last executing test programs: 11.703575349s ago: executing program 4 (id=364): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000280)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16]) 8.829355885s ago: executing program 4 (id=374): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x8}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 8.106452506s ago: executing program 2 (id=383): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r0, 0x1, 0xa, &(0x7f0000000180), 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000003800000000000001000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5df6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) recvmsg$unix(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x40021103) syz_emit_ethernet(0x8e, &(0x7f00000001c0)=ANY=[@ANYBLOB="e90c610faca20180c20000000800450000800000e00000119078000000000000000000004e20006c90786eacd3e9674eadf678befe4a21e0fc0d0d939b636c5e9fb222b09325e891aae76885bbb1b497b028b2a57fb67ffc4279954617625e475cad7da04812a675ee349085e12645a11fa40b1b2e6eeb13fa914cc17cc7956087f25bd54def111fea54548fb7de4f2f97517984c3894ed1866ee5b805"], 0x0) sendmsg$inet(r1, &(0x7f0000000700)={&(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10, &(0x7f0000000680)=[{&(0x7f0000000400)="399cedda8a48ef2a55939459f81320fdb1be746c9f66d29702c18fa8cf595afdf979638c2ce2b3a4b148ea802c1a2c44e686fef7a2cdbb7558318e1b4b4350aea5059a08009c574f93513113068b343b32014df3512fad85", 0x58}, {&(0x7f00000004c0)="b0ca04a994235743fa", 0x9}, {&(0x7f0000000500)="2beb9881912834003f181e9e0fb6ee9ed71f057e5e72a79e5246e5d5f77fd5e017e04bf8068038ba01fc44972800367e28df9c07d55a6d2f16fbfa9407753acc126cb769717fa4b8817c50017def4136ec67d5c202dd8415aa55e69b7e291083b1cd52766a5aa5a7a03d3b3dc0e5995be66f3166138c38949365bd1444539558c82a3217496e5a6c44d61cbd3840e6957a80aa56fd73eada2befee634fa6116bbeba6b9b191031c2b91d1737824540754afd1cbc823a31cc61bc298917b69089843c", 0xc2}, {&(0x7f0000000600)="efba37ac8394d8a8e2511e48fa3d22d7477f9ceb3cb5afc8ceac1a90869fbf6b3ea00f178e51af053777f1301cc6f72fb3f563d5ad38181cf97787ececc63cb6e4aae87f7e6365846b51841e3e0f9a2d73bc96709e52", 0x56}], 0x4, &(0x7f00000006c0)=[@ip_tos_int={{0x14, 0x0, 0x1, 0xd8f4}}, @ip_ttl={{0x14, 0x0, 0x2, 0x464a}}], 0x30}, 0x2000c004) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x100000000000600d, 0x1) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=000000000000100000,user_id=\x00\x00\x00\x00\x00', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) read$FUSE(r2, &(0x7f0000002300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000000240)={0x50, 0x0, r3, {0x7, 0x27, 0x0, 0x9501200}}, 0x50) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)=@known='system.posix_acl_default\x00', 0x0, 0x0) syz_emit_ethernet(0x7d, &(0x7f0000001a80)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x6f, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x5b, 0x0, @opaque="edf1df4edc119cb3d0b8ad66bf21898f56dea225ccb2d8ed7e491f7a300b0b38fe69e2910f6158f4cf4d2bf792d3758d8173e85e1bf7fa7eeba490c2cf30bb231e806bfabcabdc0213d969b0b9434fa01623fc"}}}}}, 0x0) 7.966382773s ago: executing program 4 (id=385): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000a80)=[{0x0}, {&(0x7f0000000880)=""/188, 0xbc}], 0x2}, 0x3}], 0x1, 0x121, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e21, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f00000000c0)={0x3, 0x0, 0xfd, 0x4, 0x5, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0xe) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000180)=0x6, 0x4) recvmmsg(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000200)=@l2, 0x80, &(0x7f0000000940)=[{&(0x7f0000000300)=""/166, 0xa6}, {&(0x7f00000003c0)=""/194, 0xc2}, {&(0x7f0000003440)=""/4096, 0x1000}, {&(0x7f0000000080)=""/10, 0xa}, {&(0x7f0000000d80)=""/198, 0xc6}, {&(0x7f00000005c0)=""/177, 0xb1}, {&(0x7f0000000680)=""/60, 0x3c}, {&(0x7f0000000700)=""/214, 0xd6}], 0x8, &(0x7f0000004440)=""/4096, 0x1000}, 0x10}, {{&(0x7f00000009c0)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000a40)=[{&(0x7f0000000b40)=""/154, 0x9a}, {&(0x7f0000000800)=""/39, 0x27}, {&(0x7f0000000c00)=""/146, 0x92}], 0x3, &(0x7f0000000ac0)=""/39, 0x27}, 0x6}], 0x3, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ipv6_route\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_procfs$namespace(0x0, 0x0) setns(r3, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x8e383, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r6 = fanotify_init(0xf00, 0x0) fanotify_mark(r6, 0x105, 0x4800003a, r5, 0x0) read$FUSE(r6, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYRES32=r4], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r7}, 0x18) madvise(&(0x7f0000acc000/0x4000)=nil, 0x4000, 0x17) preadv(r1, &(0x7f0000002400)=[{&(0x7f0000002440)=""/4096, 0x1000}], 0x1, 0x1, 0x9) 7.53158385s ago: executing program 2 (id=386): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0), 0x4) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x10, 0x803, 0x0) r7 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x40000002, {0x0, 0x0, 0x0, r8, {0x0, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x8, 0x2, [@TCA_BASIC_EMATCHES={0x4}]}}]}, 0x38}}, 0x0) close(r4) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r9, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r10, 0x0, 0x97, 0x8000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r10, 0x0, &(0x7f0000ff6000/0xa000)=nil, 0xa000}) 5.845656814s ago: executing program 2 (id=390): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_sock_diag(0x10, 0x3, 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x81082, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x40040) r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0) listen(r6, 0x6) 4.731110619s ago: executing program 2 (id=392): r0 = socket$kcm(0xa, 0x2, 0x3a) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_tables_matches\x00') pread64(r1, &(0x7f0000000040)=""/103, 0x67, 0x67) setsockopt$sock_attach_bpf(r0, 0x29, 0x21, &(0x7f0000000100), 0x4) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r2, 0x400448de, &(0x7f00000024c0)) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000e40)=ANY=[@ANYBLOB='(\x00\x00\x00+\x00\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\t'], 0x28}}, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='setgroups\x00') writev(r4, &(0x7f00000004c0)=[{&(0x7f00000002c0)="9bd255abe499de3c", 0x8}], 0x1) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r3, 0x8983, &(0x7f0000000040)={0x6, 'team_slave_1\x00', {0x1}, 0x8}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r5) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x24004084}, 0x40810) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(0xffffffffffffffff, 0xa3d, 0x0, 0x0, 0x0, 0xff39) recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x40010020) sendmsg$kcm(r0, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x0, 0x0, @mcast2, 0x1a}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000780)="80005b020eaa4da2", 0x8}], 0x1, 0x0, 0x0, 0x900}, 0x0) 4.728834174s ago: executing program 1 (id=393): r0 = socket$kcm(0x21, 0x5, 0x2) sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="3000000000000000100100000d"], 0x30}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x18, r2, 0x1, 0x0, 0x0, {0x2b}, [@ETHTOOL_A_LINKMODES_HEADER={0x4}]}, 0x18}}, 0x4000000) 4.407493558s ago: executing program 1 (id=394): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'veth1_to_batadv\x00', 0x0}) bind$alg(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000500)=@newlink={0x50, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x436d0}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x2}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x8, 0x15}}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x50}, 0x1, 0x1f00}, 0x0) 4.36860368s ago: executing program 0 (id=395): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x4}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000001}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 4.366958441s ago: executing program 3 (id=396): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x13, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x600}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c}, @map_fd={0x18, 0x0, 0x1, 0x0, r2}, @exit]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 4.250182078s ago: executing program 3 (id=397): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x52, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4.151415856s ago: executing program 3 (id=398): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a010400000000000000000200000044000480400001800e000100627974656f726465720000002c000280080001400000000f08000240000000000800044000000000080003400000000008000540000000080900010073797a30000000000900020073797a32"], 0x98}}, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) r3 = getpgid(0xffffffffffffffff) prlimit64(r3, 0xa, 0x0, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, 0x0, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x4, &(0x7f0000000a40)=0x4, 0x4) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010003704000080000000000000000000", @ANYRES32=0x0, @ANYBLOB="8b04040000000000240012800b00010067656e65766500001400028005000900210000000500080001"], 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0) 4.138111156s ago: executing program 1 (id=399): syz_io_uring_setup(0x4cec, &(0x7f0000000000)={0x0, 0x1000000, 0x80, 0x3, 0x76}, &(0x7f0000000180), &(0x7f00000000c0)) r0 = socket$packet(0x11, 0x3, 0x300) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() r2 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000000)={0x0, 0x0, 0x7, &(0x7f0000000280)={0x21, "90f541a5e64f61909103f1fbbc2bd3c9f144d76e44c7b2986eb5e52829e7cb8393"}}) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r5 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0) ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c005af07677d18bc"}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x7, 0x0, 0x0, 0x7fdfffff}]}) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$uinput_user_dev(r6, 0x0, 0x0) ioctl$UI_SET_SWBIT(r6, 0x4004556d, 0x0) ioctl$UI_DEV_CREATE(r6, 0x5501) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, 0x0, &(0x7f0000000280)) sched_getattr(r1, &(0x7f00000000c0)={0x38}, 0x38, 0x0) msgsnd(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000000000003e03f6d323b0ca0b7e9fd6b509ec804bd0f8e951925537f3f8c4e7d056bdc987bf33a091e75ee73875a12608a326a81bce9eb7314508a05e547a3437b0db02e26a002ebd1b8f60c8b9535a1fed29fb4422f22cffd64083a4bf9b629b325ac29cf7aa32e75bdb8ac491f00e2c1374a13f2c897cfb65ebc87e2d74ad1508f639f17e41219a33ac2715a559aed54287a1f6d55989910cfcabf56c655bfffc1dcb56a749bf5f964cf517eda5b94c3f3f8cc0bc740000f23600afb71c611410454e8e7550d4401acd589d41e476114063c662c87e47b0aaf15f91babb17963f69863fc27d67d3de2a0d589a0b"], 0xc0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) socket$inet6_udp(0xa, 0x2, 0x0) 3.932269157s ago: executing program 2 (id=400): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {}, [{0x84, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0xfffffcdc}, {0x4}, {0xc}, {0xc, 0x8, {0xfffff000, 0x2}}}}, @m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xc, 0x762, 0x5, 0xc, 0x9}, 0x1}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_PRIO={0x8, 0x3, @val=0xffffffff}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4040}, 0x0) 3.866140837s ago: executing program 0 (id=401): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) getsockopt$bt_BT_FLUSHABLE(r4, 0x112, 0x4, 0x0, &(0x7f0000000000)) 3.863643482s ago: executing program 3 (id=402): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000880)='ns\x00') setsockopt$inet6_mreq(r1, 0x29, 0x1c, 0x0, 0x0) r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$kcm(0x2, 0x1, 0x84) readv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x88}], 0x1) setsockopt$sock_attach_bpf(r5, 0x84, 0x84, &(0x7f0000000000), 0x90) r6 = socket$inet6(0xa, 0x3, 0x6) select(0x40, &(0x7f0000000400)={0xa980, 0x3, 0x9, 0x0, 0x6, 0xc, 0xffffffeffffffffd, 0xfffffffffffffffe}, 0x0, 0x0, &(0x7f0000000280)={0x0, 0xea60}) close(0x3) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYRESHEX=r4, @ANYBLOB="4705800700b891ebe1eab7136757ccfaa5a3e7299b28b170c6680eca1d0db9c7599d04b515a70d3b3be7a2a754a308fd24c00eeafc9f1895c6cb501145a1656004c5e4ad7054018473f61e44ac6235ba1e41235812721670454f357b66ef850414f107f19d8dc339e7fe0947f91ee31d60477623c23453c2b1cf50ed4cbb1873b760a3933afcb0"], 0x7c}, 0x1, 0x0, 0x0, 0x40004}, 0x4000084) sendmsg$NFT_BATCH(r4, 0x0, 0x0) write$dsp(0xffffffffffffffff, 0x0, 0x0) mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x8) fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0) openat$cgroup_devices(r1, &(0x7f0000000240)='devices.deny\x00', 0x2, 0x0) r7 = fsmount(r2, 0x0, 0x0) r8 = openat$cgroup_subtree(r7, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r8, &(0x7f00000002c0)=ANY=[@ANYRESOCT=0x0, @ANYRES16=r6], 0x2d) openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) r9 = socket$inet6(0xa, 0x800000000000002, 0x0) sendmmsg$inet6(r9, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f0000000080)}}], 0x1, 0x400c404) 2.436645076s ago: executing program 1 (id=403): r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585604, &(0x7f0000000040)={0x1, 0x0, {0x0, 0x0, 0x3001, 0x0, 0xe, 0x7, 0x1, 0x3}}) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$ttys(0xc, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x14) sendmsg$kcm(r0, &(0x7f0000002100)={&(0x7f0000000800)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000001c00)=ANY=[@ANYBLOB="b8000000000000000100000009000000a8e60678720a6651ce4ba7d8228b708e8f0b6b4ae9028f4570b48d5fac5d592337138488a381e8f33ede3b0a781f3890fec0fc9def39a4b70524ab56f0aacb55c395a6c93130fcb32a8ff5ceb211080dc0c1f615655e83b9feeded33dfcad4d63a082e9a84424ae438a82ae5614919a8a554be505081e23ceded31e84560ecc36dee28ce9886c672c3785fb419cd6611a2c06264705d4d9a105242e72390013ace00000000000000f8000000000000001000000001000000ed3baf971a830c6a126d22025dee0f04ae413f7f326a661920557a4f73d19e992ed3dc49c11fac6ded73ac4cdf6680ec2c201ccbf22678363eca0ba9d5359d2f348c89ded1af9099b0781dd0562bf4c1ef86c0b11d8c3a37bf0000508e30b441310f17824df166498815523b2d2e265cd591606459685e425a1a0f5829f3e8413cb2bdf4c4a9c41ecff018a37fb0f6165f120722021284b44907e54abb9959a0501e44f009bfaf876e51febf5aeb7a3f644b2ddda41b6e8b7e1c9a85141854694d5a8204a72a7bb0abceef71bc65c858687e8e3070e899ef43453f82231e796ed0d2a37f65000000b00000000000000012010000ff030000d84b9f9bfa0e8da1fc5d74122cf4c9de0f760d3170fdaea764092aae9ce903d3c4991f33c6835b0812a735805c7b78a96cadf5bf1a95fce08271f48841a649d2a31ff0ac98bf157dc527672f6a04d84f249d1daaf35e877cdc4be5b5ce1a596323a4f80625dab491853ed9c7a5dac3f3a8c67456ee43d7fcc8fae40d4a2eb11513aabcff93ae270ceaf54af16a9d2323913fb6f144f8f3338a0b17e5943500004800000000000000150100000000010071ca83ec1cf4d25c45d26c430072825a174e5c413fa7c9914e565a8dfb2e47738930e87a85abaf342f6de98c2319dec8f8de384f67eed60020000000000000001901000007000000aa4d638955066dc8d528edbd9a9a3500180000000000000002010000018000006f858c73d0e7b07ff00000000000000007010000080000002849e866fdf77894b85816a8a6d88dc5524457413ec124141b0270b3718cf057072143ca69a1780434bc32de0d5b959c3e5a9ae467ab37147c3e46a8115864e9b7696a3859e2351670a7c6be48a001bb455d0fb4089512bbbe7c1390ed22b4889cc8d6aa88053227f9debd08642c77186eb5ace35c85f15c6bdbab009b9ab936d5b07156c9433f5c31dc697a37be3f34e14d82c46929910e883d7a741a01e2638e9cbf44dca2b58379d10ca3020172d3e947039e734ebe4cde40bda316108183a1b756454f160c148e98cc2ce63d2836f2ebc6798c19abcac1adb10000000000700000000000000088000000ff7f00002970da59dc37c480e4f183a619322d59460d922ba077c0834ccebc61f0e413c191e1c591e077171559ef409d52b4577a7d3be3d3c65374c8ff81b70cafaabd505485039b5ff7b7cc727a269ab2563c44f76a129cc29ccf1a733efc6000000000600000000000000019010000070000000db6d8fbe35e331769584248e0a47466acaa2b6ae1461287cc2f32ee85ff6e98ffcae909f8434f54f4b228e71474b9e9e69d6ba0af5cf5b600a4e2"], 0x4d8}, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x2) 2.400009661s ago: executing program 2 (id=404): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x4, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000708000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0xa, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) lsetxattr$system_posix_acl(0x0, &(0x7f0000000440)='system.posix_acl_access\x00', 0x0, 0x9, 0x1) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$setregs(0xd, r3, 0x0, &(0x7f00000003c0)) write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, {0x0, 0x0, &(0x7f00000001c0)=""/217, 0x2, 0x2}}, 0x48) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x40050}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r7, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0) r9 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000000)) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r8, {}, {0x300}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0) ptrace$cont(0x9, r3, 0x10000, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r11 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r11, 0x5423, 0x0) 1.627777221s ago: executing program 3 (id=405): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1, 0xd0) mknodat$null(r0, &(0x7f0000000040)='./file0\x00', 0xc000, 0x103) (async, rerun: 32) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x324140, 0x0) (rerun: 32) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) (async, rerun: 64) r3 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8) (rerun: 64) add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r3) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000240)=@generic={&(0x7f0000000200)='\x00', r2}, 0x18) (async) close_range(r2, r1, 0x0) ioctl$AUTOFS_IOC_READY(0xffffffffffffffff, 0x9360, 0x40) (async) syz_open_dev$dri(&(0x7f0000000280), 0x9, 0x200000) (async) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) (async) r4 = accept$nfc_llcp(r2, &(0x7f00000002c0), &(0x7f0000000340)=0x60) listen(r4, 0x6) (async) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18, r1, {0xee01}}, './file0\x00'}) keyctl$get_persistent(0x16, r6, r3) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) (rerun: 64) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000500)={&(0x7f00000003c0), 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x50, 0x0, 0x300, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0xb0, 0xd}}}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_FRAME={0x22, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @from_mac=@broadcast, {0x7, 0x6}, @value=@ver_80211n={0x0, 0x7, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x13, @void}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4040}, 0x4000000) (async) r8 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) write$binfmt_elf32(r8, &(0x7f0000000540)={{0x7f, 0x45, 0x4c, 0x46, 0x10, 0x86, 0x81, 0x81, 0x7, 0x3, 0x3, 0xffffffff, 0x170, 0x38, 0x344, 0x800, 0x8000, 0x20, 0x2, 0xfe00, 0x2b, 0x6}, [{0x4, 0x3, 0x6, 0x2, 0x1, 0x6, 0xc708, 0x7}, {0x7, 0x10, 0x4, 0x6, 0x0, 0x10000, 0x10, 0x5}], "8bc54d836fd7cce755646c76af5140d3defcae911b8a22efa16720c4d80320afc8d60c7d0eeaebb3f6784b4b8e1d66994c5c3bfe7c2923bcbb6220e0442a628a5f1717818ae2ea1c7915574b4b56d39315804e97db52ce63c9cc2c7a019b77e87af7db0a0d3652eb0ce68d2c77be2e96cdce2dc6d1dc72145e5f01be4f26678d36f2fbb8d7481b6a0ff49a", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x903) listen(r5, 0x1ff) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r9, 0x84, 0x1b, &(0x7f0000000e80)={0x0, 0x11, "e8ea29076aa6a9bde347ec9dc44b1a46fa"}, &(0x7f0000000ec0)=0x19) bpf$MAP_CREATE(0x0, &(0x7f0000000f00)=@bloom_filter={0x1e, 0x4, 0x9, 0xab, 0x4, r2, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x2, 0xb, @void, @value, @void, @value}, 0x50) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000fc0)={'vcan0\x00', 0x0}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f00000010c0)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001080)={&(0x7f0000001000)={0x74, 0x0, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @local}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e24}, @FOU_ATTR_IFINDEX={0x8, 0xb, r10}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_TYPE={0x5}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @empty}]}, 0x74}, 0x1, 0x0, 0x0, 0x4040800}, 0x4048050) (async) r11 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000001100), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r11, 0x40a85323, &(0x7f0000001140)={{0x3, 0xd9}, 'port0\x00', 0x2, 0x1000, 0x9, 0x7fff, 0x317, 0x10000, 0x0, 0x0, 0x4, 0x1}) (async) r12 = syz_open_dev$vcsa(&(0x7f0000001200), 0x98, 0xc440) sendmsg$NFULNL_MSG_CONFIG(r12, &(0x7f0000001300)={&(0x7f0000001240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000012c0)={&(0x7f0000001280)={0x24, 0x1, 0x4, 0x202, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x3}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x3}]}, 0x24}}, 0x85) (async) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000001340)) 1.623166525s ago: executing program 1 (id=406): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x3f}, 0x1c) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000280)="5c00000012006bab9e3fe3d86e6c1d000014a10dfe000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4080003000601000004000200110000", 0x5b}, {&(0x7f0000000680)='\'', 0x1}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x1fff) 1.183300747s ago: executing program 3 (id=407): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)=[{0x0}, {&(0x7f0000000280)="fd72c91726872af17284cbbecb2360cff1988314f6cc09c4c07f0b44d9c16a610f294283b780b506b765d798ca8ab5adc7424057689ee5685dc17105c83aa4ed88bbfc7fef38b630105a17b9c6febfaef81e3242f4b460a05490dce8fd165641538fff4d4f46f9e24217a754881ce31e40b204d9126e3103f7aedd9c3194c82a62744ab6"}, {&(0x7f00000000c0)="6eafae9268cbdef2c4610d53e85605490ed6ed506c0b5fbe97b851b9277a5dac0ab88672b8ac5b883cff936f9216ae43f0061ee6421eade3910dc65d94f385486c94"}], 0x100000000000000b, &(0x7f0000000040), 0x4c4dbc2f6118216a}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000017c0)={&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7, @dev={0xfe, 0x80, '\x00', 0x3e}, 0xa, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xd0}, 0x480c4) r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x1a3302, 0x0) capset(&(0x7f0000000740)={0x19980330}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4, 0xfffffffb}) ioctl$PTP_ENABLE_PPS(r1, 0x40043d04, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r2, &(0x7f0000000fc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000000000170100006000000001"], 0x18}, {0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000340)="d99d3a3cee520d82d303fd03118507093fcaa4c57ca817becf25da4b318369ce8e70e043feafe14df4f0aa783bbe386b04ce4a106ccdb4a2edd49505e0def024db432365a6685be1235506175447af719c7c51592784a899acd9ecc7bd22b00e1162ce5be402eef9b9a7c2342153934f84", 0x71}, {&(0x7f0000000d00)="d0e4f6deac7c83bd9a312caf4f84f697c7652969c9ace2178cca04b410872fff4aef5e4de50e4855633979a2e56fd1e31f7a46bb0e2ac9b5cb9bec14ded006d92113b4d5843bd8dc61cf050230247d06c637ad0fabed7f26b2452e1b4cdc52b1d5c28b986bf956489006122d5621a7019450b56088157043fccedf3c5ff0b44a41c723172ef128eb3eb097f0a131723daf31baa881952dfc82cdea1942940c03555eeb1fba42d7371ae0", 0xaa}, {&(0x7f0000000dc0)="b9ad018591748902ddc0c39ca3d78858e26f9458b90188e0d7fdf66402265741b094b15e343f19d058f9423636b04788aa4e7b284b4a2501ad7b32e4db89e617bc0a56b2b2a3044e076b5000812de550d33cec31bb4077a7d499654dd48f6bb38e9d0921c0618cde594d76b4d1f30e619493ce18cbf48b6a91cf39611406503a0380bb0cdd10fbeac8c67934e752ff08612d192e0373bccca9d38dc63c41e4328f7ea6db562db39261e5ba377df1d929607e2664bb6a3fd0982b52cf817b81bd68db148d4949cc3283637819154a219398fd0a1b", 0xd4}, {&(0x7f0000000ec0)="afc65138271cb8c8cd4cde21cdba1602fa772df47dadb3e07c3e9e85e479643fb618514f059d3393dab3a21895caf1ea57317c9c45b73efb153ddd047c5777d26e24723843d1643651f5883c924dcffd541b965ed11fa4d191763a88d550612995e623b3944ea78ae4c3e63cce35ce1d29feb08db7ece4c8b0bb8186ffca71722928529dd46a50bc5531173a9c13083468514cd524863f933afd9e0ad6d6634e61745e2d54a5f6cf5284fa393773ad18e071a823811186a3cc8b5ca83fb577bcd4d68f839be4f66462d6bd121c1dfd2c638fdef4e1598cc6ce36394f8bd235d92f151f7feb632d405e20f8458c8e2433", 0xf0}], 0x4, 0x0, 0x0, 0x44880}, {0x0, 0x0, &(0x7f0000000a00), 0x0, &(0x7f0000000b40), 0x0, 0x20008000}], 0x3, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000001800)="9f46e19e4731adc461ff88741d4c42ba31a1c140bae27459c579290210857f7027573273afedcce0e9381f76252149f09830d4b18236b4f9eaae321256d9c4a0164144883aa60033c0b34b89e8a9f99ea28a7a92018ef24b92130db7cd1e1618422401dcaa8b1c7de7fe7d911a0d008f97e1804a560b5452e66269d036d0663cf2fb949c85155d68f85bfb46ba0aef4af7294e8d06127ec7c96187c995763abfa274777f5c61622eb5f4764f5e488eaef9be1b43340abb5e537c8722b5c3ece2168dfa3e24e68c11acdb8bfccb7b1fadbc2194f08f2aeb8d21940bc9fde89a2f1a97abbef5d5e5ef276ee168d38a28c0be60d19641cf2d6fe1578737d98fa6fd9afe9fd3171b39e2a8007c586baac6b17543ff376993e08b220d622de1fe4213470dad7d6af59d7ce3c9a0e9db4edca13194910446d6f6da1c5dae15e9b039051d5c8e112d76d7e3334279b5d155d541d16f53cce9a29feeba8ca6c3330164df814b4d5ed2ef17e6f0f52a5a5c88e73441e7961733773f51fe3d32b44fb903b77dd82ff22a8645573013b2eb0c42ccf65ebf83852467623674dc73c349744e80d495f6f05d7f96a481b5c82c96d637a553c8f1c97399d94a78e908a88e303af5f144a92438fcb12a893090e5e12168c48fdd128032723860a0c699a0d0fef33861ce6921091bc37e381162e4e277cfa5a27d7550ec7922434e6bd9629c759b0b03dbaefb3371122b26a76f22da01eadc97af04e93e0a2959f0f996384b68a2a1a10f9c05aa4529b96ff6a0909d078b467325d348d74c25cb52eb3b269143e48863475a46c32ac0f3c9afe22319529992149e78806d9b9400ffe056263d15517588b30e9bfe966600ee4201c41075bc9581438b07404648dd5f19f83bdfdcf90f8c735b4604ff5828891eb457d598a99ce85189b129de802f06622608c5d0e3e337a348bd2b259b23eabf665c6c4312f10a4f27f77e50cb29b78e6d954badef7aca55a59c559016c049f67b23b58ec0d1d6728fff308c4f978df201c7b6475e5bbf2379979590da31bc9c0d54aabf49eb61b05b703487e28cdfbfdbf75b1d37721919fdd2b14fa7d838c4ba37ab2a2394ca1e1fe306eecf66a8adc924e6c7e4006992ee28d0ca1bd6357cf662b46b155fc335ff2b3095d34a4e7abf9d793737a6dd1ee4c91ebc3b4c3a34540fb0b904a3e835dd9c16f19aa14b50e7bcb3bf503390b471909ba77e3d007c39c1d004c7c7b888eb772edf22890e5170e2c2538903a32ec1f5fddec22ba60003d489bc7d2aa41d77a21cfbda748638339d080f9ec7f87662b62700c2b3718018f75e9a12b5528b703160cb1455af9083995dd023943c58adf9e79636bb1ee2e9c91e33e13062616cd81494e115fe7baacadcb8463daa0565b98575e37fab3fdd0d09823dbc1a43a99efff7c74f0d305f56c8f9401e8158a0b9efca2c6341a8ec71ce93c28a3b0be3706b8b9a20c1406c4868e51f15d9734357dfb71959973893ab464e8b73de7c12209b082bbc9ccf1cc760a8a3772e2d570847f4130b5cb05fa11449dcd924536ed14240008ab71496f0844cc4077e9630110d281dc048ba73c1bd9e9be8e3959daf9ac5006f3796b4842a73a668d6558d95bd58989180aee20dea4e9afc297777984222a91517e12694176d44e171ff643bccdceea324685c4cf0a2a1b36570f7d052bc00c293c8a6560db00f9a6960276ec7c7cc0398b155940f1966a5d8c75fee402f7395d5171dc9a517426ea3bda771d86dbd6a33b2d3806386542e8e33b78e9805a5eae1d148a2deed6575606200d5c49a1bb10f748ccc9adbea4a6da8501f09baf3e3f2af3d381fbd0d8de0e0a83901814be3163d6422d728b7f687687274e32e4ea64b98004af3a4aa4b975813a8b17639e758a923c787a9930527899d8b902980f3cb37a7bbbe4cbbf6f322252021ea19384e724b411ba8e08f269e7a36ffdd8fc56e12df5989a19f057ad1bd6d7ab69c36eb2df869f03fd2699ed580be2b90a3e70c3f4c5b4521f4771b0e4096547d6ee4496bf1d74e1c102d164e9b7a2d667e39f40c24100b41d63267d7009377d1fa003ecc8a765ad477c82254d8554dea51da54099417e7991d0ad499bd5ccc035b1995d8eba6862341e78b1b5fc36cb2e243a26750dc8f014e4da5f1eade8f5bb9176bfac9a73df0a2b801d09361a0d8f0cb42930ee99cbd7026a21ba237b5407612c5dc795c6b01ed6fee4cb9bccee296495fc10841da1d6561fbec22f8e9c7adfae628a50acc3061c48e40f712a078c64718b800ecc0c7c7155ec7438d56bc8dc29cb8a9754e81d7f602d79390abbb0adb79bbbbb4263bbdba0269f559ed193626fe02be25a814147e818df15975a572380507f5591193b60096f6dec8b23f9cff976ce161a421fb19cb8adf83d6540726f8df5c752313238fc4475fa8a34a27c7f467cee1aea72ab9c705879a5878403197f351b4e9003d4e1db0ea95aee67bd18937167e66819646814b32ff7f761873fbbc6d0313ca05b3e6ef572ca05b5607acffb3417e31b5b4bd9cc23c9b901d4cdf1150d7574c8b0b19283e5b286cdb897c97271e03036349ee0209e36729d54c29e3a51f73ae6f912c95bd91298b4dcafc32426bc72f4cf495b27abbfe8eb18fcb2fcb84f732a6c1278f15bbadbb2ad5bba4849bc8aa1135bdaee74c4849a07f71daf0c8335b0fb7d7aa109412f79e2018dddd93dcde31442375ded8883cbf81befe4cb1ca5260abd69535a3cfaf8dcbe228cf7c03a599de8a33816ff1333367363f27a0ad6018ee3bf1ab006df08d56994420771d04a2492d3e7d5f86321096dad3c157824eaca48a85720150f4ae2b5f905c41f4bc6adb249e6f162551cd8811d6935ca05af9b154c1e1867ded5a61dfec93bb1f24f81b02816a84921f954a13d00fbf8354631c8bbd2f3a0d95915c196a88abaccf15ae60f17e8c467947309210af0fb7200d37e3ab5fd6e6c2426b2415892b42b595fbad8c592a440bcfef314c0ed26d167cf1e67f910a16b7a61c8a95d6087499eba791bbf0b6939d866c69ca8e215939d1b45060e59d8cbe5c665ceb365cc921cbfd039166de76a941fde2201eb8b1423f2d30456dc79f3536a5aa640818e22c16eeeccda7d51b95f6a584e3148f43cbbaf7a6cdc0d72c7ff5cf1fdfb4762284571ac6cf8156bc77cb061254f847b2dabea4b322976b78bc590e9898f9696c97cc2e317cdee8a6c32db33354ea6ed5abbd00d203662256c15064f5f337387d9b74c43c3445b8db851453403b61b6ce42b3bc62622a0dcebae68ab2e1b2bd66ad0d2b21135887b24dc7284f6a1f72ace91e335f4b862c73c24bd168a98f15914d668e8315abde4dfe363d2891189cf648687beb04b8f9869b127ceee48d8d0322cb3a8da8bb2d9a3404852eda6d2d5500a504cfd01719226f27030490e89125bc82bfb65a434cc6620b8549010aa90a38b2f893c023906ac3733d30248ce6e8fd37d4e0ab006b5651c502d576e8ff4b88ed3d7e02895591456bb249087edd3a540078a58d1a0921cdff67a910a7e8d2313b2fc4d663944e5a98e4e4f0e8d525e31fe21991fb1fa8383e170ce449c4bbcc43a3c3671fae98348e10dc02d0ed146e89483353725855892987a41d93e598958ab0b6e735b2a969dcad9761b27fbb708ce0fbe0c1b03fde50c05d7339350c135198b09414a97c617927b9acac132f16c542d2ce62ac7d404a5ca7fb052f708affbb50649c29cca8601529bb4d38c1ee636bfd55884b181be6264dfea410e1673f56f8bce2c9c32b901df0b78519fd6bae06f54d5c5d936aa0b913b3a0a0b132f3656b1531290f08ce2f9bd22d4d5ea0345f84eceb679c3ab3a5893ff7f9fd65ee1d5372b51723fc6e4f98ab7f5d9936307ff96eb81df317b2d47cd82ad7160b0951d88b2ba7c87d335b52df6c71099d2f3fc02ab5d93d8f587b0402a9991865114f2887599a55dedee97c15fd2bf0d1ba30716b3c3a438ed912f3f09213b8cf662f15f42b9fd74b5949665893b669f0af507f383ef12a746fee028fa8655a7a154003924b3a6c98ede85857dca5ccd94183148e7dbb6daa14ad7ba31a81beec16974538f0b86ecea5404fde3383cae44f3bef951d77aee0fba1518b721b7b74abc6cd27625706ffa59807ffbc0abdef92606a514495178b54df880f2931021b9f0d517c7ad01fde3b0863a2c931ed18c1767a16f47e284646f6c1b36f2395c71c1f643de67103afb6a28a17ccfa1cc89f7cc60f9f504b27829c2905d9d45d3e3b004f1087db8c1a1bb66565694f9398cbc0ab1bd8f10ad3037d5c5d8977aabb95c200e3bb1f9db1cc88a091e991964f3af1fb29f2b0eb1ae1b35f641548b4de0f3832fac0ce80af41231b72cecd68b9470cbc30fd4d6cd6b202590e4165e8a51f7427e2cc8c4cc25953dfea65ce48795c2ed2feb2f473abb0facda11c9771107c05ea333c15effbbaf0af4c912ff0473449ebb89145419855495de3c4cc18559505222548c7e08a8e9202040b2e8c0755a6a68ed7a23656bf030c4135c81d0f8743f57efac1f690b20e8b35225847c75d71dcb329f7106a3ae20368d239bcedd412db173fc026895c70b20feb3012f8321974ec89ff8de9d503a02e28ae625c1f9739a8d9637cdc457353af1ed6400c44304eac6d1a452cd32e6a05051b8287fe36d6dc45e8fad8039e508aaae817de1b1aafeb4b5759515656c7978be6f7856d8e63b14016ad5a6a795edfc1ae7fe45d09a7eb17b3e63283befb454ae4d8720a2097e7d8c6cba03105e2c6804a0218e4e09fdcbc0a1ba43d5e5688847d3359c984b62b9908d251942d0fcacd0c692c40ed70276e80a4c90eaee1426049fe56764a3e165868919ae1bca2f1992dbcc8a6143d6016723c50799021aa6965a8a1485839f2c9443b233f185be9e602a15f939bd2723a676c0a3d2db1a6b7e1455e5fa3aacd6b98c6b6aa8ac137eb9d1e0b28c4a8f88eeea1212aadfb252a66a5bebfff41d7438ffe3382dd035c38e69df5bc89e87e3ef0eed1bbce827de121f1df1a96adc87c8df9803437d13336f33444fd794dca5a6e2e40cfc552c0ad3faf33fe7f57955c4e0610f3e16e9392a7ae9601339e03018c3d2ff6947f38b31fedbae5ad192fc7a3cd01e8e8236495dd7da432b53c70d9e299ce1d8e626b3d2a0698dae4c45afb5abce82ddeef3f1a1acd6e4bc4ada8db8523b405f491241281eb796573e730f5ee2fe5ec2a21af0fc8034563337b3c64c43f439d3bcae35782d3dc3dcdf70aed623595a4587b8679b2df04d01a57ece63cf0eb1d0cba778157121e647dcf0e872a6327fbed7a43d5a7287aa84a5c3b12ad301bff086d850304f2b3114be9f1c06f792fb32cb10653b66efa65668e19797ae6be378e1e382556f52538b208e3403481a0df4703a5d629e94f50f64ad6c08df73463389fa46df2e00856d8908d8a81f78ab082d43ef1c037e24d736ce094e938dc14940f9642f403cd2e3bdc77667e6883a24a439e0ef42c32eb335a874a0dd0a13053ee288017657bdb08928158d3bb9c6d6d180c54550922b28ad00fb255ab133ff4757a2611a03afcaf75edbe88df8d2d64d453d3926648830c5effe4db20b3a3e7706b94e83b0d66fa1b53022f6471497f014b2e5a9ab7bcdca9b315090773f3fbe10004ac0ca9888645f0f4b98e85192dd68884ea83530bd4a53d8f2bf372d5dc30da8cd3fe9fc4e661b4a4a44712d7a2f907b3c0cd98c84fab0063fcc0f2c0d5d71b6cfb58b6539e", 