last executing test programs: 1m14.749926139s ago: executing program 1 (id=854): syz_clone(0x110080, &(0x7f0000000000)="136c5ced72c3d912a068bf52d77d7985f2b86e47bd87c4", 0x17, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)="747624772fb7fcd76047d0f708d1dde17dbf646d62e1086a325505b56b8ef31038789afbedcfead6ff8f23d1cbd654126539dd1f9f6d5a695ae7926e6ed956d19f6b7988c160691d2ae3c83dd6e7518495e3dc86627700043867cf2d627690053bc576d87ab48d819f0422fd2b6fbc0a30a74eab4590c101026f06") r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x40000000) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800400001"], 0x48) (async) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800400001"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='mm_lru_insertion\x00', r0, 0x0, 0x10000}, 0x18) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000240)='mm_lru_insertion\x00', r0, 0x0, 0x10000}, 0x18) socket$alg(0x26, 0x5, 0x0) (async) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-aes-aesni)\x00'}, 0x58) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="119b030e7deba3ec69da3c0cce0764c6baa1660000000000000000000000b8000000000000000000", 0x28) (async) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="119b030e7deba3ec69da3c0cce0764c6baa1660000000000000000000000b8000000000000000000", 0x28) accept4(r2, 0x0, 0x0, 0x80000) (async) r3 = accept4(r2, 0x0, 0x0, 0x80000) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="8063d9c11c0000008dc32ecfc0986a3973108a8da9b7eca51c83017ab319bb38e97d1229fe3ca0f0d19b209c96999fbbe6bef871dd0c4d9f580b6e56c33173908d661494cf2da756e4944f5be18d7fe2344bbd3d3238d513b0805bda12ab36d22dd8cba85d", @ANYRES16=r6, @ANYBLOB="010080000000000000000800000008000300", @ANYRES32=r5, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c000) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f0000000640)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)={0x294, r6, 0x400, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}, [@fils_params=[@NL80211_ATTR_FILS_ERP_USERNAME={0x7, 0xf9, "d0c511"}], @fils_params=[@NL80211_ATTR_FILS_ERP_REALM={0xf2, 0xfa, "b6b2c8aafa02aec97c77a989ea38dee4de2e3e886e15966e697749e48d70be67c6040a99b10272140814ca0f9f0e5f7e65fff5bf8981718ad85399c4478b562fab32815b00991c4da31cdde79933deb551622a2a0b52421820d0e7e732bee3186293850921a4daf49479130a344e757af1405bfaaeecd1d66cc03d880a6dfb93a06048ec9b59fac883c680c2e7cf7575edd5c6d4989cc2a48e81cf591e1bd00629b548d90430ba8c9c7b0deb136d9574334d49e62e48cb5b01bdf840286a3c6eca248ea66a366d8840ef024410a09da3397bab0f7f72495a49721cbee0c8e22df350cb31cee08b407106233360e8"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x8, 0xf9, "3ac61971"}, @NL80211_ATTR_FILS_ERP_USERNAME={0xa, 0xf9, "a3f1a8ca7230"}], @NL80211_ATTR_IE={0xbb, 0x2a, [@fast_bss_trans={0x37, 0xb5, {0x2, 0x4, "a00d58556b3e9ae6696679542ca72862", "4ff424337a90198172832e079498dfb0f2196cc638f64b13e525a89018599932", "5b3fd23626e3bc1072c33f84e6113b34ca7088e36c95f9455d1467e8891c679e", [{0x1, 0x23, "6142c1820e4d432727d2537d69c99d0de82b190c865bfa99661501ac015863b2fe1751"}, {0x2, 0x26, "a7c827a4deeb0df3a1ef1a6e4a55592913206ea267d89c3b0c9f00164516a232a158b7605c74"}, {0x4, 0x6, "196e409bfc13"}, {0x3, 0xc, "e4c6ee9532fdf3dbb7a4b66b"}]}}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_USERNAME={0x14, 0xf9, "f98d1fbddc91febc69c76da388b4f254"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x6b}], @NL80211_ATTR_IE={0x95, 0x2a, [@prep={0x83, 0x25, {{0x0, 0x1}, 0x8, 0x77, @device_b, 0x740, @value=@broadcast, 0x6, 0x4, @broadcast, 0x8}}, @tim={0x5, 0x9, {0x9, 0xcd, 0x7c, "199cee2a5e44"}}, @dsss={0x3, 0x1, 0x7c}, @cf={0x4, 0x6, {0x4, 0xf7, 0x575, 0x800}}, @random={0x3, 0x52, "000d0b9020d1dbb39364b5d68a231853c73532d1e269bf5c97699da4e5daf5bee1f16c315833dabeb298349fe039b7002c1529b8d60af252af302e251471d601a00938718ca6a677c40bb291d086b20a4a93"}]}]}, 0x294}, 0x1, 0x0, 0x0, 0x8001}, 0x20000000) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000007c0)={@mcast1, 0x0}, &(0x7f0000000800)=0x14) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000840)={0x0, @initdev, @private}, &(0x7f0000000880)=0xc) (async) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000840)={0x0, @initdev, @private}, &(0x7f0000000880)=0xc) socket$nl_route(0x10, 0x3, 0x0) (async) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000880)={'bridge_slave_0\x00', 0x0}) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@bridge_delneigh={0x28, 0x1e, 0x1, 0x0, 0x25dfdbfd, {0x7, 0x0, 0x0, r10, 0x0, 0x4}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) getsockopt$inet_mreqn(r3, 0x0, 0x20, &(0x7f0000000900)={@empty, @dev}, &(0x7f0000000940)=0xc) (async) getsockopt$inet_mreqn(r3, 0x0, 0x20, &(0x7f0000000900)={@empty, @dev, 0x0}, &(0x7f0000000940)=0xc) getpeername$packet(r0, &(0x7f0000000980)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000009c0)=0x14) sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f0000000a40)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000b40)={0x11c, 0x0, 0x400, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x48c1}, 0x4000000) syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r3) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r3) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000008c0)={r1, &(0x7f0000000700), 0x0}, 0x20) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r15, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839", 0x5}], 0x1}, 0x0) recvmsg(r14, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x53}], 0x1}, 0x40fd) (async) recvmsg(r14, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x53}], 0x1}, 0x40fd) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, &(0x7f0000000140)) 1m14.580863575s ago: executing program 1 (id=856): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = eventfd(0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000080)={0x0, r1}) prctl$PR_SET_IO_FLUSHER(0x39, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x48) ioctl$VHOST_VDPA_SET_CONFIG(r0, 0x4008af74, &(0x7f00000000c0)={0xf6, 0x25, "104ce9e4f1291617b24b0a04ddbfe733661e65ace421593227f6cdd509db4f3ea75303f37b"}) 1m14.580385466s ago: executing program 1 (id=857): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TCXONC(r0, 0x540a, 0x1) r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000002780), 0x202, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x12214, 0x30000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x6}, @IFLA_BOND_PRIMARY={0x8}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x400c0}, 0x0) 1m14.4989022s ago: executing program 1 (id=858): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000070000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1m14.497539066s ago: executing program 1 (id=860): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) io_uring_setup(0x37cc, &(0x7f0000000040)={0x0, 0x2a11, 0x1c080, 0xa, 0x20002f7}) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x12, 0xc, 0x4, 0x7cb4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x300, 0x2}, 0x50) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000140)={0x20, 0xc, 0x101, 0xfffd, 0x0, 0x0, 0x0}) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1) mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8002, 0x0) chdir(&(0x7f0000000200)='./file0\x00') 1m14.43081654s ago: executing program 1 (id=861): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x7, 0x0, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil) close(r0) 59.445405961s ago: executing program 32 (id=861): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x7, 0x0, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil) close(r0) 3.875459187s ago: executing program 0 (id=1735): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x3, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x18, 0x2, 0x0, 0x1, @val={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x1}}}}}}]}, 0x48}, 0x1, 0x4801000000000000}, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040)={0x56fa9599}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x39, 0xfd, 0x3, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7}, {0xeda7, 0x1, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x8}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x3, 0x10, 0x0, 0x0, 0x2004cb, 0x3, 0x100000000000000, 0xfffffffffffffff8, 0x0, 0xfffffffffffff2ab, 0x2000000000003ff, 0x2], 0xd000, 0x200306}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r8) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r7, &(0x7f0000000080)=[{&(0x7f0000000000)="89e7ee2c21fe62a3b47380c988ca", 0xe}], 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl2\x00', r6, 0x29, 0xf, 0x6, 0x760, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, 0x0, 0x8, 0x2, 0x100}}) 2.429766883s ago: executing program 0 (id=1762): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x2, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000002c0)={&(0x7f0000000180)=[{0x8, 0x1a801, 0x0, 0x0}, {0x6, 0xe200, 0x0, 0x0}], 0x2}) 1.61984301s ago: executing program 2 (id=1783): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f0000000440)=""/53, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000980)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0xfffffffe) r1 = eventfd2(0x7, 0x80000) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af04, &(0x7f0000000400)={0x0, r1}) 1.56949259s ago: executing program 2 (id=1786): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x120) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000040)={0x20004, r0}) r2 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x4009c0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r3 = io_uring_setup(0x7db1, &(0x7f0000000040)={0x0, 0xcbc5, 0x1cc90, 0x0, 0xe4}) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010"], 0x48) r4 = socket$kcm(0x2, 0x922000000001, 0x106) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x24004001) setsockopt$sock_attach_bpf(r4, 0x1, 0x25, &(0x7f00000002c0), 0x8) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r1}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f00000001c0)={r5}) 1.090459139s ago: executing program 4 (id=1791): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x55}, 0xc010) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000780)=[@in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e23, @multicast1}, @in={0x2, 0x4e21, @empty}, @in6={0xa, 0x4e22, 0x9, @local, 0x9f2}], 0x4c) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000380)=[@in={0x2, 0x4e21, @private=0xa010100}, @in6={0xa, 0x4e22, 0x8, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x9}, @in={0x2, 0x4e20, @private=0xa010100}, @in6={0xa, 0x4e21, 0x6, @private1, 0x8}, @in6={0xa, 0x4e23, 0x80, @mcast1, 0x101}, @in={0x2, 0x4e20, @private=0xa010102}, @in={0x2, 0x4e23, @private=0xa010100}], 0x94) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x4e21, 0x0, @local, 0xf}, @in6={0xa, 0x4e20, 0xd, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @in6={0xa, 0x4e21, 0x4, @dev={0xfe, 0x80, '\x00', 0xe}, 0x401}, @in={0x2, 0x4e20, @multicast1}], 0x64) dup(r4) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'syzkaller0\x00', {0x2, 0x4e20, @multicast1}}) sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x4000050, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback, 0xfffffe01}, 0x1c) 1.040148164s ago: executing program 2 (id=1793): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$dsp(r1, &(0x7f00000004c0), 0x0) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0xc06c4124, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}) 1.039910976s ago: executing program 0 (id=1794): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0}) r3 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f00000001c0)={r4}) (fail_nth: 3) 910.054214ms ago: executing program 2 (id=1796): socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3c}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000000000000000100aeceac0f850a6c86dafc3f623fac614000000110001000000000009000000000b000a"], 0x28}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c000380140001"], 0xfc}}, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)=[0x0], 0x1}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='#'], 0x24}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)}) 909.931796ms ago: executing program 0 (id=1797): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000001140), 0xffffffffffffffff) r0 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x140, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/4091, 0x10e0}, {&(0x7f0000001580)=""/238, 0xf0}], 0x4, 0x0, 0x353}}], 0x40000000000002e, 0x2, 0x0) 909.239752ms ago: executing program 2 (id=1799): prctl$PR_SCHED_CORE(0x3e, 0x200000000000001, 0x0, 0x3, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x2}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffffffffffb, 0x106, 0x1, @buffer={0x0, 0x8d, &(0x7f00000004c0)=""/141}, &(0x7f0000000180)="851666ce20db96ab0c7d83e114e7c41762249711e34f4ce12c6afeb7e6d77bd3b97644edd8e3a3b71fcd006b6237766e151f344afb2306455034ea7a31b1a48724e372a5a8a9ca040f5831f2eb11842a4b8ec9064fa439440f374355d9af754314ce445ac9bea7fac19c3ac58a131895c378ec497ffdf9a82032d9fa225397b92d2e2193de6fe2f6b6c0bd0f80de3dc72890b6900c5b86752639bf37ab325c16dc2f1c4d01b4c3b71ebbfd6fc9b316f76a07144538506a68ae00df22f2fa9cbb0c9fa73c1dcf3eb2eb4fe3534fcee01e9ca0c66f27b8e05e7545cbc3511b3d086f51d58f9acd52eab032468cc8075451bcd5c081a8db84ff509a2f874daf6b3ddff977834d87", 0x0, 0x2, 0x0, 0x0, 0x0}) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000300)={0xe, @win={{0x800, 0x6, 0x7}, 0x5, 0x8, 0x0, 0x2, &(0x7f0000000180)="a9", 0x1}}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) openat$comedi(0xffffff9c, 0x0, 0x21000, 0x0) 849.644206ms ago: executing program 4 (id=1800): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000004c0)='\x00', 0x1, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x5, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000002200)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}}, {{0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000140)="bd", 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) 849.292822ms ago: executing program 3 (id=1801): prctl$PR_SCHED_CORE(0x3e, 0x200000000000001, 0x0, 0x3, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x2}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffffffffffb, 0x106, 0x1, @buffer={0x0, 0x8d, &(0x7f00000004c0)=""/141}, &(0x7f0000000180)="851666ce20db96ab0c7d83e114e7c41762249711e34f4ce12c6afeb7e6d77bd3b97644edd8e3a3b71fcd006b6237766e151f344afb2306455034ea7a31b1a48724e372a5a8a9ca040f5831f2eb11842a4b8ec9064fa439440f374355d9af754314ce445ac9bea7fac19c3ac58a131895c378ec497ffdf9a82032d9fa225397b92d2e2193de6fe2f6b6c0bd0f80de3dc72890b6900c5b86752639bf37ab325c16dc2f1c4d01b4c3b71ebbfd6fc9b316f76a07144538506a68ae00df22f2fa9cbb0c9fa73c1dcf3eb2eb4fe3534fcee01e9ca0c66f27b8e05e7545cbc3511b3d086f51d58f9acd52eab032468cc8075451bcd5c081a8db84ff509a2f874daf6b3ddff977834d87", 0x0, 0x2, 0x0, 0x0, 0x0}) (fail_nth: 1) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000300)={0xe, @win={{0x800, 0x6, 0x7}, 0x5, 0x8, 0x0, 0x2, &(0x7f0000000180)="a9", 0x1}}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) openat$comedi(0xffffff9c, 0x0, 0x21000, 0x0) 848.775201ms ago: executing program 4 (id=1802): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xffffffff, 0x101002) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x81) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mknod(&(0x7f0000000140)='./file0\x00', 0x20, 0x10001) open$dir(&(0x7f0000000000)='./file0/file0\x00', 0x0, 0x2) chdir(&(0x7f0000000100)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) ioctl$PTP_SYS_OFFSET(r3, 0x43403d05, &(0x7f0000000540)={0x14}) ioctl$KVM_SET_IRQCHIP(r2, 0x4048aec9, &(0x7f0000001480)={0x3, 0x0, @ioapic={0x4, 0x2, 0xfffffffd, 0x5ea6, 0x0, [{0x8, 0x7, 0x2, '\x00', 0xc}, {0x7, 0x80, 0x2, '\x00', 0x4}, {0x3, 0x0, 0x6, '\x00', 0x4}, {0x8, 0x6, 0x40, '\x00', 0x9}, {0x3, 0x4, 0x4, '\x00', 0x10}, {0x8, 0x6, 0x0, '\x00', 0x5}, {0x5, 0x7, 0x3, '\x00', 0x4}, {0xb4, 0x3, 0xfa, '\x00', 0x9}, {0x80, 0x3, 0x7, '\x00', 0x4}, {0x9, 0xa, 0xa, '\x00', 0x1b}, {0x2, 0x33, 0xd6, '\x00', 0x2}, {0x0, 0xa3, 0x15, '\x00', 0x4}, {0x6, 0x9, 0x6, '\x00', 0x4}, {0x20, 0x3, 0x14, '\x00', 0x7}, {0x6, 0x1, 0xcd, '\x00', 0xc}, {0x8, 0x5, 0x4, '\x00', 0x2}, {0x9, 0x2, 0x4, '\x00', 0x52}, {0x10, 0xeb, 0xa0}, {0xca, 0x4, 0x4, '\x00', 0xe3}, {0x50, 0x7, 0x44, '\x00', 0xc}, {0x8f, 0x5, 0x0, '\x00', 0xf7}, {0x6, 0x0, 0x5, '\x00', 0xff}, {0x0, 0xe, 0x0, '\x00', 0x1}, {0x9, 0x5, 0x1, '\x00', 0x7f}]}}) mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000440)='./bus\x00', &(0x7f0000000040)='./bus\x00') r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$binfmt_misc(r4, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x4, 0x48e1, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac100875397bdb22d0000b420a1a93c9e01177d3d058dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0x2000000000001]}}) 750.212898ms ago: executing program 2 (id=1803): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x2, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000002c0)={&(0x7f0000000180)=[{0x8, 0x1a801, 0x0, 0x0}, {0x6, 0xe200, 0x0, 0x0}, {0x3ff, 0x1, 0x0, 0x0}], 0x3}) 688.842601ms ago: executing program 3 (id=1804): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$dsp(r1, &(0x7f00000004c0)='\x00', 0x1) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0xc06c4124, 0x0) 589.985074ms ago: executing program 4 (id=1805): r0 = openat$comedi(0xffffff9c, &(0x7f0000000080)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f50b, 0x0) ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0xff92, 0x0, 