys_sendto+0x4a3/0x520 [ 557.689070][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 557.694106][ C1] ? rcu_is_watching+0x12/0xc0 [ 557.698881][ C1] ? xfd_validate_state+0x61/0x180 [ 557.704001][ C1] __x64_sys_sendto+0xe0/0x1c0 [ 557.708765][ C1] ? do_syscall_64+0x91/0xfa0 [ 557.713442][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 557.718638][ C1] do_syscall_64+0xcd/0xfa0 [ 557.723143][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.729033][ C1] RIP: 0033:0x7f0c89d17407 [ 557.733439][ C1] RSP: 002b:00007fffd5dc9820 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 557.741845][ C1] RAX: ffffffffffffffda RBX: 00007f0c89bc7c80 RCX: 00007f0c89d17407 [ 557.749812][ C1] RDX: 000000000000005f RSI: 00007fffd5dc9960 RDI: 0000000000000003 [ 557.757777][ C1] RBP: 00007fffd5dc9d90 R08: 0000000000000000 R09: 0000000000000000 [ 557.765748][ C1] R10: 0000000000004000 R11: 0000000000000202 R12: 00007fffd5dc9da8 [ 557.773716][ C1] R13: 00007fffd5dc9960 R14: 0000000000000044 R15: 00007fffd5dc9960 [ 557.781702][ C1] [ 557.784714][ C1] rcu: rcu_preempt kthread starved for 9599 jiffies! g33021 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 557.795816][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 557.805782][ C1] rcu: RCU grace-period kthread stack dump: [ 557.811664][ C1] task:rcu_preempt state:R running task stack:28080 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 557.825155][ C1] Call Trace: [ 557.828430][ C1] [ 557.831360][ C1] __schedule+0x1190/0x5de0 [ 557.835880][ C1] ? __pfx___schedule+0x10/0x10 [ 557.840736][ C1] ? find_held_lock+0x2b/0x80 [ 557.845407][ C1] ? schedule+0x2d7/0x3a0 [ 557.849735][ C1] schedule+0xe7/0x3a0 [ 557.853800][ C1] schedule_timeout+0x123/0x290 [ 557.858646][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 557.864012][ C1] ? __pfx_process_timeout+0x10/0x10 [ 557.869299][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 557.875104][ C1] ? prepare_to_swait_event+0xf5/0x480 [ 557.880562][ C1] rcu_gp_fqs_loop+0x1ea/0xaf0 [ 557.885327][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 557.890612][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 557.895807][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 557.900741][ C1] ? rcu_gp_cleanup+0x7c1/0xd90 [ 557.905592][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 557.911399][ C1] rcu_gp_kthread+0x26d/0x380 [ 557.916078][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 557.921276][ C1] ? rcu_is_watching+0x12/0xc0 [ 557.926033][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 557.931233][ C1] ? __kthread_parkme+0x19e/0x250 [ 557.936274][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 557.941471][ C1] kthread+0x3c5/0x780 [ 557.945542][ C1] ? __pfx_kthread+0x10/0x10 [ 557.950133][ C1] ? rcu_is_watching+0x12/0xc0 [ 557.954889][ C1] ? __pfx_kthread+0x10/0x10 [ 557.959480][ C1] ret_from_fork+0x675/0x7d0 [ 557.964067][ C1] ? __pfx_kthread+0x10/0x10 [ 557.968664][ C1] ret_from_fork_asm+0x1a/0x30 [ 557.973448][ C1] [ 557.976464][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 557.982783][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) [ 557.991722][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 558.001779][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 [ 558.008549][ C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 a6 d7 2f f6 48 89 df e8 8e 2b 30 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 01 00 00 00 e8 45 36 20 f6 65 8b 05 7e 65 3b 08 85 c0 74 16 5b [ 558.028163][ C1] RSP: 0018:ffffc90000a08418 EFLAGS: 00000246 [ 558.034235][ C1] RAX: 0000000000000006 RBX: ffffffff9ad0de68 RCX: ffffffff81c5395f [ 558.042207][ C1] RDX: 0000000000000000 RSI: ffffffff8db03e7e RDI: ffffffff8bf1ea40 [ 558.050171][ C1] RBP: 0000000000000202 R08: 0000000000000001 R09: 0000000000000001 [ 558.058143][ C1] R10: ffffffff908338d7 R11: ffffffff9ad0de68 R12: 0000000000000001 [ 558.066113][ C1] R13: ffff888183a6a050 R14: dffffc0000000000 R15: 1ffff9200014108a [ 558.074084][ C1] FS: 0000000000000000(0000) GS:ffff888124ad6000(0000) knlGS:0000000000000000 [ 558.083014][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 558.089595][ C1] CR2: 00007fd0222eb8a3 CR3: 000000005dfd3000 CR4: 00000000003526f0 [ 558.097564][ C1] Call Trace: [ 558.100842][ C1] [ 558.103682][ C1] debug_object_activate+0x2ec/0x4c0 [ 558.108973][ C1] ? __pfx_debug_object_activate+0x10/0x10 [ 558.114785][ C1] ? synproxy_send_tcp.isra.0+0x491/0x6a0 [ 558.120512][ C1] ? rcuref_put_slowpath+0xe5/0x240 [ 558.125710][ C1] ? __pfx_dst_destroy_rcu+0x10/0x10 [ 558.131000][ C1] __call_rcu_common.constprop.0+0x35/0xa10 [ 558.136896][ C1] ? percpu_counter_add_batch+0xca/0x200 [ 558.142530][ C1] dst_release+0x266/0x340 [ 558.146946][ C1] skb_release_head_state+0x234/0x290 [ 558.152324][ C1] consume_skb+0x85/0x100 [ 558.156653][ C1] nft_synproxy_do_eval+0xa6b/0xd80 [ 558.161864][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 558.167586][ C1] ? ip_vs_conn_out_get+0x67f/0xb20 [ 558.173046][ C1] ? ip_vs_service_find+0x19d/0x1020 [ 558.178331][ C1] ? __pfx_nft_synproxy_eval+0x10/0x10 [ 558.183798][ C1] nft_do_chain+0x2e9/0x1920 [ 558.188399][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 558.193422][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 558.198623][ C1] ? ip_vs_in_hook+0x9e1/0x2730 [ 558.203470][ C1] ? ip_vs_in_hook+0xd91/0x2730 [ 558.208336][ C1] nft_do_chain_inet+0x18a/0x340 [ 558.213279][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 558.218742][ C1] ? nf_nat_ipv4_local_in+0x181/0x720 [ 558.224115][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 558.229574][ C1] nf_hook_slow+0xbe/0x200 [ 558.233990][ C1] nf_hook.constprop.0+0x424/0x750 [ 558.239099][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 558.245082][ C1] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 558.250712][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 558.255831][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 558.261817][ C1] ip_local_deliver+0x169/0x1f0 [ 558.266678][ C1] ip_rcv+0x2e0/0x600 [ 558.270657][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 558.275154][ C1] __netif_receive_skb_one_core+0x197/0x1e0 [ 558.281046][ C1] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 558.287475][ C1] ? lock_acquire+0x179/0x350 [ 558.292162][ C1] ? process_backlog+0x3e7/0x15e0 [ 558.297180][ C1] __netif_receive_skb+0x1d/0x160 [ 558.302200][ C1] process_backlog+0x439/0x15e0 [ 558.307054][ C1] __napi_poll.constprop.0+0xba/0x550 [ 558.312421][ C1] ? skb_defer_free_flush+0x149/0x280 [ 558.319192][ C1] net_rx_action+0x97f/0xef0 [ 558.323793][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 558.328908][ C1] ? rcu_is_watching+0x12/0xc0 [ 558.333687][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 558.338889][ C1] ? tmigr_handle_remote+0x132/0x380 [ 558.344186][ C1] ? run_timer_base+0x121/0x190 [ 558.349036][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 558.354236][ C1] handle_softirqs+0x219/0x8e0 [ 558.359012][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 558.364304][ C1] __irq_exit_rcu+0x109/0x170 [ 558.368976][ C1] irq_exit_rcu+0x9/0x30 [ 558.373213][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 558.378847][ C1] [ 558.381770][ C1] [ 558.384695][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 558.390671][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 558.396302][ C1] Code: 97 74 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 95 23 00 fb f4 3c 0a 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 558.415912][ C1] RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6 [ 558.421982][ C1] RAX: 0000000002e0d541 RBX: 0000000000000001 RCX: ffffffff8b6692a9 [ 558.429952][ C1] RDX: 0000000000000000 RSI: ffffffff8db03e7e RDI: ffffffff8bf1ea40 [ 558.437922][ C1] RBP: ffffed1003adb490 R08: 0000000000000001 R09: ffffed10170a6655 [ 558.445893][ C1] R10: ffff8880b85332ab R11: 0000000000000001 R12: 0000000000000001 [ 558.453860][ C1] R13: ffff88801d6da480 R14: ffffffff908338d0 R15: 0000000000000000 [ 558.461840][ C1] ? ct_kernel_exit+0x139/0x190 [ 558.466708][ C1] default_idle+0x13/0x20 [ 558.471040][ C1] default_idle_call+0x6c/0xb0 [ 558.475802][ C1] do_idle+0x38d/0x500 [ 558.479866][ C1] ? __pfx_do_idle+0x10/0x10 [ 558.484453][ C1] ? trace_sched_exit_tp+0x2f/0x120 [ 558.489665][ C1] cpu_startup_entry+0x4f/0x60 [ 558.494442][ C1] start_secondary+0x21d/0x2b0 [ 558.499218][ C1] ? __pfx_start_secondary+0x10/0x10 [ 558.504510][ C1] common_startup_64+0x13e/0x148 [ 558.509471][ C1]