0x1000) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_genetlink_get_family_id$ethtool(0x0, r2) r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000003c0), 0x100, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000480)={'ip6_vti0\x00', &(0x7f00000006c0)={'syztnl1\x00', 0x0, 0x2f, 0x80, 0x8, 0x6, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, 0x40, 0x717, 0x2, 0x6}}) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=r3, @ANYBLOB="08000000000000000000000000000000000000003419febcdda9e15b1b21d4272f5a", @ANYRES32=0x0, @ANYRES32=r3, @ANYBLOB="040000000200"/28], 0x50) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000540)={@map=r5, 0x24, 0x0, 0x4000f4e, &(0x7f0000000440)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000580)=[0x0, 0x0], &(0x7f0000000740)=[0x0, 0x0], &(0x7f00000007c0)=[0x0], 0x0}, 0x40) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYRESOCT=r7, @ANYRES16=r4], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0xffffffffffffffff, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e300000000000000000000000080003000000000014000600ff"], 0x58}}, 0x0) sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000ac0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="1c013600", @ANYRES16=0x0, @ANYBLOB="100125bd7000fcdbdf2501000000080006000e00000008000500080000001800018008000b00736970000a0006006c626c637200000008000400020000000800060008000000480001800600020004000000060004004e230000090006006c626c6300000000060002003a00000008000b007369700008000b007369700008000800ffffffff080008000100000008000600010000002c000280060002004e20000008000400010000000800060001000000060002004e24000008000600000000002400028006000f000a00000006000e004e20000005000d0001000000060002004e2000003000028005000d000100000006000f0080000000060002004e22000014000100fc020000000000000000000000000001"], 0x11c}}, 0x8004) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000640)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000600)='\x01', 0x0}, 0x30) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000680)=ANY=[@ANYRES32=r8, @ANYRES32=r3, @ANYBLOB="1215c5b4bfe3e9fcee48af67ee1bfbcf25000052ffbe6e20", @ANYRES32=r11, @ANYRES64=r7], 0x20) syz_open_dev$tty1(0xc, 0x4, 0x4) syz_usb_connect(0x0, 0x24, &(0x7f00000008c0)=ANY=[@ANYRES32=r3, @ANYRESHEX=r10, @ANYRESDEC=r5, @ANYRESDEC=r9, @ANYRES8=r6, @ANYRES64=r7], 0x0) 1.020297671s ago: executing program 0 (id=408): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)={0x68, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2d, 0xe, {{{}, {}, @broadcast, @device_a, @random="13610680c4c9"}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @val={0x25, 0x3, {0x1, 0x30, 0xfc}}, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_FTM_RESPONDER={0x4}]]}, 0x68}}, 0x0) 924.110458ms ago: executing program 4 (id=409): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)={0x68, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2d, 0xe, {{{}, {}, @broadcast, @device_a, @random="13610680c4c9"}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @val={0x25, 0x3, {0x1, 0x30, 0xfc}}, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @beacon=[@NL80211_ATTR_FTM_RESPONDER={0x4}]]}, 0x68}}, 0x0) (fail_nth: 1) 721.39855ms ago: executing program 4 (id=410): prlimit64(0x0, 0xe, 0x0, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) syz_open_dev$sndctrl(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002000000fe8000000000000000000000000000000000000004"], 0x254}}, 0x20000000) (fail_nth: 2) 624.662503ms ago: executing program 0 (id=411): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x200000000000a, &(0x7f0000000000)="ea00005c00000000", 0x1) setsockopt$inet_opts(r0, 0x0, 0x200000000000b, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r2, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) socket$inet(0x2, 0x2, 0x0) (async) setsockopt$inet_opts(r0, 0x0, 0x200000000000a, &(0x7f0000000000)="ea00005c00000000", 0x1) (async) setsockopt$inet_opts(r0, 0x0, 0x200000000000b, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) (async) sched_setaffinity(0x0, 0x0, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) (async) syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') (async) pread64(r2, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) (async) 492.255341ms ago: executing program 0 (id=412): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) pselect6(0x40, &(0x7f0000000240)={0x0, 0x73, 0x3, 0x8, 0x2, 0xb}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x0, 0x9, 0x466}, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 171.369572ms ago: executing program 1 (id=413): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x30, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="24000000190001000000000000c3b2000a0000000003c8000000000008000600ffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793f10d10501200002000000010902120001000000000904"], 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0) read$rfkill(r0, &(0x7f0000000040), 0x8) r1 = syz_open_procfs(0x0, &(0x7f0000000880)='ns\x00') fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000240)=""/241, 0xf1) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = dup3(r3, r4, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, 0x0, 0x10) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r6, 0x0, 0x0) 11.789389ms ago: executing program 0 (id=414): io_uring_setup(0x191a, &(0x7f0000000000)={0x0, 0x761, 0x10, 0x4, 0x11cb}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00001700000015e7fff30000000400000000003aa4ea3076d6f892eecb1f7af8c2d3d01f1ab5a2d22cebc42e8014d6dcd9095584cacd7d5daded10459394d1f747593c1e0698104f299b30a4b5d08cf48f7f86aa3f9e65203adf5b0419bb2b9713eb38bd565c5fa2b483b85491e8b0a8865ba3ed6f8dcc4f0a2497230155d5bd37723a2969442a3982408b20c565e3ad92f12e05cc0e3046dbdea28af14e9a", @ANYRES32=0x0, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000000b70000000000000095000000000000002b70da2dc623e050499363a36cd79a46cc2aaae31348705a073adda59d821772ca96cb1667a92aa190765ce0280f7aa2f2f82f9fa3be199a0a9ea1c3f9a2adabcc41fa086ea949f27f393d982ff15e681ae4b3d37b98b35e4c1002c607908f314592661fd295d21c4cda641dc5b2ef663176123d21efe058caf50fa89e2067683035bdd98657aa7a0debd9f56cc71e52473788ad5e"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r5, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) r6 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCGL2TPSTATS(r6, 0x80487436, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getsockopt$packet_int(r7, 0x107, 0x3, &(0x7f00000000c0), 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r8, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) r9 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r9, &(0x7f00000006c0)={0x0, 0xffffffffffffff16, 0x0}, 0x44080) sendmsg(r9, &(0x7f0000003680)={0x0, 0x0, &(0x7f0000003140)=[{&(0x7f0000002d80)="0f", 0x1a000}, {0x0, 0x2}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x0) sendmsg$NFNL_MSG_CTHELPER_GET(r8, &(0x7f0000000580)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x28, 0x1, 0x9, 0x301, 0x0, 0x0, {0x3, 0x0, 0x2}, [@NFCTH_TUPLE={0x4}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x400}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x94}]}, 0x28}}, 0x2000) semop(0x0, &(0x7f00000000c0)=[{0x2}], 0x1) 0s ago: executing program 4 (id=415): mount$tmpfs(0x0, 0x0, 0x0, 0x1000000, 0x0) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2a00a9, &(0x7f0000000040)) clock_settime(0x0, &(0x7f0000000180)={0x77359400}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00'}, 0x10) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xc3ff, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848010000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x4058880) kernel console output (not intermixed with test programs): bsys name 'rlimit' [ 65.332833][ T30] audit: type=1400 audit(1749494641.393:65): avc: denied { setattr } for pid=5804 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=821 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 65.356180][ T30] audit: type=1400 audit(1749494641.393:66): avc: denied { create } for pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.392139][ T30] audit: type=1400 audit(1749494641.393:67): avc: denied { write } for pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.412785][ T30] audit: type=1400 audit(1749494641.393:68): avc: denied { read } for pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.433329][ T30] audit: type=1400 audit(1749494641.423:69): avc: denied { mounton } for pid=5804 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 65.450759][ T5806] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 65.458398][ T30] audit: type=1400 audit(1749494641.423:70): avc: denied { mount } for pid=5804 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 65.490127][ T30] audit: type=1400 audit(1749494641.443:71): avc: denied { read } for pid=5486 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 66.385081][ T5804] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.894304][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.901897][ T5824] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.910109][ T5824] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.917695][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.925059][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.932876][ T5831] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.940511][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.944710][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.948186][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.956083][ T5824] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.968903][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.969315][ T5824] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.976678][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.999839][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 69.009790][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 69.015842][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 69.025671][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 69.026494][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.043489][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 69.054326][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 69.056087][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 69.069974][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 69.080701][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 69.092998][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 69.101549][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 69.344130][ T5815] chnl_net:caif_netlink_parms(): no params data found [ 69.506785][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.513907][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.521924][ T5815] bridge_slave_0: entered allmulticast mode [ 69.530447][ T5815] bridge_slave_0: entered promiscuous mode [ 69.575258][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.582942][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.590174][ T5815] bridge_slave_1: entered allmulticast mode [ 69.597103][ T5815] bridge_slave_1: entered promiscuous mode [ 69.619253][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 69.682449][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.708139][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.748310][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 69.767672][ T5814] chnl_net:caif_netlink_parms(): no params data found [ 69.789671][ T5815] team0: Port device team_slave_0 added [ 69.796053][ T5818] chnl_net:caif_netlink_parms(): no params data found [ 69.834631][ T5815] team0: Port device team_slave_1 added [ 69.882094][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.889838][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.897238][ T5816] bridge_slave_0: entered allmulticast mode [ 69.904129][ T5816] bridge_slave_0: entered promiscuous mode [ 69.934919][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.942108][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.949484][ T5816] bridge_slave_1: entered allmulticast mode [ 69.956571][ T5816] bridge_slave_1: entered promiscuous mode [ 69.981332][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.988311][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.014329][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.052607][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.059641][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.086020][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.131243][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.139063][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.146345][ T5814] bridge_slave_0: entered allmulticast mode [ 70.152995][ T5814] bridge_slave_0: entered promiscuous mode [ 70.170670][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.180455][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.187603][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.194697][ T5818] bridge_slave_0: entered allmulticast mode [ 70.201486][ T5818] bridge_slave_0: entered promiscuous mode [ 70.209103][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.217504][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.224613][ T5818] bridge_slave_1: entered allmulticast mode [ 70.231400][ T5818] bridge_slave_1: entered promiscuous mode [ 70.238204][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.245272][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.252651][ T5814] bridge_slave_1: entered allmulticast mode [ 70.260309][ T5814] bridge_slave_1: entered promiscuous mode [ 70.266813][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.273877][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.281287][ T5832] bridge_slave_0: entered allmulticast mode [ 70.288356][ T5832] bridge_slave_0: entered promiscuous mode [ 70.297254][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.321922][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.329094][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.336268][ T5832] bridge_slave_1: entered allmulticast mode [ 70.343584][ T5832] bridge_slave_1: entered promiscuous mode [ 70.390664][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.408584][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.439722][ T5816] team0: Port device team_slave_0 added [ 70.455170][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.466040][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.477327][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.489334][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.499537][ T5816] team0: Port device team_slave_1 added [ 70.509570][ T5815] hsr_slave_0: entered promiscuous mode [ 70.515593][ T5815] hsr_slave_1: entered promiscuous mode [ 70.579576][ T5814] team0: Port device team_slave_0 added [ 70.587794][ T5814] team0: Port device team_slave_1 added [ 70.601470][ T5832] team0: Port device team_slave_0 added [ 70.614899][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.622727][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.648982][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.661969][ T5818] team0: Port device team_slave_0 added [ 70.678286][ T5832] team0: Port device team_slave_1 added [ 70.688995][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.696057][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.722117][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.734240][ T5818] team0: Port device team_slave_1 added [ 