last executing test programs: 4.47987764s ago: executing program 3 (id=1164): openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x38011, r1, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) io_submit(r3, 0xca, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0xfff4, 0x0, r2, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}]) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000740), 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 4.047219221s ago: executing program 3 (id=1166): r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x2100, 0x80) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r1, 0x800, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x4}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x81}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), r0) sendmsg$FOU_CMD_GET(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x2c, r2, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@FOU_ATTR_AF={0x5}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @loopback}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x200000c0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, r3, 0x200, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x5, 0x5}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20040040}, 0x40140d0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000540)={'erspan0\x00', &(0x7f0000000480)={'gre0\x00', 0x0, 0x7800, 0x10, 0x3, 0x6, {{0x1e, 0x4, 0x0, 0x2, 0x78, 0x68, 0x0, 0x5, 0x7d0623ce738a62d, 0x0, @private=0x7f, @broadcast, {[@rr={0x7, 0x2b, 0xc9, [@remote, @private=0xa010100, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @local, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @empty, @remote]}, @rr={0x7, 0x1b, 0xc7, [@remote, @remote, @remote, @dev={0xac, 0x14, 0x14, 0x36}, @empty, @dev={0xac, 0x14, 0x14, 0x3f}]}, @end, @timestamp_prespec={0x44, 0x1c, 0x54, 0x3, 0xe, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x81}, {@broadcast, 0xfffffe01}, {@loopback, 0x4}]}]}}}}}) sendto$packet(r0, &(0x7f0000000440)="bdf699648d63b5c5fbd3cf63", 0xc, 0x1, &(0x7f0000000580)={0x11, 0x17, r4, 0x1, 0x5, 0x6, @remote}, 0x14) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r0, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, 0x0, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x4084) bind$bt_hci(0xffffffffffffffff, &(0x7f00000006c0)={0x1f, 0x1, 0x1}, 0x6) sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f00000007c0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x20, r3, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x6, 0x39}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x40040}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000900)={&(0x7f0000000800), 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x38, 0x16, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x9}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x4048050) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000980), r0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r0, &(0x7f0000000b00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000ac0)={&(0x7f00000009c0)={0xe4, r5, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4ae}, @MPTCP_PM_ATTR_ADDR={0x4c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x13}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x3c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0xc}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x12}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x8}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x3}, @MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x24000080}, 0x20000000) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b80)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000dc0)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000bc0)={0x1ac, r3, 0x200, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_IE={0x172, 0x2a, [@cf={0x4, 0x6, {0x60, 0x0, 0x1ff, 0x8}}, @chsw_timing={0x68, 0x4, {0x7, 0x101}}, @fast_bss_trans={0x37, 0xe1, {0xfb, 0x5, "ba60e56ecf26466aaa8dff480c79493e", "f6b006d49ca40f2d866b8267427f3cd96a16c902077fc1e4f09099251a6f6b67", "df78b0439c466cc3322033be34485826fecdf41ae98002dfb8d10470af411429", [{0x3, 0x19, "498c790554f174d3115abccdcf2b4f60550c249c41f444a8a4"}, {0x2, 0x16, "099c3fe8d29f140129ad8ca72ad5fc58d5542b623179"}, {0x1, 0x1e, "6ffc49c749e3000710fb9d7e5a204ee6d5ec5fd31a4b04e22dea5890bd3e"}, {0x1, 0x1c, "9883ec6275de2afdc266a82ee3cd33985d3c7a7b5177bb18b1eec48d"}, {0x4, 0x1c, "5ff6609e05bdf6d90ce3a79862c77a46e9a0020be37a91e66ba7ba0d"}]}}, @dsss={0x3, 0x1, 0xad}, @perr={0x84, 0x75, {0x81, 0x7, [{{}, @device_b, 0xfffffc01, @void, 0x42}, {{}, @broadcast, 0xc, @void, 0xf}, {{0x0, 0x1}, @device_b, 0x6, @value=@broadcast, 0x6}, {{0x0, 0x1}, @device_a, 0x200, @value=@broadcast, 0x2d}, {{}, @device_a, 0x0, @void, 0x1b}, {{0x0, 0x1}, @device_b, 0x8, @value, 0x30}, {{0x0, 0x1}, @device_a, 0x11f0000, @value=@broadcast, 0x26}]}}, @supported_rates={0x1, 0x1, [{0x3}]}]}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x20040800}, 0x40000) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e40), r0) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000f00)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x2c, r7, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x6}, @NL80211_ATTR_STA_TX_POWER={0x6, 0x114, 0x80b9}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x6556}]}, 0x2c}, 0x1, 0x0, 0x0, 0x200000c1}, 0x4010) r8 = syz_open_procfs$userns(0x0, &(0x7f0000000f80)) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000001080)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x69ab99b5292cbf85}, 0xc, &(0x7f0000001040)={&(0x7f0000000fc0)={0x70, 0x0, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @broadcast}, @GTPA_VERSION={0x8, 0x2, 0x8f}, @GTPA_NET_NS_FD={0x8, 0x7, r8}, @GTPA_TID={0xc}, @GTPA_TID={0xc}, @GTPA_MS_ADDRESS={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @GTPA_MS_ADDR6={0x14, 0xc, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_MS_ADDRESS={0x8, 0x5, @local}]}, 0x70}, 0x1, 0x0, 0x0, 0xc0010}, 0x4000001) r9 = syz_open_dev$usbfs(&(0x7f00000010c0), 0x1, 0x20000) ioctl$USBDEVFS_CONNECTINFO(r9, 0x40085511, &(0x7f0000001100)) getsockname$packet(r0, &(0x7f0000001140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001180)=0x14) ioctl$AUTOFS_IOC_CATATONIC(r8, 0x9362, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f00000011c0)=0x3) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000001240), r0) sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000001380)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001340)={&(0x7f0000001280)={0x84, r10, 0x800, 0x70bd2b, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9f6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x10000}}]}, 0x84}}, 0x80) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000001440)={'syztnl1\x00', &(0x7f00000013c0)={'tunl0\x00', 0x0, 0x8, 0x80, 0x7, 0xffff, {{0xc, 0x4, 0x2, 0x32, 0x30, 0x66, 0x0, 0xd, 0x4, 0x0, @broadcast, @rand_addr=0x64010102, {[@end, @noop, @ra={0x94, 0x4}, @timestamp={0x44, 0x8, 0x86, 0x0, 0x6, [0x27]}, @generic={0x44, 0xa, "5317db550d262723"}, @end]}}}}}) bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x6, 0x1, 0x1, 0x5, 0x684d, 0x1, 0x5, '\x00', r11, r0, 0x4, 0x4, 0x5}, 0x50) 3.814065261s ago: executing program 3 (id=1168): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdir(&(0x7f0000000440)='./file1\x00', 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180)) 3.63679676s ago: executing program 3 (id=1171): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101) lsetxattr$security_evm(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100), &(0x7f0000000700)=ANY=[@ANYBLOB="03000000000009003744260305cf202abf6aaf29ac979a0cce7d5659e02bef1ebd81d0b11fd04c6ee0ce51ead3922039593ac3198b96a104ccda13be4281a2f47cb6"], 0x40, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x99, &(0x7f0000000340)=[{}], 0x8, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x8a, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000640)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)=@gettfilter={0x34, 0x2e, 0x0, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0xfff2, 0x3}, {0x7, 0xe}, {0xa, 0xffff}}, [{0x8, 0xb, 0x7}, {0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4024844}, 0x80) r3 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r3, &(0x7f0000000000)={0x1d, r1}, 0x10) r4 = epoll_create1(0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000200)='dctcp', 0x5) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r5, &(0x7f0000000400)="02", 0x1, 0x0, 0x0, 0x0) r6 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r6, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r7, &(0x7f00000000c0)={0xe000001d}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r7, 0xc058565d, &(0x7f0000000780)=@fd={0x0, 0x1, 0x4, 0x2000, 0x0, {}, {0x1, 0x0, 0x6b, 0x7, 0xec, 0x8, "d2762d17"}, 0x6, 0x4, {}, 0x7f}) chdir(&(0x7f0000000080)='./file1\x00') r8 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d) getdents64(0xffffffffffffffff, &(0x7f0000000680)=""/127, 0x7f) ioctl$AUTOFS_IOC_PROTOSUBVER(r8, 0xc0089364, &(0x7f0000000180)) 3.514930709s ago: executing program 3 (id=1172): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x101) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000180)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x7e, &(0x7f0000000280)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f81fcb", 0x48, 0x3a, 0x0, @private0, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "4aa1d3", 0x0, 0x0, 0x0, @private1, @ipv4={'\x00', '\xff\xff', @loopback}, [@routing={0x3c}, @srh={0x2f}, @dstopts]}}}}}}}, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x4, 0x3, 0x0, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) recvfrom(r0, &(0x7f00000007c0)=""/8, 0x8, 0x0, &(0x7f0000000800)=@ax25={{0x3, @null, 0x8}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x80) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x170, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x140, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x100, 0x5, 0x400, 0x9, 0x81, 0xfff, 0xe, 0xc40, 0x7fffffff, 0xfffffffd, 0x24, 0xb, 0xff, 0x6, 0xca11, 0xfffb}}, @TCA_GRED_STAB={0x104, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e01798d28b6d63cf7465ea95bd97b018b7afaccdcb28bb42d677b73c44e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236743acd06103cd77bd07f2df5989ee40e409b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ffcf44f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990f7acfdb8216ea52f604b9f12033688caa4b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d6"}]}}]}, 0x170}, 0x1, 0x0, 0x0, 0x240400d0}, 0x24008004) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}], 0x20) chdir(&(0x7f0000000080)='./file1\x00') setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000cc0)=@security={'security\x00', 0xe, 0x4, 0xb70, 0xffffffff, 0x9a8, 0x0, 0x8c0, 0xffffffff, 0xffffffff, 0xaa0, 0xaa0, 0xaa0, 0xffffffff, 0x4, &(0x7f0000000540), {[{{@uncond, 0x0, 0x888, 0x8c0, 0x0, {}, [@common=@unspec=@u32={{0x7e0}, {[{[{0x4, 0x3}, {0xe79}, {0x100}, {0x4c4}, {0x4, 0x1}, {0x7, 0x2}, {0x3, 0x1}, {0x5, 0x2}, {0x8, 0x2}, {0x2, 0x1}, {0xea93, 0x3}], [{0xa, 0x9}, {0x4, 0x8}, {0x9, 0xa59}, {0x9, 0xfffffc00}, {0xc, 0x7fff}, {0x81, 0x9}, {0x1ff, 0x4}, {0x6, 0xb}, {0x2, 0x4}, {0x2, 0x6}, {0x40, 0xffffffff}], 0x4, 0x8}, {[{0x6, 0x2}, {0xffffffff, 0x3}, {}, {0x1}, {0xf9, 0x2}, {0x4, 0x2}, {0x81, 0x1}, {0x1}, {0x3, 0x1}, {0xffff, 0x2}, {0x3, 0x1}], [{0x7f, 0x6}, {0x5, 0x4}, {0x5, 0x7}, {0xfffff0b5, 0x8}, {0x7ff, 0x5}, {0x4, 0x5}, {0x0, 0xb}, {0x9, 0x94}, {0x364e911d, 0xfff}, {0x3101, 0x6}, {0x3, 0xb5}], 0x7, 0x4}, {[{0xadef, 0x2}, {0x2, 0x3}, {0x4}, {0x1, 0x2}, {0xffff}, {0x677, 0x3}, {0xffffffff, 0x2}, {0xffff, 0x1}, {0x8}, {0x9, 0x1}, {0x188}], [{0xf, 0x1}, {0x3, 0x7}, {0x81, 0xa8}, {0x0, 0x3}, {0x9, 0x72da}, {0x2}, {0xc9, 0x8000}, {0x0, 0xfffff187}, {0x4, 0x9}, {0xfcb, 0x3}, {0x4, 0xfffffffa}], 0x7, 0x7}, {[{0x80000000}, {0xdec, 0x3}, {0xd, 0x1}, {0x5, 0x1}, {0x1e, 0x1}, {0x8, 0x1}, {0xfffffffd, 0x3}, {0x0, 0x3}, {0x2c, 0x2}, {0x3, 0x1}, {0x8, 0x2}], [{0x8001, 0x3}, {0x75f, 0xe}, {0x9}, {0xffff, 0x5}, {0x7, 0xb}, {0x3, 0x8}, {0xffffffff}, {0x110, 0x800}, {0xb, 0x7}, {0x401, 0x3}, {0x1, 0x3}], 0xa, 0xb}, {[{0x4, 0x3b38c1fb203c545f}, {0x7}, {0x12d, 0x2}, {0x9861, 0x1}, {0x6, 0x1}, {0x6}, {0x6, 0x1}, {0xaabe}, {0x6, 0x1}, {0x4, 0x3}, {0x5, 0x1}], [{0x2, 0x9}, {0x3, 0x2}, {0x2473}, {0x1000, 0x200}, {0x80, 0x7}, {0x6, 0x7f}, {0x5, 0x81}, {0x7, 0x3}, {0x22f, 0x1}, {0x5, 0xb1}, {0x8, 0x9}], 0x8, 0x6}, {[{0x2}, {0x8, 0x3}, {0x1, 0x1}, {0x7, 0x3}, {0x81, 0x2}, {0x3, 0x2}, {0x8001, 0x3}, {0x7f}, {0x0, 0x1}, {0x7, 0x2}, {0x2, 0x3}], [{0x41fb, 0xcf95}, {0x9c9a, 0xfff}, {0x7fff, 0x2}, {0x10000, 0xffff}, {0x1, 0x8}, {0x7, 0x2}, {0x10001}, {0x6, 0x40000}, {}, {0x2, 0x8}, {0x8, 0x1}], 0x7, 0x2}, {[{}, {0x4}, {0x9, 0x2}, {0x6, 0x2}, {0x6}, {0x1, 0x2}, {0x9, 0x2}, {0xd6, 0x1}, {0x6}, {0x5}, {0x5, 0x2}], [{0xffff, 0x6}, {0x2, 0x3}, {0x9, 0x7}, {0x8, 0x3}, {0x6, 0x3}, {0x3, 0x100}, {0x1, 0x8}, {0x3, 0x4e04054a}, {0x7, 0x6}, {0x1}, {0x311, 0xfff}], 0x5, 0x3}, {[{0x7}, {0x9, 0x2}, {0xe7ae, 0x3}, {0x6, 0x2}, {0x0, 0x2}, {0xc4fd, 0x1}, {0x8}, {0x3, 0x1}, {0x6, 0x2}, {0x3, 0x2}, {0x7ff}], [{0x0, 0x4}, {0x80000, 0x4f}, {0xffff72c1, 0xfffffff7}, {0x3, 0x6}, {0xff, 0x10000}, {0x4, 0x3c4}, {0x8, 0x7}, {0x3, 0x5}, {0x80000000, 0x3ff}, {0x7f, 0x7}, {0xfffffffc, 0x10}], 0x0, 0x2}, {[{0x5f, 0x2}, {0x10, 0x2}, {0x400}, {0x6, 0x1}, {0x6, 0x2}, {0x40000, 0x2}, {0xfffffffe, 0x2}, {0x5c8, 0x2}, {0x6, 0x3}, {0x4}, {0xfb2, 0x3}], [{0x5, 0xa5}, {0xe89c, 0x3}, {0x2, 0x9}, {0x3, 0x7}, {0x1, 0x7ff}, {0x3, 0x8}, {0x7ff, 0x1}, {0x1}, {0x9, 0x800}, {0x3903, 0x606}, {0x1, 0x8}], 0x4, 0x9}, {[{0x6, 0x1}, {0x7, 0x1}, {0x8}, {0x63}, {0x4, 0x2}, {0x1ff}, {0x9, 0x1}, {0x2, 0x3}, {0xbd, 0x2}, {0x5, 0x1}, {0xffffc5b0, 0x1}], [{0x8, 0x8001}, {0x10001, 0x3d}, {0x101}, {0x5, 0xfffffff7}, {0x8001, 0x2}, {0x176, 0x9}, {0x8, 0xffff7fff}, {0x80}, {0x9cc, 0x3}, {0x4, 0xfff}, {0x71380000}], 0x9, 0x9}, {[{0x7, 0x2}, {0x3, 0x2}, {0xc, 0x3}, {0xfffffffc}, {0x9d34, 0x3}, {0x2, 0x2}, {0xfffffffe, 0x2}, {0x5}, {0x80, 0x2}, {0x5, 0x1}, {0xff}], [{0x8, 0xb}, {0x7, 0x3}, {0xaa6, 0x2}, {0xffffffab, 0x401}, {0x8f, 0x9}, {0x33, 0x4}, {0xffffffff, 0xc}, {0x1, 0x9}, {0x80000001, 0x71}, {0x2}, {0x3, 0x1}], 0x9, 0x6}], 0x5, 0x1}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x3, 0x3, 0x3}, {0x3, 0x1}, {0x0, 0x3, 0x5}, 0x8, 0xfffffff3}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "a7d4ddfeea04d03092f65b01927fe88cec7b06fa4512ee2f09c66f88bbec"}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28}, {"7da3", 0x1}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x2715, 0x8001, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0xbd0) stat(&(0x7f0000000640)='./file1\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$nfs4(&(0x7f0000000580)='^#\x00', &(0x7f00000005c0)='./file1\x00', &(0x7f0000000600), 0x20, &(0x7f0000000700)={[{'@*'}], [{@subj_user={'subj_user', 0x3d, '#'}}, {@smackfshat={'smackfshat', 0x3d, 'trusted.overlay.upper\x00'}}, {@fsname={'fsname', 0x3d, 'lo\x00'}}, {@measure}, {@dont_hash}, {@appraise}, {@uid_eq={'uid', 0x3d, r4}}, {@smackfsfloor={'smackfsfloor', 0x3d, '\'},'}}]}) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), &(0x7f0000000200)={0x0, 0xfb, 0xf6, 0x1, 0x1, "4677d03cc3dadb8c78656c99b05bd3ac", "b9cab8a129ae5c63c6ce613464394c49907dd3a1a6adeb03868f5c17bf5ce0a6bad4c594775d289d44e8a77efd52dddd3fbe666e176a0b28f3b8a13ab5c9f02afe39c9d487c8a816b8ed6d49480adccc8707e95d5d0e7704295d8a5dfd0decfe632150810c312d69a3aa411d2824205bc8bf06d40b3935933bf7cc0c4fb78547c5601fe89e4868893f126bb2a4bbbd2748cb06565485daf0ab3e36589e68efd154d82d8c8c5b1931b675d1155e0bebb75a0800b6eda9490e6e724c658ab5cb917d4ddc697dec5167a55ddbcb7ef41eab74141c3e068de80860cc917270843dfd91"}, 0xf6, 0x0) r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdir(&(0x7f0000000440)='./file1\x00', 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r6, &(0x7f00000005c0), 0x10) sendmsg$can_bcm(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) setsockopt$SO_TIMESTAMP(r6, 0x1, 0x1d, &(0x7f0000000180)=0x2, 0x4) recvfrom$packet(r6, 0x0, 0x0, 0x40000000, 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x40049366, &(0x7f0000000180)) 2.279563863s ago: executing program 1 (id=1184): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000780)={0x0, 0xfffffffffffffe76, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="28009c00350001002bbd7004fedbdb250400002a0c93f16ccb6e729f2e917eaa91bdcc538331cb353c"], 0x28}, 0x1, 0x0, 0x0, 0x20040050}, 0x24000080) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb80393884d01a507, 0x4008032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="020000000400000004000000"], 0x48) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001600)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000200000002c41000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1886d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd3641130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce7400dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f000006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08e774c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d32872c494160cb7f46ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe94ff010011d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcebc7586186fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d263e8778e6e8ffe4ea50b076446f35eff00006b340658342d2d9e1ef68c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e92a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd311a40030f9ffce75ffff996a80153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf2af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00f80b58fd76e4bc46c84799aa792cdaeb6cfb858e577dacff607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee2c7ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be1557951854c01dbc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e9994ca9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c425190a6e3f1a8a3abfe6059da9c952cf35c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676590bd2047229e0237c1e34641848531712ff09e89fb062a3e66f4fced0ae679733830039cb61ea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfd0e5e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a60a0290bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b239a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cdcc1f594ecfaff9a79b56f8b38038002d29b3193cea9cd0a0ef4f58fa48f61071f548d411353965615c24c1860fd0dfae0f4cdf8c8f8645a289a79f9b919b674f0325d81eacaa8399324a304885da01733bb7917ec5e52718eb05f9c1ffd69f834150e9100c215968e8fb31c83526e6f66897569e28d01ca6135a2acca398c1415e0f9b58b63ee9dc33608ba7e5c4bdf3f37d8e4f4f424be263d9c2a5204f41e9b0ee01ad4cc0519395b69c310c98d3c8edc7d07b30617f3535634257f5472d9f3263a6f04778a920c12000721bb82f9884780ac294b8bb07ebf6e3f16584e95607e319b2ea9778289c19fb775514246159bbfa9dc0fdf711d3efa316a3323c915a40e6d7c8f8d7daf98824fd0bc955dc9731cc8c7a600d94b8049af764688c7ffdd26a741b03b065ba9c586914d8beb94c8a265ace34172ed003357ddd400557230b2caba17a647a171c2fc73a8c7541c7ffaafba62195fce77382ae962f30d4a377d760040975a44aa73a4e687d06f96f0987b980f6f883534dfc71ace539eeeb08cff54e0e05d5e0563660a3664c67d0eb9cdf4eab93ab4bf1972a2acc5c5d43dc2f2b66d7493c390d042d896a1ad772f6d4c2cf38ba0"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000380)=r1, 0x4) sendmsg$sock(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000280)="67f1", 0xfdef}], 0x1}, 0x40840) syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x11) 1.882776802s ago: executing program 3 (id=1188): openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) r2 = syz_open_procfs(0x0, &(0x7f0000000300)='net/icmp\x00') r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000500)=ANY=[@ANYBLOB="00010000160001040000000000000000ac1414aa000000000000000000000000ff01000000000000000000000000000100000fd100000002020000000c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000033000000000000000000000000000000000000010000000000000000000000004fbf3e187ede12b6161ad362565f4700000000000000000000000000000000000000000000000016000080010000800000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000800000000000004000000060000000004000000000000000000000a000000940000000000000000000000ad04000008001fdb00000000"], 0x100}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) r4 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r4, &(0x7f0000000240)={0xa, 0x4e23, 0x1000, @empty}, 0x1c) pread64(r2, &(0x7f0000000680)=""/230, 0xe6, 0x43) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x38011, r1, 0x4922f000) r5 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) syz_usb_control_io$hid(r5, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000000b2e2b5ab40bf85edaca83"], 0x0}, 0x0) syz_usb_control_io(r5, 0x0, &(0x7f0000000c00)={0x44, &(0x7f0000000580)=ANY=[@ANYBLOB="000301"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCSFLAG(r6, 0x4004480f, &(0x7f0000000000)=0x3) readv(r6, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/69, 0x45}], 0x1) ioctl$HIDIOCGUSAGE(r6, 0xc018480b, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) io_submit(r8, 0xca, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x0, 0x0, r7, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}]) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000740), 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 1.836763194s ago: executing program 0 (id=1189): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x4c, 0x10, 0x503, 0x70bd2a, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3806}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x2}]}}}, @IFLA_MASTER={0x8}]}, 0x4c}}, 0x440b0) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x4c, 0x10, 0x503, 0x70bd2a, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3806}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x2}]}}}, @IFLA_MASTER={0x8}]}, 0x4c}}, 0x440b0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000002c0)={'gre0\x00', &(0x7f0000002600)={'erspan0\x00', 0x0, 0x20, 0x7, 0x1, 0x4, {{0x2f, 0x4, 0x3, 0x2, 0xbc, 0x66, 0x0, 0x7f, 0x4, 0x0, @local, @broadcast, {[@ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x25, 0xffffffffffffffff, [{0x5, 0xf, "f718b9360494ed3ad21c84fadd"}, {0x6, 0xb, "14f3a6ab961cefcfd1"}, {0x1, 0x5, "62bafa"}]}, @lsrr={0x83, 0xf, 0x91, [@multicast2, @dev={0xac, 0x14, 0x14, 0x19}, @local]}, @end, @rr={0x7, 0x17, 0xb2, [@local, @multicast2, @empty, @empty, @rand_addr=0x64010100]}, @generic={0x44, 0xb, "9eb67673766819439b"}, @ssrr={0x89, 0x17, 0x7a, [@remote, @multicast2, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1]}, @timestamp_addr={0x44, 0x24, 0x4f, 0x1, 0x5, [{@private=0xa010101, 0x75}, {@local, 0x3}, {@multicast2, 0x10001}, {@dev={0xac, 0x14, 0x14, 0x41}, 0x2}]}, @end, @generic={0x83, 0xe, "9d5f28d689ab89948c77cb31"}]}}}}}) (async) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000002c0)={'gre0\x00', &(0x7f0000002600)={'erspan0\x00', 0x0, 0x20, 0x7, 0x1, 0x4, {{0x2f, 0x4, 0x3, 0x2, 0xbc, 0x66, 0x0, 0x7f, 0x4, 0x0, @local, @broadcast, {[@ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x25, 0xffffffffffffffff, [{0x5, 0xf, "f718b9360494ed3ad21c84fadd"}, {0x6, 0xb, "14f3a6ab961cefcfd1"}, {0x1, 0x5, "62bafa"}]}, @lsrr={0x83, 0xf, 0x91, [@multicast2, @dev={0xac, 0x14, 0x14, 0x19}, @local]}, @end, @rr={0x7, 0x17, 0xb2, [@local, @multicast2, @empty, @empty, @rand_addr=0x64010100]}, @generic={0x44, 0xb, "9eb67673766819439b"}, @ssrr={0x89, 0x17, 0x7a, [@remote, @multicast2, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1]}, @timestamp_addr={0x44, 0x24, 0x4f, 0x1, 0x5, [{@private=0xa010101, 0x75}, {@local, 0x3}, {@multicast2, 0x10001}, {@dev={0xac, 0x14, 0x14, 0x41}, 0x2}]}, @end, @generic={0x83, 0xe, "9d5f28d689ab89948c77cb31"}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000540)={'syztnl2\x00', 0x0, 0x2b, 0xd0, 0x8, 0xc, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8, 0x10, 0x3, 0x7}}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000540)={'syztnl2\x00', 0x0, 0x2b, 0xd0, 0x8, 0xc, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8, 0x10, 0x3, 0x7}}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) (async) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x44522}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f00000027c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000004c0)={&(0x7f0000002700)=ANY=[@ANYBLOB="98000000", @ANYRES16=0x0, @ANYBLOB="00042abd7000fedbdf251500000044000180080003000600000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="080003000000000008000100", @ANYRES32=r3, @ANYBLOB="080003000200000008000100", @ANYRES32=r6, @ANYBLOB="20000180140002007665746831bae6670b047c8cff0000001c1e008008000300000000000800030001000000080003000300000004000180"], 0x98}, 0x1, 0x0, 0x0, 0x4000010}, 0x1) (async) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f00000027c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000004c0)={&(0x7f0000002700)=ANY=[@ANYBLOB="98000000", @ANYRES16=0x0, @ANYBLOB="00042abd7000fedbdf251500000044000180080003000600000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="080003000000000008000100", @ANYRES32=r3, @ANYBLOB="080003000200000008000100", @ANYRES32=r6, @ANYBLOB="20000180140002007665746831bae6670b047c8cff0000001c1e008008000300000000000800030001000000080003000300000004000180"], 0x98}, 0x1, 0x0, 0x0, 0x4000010}, 0x1) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) (async) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_GET_FROZEN_INFO(r7, 0xc00c620f, &(0x7f0000000500)) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) syz_io_uring_setup(0x499, &(0x7f0000000240)={0x0, 0x79af, 0x3180, 0x0, 0x26d}, 0x0, 0x0) (async) syz_io_uring_setup(0x499, &(0x7f0000000240)={0x0, 0x79af, 0x3180, 0x0, 0x26d}, 0x0, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps_rollup\x00') read$FUSE(r9, &(0x7f00000005c0)={0x2020}, 0x2020) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) utime(&(0x7f0000000080)='./file0\x00', &(0x7f0000000000)={0x1, 0xfff}) (async) utime(&(0x7f0000000080)='./file0\x00', &(0x7f0000000000)={0x1, 0xfff}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x1c, r1, 0x5, 0x70bd28, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}}, 0x0) r11 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r11, 0x0, 0x48b, &(0x7f0000000280)={0x1, 'bond0\x00', 0xfffffffe}, 0x18) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) (async) r12 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) write$cgroup_int(r12, &(0x7f0000000040)=0x2, 0x12) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000140)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @random=0xa, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @val={0x25, 0x3, {0x1, 0x40, 0x7}}, @void, @val={0x3c, 0x4, {0x0, 0x0, 0x6, 0x1}}, @void, @void, @void, @void}, 0x41) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) 1.796531752s ago: executing program 1 (id=1190): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0) r1 = add_key$user(&(0x7f0000000180), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000001c0)="7f", 0x1, 0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0xa, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_TC={0x5, 0x45, 0x6c}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x5}, 0x20040054) write$P9_RFSYNC(r0, &(0x7f0000000000)={0x7, 0x33, 0x1}, 0x7) keyctl$set_timeout(0xf, r1, 0xfe35) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x2f) 1.515843258s ago: executing program 0 (id=1192): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x11, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000270e00"/20, @ANYRES32=0x0, @ANYBLOB="2a130200b7580000140012800b00010067656e65766500000400028008002000070cf0ce"], 0x3c}}, 0x4) 1.515556155s ago: executing program 2 (id=1193): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000000004102, 0x0) r1 = syz_io_uring_setup(0x43, &(0x7f0000000440)={0x0, 0x74c2, 0x1, 0x1, 0x1a4, 0x0, r0}, &(0x7f00000004c0)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) io_uring_enter(r1, 0x1d2d, 0x8890, 0x0, 0x0, 0x0) 1.374903294s ago: executing program 1 (id=1194): openat$uinput(0xffffffffffffff9c, 0x0, 0xc03, 0x0) fchmod(0xffffffffffffffff, 0x8) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0201, 0x0) write$snddsp(r1, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) ioctl$BTRFS_IOC_DEV_INFO(r1, 0xd000941e, &(0x7f0000000980)={0x0, "8de061b112ba29f991f4064def932f4d"}) ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000001980)={0x14, 0x0, {0x0, @struct={0xfffffffb, 0x10}, 0x0, 0x9, 0x4, 0xfffffffffffffffd, 0x2, 0x3, 0x20, @usage, 0xb8c5, 0xf, [0x3, 0xb60000000, 0xf, 0x81, 0xcc, 0x100000001]}, {0x21149419, @usage=0x9, r2, 0x1, 0x7, 0x5065, 0x2, 0x7fffffffffffffff, 0x400, @struct={0x2, 0x2}, 0x4, 0xda3, [0x6, 0x6a8a, 0x7, 0x5, 0x11bc00000000000, 0x71]}, {0x1, @usage=0x8, r3, 0xc0, 0xffffffff8dc8104f, 0x1000, 0x1000, 0x8, 0x6, @usage=0x5, 0x3, 0x7, [0x2, 0x0, 0x9, 0x1, 0xfffffffffffffffc, 0x6]}, {0x3, 0x3, 0xd}}) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c) listen(r0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000480)={@in6={{0xa, 0x4e22, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}}, 0x0, 0x0, 0xb, 0x0, "9ecf3315567f14d56a87d134cc409e2a652dbbf6c50480937c6fa85af81bc6fc54b71f03985ac33e31d612d976a6efcda8853b8a4430503621f06679995d916cb4361795dd7dbae51d07384b7c2e6949"}, 0xd8) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00@\x00', 0x14, 0x6, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, {[], {{0x4e24, 0x4e24, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 1.374660615s ago: executing program 2 (id=1195): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101) lsetxattr$security_evm(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100), &(0x7f0000000700)=ANY=[@ANYBLOB="03000000000009003744260305cf202abf6aaf29ac979a0cce7d5659e02bef1ebd81d0b11fd04c6ee0ce51ead3922039593ac3198b96a104ccda13be4281a2f47cb6"], 0x40, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x99, &(0x7f0000000340)=[{}], 0x8, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0x8a, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000640)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)=@gettfilter={0x34, 0x2e, 0x0, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0xfff2, 0x3}, {0x7, 0xe}, {0xa, 0xffff}}, [{0x8, 0xb, 0x7}, {0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4024844}, 0x80) r3 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r3, &(0x7f0000000000)={0x1d, r1}, 0x10) r4 = epoll_create1(0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000200)='dctcp', 0x5) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r5, &(0x7f0000000400)="02", 0x1, 0x0, 0x0, 0x0) r6 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r6, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r7, &(0x7f00000000c0)={0xe000001d}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r7, 0xc058565d, &(0x7f0000000780)=@fd={0x0, 0x1, 0x4, 0x2000, 0x0, {}, {0x1, 0x0, 0x6b, 0x7, 0xec, 0x8, "d2762d17"}, 0x6, 0x4, {}, 0x7f}) chdir(&(0x7f0000000080)='./file1\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0xc0089364, &(0x7f0000000180)) 1.234501538s ago: executing program 1 (id=1196): r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) (rerun: 64) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000b00)={0xa, @win={{0x6, 0xfffffff7, 0x1321, 0x4ac3}, 0x4, 0xd0bf, &(0x7f0000000280)={{0x1d1, 0x7ff, 0x1, 0x1}, &(0x7f0000000240)={{0x0, 0x3, 0x5, 0x7}, &(0x7f0000000200)={{0x3, 0x4, 0x2, 0x80000001}}}}, 0x0, &(0x7f0000000300)="1c147dcbb71d942172d588694a3285c90841678b586caa5113807c3b1fd9b55053c65335cd407e5a0e9e1db76b81f5b2ad5859993f3cb9be127cf1da038f3870c507eaa0a08d906e8ee94a9abaf3faf055aa101b1ccd56b4c64900cecfd26a54ddaebf6c2385789abcd01d0b", 0x83}}) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'virt_wifi0\x00', 0x0}) mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='befs\x00', 0x800, 0x0) (async, rerun: 64) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0xfe, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128008000100687372001c000280050007000100000008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r3], 0x48}}, 0x0) (async, rerun: 64) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.kill\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) (async) ftruncate(r4, 0xc17a) (async) getsockopt$PNPIPE_INITSTATE(r4, 0x113, 0x4, &(0x7f0000000140), &(0x7f0000000180)=0x4) 1.041083985s ago: executing program 0 (id=1197): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) getpeername$ax25(r1, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) shutdown(r2, 0x1) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x1000004, 0x42031, 0xffffffffffffffff, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r3, 0x3ba0, &(0x7f0000000880)={0x48, 0x4, 0x0, 0x0, 0x1000, &(0x7f0000ffc000), 0x1}) syz_emit_ethernet(0x5a, &(0x7f00000002c0)=ANY=[@ANYBLOB="aab9aaaaaaaad8be17d1922108004522004b0066000007069078ac1414bbac1414bb4e234e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="e0020002907800e7020402001312bfa31421efc561885fb30e4ab59fd468030303fe09f9892c7a51fa180100f945f97a072d5cd26ffb12ffe2502d441c64d343c126be7ddc5afe56b011fab3dea3465d445d7c68122ee05ff1feecd54902a70c0e10a06e53ff164a81446f7e672c04c5ceda9840f4edfc04a3ef77cf3bcb7fe4b3ddf35e1c192123a5fa2f2542108bfcecb6a818522586ed9bcac117f88f33415c8027d50300c8909b6550f9e209a7470ec9a7081a0a71388d67a7a1181b1ec2eafd33dab76329a54b976364cbe7300992b664b044fa372f4606200f4fd8ffe820210234"], 0x0) splice(r2, 0x0, r0, 0x0, 0x2, 0x0) 1.030903821s ago: executing program 1 (id=1198): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4) getsockopt$ax25_int(r0, 0x101, 0x7, &(0x7f0000000000), &(0x7f0000000180)=0x4) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000010280)='./bus\x00') mkdir(&(0x7f0000000300)='./file1\x00', 0x8) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x1c0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xb, 0x8, 0x7fc00002}]}) userfaultfd(0x80801) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0x40082104, 0x0) renameat2(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file2\x00', 0x2) 874.711228ms ago: executing program 0 (id=1199): syz_emit_ethernet(0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="ff04ffffffff0000000000000059525e700854be9c50f1d80c8d473064cd08245661eecdc927ff78641c8617e03037a3426eeaf035ee0aba59e5d9fac37ab49a0b3a49822a30418200"/86], 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001800010000000000000200001d01080008000a00", @ANYRES32, @ANYBLOB='\b\x00\t\x00', @ANYRES32], 0x24}}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f000019"], 0xfe33) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x0, 0x4}, 'syz0\x00', 0x4b}) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0) write$dsp(r2, &(0x7f00000004c0)='\x00', 0x1) ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x0, 0x0) mmap(&(0x7f0000a92000/0x2000)=nil, 0x2000, 0xb635773f05ebbef8, 0x20010, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x16f) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) symlinkat(&(0x7f0000000040)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') newfstatat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0/file0/file0\x00', &(0x7f00000024c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x6000) mount$overlay(0x0, &(0x7f0000000300)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000002600)={[{@metacopy_on}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0/file0'}}], [{@obj_type={'obj_type', 0x3d, '@%#+:.#@$-{}]%/'}}, {@smackfsroot={'smackfsroot', 0x3d, '^%\x00'}}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@smackfshat={'smackfshat', 0x3d, '\xa6{ \x9a~u\x9c\xf3\xcb\xe8\x05\x15CpEjM4z\t\xf5\xbe\xf9+\x89\xdf\x1a\xd5X\x87\xff\x90\x85\xe2\xc0\xee\x915S\x95\xae\r.)]\xdf\xdd\xab(\xd3\xfb\xe9\xa7l>\x0f\xf3\xaa\xe9QlB\x97\xa4X\x7f\x84\x05sa\xa5\xef\xd0\x11\x8d\\\x04\xb1\xbb\xae\xc2\xc0f?V\xc9\x8e\x10\xe0\xc5\xc0\x8f\xf3\x95$a\xd6\x1c;\xbd\xd7\xa2\x007\x84\xa1\f8\x04_\xde\xf7\xbc\n\xc6'}}, {@fowner_gt={'fowner>', r4}}, {@hash}]}) linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1000) chdir(&(0x7f00000003c0)='./bus\x00') rename(&(0x7f0000000240)='./file0\x00', &(0x7f0000000400)='./file0/file0\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000380)={0x1, &(0x7f0000000340)=[{0x1ff, 0x5, 0x50, 0x4}]}) ioctl$XFS_IOC_SCRUB_METADATA(0xffffffffffffffff, 0xc040583c, &(0x7f0000000280)={0xa, 0x2, 0x9, 0x6, 0x3}) read$FUSE(r3, &(0x7f0000000480)={0x2020}, 0x2020) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x13, r5, 0x0) pwritev2(r5, &(0x7f0000000100)=[{&(0x7f00000003c0)="05", 0x1}], 0x1, 0x23f, 0x7, 0xa) 187.540777ms ago: executing program 2 (id=1200): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x20000800) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x7c, r1, 0x5, 0x4, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x3f, 0xe, {{{}, {}, @device_b, @broadcast}, 0x200000000000000, @random=0x4, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @void, @void, @void, @void, @void, @val={0x3c, 0x4, {0x1, 0x7, 0x3c, 0x2}}, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x1, 0x1, 0xf0, 0x8}}, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x4}]}, 0x7c}, 0x1, 0x0, 0xc00000000000000}, 0x0) 187.22557ms ago: executing program 0 (id=1201): r0 = memfd_secret(0x0) ftruncate(r0, 0x51a9497) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x82) r1 = gettid() timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x100) stat(&(0x7f00000004c0)='./file1\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = socket$inet_smc(0x2b, 0x1, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x2, 0x1a1880) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r5, 0xc1485544, &(0x7f00000003c0)) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r6, 0xc058534f, &(0x7f0000000400)={{0x0, 0x1}, 0x0, 0xfffffffe}) r7 = bpf$ITER_CREATE(0x21, &(0x7f0000000580)={r0}, 0x8) sendmmsg$unix(r0, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000140)}, {&(0x7f0000000180)="64190bf9a5f99fcf06865d216a98135c92ac0d2252b2cebc44b8b1576970c7af5023a6832344a988fba7cf10178e95329ac9bc9a8fc117f256b44cf317d4bc3fe756694eb82f79a7e6f0046478a22812cd9a41c5ce7a967c2d46c2ca92f74453d72e088cccae590431446e714007a8cbfd65a133e64105a5d4b33fe16ff064291c62b3b7e18b9bc59448d5f9478babe48bd7dc6e008b87bb09b79eeba4963495eebb189e87520323e865f45b8d5a18ff73a9a3e1bbe31c88c0f6e9a9360fe089dd16c9728754509480c0434db66e5dfb1c131ef7b42c31a513df39aa9318a7f46ef89ae383040aa8a0b4808ab23f6995c1827778def3", 0xf6}, {&(0x7f0000000280)="d86f1506095e8f657be053b117dee57da00010cdaea3857b32d5f863cb41008b50854b2c090cc64af373ee3ad190e18621cda12fb94471cf10f5cb017c0e92ad59346af22a119f62096cdc5a44907b7f7c4cea371bfacee68ddf113b03a367c3ab8b341c3a572355c91176d2c4213d100ef300d52c045c720affe3bfe5212d03aa6e5ce472b13fea83c10cdc8ae7a1cfe8574eb50b3296df02fbba498679c88b80caa7ebb55c5b766a54928a972158ad7e9f76c19fbf787733503db8c534220e8259f2cd65afff37a8e51302cd335663b24f451d76b808645b", 0xd9}, {&(0x7f0000000380)="5610a8082a9bfd4c13f272a121ba38f6d1ce8fc551a34e736fdcaae84fb23bd82742fbbc5aa0134a343a56a269cd88c931e35e81a923b64a951e", 0x3a}], 0x4, &(0x7f00000005c0)=[@rights={{0x30, 0x1, 0x1, [r0, r0, r0, r0, r0, r0, r0, r0]}}, @rights={{0x1c, 0x1, 0x1, [r0, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r1, r2, r3}}}, @rights={{0x28, 0x1, 0x1, [r0, r0, r6, r4, r0, r5]}}, @rights={{0x1c, 0x1, 0x1, [r0, r6, r7]}}], 0xb8, 0x10}}], 0x1, 0x20000801) setsockopt$MRT6_PIM(r0, 0x29, 0xcf, &(0x7f0000000000)=0x4, 