0x2, 0x4}) 589.777183ms ago: executing program 4 (id=1806): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f0000000440)=""/53, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, 0x0, 0x0, 0xeeef0000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000980)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0xfffffffe) r1 = eventfd2(0x7, 0x80000) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af04, &(0x7f0000000400)={0x0, r1}) 509.937761ms ago: executing program 4 (id=1807): prctl$PR_SCHED_CORE(0x3e, 0x200000000000001, 0x0, 0x3, 0x0) r0 = fcntl$getown(0xffffffffffffffff, 0x9) timer_create(0x0, &(0x7f0000000680)={0x0, 0x26, 0x2, @tid=r0}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000003c0)=@ethtool_coalesce={0x33, 0x0, 0x7f2e, 0x2, 0xfffffffd, 0x40000000, 0x0, 0xfffffffe, 0x0, 0xfffffffd, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x2}}) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffffffffffb, 0x106, 0x1, @buffer={0x0, 0x8d, &(0x7f00000004c0)=""/141}, &(0x7f0000000180)="851666ce20db96ab0c7d83e114e7c41762249711e34f4ce12c6afeb7e6d77bd3b97644edd8e3a3b71fcd006b6237766e151f344afb2306455034ea7a31b1a48724e372a5a8a9ca040f5831f2eb11842a4b8ec9064fa439440f374355d9af754314ce445ac9bea7fac19c3ac58a131895c378ec497ffdf9a82032d9fa225397b92d2e2193de6fe2f6b6c0bd0f80de3dc72890b6900c5b86752639bf37ab325c16dc2f1c4d01b4c3b71ebbfd6fc9b316f76a07144538506a68ae00df22f2fa9cbb0c9fa73c1dcf3eb2eb4fe3534fcee01e9ca0c66f27b8e05e7545cbc3511b3d086f51d58f9acd52eab032468cc8075451bcd5c081a8db84ff509a2f874daf6b3ddff977834d87", 0x0, 0x2, 0x0, 0x0, 0x0}) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000300)={0xe, @win={{0x800, 0x6, 0x7}, 0x5, 0x8, 0x0, 0x2, &(0x7f0000000180)="a9", 0x1}}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) openat$comedi(0xffffff9c, 0x0, 0x21000, 0x0) 150.276447ms ago: executing program 3 (id=1808): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x55}, 0xc010) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000780)=[@in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e23, @multicast1}, @in={0x2, 0x4e21, @empty}, @in6={0xa, 0x4e22, 0x9, @local, 0x9f2}], 0x4c) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000380)=[@in={0x2, 0x4e21, @private=0xa010100}, @in6={0xa, 0x4e22, 0x8, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x9}, @in={0x2, 0x4e20, @private=0xa010100}, @in6={0xa, 0x4e21, 0x6, @private1, 0x8}, @in6={0xa, 0x4e23, 0x80, @mcast1, 0x101}, @in={0x2, 0x4e20, @private=0xa010102}, @in={0x2, 0x4e23, @private=0xa010100}], 0x94) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x4e21, 0x0, @local, 0xf}, @in6={0xa, 0x4e20, 0xd, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @in6={0xa, 0x4e21, 0x4, @dev={0xfe, 0x80, '\x00', 0xe}, 0x401}, @in={0x2, 0x4e20, @multicast1}], 0x64) dup(r4) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'syzkaller0\x00', {0x2, 0x4e20, @multicast1}}) sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x4000050, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback, 0xfffffe01}, 0x1c) 100.324556ms ago: executing program 3 (id=1809): socket$alg(0x26, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000000000000000100aeceac0f850a6c86dafc3f623fac614000000110001000000000009000000000b000a"], 0x28}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c000380140001"], 0xfc}}, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)=[0x0], 0x1}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='#'], 0x24}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)}) 50.197048ms ago: executing program 3 (id=1810): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000004c0)='\x00', 0x1, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x5, @loopback}, 0x1c) sendmmsg$sock(r0, &(0x7f0000002200)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}}, {{0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000140)="bd", 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) 49.832518ms ago: executing program 0 (id=1811): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca285ffffff0000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 226.16µs ago: executing program 0 (id=1812): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x189000, 0x0) (async) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) writev(r1, &(0x7f0000019880)=[{&(0x7f0000000400)="fb", 0xffffff5c}, {&(0x7f00000197c0)="1902eb02d5e5f29e59e1a7caec33eb76d2430da474d87e367f6598d026438b65eda8341073b6752abdcee080c8e1e876b25227c37d7dd79886ce33f13e857c8eda1cecf6ac36c03dbf54e3cb5136da5a33fee76fb3113f8b6700e9e5fc006b8eed665fed48738d59395ad07438c3610ae3976aac75caf2facafa21c25be3c2", 0x7f}], 0x2) sched_rr_get_interval(r2, &(0x7f0000000000)) (async) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xd4) 0s ago: executing program 3 (id=1813): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0}) r3 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r2}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c64d2, &(0x7f00000001c0)={r4}) kernel console output (not intermixed with test programs): wn, defaulting to 1000 [ 90.803837][ T8278] xfrm0 speed is unknown, defaulting to 1000 [ 90.807940][ T8278] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 90.822363][ T8278] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 90.857451][ T8278] xfrm0 speed is unknown, defaulting to 1000 [ 90.863632][ T8278] xfrm0 speed is unknown, defaulting to 1000 [ 90.867509][ T8278] xfrm0 speed is unknown, defaulting to 1000 [ 90.871425][ T8278] xfrm0 speed is unknown, defaulting to 1000 [ 91.394241][ T8312] team0 (unregistering): Port device team_slave_0 removed [ 91.400458][ T8312] team0 (unregistering): Port device team_slave_1 removed [ 91.519274][ T8315] tmpfs: Group quota inode hardlimit too large. [ 91.523533][ T8315] netlink: 12 bytes leftover after parsing attributes in process `syz.1.736'. [ 91.791398][ T6000] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 91.795272][ T6000] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 102.412272][ T8341] netlink: 8 bytes leftover after parsing attributes in process `syz.2.744'. [ 102.422299][ T8337] netlink: 'syz.0.742': attribute type 1 has an invalid length. [ 102.424736][ T8337] netlink: 'syz.0.742': attribute type 7 has an invalid length. [ 102.427160][ T8337] netlink: 'syz.0.742': attribute type 8 has an invalid length. [ 102.443045][ T8337] netlink: 132 bytes leftover after parsing attributes in process `syz.0.742'. [ 102.462028][ T5941] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.473556][ T5941] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.479876][ T5941] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.487763][ T5941] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 102.492024][ T5941] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 102.508387][ T5296] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.521108][ T5296] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.523679][ T5296] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.541504][ T5296] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 102.544262][ T5296] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 102.564762][ T8349] xfrm0 speed is unknown, defaulting to 1000 [ 102.577299][ T8366] geneve2: entered promiscuous mode [ 102.607515][ T40] kauditd_printk_skb: 24 callbacks suppressed [ 102.607529][ T40] audit: type=1400 audit(1765548758.726:606): avc: denied { name_connect } for pid=8372 comm="syz.2.753" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 102.663408][ T8379] xfrm0 speed is unknown, defaulting to 1000 [ 102.698367][ T8349] chnl_net:caif_netlink_parms(): no params data found [ 102.700625][ T40] audit: type=1400 audit(1765548758.816:607): avc: denied { connect } for pid=8378 comm="syz.1.755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 102.797643][ T40] audit: type=1400 audit(1765548758.916:608): avc: denied { read } for pid=8382 comm="syz.2.756" path="socket:[22815]" dev="sockfs" ino=22815 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 102.800319][ T8349] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.807259][ T8349] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.809538][ T8349] bridge_slave_0: entered allmulticast mode [ 102.812372][ T8349] bridge_slave_0: entered promiscuous mode [ 102.816664][ T8349] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.818969][ T8349] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.821331][ T8349] bridge_slave_1: entered allmulticast mode [ 102.824692][ T8349] bridge_slave_1: entered promiscuous mode [ 102.842953][ T8349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.847281][ T8349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.858422][ T8398] afs: Unknown parameter '18446744073709551615' [ 102.861367][ T8349] team0: Port device team_slave_0 added [ 102.864366][ T8349] team0: Port device team_slave_1 added [ 102.880805][ T8349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.883506][ T8349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.901640][ T8349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.905974][ T8349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.908161][ T8349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 102.917158][ T8349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.937836][ T8349] hsr_slave_0: entered promiscuous mode [ 102.940089][ T8349] hsr_slave_1: entered promiscuous mode [ 102.942441][ T8349] debugfs: 'hsr0' already exists in 'hsr' [ 102.944255][ T8349] Cannot create hsr debugfs directory [ 102.962626][ T40] audit: type=1400 audit(1765548759.086:609): avc: denied { listen } for pid=8401 comm="syz.1.761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 102.969617][ T40] audit: type=1400 audit(1765548759.086:610): avc: denied { accept } for pid=8401 comm="syz.1.761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 102.984323][ T6020] delete_channel: no stack [ 103.018856][ T8349] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.023197][ T8349] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 103.105594][ T8349] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.108770][ T8349] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 103.177395][ T8349] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.181786][ T8349] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 103.201641][ T8421] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 103.204798][ T40] audit: type=1326 audit(1765548759.326:611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8419 comm="syz.2.767" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f55f1d8f7c9 code=0x0 [ 103.237126][ T8349] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.241816][ T8349] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20002 - 0 [ 103.255465][ T40] audit: type=1400 audit(1765548759.376:612): avc: denied { getopt } for pid=8419 comm="syz.2.767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 103.348198][ T8349] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 103.359607][ T8349] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 103.364666][ T8349] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 103.369604][ T8349] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 103.385702][ T8349] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.388533][ T8349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.391312][ T8349] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.394032][ T8349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.422851][ T8349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.430367][ T1177] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.434469][ T1177] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.445779][ T8349] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.457729][ T8014] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.460065][ T8014] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.467383][ T8015] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.469695][ T8015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.566599][ T40] audit: type=1400 audit(1765548759.686:613): avc: denied { mount } for pid=8433 comm="syz.0.769" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 103.626364][ T8349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.636498][ T40] audit: type=1400 audit(1765548759.756:614): avc: denied { unmount } for pid=5933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 103.651008][ T8349] veth0_vlan: entered promiscuous mode [ 103.662849][ T8349] veth1_vlan: entered promiscuous mode [ 103.688022][ T8349] veth0_macvtap: entered promiscuous mode [ 103.695646][ T8349] veth1_macvtap: entered promiscuous mode [ 103.708134][ T8349] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.714879][ T8349] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.721036][ T8014] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.724288][ T8014] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.728975][ T8014] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.734939][ T8014] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.780509][ T8016] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.791313][ T8016] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.806829][ T8446] loop2: detected capacity change from 0 to 7 [ 103.807038][ T1177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.812093][ T1177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.812858][ T8357] Dev loop2: unable to read RDB block 7 [ 103.816126][ T8357] loop2: AHDI p1 p2 p3 [ 103.817461][ T8357] loop2: partition table partially beyond EOD, truncated [ 103.819765][ T8357] loop2: p1 start 1601398130 is beyond EOD, truncated [ 103.822662][ T8357] loop2: p2 start 1702059890 is beyond EOD, truncated [ 103.824850][ T40] audit: type=1400 audit(1765548759.946:615): avc: denied { mounton } for pid=8349 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 103.835552][ T8446] Dev loop2: unable to read RDB block 7 [ 103.851564][ T8446] loop2: AHDI p1 p2 p3 [ 103.853368][ T8446] loop2: partition table partially beyond EOD, truncated [ 103.856036][ T8446] loop2: p1 start 1601398130 is beyond EOD, truncated [ 103.858848][ T8446] loop2: p2 start 1702059890 is beyond EOD, truncated [ 103.905634][ T8457] macvtap1: entered promiscuous mode [ 103.907870][ T8457] macvtap1: entered allmulticast mode [ 103.910503][ T8457] team0: Device macvtap1 is already an upper device of the team interface [ 103.927103][ T8462] XFS (nullb0): Invalid superblock magic number [ 103.950808][ T8462] netlink: 12 bytes leftover after parsing attributes in process `syz.0.775'. [ 103.981682][ T8469] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 103.983943][ T8469] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 103.987483][ T8469] vhci_hcd vhci_hcd.0: Device attached [ 103.992189][ T8471] vhci_hcd: connection closed [ 103.993712][ T1177] vhci_hcd vhci_hcd.1: stop threads [ 103.997573][ T1177] vhci_hcd vhci_hcd.1: release socket [ 103.999416][ T1177] vhci_hcd vhci_hcd.1: disconnect device [ 104.020736][ T8476] SELinux: policydb string length 14080 does not match expected length 8 [ 104.024411][ T8476] SELinux: failed to load policy [ 104.032975][ T8476] tmpfs: Cannot change global quota limit on remount [ 104.125728][ T8480] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.780'. [ 104.154343][ T8482] SELinux: Context system_u:object_r:tpm_device_t:s0 is not valid (left unmapped). [ 104.229856][ T8487] netlink: 20 bytes leftover after parsing attributes in process `syz.3.783'. [ 104.321439][ T6001] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 104.481520][ T6001] usb 5-1: Using ep0 maxpacket: 32 [ 104.487676][ T6001] usb 5-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6 [ 104.490950][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.500974][ T6001] usb 5-1: config 0 descriptor?? [ 104.513329][ T6001] usb 5-1: dvb_usb_v2: found a 'Anysee' in warm state [ 104.515784][ T6001] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 104.518169][ T6001] dvb_usb_anysee 5-1:0.0: probe with driver dvb_usb_anysee failed with error -22 [ 104.601410][ T5941] Bluetooth: hci3: command tx timeout [ 104.697480][ T8519] fuse: Bad value for 'group_id' [ 104.699765][ T8519] fuse: Bad value for 'group_id' [ 104.746933][ T8521] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 104.869868][ T8532] usb usb7: usbfs: process 8532 (syz.1.795) did not claim interface 2 before use [ 105.289208][ T8548] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 105.422936][ T8550] /dev/sr0: Can't open blockdev [ 105.505606][ T8559] bond1: (slave bond_slave_1): Device is not our slave [ 105.507884][ T8559] bond1: option active_slave: invalid value (bond_slave_1) [ 105.511827][ T8559] bond1 (unregistering): Released all slaves [ 105.705180][ T8559] netlink: 'syz.3.805': attribute type 1 has an invalid length. [ 105.726643][ T8569] program syz.1.806 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 105.730566][ T8569] ata1.00: non-matching transfer count (0/2304) [ 106.417033][ T8579] xfrm0 speed is unknown, defaulting to 1000 [ 106.671385][ T5941] Bluetooth: hci3: command tx timeout [ 106.704665][ T8589] netlink: 4 bytes leftover after parsing attributes in process `syz.2.813'. [ 106.707604][ T8590] netlink: 4 bytes leftover after parsing attributes in process `syz.2.813'. [ 106.710696][ T8589] netlink: 12 bytes leftover after parsing attributes in process `syz.2.813'. [ 106.751406][ T8478] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 106.753814][ T8478] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 106.766209][ T8563] random: crng reseeded on system resumption [ 106.812958][ T8595] netlink: 12 bytes leftover after parsing attributes in process `syz.3.815'. [ 106.818602][ T8595] netlink: 12 bytes leftover after parsing attributes in process `syz.3.815'. [ 107.024606][ T8610] netlink: 'syz.3.821': attribute type 6 has an invalid length. [ 107.028468][ T8611] netlink: 'syz.3.821': attribute type 6 has an invalid length. [ 107.271785][ T6001] usb 5-1: USB disconnect, device number 7 [ 107.623471][ T8650] usb usb8: usbfs: process 8650 (syz.1.830) did not claim interface 0 before use [ 107.626709][ T8650] CUSE: unknown device info "<5\z0z,~XY+A}sF'%:Ij!