70.784623][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.791619][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.817917][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.829304][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.838287][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.865308][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.898257][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.905210][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.932436][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.940283][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.949460][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.961484][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.968456][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.994602][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.020882][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.028967][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.055219][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.077158][ T5828] Bluetooth: hci1: command tx timeout [ 71.077160][ T5825] Bluetooth: hci2: command tx timeout [ 71.077380][ T51] Bluetooth: hci0: command tx timeout [ 71.107828][ T5816] hsr_slave_0: entered promiscuous mode [ 71.114144][ T5816] hsr_slave_1: entered promiscuous mode [ 71.121641][ T5816] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.129667][ T5816] Cannot create hsr debugfs directory [ 71.136473][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.143424][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.156765][ T51] Bluetooth: hci4: command tx timeout [ 71.169801][ T5825] Bluetooth: hci3: command tx timeout [ 71.177795][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.200489][ T5814] hsr_slave_0: entered promiscuous mode [ 71.207888][ T5814] hsr_slave_1: entered promiscuous mode [ 71.213743][ T5814] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.221482][ T5814] Cannot create hsr debugfs directory [ 71.240261][ T5832] hsr_slave_0: entered promiscuous mode [ 71.246586][ T5832] hsr_slave_1: entered promiscuous mode [ 71.252563][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.260679][ T5832] Cannot create hsr debugfs directory [ 71.398799][ T5818] hsr_slave_0: entered promiscuous mode [ 71.404816][ T5818] hsr_slave_1: entered promiscuous mode [ 71.410859][ T5818] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 71.418830][ T5818] Cannot create hsr debugfs directory [ 71.633128][ T5815] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 71.645026][ T5815] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 71.666095][ T5815] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 71.691951][ T5815] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 71.747901][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.762565][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.772272][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.781707][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.879137][ T5814] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 71.888936][ T5814] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 71.908741][ T5814] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 71.928876][ T5814] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 71.989781][ T5816] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 72.000628][ T5816] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 72.020484][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.030383][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.038406][ T5816] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 72.061107][ T5816] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 72.100612][ T5815] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.118347][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.136466][ T5818] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 72.147793][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.154984][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.175298][ T5818] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 72.185384][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.192473][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.203501][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.210578][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.228023][ T5818] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 72.238823][ T1164] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.245931][ T1164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.260339][ T5818] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 72.396906][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 72.396921][ T30] audit: type=1400 audit(1749494648.463:86): avc: denied { sys_module } for pid=5815 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 72.410171][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.515449][ T5814] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.569139][ T3491] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.576305][ T3491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.612286][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.629636][ T3491] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.636759][ T3491] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.658216][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.695614][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.723794][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.754306][ T5814] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 72.765232][ T5814] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.780934][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.788140][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.821036][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.828244][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.897983][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.982751][ T5818] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.052128][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.059359][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.069470][ T5832] veth0_vlan: entered promiscuous mode [ 73.094833][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.101968][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.139767][ T5832] veth1_vlan: entered promiscuous mode [ 73.155139][ T5815] veth0_vlan: entered promiscuous mode [ 73.162258][ T5825] Bluetooth: hci0: command tx timeout [ 73.162279][ T5828] Bluetooth: hci2: command tx timeout [ 73.177882][ T51] Bluetooth: hci1: command tx timeout [ 73.198333][ T5818] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 73.209128][ T5818] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.234187][ T5815] veth1_vlan: entered promiscuous mode [ 73.236511][ T51] Bluetooth: hci4: command tx timeout [ 73.245034][ T5828] Bluetooth: hci3: command tx timeout [ 73.292841][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.322537][ T5815] veth0_macvtap: entered promiscuous mode [ 73.344951][ T5832] veth0_macvtap: entered promiscuous mode [ 73.368775][ T5815] veth1_macvtap: entered promiscuous mode [ 73.384894][ T5832] veth1_macvtap: entered promiscuous mode [ 73.431905][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.469866][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.483525][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.497021][ T5832] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.505865][ T5832] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.514537][ T5832] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.524077][ T5832] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.541575][ T5814] veth0_vlan: entered promiscuous mode [ 73.553994][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.576501][ T5814] veth1_vlan: entered promiscuous mode [ 73.585055][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.597879][ T5815] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.607320][ T5815] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.616395][ T5815] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.625057][ T5815] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.639666][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.747973][ T5816] veth0_vlan: entered promiscuous mode [ 73.772378][ T5814] veth0_macvtap: entered promiscuous mode [ 73.787907][ T5818] veth0_vlan: entered promiscuous mode [ 73.802986][ T5816] veth1_vlan: entered promiscuous mode [ 73.814175][ T5814] veth1_macvtap: entered promiscuous mode [ 73.829768][ T5818] veth1_vlan: entered promiscuous mode [ 73.843661][ T4813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.852027][ T4813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.902769][ T5816] veth0_macvtap: entered promiscuous mode [ 73.911699][ T4813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.923604][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.931739][ T4813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.947695][ T5816] veth1_macvtap: entered promiscuous mode [ 73.962698][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.988925][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.989445][ T5814] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.009601][ T5814] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.018390][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.027870][ T5814] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.036972][ T5814] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.064677][ T30] audit: type=1400 audit(1749494650.123:87): avc: denied { mounton } for pid=5832 comm="syz-executor" path="/root/syzkaller.9QDLpl/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 74.074054][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.089836][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.109654][ T30] audit: type=1400 audit(1749494650.163:88): avc: denied { mount } for pid=5832 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 74.122945][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.132710][ T30] audit: type=1400 audit(1749494650.173:89): avc: denied { mounton } for pid=5832 comm="syz-executor" path="/root/syzkaller.9QDLpl/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 74.173827][ T5818] veth0_macvtap: entered promiscuous mode [ 74.188146][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 74.196827][ T30] audit: type=1400 audit(1749494650.173:90): avc: denied { mount } for pid=5832 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 74.241007][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.254055][ T30] audit: type=1400 audit(1749494650.173:91): avc: denied { mounton } for pid=5832 comm="syz-executor" path="/root/syzkaller.9QDLpl/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 74.255689][ T5818] veth1_macvtap: entered promiscuous mode [ 74.283897][ T30] audit: type=1400 audit(1749494650.173:92): avc: denied { mounton } for pid=5832 comm="syz-executor" path="/root/syzkaller.9QDLpl/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=5099 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 74.316149][ T30] audit: type=1400 audit(1749494650.183:93): avc: denied { unmount } for pid=5832 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 74.336625][ T30] audit: type=1400 audit(1749494650.233:94): avc: denied { mounton } for pid=5832 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2776 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 74.374268][ T5816] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.385083][ T30] audit: type=1400 audit(1749494650.233:95): avc: denied { mount } for pid=5832 comm="syz-executor" name="/" dev="gadgetfs" ino=5100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 74.395910][ T5816] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.432627][ T5816] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.442517][ T5816] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.473947][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.540430][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.572986][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.582609][ T5818] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.594496][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.605416][ T5818] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.611095][ T5939] netlink: 'syz.0.6': attribute type 1 has an invalid length. [ 74.615884][ T5818] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.630736][ T5818] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.781109][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.789449][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.236454][ T51] Bluetooth: hci0: command tx timeout [ 75.246170][ T5828] Bluetooth: hci2: command tx timeout [ 75.252157][ T51] Bluetooth: hci1: command tx timeout [ 75.315981][ T5828] Bluetooth: hci3: command tx timeout [ 75.322874][ T51] Bluetooth: hci4: command tx timeout [ 75.345463][ T3491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.359689][ T3491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.551053][ T5948] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8'. [ 76.090602][ T3491] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.137778][ T3491] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.200306][ T4813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.217560][ T4813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.097912][ T5957] lo speed is unknown, defaulting to 1000 [ 77.100739][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.103846][ T5957] lo speed is unknown, defaulting to 1000 [ 77.122810][ T5957] lo speed is unknown, defaulting to 1000 [ 77.123283][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.137843][ T5957] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 77.151619][ T5957] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 77.182399][ T5957] lo speed is unknown, defaulting to 1000 [ 77.200850][ T5957] lo speed is unknown, defaulting to 1000 [ 77.211412][ T5957] lo speed is unknown, defaulting to 1000 [ 77.242361][ T5957] lo speed is unknown, defaulting to 1000 [ 77.275198][ T5957] lo speed is unknown, defaulting to 1000 [ 77.356443][ T51] Bluetooth: hci1: command tx timeout [ 77.361896][ T51] Bluetooth: hci2: command tx timeout [ 77.363395][ T5828] Bluetooth: hci0: command tx timeout [ 77.395990][ T5828] Bluetooth: hci4: command tx timeout [ 77.401421][ T5828] Bluetooth: hci3: command tx timeout [ 77.721990][ T30] kauditd_printk_skb: 48 callbacks suppressed [ 77.722005][ T30] audit: type=1400 audit(1749494653.783:144): avc: denied { read } for pid=5971 comm="syz.0.12" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 77.774964][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 77.784101][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 77.796156][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 77.979767][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 77.988727][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 78.036682][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 78.082176][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 78.091222][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 78.478747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 78.487832][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 78.491733][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 78.870511][ T30] audit: type=1400 audit(1749494653.783:145): avc: denied { open } for pid=5971 comm="syz.0.12" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 78.915084][ T30] audit: type=1400 audit(1749494654.243:146): avc: denied { create } for pid=5971 comm="syz.0.