0x4) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, 0x1410, 0x10, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x200008c4}, 0x0) mprotect(&(0x7f00002ec000/0x1000)=nil, 0x1000, 0x2000000) 185.752318ms ago: executing program 2 (id=1202): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000180)={@hyper, 0x1}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7cb, &(0x7f0000000100)={&(0x7f0000001080)={{@any, 0xfff}, {@any, 0x5}, 0x400, "4145fdc5fec7663a106cef95c8d86f03d655b82e62dc5204ff06732791d90936bf31f7b4eafad3ed43e8da42de6780edce2e2f941399c9b9002a6a538fc1ebd3e994ce6fa4a67c775c476cdbedebbe34904cbe0d5808cf5892aa1e563f949f38cd2ebaa2c46464183ead798b1af0ba7ad5db77736a5329e7297e674242854f87ef03b0fba724523033529e64be44188740b9e9a0ba6944e9724c4aaa8470ab8d35a1746a1da4dfa2112cb5135d97efae0975e7fa5e421fe7ec12a8bbd7714076b63ddaca822d7c0383ccc4e21b11c8a0443850c05f4bb6716b6ba83016b709b44a9959c44daa717edf6b43f7c235fae47730ff2d435ed29d062451ab74bd9f65d9bf96e1afc645ca2249c89146fc815210d465ca0ede0acbfe1165b15d222ed668b79b14f901178d35e7421637588c887b0f2335ea84a442fc95bbcf0ea3b308ee18d913901cb8f40dd2798e781c4b1c620c23565b5bc18e25c206f772c863c8a8864f460c239033717d41f94fbf13b1d0c7271364bd6d144160e1df33fcb33e5d45a5e7ea4264d089397d7e022c6e1f37a2e464c01b4df6a906d3a46d9432ba1966d73aa0627491e3b3c33bee03ff2138896b64862910f24dbacc3c686e0059ff5915c8b69bce3c4022c5c80d574274d1107c9935898ae444a6c38dbd8319e778e1a86a293094bd98d0ae3ae2c32a4bcb20e0517c03e7b46839f4e3601ff98244ca5485cacbfe53c935cf14038bba908af19834a86b56cf68a7170448a434b55d66c080ea095b02ba4c3f8ba492c9e50111bf1b3085cc0f3938a58609a337e89eba9271ee071a8b9f3ab4ad0fc3c92a48cb6bc63ed74877d8425c88eb40d18c6260d2221dc295d1fa1557cfcfe1cb3a1d61b4b1235e28903ae5a4d3d358f6d3e2c87b110e38aab0fd1ca2c047b3ea826d8cd9b980b3fc64fbf38d0d3fed0057b30612880a3d93aa3e16e1c1902cc8c206d7732f426fbb063b020a03d08e3bcd4ff32c30c8ea424ea0c746e72c23e8d53576cc801bdf82f8bba865074e5dde3177820c24be87b9bd36e30a81d1d50b5aa0628262d46d19060ae37a33aa8e515fed3f8bfdf65ba5f8e11e4d517a50ce03f82bc5b3c8e9b3eb6572f1a686430170ce64bc1a61246fd99b2d8a3215104478eead271fcca07bc66e637d5543ad47147f5ad50cc5a203a37b7d2f67bb0387ae189ee7d5cfc0a421b0f0e6286aaf28a3eadfad1b8c83a26ac0a1d4a3846d93e161c82be100278d94e35fc7b5f1feb833f1b975adb33bec5d777cfbdb2c5fe171e205fd6596b37ba646b9ecb163fabcd89a469f6ad539a80937748105298b0a6364d75c6de3cbcbb96c440d5489f3f47149551e7f53d3a22d837cfb59c3e43f0c95760791ed36ff84ae82a679e4e062461bda5db7c27fb00c3238266734bc7c16d45ce7cd3f0b7e63c309977816048f24"}, 0x418, 0x8}) 116.104369ms ago: executing program 0 (id=1203): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @broadcast}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000600)=@delpolicy={0x5c, 0x14, 0x1, 0x70bd26, 0x25dfdbfd, {{@in6=@loopback, @in6=@private1, 0x4e20, 0x1f5, 0x4e24, 0x0, 0xa, 0xc0, 0x20, 0x2c}, 0x6e6bb5, 0x2}, [@mark={0xc, 0x15, {0x35075c, 0x800}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x820}, 0x4cc00) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) ppoll(&(0x7f0000000540)=[{r0, 0x200}], 0x1, 0x0, 0x0, 0x0) 115.611483ms ago: executing program 2 (id=1204): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000070000000100"], 0x48) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdir(&(0x7f0000000440)='./file1\x00', 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180)) 115.273797ms ago: executing program 1 (id=1205): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x636000, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000300)=[0x0]}) ioctl$DRM_IOCTL_MODE_DIRTYFB(r1, 0xc01864b1, &(0x7f0000000440)={r2, 0x2, 0x4, 0x5, &(0x7f0000000400)=[{0x0, 0x4, 0x9, 0x1}, {0xec4, 0x9, 0x3, 0x6}, {0x3ff, 0x7, 0x0, 0x400}, {0x6, 0x2, 0x9, 0x8}, {0x7, 0x1499, 0xfffb, 0xf9}]}) r3 = accept4$unix(0xffffffffffffffff, &(0x7f0000000200), &(0x7f00000000c0)=0x6e, 0x0) accept$unix(r3, &(0x7f0000000280)=@abs, &(0x7f0000000180)=0x6e) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'hsr0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="680000001000030500000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000008000004800128008000100687372003c000280060005000180000008000100", @ANYRES32=r5, @ANYBLOB="0500060001000000050007000000000005000300df00000008000200", @ANYRES32=r4], 0x68}}, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000140)={0x0, 0x1}) r8 = getpid() syz_pidfd_open(r8, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newtaction={0x94, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x80, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x5a, 0x2, 0x0, 0x0}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x94}}, 0x0) r10 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) preadv(r10, &(0x7f0000001680)=[{&(0x7f0000001600)=""/82, 0x52}], 0x1, 0x9, 0x3) capset(&(0x7f0000000500)={0x19980330, r8}, &(0x7f0000000540)={0x9, 0x116, 0x3, 0xc, 0x7fff, 0x7}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000340)={&(0x7f00000001c0)=[r7, r7], &(0x7f0000000280), 0x3ffffffffffffe6c}) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01864c1, &(0x7f0000000080)={r7}) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r11, 0x5, &(0x7f00000003c0)={0x0, 0x0, 0xb, 0x300}) 0s ago: executing program 2 (id=1206): syz_io_uring_setup(0x8d2, &(0x7f00000001c0)={0x0, 0x54a5, 0x400, 0x1, 0x37a}, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x3, 0x0, 0x0, 0x0, 0x2}}) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/59, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) mmap(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x2000006, 0x20010, r1, 0x8133000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffb2, 0x0, 0x0, 0x10, 0x5}, 0x94) kernel console output (not intermixed with test programs): dm_t tclass=ax25_socket permissive=1 [ 187.622490][ T34] usb 6-1: device descriptor read/64, error -71 [ 187.878113][ T34] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 188.011811][ T34] usb 6-1: device descriptor read/64, error -71 [ 188.123242][ T34] usb usb6-port1: attempt power cycle [ 188.492628][ T7604] netlink: 4 bytes leftover after parsing attributes in process `syz.2.518'. [ 188.498969][ T7604] netlink: 12 bytes leftover after parsing attributes in process `syz.2.518'. [ 188.559658][ T7604] serio: Serial port ptm0 [ 188.563468][ T34] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 188.604322][ T34] usb 6-1: device descriptor read/8, error -71 [ 188.833251][ T7616] tmpfs: Too few inodes for current use [ 188.882700][ T34] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 188.912084][ T34] usb 6-1: device descriptor read/8, error -71 [ 189.033321][ T34] usb usb6-port1: unable to enumerate USB device [ 189.186058][ T5284] Bluetooth: hci3: link tx timeout [ 189.273885][ T7625] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.526'. [ 189.314588][ T7625] netlink: 'syz.3.526': attribute type 2 has an invalid length. [ 189.485633][ T7631] binder_alloc: 7630: pid 7630 spamming oneway? 1 buffers allocated for a total size of 4096 [ 189.512177][ T7631] binder_alloc: 7630: pid 7630 spamming oneway? 2 buffers allocated for a total size of 5120 [ 190.238735][ T7648] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 190.242358][ T7648] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 190.247533][ T7648] vhci_hcd vhci_hcd.0: Device attached [ 190.266518][ T7661] syzkaller0: entered promiscuous mode [ 190.270504][ T7661] syzkaller0: entered allmulticast mode [ 190.298347][ T7658] 9pnet_fd: p9_fd_create_unix (7658): problem connecting socket: ./file0: -111 [ 190.308662][ T7658] JFS: discard option not supported on device [ 190.330777][ T7658] Mount JFS Failure: -5 [ 190.493878][ T5284] Bluetooth: hci3: link tx timeout [ 190.531910][ T6013] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 190.592156][ T6043] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 190.762105][ T5284] Bluetooth: hci3: link tx timeout [ 190.948183][ T6043] usb 5-1: config index 0 descriptor too short (expected 268, got 18) [ 190.975895][ T6043] usb 5-1: config 46 has too many interfaces: 102, using maximum allowed: 32 [ 190.979611][ T6043] usb 5-1: config 46 has an invalid descriptor of length 114, skipping remainder of the config [ 190.986215][ T6043] usb 5-1: config 46 has 0 interfaces, different from the descriptor's value: 102 [ 191.004411][ T6043] usb 5-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 191.010904][ T6043] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.078813][ T7677] fuse: Bad value for 'fd' [ 191.137418][ T7679] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 191.269769][ T7656] usb 37-1: recv xbuf, 0 [ 191.270662][ T6043] usb 5-1: string descriptor 0 read error: -71 [ 191.302107][ T1141] vhci_hcd vhci_hcd.0: stop threads [ 191.307351][ T1141] vhci_hcd vhci_hcd.0: release socket [ 191.311099][ T1141] vhci_hcd vhci_hcd.0: disconnect device [ 191.332631][ T6043] usb 5-1: USB disconnect, device number 6 [ 191.371416][ T6013] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 191.525676][ T7687] netlink: 44 bytes leftover after parsing attributes in process `syz.3.550'. [ 191.791509][ T7691] warning: `syz.1.551' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 192.142475][ T7696] No control pipe specified [ 192.154937][ T5284] Bluetooth: hci3: link tx timeout [ 192.297915][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 192.297935][ T40] audit: type=1400 audit(1770978079.974:474): avc: denied { mount } for pid=7699 comm="syz.1.556" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 192.471524][ T6043] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 192.680357][ T7716] netlink: 32 bytes leftover after parsing attributes in process `syz.3.559'. [ 192.712584][ T6043] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 192.717717][ T6043] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 192.732680][ T6043] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 192.757361][ T6043] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.855173][ T6036] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 192.862414][ T6036] hid-generic 0000:0000:0000.0004: hidraw1: HID v0.00 Device [syz1] on syz0 [ 193.001546][ T6043] usb 7-1: usb_control_msg returned -32 [ 193.034360][ T6043] usbtmc 7-1:16.0: can't read capabilities [ 193.040605][ T7725] No control pipe specified [ 193.066709][ T40] audit: type=1400 audit(1770978080.744:475): avc: denied { getopt } for pid=7717 comm="syz.1.561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 193.066926][ T7719] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 193.121520][ T40] audit: type=1400 audit(1770978080.784:476): avc: denied { setopt } for pid=7717 comm="syz.1.561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 193.236157][ T7719] delete_channel: no stack [ 193.260085][ T5284] Bluetooth: hci3: link tx timeout [ 193.497265][ T6082] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 193.690617][ T6082] usb 5-1: Using ep0 maxpacket: 8 [ 193.697631][ T6082] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.704125][ T6082] usb 5-1: config 0 has no interfaces? [ 193.709138][ T6082] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.716963][ T6082] usb 5-1: config 0 has no interfaces? [ 193.725677][ T6082] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.731774][ T6082] usb 5-1: config 0 has no interfaces? [ 193.738183][ T6082] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 193.745380][ T6082] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.750455][ T6082] usb 5-1: Product: syz [ 193.753508][ T6082] usb 5-1: Manufacturer: syz [ 193.756651][ T6082] usb 5-1: SerialNumber: syz [ 193.771890][ T6082] usb 5-1: config 0 descriptor?? [ 193.869211][ T7739] FAULT_INJECTION: forcing a failure. [ 193.869211][ T7739] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 193.875186][ T7739] CPU: 3 UID: 0 PID: 7739 Comm: syz.3.567 Not tainted syzkaller #0 PREEMPT(full) [ 193.875210][ T7739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.875221][ T7739] Call Trace: [ 193.875229][ T7739] [ 193.875237][ T7739] dump_stack_lvl+0x100/0x190 [ 193.875271][ T7739] should_fail_ex.cold+0x5/0xa [ 193.875289][ T7739] ? page_copy_sane+0x17c/0x2d0 [ 193.875312][ T7739] copy_folio_from_iter_atomic+0x427/0x1e70 [ 193.892125][ T7739] ? simple_xattr_get+0x179/0x1d0 [ 193.892146][ T7739] ? __pfx_copy_folio_from_iter_atomic+0x10/0x10 [ 193.892169][ T7739] ? shmem_write_begin+0x1ba/0x420 [ 193.892190][ T7739] ? __pfx_shmem_write_begin+0x10/0x10 [ 193.892209][ T7739] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 193.892232][ T7739] ? lockdep_hardirqs_on+0x78/0x100 [ 193.892258][ T7739] generic_perform_write+0x4cb/0xa40 [ 193.892283][ T7739] ? __pfx_generic_perform_write+0x10/0x10 [ 193.892305][ T7739] ? file_update_time_flags+0x373/0x500 [ 193.892336][ T7739] shmem_file_write_iter+0x10e/0x140 [ 193.892360][ T7739] vfs_write+0x6ac/0x1070 [ 193.892380][ T7739] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 193.892404][ T7739] ? __pfx_vfs_write+0x10/0x10 [ 193.892439][ T7739] ksys_write+0x12a/0x250 [ 193.892458][ T7739] ? __pfx_ksys_write+0x10/0x10 [ 193.892485][ T7739] do_syscall_64+0x106/0xf80 [ 193.892506][ T7739] ? clear_bhb_loop+0x40/0x90 [ 193.892527][ T7739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.892544][ T7739] RIP: 0033:0x7f356059bf79 [ 193.892561][ T7739] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 193.892577][ T7739] RSP: 002b:00007f356151d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 193.892593][ T7739] RAX: ffffffffffffffda RBX: 00007f3560815fa0 RCX: 00007f356059bf79 [ 193.892604][ T7739] RDX: 0000000000000037 RSI: 0000200000000040 RDI: 0000000000000003 [ 193.892614][ T7739] RBP: 00007f356151d090 R08: 0000000000000000 R09: 0000000000000000 [ 193.892623][ T7739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.892633][ T7739] R13: 00007f3560816038 R14: 00007f3560815fa0 R15: 00007ffe7993d3f8 [ 193.892657][ T7739] [ 193.982819][ T6082] usb 5-1: USB disconnect, device number 7 [ 193.996869][ T6036] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 194.190461][ T40] audit: type=1400 audit(1770978081.864:477): avc: denied { mounton } for pid=7740 comm="syz.3.568" path="/proc/421/task" dev="proc" ino=21660 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 194.255887][ T6036] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 194.260620][ T6036] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.265978][ T6036] usb 6-1: Product: syz [ 194.268628][ T6036] usb 6-1: Manufacturer: syz [ 194.271216][ T6036] usb 6-1: SerialNumber: syz [ 194.482295][ T6035] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 194.494205][ T7735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.500039][ T7735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.508067][ T7735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.533997][ T7735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.552355][ T7735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.567254][ T7735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.577241][ T7735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.590958][ T7735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.649969][ T7735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.658381][ T7735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.671165][ T6036] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 194.681079][ T6036] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 194.712084][ T6036] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 194.765048][ T5284] Bluetooth: hci3: link tx timeout [ 194.772938][ T6036] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71 [ 194.826583][ T6036] usb 6-1: USB disconnect, device number 12 [ 195.295732][ T5284] Bluetooth: hci3: link tx timeout [ 195.320938][ T53] usb 7-1: USB disconnect, device number 9 [ 195.476692][ T7765] autofs: Unknown parameter 'W/ViԨ:[\vb<_ e] [ 195.476692][ T7765] _6䚪t3Nؽɯt' [ 195.531425][ T7771] syz.2.576 uses obsolete (PF_INET,SOCK_PACKET) [ 195.580944][ T40] audit: type=1400 audit(1770978083.244:478): avc: denied { append } for pid=7769 comm="syz.2.576" name="dvr0" dev="devtmpfs" ino=953 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 195.884657][ T40] audit: type=1400 audit(1770978083.564:479): avc: denied { connect } for pid=7787 comm="syz.3.580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 196.334939][ T40] audit: type=1400 audit(1770978083.994:480): avc: denied { append } for pid=7791 comm="syz.2.581" name="pmem0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 196.422650][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 196.425780][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 196.428910][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 196.560949][ T7796] No control pipe specified [ 196.684092][ T7800] overlayfs: missing 'workdir' [ 197.315501][ T5284] Bluetooth: hci3: link tx timeout [ 197.657165][ T5284] Bluetooth: hci2: unexpected event for opcode 0x1004 [ 197.964514][ T5284] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 198.049988][ T5951] Bluetooth: hci3: link tx timeout [ 198.093757][ T7834] netlink: 'syz.3.596': attribute type 3 has an invalid length. [ 198.546110][ T7845] netlink: 'syz.1.599': attribute type 9 has an invalid length. [ 198.566520][ T7845] netlink: 'syz.1.599': attribute type 10 has an invalid length. [ 198.572809][ T7845] bridge_slave_1: left allmulticast mode [ 198.578351][ T7845] bridge_slave_1: left promiscuous mode [ 198.611813][ T7845] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.671133][ T7845] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 199.130665][ T40] audit: type=1400 audit(1770978086.784:481): avc: denied { audit_control } for pid=7857 comm="syz.1.602" capability=30 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 199.205980][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.224166][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.298907][ T7864] FAULT_INJECTION: forcing a failure. [ 199.298907][ T7864] name failslab, interval 1, probability 0, space 0, times 0 [ 199.304200][ T7864] CPU: 0 UID: 0 PID: 7864 Comm: syz.3.605 Not tainted syzkaller #0 PREEMPT(full) [ 199.304225][ T7864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.304235][ T7864] Call Trace: [ 199.304240][ T7864] [ 199.304247][ T7864] dump_stack_lvl+0x100/0x190 [ 199.304300][ T7864] should_fail_ex.cold+0x5/0xa [ 199.304321][ T7864] ? tomoyo_realpath_from_path+0xb6/0x690 [ 199.304354][ T7864] should_failslab+0xc2/0x120 [ 199.304375][ T7864] __kmalloc_noprof+0xe0/0x850 [ 199.304397][ T7864] tomoyo_realpath_from_path+0xb6/0x690 [ 199.304421][ T7864] tomoyo_check_open_permission+0x2af/0x3c0 [ 199.304449][ T7864] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 199.304496][ T7864] ? lock_acquire+0x17c/0x330 [ 199.304520][ T7864] ? find_held_lock+0x2b/0x80 [ 199.304544][ T7864] tomoyo_file_open+0x6b/0x90 [ 199.304567][ T7864] security_file_open+0xb5/0x1e0 [ 199.304587][ T7864] do_dentry_open+0x5aa/0x1660 [ 199.304616][ T7864] vfs_open+0x82/0x3f0 [ 199.304644][ T7864] path_openat+0x208c/0x31a0 [ 199.304676][ T7864] ? __pfx_path_openat+0x10/0x10 [ 199.304708][ T7864] do_file_open+0x20e/0x430 [ 199.304733][ T7864] ? __pfx_do_file_open+0x10/0x10 [ 199.304773][ T7864] ? alloc_fd+0x476/0x790 [ 199.304798][ T7864] ? do_getname+0x191/0x390 [ 199.304816][ T7864] do_sys_openat2+0x10d/0x1e0 [ 199.304842][ T7864] ? __pfx_do_sys_openat2+0x10/0x10 [ 199.304866][ T7864] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 199.304909][ T7864] ? __fget_files+0x21f/0x3d0 [ 199.304936][ T7864] __x64_sys_openat+0x12d/0x210 [ 199.304962][ T7864] ? __pfx___x64_sys_openat+0x10/0x10 [ 199.304986][ T7864] ? ksys_write+0x1ac/0x250 [ 199.305006][ T7864] ? fput+0x79/0x100 [ 199.305030][ T7864] ? __x64_sys_quotactl_fd+0x1ff/0x580 [ 199.305064][ T7864] do_syscall_64+0x106/0xf80 [ 199.305085][ T7864] ? clear_bhb_loop+0x40/0x90 [ 199.305104][ T7864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.305122][ T7864] RIP: 0033:0x7f356059bf79 [ 199.305138][ T7864] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 199.305154][ T7864] RSP: 002b:00007f356151d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 199.305171][ T7864] RAX: ffffffffffffffda RBX: 00007f3560815fa0 RCX: 00007f356059bf79 [ 199.305182][ T7864] RDX: 000000000000275a RSI: 0000200000000080 RDI: ffffffffffffff9c [ 199.305192][ T7864] RBP: 00007f356151d090 R08: 0000000000000000 R09: 0000000000000000 [ 199.305202][ T7864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 199.305212][ T7864] R13: 00007f3560816038 R14: 00007f3560815fa0 R15: 00007ffe7993d3f8 [ 199.305234][ T7864] [ 199.305243][ T7864] ERROR: Out of memory at tomoyo_realpath_from_path. [ 199.351006][ T40] audit: type=1400 audit(1770978087.014:482): avc: denied { create } for pid=7866 comm="syz.2.604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 199.381668][ T5951] Bluetooth: hci3: link tx timeout [ 199.431400][ T40] audit: type=1400 audit(1770978087.084:483): avc: denied { bind } for pid=7866 comm="syz.2.604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 199.684130][ T40] audit: type=1400 audit(1770978087.084:484): avc: denied { listen } for pid=7866 comm="syz.2.604" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 199.799374][ T7872] program syz.1.606 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 200.084794][ T40] audit: type=1804 audit(1770978087.744:485): pid=7876 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.607" name="/newroot/163/file1" dev="fuse" ino=1 res=1 errno=0 [ 200.152878][ T7880] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 200.157221][ T7880] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 200.183098][ T7880] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 200.198927][ T40] audit: type=1400 audit(1770978087.854:486): avc: denied { firmware_load } for pid=7873 comm="syz.3.607" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 200.342040][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 200.838740][ T40] audit: type=1400 audit(1770978088.494:487): avc: denied { create } for pid=7895 comm="syz.1.