@QmߑRGQq 6*5p)x?," [ 107.641225][ T8650] CUSE: unknown device info "&b%ZW)3\my " [ 107.644315][ T8650] CUSE: unknown device info "ҭSmMi_0˱ݯ;q]{i79{0Եt~>VZ\.9OCU&qmsfkc"" [ 107.648874][ T8650] CUSE: DEVNAME unspecified [ 107.794925][ T40] kauditd_printk_skb: 10 callbacks suppressed [ 107.794936][ T40] audit: type=1326 audit(1765548763.916:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8670 comm="syz.1.836" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc6c9b8f7c9 code=0x0 [ 107.942239][ T8680] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1 sclass=netlink_route_socket pid=8680 comm=syz.1.839 [ 107.983244][ T8692] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR [ 108.185528][ T8708] netlink: 'syz.3.846': attribute type 1 has an invalid length. [ 108.196144][ T8708] netlink: 'syz.3.846': attribute type 5 has an invalid length. [ 108.217394][ T40] audit: type=1400 audit(1765548764.336:627): avc: denied { unmount } for pid=8349 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 108.260477][ T40] audit: type=1400 audit(1765548764.376:628): avc: denied { prog_load } for pid=8713 comm="syz.3.848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 108.271383][ T40] audit: type=1400 audit(1765548764.376:629): avc: denied { bpf } for pid=8713 comm="syz.3.848" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 108.279297][ T40] audit: type=1400 audit(1765548764.376:630): avc: denied { perfmon } for pid=8713 comm="syz.3.848" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 108.289461][ T40] audit: type=1400 audit(1765548764.406:631): avc: denied { read write } for pid=8349 comm="syz-executor" name="loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 108.300415][ T40] audit: type=1400 audit(1765548764.406:632): avc: denied { open } for pid=8349 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 108.309549][ T8722] __nla_validate_parse: 2 callbacks suppressed [ 108.309558][ T8722] netlink: 12 bytes leftover after parsing attributes in process `syz.1.851'. [ 108.310587][ T40] audit: type=1400 audit(1765548764.406:633): avc: denied { ioctl } for pid=8349 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 108.327795][ T40] audit: type=1400 audit(1765548764.416:634): avc: denied { create } for pid=8721 comm="syz.3.850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 108.341489][ T40] audit: type=1400 audit(1765548764.416:635): avc: denied { create } for pid=8720 comm="syz.1.851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 108.705587][ T8758] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 109.040713][ T8782] netlink: 5 bytes leftover after parsing attributes in process `syz.2.869'. [ 109.043656][ T8782] openvswitch: netlink: IP tunnel attribute has 1026 unknown bytes. [ 109.182254][ T8802] netlink: 'syz.2.876': attribute type 1 has an invalid length. [ 109.184809][ T8802] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 109.219886][ T8807] tipc: Started in network mode [ 109.221571][ T8807] tipc: Node identity 3, cluster identity 4711 [ 109.223803][ T8807] tipc: Node number set to 3 [ 109.329946][ T8821] bond2: invalid ARP target 0.0.0.0 specified for addition [ 109.333772][ T8821] bond2: option arp_ip_target: invalid value (0) [ 109.339337][ T8821] bond2 (unregistering): Released all slaves [ 109.474782][ T8837] hfsplus: unable to find HFS+ superblock [ 109.549561][ T8845] veth0_to_bridge: entered promiscuous mode [ 109.556845][ T8843] veth0_to_bridge: left promiscuous mode [ 109.618777][ T8861] 9pnet_virtio: no channels available for device syz [ 109.781737][ T8871] pimreg3: entered allmulticast mode [ 109.849937][ T8879] netlink: 'syz.0.902': attribute type 1 has an invalid length. [ 110.081357][ T6001] usb 8-1: new full-speed USB device number 4 using dummy_hcd [ 110.194837][ T8897] 9p: Bad value for 'rfdno' [ 110.241444][ T8902] xfrm0 speed is unknown, defaulting to 1000 [ 110.242788][ T6001] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 110.247856][ T6001] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 110.252990][ T6001] usb 8-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 110.256797][ T6001] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.263180][ T6001] usb 8-1: config 0 descriptor?? [ 110.267274][ T8873] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 110.277303][ T8905] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 110.287839][ T8905] overlayfs: failed to clone lowerpath [ 110.290553][ T8905] overlayfs: failed to clone lowerpath [ 110.331041][ T8909] 9p: Unknown uid 00000000004294967295 [ 110.357002][ T8916] netlink: 12 bytes leftover after parsing attributes in process `syz.2.915'. [ 110.440004][ T8926] netlink: 'syz.2.919': attribute type 4 has an invalid length. [ 110.444430][ T8926] netlink: 'syz.2.919': attribute type 4 has an invalid length. [ 110.478061][ T6001] usbhid 8-1:0.0: can't add hid device: -71 [ 110.480453][ T6001] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 110.485558][ T6001] usb 8-1: USB disconnect, device number 4 [ 111.306811][ T8945] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 111.311117][ T8946] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 122.015429][ T8952] netlink: 12 bytes leftover after parsing attributes in process `syz.2.926'. [ 122.018288][ T40] kauditd_printk_skb: 175 callbacks suppressed [ 122.018296][ T40] audit: type=1400 audit(1765548778.136:811): avc: denied { ioctl } for pid=8949 comm="syz.0.925" path="socket:[23969]" dev="sockfs" ino=23969 ioctlcmd=0x943e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 122.057088][ T8952] xfrm0 speed is unknown, defaulting to 1000 [ 122.079585][ T8961] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1281 sclass=netlink_route_socket pid=8961 comm=syz.3.929 [ 122.108237][ T40] audit: type=1400 audit(1765548778.226:812): avc: denied { read } for pid=8964 comm="syz.3.930" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 122.108635][ T8966] program syz.3.930 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 122.115999][ T40] audit: type=1400 audit(1765548778.226:813): avc: denied { open } for pid=8964 comm="syz.3.930" path="/dev/sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 122.126736][ T40] audit: type=1400 audit(1765548778.236:814): avc: denied { ioctl } for pid=8964 comm="syz.3.930" path="/dev/bsg/2:0:0:0" dev="devtmpfs" ino=728 ioctlcmd=0x2283 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 122.137614][ T8952] macvlan2: entered promiscuous mode [ 122.139731][ T8952] macvlan2: entered allmulticast mode [ 122.145190][ T8952] bond2: entered promiscuous mode [ 122.147751][ T8952] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 122.148785][ T8969] dlm: no local IP address has been set [ 122.153878][ T8969] dlm: cannot start dlm midcomms -107 [ 122.156485][ T8952] bond2: left promiscuous mode [ 122.157720][ T8969] tmpfs: User quota inode hardlimit too large. [ 122.249732][ T40] audit: type=1400 audit(1765548778.366:815): avc: denied { write } for pid=8973 comm="syz.3.933" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 122.278617][ T40] audit: type=1400 audit(1765548778.396:816): avc: denied { append } for pid=8977 comm="syz.3.934" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 122.280717][ T8979] input: syz1 as /devices/virtual/input/input11 [ 122.291547][ T8981] comedi comedi3: comedi_test: 3879 microvolt, 2147483645 microsecond waveform attached [ 122.303331][ T40] audit: type=1400 audit(1765548778.426:817): avc: denied { read } for pid=5330 comm="acpid" name="event4" dev="devtmpfs" ino=2974 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 122.310767][ T8983] netlink: 'syz.2.935': attribute type 1 has an invalid length. [ 122.311544][ T8980] comedi comedi3: comedi_config --init_data is deprecated [ 122.313361][ T8983] netlink: 'syz.2.935': attribute type 1 has an invalid length. [ 122.319185][ T40] audit: type=1400 audit(1765548778.426:818): avc: denied { open } for pid=5330 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2974 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 122.328359][ T40] audit: type=1400 audit(1765548778.426:819): avc: denied { ioctl } for pid=5330 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2974 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 122.337163][ T8982] netlink: 'syz.2.935': attribute type 1 has an invalid length. [ 122.339822][ T8982] netlink: 'syz.2.935': attribute type 1 has an invalid length. [ 122.343068][ T8983] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 122.343095][ T8986] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 122.373858][ T8988] netlink: 56 bytes leftover after parsing attributes in process `syz.3.936'. [ 122.460001][ T8999] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=52 sclass=netlink_audit_socket pid=8999 comm=syz.2.941 [ 122.577587][ T40] audit: type=1400 audit(1765548778.696:820): avc: denied { ioctl } for pid=9009 comm="syz.0.945" path="socket:[26866]" dev="sockfs" ino=26866 ioctlcmd=0x8931 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 122.610717][ T9013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.946'. [ 122.982252][ T9053] netlink: 4 bytes leftover after parsing attributes in process `syz.2.960'. [ 122.993860][ T9053] bond0: (slave team0): Releasing backup interface [ 122.997058][ T9053] team0 (unregistering): left allmulticast mode [ 122.999223][ T9053] team_slave_1: left allmulticast mode [ 123.004308][ T9053] team0 (unregistering): Port device team_slave_1 removed [ 123.078543][ T9075] rtc_cmos 00:05: Alarms can be up to one day in the future [ 123.126707][ T9054] cgroup: fork rejected by pids controller in /syz2 [ 123.149383][ T9089] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 123.151932][ T9089] overlayfs: failed to set xattr on upper [ 123.154667][ T9089] overlayfs: ...falling back to redirect_dir=nofollow. [ 123.157145][ T9089] overlayfs: ...falling back to index=off. [ 123.159028][ T9089] overlayfs: ...falling back to uuid=null. [ 123.162055][ T9089] overlayfs: conflicting lowerdir path [ 123.247768][ T9095] netlink: 4 bytes leftover after parsing attributes in process `syz.3.965'. [ 123.250759][ T9095] bridge_slave_1: left allmulticast mode [ 123.253510][ T9095] bridge_slave_1: left promiscuous mode [ 123.256066][ T9095] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.263727][ T9095] bridge_slave_0: left allmulticast mode [ 123.266329][ T9095] bridge_slave_0: left promiscuous mode [ 123.268445][ T9095] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.543316][ T9129] netlink: del zone limit has 4 unknown bytes [ 123.547116][ T9129] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9129 comm=syz.3.969 [ 123.797331][ T9160] netlink: 'syz.2.976': attribute type 7 has an invalid length. [ 123.838824][ T5296] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 123.849902][ T5296] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 123.854220][ T5296] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 123.857496][ T5296] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 123.860643][ T5296] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 123.871910][ T5941] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 123.875038][ T5941] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 123.879149][ T5941] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 123.882060][ T5941] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 123.884526][ T5941] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 123.905267][ T9166] xfrm0 speed is unknown, defaulting to 1000 [ 124.023529][ T9166] chnl_net:caif_netlink_parms(): no params data found [ 124.075244][ T9187] 9p: Bad value for 'port' [ 124.087316][ T9166] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.089721][ T9166] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.092485][ T9166] bridge_slave_0: entered allmulticast mode [ 124.095111][ T9166] bridge_slave_0: entered promiscuous mode [ 124.098271][ T9166] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.100528][ T9166] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.103391][ T9166] bridge_slave_1: entered allmulticast mode [ 124.105984][ T9166] bridge_slave_1: entered promiscuous mode [ 124.121150][ T9166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 124.125567][ T9166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 124.139867][ T9166] team0: Port device team_slave_0 added [ 124.144230][ T9166] team0: Port device team_slave_1 added [ 124.156861][ T9166] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 124.158953][ T9166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 124.166989][ T9166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 124.168941][ T9199] netlink: 16 bytes leftover after parsing attributes in process `syz.0.988'. [ 124.171073][ T9166] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 124.175507][ T9166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 124.183426][ T9166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 124.208475][ T9166] hsr_slave_0: entered promiscuous mode [ 124.210796][ T9166] hsr_slave_1: entered promiscuous mode [ 124.211505][ T9205] binder: BINDER_SET_CONTEXT_MGR already set [ 124.212911][ T9166] debugfs: 'hsr0' already exists in 'hsr' [ 124.214856][ T9205] binder: 9203:9205 ioctl 4018620d 2000000002c0 returned -16 [ 124.216259][ T9166] Cannot create hsr debugfs directory [ 124.220400][ T9206] netlink: 8 bytes leftover after parsing attributes in process `syz.2.990'. [ 124.257947][ T9208] netlink: 4 bytes leftover after parsing attributes in process `syz.0.991'. [ 124.264744][ T9208] syz.0.991 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 124.307551][ T9213] binder: BINDER_SET_CONTEXT_MGR already set [ 124.310445][ T9213] binder: 9211:9213 ioctl 4018620d 200000000480 returned -16 [ 124.321087][ T9166] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 124.327992][ T9166] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 124.332864][ T9166] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 124.337257][ T9166] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 124.366582][ T9220] binder: 9211:9220 ioctl c0306201 200000000640 returned -22 [ 124.366603][ T9212] binder: 9211:9212 ioctl c0306201 200000000040 returned -14 [ 124.383545][ T9166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 124.397044][ T9166] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.406448][ T8016] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.409578][ T8016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.418551][ T8020] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.421636][ T8020] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.440132][ T9166] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 124.443876][ T9166] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 124.479804][ T9213] kvm: pic: non byte write [ 124.482447][ T9213] kvm: vcpu 0: requested 3328 ns lapic timer period limited to 200000 ns [ 124.492957][ T9213] kvm: pic: non byte write [ 124.559826][ T9166] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 124.670509][ T9233] netlink: 'syz.0.993': attribute type 2 has an invalid length. [ 124.706784][ T9166] veth0_vlan: entered promiscuous mode [ 124.715415][ T9166] veth1_vlan: entered promiscuous mode [ 124.735775][ T9166] veth0_macvtap: entered promiscuous mode [ 124.741110][ T9166] veth1_macvtap: entered promiscuous mode [ 124.755163][ T9166] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.763665][ T9166] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.769548][ T8015] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.772699][ T8015] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.776046][ T8015] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.779024][ T8015] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.827837][ T8024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.830887][ T8024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.857522][ T8014] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.860036][ T8014] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.168251][ T9271] openvswitch: netlink: Invalid VLAN frame [ 125.170401][ T9270] openvswitch: netlink: Invalid VLAN frame [ 125.172527][ T9271] ipt_REJECT: TCP_RESET invalid for non-tcp [ 125.261607][ T9281] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1007'. [ 125.265261][ T9281] bridge_slave_1: left allmulticast mode [ 125.267099][ T9281] bridge_slave_1: left promiscuous mode [ 125.269031][ T9281] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.275911][ T9281] bridge_slave_0: left allmulticast mode [ 125.277758][ T9281] bridge_slave_0: left promiscuous mode [ 125.279660][ T9281] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.500555][ T9303] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9303 comm=syz.2.1015 [ 125.610583][ T9314] openvswitch: netlink: Actions may not be safe on all matching packets [ 125.658272][ T9316] xfrm0 speed is unknown, defaulting to 1000 [ 