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 79.286529][ T30] audit: type=1400 audit(1749494654.683:147): avc: denied { ioctl } for pid=5980 comm="syz.4.15" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 80.414317][ T30] audit: type=1400 audit(1749494655.063:148): avc: denied { read } for pid=5977 comm="syz.1.2" name="uinput" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 80.439331][ T30] audit: type=1400 audit(1749494655.063:149): avc: denied { ioctl } for pid=5977 comm="syz.1.2" path="socket:[8243]" dev="sockfs" ino=8243 ioctlcmd=0x89a0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 80.465831][ T30] audit: type=1400 audit(1749494655.083:150): avc: denied { create } for pid=5987 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 80.487619][ T30] audit: type=1400 audit(1749494655.173:151): avc: denied { create } for pid=5987 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 80.507661][ T30] audit: type=1400 audit(1749494655.223:152): avc: denied { setopt } for pid=5987 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 80.566194][ T5821] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 80.690295][ T30] audit: type=1400 audit(1749494655.283:153): avc: denied { setopt } for pid=5987 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 81.210532][ T5998] netlink: 8 bytes leftover after parsing attributes in process `syz.4.18'. [ 81.289581][ T976] cfg80211: failed to load regulatory.db [ 81.500270][ T5998] dummy0: entered promiscuous mode [ 81.629285][ T5821] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11 [ 81.641522][ T5998] dummy0: left promiscuous mode [ 81.684905][ T5821] usb 3-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00 [ 81.695510][ T5821] usb 3-1: New USB device strings: Mfr=0, Product=231, SerialNumber=255 [ 81.704757][ T5821] usb 3-1: Product: syz [ 81.709314][ T5821] usb 3-1: SerialNumber: syz [ 81.732283][ T5821] usb 3-1: config 0 descriptor?? [ 81.897927][ T6007] netlink: 'syz.4.21': attribute type 1 has an invalid length. [ 82.570212][ T6021] FAULT_INJECTION: forcing a failure. [ 82.570212][ T6021] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 82.570312][ T6021] CPU: 1 UID: 0 PID: 6021 Comm: syz.0.25 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 82.570335][ T6021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 82.570345][ T6021] Call Trace: [ 82.570352][ T6021] [ 82.570359][ T6021] dump_stack_lvl+0x16c/0x1f0 [ 82.570389][ T6021] should_fail_ex+0x512/0x640 [ 82.570421][ T6021] _copy_from_user+0x2e/0xd0 [ 82.570447][ T6021] copy_from_sockptr_offset+0x13f/0x180 [ 82.570474][ T6021] ? __pfx_copy_from_sockptr_offset+0x10/0x10 [ 82.570507][ T6021] ipv6_flowlabel_opt+0x109/0x2f90 [ 82.570539][ T6021] ? __pfx_ipv6_flowlabel_opt+0x10/0x10 [ 82.570565][ T6021] ? preempt_schedule_thunk+0x16/0x30 [ 82.570589][ T6021] ? preempt_schedule_common+0x44/0xc0 [ 82.570614][ T6021] ? preempt_schedule_thunk+0x16/0x30 [ 82.570641][ T6021] ? do_ipv6_setsockopt+0xff4/0x4400 [ 82.570660][ T6021] do_ipv6_setsockopt+0xff4/0x4400 [ 82.570685][ T6021] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 82.570705][ T6021] ? avc_has_perm_noaudit+0x117/0x3b0 [ 82.570733][ T6021] ? __pfx___schedule+0x10/0x10 [ 82.570755][ T6021] ? lockdep_hardirqs_on+0x7c/0x110 [ 82.570787][ T6021] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 82.570809][ T6021] ? rcu_is_watching+0x12/0xc0 [ 82.570830][ T6021] ? irqentry_exit+0x3b/0x90 [ 82.570853][ T6021] ? selinux_netlbl_socket_setsockopt+0x183/0x470 [ 82.570878][ T6021] ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10 [ 82.570909][ T6021] ? ipv6_setsockopt+0xcb/0x170 [ 82.570927][ T6021] ipv6_setsockopt+0xcb/0x170 [ 82.570949][ T6021] udpv6_setsockopt+0x7d/0xd0 [ 82.570975][ T6021] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 82.570995][ T6021] do_sock_setsockopt+0x224/0x470 [ 82.571014][ T6021] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 82.571047][ T6021] __sys_setsockopt+0x1a0/0x230 [ 82.571076][ T6021] __x64_sys_setsockopt+0xbd/0x160 [ 82.571099][ T6021] ? __x64_sys_setsockopt+0x4/0x160 [ 82.571123][ T6021] do_syscall_64+0xcd/0x4c0 [ 82.571151][ T6021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.571169][ T6021] RIP: 0033:0x7f8e29d8e929 [ 82.571183][ T6021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.571199][ T6021] RSP: 002b:00007f8e2ab2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 82.571216][ T6021] RAX: ffffffffffffffda RBX: 00007f8e29fb6080 RCX: 00007f8e29d8e929 [ 82.571227][ T6021] RDX: 0000000000000020 RSI: 0000000000000029 RDI: 0000000000000009 [ 82.571237][ T6021] RBP: 00007f8e2ab2c090 R08: 0000000000000021 R09: 0000000000000000 [ 82.571253][ T6021] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 82.571263][ T6021] R13: 0000000000000000 R14: 00007f8e29fb6080 R15: 00007ffc30590148 [ 82.571287][ T6021] [ 83.405861][ T6022] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 83.421384][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 83.421398][ T30] audit: type=1400 audit(1749494659.493:160): avc: denied { ioctl } for pid=5987 comm="syz.2.16" path="socket:[8277]" dev="sockfs" ino=8277 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 83.473133][ T5821] usbhid 3-1:0.0: can't add hid device: -71 [ 83.473247][ T5821] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 83.477289][ T5821] usb 3-1: USB disconnect, device number 2 [ 83.525885][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 83.825287][ T6024] netlink: 8 bytes leftover after parsing attributes in process `syz.1.27'. [ 83.835959][ T30] audit: type=1400 audit(1749494659.883:161): avc: denied { ioctl } for pid=6023 comm="syz.1.27" path="socket:[7718]" dev="sockfs" ino=7718 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 83.981237][ T30] audit: type=1400 audit(1749494660.043:162): avc: denied { create } for pid=6027 comm="syz.1.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 84.050959][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 84.194603][ T30] audit: type=1400 audit(1749494660.103:163): avc: denied { connect } for pid=6027 comm="syz.1.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 84.410890][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 84.440113][ T30] audit: type=1400 audit(1749494660.103:164): avc: denied { getopt } for pid=6027 comm="syz.1.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 84.459426][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 84.462457][ T9] usb 4-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 84.509053][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.536625][ T9] usb 4-1: Product: syz [ 84.552418][ T30] audit: type=1400 audit(1749494660.543:165): avc: denied { ioctl } for pid=6029 comm="syz.4.29" path="socket:[7742]" dev="sockfs" ino=7742 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 84.586563][ T9] usb 4-1: Manufacturer: syz [ 84.591190][ T9] usb 4-1: SerialNumber: syz [ 84.637586][ T6038] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=6038 comm=syz.2.33 [ 84.641066][ T9] usb 4-1: config 0 descriptor?? [ 84.650586][ T30] audit: type=1400 audit(1749494660.543:166): avc: denied { create } for pid=6031 comm="syz.2.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 84.669173][ T9] usb 4-1: no audio or video endpoints found [ 84.758039][ T30] audit: type=1400 audit(1749494660.543:167): avc: denied { setopt } for pid=6031 comm="syz.2.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 84.825899][ T30] audit: type=1400 audit(1749494660.643:168): avc: denied { bind } for pid=6034 comm="syz.1.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 84.889299][ T30] audit: type=1400 audit(1749494660.643:169): avc: denied { create } for pid=6034 comm="syz.1.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 84.960183][ T6011] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 85.127555][ T5821] usb 4-1: USB disconnect, device number 2 [ 86.794757][ T6070] ip6erspan0: entered allmulticast mode [ 87.426912][ T6076] netlink: 28 bytes leftover after parsing attributes in process `syz.1.41'. [ 87.724498][ T6074] netlink: 300 bytes leftover after parsing attributes in process `syz.3.43'. [ 87.788751][ T6081] Bluetooth: MGMT ver 1.23 [ 88.876447][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 88.876463][ T30] audit: type=1400 audit(1749494664.943:192): avc: denied { create } for pid=6097 comm="syz.4.48" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 88.994798][ T30] audit: type=1400 audit(1749494665.013:193): avc: denied { create } for pid=6097 comm="syz.4.48" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 89.021497][ T5828] Bluetooth: hci2: unexpected event 0x01 length: 4 > 1 [ 89.021886][ T30] audit: type=1400 audit(1749494665.013:194): avc: denied { setopt } for pid=6097 comm="syz.4.48" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 89.067545][ T30] audit: type=1400 audit(1749494665.013:195): avc: denied { bind } for pid=6097 comm="syz.4.48" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 89.163807][ T6107] syzkaller1: entered promiscuous mode [ 89.169350][ T30] audit: type=1400 audit(1749494665.033:196): avc: denied { read write } for pid=6099 comm="syz.0.38" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 89.169392][ T30] audit: type=1400 audit(1749494665.033:197): avc: denied { open } for pid=6099 comm="syz.0.38" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 89.169429][ T30] audit: type=1400 audit(1749494665.053:198): avc: denied { add_name } for pid=6061 comm="dhcpcd-run-hook" name="resolv.conf.cfttyS3.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 89.169466][ T30] audit: type=1400 audit(1749494665.053:199): avc: denied { read write } for pid=6102 comm="syz.3.49" name="rdma_cm" dev="devtmpfs" ino=1272 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 89.169504][ T30] audit: type=1400 audit(1749494665.053:200): avc: denied { create } for pid=6061 comm="dhcpcd-run-hook" name="resolv.conf.cfttyS3.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 89.169541][ T30] audit: type=1400 audit(1749494665.053:201): avc: denied { open } for pid=6102 comm="syz.3.49" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1272 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 89.226777][ T6107] syzkaller1: entered allmulticast mode [ 89.315836][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 89.657989][ T6120] netlink: 28 bytes leftover after parsing attributes in process `syz.3.52'. [ 90.047200][ T9] usb 1-1: config 0 has an invalid interface number: 18 but max is 0 [ 90.055319][ T9] usb 1-1: config 0 has no interface number 0 [ 90.065174][ T9] usb 1-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=16.e3 [ 90.075695][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.090437][ T9] usb 1-1: Product: syz [ 90.094624][ T9] usb 1-1: Manufacturer: syz [ 90.121633][ T9] usb 1-1: SerialNumber: syz [ 90.127934][ T6123] capability: warning: `syz.2.53' uses deprecated v2 capabilities in a way that may be insecure [ 90.139583][ T9] usb 1-1: config 0 descriptor?? [ 90.239496][ T6123] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 90.256925][ T9] comedi comedi0: Wrong number of endpoints [ 90.262966][ T9] dt9812 1-1:0.18: driver 'dt9812' failed to auto-configure device. [ 90.363905][ T6100] netlink: 'syz.0.38': attribute type 1 has an invalid length. [ 90.405994][ T6100] netlink: 224 bytes leftover after parsing attributes in process `syz.0.38'. [ 90.433809][ T5898] usb 1-1: USB disconnect, device number 2 [ 90.451259][ T6134] netlink: 20 bytes leftover after parsing attributes in process `syz.3.55'. [ 91.173831][ T6148] kvm: emulating exchange as write [ 91.180260][ T6131] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 93.013489][ T5828] Bluetooth: hci0: command 0x0c20 tx timeout [ 93.330441][ T6161] infiniband syz!: set active [ 93.335181][ T6161] infiniband syz!: added team_slave_0 [ 93.341796][ T6161] syz!: rxe_create_cq: returned err = -12 [ 93.355938][ T6161] infiniband syz!: Couldn't create ib_mad CQ [ 93.361993][ T6161] infiniband syz!: Couldn't open port 1 [ 93.392764][ T6161] RDS/IB: syz!: added [ 93.397032][ T6161] smc: adding ib device syz! with port count 1 [ 93.403248][ T6161] smc: ib device syz! port 1 has pnetid [ 93.897608][ T6157] bridge_slave_0: left allmulticast mode [ 93.903322][ T6157] bridge_slave_0: left promiscuous mode [ 93.922319][ T6157] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.974073][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 93.974087][ T30] audit: type=1400 audit(1749494670.033:218): avc: denied { watch watch_with_perm watch_reads } for pid=6168 comm="syz.0.63" path="/13/bus" dev="tmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 94.029279][ T30] audit: type=1400 audit(1749494670.053:219): avc: denied { map } for pid=6168 comm="syz.0.63" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 94.055294][ T6157] bridge_slave_1: left allmulticast mode [ 94.055463][ T6175] netlink: 'syz.3.61': attribute type 10 has an invalid length. [ 94.071068][ T6157] bridge_slave_1: left promiscuous mode [ 94.246041][ T6157] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.367937][ T30] audit: type=1400 audit(1749494670.053:220): avc: denied { execute } for pid=6168 comm="syz.0.63" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 94.403645][ T30] audit: type=1400 audit(1749494670.313:221): avc: denied { ioctl } for pid=6168 comm="syz.0.63" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 94.459554][ T6183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.66'. [ 94.470259][ T6183] netlink: 12 bytes leftover after parsing attributes in process `syz.1.66'. [ 94.481621][ T6184] netlink: 4 bytes leftover after parsing attributes in process `syz.3.61'. [ 94.507598][ T6157] bond0: (slave bond_slave_0): Releasing backup interface [ 94.524066][ T6157] bond0: (slave bond_slave_1): Releasing backup interface [ 94.587731][ T6157] team0: Port device team_slave_0 removed [ 94.625255][ T6157] team0: Port device team_slave_1 removed [ 94.632512][ T6157] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 94.640540][ T6157] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 94.649292][ T6157] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 94.657047][ T6157] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 94.696262][ T6171] team0: Mode changed to "loadbalance" [ 94.725638][ T6175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.732625][ T5849] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 94.752238][ T6175] team0: Port device bond0 added [ 94.956785][ T5849] usb 1-1: device descriptor read/64, error -71 [ 95.413283][ T30] audit: type=1400 audit(1749494671.073:222): avc: denied { name_bind } for pid=6187 comm="syz.4.67" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 95.455230][ T30] audit: type=1400 audit(1749494671.073:223): avc: denied { node_bind } for pid=6187 comm="syz.4.67" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 95.476470][ T5849] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 95.855947][ T5849] usb 1-1: device descriptor read/64, error -71 [ 96.211771][ T5849] usb usb1-port1: attempt power cycle [ 96.217260][ T30] audit: type=1400 audit(1749494671.073:224): avc: denied { ioctl } for pid=6187 comm="syz.4.67" path="socket:[8737]" dev="sockfs" ino=8737 ioctlcmd=0x7436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 96.243485][ T30] audit: type=1400 audit(1749494671.123:225): avc: denied { create } for pid=6187 comm="syz.4.67" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 96.262914][ T30] audit: type=1400 audit(1749494671.133:226): avc: denied { write } for pid=6187 comm="syz.4.67" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 96.282299][ T30] audit: type=1400 audit(1749494671.543:227): avc: denied { setopt } for pid=6190 comm="syz.1.68" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 96.473774][ T6201] Zero length message leads to an empty skb [ 96.619233][ T5849] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 97.014873][ T6184] team0 (unregistering): Port device bond0 removed [ 97.212757][ T5849] usb 1-1: device not accepting address 5, error -71 [ 97.562680][ T6205] geneve2: entered promiscuous mode [ 97.568093][ T6205] geneve2: entered allmulticast mode [ 97.582676][ T6198] veth0_to_batadv: entered promiscuous mode [ 97.610232][ T6198] veth0_to_batadv: entered allmulticast mode [ 102.521687][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 102.521702][ T30] audit: type=1400 audit(1749494678.583:237): avc: denied { read } for pid=6250 comm="syz.0.84" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 102.725472][ T30] audit: type=1400 audit(1749494678.613:238): avc: denied { open } for pid=6250 comm="syz.0.84" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 102.784709][ T30] audit: type=1400 audit(1749494678.693:239): avc: denied { ioctl } for pid=6250 comm="syz.0.84" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 103.240062][ T30] audit: type=1400 audit(1749494678.703:240): avc: denied { set_context_mgr } for pid=6250 comm="syz.0.84" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 103.261987][ T6253] binder: BINDER_SET_CONTEXT_MGR already set [ 103.268126][ T6253] binder: 6250:6253 ioctl 4018620d 200000000040 returned -16 [ 103.338270][ T6261] netlink: 'syz.0.84': attribute type 11 has an invalid length. [ 103.383615][ T30] audit: type=1400 audit(1749494679.323:241): avc: denied { write } for pid=6250 comm="syz.0.84" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 103.408316][ T6273] netlink: zone id is out of range [ 103.438279][ T6273] netlink: zone id is out of range [ 103.766209][ T6273] netlink: zone id is out of range [ 103.773268][ T30] audit: type=1400 audit(1749494679.323:242): avc: denied { map } for pid=6250 comm="syz.0.84" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 103.825190][ T6273] netlink: zone id is out of range [ 103.840841][ T6273] netlink: zone id is out of range [ 103.935938][ T6273] netlink: zone id is out of range [ 103.941306][ T6273] netlink: zone id is out of range [ 103.947960][ T6273] netlink: zone id is out of range [ 103.974446][ T6273] netlink: zone id is out of range [ 104.251704][ T6273] netlink: set zone limit has 4 unknown bytes [ 104.267721][ T30] audit: type=1400 audit(1749494680.173:243): avc: denied { listen } for pid=6281 comm="syz.2.