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 200.886195][ T40] audit: type=1400 audit(1770978088.494:488): avc: denied { getopt } for pid=7895 comm="syz.1.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 200.922580][ T40] audit: type=1400 audit(1770978088.584:489): avc: denied { read } for pid=7897 comm="syz.0.614" path="socket:[20856]" dev="sockfs" ino=20856 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 201.017782][ T40] audit: type=1400 audit(1770978088.684:490): avc: denied { append } for pid=7901 comm="syz.3.613" name="event2" dev="devtmpfs" ino=947 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 201.249058][ T7904] netlink: 'syz.3.617': attribute type 17 has an invalid length. [ 201.282869][ T7904] netlink: 5 bytes leftover after parsing attributes in process `syz.3.617'. [ 201.292671][ T7904] macvtap0: entered allmulticast mode [ 201.302353][ T7904] veth0_macvtap: entered allmulticast mode [ 201.305099][ T7904] A link change request failed with some changes committed already. Interface macvtap0 may have been left with an inconsistent configuration, please check. [ 201.353109][ T6013] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 201.397320][ T6013] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz1] on syz0 [ 201.735285][ T5951] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 201.751945][ T5951] Bluetooth: hci2: Injecting HCI hardware error event [ 201.756298][ T5951] Bluetooth: hci2: hardware error 0x00 [ 202.143896][ T7925] FAULT_INJECTION: forcing a failure. [ 202.143896][ T7925] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 202.163534][ T7925] CPU: 1 UID: 0 PID: 7925 Comm: syz.2.622 Not tainted syzkaller #0 PREEMPT(full) [ 202.163561][ T7925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 202.163572][ T7925] Call Trace: [ 202.163578][ T7925] [ 202.163586][ T7925] dump_stack_lvl+0x100/0x190 [ 202.163622][ T7925] should_fail_ex.cold+0x5/0xa [ 202.163647][ T7925] _copy_to_user+0x32/0xd0 [ 202.163682][ T7925] simple_read_from_buffer+0xcb/0x170 [ 202.163711][ T7925] proc_fail_nth_read+0x1af/0x230 [ 202.163741][ T7925] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 202.163786][ T7925] ? rw_verify_area+0xce/0x6d0 [ 202.163807][ T7925] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 202.163835][ T7925] vfs_read+0x1e4/0xb30 [ 202.163861][ T7925] ? __pfx_vfs_read+0x10/0x10 [ 202.163882][ T7925] ? __fget_files+0x215/0x3d0 [ 202.163912][ T7925] ? __fget_files+0x21f/0x3d0 [ 202.163945][ T7925] ksys_read+0x12a/0x250 [ 202.163966][ T7925] ? __pfx_ksys_read+0x10/0x10 [ 202.163995][ T7925] do_syscall_64+0x106/0xf80 [ 202.164020][ T7925] ? clear_bhb_loop+0x40/0x90 [ 202.164044][ T7925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.164064][ T7925] RIP: 0033:0x7f7cae95c84e [ 202.164081][ T7925] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 202.164096][ T7925] RSP: 002b:00007f7caf76ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 202.164114][ T7925] RAX: ffffffffffffffda RBX: 00007f7caf7706c0 RCX: 00007f7cae95c84e [ 202.164124][ T7925] RDX: 000000000000000f RSI: 00007f7caf7700a0 RDI: 0000000000000004 [ 202.164132][ T7925] RBP: 00007f7caf770090 R08: 0000000000000000 R09: 0000000000000000 [ 202.164144][ T7925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.164153][ T7925] R13: 00007f7caec16038 R14: 00007f7caec15fa0 R15: 00007ffd373b0fe8 [ 202.164176][ T7925] [ 202.664880][ T7934] hfsplus: unable to find HFS+ superblock [ 202.702697][ T7934] cgroup2: Unknown parameter 'perf_event' [ 202.787278][ T7936] binder: BINDER_SET_CONTEXT_MGR already set [ 202.790676][ T7936] binder: 7935:7936 ioctl 4018620d 200000004a80 returned -16 [ 202.999345][ T7946] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 203.472644][ T7960] netlink: 28 bytes leftover after parsing attributes in process `syz.2.634'. [ 203.605828][ T7958] overlayfs: failed to resolve './file0': -2 [ 203.931094][ T7975] netlink: 'syz.2.642': attribute type 1 has an invalid length. [ 204.054152][ T5951] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 204.077145][ T7975] 8021q: adding VLAN 0 to HW filter on device bond1 [ 204.179682][ T7985] netlink: 1624 bytes leftover after parsing attributes in process `syz.1.641'. [ 204.317870][ T7978] bond1: (slave veth3): Enslaving as an active interface with a down link [ 204.336125][ T7982] vlan2: entered allmulticast mode [ 204.347318][ T7982] bond1: entered allmulticast mode [ 204.351384][ T7988] netlink: 'syz.3.644': attribute type 1 has an invalid length. [ 204.361469][ T7982] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 204.437730][ T7988] bond2: entered promiscuous mode [ 204.441851][ T7988] 8021q: adding VLAN 0 to HW filter on device bond2 [ 204.517275][ T7987] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 204.534408][ T7987] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 204.547134][ T7987] bond2: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 204.786192][ T7997] netlink: 12 bytes leftover after parsing attributes in process `syz.1.647'. [ 204.824504][ T7996] overlay: Unknown parameter './file0' [ 204.971213][ T8006] openvswitch: netlink: EtherType 50a is less than min 600 [ 205.340603][ T8023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.654'. [ 205.389848][ T8017] fuse: Bad value for 'fd' [ 205.652589][ T8032] binder_alloc: 8031: pid 8031 spamming oneway? 1 buffers allocated for a total size of 4096 [ 205.666034][ T8032] binder_alloc: 8031: pid 8031 spamming oneway? 2 buffers allocated for a total size of 5120 [ 205.735441][ T8034] serio: Serial port ptm0 [ 205.776310][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 205.776328][ T40] audit: type=1400 audit(1770978093.454:492): avc: denied { read } for pid=8037 comm="syz.2.659" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 205.818330][ C0] hrtimer: interrupt took 18657483 ns [ 205.946175][ T40] audit: type=1400 audit(1770978093.624:493): avc: denied { setopt } for pid=8041 comm="syz.1.661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 206.213007][ T8049] netlink: 4 bytes leftover after parsing attributes in process `syz.3.663'. [ 206.680082][ T8062] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 206.689682][ T8061] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048) [ 206.700188][ T8062] netlink: 24 bytes leftover after parsing attributes in process `syz.3.669'. [ 206.836146][ T8061] netlink: 28 bytes leftover after parsing attributes in process `syz.3.669'. [ 206.840229][ T8061] veth3: entered promiscuous mode [ 206.875678][ T8061] veth3: entered allmulticast mode [ 206.879577][ T8061] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8061 comm=syz.3.669 [ 207.821922][ T8092] FAULT_INJECTION: forcing a failure. [ 207.821922][ T8092] name failslab, interval 1, probability 0, space 0, times 0 [ 207.829945][ T8092] CPU: 3 UID: 0 PID: 8092 Comm: syz.0.678 Not tainted syzkaller #0 PREEMPT(full) [ 207.829967][ T8092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 207.829978][ T8092] Call Trace: [ 207.829985][ T8092] [ 207.829992][ T8092] dump_stack_lvl+0x100/0x190 [ 207.830024][ T8092] should_fail_ex.cold+0x5/0xa [ 207.830044][ T8092] ? tomoyo_encode2+0xfb/0x3c0 [ 207.830062][ T8092] should_failslab+0xc2/0x120 [ 207.830086][ T8092] __kmalloc_noprof+0xe0/0x850 [ 207.830109][ T8092] tomoyo_encode2+0xfb/0x3c0 [ 207.830130][ T8092] tomoyo_encode+0x29/0x50 [ 207.830147][ T8092] tomoyo_realpath_from_path+0x18c/0x690 [ 207.830170][ T8092] tomoyo_path_number_perm+0x23c/0x580 [ 207.830196][ T8092] ? tomoyo_path_number_perm+0x22e/0x580 [ 207.830226][ T8092] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 207.830277][ T8092] ? find_held_lock+0x2b/0x80 [ 207.830298][ T8092] ? __fget_files+0x215/0x3d0 [ 207.830320][ T8092] ? hook_file_ioctl_common+0x146/0x410 [ 207.830348][ T8092] ? __fget_files+0x21f/0x3d0 [ 207.830375][ T8092] security_file_ioctl+0xd3/0x230 [ 207.830393][ T8092] __x64_sys_ioctl+0xb7/0x210 [ 207.830412][ T8092] do_syscall_64+0x106/0xf80 [ 207.830434][ T8092] ? clear_bhb_loop+0x40/0x90 [ 207.830454][ T8092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.830471][ T8092] RIP: 0033:0x7f37e5d9bf79 [ 207.830487][ T8092] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 207.830502][ T8092] RSP: 002b:00007f37e6cec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.830520][ T8092] RAX: ffffffffffffffda RBX: 00007f37e6015fa0 RCX: 00007f37e5d9bf79 [ 207.830530][ T8092] RDX: 0000200000000180 RSI: 00000000c0049364 RDI: 0000000000000003 [ 207.830539][ T8092] RBP: 00007f37e6cec090 R08: 0000000000000000 R09: 0000000000000000 [ 207.830549][ T8092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.830558][ T8092] R13: 00007f37e6016038 R14: 00007f37e6015fa0 R15: 00007ffd919daae8 [ 207.830582][ T8092] [ 207.830602][ T8092] ERROR: Out of memory at tomoyo_realpath_from_path. [ 208.121732][ T8096] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 208.125461][ T8096] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 208.135536][ T8096] vhci_hcd vhci_hcd.0: Device attached [ 208.146226][ T8097] vhci_hcd: connection closed [ 208.147585][ T1142] vhci_hcd vhci_hcd.0: stop threads [ 208.161471][ T1142] vhci_hcd vhci_hcd.0: release socket [ 208.164864][ T1142] vhci_hcd vhci_hcd.0: disconnect device [ 208.519123][ T8110] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 208.664084][ T8116] netlink: 'syz.1.688': attribute type 1 has an invalid length. [ 208.816402][ T8118] netlink: 4 bytes leftover after parsing attributes in process `syz.2.687'. [ 208.824702][ T8125] netlink: 4 bytes leftover after parsing attributes in process `syz.0.690'. [ 208.826317][ T8118] bridge_slave_1: left promiscuous mode [ 208.848482][ T8118] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.977043][ T8118] bridge_slave_0: left allmulticast mode [ 208.980639][ T8118] bridge_slave_0: left promiscuous mode [ 208.984519][ T8118] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.934125][ T8154] No control pipe specified [ 210.034647][ T40] audit: type=1400 audit(1770978097.694:494): avc: denied { ioctl } for pid=8157 comm="syz.3.702" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 210.045910][ T5951] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 210.622986][ T8173] binder: 8172:8173 ioctl 4058534c 200000000240 returned -22 [ 210.801733][ T8174] netlink: 868 bytes leftover after parsing attributes in process `syz.2.705'. [ 210.969524][ T8186] netlink: 4 bytes leftover after parsing attributes in process `syz.3.707'. [ 211.103486][ T40] audit: type=1800 audit(1770978098.764:495): pid=8194 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.711" name="bus" dev="overlay" ino=1055 res=0 errno=0 [ 211.149899][ T8186] bridge_slave_1: left promiscuous mode [ 211.194226][ T8186] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.238360][ T8186] bridge_slave_0: left allmulticast mode [ 211.240792][ T8186] bridge_slave_0: left promiscuous mode [ 211.244656][ T8186] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.315702][ T40] audit: type=1400 audit(1770978098.984:496): avc: denied { getopt } for pid=8195 comm="syz.2.712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 212.322976][ T8219] netlink: 'syz.2.718': attribute type 1 has an invalid length. [ 212.327479][ T8219] netlink: 96 bytes leftover after parsing attributes in process `syz.2.718'. [ 212.352925][ T8219] netlink: 658 bytes leftover after parsing attributes in process `syz.2.718'. [ 212.356161][ T8219] netlink: 1 bytes leftover after parsing attributes in process `syz.2.718'. [ 212.461181][ T8227] autofs: Bad value for 'fd' [ 212.548888][ T8223] kvm: Disabled LAPIC found during irq injection [ 212.574825][ T8231] netlink: 12 bytes leftover after parsing attributes in process `syz.2.724'. [ 212.597300][ T40] audit: type=1400 audit(1770978100.274:497): avc: denied { lock } for pid=8230 comm="syz.2.724" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 212.602934][ T8231] binder: BINDER_SET_CONTEXT_MGR already set [ 212.646763][ T8231] binder: 8230:8231 ioctl 4018620d 200000000040 returned -16 [ 212.902241][ T8234] binder: BINDER_SET_CONTEXT_MGR already set [ 212.914503][ T8234] binder: 8232:8234 ioctl 4018620d 200000000040 returned -16 [ 213.191173][ T8233] mkiss: ax0: crc mode is auto. [ 213.200276][ T8242] serio: Serial port ptm0 [ 213.278752][ T8229] netlink: 'syz.0.723': attribute type 28 has an invalid length. [ 213.389541][ T8251] nfs4: Unknown parameter '' [ 213.670060][ T5951] Bluetooth: hci3: link tx timeout [ 213.959226][ T8260] JFS: discard option not supported on device [ 213.985230][ T40] audit: type=1400 audit(1770978101.644:498): avc: denied { listen } for pid=8259 comm="syz.1.732" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 214.031788][ T8260] Mount JFS Failure: -5 [ 214.107209][ T40] audit: type=1400 audit(1770978101.784:499): avc: denied { execute } for pid=8259 comm="syz.1.732" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=22777 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 214.258541][ T8270] program syz.3.737 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 214.270185][ T8267] netlink: 20 bytes leftover after parsing attributes in process `syz.2.735'. [ 214.351902][ T40] audit: type=1400 audit(1770978102.024:500): avc: denied { setattr } for pid=8266 comm="syz.2.735" name="NETLINK" dev="sockfs" ino=22786 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 214.376286][ T40] audit: type=1400 audit(1770978102.024:501): avc: denied { mount } for pid=8269 comm="syz.1.736" name="/" dev="rpc_pipefs" ino=22480 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 214.415257][ T40] audit: type=1400 audit(1770978102.024:502): avc: denied { mounton } for pid=8269 comm="syz.1.736" path="/190/file0" dev="rpc_pipefs" ino=22480 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=dir permissive=1 [ 214.494687][ T8276] libceph: resolve '0' (ret=-3): failed [ 214.674942][ T5733] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 214.745860][ T8284] faux_driver vgem: [drm] Unknown color mode 127; guessing buffer size. [ 214.758179][ T40] audit: type=1400 audit(1770978102.424:503): avc: denied { map } for pid=8283 comm="syz.3.741" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 214.801748][ T40] audit: type=1400 audit(1770978102.424:504): avc: denied { execute } for pid=8283 comm="syz.3.741" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 214.849928][ T5733] usb 6-1: Using ep0 maxpacket: 16 [ 214.872839][ T5733] usb 6-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 214.895256][ T5733] usb 6-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 214.901902][ T5733] usb 6-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 214.909519][ T5733] usb 6-1: config 1 interface 0 has no altsetting 0 [ 214.923287][ T5733] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 214.935422][ T5733] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.945964][ T5733] usb 6-1: Product: syz [ 214.949254][ T5733] usb 6-1: Manufacturer: syz [ 214.956454][ T5733] usb 6-1: SerialNumber: syz [ 215.189975][ T5733] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 215.258541][ T8292] netlink: 'syz.2.742': attribute type 10 has an invalid length. [ 215.346925][ T8292] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 215.400507][ T5733] usb 6-1: USB disconnect, device number 13 [ 215.435358][ T5733] usblp0: removed [ 215.470547][ T8297] FAULT_INJECTION: forcing a failure. [ 215.470547][ T8297] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 215.489196][ T8297] CPU: 2 UID: 0 PID: 8297 Comm: syz.2.744 Not tainted syzkaller #0 PREEMPT(full) [ 215.489221][ T8297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 215.489231][ T8297] Call Trace: [ 215.489237][ T8297] [ 215.489244][ T8297] dump_stack_lvl+0x100/0x190 [ 215.489276][ T8297] should_fail_ex.cold+0x5/0xa [ 215.489300][ T8297] _copy_to_user+0x32/0xd0 [ 215.489327][ T8297] simple_read_from_buffer+0xcb/0x170 [ 215.489351][ T8297] proc_fail_nth_read+0x1af/0x230 [ 215.489377][ T8297] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 215.489403][ T8297] ? rw_verify_area+0xce/0x6d0 [ 215.489419][ T8297] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 215.489442][ T8297] vfs_read+0x1e4/0xb30 [ 215.489464][ T8297] ? __pfx_vfs_read+0x10/0x10 [ 215.489483][ T8297] ? __fget_files+0x215/0x3d0 [ 215.489512][ T8297] ? __fget_files+0x21f/0x3d0 [ 215.489541][ T8297] ksys_read+0x12a/0x250 [ 215.489603][ T8297] ? __pfx_ksys_read+0x10/0x10 [ 215.489622][ T8297] ? fput+0x79/0x100 [ 215.489645][ T8297] do_syscall_64+0x106/0xf80 [ 215.489665][ T8297] ? clear_bhb_loop+0x40/0x90 [ 215.489685][ T8297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.489701][ T8297] RIP: 0033:0x7f7cae95c84e [ 215.489715][ T8297] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 215.489729][ T8297] RSP: 002b:00007f7caf76ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 215.489744][ T8297] RAX: ffffffffffffffda RBX: 00007f7caf7706c0 RCX: 00007f7cae95c84e [ 215.489754][ T8297] RDX: 000000000000000f RSI: 00007f7caf7700a0 RDI: 0000000000000004 [ 215.489763][ T8297] RBP: 00007f7caf770090 R08: 0000000000000000 R09: 0000000000000000 [ 215.489772][ T8297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.489782][ T8297] R13: 00007f7caec16038 R14: 00007f7caec15fa0 R15: 00007ffd373b0fe8 [ 215.489803][ T8297] [ 215.996170][ T8319] overlay: ./file0 is not a directory [ 216.214702][ T5951] Bluetooth: Frame is too long (len 