125.685560][ T9319] IPv6: NLM_F_CREATE should be specified when creating new route [ 125.756357][ T9320] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1019'. [ 125.951534][ T5941] Bluetooth: hci4: command tx timeout [ 126.749338][ T9347] sctp: [Deprecated]: syz.2.1028 (pid 9347) Use of struct sctp_assoc_value in delayed_ack socket option. [ 126.749338][ T9347] Use struct sctp_sack_info instead [ 128.031376][ T5941] Bluetooth: hci4: command tx timeout [ 128.445498][ T9350] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.762848][ T9350] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 128.815919][ T40] kauditd_printk_skb: 79 callbacks suppressed [ 128.815931][ T40] audit: type=1400 audit(1765548784.936:900): avc: denied { map } for pid=9360 comm="syz.2.1031" path="socket:[27279]" dev="sockfs" ino=27279 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 128.863154][ T9358] tipc: Enabling of bearer rejected, failed to enable media [ 128.892529][ T40] audit: type=1400 audit(1765548785.016:901): avc: denied { listen } for pid=9360 comm="syz.2.1031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 128.901116][ T9368] __nla_validate_parse: 1 callbacks suppressed [ 128.901128][ T9368] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1032'. [ 129.019786][ T9376] vxcan1: entered promiscuous mode [ 129.027441][ T40] audit: type=1400 audit(1765548785.146:902): avc: denied { open } for pid=9374 comm="syz.4.1035" path="/dev/ttyqc" dev="devtmpfs" ino=395 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 129.029902][ T9376] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9376 comm=syz.3.1033 [ 129.042556][ T9373] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1033'. [ 129.046465][ T40] audit: type=1400 audit(1765548785.166:903): avc: granted { setsecparam } for pid=9372 comm="syz.3.1033" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 129.079431][ T40] audit: type=1400 audit(1765548785.196:904): avc: denied { read write } for pid=9374 comm="syz.4.1035" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 129.089108][ T40] audit: type=1400 audit(1765548785.196:905): avc: denied { open } for pid=9374 comm="syz.4.1035" path="/4/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 129.090714][ T9375] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1035'. [ 129.098734][ T40] audit: type=1400 audit(1765548785.206:906): avc: denied { ioctl } for pid=9374 comm="syz.4.1035" path="/4/file0/file0" dev="fuse" ino=64 ioctlcmd=0x5414 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 129.117289][ T9375] netlink: 'syz.4.1035': attribute type 10 has an invalid length. [ 129.119774][ T9375] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1035'. [ 129.123066][ T9375] dummy0: entered promiscuous mode [ 129.145145][ T40] audit: type=1400 audit(1765548785.266:907): avc: denied { unmount } for pid=9166 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 129.179182][ T9379] netlink: 75 bytes leftover after parsing attributes in process `syz.4.1036'. [ 129.207676][ T9381] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9381 comm=syz.0.1034 [ 129.239475][ T9381] xfrm0 speed is unknown, defaulting to 1000 [ 129.265765][ T40] audit: type=1400 audit(1765548785.386:908): avc: denied { write } for pid=9380 comm="syz.0.1034" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 129.320696][ T40] audit: type=1400 audit(1765548785.436:909): avc: denied { getopt } for pid=9380 comm="syz.0.1034" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 129.330382][ T9381] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1034'. [ 129.330408][ T9388] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1034'. [ 129.424472][ T9394] netlink: 'syz.4.1039': attribute type 39 has an invalid length. [ 129.429212][ T9396] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1040'. [ 129.443113][ T9394] veth0_macvtap: left promiscuous mode [ 129.686839][ T9410] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1044'. [ 129.689716][ T9410] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1044'. [ 129.911452][ T6020] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 130.081389][ T6020] usb 5-1: Using ep0 maxpacket: 32 [ 130.084318][ T6020] usb 5-1: config 0 has an invalid interface number: 12 but max is 0 [ 130.086815][ T6020] usb 5-1: config 0 has no interface number 0 [ 130.089362][ T6020] usb 5-1: config 0 interface 12 has no altsetting 0 [ 130.094718][ T6020] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 130.098249][ T6020] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.101473][ T6020] usb 5-1: Product: syz [ 130.104431][ T6020] usb 5-1: Manufacturer: syz [ 130.106385][ T6020] usb 5-1: SerialNumber: syz [ 130.111079][ T6020] usb 5-1: config 0 descriptor?? [ 130.116572][ T6020] f81534 5-1:0.12: required endpoints missing [ 130.121458][ T5941] Bluetooth: hci4: command tx timeout [ 130.321720][ T6092] usb 5-1: USB disconnect, device number 8 [ 130.535403][ T9445] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 130.538221][ T9445] IPv6: NLM_F_CREATE should be set when creating new route [ 130.893219][ T9470] JFS: discard option not supported on device [ 130.895935][ T9470] Mount JFS Failure: -5 [ 131.198355][ T9513] delete_channel: no stack [ 131.221692][ T9520] /dev/sg0: Can't lookup blockdev [ 131.245886][ T9523] hfsplus: unable to find HFS+ superblock [ 131.549458][ T9565] ALSA: mixer_oss: invalid OSS volume ';' [ 131.751443][ T9589] netlink: 'syz.4.1098': attribute type 1 has an invalid length. [ 131.771504][ T9589] 8021q: adding VLAN 0 to HW filter on device bond1 [ 131.790013][ T9593] CIFS mount error: No usable UNC path provided in device string! [ 131.790013][ T9593] [ 131.794769][ T9593] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 131.817435][ T9589] bond1: (slave geneve2): making interface the new active one [ 131.826582][ T9589] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 131.965028][ T9610] program syz.4.1105 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 131.997597][ T9616] netlink: 'syz.4.1106': attribute type 1 has an invalid length. [ 132.000139][ T9615] netlink: 'syz.4.1106': attribute type 1 has an invalid length. [ 132.191333][ T5941] Bluetooth: hci4: command tx timeout [ 132.411326][ T6092] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 132.494531][ T9648] dlm: no locking on control device [ 132.541836][ T9650] mmap: syz.0.1115 (9650): VmData 29077504 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 132.591338][ T6092] usb 9-1: Using ep0 maxpacket: 8 [ 132.594248][ T6092] usb 9-1: config 0 interface 0 has no altsetting 0 [ 132.596321][ T6092] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 132.599179][ T6092] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.610240][ T6092] usb 9-1: config 0 descriptor?? [ 132.746522][ T9652] [syz.0.] <== rxrpc_preparse_xdr_yfs_rxgk() = -EKEYREJECTED [d9c19884!=bc, 2c,d9c19820] [ 132.913729][ T9658] o2cb: This node has not been configured. [ 132.915728][ T9658] o2cb: Cluster check failed. Fix errors before retrying. [ 132.917989][ T9658] (syz.3.1118,9658,1):user_dlm_register:674 ERROR: status = -22 [ 132.921040][ T9658] (syz.3.1118,9658,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 133.018133][ T9570] syz.2.1091 invoked oom-killer: gfp_mask=0x100cc2(GFP_HIGHUSER), order=0, oom_score_adj=0 [ 133.019395][ T6092] usbhid 9-1:0.0: can't add hid device: -71 [ 133.021438][ T9570] CPU: 0 UID: 0 PID: 9570 Comm: syz.2.1091 Not tainted syzkaller #0 PREEMPT(full) [ 133.021452][ T9570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.021458][ T9570] Call Trace: [ 133.021462][ T9570] [ 133.021467][ T9570] dump_stack_lvl+0x16c/0x1f0 [ 133.021498][ T9570] dump_header+0x101/0x960 [ 133.021517][ T9570] oom_kill_process+0x176/0x910 [ 133.021534][ T9570] out_of_memory+0x350/0x1700 [ 133.021554][ T9570] ? __pfx_out_of_memory+0x10/0x10 [ 133.021574][ T9570] mem_cgroup_out_of_memory+0x118/0x130 [ 133.021588][ T9570] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 133.021609][ T9570] ? do_raw_spin_unlock+0x172/0x230 [ 133.021626][ T9570] try_charge_memcg+0x695/0xd30 [ 133.021643][ T9570] ? __pfx_try_charge_memcg+0x10/0x10 [ 133.021658][ T9570] ? __pfx_find_held_lock+0x1/0x10 [ 133.021678][ T9570] ? rcu_read_unlock+0x17/0x60 [ 133.021698][ T9570] charge_memcg+0x8a/0x230 [ 133.021712][ T9570] __mem_cgroup_charge+0x2b/0x1e0 [ 133.021728][ T9570] filemap_add_folio+0xe6/0x610 [ 133.021739][ T9570] ? __pfx_filemap_add_folio+0x10/0x10 [ 133.021750][ T9570] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 133.021768][ T9570] __filemap_get_folio_mpol+0x511/0xc60 [ 133.021782][ T9570] simple_write_begin+0x64/0x3d0 [ 133.021799][ T9570] generic_perform_write+0x3c4/0x900 [ 133.021820][ T9570] ? __pfx_generic_perform_write+0x10/0x10 [ 133.021837][ T9570] ? generic_update_time+0xcf/0xf0 [ 133.021846][ T9570] ? mnt_put_write_access_file+0x45/0xf0 [ 133.021861][ T9570] ? file_update_time_flags+0x35c/0x520 [ 133.021873][ T9570] ? __pfx_generic_file_write_iter+0x10/0x10 [ 133.021883][ T9570] __generic_file_write_iter+0x1f7/0x240 [ 133.021895][ T9570] generic_file_write_iter+0xe1/0x3d0 [ 133.021908][ T9570] ? __pfx_generic_file_write_iter+0x10/0x10 [ 133.021918][ T9570] __kernel_write_iter+0x31a/0xb10 [ 133.021937][ T9570] ? __pfx___kernel_write_iter+0x10/0x10 [ 133.021949][ T9570] ? __up_read+0x2d1/0x700 [ 133.021964][ T9570] ? dump_user_range+0x756/0xb70 [ 133.021983][ T9570] dump_user_range+0x413/0xb70 [ 133.022002][ T9570] ? __pfx_dump_user_range+0x10/0x10 [ 133.022018][ T9570] ? elf_coredump_extra_notes_write+0xbd/0x4f0 [ 133.022034][ T9570] ? __pfx_writenote+0x10/0x10 [ 133.022047][ T9570] elf_core_dump+0x29c3/0x3c10 [ 133.022064][ T9570] ? __pfx_elf_core_dump+0x10/0x10 [ 133.022073][ T9570] ? kasan_save_stack+0x33/0x60 [ 133.022084][ T9570] ? kasan_save_track+0x14/0x30 [ 133.022094][ T9570] ? __kasan_kmalloc+0xaa/0xb0 [ 133.022104][ T9570] ? __kvmalloc_node_noprof+0x3ac/0xa40 [ 133.022116][ T9570] ? vfs_coredump+0x1dd9/0x55e0 [ 133.022130][ T9570] ? arch_do_signal_or_restart+0x8f/0x7e0 [ 133.022145][ T9570] ? irqentry_exit+0x38a/0x8c0 [ 133.022155][ T9570] ? asm_exc_page_fault+0x26/0x30 [ 133.022168][ T9570] ? 0xffffffffff600000 [ 133.022198][ T9570] ? vfs_coredump+0x2b85/0x55e0 [ 133.022213][ T9570] vfs_coredump+0x2b85/0x55e0 [ 133.022233][ T9570] ? __pfx_vfs_coredump+0x10/0x10 [ 133.022248][ T9570] ? __lock_acquire+0x436/0x2890 [ 133.022263][ T9570] ? __lock_acquire+0x436/0x2890 [ 133.022276][ T9570] ? lock_acquire+0x179/0x330 [ 133.022290][ T9570] ? lock_acquire+0x179/0x330 [ 133.022311][ T9570] ? arch_stack_walk+0xa6/0x100 [ 133.022329][ T9570] ? stack_trace_save+0x8e/0xc0 [ 133.022340][ T9570] ? __pfx_stack_trace_save+0x10/0x10 [ 133.022352][ T9570] ? stack_depot_save_flags+0x29/0x9b0 [ 133.022366][ T9570] ? __lock_acquire+0x436/0x2890 [ 133.022379][ T9570] ? kasan_save_stack+0x42/0x60 [ 133.022412][ T9570] ? proc_coredump_connector+0x2d1/0x4f0 [ 133.022424][ T9570] ? __pfx_proc_coredump_connector+0x10/0x10 [ 133.022437][ T9570] ? rcu_is_watching+0x12/0xc0 [ 133.022449][ T9570] get_signal+0x22e1/0x26d0 [ 133.022469][ T9570] ? __pfx_get_signal+0x10/0x10 [ 133.022488][ T9570] arch_do_signal_or_restart+0x8f/0x7e0 [ 133.022503][ T9570] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 133.022521][ T9570] ? __bad_area_nosemaphore+0x350/0x690 [ 133.022538][ T9570] irqentry_exit+0x38a/0x8c0 [ 133.022550][ T9570] asm_exc_page_fault+0x26/0x30 [ 133.022559][ T9570] RIP: 0033:0x7f55f1c4f6b7 [ 133.022568][ T9570] Code: 88 15 42 60 ec 00 88 05 3f 60 ec 00 c3 50 48 8d 35 e9 48 1c 00 48 8d 3d ef 48 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8 [ 133.022578][ T9570] RSP: 002b:00007f55f2bd71a0 EFLAGS: 00010206 [ 133.022586][ T9570] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f55f1d8f7c9 [ 133.022592][ T9570] RDX: 00007f55f2bd71c0 RSI: 00007f55f2bd72f0 RDI: 000000000000000b [ 133.022598][ T9570] RBP: 00007f55f1e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 133.022604][ T9570] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 133.022610][ T9570] R13: 00007f55f1fe6128 R14: 00007f55f1fe6090 R15: 00007ffcf13e5788 [ 133.022624][ T9570] [ 133.022628][ T9570] memory: usage 307200kB, limit 307200kB, failcnt 1660 [ 133.023379][ T6092] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 133.026228][ T9570] memory+swap: usage 308736kB, limit 9007199254740988kB, failcnt 0 [ 133.038349][ T9666] xfrm0 speed is unknown, defaulting to 1000 [ 133.060110][ T9570] kmem: usage 11272kB, limit 9007199254740988kB, failcnt 0 [ 133.060351][ T6092] usb 9-1: USB disconnect, device number 2 [ 133.068113][ T9570] Memory cgroup stats for /syz2: [ 133.185842][ T9570] cache 302985216 [ 133.188859][ T9570] rss 0 [ 133.189763][ T9570] rss_huge 0 [ 133.190845][ T9570] shmem 0 [ 133.192003][ T9570] mapped_file 4112384 [ 133.193461][ T9570] dirty 0 [ 133.194503][ T9570] writeback 0 [ 133.195700][ T9570] workingset_refault_anon 19 [ 133.197243][ T9570] workingset_refault_file 0 [ 133.198755][ T9570] swap 1572864 [ 133.199907][ T9570] swapcached 45056 [ 133.201151][ T9570] pgpgin 175912 [ 133.203040][ T9570] pgpgout 102441 [ 133.204285][ T9570] pgfault 74242 [ 133.205488][ T9570] pgmajfault 24 [ 133.207579][ T9570] inactive_anon 45056 [ 133.208930][ T9570] active_anon 0 [ 133.210098][ T9570] inactive_file 0 [ 133.211389][ T9570] active_file 0 [ 133.212220][ T9677] EXT4-fs (sr0): VFS: Can't find ext4 filesystem [ 133.212653][ T9570] unevictable 302985216 [ 133.216301][ T9570] hierarchical_memory_limit 314572800 [ 133.218313][ T9570] hierarchical_memsw_limit 9223372036854771712 [ 133.220343][ T9570] total_cache 302985216 [ 133.221828][ T9570] total_rss 0 [ 133.222969][ T9570] total_rss_huge 0 [ 133.224199][ T9570] total_shmem 0 [ 133.225381][ T9570] total_mapped_file 4112384 [ 133.226964][ T9570] total_dirty 0 [ 133.228125][ T9570] total_writeback 0 [ 133.229411][ T9570] total_workingset_refault_anon 19 [ 133.231071][ T9570] total_workingset_refault_file 0 [ 133.233184][ T9570] total_swap 1572864 [ 133.234972][ T9570] total_swapcached 45056 [ 133.236389][ T9570] total_pgpgin 175912 [ 133.237731][ T9570] total_pgpgout 102441 [ 133.239111][ T9570] total_pgfault 74242 [ 133.240425][ T9570] total_pgmajfault 24 [ 133.242089][ T9570] total_inactive_anon 45056 [ 133.243594][ T9570] total_active_anon 0 [ 133.245044][ T9570] total_inactive_file 0 [ 133.246419][ T9570] total_active_file 0 [ 133.247743][ T9570] total_unevictable 302985216 [ 133.249428][ T9570] anon_cost 0 [ 133.250674][ T9570] file_cost 0 [ 133.252694][ T9570] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.62,pid=6190,uid=0 [ 133.261769][ T9570] Memory cgroup out of memory: Killed process 6190 (syz.2.62) total-vm:98324kB, anon-rss:1144kB, file-rss:20736kB, shmem-rss:0kB, UID:0 pgtables:96kB oom_score_adj:1000 [ 133.273329][ T9682] loop6: detected capacity change from 0 to 2640 [ 133.276378][ T9581] syz.2.1091 invoked oom-killer: gfp_mask=0x100cc2(GFP_HIGHUSER), order=0, oom_score_adj=0 [ 133.285298][ T9635] buffer_io_error: 11 callbacks suppressed [ 133.285308][ T9635] Buffer I/O error on dev loop6, logical block 0, async page read [ 133.291406][ T9581] CPU: 3 UID: 0 PID: 9581 Comm: syz.2.1091 Not tainted syzkaller #0 PREEMPT(full) [ 133.291428][ T9581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.291437][ T9581] Call Trace: [ 133.291443][ T9581] [ 133.291450][ T9581] dump_stack_lvl+0x16c/0x1f0 [ 133.291472][ T9581] dump_header+0x101/0x960 [ 133.291502][ T9581] oom_kill_process+0x176/0x910 [ 133.291531][ T9581] out_of_memory+0x350/0x1700 [ 133.291561][ T9581] ? __pfx_out_of_memory+0x10/0x10 [ 133.291591][ T9581] mem_cgroup_out_of_memory+0x118/0x130 [ 133.291610][ T9581] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 133.291643][ T9581] ? do_raw_spin_unlock+0x172/0x230 [ 133.291670][ T9581] try_charge_memcg+0x695/0xd30 [ 133.291696][ T9581] ? __pfx_try_charge_memcg+0x10/0x10 [ 133.291716][ T9581] ? __print_lock_name+0xe0/0xe0 [ 133.291741][ T9581] ? rcu_read_unlock+0x17/0x60 [ 133.291770][ T9581] charge_memcg+0x8a/0x230 [ 133.291790][ T9581] __mem_cgroup_charge+0x2b/0x1e0 [ 133.291816][ T9581] filemap_add_folio+0xe6/0x610 [ 133.291835][ T9581] ? __pfx_filemap_add_folio+0x10/0x10 [ 133.291859][ T9581] __filemap_get_folio_mpol+0x511/0xc60 [ 133.291884][ T9581] simple_write_begin+0x64/0x3d0 [ 133.291911][ T9581] generic_perform_write+0x3c4/0x900 [ 133.291944][ T9581] ? __pfx_generic_perform_write+0x10/0x10 [ 133.291970][ T9581] ? __pfx_generic_file_write_iter+0x10/0x10 [ 133.291988][ T9581] ? file_update_time_flags+0x35c/0x520 [ 133.292007][ T9581] ? __pfx_generic_file_write_iter+0x10/0x10 [ 133.292024][ T9581] __generic_file_write_iter+0x1f7/0x240 [ 133.292045][ T9581] generic_file_write_iter+0xe1/0x3d0 [ 133.292064][ T9581] ? __pfx_generic_file_write_iter+0x10/0x10 [ 133.292081][ T9581] __kernel_write_iter+0x31a/0xb10 [ 133.292105][ T9581] ? __pfx___kernel_write_iter+0x10/0x10 [ 133.292129][ T9581] ? __up_read+0x2d1/0x700 [ 133.292155][ T9581] ? dump_user_range+0x756/0xb70 [ 133.292178][ T9581] ? dump_user_range+0x423/0xb70 [ 133.292203][ T9581] dump_user_range+0x413/0xb70 [ 133.292232][ T9581] ? __pfx_dump_user_range+0x10/0x10 [ 133.292258][ T9581] ? elf_coredump_extra_notes_write+0xbd/0x4f0 [ 133.292283][ T9581] ? __pfx_writenote+0x10/0x10 [ 133.292303][ T9581] elf_core_dump+0x29c3/0x3c10 [ 133.292333][ T9581] ? __pfx_elf_core_dump+0x10/0x10 [ 133.292349][ T9581] ? kasan_save_stack+0x33/0x60 [ 133.292362][ T9581] ? kasan_save_track+0x14/0x30 [ 133.292380][ T9581] ? __kasan_kmalloc+0xaa/0xb0 [ 133.292395][ T9581] ? __kvmalloc_node_noprof+0x3ac/0xa40 [ 133.292414][ T9581] ? vfs_coredump+0x1dd9/0x55e0 [ 133.292436][ T9581] ? arch_do_signal_or_restart+0x8f/0x7e0 [ 133.292456][ T9581] ? irqentry_exit+0x38a/0x8c0 [ 133.292471][ T9581] ? asm_exc_page_fault+0x26/0x30 [ 133.292492][ T9581] ? 