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 104.922676][ T30] audit: type=1400 audit(1749494680.183:244): avc: denied { connect } for pid=6281 comm="syz.2.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 104.945010][ T30] audit: type=1400 audit(1749494680.233:245): avc: denied { accept } for pid=6281 comm="syz.2.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 108.636011][ T30] audit: type=1400 audit(1749494683.773:246): avc: denied { bind } for pid=6324 comm="syz.1.96" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 108.678469][ T6323] overlayfs: statfs failed on './file0' [ 109.014276][ T30] audit: type=1400 audit(1749494683.773:247): avc: denied { name_bind } for pid=6324 comm="syz.1.96" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 109.078149][ T6323] Bluetooth: MGMT ver 1.23 [ 109.106031][ T30] audit: type=1400 audit(1749494683.773:248): avc: denied { node_bind } for pid=6324 comm="syz.1.96" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 109.202255][ T30] audit: type=1400 audit(1749494683.783:249): avc: denied { write } for pid=6324 comm="syz.1.96" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 109.579539][ T30] audit: type=1400 audit(1749494683.783:250): avc: denied { connect } for pid=6324 comm="syz.1.96" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 109.903145][ T30] audit: type=1400 audit(1749494683.783:251): avc: denied { name_connect } for pid=6324 comm="syz.1.96" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 109.967484][ T30] audit: type=1400 audit(1749494684.723:252): avc: denied { unlink } for pid=6322 comm="syz.2.95" name="#1" dev="tmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 110.035842][ T30] audit: type=1400 audit(1749494684.723:253): avc: denied { getattr } for pid=6322 comm="syz.2.95" name="/" dev="9p" ino=17889801302421081418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 110.060533][ T6350] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.095301][ T6350] syz.1.102 uses obsolete (PF_INET,SOCK_PACKET) [ 110.171831][ T30] audit: type=1400 audit(1749494685.393:254): avc: denied { unmount } for pid=5814 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 110.407836][ T5821] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 110.608751][ T976] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 110.646088][ T5821] usb 2-1: Using ep0 maxpacket: 16 [ 110.655969][ T5821] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 110.707387][ T5821] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 110.721947][ T5898] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 110.736677][ T5821] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.744698][ T5821] usb 2-1: Product: syz [ 110.762835][ T5821] usb 2-1: Manufacturer: syz [ 110.767544][ T5821] usb 2-1: SerialNumber: syz [ 110.775821][ T976] usb 5-1: device descriptor read/64, error -71 [ 110.780962][ T5821] usb 2-1: config 0 descriptor?? [ 110.806870][ T5821] asix 2-1:0.0: probe with driver asix failed with error -22 [ 110.886363][ T5898] usb 1-1: device descriptor read/64, error -71 [ 111.039759][ T976] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 111.109113][ T5849] usb 2-1: USB disconnect, device number 2 [ 111.196152][ T976] usb 5-1: device descriptor read/64, error -71 [ 111.206023][ T5898] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 111.307064][ T976] usb usb5-port1: attempt power cycle [ 111.355913][ T5898] usb 1-1: device descriptor read/64, error -71 [ 111.493375][ T5898] usb usb1-port1: attempt power cycle [ 111.879075][ T5898] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 112.030941][ T5898] usb 1-1: device descriptor read/8, error -71 [ 112.160267][ T976] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 112.209449][ T976] usb 5-1: device descriptor read/8, error -71 [ 112.257888][ T6390] FAULT_INJECTION: forcing a failure. [ 112.257888][ T6390] name failslab, interval 1, probability 0, space 0, times 0 [ 112.270732][ T6390] CPU: 0 UID: 0 PID: 6390 Comm: syz.1.109 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 112.270754][ T6390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.270763][ T6390] Call Trace: [ 112.270769][ T6390] [ 112.270775][ T6390] dump_stack_lvl+0x16c/0x1f0 [ 112.270806][ T6390] should_fail_ex+0x512/0x640 [ 112.270832][ T6390] should_failslab+0xc2/0x120 [ 112.270857][ T6390] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 112.270882][ T6390] ? rcu_is_watching+0x12/0xc0 [ 112.270903][ T6390] ? nf_ct_ext_add+0x1a7/0x420 [ 112.270927][ T6390] krealloc_noprof+0x1fc/0x370 [ 112.270953][ T6390] nf_ct_ext_add+0x1a7/0x420 [ 112.270981][ T6390] init_conntrack.constprop.0+0x5af/0x1080 [ 112.271002][ T6390] ? __pfx_init_conntrack.constprop.0+0x10/0x10 [ 112.271020][ T6390] ? __pfx_hash_conntrack_raw+0x10/0x10 [ 112.271040][ T6390] ? ip6t_do_table+0xc25/0x1c30 [ 112.271065][ T6390] nf_conntrack_in+0xb03/0x1950 [ 112.271094][ T6390] ? __pfx_nf_conntrack_in+0x10/0x10 [ 112.271113][ T6390] ? __do_replace+0x9e6/0x9f0 [ 112.271142][ T6390] ? ipv6_defrag+0x1df/0x470 [ 112.271165][ T6390] ? __pfx_ipv6_conntrack_in+0x10/0x10 [ 112.271180][ T6390] nf_hook_slow+0xbe/0x200 [ 112.271208][ T6390] nf_hook.constprop.0+0x422/0x750 [ 112.271229][ T6390] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 112.271251][ T6390] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 112.271272][ T6390] ? sock_wfree+0x11c/0x880 [ 112.271297][ T6390] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 112.271317][ T6390] ? ip6_rcv_core+0xc70/0x1c30 [ 112.271342][ T6390] ? __pfx_ipv6_rcv+0x10/0x10 [ 112.271362][ T6390] ipv6_rcv+0xa4/0x680 [ 112.271385][ T6390] ? __pfx_ipv6_rcv+0x10/0x10 [ 112.271403][ T6390] __netif_receive_skb_one_core+0x12d/0x1e0 [ 112.271427][ T6390] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 112.271451][ T6390] ? lock_acquire+0x179/0x350 [ 112.271479][ T6390] ? __phys_addr+0xe8/0x180 [ 112.271501][ T6390] __netif_receive_skb+0x1d/0x160 [ 112.271523][ T6390] netif_receive_skb+0x137/0x7b0 [ 112.271545][ T6390] ? __pfx_netif_receive_skb+0x10/0x10 [ 112.271577][ T6390] tun_rx_batched.isra.0+0x3ee/0x740 [ 112.271605][ T6390] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 112.271637][ T6390] ? tun_get_user+0x1c0d/0x3b80 [ 112.271660][ T6390] ? rcu_is_watching+0x12/0xc0 [ 112.271685][ T6390] tun_get_user+0x28a2/0x3b80 [ 112.271720][ T6390] ? __pfx_tun_get_user+0x10/0x10 [ 112.271742][ T6390] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 112.271772][ T6390] ? find_held_lock+0x2b/0x80 [ 112.271792][ T6390] ? tun_get+0x191/0x370 [ 112.271820][ T6390] tun_chr_write_iter+0xdc/0x210 [ 112.271848][ T6390] vfs_write+0x6c7/0x1150 [ 112.271870][ T6390] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 112.271898][ T6390] ? __pfx_vfs_write+0x10/0x10 [ 112.271916][ T6390] ? find_held_lock+0x2b/0x80 [ 112.271951][ T6390] ksys_write+0x12a/0x250 [ 112.271978][ T6390] ? __pfx_ksys_write+0x10/0x10 [ 112.272007][ T6390] do_syscall_64+0xcd/0x4c0 [ 112.272033][ T6390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.272051][ T6390] RIP: 0033:0x7fbcf3b8d3df [ 112.272065][ T6390] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 112.272079][ T6390] RSP: 002b:00007fbcf4981000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 112.272096][ T6390] RAX: ffffffffffffffda RBX: 00007fbcf3db6080 RCX: 00007fbcf3b8d3df [ 112.272106][ T6390] RDX: 000000000000004a RSI: 00002000000000c0 RDI: 00000000000000c8 [ 112.272116][ T6390] RBP: 00007fbcf4981090 R08: 0000000000000000 R09: 0000000000000000 [ 112.272125][ T6390] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001 [ 112.272135][ T6390] R13: 0000000000000001 R14: 00007fbcf3db6080 R15: 00007ffc921c1f48 [ 112.272158][ T6390] [ 112.715876][ T5898] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 112.760235][ T5898] usb 1-1: device descriptor read/8, error -71 [ 112.812944][ T6392] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 112.820427][ T6392] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 112.855858][ T30] audit: type=1400 audit(1749494688.873:255): avc: denied { append } for pid=6389 comm="syz.2.110" name="001" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 112.879866][ T5898] usb usb1-port1: unable to enumerate USB device [ 112.907914][ T976] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 113.227255][ T976] usb 5-1: device descriptor read/8, error -71 [ 113.421170][ T976] usb usb5-port1: unable to enumerate USB device [ 114.051437][ T6416] capability: warning: `syz.2.117' uses 32-bit capabilities (legacy support in use) [ 114.141147][ T6416] netlink: 24 bytes leftover after parsing attributes in process `syz.2.117'. [ 114.233281][ T30] audit: type=1400 audit(1749494690.293:256): avc: denied { getopt } for pid=6413 comm="syz.2.117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 114.288626][ T30] audit: type=1400 audit(1749494690.333:257): avc: denied { create } for pid=6418 comm="syz.0.119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 114.336077][ T6422] netlink: 80 bytes leftover after parsing attributes in process `syz.2.117'. [ 114.677648][ T30] audit: type=1400 audit(1749494690.743:258): avc: denied { ioctl } for pid=6425 comm="syz.2.121" path="/dev/ppp" dev="devtmpfs" ino=710 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 114.739304][ T30] audit: type=1400 audit(1749494690.773:259): avc: denied { listen } for pid=6425 comm="syz.2.121" lport=44502 faddr=::ffff:172.20.255.187 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 114.771985][ T6428] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 114.794861][ T6428] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=6428 comm=syz.2.121 [ 115.108407][ T30] audit: type=1400 audit(1749494691.173:260): avc: denied { write } for pid=6415 comm="syz.3.118" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 116.119658][ T51] Bluetooth: hci5: command 0x1003 tx timeout [ 116.141597][ T5828] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 116.213126][ T30] audit: type=1400 audit(1749494692.273:261): avc: denied { create } for pid=6442 comm="syz.4.125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 116.237763][ T6449] delete_channel: no stack [ 116.523106][ T6442] delete_channel: no stack [ 117.220574][ T6465] bridge0: port 3(ipvlan2) entered blocking state [ 117.232651][ T6465] bridge0: port 3(ipvlan2) entered disabled state [ 117.240401][ T6465] ipvlan2: entered allmulticast mode [ 117.245698][ T6465] bridge0: entered allmulticast mode [ 117.284586][ T6465] ipvlan2: left allmulticast mode [ 117.303735][ T6465] bridge0: left allmulticast mode [ 117.345871][ T30] audit: type=1400 audit(1749494693.383:262): avc: denied { map } for pid=6444 comm="syz.2.126" path="/dev/sg0" dev="devtmpfs" ino=768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 117.380068][ T30] audit: type=1400 audit(1749494693.383:263): avc: denied { ioctl } for pid=6444 comm="syz.2.126" path="/dev/sg0" dev="devtmpfs" ino=768 ioctlcmd=0x2201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 117.413878][ T30] audit: type=1400 audit(1749494693.383:264): avc: denied { listen } for pid=6444 comm="syz.2.126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 117.565917][ T5898] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 117.577707][ T6471] tmpfs: Unknown parameter 'usrquota' [ 117.740518][ T5898] usb 5-1: Using ep0 maxpacket: 32 [ 117.864711][ T5898] usb 5-1: config 0 has an invalid interface number: 133 but max is 0 [ 117.882571][ T5898] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.033623][ T6481] block nbd3: NBD_DISCONNECT [ 118.136210][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 118.350236][ T5898] usb 5-1: config 0 has no interface number 0 [ 118.379870][ T5898] usb 5-1: config 0 interface 133 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 118.391036][ T5898] usb 5-1: config 0 interface 133 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 118.400986][ T5898] usb 5-1: config 0 interface 133 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 118.417809][ T5898] usb 5-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e [ 118.443233][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.452433][ T5898] usb 5-1: Product: syz [ 118.456985][ T5898] usb 5-1: Manufacturer: syz [ 118.461678][ T5898] usb 5-1: SerialNumber: syz [ 118.494864][ T5898] usb 5-1: config 0 descriptor?? [ 118.503697][ T6468] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 118.515980][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 118.542878][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 118.558080][ T9] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 118.565057][ T6483] netlink: 20 bytes leftover after parsing attributes in process `syz.1.138'. [ 118.565726][ T9] usb 3-1: can't read configurations, error -71 [ 118.751288][ T5898] usb 5-1: probing VID:PID(0424:012C) [ 118.794096][ T5898] usb 5-1: vub300 testing BULK OUT EndPoint(0) 0B [ 118.821306][ T5898] usb 5-1: vub300 testing UNKNOWN EndPoint(1) 0F [ 118.840142][ T5898] usb 5-1: vub300 ignoring EndPoint(1) 0F [ 118.995030][ T30] audit: type=1400 audit(1749494695.003:265): avc: denied { kexec_image_load } for pid=6485 comm="syz.3.139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 119.001177][ T5898] usb 5-1: Could not find two sets of bulk-in/out endpoint pairs [ 119.235621][ T5898] vub300 5-1:0.133: probe with driver vub300 failed with error -22 [ 119.293646][ T5898] usb 5-1: USB disconnect, device number 6 [ 119.324523][ T30] audit: type=1400 audit(1749494695.383:266): avc: denied { read write } for pid=6492 comm="syz.1.142" name="mouse0" dev="devtmpfs" ino=987 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 119.403358][ T6494] FAULT_INJECTION: forcing a failure. [ 119.403358][ T6494] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 119.416626][ T6494] CPU: 0 UID: 0 PID: 6494 Comm: syz.1.142 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 119.416648][ T6494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.416658][ T6494] Call Trace: [ 119.416665][ T6494] [ 119.416671][ T6494] dump_stack_lvl+0x16c/0x1f0 [ 119.416702][ T6494] should_fail_ex+0x512/0x640 [ 119.416730][ T6494] _copy_from_user+0x2e/0xd0 [ 119.416756][ T6494] core_sys_select+0x35b/0xc10 [ 119.416785][ T6494] ? __pfx_core_sys_select+0x10/0x10 [ 119.416833][ T6494] ? set_user_sigmask+0x21b/0x2b0 [ 119.416852][ T6494] ? __pfx_set_user_sigmask+0x10/0x10 [ 119.416877][ T6494] do_pselect.constprop.0+0x19f/0x1e0 [ 119.416901][ T6494] ? __pfx_do_pselect.constprop.0+0x10/0x10 [ 119.416925][ T6494] ? __pfx___schedule+0x10/0x10 [ 119.416957][ T6494] __x64_sys_pselect6+0x182/0x240 [ 119.416981][ T6494] ? __pfx___x64_sys_pselect6+0x10/0x10 [ 119.417012][ T6494] do_syscall_64+0xcd/0x4c0 [ 119.417046][ T6494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.417064][ T6494] RIP: 0033:0x7fbcf3b8e929 [ 119.417079][ T6494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.417095][ T6494] RSP: 002b:00007fbcf4981038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 119.417113][ T6494] RAX: ffffffffffffffda RBX: 00007fbcf3db6080 RCX: 00007fbcf3b8e929 [ 119.417124][ T6494] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 119.417135][ T6494] RBP: 00007fbcf4981090 R08: 0000200000000300 R09: 0000000000000000 [ 119.417146][ T6494] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 119.417156][ T6494] R13: 0000000000000000 R14: 00007fbcf3db6080 R15: 00007ffc921c1f48 [ 119.417179][ T6494] [ 120.420555][ T6495] Cannot find del_set index 0 as target [ 120.512794][ T30] audit: type=1400 audit(1749494695.383:267): avc: denied { open } for pid=6492 comm="syz.1.142" path="/dev/input/mouse0" dev="devtmpfs" ino=987 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 121.134868][ T30] audit: type=1400 audit(1749494696.833:268): avc: denied { firmware_load } for pid=6496 comm="syz.4.143" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 121.289825][ T30] audit: type=1400 audit(1749494696.923:269): avc: denied { read } for pid=6496 comm="syz.4.143" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 121.307795][ T6501] syz.4.143 (6501) used greatest stack depth: 19368 bytes left [ 121.409087][ T30] audit: type=1400 audit(1749494696.923:270): avc: denied { open } for pid=6496 comm="syz.4.143" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 121.449361][ T6505] netlink: 16 bytes leftover after parsing attributes in process `syz.1.145'. [ 121.461117][ T30] audit: type=1400 audit(1749494696.923:271): avc: denied { ioctl } for pid=6496 comm="syz.4.143" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9374 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 122.224609][ T30] audit: type=1400 audit(1749494698.283:272): avc: denied { ioctl } for pid=6517 comm="syz.3.148" path="/dev/vhost-vsock" dev="devtmpfs" ino=1276 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 122.370591][ T30] audit: type=1400 audit(1749494698.433:273): avc: denied { nlmsg_read } for pid=6528 comm="syz.0.