34, expected len 32) [ 216.219302][ T5951] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 216.224242][ T5951] Bluetooth: Wrong link type (-22) [ 216.229438][ T5951] Bluetooth: Wrong link type (-71) [ 216.239233][ T5951] Bluetooth: hci0: link tx timeout [ 216.247396][ T5951] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 216.460692][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 216.460708][ T40] audit: type=1400 audit(1770978104.134:509): avc: denied { lock } for pid=8331 comm="syz.3.753" path="socket:[22839]" dev="sockfs" ino=22839 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 216.586241][ T40] audit: type=1400 audit(1770978104.264:510): avc: denied { unmount } for pid=5938 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 217.013953][ T8344] xt_policy: output policy not valid in PREROUTING and INPUT [ 217.221803][ T8352] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 217.281812][ T8351] vxlan0: entered promiscuous mode [ 217.284115][ T8351] vxlan0: entered allmulticast mode [ 217.292311][ T1142] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 217.318737][ T1142] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 217.340195][ T1142] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 217.344640][ T1142] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 217.384033][ T40] audit: type=1400 audit(1770978105.064:511): avc: denied { ioctl } for pid=8355 comm="syz.1.760" path="socket:[22874]" dev="sockfs" ino=22874 ioctlcmd=0x5882 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 217.396391][ T8360] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 217.433918][ T8360] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 217.458120][ T8360] vhci_hcd vhci_hcd.0: Device attached [ 217.666743][ T8371] FAULT_INJECTION: forcing a failure. [ 217.666743][ T8371] name failslab, interval 1, probability 0, space 0, times 0 [ 217.678548][ T8371] CPU: 0 UID: 0 PID: 8371 Comm: syz.2.763 Not tainted syzkaller #0 PREEMPT(full) [ 217.678574][ T8371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 217.678584][ T8371] Call Trace: [ 217.678611][ T8371] [ 217.678620][ T8371] dump_stack_lvl+0x100/0x190 [ 217.678663][ T8371] should_fail_ex.cold+0x5/0xa [ 217.678686][ T8371] ? tomoyo_realpath_from_path+0xb6/0x690 [ 217.678717][ T8371] should_failslab+0xc2/0x120 [ 217.678740][ T8371] __kmalloc_noprof+0xe0/0x850 [ 217.678770][ T8371] tomoyo_realpath_from_path+0xb6/0x690 [ 217.678796][ T8371] tomoyo_path_number_perm+0x23c/0x580 [ 217.678821][ T8371] ? tomoyo_path_number_perm+0x22e/0x580 [ 217.678849][ T8371] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 217.678900][ T8371] ? find_held_lock+0x2b/0x80 [ 217.678918][ T8371] ? __fget_files+0x215/0x3d0 [ 217.678939][ T8371] ? hook_file_ioctl_common+0x146/0x410 [ 217.678966][ T8371] ? __fget_files+0x21f/0x3d0 [ 217.678993][ T8371] security_file_ioctl+0xd3/0x230 [ 217.679012][ T8371] __x64_sys_ioctl+0xb7/0x210 [ 217.679032][ T8371] do_syscall_64+0x106/0xf80 [ 217.679069][ T8371] ? clear_bhb_loop+0x40/0x90 [ 217.679090][ T8371] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.679107][ T8371] RIP: 0033:0x7f7cae99bf79 [ 217.679123][ T8371] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 217.679139][ T8371] RSP: 002b:00007f7caf770028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 217.679156][ T8371] RAX: ffffffffffffffda RBX: 00007f7caec15fa0 RCX: 00007f7cae99bf79 [ 217.679167][ T8371] RDX: 0000200000000180 RSI: 00000000c0089364 RDI: 0000000000000003 [ 217.679177][ T8371] RBP: 00007f7caf770090 R08: 0000000000000000 R09: 0000000000000000 [ 217.679187][ T8371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.679196][ T8371] R13: 00007f7caec16038 R14: 00007f7caec15fa0 R15: 00007ffd373b0fe8 [ 217.679219][ T8371] [ 217.679227][ T8371] ERROR: Out of memory at tomoyo_realpath_from_path. [ 217.752325][ T6018] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 217.757959][ T6036] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 217.879148][ T8379] netdevsim netdevsim1: Direct firmware load for . failed with error -2 [ 217.919608][ T8379] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 217.962976][ T8384] xt_hashlimit: size too large, truncated to 1048576 [ 218.067073][ T6036] usb 8-1: config 0 has no interfaces? [ 218.103936][ T6036] usb 8-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 218.117322][ T6036] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.134807][ T6036] usb 8-1: config 0 descriptor?? [ 218.146338][ T8389] autofs: Unknown parameter '0x0000000000000000' [ 218.301771][ T5284] Bluetooth: hci0: command 0x0406 tx timeout [ 218.348232][ T54] usb 8-1: USB disconnect, device number 9 [ 218.373110][ T8361] vhci_hcd: connection closed [ 218.374351][ T1142] vhci_hcd vhci_hcd.3: stop threads [ 218.443516][ T1142] vhci_hcd vhci_hcd.3: release socket [ 218.448099][ T1142] vhci_hcd vhci_hcd.3: disconnect device [ 218.502299][ T6018] usb 43-1: device descriptor read/64, error -71 [ 218.532781][ T8398] netlink: 44 bytes leftover after parsing attributes in process `syz.2.771'. [ 218.572639][ T8400] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.772'. [ 218.738214][ T6018] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 219.038182][ T8406] netlink: 14 bytes leftover after parsing attributes in process `syz.2.774'. [ 219.351965][ T6036] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 219.382834][ T6036] hid-generic 0000:0000:0000.0006: hidraw1: HID v0.00 Device [syz1] on syz0 [ 220.045191][ T40] audit: type=1400 audit(1770978107.724:512): avc: denied { bind } for pid=8432 comm="syz.2.784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 220.061623][ T40] audit: type=1400 audit(1770978107.724:513): avc: denied { name_bind } for pid=8432 comm="syz.2.784" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 220.082320][ T40] audit: type=1400 audit(1770978107.724:514): avc: denied { node_bind } for pid=8432 comm="syz.2.784" saddr=ff01::1 src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 220.101405][ T40] audit: type=1400 audit(1770978107.724:515): avc: denied { write } for pid=8432 comm="syz.2.784" path="socket:[23870]" dev="sockfs" ino=23870 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 220.153143][ T8440] netlink: 28 bytes leftover after parsing attributes in process `syz.0.786'. [ 220.452601][ T8450] netlink: 'syz.0.790': attribute type 10 has an invalid length. [ 220.452625][ T8450] netlink: 32 bytes leftover after parsing attributes in process `syz.0.790'. [ 220.452931][ T8457] binder_alloc: 8456: pid 8456 spamming oneway? 1 buffers allocated for a total size of 4096 [ 220.453306][ T8457] binder_alloc: 8456: pid 8456 spamming oneway? 2 buffers allocated for a total size of 5120 [ 220.579623][ T8460] netlink: 16 bytes leftover after parsing attributes in process `syz.3.793'. [ 220.580469][ T8460] max out of range [ 220.593885][ T40] audit: type=1400 audit(1770978108.254:516): avc: denied { mount } for pid=8458 comm="syz.3.793" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 220.594019][ T40] audit: type=1400 audit(1770978108.254:517): avc: denied { remount } for pid=8458 comm="syz.3.793" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 220.683480][ T8460] xt_l2tp: wrong L2TP version: 0 [ 220.800526][ T40] audit: type=1400 audit(1770978108.454:518): avc: denied { unmount } for pid=5940 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 220.890307][ T8470] binder: 8469:8470 unknown command 1077961712 [ 220.894672][ T8470] binder: 8469:8470 ioctl c0306201 200000004a40 returned -22 [ 221.052094][ T6036] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 221.212323][ T6036] usb 7-1: Using ep0 maxpacket: 8 [ 221.221816][ T6036] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.228430][ T6036] usb 7-1: config 0 has no interfaces? [ 221.233182][ T6036] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.239670][ T6036] usb 7-1: config 0 has no interfaces? [ 221.311428][ T6036] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.318637][ T6036] usb 7-1: config 0 has no interfaces? [ 221.421855][ T6036] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 221.428432][ T6036] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.434129][ T6036] usb 7-1: Product: syz [ 221.436393][ T6036] usb 7-1: Manufacturer: syz [ 221.441729][ T6036] usb 7-1: SerialNumber: syz [ 221.449302][ T6036] usb 7-1: config 0 descriptor?? [ 221.506527][ T8482] netlink: 'syz.0.801': attribute type 1 has an invalid length. [ 221.578356][ T8482] 8021q: adding VLAN 0 to HW filter on device bond1 [ 221.595120][ T8485] vlan2: entered promiscuous mode [ 221.598864][ T8485] gretap0: entered promiscuous mode [ 221.602253][ T8485] vlan2: entered allmulticast mode [ 221.607018][ T8485] gretap0: entered allmulticast mode [ 221.682235][ T8482] bond1: (slave bridge1): making interface the new active one [ 221.702726][ T8482] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 221.705799][ T6036] usb 7-1: USB disconnect, device number 10 [ 221.800219][ T8487] binder: 8486:8487 ioctl c018620c 2000000000c0 returned -22 [ 221.969210][ T40] audit: type=1400 audit(1770978109.644:519): avc: denied { read } for pid=8490 comm="syz.1.804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 221.984291][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.3.805'. [ 222.329456][ T8500] gfs2: error -5 reading superblock [ 223.254920][ T6043] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 223.265322][ T8516] netlink: 8 bytes leftover after parsing attributes in process `syz.3.813'. [ 223.455310][ T6043] usb 5-1: Using ep0 maxpacket: 16 [ 223.459284][ T6043] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 223.475057][ T6043] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 223.478805][ T6043] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 223.491568][ T6043] usb 5-1: config 1 interface 0 has no altsetting 0 [ 223.535356][ T6043] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 223.553859][ T6043] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.556689][ T6043] usb 5-1: Product: syz [ 223.558724][ T6043] usb 5-1: Manufacturer: syz [ 223.560547][ T6043] usb 5-1: SerialNumber: syz [ 223.589732][ T6037] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 223.733729][ T8533] block nbd2: NBD_DISCONNECT [ 223.762250][ T6037] usb 8-1: Using ep0 maxpacket: 8 [ 223.776341][ T6037] usb 8-1: config 0 has no interfaces? [ 223.780504][ T6037] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 223.782990][ T6043] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 223.819214][ T6037] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.858994][ T6037] usb 8-1: config 0 descriptor?? [ 223.986961][ T6037] usb 5-1: USB disconnect, device number 8 [ 223.998366][ T6037] usblp0: removed [ 224.411230][ T8554] netlink: 8 bytes leftover after parsing attributes in process `syz.2.821'. [ 224.571449][ T8559] vxfs: unable to read disk superblock at 1 [ 224.585529][ T8559] vxfs: unable to read disk superblock at 8 [ 224.596566][ T8559] vxfs: can't find superblock. [ 225.215266][ T8585] netlink: 8 bytes leftover after parsing attributes in process `syz.0.826'. [ 225.447057][ T8582] mkiss: ax0: crc mode is auto. [ 225.533905][ T6043] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 225.658308][ T8600] binder: BINDER_SET_CONTEXT_MGR already set [ 225.660590][ T8600] binder: 8599:8600 ioctl 4018620d 200000004a80 returned -16 [ 225.700949][ T6043] usb 5-1: Using ep0 maxpacket: 16 [ 225.717366][ T6043] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 225.718868][ T8600] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 225.758537][ T8600] batman_adv: batadv0: Adding interface: gretap1 [ 225.761445][ T8600] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 225.777711][ T6043] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.788323][ T6043] usb 5-1: Product: syz [ 225.791147][ T8600] batman_adv: batadv0: Interface activated: gretap1 [ 225.810943][ T6043] usb 5-1: Manufacturer: syz [ 225.841679][ T6043] usb 5-1: SerialNumber: syz [ 225.875053][ T8606] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 225.877938][ T8606] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 225.881738][ T8606] vhci_hcd vhci_hcd.0: Device attached [ 225.890169][ T6043] r8152-cfgselector 5-1: Unknown version 0x0000 [ 225.893197][ T6043] r8152-cfgselector 5-1: config 0 descriptor?? [ 225.905369][ T40] audit: type=1400 audit(1770978113.534:520): avc: denied { read } for pid=8601 comm="syz.2.829" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 226.019225][ T40] audit: type=1400 audit(1770978113.674:521): avc: denied { mount } for pid=8599 comm="syz.1.828" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 226.130286][ T6043] r8152-cfgselector 5-1: Unknown version 0x0000 [ 226.133686][ T6043] r8152-cfgselector 5-1: bad CDC descriptors [ 226.158352][ T5733] usb 41-1: new low-speed USB device number 5 using vhci_hcd [ 226.159391][ T6043] r8152-cfgselector 5-1: USB disconnect, device number 9 [ 226.160465][ T6036] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 226.305631][ T54] usb 8-1: USB disconnect, device number 10 [ 226.309028][ T6036] usb 7-1: config 41 has 0 interfaces, different from the descriptor's value: 2 [ 226.367175][ T6036] usb 7-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 226.421708][ T6036] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.653555][ T8622] netlink: 164 bytes leftover after parsing attributes in process `syz.3.833'. [ 226.657600][ T40] audit: type=1400 audit(1770978114.334:522): avc: denied { nlmsg_read } for pid=8621 comm="syz.3.833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 226.665229][ T8608] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 4 [ 226.694518][ T6036] usb 7-1: string descriptor 0 read error: -71 [ 226.735650][ T8625] sctp: [Deprecated]: syz.0.835 (pid 8625) Use of int in max_burst socket option. [ 226.735650][ T8625] Use struct sctp_assoc_value instead [ 226.747319][ T46] vhci_hcd vhci_hcd.2: stop threads [ 226.762862][ T6036] usb 7-1: USB disconnect, device number 11 [ 226.766875][ T46] vhci_hcd vhci_hcd.2: release socket [ 226.771578][ T46] vhci_hcd vhci_hcd.2: disconnect device [ 227.293123][ T8639] netlink: 32 bytes leftover after parsing attributes in process `syz.2.839'. [ 227.302585][ T53] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 227.325204][ T53] hid-generic 0000:0000:0000.0007: hidraw1: HID v0.00 Device [syz1] on syz0 [ 228.034477][ T8656] binder_alloc: 8655: pid 8655 spamming oneway? 1 buffers allocated for a total size of 4096 [ 228.044075][ T8656] binder_alloc: 8655: pid 8655 spamming oneway? 2 buffers allocated for a total size of 5120 [ 228.551620][ T40] audit: type=1400 audit(1770978116.224:523): avc: denied { bind } for pid=8670 comm="syz.3.847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 228.899283][ T8683] netlink: 4 bytes leftover after parsing attributes in process `syz.3.849'. [ 229.001035][ T40] audit: type=1400 audit(1770978116.674:524): avc: denied { read } for pid=8682 comm="syz.1.850" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 229.708264][ T40] audit: type=1400 audit(1770978117.384:525): avc: denied { setopt } for pid=8711 comm="syz.1.859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 230.185251][ T8726] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 230.185251][ T8726] program syz.3.866 not setting count and/or reply_len properly [ 230.335480][ T6018] hid-generic 00A0:0086:0003.0008: unknown main item tag 0x0 [ 230.357694][ T40] audit: type=1400 audit(1770978118.024:526): avc: denied { ioctl } for pid=8734 comm="syz.2.869" path="/dev/uhid" dev="devtmpfs" ino=1296 ioctlcmd=0x9413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 230.425930][ T6018] hid-generic 00A0:0086:0003.0008: unknown main item tag 0x0 [ 230.434793][ T6018] hid-generic 00A0:0086:0003.0008: unknown main item tag 0x0 [ 230.438881][ T6018] hid-generic 00A0:0086:0003.0008: unknown main item tag 0x0 [ 230.445787][ T8743] veth0: entered promiscuous mode [ 230.476498][ T6018] hid-generic 00A0:0086:0003.0008: unknown main item tag 0x0 [ 230.489170][ T8735] netlink: 'syz.2.869': attribute type 1 has an invalid length. [ 230.514049][ T6018] hid-generic 00A0:0086:0003.0008: unknown main item tag 0x0 [ 230.514075][ T6018] hid-generic 00A0:0086:0003.0008: unknown main item tag 0x0 [ 230.542842][ T6018] hid-generic 00A0:0086:0003.0008: unknown main item tag 0x0 [ 230.581414][ T6018] hid-generic 00A0:0086:0003.0008: unknown main item tag 0x0 [ 230.601228][ T8752] netlink: 28 bytes leftover after parsing attributes in process `syz.3.872'. [ 230.662221][ T6018] hid-generic 00A0:0086:0003.0008: hidraw1: HID v0.05 Device [syz1] on syz0 [ 230.729816][ T8735] 8021q: adding VLAN 0 to HW filter on device bond3 [ 230.887641][ T8750] bond3: (slave veth0_to_bond): making interface the new active one [ 230.888371][ T40] audit: type=1400 audit(1770978118.564:527): avc: denied { create } for pid=8734 comm="syz.2.869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 230.931014][ T8750] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 230.942237][ T40] audit: type=1400 audit(1770978118.564:528): avc: denied { write } for pid=8734 comm="syz.2.869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 230.942283][ T40] audit: type=1400 audit(1770978118.564:529): avc: denied { read } for pid=8734 comm="syz.2.869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 230.942322][ T40] audit: type=1400 audit(1770978118.564:530): avc: denied { ioctl } for pid=8734 comm="syz.2.869" path="socket:[23407]" dev="sockfs" ino=23407 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 231.002949][ T40] audit: type=1400 audit(1770978118.664:531): avc: denied { ioctl } for pid=8746 comm="syz.3.872" path="/dev/dri/card1" dev="devtmpfs" ino=636 ioctlcmd=0x64bc scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 231.084683][ T8735] ip6gre0: entered promiscuous mode [ 231.099883][ T40] audit: type=1400 audit(1770978118.764:532): avc: denied { read write } for pid=5938 comm="syz-executor" name="loop1" dev="devtmpfs" ino=659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 231.199696][ T8743] veth0: left promiscuous mode [ 231.237813][ T8762] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 231.241548][ T5733] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 231.388975][ T8766] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 231.401155][ T8766] qnx6: wrong signature (magic) in superblock #1. [ 231.408353][ T8766] qnx6: unable to read the first superblock [ 231.814453][ T8779] netlink: 8 bytes leftover after parsing attributes in process `syz.3.882'. [ 231.832804][ T1141] bond0: (slave bond_slave_0): interface is now down [ 231.843664][ T1141] bond0: (slave bond_slave_1): interface is now down [ 231.908120][ T8779] : renamed from vlan0 [ 231.981493][ T1799] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 231.984238][ T13] bond0: (slave bond_slave_0): interface is now down [ 232.006235][ T13] bond0: (slave bond_slave_1): interface is now down [ 232.013957][ T13] bond0: now running without any active interface! [ 232.163598][ T1799] usb 5-1: Using ep0 maxpacket: 16 [ 232.187268][ T1799] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 232.190931][ T1799] usb 5-1: can't read configurations, error -61 [ 232.249151][ T8803] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 232.306200][ T6013] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 232.329105][ T1799] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 232.539252][ T6013] usb 7-1: Using ep0 maxpacket: 8 [ 232.549790][ T6013] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 232.553972][ T6013] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 232.571669][ T1799] usb 5-1: Using ep0 maxpacket: 16 [ 232.584836][ T6013] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 232.609443][ T1799] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 232.616280][ T1799] usb 5-1: can't read configurations, error -61 [ 232.620829][ T1799] usb usb5-port1: attempt power cycle [ 232.625607][ T6013] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 232.638558][ T6013] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 232.654993][ T6013] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 232.662821][ T8812] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 232.667523][ T6013] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.681459][ T8812] overlayfs: missing 'lowerdir' [ 232.888016][ T6013] usb 7-1: GET_CAPABILITIES returned 0 [ 232.890449][ T6013] usbtmc 7-1:16.0: can't read capabilities [ 232.947110][ T8819] overlayfs: failed to resolve './file1': -2 [ 232.982760][ T1799] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 233.046366][ T1799] usb 5-1: Using ep0 maxpacket: 16 [ 233.055956][ T1799] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 233.059592][ T1799] usb 5-1: can't read configurations, error -61 [ 233.168514][ T5951] Bluetooth: hci0: unexpected event for opcode 0x2028 [ 233.201937][ T1799] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 233.255116][ T1799] usb 5-1: Using ep0 maxpacket: 16 [ 233.264223][ T1799] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 233.301818][ T1799] usb 5-1: can't read configurations, error -61 [ 233.339100][ T1799] usb usb5-port1: unable to enumerate USB device [ 233.482148][ T8834] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 233.501548][ T8834] CIFS mount error: No usable UNC path provided in device string! [ 233.501548][ T8834] [ 233.508315][ T8834] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 233.524753][ T6018] usb 7-1: USB disconnect, device number 12 [ 233.783697][ T40] kauditd_printk_skb: 84 callbacks suppressed [ 233.783713][ T40] audit: type=1400 audit(1770978121.464:617): avc: denied { write } for pid=8839 comm="syz.1.899" name="demux0" dev="devtmpfs" ino=952 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 233.817640][ T40] audit: type=1400 audit(1770978121.464:618): avc: denied { open } for pid=8839 comm="syz.1.899" path="/dev/dvb/adapter0/demux0" dev="devtmpfs" ino=952 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 233.828899][ T40] audit: type=1400 audit(1770978121.464:619): avc: denied { ioctl } for pid=8839 comm="syz.1.899" path="/dev/dvb/adapter0/demux0" dev="devtmpfs" ino=952 ioctlcmd=0x6f2c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 233.843276][ T40] audit: type=1400 audit(1770978121.464:620): avc: denied { bind } for pid=8839 comm="syz.1.899" lport=136 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 233.856591][ T40] audit: type=1400 audit(1770978121.464:621): avc: denied { name_bind } for pid=8839 comm="syz.1.899" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 233.869965][ T40] audit: type=1400 audit(1770978121.464:622): avc: denied { node_bind } for pid=8839 comm="syz.1.899" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 233.884681][ T40] audit: type=1400 audit(1770978121.494:623): avc: denied { sqpoll } for pid=8841 comm="syz.3.900" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 233.896817][ T40] audit: type=1400 audit(1770978121.534:624): avc: denied { module_request } for pid=8844 comm="syz.1.901" kmod="net-pf-10-proto-58-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 234.084493][ T40] audit: type=1400 audit(1770978121.744:625): avc: denied { append } for pid=8841 comm="syz.3.900" name="dlm-control" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 234.150074][ T40] audit: type=1400 audit(1770978121.774:626): avc: denied { create } for pid=8844 comm="syz.1.901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 234.380290][ T8853] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 234.414154][ T8853] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 234.438021][ T8853] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 234.747521][ T8842] syz.3.900 (8842): drop_caches: 2 [ 234.939273][ T5951] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 234.965836][ T8863] No control pipe specified [ 235.069228][ T8860] virtio-pci 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 235.081547][ T8865] netlink: 'syz.0.907': attribute type 1 has an invalid length. [ 235.184741][ T8865] binder: Bad value for 'max' [ 235.186526][ T8870] netlink: 32 bytes leftover after parsing attributes in process `syz.3.905'. [ 235.222591][ T8870] netlink: 20 bytes leftover after parsing attributes in process `syz.3.905'. [ 235.432841][ T8875] netlink: 'syz.0.909': attribute type 22 has an invalid length. [ 235.436473][ T8875] netlink: 4 bytes leftover after parsing attributes in process `syz.0.909'. [ 235.512446][ T1141] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 235.528847][ T8875] netlink: 'syz.0.909': attribute type 22 has an invalid length. [ 235.531473][ T1141] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 235.555767][ T8875] netlink: 4 bytes leftover after parsing attributes in process `syz.0.909'. [ 235.574312][ T1141] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 235.583586][ T1141] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 235.629873][ T5733] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 235.703280][ T8880] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 235.722698][ T8880] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 235.733607][ T8880] vhci_hcd vhci_hcd.0: Device attached [ 235.800372][ T6035] hid_parser_main: 10 callbacks suppressed [ 235.800391][ T6035] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 235.810634][ T5733] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 235.815570][ T6035] hid-generic 0000:0000:0000.0009: hidraw1: HID v0.00 Device [syz1] on syz0 [ 235.817529][ T5733] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 235.882086][ T5733] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 235.898411][ T5733] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.002120][ T6035] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 236.031697][ T53] usb 37-1: new low-speed USB device number 3 using vhci_hcd [ 236.150461][ T5733] usb 7-1: usb_control_msg returned -32 [ 236.156642][ T5733] usbtmc 7-1:16.0: can't read capabilities [ 236.174359][ T6035] usb 5-1: config 0 has no interfaces? [ 236.187169][ T6035] usb 5-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 236.200062][ T6035] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.231006][ T6035] usb 5-1: config 0 descriptor?? [ 236.535642][ T8882] usbip_core: unknown command [ 236.538211][ T8882] vhci_hcd: unknown pdu 100663296 [ 236.548373][ T8882] usbip_core: unknown command [ 236.552624][ T60] vhci_hcd vhci_hcd.0: stop threads [ 236.556077][ T60] vhci_hcd vhci_hcd.0: release socket [ 236.559937][ T60] vhci_hcd vhci_hcd.0: disconnect device [ 236.590572][ T8893] ISOFS: Unable to identify CD-ROM format. [ 236.703470][ T1799] usb 5-1: USB disconnect, device number 14 [ 236.881962][ T8898] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 236.890286][ T5951] Bluetooth: hci0: Ignoring connect complete event for invalid link type [ 237.020096][ T8900] overlayfs: failed to resolve './file1': -2 [ 237.132107][ T5951] Bluetooth: hci0: command 0x0406 tx timeout [ 237.415954][ T8905] fuse: Bad value for 'group_id' [ 237.420082][ T8905] fuse: Bad value for 'group_id' [ 237.923661][ T8926] overlayfs: failed to resolve './file0': -2 [ 238.178121][ T8930] binder_alloc: 8929: pid 8929 spamming oneway? 1 buffers allocated for a total size of 4096 [ 238.183710][ T8930] binder_alloc: 8929: pid 8929 spamming oneway? 2 buffers allocated for a total size of 5120 [ 238.392018][ T34] usb 7-1: USB disconnect, device number 13 [ 238.534177][ T8935] SELinux: Context system_u:object_r:unconfined_execmem_exec_t:s0 is not valid (left unmapped). [ 238.938924][ T8949] overlayfs: failed to resolve './file0': -2 [ 238.988382][ T8932] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.247684][ T8959] serio: Serial port ptm0 [ 239.264986][ T40] kauditd_printk_skb: 64 callbacks suppressed [ 239.265001][ T40] audit: type=1400 audit(1770978126.944:691): avc: denied { mount } for pid=8956 comm="syz.0.935" name="/" dev="9p" ino=72614017 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 239.309263][ T40] audit: type=1400 audit(1770978126.984:692): avc: denied { write } for pid=8956 comm="syz.0.935" name="file0" dev="9p" ino=72614041 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 239.328512][ T40] audit: type=1400 audit(1770978126.984:693): avc: denied { open } for pid=8956 comm="syz.0.935" path="/214/file0/file0" dev="9p" ino=72614041 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 239.381650][ T40] audit: type=1400 audit(1770978127.044:694): avc: denied { read } for pid=8956 comm="syz.0.935" name="file0" dev="9p" ino=72614041 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 239.534054][ T8932] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 239.573432][ T8932] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 239.614797][ T40] audit: type=1400 audit(1770978127.294:695): avc: denied { getopt } for pid=8963 comm="syz.2.937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 239.706047][ T8970] netlink: 'syz.3.938': attribute type 3 has an invalid length. [ 239.808429][ T40] audit: type=1400 audit(1770978127.494:696): avc: denied { lock } for pid=8969 comm="syz.3.938" path="socket:[26849]" dev="sockfs" ino=26849 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 239.820879][ T8970] Bluetooth: MGMT ver 1.23 [ 239.882891][ T8970] binder: BINDER_SET_CONTEXT_MGR already set [ 239.886889][ T40] audit: type=1400 audit(1770978127.564:697): avc: denied { execute_no_trans } for pid=8969 comm="syz.3.938" path="/256/file2" dev="tmpfs" ino=1445 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 239.898074][ T8970] binder: 8969:8970 ioctl 4018620d 2000000002c0 returned -16 [ 239.940384][ T40] audit: type=1400 audit(1770978127.564:698): avc: denied { create } for pid=8969 comm="syz.3.938" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 239.949210][ T40] audit: type=1400 audit(1770978127.604:699): avc: denied { unlink } for pid=5940 comm="syz-executor" name="file0" dev="tmpfs" ino=1446 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 240.260034][ T8932] batman_adv: batadv0: Interface deactivated: gretap1 [ 240.341467][ T1147] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.357780][ T1147] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.371928][ T8986] overlayfs: failed to resolve './file0': -2 [ 240.394477][ T40] audit: type=1400 audit(1770978128.074:700): avc: denied { unmount } for pid=5939 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 240.414588][ T1147] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.471731][ T1147] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.616055][ T8993] ip6t_srh: unknown srh invflags 51E8 [ 240.756578][ T8996] delete_channel: no stack [ 240.815556][ T9001] CIFS mount error: No usable UNC path provided in device string! [ 240.815556][ T9001] [ 240.820563][ T9001] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 241.106996][ T9006] netlink: 24 bytes leftover after parsing attributes in process `syz.0.944'. [ 241.151400][ T6013] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 241.175622][ T53] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 241.381588][ T6013] usb 7-1: Using ep0 maxpacket: 8 [ 241.392761][ T6013] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 241.398880][ T6013] usb 7-1: config 0 has no interfaces? [ 241.428975][ T6013] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 241.461815][ T6013] usb 7-1: config 0 has no interfaces? [ 241.473170][ T6013] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 241.491340][ T6013] usb 7-1: config 0 has no interfaces? [ 241.598506][ T6013] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 241.602637][ T6013] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.646034][ T6013] usb 7-1: Product: syz [ 241.648265][ T6013] usb 7-1: Manufacturer: syz [ 241.656849][ T6013] usb 7-1: SerialNumber: syz [ 241.668709][ T6013] usb 7-1: config 0 descriptor?? [ 241.911523][ T6013] usb 7-1: USB disconnect, device number 14 [ 242.375717][ T9028] overlayfs: missing 'lowerdir' [ 242.783010][ T9036] veth0_to_team: entered promiscuous mode [ 242.792700][ T9036] veth0_to_team: left promiscuous mode [ 242.969030][ T9041] FAULT_INJECTION: forcing a failure. [ 242.969030][ T9041] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 242.990132][ T9041] CPU: 1 UID: 0 PID: 9041 Comm: syz.2.963 Not tainted syzkaller #0 PREEMPT(full) [ 242.990156][ T9041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 242.990168][ T9041] Call Trace: [ 242.990178][ T9041] [ 242.990186][ T9041] dump_stack_lvl+0x100/0x190 [ 242.990239][ T9041] should_fail_ex.cold+0x5/0xa [ 242.990265][ T9041] _copy_from_user+0x2e/0xd0 [ 242.990305][ T9041] kstrtouint_from_user+0xd6/0x1d0 [ 242.990324][ T9041] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 242.990342][ T9041] ? __lock_acquire+0x4a5/0x2630 [ 242.990374][ T9041] ? lock_acquire+0x17c/0x330 [ 242.990410][ T9041] proc_fail_nth_write+0x83/0x220 [ 242.990439][ T9041] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 242.990471][ T9041] vfs_write+0x2aa/0x1070 [ 242.990495][ T9041] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 242.990526][ T9041] ? __pfx_vfs_write+0x10/0x10 [ 242.990549][ T9041] ? __fget_files+0x215/0x3d0 [ 242.990578][ T9041] ? __fget_files+0x21f/0x3d0 [ 242.990609][ T9041] ksys_write+0x12a/0x250 [ 242.990627][ T9041] ? __pfx_ksys_write+0x10/0x10 [ 242.990648][ T9041] ? fput+0x79/0x100 [ 242.990674][ T9041] do_syscall_64+0x106/0xf80 [ 242.990711][ T9041] ? clear_bhb_loop+0x40/0x90 [ 242.990734][ T9041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.990752][ T9041] RIP: 0033:0x7f7cae95c84e [ 242.990767][ T9041] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 242.990782][ T9041] RSP: 002b:00007f7caf76ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 242.990800][ T9041] RAX: ffffffffffffffda RBX: 00007f7caf7706c0 RCX: 00007f7cae95c84e [ 242.990811][ T9041] RDX: 0000000000000001 RSI: 00007f7caf7700a0 RDI: 0000000000000004 [ 242.990821][ T9041] RBP: 00007f7caf770090 R08: 0000000000000000 R09: 0000000000000000 [ 242.990830][ T9041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.990840][ T9041] R13: 00007f7caec16038 R14: 00007f7caec15fa0 R15: 00007ffd373b0fe8 [ 242.990861][ T9041] [ 243.283608][ T9057] CIFS mount error: No usable UNC path provided in device string! [ 243.283608][ T9057] [ 243.301810][ T9057] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 243.468122][ T9063] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 243.471762][ T9065] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 243.702306][ T9073] fuse: Bad value for 'fd' [ 243.734597][ T9074] KVM: debugfs: duplicate directory 9074-6 [ 244.458809][ T5951] Bluetooth: hci0: command 0x0406 tx timeout [ 244.542948][ T40] kauditd_printk_skb: 40 callbacks suppressed [ 244.542964][ T40] audit: type=1400 audit(1770978132.164:741): avc: denied { append } for pid=9091 comm="syz.0.982" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 244.638130][ T40] audit: type=1400 audit(1770978132.164:742): avc: denied { ioctl } for pid=9091 comm="syz.0.982" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 244.723730][ T40] audit: type=1400 audit(1770978132.224:743): avc: denied { setopt } for pid=9093 comm="syz.3.984" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 244.764724][ T9103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.985'. [ 244.782917][ T9103] netlink: 24 bytes leftover after parsing attributes in process `syz.0.985'. [ 244.791021][ T9103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.985'. [ 244.794852][ T5284] Bluetooth: hci3: link tx timeout [ 244.798789][ T5284] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 244.803877][ T5284] Bluetooth: hci3: link tx timeout [ 244.835733][ T9103] netlink: 24 bytes leftover after parsing attributes in process `syz.0.985'. [ 245.015257][ T40] audit: type=1400 audit(1770978132.694:744): avc: denied { add_name } for pid=9093 comm="syz.3.984" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 245.015754][ T9105] macvlan0: entered allmulticast mode [ 245.031480][ T40] audit: type=1400 audit(1770978132.694:745): avc: denied { ioctl } for pid=9104 comm="syz.1.987" path="socket:[27020]" dev="sockfs" ino=27020 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 245.076733][ T9105] pim6reg: entered allmulticast mode [ 245.105846][ T40] audit: type=1400 audit(1770978132.694:746): avc: denied { create } for pid=9093 comm="syz.3.984" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 245.106334][ T9105] macvlan0 (unregistering): left allmulticast mode [ 245.130110][ T40] audit: type=1400 audit(1770978132.694:747): avc: denied { associate } for pid=9093 comm="syz.3.984" name="cpuset.effective_cpus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 245.213666][ T40] audit: type=1400 audit(1770978132.754:748): avc: denied { create } for pid=9106 comm="syz.0.986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 245.220857][ T40] audit: type=1400 audit(1770978132.864:749): avc: denied { write } for pid=9106 comm="syz.0.986" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 245.247124][ T40] audit: type=1400 audit(1770978132.924:750): avc: denied { append } for pid=9093 comm="syz.3.984" path="/273/file0/cpuset.effective_cpus" dev="9p" ino=72614243 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 245.276726][ T9109] fuse: Unknown parameter 'ser_id' [ 245.395032][ T9112] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 245.415459][ T9112] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 245.419356][ T9112] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 245.754789][ T9118] binder: 9117:9118 ioctl 8983 200000000100 returned -22 [ 245.865408][ T9127] netlink: 44 bytes leftover after parsing attributes in process `syz.3.984'. [ 245.987425][ T9130] SELinux: policydb magic number 0x8000 does not match expected magic number 0xf97cff8c [ 245.991127][ T9130] SELinux: failed to load policy [ 246.615580][ T5284] Bluetooth: hci0: command 0x0406 tx timeout [ 246.689936][ T9144] iommufd_mock iommufd_mock0: Adding to iommu group 9 bic $&p%@ $@  [ 246.871355][ T5951] Bluetooth: hci3: command 0x0406 tx timeout /dev/fusefd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=00000000000000000000P)HL  [ 247.284747][ T9156] overlayfs: failed to resolve './file1': -2 ./file0/file0./file0[ 247.901487][ T1799] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 247.948237][ T9162] fuse: Bad value for 'group_id' [ 247.950516][ T9162] fuse: Bad value for 'group_id' [ 247.950794][ T9164] random: crng reseeded on system resumption [ 248.101693][ T1799] usb 5-1: Using ep0 maxpacket: 8 [ 248.105853][ T1799] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 248.109453][ T1799] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 248.130398][ T1799] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 248.143357][ T1799] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 248.168492][ T1799] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 248.203928][ T1799] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 248.210299][ T1799] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.271985][ T9166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1004'. [ 248.328679][ T9174] tmpfs: Unknown parameter 'usrqotaju~' [ 248.333896][ T9174] No source specified [ 248.414931][ T1340] usb 6-1: new full-speed USB device