0xffffffffff600000 [ 133.292548][ T9581] ? vfs_coredump+0x2b85/0x55e0 [ 133.292573][ T9581] vfs_coredump+0x2b85/0x55e0 [ 133.292604][ T9581] ? __pfx_vfs_coredump+0x10/0x10 [ 133.292626][ T9581] ? __lock_acquire+0x436/0x2890 [ 133.292650][ T9581] ? __lock_acquire+0x436/0x2890 [ 133.292671][ T9581] ? lock_acquire+0x179/0x330 [ 133.292693][ T9581] ? lock_acquire+0x179/0x330 [ 133.292729][ T9581] ? arch_stack_walk+0xa6/0x100 [ 133.292758][ T9581] ? stack_trace_save+0x8e/0xc0 [ 133.292777][ T9581] ? __pfx_stack_trace_save+0x10/0x10 [ 133.292796][ T9581] ? stack_depot_save_flags+0x29/0x9b0 [ 133.292817][ T9581] ? __lock_acquire+0x436/0x2890 [ 133.292838][ T9581] ? kasan_save_stack+0x42/0x60 [ 133.292912][ T9581] ? proc_coredump_connector+0x2d1/0x4f0 [ 133.292931][ T9581] ? __pfx_proc_coredump_connector+0x10/0x10 [ 133.292956][ T9581] ? rcu_is_watching+0x12/0xc0 [ 133.292974][ T9581] get_signal+0x22e1/0x26d0 [ 133.293008][ T9581] ? __pfx_get_signal+0x10/0x10 [ 133.293039][ T9581] arch_do_signal_or_restart+0x8f/0x7e0 [ 133.293063][ T9581] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 133.293095][ T9581] ? __bad_area_nosemaphore+0x350/0x690 [ 133.293128][ T9581] irqentry_exit+0x38a/0x8c0 [ 133.293149][ T9581] asm_exc_page_fault+0x26/0x30 [ 133.293164][ T9581] RIP: 0033:0x7f55f1c4f6b7 [ 133.293179][ T9581] Code: 88 15 42 60 ec 00 88 05 3f 60 ec 00 c3 50 48 8d 35 e9 48 1c 00 48 8d 3d ef 48 1c 00 31 c0 e8 20 f7 ff ff 53 89 fb 48 83 ec 10 <64> 8b 04 25 94 ff ff ff 85 c0 74 2a 89 fe 31 c0 bf 3c 00 00 00 e8 [ 133.293194][ T9581] RSP: 002b:00007f55f2bd71a0 EFLAGS: 00010206 [ 133.293207][ T9581] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f55f1d8f7c9 [ 133.293219][ T9581] RDX: 00007f55f2bd71c0 RSI: 00007f55f2bd72f0 RDI: 000000000000000b [ 133.293229][ T9581] RBP: 00007f55f1e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 133.293238][ T9581] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 133.293246][ T9581] R13: 00007f55f1fe6128 R14: 00007f55f1fe6090 R15: 00007ffcf13e5788 [ 133.293271][ T9581] [ 133.293277][ T9581] memory: usage 307200kB, limit 307200kB, failcnt 1788 [ 133.295134][ T9635] Buffer I/O error on dev loop6, logical block 0, async page read [ 133.297372][ T9581] memory+swap: usage 308636kB, limit 9007199254740988kB, failcnt 0 [ 133.303745][ T9635] Buffer I/O error on dev loop6, logical block 0, async page read [ 133.307066][ T9581] kmem: usage 11052kB, limit 9007199254740988kB, failcnt 0 [ 133.311212][ T9635] Buffer I/O error on dev loop6, logical block 0, async page read [ 133.312566][ T9581] Memory cgroup stats for [ 133.313507][ T9635] Buffer I/O error on dev loop6, logical block 0, async page read [ 133.318173][ T9581] /syz2 [ 133.322752][ T9682] Buffer I/O error on dev loop6, logical block 0, async page read [ 133.329758][ T9581] : [ 133.330823][ T9682] Buffer I/O error on dev loop6, logical block 0, async page read [ 133.332848][ T9581] cache 303210496 [ 133.334709][ T9682] Buffer I/O error on dev loop6, logical block 0, async page read [ 133.336703][ T9581] rss 0 [ 133.338310][ T9682] Buffer I/O error on dev loop6, logical block 0, async page read [ 133.340496][ T9581] rss_huge 0 [ 133.343847][ T9682] Buffer I/O error on dev loop6, logical block 0, async page read [ 133.344627][ T9581] shmem 0 [ 133.441368][ T6020] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 133.443265][ T9581] mapped_file 4112384 [ 133.496654][ T9581] dirty 0 [ 133.498073][ T9581] writeback 0 [ 133.499254][ T9581] workingset_refault_anon 19 [ 133.500754][ T9581] workingset_refault_file 0 [ 133.502306][ T9581] swap 1470464 [ 133.503366][ T9581] swapcached 45056 [ 133.504570][ T9581] pgpgin 175967 [ 133.505710][ T9581] pgpgout 102441 [ 133.506955][ T9581] pgfault 74242 [ 133.508121][ T9581] pgmajfault 24 [ 133.509347][ T9581] inactive_anon 24576 [ 133.510610][ T9581] active_anon 20480 [ 133.511894][ T9581] inactive_file 0 [ 133.513079][ T9581] active_file 0 [ 133.514313][ T9581] unevictable 303210496 [ 133.515838][ T9581] hierarchical_memory_limit 314572800 [ 133.517646][ T9581] hierarchical_memsw_limit 9223372036854771712 [ 133.519668][ T9581] total_cache 303210496 [ 133.521000][ T9581] total_rss 0 [ 133.522142][ T9581] total_rss_huge 0 [ 133.523330][ T9581] total_shmem 0 [ 133.524628][ T9581] total_mapped_file 4112384 [ 133.526164][ T9581] total_dirty 0 [ 133.527352][ T9581] total_writeback 0 [ 133.528660][ T9581] total_workingset_refault_anon 19 [ 133.530247][ T9581] total_workingset_refault_file 0 [ 133.531821][ T9581] total_swap 1470464 [ 133.533072][ T9581] total_swapcached 45056 [ 133.534502][ T9581] total_pgpgin 175967 [ 133.535953][ T9581] total_pgpgout 102441 [ 133.537242][ T9581] total_pgfault 74242 [ 133.538509][ T9581] total_pgmajfault 24 [ 133.539784][ T9581] total_inactive_anon 24576 [ 133.541211][ T9581] total_active_anon 20480 [ 133.542642][ T9581] total_inactive_file 0 [ 133.544004][ T9581] total_active_file 0 [ 133.545337][ T9581] total_unevictable 303210496 [ 133.546873][ T9581] anon_cost 0 [ 133.548027][ T9581] file_cost 0 [ 133.549445][ T9581] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1091,pid=9582,uid=0 [ 133.557740][ T9581] Memory cgroup out of memory: Killed process 9582 (syz.2.1091) total-vm:98840kB, anon-rss:1024kB, file-rss:49120kB, shmem-rss:0kB, UID:0 pgtables:204kB oom_score_adj:0 [ 133.582509][ T6020] usb 5-1: device descriptor read/64, error -71 [ 133.608358][ T5934] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 133.629951][ T5934] CPU: 2 UID: 0 PID: 5934 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 133.629973][ T5934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 133.629982][ T5934] Call Trace: [ 133.629987][ T5934] [ 133.629993][ T5934] dump_stack_lvl+0x16c/0x1f0 [ 133.630013][ T5934] dump_header+0x101/0x960 [ 133.630038][ T5934] oom_kill_process+0x176/0x910 [ 133.630062][ T5934] out_of_memory+0x350/0x1700 [ 133.630084][ T5934] ? __lock_acquire+0x436/0x2890 [ 133.630105][ T5934] ? __pfx_out_of_memory+0x10/0x10 [ 133.630133][ T5934] mem_cgroup_out_of_memory+0x118/0x130 [ 133.630149][ T5934] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 133.630178][ T5934] ? do_raw_spin_unlock+0x172/0x230 [ 133.630206][ T5934] try_charge_memcg+0x695/0xd30 [ 133.630230][ T5934] ? __pfx_try_charge_memcg+0x10/0x10 [ 133.630254][ T5934] ? find_held_lock+0x2b/0x80 [ 133.630280][ T5934] charge_memcg+0x8a/0x230 [ 133.630299][ T5934] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 133.630323][ T5934] __read_swap_cache_async+0x397/0x500 [ 133.630341][ T5934] ? __pfx___read_swap_cache_async+0x10/0x10 [ 133.630358][ T5934] ? __kernel_text_address+0xd/0x40 [ 133.630376][ T5934] ? unwind_get_return_address+0x59/0xa0 [ 133.630396][ T5934] ? arch_stack_walk+0xa6/0x100 [ 133.630418][ T5934] swap_cluster_readahead+0x528/0x770 [ 133.630439][ T5934] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 133.630455][ T5934] ? stack_depot_snprint+0x10/0x70 [ 133.630474][ T5934] ? __lock_acquire+0x436/0x2890 [ 133.630497][ T5934] ? security_inode_getattr+0x116/0x290 [ 133.630511][ T5934] ? vfs_fstat+0x4b/0xe0 [ 133.630531][ T5934] ? vfs_fstatat+0xbc/0xf0 [ 133.630542][ T5934] ? __do_sys_newfstatat+0x97/0x120 [ 133.630554][ T5934] ? do_syscall_64+0xcd/0xf80 [ 133.630570][ T5934] ? get_vma_policy+0x242/0x3c0 [ 133.630592][ T5934] swapin_readahead+0x160/0x1220 [ 133.630616][ T5934] ? __pfx_swapin_readahead+0x10/0x10 [ 133.630632][ T5934] ? find_held_lock+0x2b/0x80 [ 133.630651][ T5934] ? swap_cache_get_folio+0x267/0x8e0 [ 133.630664][ T5934] ? swap_cache_get_folio+0x267/0x8e0 [ 133.630676][ T5934] ? swap_cache_get_folio+0x267/0x8e0 [ 133.630692][ T5934] ? swap_cache_get_folio+0x267/0x8e0 [ 133.630705][ T5934] ? swap_cache_get_folio+0x293/0x8e0 [ 133.630729][ T5934] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 133.630741][ T5934] ? __pfx_get_swap_device+0x10/0x10 [ 133.630758][ T5934] ? rcu_read_unlock+0x2d/0xb0 [ 133.630775][ T5934] ? do_swap_page+0x962/0x64a0 [ 133.630795][ T5934] do_swap_page+0x962/0x64a0 [ 133.630819][ T5934] ? __lock_acquire+0x436/0x2890 [ 133.630840][ T5934] ? __pfx_do_swap_page+0x10/0x10 [ 133.630863][ T5934] ? __pfx_default_wake_function+0x10/0x10 [ 133.630893][ T5934] ? rcu_is_watching+0x12/0xc0 [ 133.630906][ T5934] ? ___pte_offset_map+0x175/0x380 [ 133.630926][ T5934] __handle_mm_fault+0x19cb/0x2bb0 [ 133.630952][ T5934] ? reacquire_held_locks+0xcd/0x1f0 [ 133.630987][ T5934] ? __pfx___handle_mm_fault+0x10/0x10 [ 133.631014][ T5934] ? lock_vma_under_rcu+0x176/0x580 [ 133.631051][ T5934] handle_mm_fault+0x3fe/0xad0 [ 133.631076][ T5934] do_user_addr_fault+0x60c/0x1370 [ 133.631096][ T5934] ? rcu_is_watching+0x12/0xc0 [ 133.631112][ T5934] exc_page_fault+0x64/0xc0 [ 133.631127][ T5934] asm_exc_page_fault+0x26/0x30 [ 133.631142][ T5934] RIP: 0033:0x7f55f1d4e369 [ 133.631155][ T5934] Code: 08 00 00 48 39 f0 75 c9 c7 05 cb e4 dc 00 00 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 55 48 89 fd 53 48 83 ec 18 <80> 3d a8 e4 dc 00 00 0f 84 f2 01 00 00 48 85 ed 0f 88 f7 01 00 00 [ 133.631169][ T5934] RSP: 002b:00007ffcf13e4910 EFLAGS: 00010202 [ 133.631188][ T5934] RAX: 0000000000100000 RBX: 0000000000008000 RCX: 00007ffcf13e4960 [ 133.631198][ T5934] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000008030 [ 133.631206][ T5934] RBP: 0000000000008030 R08: 0000000000000000 R09: 0000000000000000 [ 133.631215][ T5934] R10: 0000000000001000 R11: 0000000000000206 R12: 00007ffcf13e5b60 [ 133.631224][ T5934] R13: 00007f55f1e13d7d R14: 00000000000206f0 R15: 00007ffcf13e5ba0 [ 133.631252][ T5934] [ 133.786129][ T9686] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 133.885691][ T40] kauditd_printk_skb: 45 callbacks suppressed [ 133.885702][ T40] audit: type=1401 audit(1765548790.006:955): op=setxattr invalid_context="system_u:object_r:crond_var_run_t:s0" [ 133.891669][ T6020] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 133.903871][ T9689] netlink: 'syz.4.1130': attribute type 1 has an invalid length. [ 133.907538][ T5934] memory: usage 306476kB, limit 307200kB, failcnt 3338 [ 133.918095][ T5934] memory+swap: usage 308340kB, limit 9007199254740988kB, failcnt 0 [ 133.931307][ T5934] kmem: usage 10768kB, limit 9007199254740988kB, failcnt 0 [ 133.940299][ T5934] Memory cgroup stats for /syz2: [ 133.940492][ T5934] cache 302632960 [ 133.946840][ T5934] rss 0 [ 133.947775][ T5934] rss_huge 0 [ 133.957733][ T5934] shmem 0 [ 133.958748][ T5934] mapped_file 4112384 [ 133.961198][ T5934] dirty 0 [ 133.965610][ T5934] writeback 0 [ 133.970280][ T5934] workingset_refault_anon 79 [ 133.971935][ T5934] workingset_refault_file 847 [ 133.975477][ T5934] swap 1294336 [ 133.976593][ T5934] swapcached 77824 [ 133.977806][ T5934] pgpgin 186235 [ 133.978971][ T5934] pgpgout 112811 [ 133.985605][ T5934] pgfault 74418 [ 133.987015][ T5934] pgmajfault 79 [ 133.988410][ T5934] inactive_anon 0 [ 133.989908][ T5934] active_anon 77824 [ 134.001315][ T5934] inactive_file 126976 [ 134.003514][ T5934] active_file 53248 [ 134.004798][ T5934] unevictable 302419968 [ 134.006249][ T5934] hierarchical_memory_limit 314572800 [ 134.007999][ T5934] hierarchical_memsw_limit 9223372036854771712 [ 134.009970][ T5934] total_cache 302632960 [ 134.021319][ T5934] total_rss 0 [ 134.022403][ T5934] total_rss_huge 0 [ 134.023571][ T5934] total_shmem 0 [ 134.024817][ T5934] total_mapped_file 4112384 [ 134.026420][ T6020] usb 5-1: device descriptor read/64, error -71 [ 134.031314][ T5934] total_dirty 0 [ 134.032511][ T5934] total_writeback 0 [ 134.033855][ T5934] total_workingset_refault_anon 79 [ 134.038060][ T5934] total_workingset_refault_file 847 [ 134.039734][ T5934] total_swap 1294336 [ 134.040997][ T5934] total_swapcached 77824 [ 134.048165][ T5934] total_pgpgin 186235 [ 134.049465][ T5934] total_pgpgout 112811 [ 134.050745][ T5934] total_pgfault 74418 [ 134.056835][ T5934] total_pgmajfault 79 [ 134.058140][ T5934] total_inactive_anon 0 [ 134.059509][ T5934] total_active_anon 77824 [ 134.060821][ T5934] total_inactive_file 126976 [ 134.069615][ T5934] total_active_file 53248 [ 134.071008][ T5934] total_unevictable 302419968 [ 134.072665][ T5934] anon_cost 0 [ 134.073752][ T5934] file_cost 0 [ 134.074855][ T5934] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.1091,pid=9573,uid=0 [ 134.079601][ T5934] Memory cgroup out of memory: OOM victim 9573 (syz.2.1091) is already exiting. Skip killing the task [ 134.131514][ T6020] usb usb5-port1: attempt power cycle [ 134.195038][ T9697] sg_write: data in/out 63015/8 bytes for SCSI command 0x7f-- guessing data in; [ 134.195038][ T9697] program syz.3.1132 not setting count and/or reply_len properly [ 134.379772][ T40] audit: type=1400 audit(1765548790.496:956): avc: denied { read write } for pid=9703 comm="syz.3.1135" name="uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 134.387636][ T40] audit: type=1400 audit(1765548790.506:957): avc: denied { open } for pid=9703 comm="syz.3.1135" path="/dev/uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 134.395014][ T40] audit: type=1400 audit(1765548790.506:958): avc: denied { write } for pid=9703 comm="syz.3.1135" name="ip6_flowlabel" dev="proc" ino=4026533923 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 134.481585][ T6020] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 134.502207][ T6020] usb 5-1: device descriptor read/8, error -71 [ 134.580772][ T9714] loop6: detected capacity change from 0 to 2640 [ 134.585617][ T9635] ldm_validate_partition_table(): Disk read failed. [ 134.588521][ T9635] Dev loop6: unable to read RDB block 0 [ 134.593000][ T9635] loop6: unable to read partition table [ 134.596623][ T9714] ldm_validate_partition_table(): Disk read failed. [ 134.599416][ T9714] Dev loop6: unable to read RDB block 0 [ 134.602642][ T9714] loop6: unable to read partition table [ 134.610178][ T9714] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 134.646808][ T5345] ldm_validate_partition_table(): Disk read failed. [ 134.649794][ T5345] Dev loop6: unable to read RDB block 0 [ 134.653777][ T5345] loop6: unable to read partition table [ 134.723700][ T40] audit: type=1400 audit(1765548790.846:959): avc: denied { ioctl } for pid=9720 comm="syz.4.1139" path="socket:[30735]" dev="sockfs" ino=30735 ioctlcmd=0x894b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 134.734174][ T9721] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=107 sclass=netlink_route_socket pid=9721 comm=syz.4.1139 [ 134.742177][ T6020] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 134.767808][ T6020] usb 5-1: device descriptor read/8, error -71 [ 134.850642][ T40] audit: type=1400 audit(1765548790.966:960): avc: denied { setopt } for pid=9729 comm="syz.4.1143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 134.862425][ T9732] __nla_validate_parse: 10 callbacks suppressed [ 134.862435][ T9732] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1144'. [ 134.881964][ T6020] usb usb5-port1: unable to enumerate USB device [ 134.950857][ T9741] 8021q: VLANs not supported on ip6_vti0 [ 134.950868][ T40] audit: type=1400 audit(1765548791.066:961): avc: denied { ioctl } for pid=9739 comm="syz.2.1147" path="socket:[28425]" dev="sockfs" ino=28425 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 134.964949][ T40] audit: type=1400 audit(1765548791.076:962): avc: denied { getopt } for pid=9739 comm="syz.2.1147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 134.981303][ T6000] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 135.022317][ T9747] No control pipe specified [ 135.063777][ T9750] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1151'. [ 135.161369][ T6000] usb 8-1: Using ep0 maxpacket: 8 [ 135.164463][ T6000] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 135.167082][ T6000] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 135.170078][ T6000] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 135.174566][ T6000] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 135.177761][ T6000] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 135.182316][ T6000] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 135.185193][ T6000] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.189028][ T40] audit: type=1400 audit(1765548791.306:963): avc: denied { create } for pid=9767 comm="syz.4.1156" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 135.265840][ T9780] netlink: 'syz.2.1160': attribute type 39 has an invalid length. [ 135.274116][ T40] audit: type=1326 audit(1765548791.396:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9777 comm="syz.4.1159" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f865078f7c9 code=0x7ffc0000 [ 135.337459][ T9788] : renamed from lo (while UP) [ 135.340760][ T9787] speed is unknown, defaulting to 1000 [ 135.346406][ T9787] speed is unknown, defaulting to 1000 [ 135.348888][ T9787] speed is unknown, defaulting to 1000 [ 135.396243][ T6000] usb 8-1: GET_CAPABILITIES returned 0 [ 135.402598][ T6000] usbtmc 8-1:16.0: can't read capabilities [ 135.468383][ T9787] infiniband sz1: set active [ 135.471365][ T9787] infiniband sz1: added [ 135.472500][ T24] speed is unknown, defaulting to 1000 [ 135.476266][ T9787] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 135.478647][ T9787] infiniband sz1: Couldn't open port 1 [ 135.498055][ T9787] RDS/IB: sz1: added [ 135.499709][ T9787] smc: adding ib device sz1 with port count 1 [ 135.502126][ T9787] smc: ib device sz1 port 1 has no pnetid [ 