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 122.590765][ T6535] tipc: Started in network mode [ 122.595924][ T6535] tipc: Node identity 82e6, cluster identity 4711 [ 122.602328][ T6535] tipc: Node number set to 33510 [ 122.825679][ T30] audit: type=1400 audit(1749494698.733:274): avc: denied { create } for pid=6527 comm="syz.2.151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 124.179483][ T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 124.936650][ T9] usb 5-1: device descriptor read/64, error -71 [ 125.234055][ T30] audit: type=1400 audit(1749494701.293:275): avc: denied { write } for pid=6568 comm="syz.1.161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 125.253186][ C1] vkms_vblank_simulate: vblank timer overrun [ 125.255841][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 125.790755][ T976] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 125.795217][ T30] audit: type=1400 audit(1749494701.373:276): avc: denied { connect } for pid=6565 comm="syz.3.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 125.820920][ T30] audit: type=1400 audit(1749494701.373:277): avc: denied { write } for pid=6565 comm="syz.3.159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 126.112024][ T6580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.185932][ T9] usb 5-1: device descriptor read/64, error -71 [ 126.198724][ T976] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 126.212902][ T976] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 126.224677][ T976] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 126.234066][ T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.253240][ T6570] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 126.270154][ T976] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 126.313082][ T9] usb usb5-port1: attempt power cycle [ 126.477961][ T976] usb 3-1: USB disconnect, device number 5 [ 126.673523][ T3703] libceph: connect (1)[c::]:6789 error -101 [ 126.692842][ T3703] libceph: mon0 (1)[c::]:6789 connect error [ 126.771843][ T30] audit: type=1400 audit(1749494702.823:278): avc: denied { create } for pid=6591 comm="syz.3.165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 126.996999][ T6587] ceph: No mds server is up or the cluster is laggy [ 127.005330][ T3703] libceph: connect (1)[c::]:6789 error -101 [ 127.013046][ T3703] libceph: mon0 (1)[c::]:6789 connect error [ 127.127099][ T5961] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 127.196375][ T6596] binder: BINDER_SET_CONTEXT_MGR already set [ 127.225541][ T6596] binder: 6595:6596 ioctl 4018620d 200000000040 returned -16 [ 127.242912][ T6596] binder: 6595:6596 ioctl c0306201 2000000003c0 returned -14 [ 127.299130][ T30] audit: type=1400 audit(1749494703.353:279): avc: denied { name_bind } for pid=6597 comm="syz.4.167" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 127.320078][ C1] vkms_vblank_simulate: vblank timer overrun [ 127.347383][ T5961] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.361054][ T5961] usb 4-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00 [ 127.371594][ T5961] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.398129][ T5961] usb 4-1: config 0 descriptor?? [ 127.616136][ T30] audit: type=1400 audit(1749494703.533:280): avc: denied { create } for pid=6601 comm="syz.1.169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 127.653972][ T5961] usbhid 4-1:0.0: can't add hid device: -71 [ 127.660946][ T5961] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 128.194872][ T3703] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 128.202701][ T5961] usb 4-1: USB disconnect, device number 3 [ 128.379774][ T3703] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 128.455541][ T3703] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.817473][ T3703] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 128.926484][ T6615] lo speed is unknown, defaulting to 1000 [ 128.995857][ T3703] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.144771][ T3703] usb 5-1: config 0 descriptor?? [ 130.466758][ T3703] usbhid 5-1:0.0: can't add hid device: -71 [ 130.472784][ T3703] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 130.508151][ T3703] usb 5-1: USB disconnect, device number 10 [ 130.787666][ T6628] mkiss: ax0: crc mode is auto. [ 131.015386][ T30] audit: type=1400 audit(1749494707.073:281): avc: denied { mounton } for pid=6629 comm="syz.2.177" path="/36/file0" dev="tmpfs" ino=209 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 131.159181][ T30] audit: type=1400 audit(1749494707.223:282): avc: denied { name_bind } for pid=6632 comm="syz.4.178" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 131.243263][ T30] audit: type=1400 audit(1749494707.283:283): avc: denied { sys_module } for pid=6632 comm="syz.4.178" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 131.291117][ T6640] netlink: 32 bytes leftover after parsing attributes in process `syz.1.179'. [ 131.321240][ T6640] netlink: 32 bytes leftover after parsing attributes in process `syz.1.179'. [ 131.375708][ T6642] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=6642 comm=syz.3.175 [ 131.684491][ T30] audit: type=1400 audit(1749494707.743:284): avc: denied { create } for pid=6646 comm="syz.1.180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 132.426313][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.630239][ T30] audit: type=1400 audit(1749494707.773:285): avc: denied { getopt } for pid=6646 comm="syz.1.180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 132.630260][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.811479][ T6664] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 133.829212][ T6664] netlink: 20 bytes leftover after parsing attributes in process `syz.3.186'. [ 134.207827][ T6672] FAULT_INJECTION: forcing a failure. [ 134.207827][ T6672] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 134.269812][ T6672] CPU: 0 UID: 0 PID: 6672 Comm: syz.2.188 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 134.269838][ T6672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 134.269848][ T6672] Call Trace: [ 134.269853][ T6672] [ 134.269860][ T6672] dump_stack_lvl+0x16c/0x1f0 [ 134.269892][ T6672] should_fail_ex+0x512/0x640 [ 134.269920][ T6672] should_fail_alloc_page+0xe7/0x130 [ 134.269947][ T6672] prepare_alloc_pages+0x3c2/0x610 [ 134.269970][ T6672] ? look_up_lock_class+0x59/0x150 [ 134.269996][ T6672] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 134.270019][ T6672] ? ima_match_policy+0x7ed/0x22d0 [ 134.270040][ T6672] ? __lock_acquire+0x622/0x1c90 [ 134.270069][ T6672] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 134.270096][ T6672] ? __lock_acquire+0x622/0x1c90 [ 134.270138][ T6672] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 134.270162][ T6672] ? policy_nodemask+0xea/0x4e0 [ 134.270189][ T6672] alloc_pages_mpol+0x1fb/0x550 [ 134.270213][ T6672] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 134.270243][ T6672] folio_alloc_mpol_noprof+0x36/0x2f0 [ 134.270272][ T6672] vma_alloc_folio_noprof+0xed/0x1e0 [ 134.270287][ T6672] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 134.270312][ T6672] ? find_held_lock+0x2b/0x80 [ 134.270332][ T6672] ? __handle_mm_fault+0x1092/0x5490 [ 134.270354][ T6672] __handle_mm_fault+0x2f21/0x5490 [ 134.270379][ T6672] ? __pfx___handle_mm_fault+0x10/0x10 [ 134.270395][ T6672] ? __pfx_mt_find+0x10/0x10 [ 134.270425][ T6672] ? find_vma+0xbf/0x140 [ 134.270448][ T6672] ? __pfx_find_vma+0x10/0x10 [ 134.270474][ T6672] handle_mm_fault+0x589/0xd10 [ 134.270494][ T6672] ? __pkru_allows_pkey+0x21/0xb0 [ 134.270519][ T6672] do_user_addr_fault+0x7a6/0x1370 [ 134.270545][ T6672] ? rcu_is_watching+0x12/0xc0 [ 134.270569][ T6672] exc_page_fault+0x5c/0xb0 [ 134.270594][ T6672] asm_exc_page_fault+0x26/0x30 [ 134.270610][ T6672] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 134.270631][ T6672] Code: 10 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 8f 10 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 134.270646][ T6672] RSP: 0018:ffffc90003c67c28 EFLAGS: 00050202 [ 134.270661][ T6672] RAX: 0000000000000001 RBX: 00000000000000e8 RCX: 00000000000000e8 [ 134.270671][ T6672] RDX: ffffed1005f524dd RSI: ffff88802fa92600 RDI: 0000200000001240 [ 134.270682][ T6672] RBP: 0000200000001240 R08: 0000000000000000 R09: ffffed1005f524dc [ 134.270692][ T6672] R10: ffff88802fa926e7 R11: 0000000000000000 R12: ffff88802fa92600 [ 134.270702][ T6672] R13: 0000200000001328 R14: 00007ffffffff000 R15: 0000000000000000 [ 134.270726][ T6672] _copy_to_user+0xbb/0xd0 [ 134.270753][ T6672] __snd_timer_user_ioctl.isra.0+0x119b/0x2680 [ 134.270776][ T6672] ? __pfx___snd_timer_user_ioctl.isra.0+0x10/0x10 [ 134.270795][ T6672] ? __mutex_trylock_common+0xe9/0x250 [ 134.270822][ T6672] ? __pfx___mutex_trylock_common+0x10/0x10 [ 134.270849][ T6672] ? __pfx___might_resched+0x10/0x10 [ 134.270872][ T6672] ? rcu_is_watching+0x12/0xc0 [ 134.270891][ T6672] ? trace_contention_end+0xdd/0x130 [ 134.270917][ T6672] ? __mutex_lock+0x1ca/0xb90 [ 134.270941][ T6672] ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540 [ 134.270973][ T6672] ? snd_timer_user_ioctl+0x4a/0xb0 [ 134.270993][ T6672] ? __pfx___mutex_lock+0x10/0x10 [ 134.271034][ T6672] snd_timer_user_ioctl+0x72/0xb0 [ 134.271051][ T6672] ? __pfx_snd_timer_user_ioctl+0x10/0x10 [ 134.271070][ T6672] __x64_sys_ioctl+0x18e/0x210 [ 134.271092][ T6672] do_syscall_64+0xcd/0x4c0 [ 134.271120][ T6672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.271137][ T6672] RIP: 0033:0x7f3bf878e929 [ 134.271150][ T6672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.271165][ T6672] RSP: 002b:00007f3bf95e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 134.271180][ T6672] RAX: ffffffffffffffda RBX: 00007f3bf89b5fa0 RCX: 00007f3bf878e929 [ 134.271191][ T6672] RDX: 0000200000001240 RSI: 0000000080e85411 RDI: 0000000000000003 [ 134.271201][ T6672] RBP: 00007f3bf95e1090 R08: 0000000000000000 R09: 0000000000000000 [ 134.271211][ T6672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 134.271220][ T6672] R13: 0000000000000000 R14: 00007f3bf89b5fa0 R15: 00007ffce6995548 [ 134.271245][ T6672] [ 135.891204][ T5828] Bluetooth: hci0: command tx timeout [ 136.042856][ T30] audit: type=1400 audit(1749494712.103:286): avc: denied { write } for pid=6686 comm="syz.2.193" name="001" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 137.423065][ T6695] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(15) [ 137.429916][ T6695] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 137.459789][ T6695] vhci_hcd vhci_hcd.0: Device attached [ 137.936104][ T3703] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 138.377661][ T5898] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 138.506200][ T30] audit: type=1400 audit(1749494714.063:287): avc: denied { create } for pid=6712 comm="syz.1.200" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 138.775805][ T30] audit: type=1400 audit(1749494714.733:288): avc: denied { ioctl } for pid=6686 comm="syz.2.193" path="/dev/raw-gadget" dev="devtmpfs" ino=821 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 138.908581][ T5898] usb 3-1: config 0 has no interfaces? [ 138.914105][ T5898] usb 3-1: New USB device found, idVendor=0de5, idProduct=0056, bcdDevice= 5.b5 [ 138.925764][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.961483][ T5898] usb 3-1: config 0 descriptor?? [ 138.970318][ T30] audit: type=1400 audit(1749494715.033:289): avc: denied { mounton } for pid=6721 comm="syz.4.202" path="/syzcgroup/unified/syz4" dev="cgroup2" ino=67 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 139.095905][ T30] audit: type=1400 audit(1749494715.063:290): avc: denied { mount } for pid=6721 comm="syz.4.202" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1 [ 139.275544][ T30] audit: type=1400 audit(1749494715.113:291): avc: denied { read write } for pid=6723 comm="syz.1.203" name="vmci" dev="devtmpfs" ino=697 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 139.349457][ T30] audit: type=1400 audit(1749494715.113:292): avc: denied { open } for pid=6723 comm="syz.1.203" path="/dev/vmci" dev="devtmpfs" ino=697 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 140.258470][ T30] audit: type=1400 audit(1749494715.973:293): avc: denied { bind } for pid=6736 comm="syz.0.