number 14 using dummy_hcd [ 248.436388][ T9179] xt_socket: unknown flags 0x20 [ 248.460278][ T1799] usb 5-1: GET_CAPABILITIES returned 0 [ 248.470709][ T1799] usbtmc 5-1:16.0: can't read capabilities [ 248.564085][ T1340] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 248.590014][ T1340] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 248.604954][ T1340] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 248.610060][ T1340] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.679785][ T9160] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90 [ 248.698780][ T53] usb 5-1: USB disconnect, device number 15 [ 248.859199][ T9170] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1005'. [ 248.873630][ T1799] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 248.875340][ T9170] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1005'. [ 248.877599][ T1340] usb 6-1: usb_control_msg returned -32 [ 248.877642][ T1340] usbtmc 6-1:16.0: can't read capabilities [ 249.061989][ T1799] usb 7-1: Using ep0 maxpacket: 8 [ 249.079333][ T1799] usb 7-1: config 0 has an invalid interface number: 186 but max is 0 [ 249.084995][ T1799] usb 7-1: config 0 has no interface number 0 [ 249.099171][ T1799] usb 7-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 249.103776][ T1799] usb 7-1: config 0 interface 186 altsetting 0 endpoint 0x1 has an invalid bInterval 18, changing to 8 [ 249.135839][ T1799] usb 7-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 249.140799][ T1799] usb 7-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 249.179992][ T1799] usb 7-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 249.198239][ T1799] usb 7-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 249.202242][ T1799] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.219592][ T1799] usb 7-1: Product: syz [ 249.221644][ T1799] usb 7-1: Manufacturer: syz [ 249.223749][ T1799] usb 7-1: SerialNumber: syz [ 249.229232][ T1799] usb 7-1: config 0 descriptor?? [ 249.422390][ T9202] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1010'. [ 249.495752][ T1799] iowarrior 7-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior1 [ 249.538165][ T9199] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1011'. [ 249.857542][ T40] kauditd_printk_skb: 20 callbacks suppressed [ 249.857558][ T40] audit: type=1326 audit(1770978137.534:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9212 comm="syz.0.1012" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f37e5d9bf79 code=0x0 [ 249.956667][ T54] usb 7-1: USB disconnect, device number 15 [ 250.753368][ T9234] syzkaller0: entered promiscuous mode [ 250.755453][ T9234] syzkaller0: entered allmulticast mode [ 250.767092][ T40] audit: type=1400 audit(1770978138.424:772): avc: denied { setattr } for pid=9238 comm="syz.0.1017" name="" dev="pipefs" ino=27234 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 250.783133][ T40] audit: type=1400 audit(1770978138.454:773): avc: denied { create } for pid=9240 comm="syz.2.1018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 250.963975][ T9245] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1020'. [ 251.121991][ T53] usb 6-1: USB disconnect, device number 14 [ 251.517878][ T9259] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1021'. [ 253.166273][ T9262] dlm: Unknown command passed to DLM device : 33 [ 253.166273][ T9262] [ 253.170218][ T9263] dlm: Unknown command passed to DLM device : 33 [ 253.170218][ T9263] [ 253.175786][ T9262] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1025'. [ 256.121639][ T6037] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 256.131326][ T9280] Bluetooth: hci0: too big key_count value 9038 [ 256.133254][ T5947] Bluetooth: hci0: unexpected event for opcode 0x0c2d [ 256.311465][ T6037] usb 7-1: Using ep0 maxpacket: 8 [ 256.322748][ T6037] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 256.328508][ T6037] usb 7-1: config 0 has no interfaces? [ 256.333241][ T6037] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 256.377513][ T6037] usb 7-1: config 0 has no interfaces? [ 256.383240][ T6037] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 256.390448][ T6037] usb 7-1: config 0 has no interfaces? [ 256.412323][ T6037] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 256.416057][ T6037] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.428985][ T6037] usb 7-1: Product: syz [ 256.430867][ T6037] usb 7-1: Manufacturer: syz [ 256.461359][ T6037] usb 7-1: SerialNumber: syz [ 256.534086][ T6037] usb 7-1: config 0 descriptor?? [ 256.553902][ T9294] Bluetooth: MGMT ver 1.23 [ 256.750670][ T6082] usb 7-1: USB disconnect, device number 16 [ 256.821532][ T40] audit: type=1400 audit(1770978144.494:774): avc: denied { create } for pid=9298 comm="syz.0.1038" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 257.426537][ T6082] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 257.527720][ T40] audit: type=1400 audit(1770978145.184:775): avc: denied { name_connect } for pid=9313 comm="syz.2.1041" dest=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 257.609375][ T40] audit: type=1400 audit(1770978145.264:776): avc: denied { kexec_image_load } for pid=9311 comm="syz.1.1040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 257.690836][ T6082] usb 8-1: Using ep0 maxpacket: 8 [ 257.697464][ T6082] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 257.701129][ T6082] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 257.705531][ T6082] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 257.712548][ T6082] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 257.716807][ T6082] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 257.743436][ T6082] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 257.744861][ T40] audit: type=1400 audit(1770978145.424:777): avc: denied { getopt } for pid=9319 comm="syz.0.1043" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 257.756348][ T6082] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.771361][ T40] audit: type=1400 audit(1770978145.444:778): avc: denied { setopt } for pid=9319 comm="syz.0.1043" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 257.839473][ T40] audit: type=1400 audit(1770978145.524:779): avc: denied { write } for pid=9319 comm="syz.0.1043" path="socket:[27316]" dev="sockfs" ino=27316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 258.037293][ T6082] usb 8-1: GET_CAPABILITIES returned 0 [ 258.043276][ T6082] usbtmc 8-1:16.0: can't read capabilities [ 258.276877][ T6036] usb 5-1: new low-speed USB device number 16 using dummy_hcd [ 258.441489][ T6036] usb 5-1: device descriptor read/64, error -71 [ 258.462550][ T6082] usb 8-1: USB disconnect, device number 11 [ 258.465480][ T9338] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 258.488680][ T9338] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 258.561730][ T9338] vhci_hcd vhci_hcd.0: Device attached [ 258.696160][ T6036] usb 5-1: new low-speed USB device number 17 using dummy_hcd [ 258.803518][ T6037] usb 41-1: new low-speed USB device number 6 using vhci_hcd [ 258.821531][ T8952] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 258.851741][ T6036] usb 5-1: device descriptor read/64, error -71 [ 258.934906][ T40] audit: type=1400 audit(1770978146.614:780): avc: denied { bind } for pid=9344 comm="syz.1.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 258.956941][ T40] audit: type=1400 audit(1770978146.634:781): avc: denied { setopt } for pid=9344 comm="syz.1.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 258.971786][ T6036] usb usb5-port1: attempt power cycle [ 259.053184][ T8952] usb 7-1: config 0 has no interfaces? [ 259.055762][ T8952] usb 7-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 259.059674][ T8952] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.067500][ T8952] usb 7-1: config 0 descriptor?? [ 259.179985][ T40] audit: type=1400 audit(1770978146.854:782): avc: denied { write } for pid=9347 comm="syz.1.1051" name="udp6" dev="proc" ino=4026533172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 259.236573][ T40] audit: type=1326 audit(1770978146.884:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9349 comm="syz.3.1052" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f356059bf79 code=0x0 [ 259.323446][ T9339] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 5 [ 259.324910][ T1799] usb 7-1: USB disconnect, device number 17 [ 259.350990][ T1147] vhci_hcd vhci_hcd.2: stop threads [ 259.353530][ T1147] vhci_hcd vhci_hcd.2: release socket [ 259.371474][ T1147] vhci_hcd vhci_hcd.2: disconnect device [ 259.392326][ T6036] usb 5-1: new low-speed USB device number 18 using dummy_hcd [ 259.446382][ T6036] usb 5-1: device descriptor read/8, error -71 [ 259.701471][ T6036] usb 5-1: new low-speed USB device number 19 using dummy_hcd [ 259.722078][ T6036] usb 5-1: device descriptor read/8, error -71 [ 259.842339][ T6036] usb usb5-port1: unable to enumerate USB device [ 259.950722][ T9361] bond0: Error: Cannot enslave bond to itself. [ 260.237122][ T6036] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 260.305601][ T53] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 260.315294][ T53] hid-generic 0000:0000:0000.000A: hidraw1: HID v0.00 Device [syz1] on syz0 [ 260.429706][ T6036] usb 6-1: device descriptor read/64, error -71 [ 260.642306][ T1417] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.656517][ T1417] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.696999][ T6036] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 260.853870][ T6036] usb 6-1: device descriptor read/64, error -71 [ 260.965825][ T6036] usb usb6-port1: attempt power cycle [ 261.129484][ T9383] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 261.351478][ T6036] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 261.382280][ T6036] usb 6-1: device descriptor read/8, error -71 [ 261.637041][ T6036] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 261.662035][ T6036] usb 6-1: device descriptor read/8, error -71 [ 261.781613][ T6036] usb usb6-port1: unable to enumerate USB device [ 261.884524][ T9409] binder: 9408:9409 ioctl 4090ae82 200000000500 returned -22 [ 261.898257][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 261.898274][ T40] audit: type=1400 audit(1770978149.574:789): avc: denied { mount } for pid=9408 comm="syz.3.1073" name="/" dev="configfs" ino=3112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 261.930294][ T40] audit: type=1400 audit(1770978149.574:790): avc: denied { search } for pid=9408 comm="syz.3.1073" name="/" dev="configfs" ino=3112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 261.944139][ T40] audit: type=1400 audit(1770978149.574:791): avc: denied { setattr } for pid=9408 comm="syz.3.1073" name="/" dev="configfs" ino=3112 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 262.048965][ T9417] macvlan0: entered allmulticast mode [ 262.072950][ T9417] veth1_vlan: entered allmulticast mode [ 262.119381][ T9417] pim6reg: entered allmulticast mode [ 262.135448][ T9417] veth1_vlan: left allmulticast mode [ 262.161623][ T9417] macvlan0 (unregistering): left allmulticast mode [ 262.205665][ T9420] fuse: Unknown parameter 'ser_id' [ 262.345932][ T9423] delete_channel: no stack [ 262.359417][ T46] Bluetooth: Error in BCSP hdr checksum [ 263.018141][ T40] audit: type=1400 audit(1770978150.694:792): avc: denied { connect } for pid=9430 comm="syz.3.1081" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 263.049455][ T40] audit: type=1400 audit(1770978150.724:793): avc: denied { name_bind } for pid=9433 comm="syz.1.1082" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 263.104686][ T40] audit: type=1400 audit(1770978150.724:794): avc: denied { node_bind } for pid=9433 comm="syz.1.1082" saddr=172.20.20.187 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 263.145411][ T40] audit: type=1400 audit(1770978150.784:795): avc: denied { ioctl } for pid=9433 comm="syz.1.1082" path="socket:[29157]" dev="sockfs" ino=29157 ioctlcmd=0x943e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 263.244373][ T9436] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 263.448992][ T40] audit: type=1400 audit(1770978151.104:796): avc: denied { read } for pid=9433 comm="syz.1.1082" laddr=::ffff:172.20.20.187 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 263.796655][ T40] audit: type=1400 audit(1770978151.474:797): avc: denied { getopt } for pid=9443 comm="syz.3.1084" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 263.921515][ T6037] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 263.979189][ T40] audit: type=1400 audit(1770978151.654:798): avc: denied { append } for pid=9446 comm="syz.3.1085" name="card1" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 264.013838][ T9447] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 264.085290][ T9449] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1086'. [ 264.337428][ T9454] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1087'. [ 264.344446][ T9454] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1087'. [ 264.358711][ T9454] ip_vti0: Master is either lo or non-ether device [ 264.377817][ T5951] Bluetooth: hci4: command 0x1003 tx timeout [ 264.382483][ T5947] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 264.724704][ T9467] xt_time: unknown flags 0xf4 [ 265.565459][ T9483] o2cb: This node has not been configured. [ 265.568817][ T9483] o2cb: Cluster check failed. Fix errors before retrying. [ 265.574641][ T9483] (syz.0.1099,9483,0):user_dlm_register:674 ERROR: status = -22 [ 265.576839][ T9483] (syz.0.1099,9483,0):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 265.598249][ T9483] tipc: Enabling of bearer rejected, media not registered [ 265.613200][ T9483] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1099'. [ 265.789953][ T6082] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 266.006270][ T6082] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 266.010747][ T6082] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 266.021371][ T6082] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 266.045327][ T6082] usb 6-1: config 0 interface 0 has no altsetting 0 [ 266.050335][ T6082] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 266.056139][ T6082] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 266.073879][ T6082] usb 6-1: config 0 interface 0 has no altsetting 0 [ 266.077516][ T6082] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 266.080748][ T6082] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 266.102133][ T6082] usb 6-1: config 0 interface 0 has no altsetting 0 [ 266.106723][ T6082] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 266.115533][ T6082] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 266.121217][ T6082] usb 6-1: config 0 interface 0 has no altsetting 0 [ 266.125492][ T6082] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 266.128325][ T6082] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 266.137505][ T6082] usb 6-1: config 0 interface 0 has no altsetting 0 [ 266.142108][ T6082] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 266.149306][ T6082] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 266.154740][ T6082] usb 6-1: config 0 interface 0 has no altsetting 0 [ 266.159235][ T6082] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 266.164318][ T6082] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 266.169864][ T6082] usb 6-1: config 0 interface 0 has no altsetting 0 [ 266.176875][ T6082] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 266.183164][ T6082] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 266.191038][ T6082] usb 6-1: config 0 interface 0 has no altsetting 0 [ 266.200728][ T6082] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 266.209521][ T6082] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 266.212949][ T6082] usb 6-1: Product: syz [ 266.225203][ T6082] usb 6-1: Manufacturer: syz [ 266.227140][ T6082] usb 6-1: SerialNumber: syz [ 266.235925][ T6082] usb 6-1: config 0 descriptor?? [ 266.263649][ T6082] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 266.424918][ T9495] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1105'. [ 266.477720][ T9496] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1105'. [ 266.710570][ T9505] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9505 comm=syz.1.1098 [ 266.922086][ T40] kauditd_printk_skb: 88 callbacks suppressed [ 266.922160][ T40] audit: type=1400 audit(1770978154.604:887): avc: denied { setopt } for pid=9506 comm="syz.2.1107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 266.941675][ T40] audit: type=1400 audit(1770978154.614:888): avc: denied { read } for pid=9506 comm="syz.2.1107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 266.992687][ T40] audit: type=1400 audit(1770978154.664:889): avc: denied { write } for pid=9506 comm="syz.2.1107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 267.174222][ T40] audit: type=1400 audit(1770978154.844:890): avc: denied { shutdown } for pid=9509 comm="syz.3.1108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 267.219644][ T40] audit: type=1400 audit(1770978154.894:891): avc: denied { getopt } for pid=9509 comm="syz.3.1108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 267.234019][ T40] audit: type=1400 audit(1770978154.894:892): avc: denied { connect } for pid=9509 comm="syz.3.1108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 267.251546][ T40] audit: type=1400 audit(1770978154.894:893): avc: denied { name_connect } for pid=9509 comm="syz.3.1108" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 267.267772][ T40] audit: type=1400 audit(1770978154.934:894): avc: denied { write } for pid=9509 comm="syz.3.1108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 267.309641][ T40] audit: type=1400 audit(1770978154.984:895): avc: denied { write } for pid=9509 comm="syz.3.1108" lport=54585 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 267.523728][ T40] audit: type=1400 audit(1770978155.194:896): avc: denied { allowed } for pid=9512 comm="syz.2.1109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 267.546989][ T9513] macvlan0: entered allmulticast mode [ 267.554434][ T9513] veth1_vlan: entered allmulticast mode [ 267.611123][ T9513] pim6reg: entered allmulticast mode [ 267.621154][ T9513] veth1_vlan: left allmulticast mode [ 267.682876][ T9514] fuse: Unknown parameter 'ser_id' [ 267.695190][ T9513] macvlan0 (unregistering): left allmulticast mode [ 268.511640][ C1] usb 6-1: yurex_control_callback - control failed: -2 [ 268.547939][ T6082] usb 6-1: USB disconnect, device number 19 [ 268.572001][ T6082] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 268.902887][ T9542] fuse: Unknown parameter 'ser_id' [ 269.011651][ T9545] 9p: Could not find request transport: virt6@$VXio!dfltuid=0x0000000000000000 [ 269.224311][ T8971] usb 7-1: new full-speed USB device number 18 using dummy_hcd [ 269.414889][ T8971] usb 7-1: device descriptor read/64, error -71 [ 269.684820][ T8971] usb 7-1: new full-speed USB device number 19 using dummy_hcd [ 269.873686][ T8971] usb 7-1: device descriptor read/64, error -71 [ 270.027461][ T8971] usb usb7-port1: attempt power cycle [ 270.361374][ T8971] usb 7-1: new full-speed USB device number 20 using dummy_hcd [ 270.389903][ T8971] usb 7-1: device descriptor read/8, error -71 [ 270.634162][ T9599] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 270.647109][ T8971] usb 7-1: new full-speed USB device number 21 using dummy_hcd [ 270.657617][ T9594] loop5: detected capacity change from 0 to 7 [ 270.672660][ T8971] usb 7-1: device descriptor read/8, error -71 [ 270.787053][ T8971] usb usb7-port1: unable to enumerate USB device [ 270.869162][ T9603] ip6gre1: entered promiscuous mode [ 270.888567][ T9603] ip6gre1: entered allmulticast mode [ 270.904896][ T1141] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 270.909887][ T1141] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 270.977847][ T54] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 271.234418][ T9594] Dev loop5: unable to read RDB block 7 [ 271.240085][ T9601] loop5: detected capacity change from 7 to 0 [ 271.246344][ T9611] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=349689926 (11190077632 ns) > initial count (9226619392 ns). Using initial count to start timer. [ 271.252932][ T9594] loop5: unable to read partition table [ 271.281674][ T54] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 271.298798][ T9601] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 271.341574][ T9594] loop5: partition table beyond EOD, truncated [ 271.344007][ T9594] loop_reread_partitions: partition scan of loop5 (ɍn/C>|n˨,l-"@Iy}c9sGQaG%x?) failed (rc=-5) [ 271.420241][ T9601] kvm: kvm [9593]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 271.453027][ T9601] kvm: kvm [9593]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 271.765503][ T9624] binder: 9622:9624 ioctl aa00 0 returned -22 [ 271.981893][ T54] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 272.138628][ T9634] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1138'. [ 272.312192][ T9635] sp0: Synchronizing with TNC [ 272.341729][ T40] kauditd_printk_skb: 60 callbacks suppressed [ 272.341747][ T40] audit: type=1400 audit(1770978159.994:957): avc: denied { read } for pid=5638 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 272.408651][ T40] audit: type=1400 audit(1770978160.084:958): avc: denied { create } for pid=9632 comm="syz.2.1138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 272.461127][ T40] audit: type=1400 audit(1770978160.134:959): avc: denied { read write } for pid=9632 comm="syz.2.1138" name="sg1" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 272.473540][ T40] audit: type=1400 audit(1770978160.134:960): avc: denied { open } for pid=9632 comm="syz.2.1138" path="/dev/sg1" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 272.493967][ T40] audit: type=1400 audit(1770978160.144:961): avc: denied { ioctl } for pid=9632 comm="syz.2.1138" path="/dev/sg1" dev="devtmpfs" ino=727 ioctlcmd=0x2289 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 272.513177][ T9634] kvm: kvm [9632]: vcpu0, guest rIP: 0x9115 Unhandled WRMSR(0xc2) = 0x80c800dc80e8 [ 272.558436][ T9634] kvm: kvm [9632]: vcpu0, guest rIP: 0x9115 Unhandled WRMSR(0xc1) = 0x68e800dc80c8 [ 272.641580][ T1340] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 272.668609][ T9647] IPVS: set_ctl: invalid protocol: 44 172.20.20.12:21 [ 272.668841][ T40] audit: type=1400 audit(1770978160.344:962): avc: denied { setopt } for pid=9646 comm="syz.1.1143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 272.686350][ T9647] CIFS mount error: No usable UNC path provided in device string! [ 272.686350][ T9647] [ 272.717327][ T9647] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 272.721694][ T40] audit: type=1400 audit(1770978160.394:963): avc: denied { write } for pid=9646 comm="syz.1.1143" name="ptp0" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 272.769473][ T40] audit: type=1400 audit(1770978160.394:964): avc: denied { open } for pid=9646 comm="syz.1.1143" path="/dev/ptp0" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 272.869185][ T1340] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 272.873722][ T1340] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 272.880785][ T1340] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 272.884514][ T1340] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.156257][ T1340] usb 5-1: usb_control_msg returned -32 [ 273.158673][ T1340] usbtmc 5-1:16.0: can't read capabilities [ 273.221524][ T40] audit: type=1400 audit(1770978160.864:965): avc: denied { create } for pid=9653 comm="syz.1.1144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 273.229184][ T40] audit: type=1400 audit(1770978160.864:966): avc: denied { write } for pid=9653 comm="syz.1.1144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 273.288744][ T9656] No control pipe specified [ 273.431403][ T9661] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1145'. [ 273.477507][ T9641] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1142'. [ 273.893205][ T9672] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1150'. [ 273.980267][ T9676] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1151'. [ 273.988005][ T9676] Unknown options in mask b7f2 [ 274.012301][ T9677] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1151'. [ 274.017293][ T9677] Unknown options in mask b7f2 [ 274.284543][ T9681] "syz.3.1152" (9681) uses obsolete ecb(arc4) skcipher [ 274.740183][ T9698] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1158'. [ 275.014279][ T8971] libceph: connect (1)[c::]:6789 error -101 [ 275.018164][ T8971] libceph: mon0 (1)[c::]:6789 connect error [ 275.095428][ T9712] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 275.129462][ T9707] ceph: No mds server is up or the cluster is laggy [ 275.259851][ T9717] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1165'. [ 275.261621][ C2] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 275.446335][ T8952] usb 5-1: USB disconnect, device number 20 [ 275.663170][ T9724] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined [ 275.899879][ T9732] program syz.2.1170 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 275.939562][ T9732] ata1.00: invalid command format 0 [ 275.945736][ T9732] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 275.949297][ T9732] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 276.009072][ T9736] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1169'. [ 276.070484][ T9729] (syz.0.1169,9729,3):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 276.077840][ T9729] (syz.0.1169,9729,3):ocfs2_fill_super:1177 ERROR: status = -22 [ 276.517482][ T8971] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 276.587253][ T5947] Bluetooth: hci3: unknown advertising packet type: 0x76 [ 276.587302][ T5947] Bluetooth: hci3: Malformed LE Event: 0x02 [ 276.673764][ T8971] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 276.678835][ T8971] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 276.686410][ T8971] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 276.691632][ T8971] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.702601][ T9745] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 276.718401][ T8971] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 277.008088][ T8971] usb 6-1: USB disconnect, device number 20 [ 277.127940][ T9770] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1181'. [ 277.348649][ T9778] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1185'. [ 277.354201][ T9778] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1185'. [ 277.759328][ T9786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1188'. [ 277.765867][ T40] kauditd_printk_skb: 35 callbacks suppressed [ 277.765884][ T40] audit: type=1400 audit(1770978165.444:1002): avc: denied { bind } for pid=9785 comm="syz.3.1188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 277.772213][ T9793] gretap1: entered promiscuous mode [ 277.791006][ T40] audit: type=1400 audit(1770978165.454:1003): avc: denied { name_bind } for pid=9785 comm="syz.3.1188" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 277.791044][ T40] audit: type=1400 audit(1770978165.454:1004): avc: denied { node_bind } for pid=9785 comm="syz.3.1188" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 277.902857][ T40] audit: type=1400 audit(1770978165.584:1005): avc: denied { view } for pid=9790 comm="syz.1.1190" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 277.947702][ T40] audit: type=1400 audit(1770978165.614:1006): avc: denied { ioctl } for pid=9801 comm="syz.2.1191" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 278.041437][ T6082] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 278.060326][ T6035] libceph: connect (1)[c::]:6789 error -101 [ 278.068094][ T6035] libceph: mon0 (1)[c::]:6789 connect error [ 278.174431][ T40] audit: type=1400 audit(1770978165.824:1007): avc: denied { write } for pid=9810 comm="syz.1.1194" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 278.190126][ T9804] ceph: No mds server is up or the cluster is laggy [ 278.276410][ T6082] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 278.298407][ T6082] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 278.312791][ T6082] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 278.329305][ T6082] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 278.360710][ T6082] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 278.365166][ T6082] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.395622][ T6082] usb 8-1: config 0 descriptor?? [ 278.526819][ T40] audit: type=1400 audit(1770978166.204:1008): avc: denied { create } for pid=9822 comm="syz.0.1197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 278.560752][ T40] audit: type=1400 audit(1770978166.204:1009): avc: denied { name_bind } for pid=9822 comm="syz.0.1197" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 278.596951][ T40] audit: type=1400 audit(1770978166.204:1010): avc: denied { execute } for pid=9822 comm="syz.0.1197" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=34027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 278.636542][ T40] audit: type=1400 audit(1770978166.254:1011): avc: denied { getopt } for pid=9824 comm="syz.1.1198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 278.680428][ T9827] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.1199'. [ 278.745839][ T9829] overlayfs: failed to resolve './file0/file0': -2 [ 278.940166][ T6082] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 279.544604][ T9843] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1205'. [ 279.612252][ T9846] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1205'. [ 279.616536][ T9846] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1205'. [ 279.620677][ T9846] capability: warning: `syz.1.1205' uses 32-bit capabilities (legacy support in use) [ 279.633043][ T9846] ------------[ cut here ]------------ [ 279.644720][ T9846] 1 [ 279.644734][ T9846] WARNING: mm/page_alloc.c:5220 at __alloc_frozen_pages_noprof+0x22ae/0x2ae0, CPU#3: syz.1.1205/9846 [ 279.653887][ T9846] Modules linked in: [ 279.655554][ T9846] CPU: 3 UID: 0 PID: 9846 Comm: syz.1.1205 Not tainted syzkaller #0 PREEMPT(full) [ 279.658969][ T9846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 279.663330][ T9846] RIP: 0010:__alloc_frozen_pages_noprof+0x22ae/0x2ae0 [ 279.666688][ T9846] Code: 6e f9 ff ff e8 d3 ea 86 ff 84 c0 0f 85 fb fa ff ff 48 8d 3d a4 db 78 0e 67 48 0f b9 3a e9 ea fa ff ff c6 05 50 57 5c 0e 01 90 <0f> 0b 90 e9 a7 e0 ff ff 48 8d bc 24 a8 01 00 00 e8 1d 71 de ff 84 [ 279.678913][ T9846] RSP: 0018:ffffc900037c7760 EFLAGS: 00010246 [ 279.682713][ T9846] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 279.686396][ T9846] RDX: 0000000000000000 RSI: 0000000000000016 RDI: 0000000000040cc0 [ 279.690131][ T9846] RBP: 0000000000000016 R08: 0000000000000005 R09: 0000000000000009 [ 279.695595][ T9846] R10: 0000000000000016 R11: 0000000000000000 R12: 0000000000040cc0 [ 279.706552][ T9846] R13: 1ffff920006f8f3b R14: 0000000000000016 R15: 1ffff920006f8f05 [ 279.710940][ T9846] FS: 00007fe18f9bf6c0(0000) GS:ffff8880d668b000(0000) knlGS:0000000000000000 [ 279.733310][ T9846] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 279.742797][ T54] usb 8-1: USB disconnect, device number 12 [ 279.748874][ T9846] CR2: 0000200000001680 CR3: 0000000059fee000 CR4: 0000000000352ef0 [ 279.752584][ T9846] Call Trace: [ 279.754381][ T9846] [ 279.766027][ T9846] ? find_held_lock+0x2b/0x80 [ 279.768272][ T9846] ? is_bpf_text_address+0x8a/0x1a0 [ 279.770435][ T9846] ? is_bpf_text_address+0x8a/0x1a0 [ 279.773696][ T9846] ? bpf_ksym_find+0x128/0x1c0 [ 279.775772][ T9846] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 279.792751][ T9846] ? is_bpf_text_address+0x94/0x1a0 [ 279.795369][ T9846] ? kernel_text_address+0x8d/0x100 [ 279.797556][ T9846] ? __kernel_text_address+0xd/0x30 [ 279.799723][ T9846] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 279.805589][ T9846] ? arch_stack_walk+0xa6/0xf0 [ 279.810974][ T9846] ? stack_trace_save+0x8e/0xc0 [ 279.816502][ T9846] ? __pfx_stack_trace_save+0x10/0x10 [ 279.831421][ T9846] ? stack_depot_save_flags+0x27/0x9d0 [ 279.833980][ T9846] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 279.836233][ T9846] ? policy_nodemask+0xed/0x4f0 [ 279.838216][ T9846] alloc_pages_mpol+0x1fb/0x550 [ 279.840079][ T9846] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 279.842317][ T9846] ? drm_syncobj_array_find+0x35/0x3a0 [ 279.847231][ T9846] ___kmalloc_large_node+0x104/0x150 [ 279.863300][ T9846] __kmalloc_large_node_noprof+0x1c/0x70 [ 279.868300][ T9846] __kmalloc_noprof+0x5be/0x850 [ 279.871909][ T9846] drm_syncobj_array_find+0x35/0x3a0 [ 279.878601][ T9846] drm_syncobj_timeline_signal_ioctl+0x22a/0x8d0 [ 279.891107][ T9846] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 279.901783][ T9846] ? drm_dev_exit+0x41/0x60 [ 279.906868][ T9846] ? drm_dev_exit+0x41/0x60 [ 279.908784][ T9846] drm_ioctl_kernel+0x1f3/0x3e0 [ 279.910640][ T9846] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 279.914775][ T9846] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 279.917674][ T9846] drm_ioctl+0x5e6/0xc60 [ 279.920039][ T9846] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 279.923448][ T9846] ? __pfx_drm_ioctl+0x10/0x10 [ 279.925648][ T9846] ? selinux_file_ioctl+0x139/0x290 [ 279.927797][ T9846] ? selinux_file_ioctl+0xb4/0x290 [ 279.930086][ T9846] ? __pfx_drm_ioctl+0x10/0x10 [ 279.932542][ T9846] __x64_sys_ioctl+0x18e/0x210 [ 279.934878][ T9846] do_syscall_64+0x106/0xf80 [ 279.937002][ T9846] ? clear_bhb_loop+0x40/0x90 [ 279.938943][ T9846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 279.941687][ T9846] RIP: 0033:0x7fe18eb9bf79 [ 279.943316][ T9846] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 279.949874][ T9846] RSP: 002b:00007fe18f9bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 279.956174][ T9846] RAX: ffffffffffffffda RBX: 00007fe18ee16090 RCX: 00007fe18eb9bf79 [ 279.959997][ T9846] RDX: 0000200000000340 RSI: 00000000c01864cd RDI: 0000000000000003 [ 279.966598][ T9846] RBP: 00007fe18ec327e0 R08: 0000000000000000 R09: 0000000000000000 [ 279.972091][ T9846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 279.975866][ T9846] R13: 00007fe18ee16128 R14: 00007fe18ee16090 R15: 00007ffca4745fd8 [ 279.979475][ T9846] [ 279.980735][ T9846] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 279.983488][ T9846] CPU: 3 UID: 0 PID: 9846 Comm: syz.1.1205 Not tainted syzkaller #0 PREEMPT(full) [ 279.987041][ T9846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 279.991556][ T9846] Call Trace: [ 279.993031][ T9846] [ 279.994423][ T9846] dump_stack_lvl+0x100/0x190 [ 279.996645][ T9846] vpanic+0x552/0x970 [ 279.998694][ T9846] ? __pfx_vpanic+0x10/0x10 [ 280.000833][ T9846] panic+0xd1/0xe0 [ 280.002607][ T9846] ? __pfx_panic+0x10/0x10 [ 280.004589][ T9846] check_panic_on_warn.cold+0x19/0x34 [ 280.006951][ T9846] ? __alloc_frozen_pages_noprof+0x22ae/0x2ae0 [ 280.009603][ T9846] __warn.cold+0x191/0x2f8 [ 280.011585][ T9846] __report_bug+0x296/0x3d0 [ 280.013481][ T9846] ? __alloc_frozen_pages_noprof+0x22ae/0x2ae0 [ 280.016580][ T9846] ? __pfx___report_bug+0x10/0x10 [ 280.019287][ T9846] ? __lock_acquire+0x4a5/0x2630 [ 280.021267][ T9846] ? __lock_acquire+0x4a5/0x2630 [ 280.023227][ T9846] ? __alloc_frozen_pages_noprof+0x22ae/0x2ae0 [ 280.025825][ T9846] report_bug+0xb2/0x220 [ 280.027675][ T9846] ? __alloc_frozen_pages_noprof+0x22ae/0x2ae0 [ 280.029787][ T9846] handle_bug+0x166/0x2a0 [ 280.031537][ T9846] exc_invalid_op+0x17/0x50 [ 280.033356][ T9846] asm_exc_invalid_op+0x1a/0x20 [ 280.035724][ T9846] RIP: 0010:__alloc_frozen_pages_noprof+0x22ae/0x2ae0 [ 280.038760][ T9846] Code: 6e f9 ff ff e8 d3 ea 86 ff 84 c0 0f 85 fb fa ff ff 48 8d 3d a4 db 78 0e 67 48 0f b9 3a e9 ea fa ff ff c6 05 50 57 5c 0e 01 90 <0f> 0b 90 e9 a7 e0 ff ff 48 8d bc 24 a8 01 00 00 e8 1d 71 de ff 84 [ 280.049600][ T9846] RSP: 0018:ffffc900037c7760 EFLAGS: 00010246 [ 280.051727][ T9846] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 280.055022][ T9846] RDX: 0000000000000000 RSI: 0000000000000016 RDI: 0000000000040cc0 [ 280.058435][ T9846] RBP: 0000000000000016 R08: 0000000000000005 R09: 0000000000000009 [ 280.061781][ T9846] R10: 0000000000000016 R11: 0000000000000000 R12: 0000000000040cc0 [ 280.064708][ T9846] R13: 1ffff920006f8f3b R14: 0000000000000016 R15: 1ffff920006f8f05 [ 280.068074][ T9846] ? find_held_lock+0x2b/0x80 [ 280.070259][ T9846] ? is_bpf_text_address+0x8a/0x1a0 [ 280.075373][ T9846] ? is_bpf_text_address+0x8a/0x1a0 [ 280.078940][ T9846] ? bpf_ksym_find+0x128/0x1c0 [ 280.080630][ T9846] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 280.082651][ T9846] ? is_bpf_text_address+0x94/0x1a0 [ 280.084371][ T9846] ? kernel_text_address+0x8d/0x100 [ 280.087329][ T9846] ? __kernel_text_address+0xd/0x30 [ 280.091533][ T9846] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 280.094717][ T9846] ? arch_stack_walk+0xa6/0xf0 [ 280.096697][ T9846] ? stack_trace_save+0x8e/0xc0 [ 280.098974][ T9846] ? __pfx_stack_trace_save+0x10/0x10 [ 280.104617][ T9846] ? stack_depot_save_flags+0x27/0x9d0 [ 280.109512][ T9846] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 280.112009][ T9846] ? policy_nodemask+0xed/0x4f0 [ 280.113622][ T9846] alloc_pages_mpol+0x1fb/0x550 [ 280.115252][ T9846] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 280.119943][ T9846] ? drm_syncobj_array_find+0x35/0x3a0 [ 280.122468][ T9846] ___kmalloc_large_node+0x104/0x150 [ 280.124780][ T9846] __kmalloc_large_node_noprof+0x1c/0x70 [ 280.127186][ T9846] __kmalloc_noprof+0x5be/0x850 [ 280.129194][ T9846] drm_syncobj_array_find+0x35/0x3a0 [ 280.132257][ T9846] drm_syncobj_timeline_signal_ioctl+0x22a/0x8d0 [ 280.135023][ T9846] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 280.137701][ T9846] ? drm_dev_exit+0x41/0x60 [ 280.140030][ T9846] ? drm_dev_exit+0x41/0x60 [ 280.147136][ T9846] drm_ioctl_kernel+0x1f3/0x3e0 [ 280.149295][ T9846] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 280.154274][ T9846] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 280.157446][ T9846] drm_ioctl+0x5e6/0xc60 [ 280.160219][ T9846] ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10 [ 280.164910][ T9846] ? __pfx_drm_ioctl+0x10/0x10 [ 280.167300][ T9846] ? selinux_file_ioctl+0x139/0x290 [ 280.179294][ T9846] ? selinux_file_ioctl+0xb4/0x290 [ 280.182317][ T9846] ? __pfx_drm_ioctl+0x10/0x10 [ 280.184529][ T9846] __x64_sys_ioctl+0x18e/0x210 [ 280.186598][ T9846] do_syscall_64+0x106/0xf80 [ 280.188537][ T9846] ? clear_bhb_loop+0x40/0x90 [ 280.190543][ T9846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.194793][ T9846] RIP: 0033:0x7fe18eb9bf79 [ 280.196807][ T9846] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 280.208880][ T9846] RSP: 002b:00007fe18f9bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 280.229512][ T9846] RAX: ffffffffffffffda RBX: 00007fe18ee16090 RCX: 00007fe18eb9bf79 [ 280.234232][ T9846] RDX: 0000200000000340 RSI: 00000000c01864cd RDI: 0000000000000003 [ 280.238016][ T9846] RBP: 00007fe18ec327e0 R08: 0000000000000000 R09: 0000000000000000 [ 280.242271][ T9846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.246819][ T9846] R13: 00007fe18ee16128 R14: 00007fe18ee16090 R15: 00007ffca4745fd8 [ 280.250827][ T9846] [ 280.254611][ T9846] Kernel Offset: disabled [ 280.257749][ T9846] Rebooting in 86400 seconds..