135.505850][ T10] speed is unknown, defaulting to 1000 [ 135.508629][ T9787] speed is unknown, defaulting to 1000 [ 135.597550][ T9787] speed is unknown, defaulting to 1000 [ 135.675760][ T9787] speed is unknown, defaulting to 1000 [ 135.756418][ T9787] speed is unknown, defaulting to 1000 [ 135.835269][ T9787] speed is unknown, defaulting to 1000 [ 135.918154][ T9787] speed is unknown, defaulting to 1000 [ 136.293657][ T9819] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1172'. [ 136.611589][ T24] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 136.762764][ T24] usb 5-1: config index 0 descriptor too short (expected 45, got 36) [ 136.765709][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.769067][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.772185][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 136.776141][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 136.778903][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.782710][ T24] usb 5-1: config 0 descriptor?? [ 137.212078][ T24] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd [ 137.238632][ T24] plantronics 0003:047F:FFFF.0003: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 137.399029][ T9813] rdma_rxe: rxe_newlink: failed to add lo [ 137.408981][ T9813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 137.422569][ T9813] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.427768][ T9813] openvswitch: netlink: Unexpected mask (mask=4000040, allowed=10048) [ 137.433209][ T9813] LK: renamed from lo [ 137.469324][ T6092] usb 5-1: USB disconnect, device number 13 [ 137.633042][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.635140][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 137.833512][ T6020] usb 8-1: USB disconnect, device number 5 [ 138.931675][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 138.937106][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 138.980310][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 138.980499][ T40] audit: type=1400 audit(1765548795.096:992): avc: denied { mount } for pid=9901 comm="syz.0.1196" name="/" dev="rpc_pipefs" ino=30904 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 139.360539][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 139.566091][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 139.632781][ T40] audit: type=1400 audit(1765548795.756:993): avc: denied { write } for pid=9933 comm="syz.4.1209" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 140.467141][ T6001] IPVS: starting estimator thread 0... [ 140.611773][ T9977] IPVS: using max 46 ests per chain, 110400 per kthread [ 141.001590][ T60] usb 8-1: new full-speed USB device number 6 using dummy_hcd [ 141.162663][ T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 141.171872][ T60] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.00 [ 141.174767][ T60] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.179486][ T60] usb 8-1: config 0 descriptor?? [ 141.181987][ T9991] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 141.207221][T10021] netlink: 'syz.2.1236': attribute type 1 has an invalid length. [ 141.399405][ T40] audit: type=1400 audit(1765548797.516:994): avc: denied { create } for pid=9990 comm="syz.3.1228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 141.452628][ T60] usbhid 8-1:0.0: can't add hid device: -71 [ 141.454751][ T60] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 141.455077][T10024] Mount JFS Failure: -22 [ 141.458565][ T60] usb 8-1: USB disconnect, device number 6 [ 141.501410][ T10] usb 9-1: new full-speed USB device number 3 using dummy_hcd [ 141.652660][ T10] usb 9-1: config 0 has an invalid interface number: 251 but max is 0 [ 141.656077][ T10] usb 9-1: config 0 has no interface number 0 [ 141.661582][ T10] usb 9-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 141.665082][ T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.668507][ T10] usb 9-1: Product: syz [ 141.670379][ T10] usb 9-1: Manufacturer: syz [ 141.672521][ T10] usb 9-1: SerialNumber: syz [ 141.678098][ T10] usb 9-1: config 0 descriptor?? [ 142.014728][T10035] use of bytesused == 0 is deprecated and will be removed in the future, [ 142.017670][T10035] use the actual size instead. [ 142.098770][ T40] audit: type=1400 audit(1765548798.216:995): avc: denied { read } for pid=10042 comm="syz.2.1249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 142.379705][T10050] netlink: 4280 bytes leftover after parsing attributes in process `syz.3.1251'. [ 142.382677][T10050] netlink: 4280 bytes leftover after parsing attributes in process `syz.3.1251'. [ 142.583057][ T10] asix 9-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 142.586238][ T10] asix 9-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 142.589690][ T10] asix 9-1:0.251: probe with driver asix failed with error -71 [ 142.601470][ T10] usb 9-1: USB disconnect, device number 3 [ 143.009600][ T40] audit: type=1400 audit(1765548799.126:996): avc: denied { kexec_image_load } for pid=10060 comm="syz.2.1256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 143.032970][T10064] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1257'. [ 143.035694][ T40] audit: type=1400 audit(1765548799.146:997): avc: denied { lock } for pid=10060 comm="syz.2.1256" path="socket:[31001]" dev="sockfs" ino=31001 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 143.135855][T10069] netlink: 'syz.3.1259': attribute type 19 has an invalid length. [ 143.138476][T10069] netlink: 'syz.3.1259': attribute type 28 has an invalid length. [ 143.141071][T10069] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1259'. [ 143.763730][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 143.968700][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 144.070973][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 144.287383][T10088] input: syz1 as /devices/virtual/input/input13 [ 144.341441][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 144.344040][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 144.540948][ T40] audit: type=1400 audit(1765548800.656:998): avc: denied { listen } for pid=10106 comm="syz.4.1273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 144.626135][ T40] audit: type=1400 audit(1765548800.746:999): avc: denied { write } for pid=10118 comm="syz.4.1279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 145.673774][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 145.731976][T10149] sp0: Synchronizing with TNC [ 145.746965][T10149] [U] ` [ 146.076430][T10151] kernel read not supported for file / 7եfsr{Tr)rO2:"T+͟v|ղDvc֠6xc: (pid: 10151 comm: syz.0.1290) [ 146.083026][ T40] audit: type=1800 audit(1765548802.206:1000): pid=10151 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.1290" name=20019C1437B3CFF6D5A56673F5727B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=31077 res=0 errno=0 [ 146.239821][ T40] audit: type=1400 audit(1765548802.356:1001): avc: denied { setopt } for pid=10165 comm="syz.2.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 146.301514][ T40] audit: type=1326 audit(1765548802.416:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10170 comm="syz.2.1298" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f55f1d8f7c9 code=0x0 [ 146.608832][ T40] audit: type=1400 audit(1765548802.726:1003): avc: denied { append } for pid=10177 comm="syz.3.1302" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 147.016215][ T40] audit: type=1400 audit(1765548803.136:1004): avc: denied { mounton } for pid=10187 comm="syz.0.1305" path="/239/file0" dev="tmpfs" ino=1282 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 147.452667][T10203] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1310'. [ 147.571799][T10214] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 147.575413][T10214] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 147.575867][ T40] audit: type=1400 audit(1765548803.696:1005): avc: denied { connect } for pid=10210 comm="syz.3.1314" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 147.589156][ T40] audit: type=1400 audit(1765548803.706:1006): avc: denied { ioctl } for pid=10210 comm="syz.3.1314" path="socket:[31847]" dev="sockfs" ino=31847 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 147.597540][ T40] audit: type=1400 audit(1765548803.706:1007): avc: denied { accept } for pid=10210 comm="syz.3.1314" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 147.663433][T10227] usb usb8: usbfs: process 10227 (syz.4.1322) did not claim interface 0 before use [ 147.816864][T10231] xfrm0 speed is unknown, defaulting to 1000 [ 147.820123][T10231] speed is unknown, defaulting to 1000 [ 147.902683][T10233] xt_CT: You must specify a L4 protocol and not use inversions on it [ 148.193594][T10238] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1325'. [ 149.750412][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 149.750422][ T40] audit: type=1400 audit(1765548805.866:1011): avc: denied { ioctl } for pid=10286 comm="syz.2.1346" path="socket:[31203]" dev="sockfs" ino=31203 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 150.167345][ T40] audit: type=1400 audit(1765548806.286:1012): avc: denied { mounton } for pid=10299 comm="syz.0.1351" path="/248/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 151.428282][T10345] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1371'. [ 151.459195][T10345] bridge4: port 1(veth3) entered blocking state [ 151.464436][T10345] bridge4: port 1(veth3) entered disabled state [ 151.466927][T10345] veth3: entered allmulticast mode [ 151.469368][T10345] veth3: entered promiscuous mode [ 151.984863][ T40] audit: type=1400 audit(1765548808.106:1013): avc: denied { write } for pid=10363 comm="syz.4.1378" name="usbmon3" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 152.001434][ T40] audit: type=1400 audit(1765548808.106:1014): avc: denied { open } for pid=10363 comm="syz.4.1378" path="/dev/usbmon3" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 153.021889][ T40] audit: type=1400 audit(1765548809.146:1015): avc: denied { listen } for pid=10381 comm="syz.0.1384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 153.028879][ T40] audit: type=1400 audit(1765548809.146:1016): avc: denied { connect } for pid=10381 comm="syz.0.1384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 153.537510][ T40] audit: type=1400 audit(1765548809.656:1017): avc: denied { bind } for pid=10399 comm="syz.4.1393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 153.547804][T10400] 9p: Bad value for 'rfdno' [ 153.964595][ T40] audit: type=1400 audit(1765548810.086:1018): avc: denied { setopt } for pid=10425 comm="syz.4.1402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 153.978217][ T40] audit: type=1400 audit(1765548810.086:1019): avc: denied { write } for pid=10425 comm="syz.4.1402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 153.988230][ T40] audit: type=1400 audit(1765548810.096:1020): avc: denied { read } for pid=10425 comm="syz.4.1402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 154.018099][T10430] tipc: Started in network mode [ 154.022375][T10430] tipc: Node identity 422375f18bc1, cluster identity 4711 [ 154.025469][T10430] tipc: Enabled bearer , priority 0 [ 154.035563][T10430] syzkaller0: entered promiscuous mode [ 154.037401][T10430] syzkaller0: entered allmulticast mode [ 154.058969][T10430] tipc: Resetting bearer [ 154.065957][T10429] tipc: Resetting bearer [ 154.089791][T10429] tipc: Disabling bearer [ 154.335743][T10449] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1411'. [ 154.760815][T10471] mkiss: ax0: crc mode is auto. [ 154.813121][T10471] Falling back ldisc for ptm0. [ 155.071378][ T5941] Bluetooth: hci4: command tx timeout [ 155.141370][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 155.141381][ T40] audit: type=1400 audit(1765548811.266:1023): avc: denied { execute } for pid=10476 comm="syz.3.1425" dev="hugetlbfs" ino=31307 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 155.150888][ T40] audit: type=1400 audit(1765548811.266:1024): avc: denied { execute_no_trans } for pid=10476 comm="syz.3.1425" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="hugetlbfs" ino=31307 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 155.910190][T10518] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 156.077789][T10525] netlink: 'syz.3.1444': attribute type 11 has an invalid length. [ 156.080411][T10525] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1444'. [ 156.085427][T10525] netlink: 'syz.3.1444': attribute type 11 has an invalid length. [ 156.088790][T10525] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1444'. [ 156.093095][T10525] netlink: 'syz.3.1444': attribute type 11 has an invalid length. [ 156.095671][T10525] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1444'. [ 157.302135][ T40] audit: type=1400 audit(1765548813.426:1025): avc: denied { bind } for pid=10541 comm="syz.3.1450" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 158.150077][ T40] audit: type=1400 audit(1765548814.266:1026): avc: denied { mount } for pid=10560 comm="syz.3.1457" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 158.150390][T10566] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 158.183309][T10566] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type [ 158.187020][T10566] overlayfs: failed to look up (tracing) for ino (-66) [ 158.961322][ T40] audit: type=1400 audit(1765548815.026:1027): avc: denied { unmount } for pid=8349 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 159.197922][ T40] audit: type=1400 audit(1765548815.316:1028): avc: denied { read } for pid=10596 comm="syz.4.1470" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 162.321415][ T9755] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 162.473001][ T9755] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 162.476137][ T9755] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 162.479226][ T9755] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 162.483100][ T9755] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 162.488066][ T9755] usb 8-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16 [ 162.491008][ T9755] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.493803][ T9755] usb 8-1: Product: syz [ 162.495311][ T9755] usb 8-1: Manufacturer: syz [ 162.496958][ T9755] usb 8-1: SerialNumber: syz [ 162.504697][ T9755] usb 8-1: config 0 descriptor?? [ 162.508107][ T9755] kvaser_usb 8-1:0.0: error -ENODEV: Cannot get usb endpoint(s) [ 163.531348][ T40] audit: type=1400 audit(1765548819.646:1029): avc: denied { bind } for pid=10701 comm="syz.2.1513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 163.546127][ T40] audit: type=1400 audit(1765548819.656:1030): avc: denied { name_bind } for pid=10701 comm="syz.2.1513" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 163.557792][ T40] audit: type=1400 audit(1765548819.656:1031): avc: denied { node_bind } for pid=10701 comm="syz.2.1513" saddr=::ffff:0.0.0.0 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 164.128470][T10736] syz_tun: entered promiscuous mode [ 164.133030][T10736] team0: Port device macvlan2 added [ 164.287439][ T40] audit: type=1326 audit(1765548820.386:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10745 comm="syz.2.1535" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f55f1d8f7c9 code=0x0 [ 164.336810][ T830] usb 8-1: USB disconnect, device number 7 [ 164.362076][ T40] audit: type=1400 audit(1765548820.486:1033): avc: denied { read } for pid=10748 comm="syz.3.1536" name="usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 165.784670][T10790] xt_SECMARK: invalid security context 'unconfined' [ 166.360725][T10810] syz.4.1559 (10810): /proc/10809/oom_adj is deprecated, please use /proc/10809/oom_score_adj instead. [ 166.460499][T10821] pim6reg: entered allmulticast mode [ 166.463387][T10821] pim6reg: left allmulticast mode [ 167.500061][T10853] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1577'. [ 168.964149][T10909] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.1600'. [ 169.636402][ T40] audit: type=1326 audit(1765548825.756:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10929 comm="syz.4.1607" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f865078f7c9 code=0x7ffc0000 [ 169.646692][ T40] audit: type=1326 audit(1765548825.766:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10929 comm="syz.4.1607" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f865078f7c9 code=0x7ffc0000 [ 169.711622][ T40] audit: type=1326 audit(1765548825.776:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10929 comm="syz.4.1607" exe="/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f865078f7c9 code=0x7ffc0000 [ 169.718807][ T40] audit: type=1326 audit(1765548825.776:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10929 comm="" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f865078f7c9 code=0x7ffc0000 [ 169.753027][T10934] xfrm0 speed is unknown, defaulting to 1000 [ 169.755623][T10934] speed is unknown, defaulting to 1000 [ 169.986047][T10947] netlink: 'syz.0.1613': attribute type 9 has an invalid length. [ 171.674615][ T40] audit: type=1400 audit(1765548827.796:1038): avc: denied { setopt } for pid=10978 comm="syz.3.1625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 171.956952][ T40] audit: type=1400 audit(1765548828.076:1039): avc: denied { setattr } for pid=10991 comm="syz.3.1628" name="" dev="pipefs" ino=21103 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 173.083141][T11035] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1645'. [ 173.242885][ T40] audit: type=1400 audit(1765548829.366:1040): avc: denied { mount } for pid=11030 comm="syz.2.1643" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 174.851342][ T6000] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 175.031337][ T6000] usb 8-1: Using ep0 maxpacket: 8 [ 175.036985][ T6000] usb 8-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 175.039865][ T6000] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.048306][ T6000] pvrusb2: Hardware description: Terratec Grabster AV400 [ 175.050588][ T6000] pvrusb2: ********** [ 175.052117][ T6000] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 175.056813][ T6000] pvrusb2: Important functionality might not be entirely working. [ 175.059321][ T6000] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 175.077752][ T6000] pvrusb2: ********** [ 175.201773][ T40] audit: type=1400 audit(1765548831.316:1041): avc: denied { create } for pid=11111 comm="syz.4.1675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 175.258309][ T2493] pvrusb2: Invalid write control endpoint [ 175.291865][T11121] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1679'. [ 175.292388][ T2493] pvrusb2: Invalid write control endpoint [ 175.301334][ T2493] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 175.306898][ T2493] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 175.310787][ T2493] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 175.316308][ T2493] pvrusb2: Device being rendered inoperable [ 175.318316][ T2493] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 175.320598][ T2493] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 175.330007][ T2493] pvrusb2: Attached sub-driver cx25840 [ 175.333406][ T2493] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 175.340192][ T2493] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 175.376956][T11135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1685'. [ 175.391839][T11135] bond3: Invalid ad_actor_system MAC address. [ 175.394413][T11135] bond3: option ad_actor_system: invalid value (255) [ 175.412909][T11135] bond3 (unregistering): Released all slaves [ 175.460388][ T941] usb 8-1: USB disconnect, device number 8 [ 175.504639][ T40] audit: type=1400 audit(1765548831.626:1042): avc: denied { read write } for pid=11145 comm="syz.0.1690" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 175.512521][ T40] audit: type=1400 audit(1765548831.626:1043): avc: denied { open } for pid=11145 comm="syz.0.1690" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 175.519916][ T40] audit: type=1400 audit(1765548831.626:1044): avc: denied { ioctl } for pid=11145 comm="syz.0.1690" path="/dev/fb0" dev="devtmpfs" ino=637 ioctlcmd=0x4605 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 175.591312][T11152] overlayfs: failed to clone upperpath [ 175.647813][T11158] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 175.857993][T11167] netlink: 'syz.0.1700': attribute type 10 has an invalid length. [ 175.859098][ T8004] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.877405][T11167] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 175.880775][T11167] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 175.884795][T11167] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 175.888769][ T40] audit: type=1400 audit(1765548832.006:1045): avc: denied { sqpoll } for pid=11166 comm="syz.0.1700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 175.895671][ T40] audit: type=1400 audit(1765548832.006:1046): avc: denied { lock } for pid=11166 comm="syz.0.1700" path="socket:[32623]" dev="sockfs" ino=32623 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 175.932543][ T8004] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.009901][ T8004] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.047027][ T8004] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.075058][T11180] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1705'. [ 176.093931][T11180] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 176.096833][ T8019] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 176.096973][T11180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1705'. [ 176.100399][ T8019] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 176.112985][T11180] bond1 (unregistering): (slave geneve2): Releasing backup interface [ 176.117105][T11180] bond1 (unregistering): Released all slaves [ 176.127416][ T8019] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0 [ 176.130277][ T8019] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0 [ 176.172297][ T8004] bridge_slave_1: left allmulticast mode [ 176.174322][ T8004] bridge_slave_1: left promiscuous mode [ 176.177322][ T8004] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.188003][ T8004] bridge_slave_0: left allmulticast mode [ 176.189834][ T8004] bridge_slave_0: left promiscuous mode [ 176.202132][ T8004] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.209817][ T8004] veth3: left allmulticast mode [ 176.211551][ T8004] veth3: left promiscuous mode [ 176.213169][ T8004] bridge4: port 1(veth3) entered disabled state [ 176.492725][ C2] ata1: illegal qc_active transition (00000000->00100000) [ 176.711446][ T830] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 176.807169][ T8004] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 176.810091][ T8004] bond_slave_1: left allmulticast mode [ 176.814596][ T8004] bond0 (unregistering): (slave bond1): Releasing backup interface [ 176.818491][ T8004] bond1 (unregistering): left allmulticast mode [ 176.820782][ T8004] bond0 (unregistering): Released all slaves [ 176.825625][ T1117] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 176.829710][ T1117] ata1.00: configured for UDMA/100 [ 176.871428][ T830] usb 9-1: Using ep0 maxpacket: 8 [ 176.887694][ T830] usb 9-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 176.891722][ T830] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.895906][ T8004] bond1 (unregistering): Released all slaves [ 176.899388][ T830] pvrusb2: Hardware description: Terratec Grabster AV400 [ 176.903175][ T830] pvrusb2: ********** [ 176.904588][ T830] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 176.906965][ T8004] bond2 (unregistering): Released all slaves [ 176.908376][ T830] pvrusb2: Important functionality might not be entirely working. [ 176.908386][ T830] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 176.908395][ T830] pvrusb2: ********** [ 176.924680][T11187] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 177.027267][ T8004] tipc: Left network mode [ 177.268762][ T8004] hsr_slave_0: left promiscuous mode [ 177.271066][ T8004] hsr_slave_1: left promiscuous mode [ 177.735544][ T2493] pvrusb2: Invalid write control endpoint [ 177.739254][T11205] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1713'. [ 177.766135][ T2493] pvrusb2: Invalid write control endpoint [ 177.768003][ T2493] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 177.770926][ T2493] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 177.773488][ T2493] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 177.776611][ T2493] pvrusb2: Device being rendered inoperable [ 177.778748][ T2493] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 177.781015][ T2493] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 177.794194][ T2493] pvrusb2: Attached sub-driver cx25840 [ 177.795963][ T2493] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 177.799187][ T2493] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 177.886457][ T5296] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 177.891808][ T5296] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 177.896347][ T5296] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 177.899653][ T5296] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 177.905128][ T5296] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 177.922546][T11213] speed is unknown, defaulting to 1000 [ 177.937746][ T10] usb 9-1: USB disconnect, device number 4 [ 178.126289][T11213] chnl_net:caif_netlink_parms(): no params data found [ 178.165379][T11213] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.168344][T11213] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.171459][T11213] bridge_slave_0: entered allmulticast mode [ 178.174551][T11213] bridge_slave_0: entered promiscuous mode [ 178.179061][T11213] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.182179][T11213] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.185044][T11213] bridge_slave_1: entered allmulticast mode [ 178.188110][T11213] bridge_slave_1: entered promiscuous mode [ 178.203523][T11213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 178.209090][T11213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 178.224567][T11213] team0: Port device team_slave_0 added [ 178.228102][T11213] team0: Port device team_slave_1 added [ 178.241348][T11213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 178.244198][T11213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 178.254347][T11213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 178.259451][T11213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 178.262510][T11213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 178.272591][T11213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 178.295133][T11213] hsr_slave_0: entered promiscuous mode [ 178.297841][T11213] hsr_slave_1: entered promiscuous mode [ 178.645497][T11245] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1725'. [ 178.710478][T11213] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 178.716626][T11213] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 178.721192][T11213] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 178.725765][T11213] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 178.747427][T11213] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.750180][T11213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.752905][T11213] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.755391][T11213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.783207][T11213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.791099][ T8012] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.794316][ T8012] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.801748][T11213] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.807091][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.809433][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.814525][ T8012] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.816848][ T8012] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.918353][T11213] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.939663][T11213] veth0_vlan: entered promiscuous mode [ 178.946985][T11213] veth1_vlan: entered promiscuous mode [ 178.964596][T11213] veth0_macvtap: entered promiscuous mode [ 178.968397][T11213] veth1_macvtap: entered promiscuous mode [ 178.971391][ T5937] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 178.977493][T11213] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 178.986064][T11213] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 178.992710][ T8017] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.995531][ T8017] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.999865][ T8017] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.002856][ T8017] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.041110][ T8004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.043758][ T8004] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.059322][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.062755][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.121369][ T5937] usb 8-1: Using ep0 maxpacket: 8 [ 179.124586][ T5937] usb 8-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 179.127438][ T5937] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.139497][ T5937] pvrusb2: Hardware description: Terratec Grabster AV400 [ 179.143521][ T5937] pvrusb2: ********** [ 179.144936][ T5937] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 179.148345][ T5937] pvrusb2: Important functionality might not be entirely working. [ 179.150951][ T5937] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 179.156119][ T5937] pvrusb2: ********** [ 179.341756][ T2493] pvrusb2: Invalid write control endpoint [ 179.372985][ T2493] pvrusb2: Invalid write control endpoint [ 179.374863][ T2493] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 179.377769][ T2493] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 179.391630][ T2493] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 179.395267][ T2493] pvrusb2: Device being rendered inoperable [ 179.397824][ T2493] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 179.400632][ T2493] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 179.406852][ T2493] pvrusb2: Attached sub-driver cx25840 [ 179.408769][ T2493] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 179.412493][ T2493] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 179.452031][T11298] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1741'. [ 179.463219][T11282] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 179.491062][T11282] kvm: pic: level sensitive irq not supported [ 179.494997][T11282] kvm: pic: non byte read [ 179.506717][T11282] tipc: Enabled bearer , priority 0 [ 179.539636][T11282] syzkaller0: entered promiscuous mode [ 179.541320][ T5937] usb 8-1: USB disconnect, device number 9 [ 179.541824][T11282] syzkaller0: entered allmulticast mode [ 179.545462][T11282] tipc: Resetting bearer [ 179.563278][T11281] tipc: Resetting bearer [ 179.602921][ T40] audit: type=1400 audit(1765548835.726:1047): avc: denied { block_suspend } for pid=11313 comm="syz.2.1747" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 179.951564][ T5296] Bluetooth: hci0: command tx timeout [ 180.596521][T11281] tipc: Disabling bearer [ 180.603404][T11333] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 180.616084][ T6000] tipc: Node number set to 3387061745 [ 180.794067][T11354] FAULT_INJECTION: forcing a failure. [ 180.794067][T11354] name failslab, interval 1, probability 0, space 0, times 1 [ 180.798252][T11354] CPU: 3 UID: 0 PID: 11354 Comm: syz.3.1764 Tainted: G L syzkaller #0 PREEMPT(full) [ 180.798269][T11354] Tainted: [L]=SOFTLOCKUP [ 180.798273][T11354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 180.798280][T11354] Call Trace: [ 180.798283][T11354] [ 180.798288][T11354] dump_stack_lvl+0x16c/0x1f0 [ 180.798318][T11354] should_fail_ex+0x512/0x640 [ 180.798335][T11354] ? fs_reclaim_acquire+0xae/0x150 [ 180.798351][T11354] should_failslab+0xc2/0x120 [ 180.798365][T11354] __kmalloc_noprof+0xeb/0x910 [ 180.798381][T11354] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 180.798396][T11354] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 180.798408][T11354] tomoyo_realpath_from_path+0xc2/0x6e0 [ 180.798422][T11354] ? tomoyo_profile+0x47/0x60 [ 180.798436][T11354] tomoyo_path_number_perm+0x245/0x580 [ 180.798445][T11354] ? tomoyo_path_number_perm+0x237/0x580 [ 180.798456][T11354] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 180.798473][T11354] ? find_held_lock+0x2b/0x80 [ 180.798500][T11354] ? find_held_lock+0x2b/0x80 [ 180.798515][T11354] ? hook_file_ioctl_common+0x144/0x410 [ 180.798531][T11354] ? __fget_files+0x20e/0x3c0 [ 180.798548][T11354] security_file_ioctl+0x9b/0x240 [ 180.798561][T11354] __x64_sys_ioctl+0xb7/0x210 [ 180.798574][T11354] do_syscall_64+0xcd/0xf80 [ 180.798586][T11354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.798597][T11354] RIP: 0033:0x7f7cb338f7c9 [ 180.798605][T11354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.798615][T11354] RSP: 002b:00007f7cb41f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 180.798626][T11354] RAX: ffffffffffffffda RBX: 00007f7cb35e5fa0 RCX: 00007f7cb338f7c9 [ 180.798632][T11354] RDX: 00002000000001c0 RSI: 00000000c00c642d RDI: 0000000000000005 [ 180.798638][T11354] RBP: 00007f7cb41f2090 R08: 0000000000000000 R09: 0000000000000000 [ 180.798644][T11354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 180.798650][T11354] R13: 00007f7cb35e6038 R14: 00007f7cb35e5fa0 R15: 00007ffc52082bf8 [ 180.798663][T11354] [ 180.798667][T11354] ERROR: Out of memory at tomoyo_realpath_from_path. [ 180.824071][T11356] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=512 sclass=netlink_route_socket pid=11356 comm=syz.2.1765 [ 180.894722][T11356] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1765'. [ 180.921061][T11356] 8021q: adding VLAN 0 to HW filter on device bond1 [ 180.964148][T11363] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 181.001469][ T5937] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 181.147186][T11386] FAULT_INJECTION: forcing a failure. [ 181.147186][T11386] name failslab, interval 1, probability 0, space 0, times 0 [ 181.151215][T11386] CPU: 0 UID: 0 PID: 11386 Comm: syz.2.1778 Tainted: G L syzkaller #0 PREEMPT(full) [ 181.151231][T11386] Tainted: [L]=SOFTLOCKUP [ 181.151234][T11386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 181.151252][T11386] Call Trace: [ 181.151257][T11386] [ 181.151261][T11386] dump_stack_lvl+0x16c/0x1f0 [ 181.151275][T11386] should_fail_ex+0x512/0x640 [ 181.151289][T11386] ? fs_reclaim_acquire+0xae/0x150 [ 181.151304][T11386] should_failslab+0xc2/0x120 [ 181.151318][T11386] __kmalloc_noprof+0xeb/0x910 [ 181.151335][T11386] ? tomoyo_encode2+0x100/0x3e0 [ 181.151349][T11386] ? tomoyo_encode2+0x100/0x3e0 [ 181.151360][T11386] tomoyo_encode2+0x100/0x3e0 [ 181.151373][T11386] tomoyo_encode+0x29/0x50 [ 181.151384][T11386] tomoyo_realpath_from_path+0x18f/0x6e0 [ 181.151400][T11386] tomoyo_path_number_perm+0x245/0x580 [ 181.151409][T11386] ? tomoyo_path_number_perm+0x237/0x580 [ 181.151419][T11386] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 181.151437][T11386] ? find_held_lock+0x2b/0x80 [ 181.151465][T11386] ? find_held_lock+0x2b/0x80 [ 181.151479][T11386] ? hook_file_ioctl_common+0x144/0x410 [ 181.151496][T11386] ? __fget_files+0x20e/0x3c0 [ 181.151513][T11386] security_file_ioctl+0x9b/0x240 [ 181.151525][T11386] __x64_sys_ioctl+0xb7/0x210 [ 181.151538][T11386] do_syscall_64+0xcd/0xf80 [ 181.151550][T11386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.151560][T11386] RIP: 0033:0x7fb319b8f7c9 [ 181.151569][T11386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.151579][T11386] RSP: 002b:00007fb31aa4c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 181.151589][T11386] RAX: ffffffffffffffda RBX: 00007fb319de5fa0 RCX: 00007fb319b8f7c9 [ 181.151595][T11386] RDX: 00002000000001c0 RSI: 00000000c00c642d RDI: 0000000000000005 [ 181.151602][T11386] RBP: 00007fb31aa4c090 R08: 0000000000000000 R09: 0000000000000000 [ 181.151607][T11386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 181.151613][T11386] R13: 00007fb319de6038 R14: 00007fb319de5fa0 R15: 00007ffd151d13b8 [ 181.151627][T11386] [ 181.227556][ T5937] usb 5-1: Using ep0 maxpacket: 8 [ 181.229779][T11386] ERROR: Out of memory at tomoyo_realpath_from_path. [ 181.233078][ T5937] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 181.235924][ T5937] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.243796][ T5937] pvrusb2: Hardware description: Terratec Grabster AV400 [ 181.245978][ T5937] pvrusb2: ********** [ 181.247253][ T5937] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 181.270543][ T5937] pvrusb2: Important functionality might not be entirely working. [ 181.273809][ T5937] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 181.278147][ T5937] pvrusb2: ********** [ 181.303842][ T40] audit: type=1400 audit(1765548837.426:1048): avc: denied { remount } for pid=11387 comm="syz.2.1779" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 181.445709][ T2493] pvrusb2: Invalid write control endpoint [ 181.474578][T11398] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 181.519732][ T2493] pvrusb2: Invalid write control endpoint [ 181.521800][ T2493] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 181.524760][ T2493] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 181.527232][ T2493] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 181.530553][ T2493] pvrusb2: Device being rendered inoperable [ 181.532946][ T2493] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 181.535327][ T2493] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 181.539951][ T2493] pvrusb2: Attached sub-driver cx25840 [ 181.542741][ T2493] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 181.545944][ T2493] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 181.649516][ T5937] usb 5-1: USB disconnect, device number 14 [ 182.002565][ T1117] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 182.005229][ T1117] ata1: failed to read log page 10h (errno=-5) [ 182.007663][ T1117] ata1.00: exception Emask 0x1 SAct 0x8000000 SErr 0x0 action 0x0 [ 182.010770][ T1117] ata1.00: irq_stat 0x40000000 [ 182.012890][ T1117] ata1.00: failed command: WRITE FPDMA QUEUED [ 182.015355][ T1117] ata1.00: cmd 61/60:d8:a6:09:10/00:00:00:00:00/40 tag 27 ncq dma 49152 out [ 182.015355][ T1117] res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 182.022201][ T1117] ata1.00: status: { DRDY } [ 182.024945][ T1117] ata1.00: configured for UDMA/100 [ 182.027227][ T1117] ata1: EH complete [ 182.031405][ T5296] Bluetooth: hci0: command tx timeout [ 182.045824][ T40] audit: type=1400 audit(1765548838.166:1049): avc: denied { ioctl } for pid=11411 comm="syz.4.1788" path="/dev/fuse" dev="devtmpfs" ino=105 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 182.048739][T11414] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1788'. [ 182.055109][ T40] audit: type=1400 audit(1765548838.166:1050): avc: denied { call } for pid=11411 comm="syz.4.1788" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 182.196779][T11427] FAULT_INJECTION: forcing a failure. [ 182.196779][T11427] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 182.205404][T11427] CPU: 3 UID: 0 PID: 11427 Comm: syz.0.1794 Tainted: G L syzkaller #0 PREEMPT(full) [ 182.205430][T11427] Tainted: [L]=SOFTLOCKUP [ 182.205436][T11427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 182.205444][T11427] Call Trace: [ 182.205450][T11427] [ 182.205455][T11427] dump_stack_lvl+0x16c/0x1f0 [ 182.205477][T11427] should_fail_ex+0x512/0x640 [ 182.205501][T11427] _copy_from_user+0x2e/0xd0 [ 182.205521][T11427] drm_ioctl+0x4fb/0xc30 [ 182.205543][T11427] ? __pfx_drm_prime_handle_to_fd_ioctl+0x10/0x10 [ 182.205568][T11427] ? __pfx_drm_ioctl+0x10/0x10 [ 182.205595][T11427] ? selinux_file_ioctl+0x180/0x270 [ 182.205612][T11427] ? selinux_file_ioctl+0xb4/0x270 [ 182.205631][T11427] ? __pfx_drm_ioctl+0x10/0x10 [ 182.205650][T11427] __x64_sys_ioctl+0x18e/0x210 [ 182.205670][T11427] do_syscall_64+0xcd/0xf80 [ 182.205689][T11427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.205709][T11427] RIP: 0033:0x7f1046b8f7c9 [ 182.205723][T11427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.205737][T11427] RSP: 002b:00007f104795c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 182.205753][T11427] RAX: ffffffffffffffda RBX: 00007f1046de5fa0 RCX: 00007f1046b8f7c9 [ 182.205763][T11427] RDX: 00002000000001c0 RSI: 00000000c00c642d RDI: 0000000000000005 [ 182.205772][T11427] RBP: 00007f104795c090 R08: 0000000000000000 R09: 0000000000000000 [ 182.205783][T11427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 182.205791][T11427] R13: 00007f1046de6038 R14: 00007f1046de5fa0 R15: 00007ffec6897e68 [ 182.205814][T11427] [ 182.334734][T11443] veth0_to_bridge: entered promiscuous mode [ 182.338367][T11442] veth0_to_bridge: left promiscuous mode [ 182.342086][ T40] audit: type=1400 audit(1765548838.456:1051): avc: denied { setattr } for pid=11442 comm="syz.3.1798" path="socket:[35420]" dev="sockfs" ino=35420 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 182.401131][T11448] loop5: detected capacity change from 0 to 7 [ 182.409349][T11449] FAULT_INJECTION: forcing a failure. [ 182.409349][T11449] name failslab, interval 1, probability 0, space 0, times 0 [ 182.409431][T11448] Dev loop5: unable to read RDB block 7 [ 182.413446][T11449] CPU: 0 UID: 0 PID: 11449 Comm: syz.3.1801 Tainted: G L syzkaller #0 PREEMPT(full) [ 182.413464][T11449] Tainted: [L]=SOFTLOCKUP [ 182.413467][T11449] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 182.413474][T11449] Call Trace: [ 182.413482][T11449] [ 182.413486][T11449] dump_stack_lvl+0x16c/0x1f0 [ 182.413501][T11449] should_fail_ex+0x512/0x640 [ 182.413515][T11449] ? fs_reclaim_acquire+0xae/0x150 [ 182.413530][T11449] should_failslab+0xc2/0x120 [ 182.413543][T11449] __kmalloc_noprof+0xeb/0x910 [ 182.413560][T11449] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 182.413575][T11449] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 182.413587][T11449] tomoyo_realpath_from_path+0xc2/0x6e0 [ 182.413600][T11449] ? tomoyo_profile+0x47/0x60 [ 182.413614][T11449] tomoyo_path_number_perm+0x245/0x580 [ 182.413623][T11449] ? tomoyo_path_number_perm+0x237/0x580 [ 182.413634][T11449] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 182.413651][T11449] ? find_held_lock+0x2b/0x80 [ 182.413679][T11449] ? find_held_lock+0x2b/0x80 [ 182.413693][T11449] ? hook_file_ioctl_common+0x144/0x410 [ 182.413710][T11449] ? __fget_files+0x20e/0x3c0 [ 182.413727][T11449] security_file_ioctl+0x9b/0x240 [ 182.413739][T11449] __x64_sys_ioctl+0xb7/0x210 [ 182.413752][T11449] do_syscall_64+0xcd/0xf80 [ 182.413764][T11449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.413774][T11449] RIP: 0033:0x7f7cb338f7c9 [ 182.413783][T11449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.413793][T11449] RSP: 002b:00007f7cb41f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 182.413803][T11449] RAX: ffffffffffffffda RBX: 00007f7cb35e5fa0 RCX: 00007f7cb338f7c9 [ 182.413810][T11449] RDX: 0000200000000440 RSI: 0000000000002285 RDI: 0000000000000003 [ 182.413816][T11449] RBP: 00007f7cb41f2090 R08: 0000000000000000 R09: 0000000000000000 [ 182.413821][T11449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 182.413827][T11449] R13: 00007f7cb35e6038 R14: 00007f7cb35e5fa0 R15: 00007ffc52082bf8 [ 182.413841][T11449] [ 182.413845][T11449] ERROR: Out of memory at tomoyo_realpath_from_path. [ 182.421350][T11448] loop5: AHDI p1 p2 [ 182.487048][T11448] loop5: partition table partially beyond EOD, truncated [ 182.490678][T11448] loop5: p1 start 1702000233 is beyond EOD, truncated [ 182.557809][ T5345] Dev loop5: unable to read RDB block 7 [ 182.559866][ T5345] loop5: AHDI p1 p2 [ 182.561500][ T5345] loop5: partition table partially beyond EOD, truncated [ 182.563738][ T5345] loop5: p1 start 1702000233 is beyond EOD, truncated [ 182.687881][T11463] netdevsim netdevsim4: Direct firmware load for . failed with error -2 [ 182.692641][T11463] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 182.692656][ T40] audit: type=1400 audit(1765548838.816:1052): avc: denied { firmware_load } for pid=11462 comm="syz.4.1807" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 182.713677][ T941] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 182.861369][ T941] usb 7-1: Using ep0 maxpacket: 8 [ 182.865512][ T941] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 182.869336][ T941] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.878621][ T941] pvrusb2: Hardware description: Terratec Grabster AV400 [ 182.882458][ T941] pvrusb2: ********** [ 182.884309][ T941] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 182.888622][ T941] pvrusb2: Important functionality might not be entirely working. [ 182.892126][ T941] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 182.896855][ T941] pvrusb2: ********** [ 183.053729][T11466] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 183.079850][ T2493] pvrusb2: Invalid write control endpoint [ 183.102736][ T2493] pvrusb2: Invalid write control endpoint [ 183.105083][ T2493] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 183.108765][ T2493] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 183.114109][ T2493] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 183.117609][ T2493] pvrusb2: Device being rendered inoperable [ 183.119676][ T2493] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 183.122534][ T2493] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 183.127019][ T2493] pvrusb2: Attached sub-driver cx25840 [ 183.129094][ T2493] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 183.132661][ T2493] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 183.239329][T11479] ------------[ cut here ]------------ [ 183.243177][T11479] WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x43/0x60, CPU#3: syz.3.1813/11479 [ 183.248112][T11479] Modules linked in: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 183.249732][ T40] audit: type=1400 audit(1765548839.366:1053): avc: denied { write } for pid=5877 comm="syz-executor" path="pipe:[3684]" dev="pipefs" ino=3684 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 183.249951][T11479] CPU: 3 UID: 0 PID: 11479 Comm: syz.3.1813 Tainted: G L syzkaller #0 PREEMPT(full) [ 183.262580][T11479] Tainted: [L]=SOFTLOCKUP [ 183.264432][T11479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 183.268881][T11479] RIP: 0010:drm_prime_destroy_file_private+0x43/0x60 [ 183.271991][T11479] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 21 48 8b 83 90 00 00 00 48 85 c0 75 06 5b e9 03 ae 6c fc e8 fe ad 6c fc 90 <0f> 0b 90 5b e9 f4 ad 6c fc e8 af 7b d6 fc eb d8 66 66 2e 0f 1f 84 [ 183.279529][T11479] RSP: 0018:ffffc90003d87ca0 EFLAGS: 00010293 [ 183.280638][ T830] usb 7-1: USB disconnect, device number 3 [ 183.282356][T11479] RAX: 0000000000000000 RBX: ffff888039ebb380 RCX: ffffffff8b78d5d1 [ 183.287516][T11479] RDX: ffff88802e040000 RSI: ffffffff855235c2 RDI: ffff888039ebb410 [ 183.290842][T11479] RBP: ffff888039ebb000 R08: 0000000000000001 R09: fffff520007b0f74 [ 183.294302][T11479] R10: ffffc90003d87ba7 R11: 0000000000000000 R12: ffff888102fec000 [ 183.297580][T11479] R13: ffff888039ebb2b0 R14: 0000000000000000 R15: ffff888039ebb2d8 [ 183.301082][T11479] FS: 0000555574ca7500(0000) GS:ffff8880d6bfb000(0000) knlGS:0000000000000000 [ 183.304801][T11479] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 183.307543][T11479] CR2: 000000110c3a695f CR3: 000000003a6d4000 CR4: 0000000000352ef0 [ 183.310834][T11479] Call Trace: [ 183.312611][T11479] [ 183.313880][T11479] drm_file_free.part.0+0x7ee/0xcd0 [ 183.316077][T11479] ? __pfx___fsnotify_parent+0x10/0x10 [ 183.317812][T11479] drm_close_helper.isra.0+0x186/0x1f0 [ 183.319507][T11479] drm_release+0x1ab/0x360 [ 183.320922][T11479] ? __pfx_drm_release+0x10/0x10 [ 183.322505][T11479] __fput+0x402/0xb70 [ 183.323736][T11479] task_work_run+0x150/0x240 [ 183.325212][T11479] ? __pfx_task_work_run+0x10/0x10 [ 183.326892][T11479] ? __do_sys_close_range+0x278/0x730 [ 183.328567][T11479] exit_to_user_mode_loop+0xfb/0x540 [ 183.330185][T11479] do_syscall_64+0x4ee/0xf80 [ 183.331644][T11479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.333464][T11479] RIP: 0033:0x7f7cb338f7c9 [ 183.334888][T11479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.340831][T11479] RSP: 002b:00007ffc52082d58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 183.344060][T11479] RAX: 0000000000000000 RBX: 000000000002cb5d RCX: 00007f7cb338f7c9 [ 183.347128][T11479] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 183.350329][T11479] RBP: 00007f7cb35e7da0 R08: 0000000000000001 R09: 000000065208304f [ 183.353471][T11479] R10: 0000001b2cd20000 R11: 0000000000000246 R12: 00007f7cb35e5fac [ 183.356494][T11479] R13: 00007f7cb35e5fa0 R14: ffffffffffffffff R15: 00007ffc52082e70 [ 183.359519][T11479] [ 183.360766][T11479] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 183.363560][T11479] CPU: 3 UID: 0 PID: 11479 Comm: syz.3.1813 Tainted: G L syzkaller #0 PREEMPT(full) [ 183.367717][T11479] Tainted: [L]=SOFTLOCKUP [ 183.369386][T11479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 183.373499][T11479] Call Trace: [ 183.374793][T11479] [ 183.375967][T11479] dump_stack_lvl+0x3d/0x1f0 [ 183.377773][T11479] vpanic+0x640/0x6f0 [ 183.379323][T11479] ? drm_prime_destroy_file_private+0x43/0x60 [ 183.381622][T11479] panic+0xca/0xd0 [ 183.383038][T11479] ? __pfx_panic+0x10/0x10 [ 183.384801][T11479] ? check_panic_on_warn+0x1f/0xb0 [ 183.386669][T11479] check_panic_on_warn+0xab/0xb0 [ 183.388215][T11479] __warn+0x108/0x3c0 [ 183.389552][T11479] __report_bug+0x2a0/0x520 [ 183.391343][T11479] ? drm_prime_destroy_file_private+0x43/0x60 [ 183.393701][T11479] ? __pfx___report_bug+0x10/0x10 [ 183.395555][T11479] ? find_held_lock+0x2b/0x80 [ 183.397071][T11479] ? drm_master_release+0x2c1/0x600 [ 183.398988][T11479] ? drm_prime_destroy_file_private+0x43/0x60 [ 183.401165][T11479] report_bug+0xb2/0x220 [ 183.402580][T11479] ? drm_prime_destroy_file_private+0x43/0x60 [ 183.404910][T11479] handle_bug+0x127/0x260 [ 183.406220][T11479] exc_invalid_op+0x17/0x50 [ 183.407651][T11479] asm_exc_invalid_op+0x1a/0x20 [ 183.409447][T11479] RIP: 0010:drm_prime_destroy_file_private+0x43/0x60 [ 183.411916][T11479] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 21 48 8b 83 90 00 00 00 48 85 c0 75 06 5b e9 03 ae 6c fc e8 fe ad 6c fc 90 <0f> 0b 90 5b e9 f4 ad 6c fc e8 af 7b d6 fc eb d8 66 66 2e 0f 1f 84 [ 183.418657][T11479] RSP: 0018:ffffc90003d87ca0 EFLAGS: 00010293 [ 183.420566][T11479] RAX: 0000000000000000 RBX: ffff888039ebb380 RCX: ffffffff8b78d5d1 [ 183.422954][T11479] RDX: ffff88802e040000 RSI: ffffffff855235c2 RDI: ffff888039ebb410 [ 183.425716][T11479] RBP: ffff888039ebb000 R08: 0000000000000001 R09: fffff520007b0f74 [ 183.428850][T11479] R10: ffffc90003d87ba7 R11: 0000000000000000 R12: ffff888102fec000 [ 183.431776][T11479] R13: ffff888039ebb2b0 R14: 0000000000000000 R15: ffff888039ebb2d8 [ 183.434602][T11479] ? __mutex_unlock_slowpath+0x161/0x790 [ 183.436322][T11479] ? drm_prime_destroy_file_private+0x42/0x60 [ 183.438727][T11479] drm_file_free.part.0+0x7ee/0xcd0 [ 183.440630][T11479] ? __pfx___fsnotify_parent+0x10/0x10 [ 183.442302][T11479] drm_close_helper.isra.0+0x186/0x1f0 [ 183.444003][T11479] drm_release+0x1ab/0x360 [ 183.445543][T11479] ? __pfx_drm_release+0x10/0x10 [ 183.447457][T11479] __fput+0x402/0xb70 [ 183.448781][T11479] task_work_run+0x150/0x240 [ 183.450215][T11479] ? __pfx_task_work_run+0x10/0x10 [ 183.452159][T11479] ? __do_sys_close_range+0x278/0x730 [ 183.454241][T11479] exit_to_user_mode_loop+0xfb/0x540 [ 183.456292][T11479] do_syscall_64+0x4ee/0xf80 [ 183.458112][T11479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.460366][T11479] RIP: 0033:0x7f7cb338f7c9 [ 183.462057][T11479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.469132][T11479] RSP: 002b:00007ffc52082d58 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 183.472145][T11479] RAX: 0000000000000000 RBX: 000000000002cb5d RCX: 00007f7cb338f7c9 [ 183.474629][T11479] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 183.477121][T11479] RBP: 00007f7cb35e7da0 R08: 0000000000000001 R09: 000000065208304f [ 183.479594][T11479] R10: 0000001b2cd20000 R11: 0000000000000246 R12: 00007f7cb35e5fac [ 183.482050][T11479] R13: 00007f7cb35e5fa0 R14: ffffffffffffffff R15: 00007ffc52082e70 [ 183.484625][T11479] [ 183.486375][T11479] Kernel Offset: disabled [ 183.487724][T11479] Rebooting in 86400 seconds..