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 140.319032][ T5914] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 140.453735][ T5898] usb 3-1: can't set config #0, error -71 [ 140.471840][ T5898] usb 3-1: USB disconnect, device number 6 [ 140.509236][ T6700] vhci_hcd: connection reset by peer [ 140.519432][ T49] vhci_hcd: stop threads [ 140.528915][ T49] vhci_hcd: release socket [ 140.535847][ T5914] usb 5-1: Using ep0 maxpacket: 16 [ 140.543568][ T5914] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 140.556458][ T49] vhci_hcd: disconnect device [ 140.565237][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.587772][ T5914] usb 5-1: config 0 descriptor?? [ 140.608849][ T5914] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 140.720891][ T6749] Driver unsupported XDP return value 0 on prog (id 41) dev N/A, expect packet loss! [ 140.745868][ T976] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 140.788995][ T6753] netlink: 'syz.2.214': attribute type 6 has an invalid length. [ 141.248750][ T976] usb 4-1: Using ep0 maxpacket: 8 [ 141.256002][ T976] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 141.266531][ T976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.306956][ T976] usb 4-1: config 0 descriptor?? [ 141.551845][ T30] audit: type=1400 audit(1749494717.613:294): avc: denied { connect } for pid=6762 comm="syz.0.216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 141.754421][ T6769] mmap: syz.0.216 (6769) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 143.095988][ T5914] gspca_sonixj: i2c_w8 err -71 [ 143.115881][ T5914] sonixj 5-1:0.0: probe with driver sonixj failed with error -71 [ 143.126583][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 143.148571][ T5914] usb 5-1: USB disconnect, device number 11 [ 143.507943][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 143.521630][ T9] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.532813][ T9] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.553614][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 143.563213][ T9] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 143.565878][ T3703] vhci_hcd: vhci_device speed not set [ 143.600663][ T9] usb 2-1: Product: syz [ 143.614529][ T9] usb 2-1: Manufacturer: syz [ 143.631885][ T9] hub 2-1:4.0: USB hub found [ 143.653157][ T976] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 143.692174][ T976] asix 4-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 143.792599][ T976] asix 4-1:0.0: probe with driver asix failed with error -71 [ 143.861356][ T9] hub 2-1:4.0: 2 ports detected [ 143.979365][ T976] usb 4-1: USB disconnect, device number 4 [ 144.273160][ T6796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.332264][ T6783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.370128][ T6796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.406213][ T6783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.499425][ T9] hub 2-1:4.0: hub_hub_status failed (err = -32) [ 144.506114][ T9] hub 2-1:4.0: config failed, can't get hub status (err -32) [ 144.577609][ T9] usb 2-1: USB disconnect, device number 3 [ 144.627236][ T6813] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 144.635361][ T30] audit: type=1400 audit(1749494720.693:295): avc: denied { append } for pid=6811 comm="syz.4.232" name="ubi_ctrl" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 144.676992][ T6813] netlink: 20 bytes leftover after parsing attributes in process `syz.3.231'. [ 144.901742][ T6815] ubi31: attaching mtd0 [ 144.953854][ T6815] ubi31: scanning is finished [ 144.958966][ T6815] ubi31: empty MTD device detected [ 144.963999][ T6817] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 144.997019][ T6817] netlink: 20 bytes leftover after parsing attributes in process `syz.3.233'. [ 145.120094][ T30] audit: type=1400 audit(1749494721.123:296): avc: denied { ioctl } for pid=6811 comm="syz.4.232" path="socket:[11113]" dev="sockfs" ino=11113 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 145.308626][ T6815] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 145.317288][ T6815] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 145.325981][ T6815] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 145.336186][ T6815] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 145.345338][ T6815] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 145.353302][ T6815] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 145.363841][ T6815] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1824887657 [ 145.375879][ T6815] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 145.417919][ T6820] ubi31: background thread "ubi_bgt31d" started, PID 6820 [ 145.451566][ T6824] netlink: 92 bytes leftover after parsing attributes in process `syz.3.235'. [ 145.460601][ T6824] netlink: 24 bytes leftover after parsing attributes in process `syz.3.235'. [ 145.651395][ T6798] openvswitch: netlink: Key type 113 is out of range max 32 [ 145.839638][ T30] audit: type=1400 audit(1749494721.903:297): avc: denied { write } for pid=6829 comm="syz.3.237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 146.198600][ T6837] hub 8-0:1.0: USB hub found [ 146.205544][ T6837] hub 8-0:1.0: 1 port detected [ 146.590100][ T6839] netlink: 'syz.3.239': attribute type 10 has an invalid length. [ 146.673169][ T6839] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 146.685211][ T5828] Bluetooth: hci0: command tx timeout [ 146.709831][ T6839] bond0: (slave lo): Enslaving as an active interface with an up link [ 146.824729][ T30] audit: type=1400 audit(1749494722.843:298): avc: denied { read write } for pid=6821 comm="syz.1.234" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 147.027397][ T30] audit: type=1400 audit(1749494722.843:299): avc: denied { open } for pid=6821 comm="syz.1.234" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 147.325849][ T976] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 147.349799][ T6861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 147.365698][ T6861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 147.381895][ T6861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 147.400558][ T6861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 147.422764][ T6861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 147.642625][ T6864] SELinux: Context system_u:object is not valid (left unmapped). [ 147.657753][ T30] audit: type=1400 audit(1749494723.723:300): avc: denied { relabelto } for pid=6855 comm="syz.2.247" name="cgroup.procs" dev="cgroup" ino=178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object" [ 147.717148][ T976] usb 5-1: Using ep0 maxpacket: 32 [ 147.814787][ T30] audit: type=1400 audit(1749494723.753:301): avc: denied { associate } for pid=6855 comm="syz.2.247" name="cgroup.procs" dev="cgroup" ino=178 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 srawcon="system_u:object" [ 147.846299][ T976] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.859779][ T976] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.898596][ T976] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 147.915904][ T976] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 147.928390][ T976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.960033][ T976] usb 5-1: config 0 descriptor?? [ 148.232319][ T6847] netlink: 'syz.4.242': attribute type 21 has an invalid length. [ 148.497768][ T6847] netlink: 132 bytes leftover after parsing attributes in process `syz.4.242'. [ 150.059517][ T976] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0001/input/input8 [ 150.741450][ T30] audit: type=1400 audit(1749494726.793:302): avc: denied { read } for pid=5176 comm="acpid" name="mouse1" dev="devtmpfs" ino=2832 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 150.764924][ T30] audit: type=1400 audit(1749494726.793:303): avc: denied { open } for pid=5176 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=2832 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 150.806436][ T30] audit: type=1400 audit(1749494726.853:304): avc: denied { ioctl } for pid=5176 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=2832 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 150.861985][ T976] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0001/input/input9 [ 151.768438][ T976] kye 0003:0458:5011.0001: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.4-1/input0 [ 151.799755][ T30] audit: type=1400 audit(1749494727.853:305): avc: denied { create } for pid=6898 comm="syz.0.259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 151.815637][ T976] usb 5-1: USB disconnect, device number 12 [ 151.819059][ C1] vkms_vblank_simulate: vblank timer overrun [ 151.831521][ T6901] tmpfs: Bad value for 'mpol' [ 153.024330][ T6887] [U] [ 153.657118][ T6912] fido_id[6912]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 154.045930][ T976] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 154.272089][ T976] usb 4-1: Using ep0 maxpacket: 32 [ 154.378997][ T976] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 154.711696][ T976] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC5, changing to 0x85 [ 154.737927][ T976] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 154.784420][ T976] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 154.994613][ T976] usb 4-1: New USB device found, idVendor=0c72, idProduct=0011, bcdDevice= 9.75 [ 155.292433][ T976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.300839][ T976] usb 4-1: Product: syz [ 155.305035][ T976] usb 4-1: Manufacturer: syz [ 155.309910][ T976] usb 4-1: SerialNumber: syz [ 155.317077][ T976] usb 4-1: config 0 descriptor?? [ 155.605818][ T5961] usb 4-1: USB disconnect, device number 5 [ 155.638907][ T30] audit: type=1400 audit(1749494731.693:306): avc: denied { setopt } for pid=6955 comm="syz.0.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 155.990318][ T30] audit: type=1400 audit(1749494731.693:307): avc: denied { read } for pid=6955 comm="syz.0.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 156.601020][ T6982] fuse: Bad value for 'fd' [ 157.140651][ T6993] netlink: 12 bytes leftover after parsing attributes in process `syz.4.281'. [ 157.594228][ T7001] vivid-000: disconnect [ 157.616247][ T7001] netlink: 4 bytes leftover after parsing attributes in process `syz.0.283'. [ 157.626150][ T7001] vcan0: entered promiscuous mode [ 157.631228][ T7001] vcan0: entered allmulticast mode [ 157.664377][ T7001] vivid-000: reconnect [ 157.680291][ T30] audit: type=1400 audit(1749494733.673:308): avc: denied { ioctl } for pid=6997 comm="syz.0.283" path="socket:[11542]" dev="sockfs" ino=11542 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 157.824995][ T5961] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 157.836608][ T30] audit: type=1400 audit(1749494733.673:309): avc: denied { bind } for pid=6997 comm="syz.0.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 157.875822][ T30] audit: type=1400 audit(1749494733.673:310): avc: denied { connect } for pid=6997 comm="syz.0.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 157.895342][ T7002] netlink: 'syz.3.284': attribute type 10 has an invalid length. [ 158.121492][ T5961] usb 5-1: config 0 has no interfaces? [ 159.533777][ T5961] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 159.543064][ T5961] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.553749][ T5961] usb 5-1: Product: syz [ 159.570397][ T5961] usb 5-1: Manufacturer: syz [ 159.575113][ T5961] usb 5-1: SerialNumber: syz [ 159.606299][ T5961] usb 5-1: config 0 descriptor?? [ 159.643266][ T30] audit: type=1400 audit(1749494735.703:311): avc: denied { create } for pid=7013 comm="syz.0.288" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 159.663472][ T7014] @: renamed from vlan0 (while UP) [ 159.713312][ T30] audit: type=1400 audit(1749494735.723:312): avc: denied { ioctl } for pid=7013 comm="syz.0.288" path="socket:[11564]" dev="sockfs" ino=11564 ioctlcmd=0x8923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 159.753870][ T7022] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 159.766397][ T7022] netlink: 20 bytes leftover after parsing attributes in process `syz.3.291'. [ 159.774991][ T30] audit: type=1400 audit(1749494735.833:313): avc: denied { map } for pid=7023 comm="syz.0.293" path="socket:[11571]" dev="sockfs" ino=11571 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 159.960443][ T7027] netlink: 4 bytes leftover after parsing attributes in process `syz.2.292'. [ 160.097962][ T5914] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 160.154416][ T30] audit: type=1400 audit(1749494735.833:314): avc: denied { read accept } for pid=7023 comm="syz.0.293" path="socket:[11571]" dev="sockfs" ino=11571 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 160.247879][ T6994] warning: `syz.4.281' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 160.344242][ T5914] usb 2-1: Using ep0 maxpacket: 8 [ 160.604280][ T5914] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 160.901626][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.917802][ T7040] fuse: Bad value for 'fd' [ 160.921722][ T5914] usb 2-1: config 0 descriptor?? [ 161.135197][ T7047] FAULT_INJECTION: forcing a failure. [ 161.135197][ T7047] name failslab, interval 1, probability 0, space 0, times 0 [ 161.147983][ T7047] CPU: 1 UID: 0 PID: 7047 Comm: syz.2.299 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 161.148006][ T7047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.148016][ T7047] Call Trace: [ 161.148022][ T7047] [ 161.148029][ T7047] dump_stack_lvl+0x16c/0x1f0 [ 161.148062][ T7047] should_fail_ex+0x512/0x640 [ 161.148087][ T7047] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 161.148115][ T7047] should_failslab+0xc2/0x120 [ 161.148139][ T7047] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 161.148161][ T7047] ? do_timer_create+0x18a/0x14e0 [ 161.148194][ T7047] do_timer_create+0x18a/0x14e0 [ 161.148226][ T7047] ? __pfx_do_timer_create+0x10/0x10 [ 161.148259][ T7047] ? __fget_files+0x20e/0x3c0 [ 161.148286][ T7047] __x64_sys_timer_create+0x199/0x1d0 [ 161.148304][ T7047] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 161.148319][ T7047] ? fput+0x70/0xf0 [ 161.148335][ T7047] ? ksys_write+0x1ac/0x250 [ 161.148356][ T7047] ? __pfx_ksys_write+0x10/0x10 [ 161.148395][ T7047] do_syscall_64+0xcd/0x4c0 [ 161.148422][ T7047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.148441][ T7047] RIP: 0033:0x7f3bf878e929 [ 161.148455][ T7047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.148472][ T7047] RSP: 002b:00007f3bf95c0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000de [ 161.148489][ T7047] RAX: ffffffffffffffda RBX: 00007f3bf89b6080 RCX: 00007f3bf878e929 [ 161.148500][ T7047] RDX: 0000200000000280 RSI: 0000000000000000 RDI: 0000000000000002 [ 161.148509][ T7047] RBP: 00007f3bf95c0090 R08: 0000000000000000 R09: 0000000000000000 [ 161.148519][ T7047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.148529][ T7047] R13: 0000000000000001 R14: 00007f3bf89b6080 R15: 00007ffce6995548 [ 161.148554][ T7047] [ 161.756189][ T30] audit: type=1400 audit(1749494737.733:315): avc: denied { ioctl } for pid=7016 comm="syz.1.290" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=11671 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 161.846532][ T5828] Bluetooth: hci0: command tx timeout [ 162.075833][ T5961] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 162.255367][ T5914] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 162.265507][ T5914] asix 2-1:0.0: probe with driver asix failed with error -71 [ 162.289778][ T5914] usb 2-1: USB disconnect, device number 4 [ 162.379453][ T976] usb 5-1: USB disconnect, device number 13 [ 162.436214][ T5961] usb 3-1: Using ep0 maxpacket: 16 [ 162.768715][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 162.832739][ T5961] usb 3-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 162.848524][ T5961] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.881406][ T5961] usb 3-1: config 0 descriptor?? [ 163.352921][ T7067] SELinux: security_context_str_to_sid (5] S9q#) failed with errno=-22 [ 163.994260][ T7069] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 164.002172][ T7069] netlink: 20 bytes leftover after parsing attributes in process `syz.1.306'. [ 164.081548][ T5961] usbhid 3-1:0.0: can't add hid device: -71 [ 164.103472][ T5961] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 164.165869][ T5961] usb 3-1: USB disconnect, device number 7 [ 165.492129][ T30] audit: type=1400 audit(1749494741.523:316): avc: denied { getopt } for pid=7054 comm="syz.0.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 165.928150][ T30] audit: type=1400 audit(1749494741.643:317): avc: denied { setopt } for pid=7080 comm="syz.1.311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 165.950307][ T30] audit: type=1400 audit(1749494741.873:318): avc: denied { read write } for pid=7075 comm="syz.3.308" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 165.980430][ T7083] pimreg: entered allmulticast mode [ 165.986371][ T7091] pimreg: left allmulticast mode [ 166.094322][ T5828] Bluetooth: hci0: command tx timeout [ 166.351199][ T30] audit: type=1400 audit(1749494741.873:319): avc: denied { open } for pid=7075 comm="syz.3.308" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 166.388948][ T7097] fuse: Bad value for 'fd' [ 166.572170][ T30] audit: type=1400 audit(1749494741.933:320): avc: denied { ioctl } for pid=7075 comm="syz.3.308" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 166.603022][ T7079] netlink: 12 bytes leftover after parsing attributes in process `syz.4.310'. [ 167.440194][ T7112] Bluetooth: hci5: Frame reassembly failed (-84) [ 167.632823][ T30] audit: type=1400 audit(1749494743.693:321): avc: denied { mounton } for pid=7113 comm="syz.4.318" path="/syzcgroup/unified/syz4" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=dir permissive=1 [ 168.064555][ T30] audit: type=1400 audit(1749494743.753:322): avc: denied { mount } for pid=7113 comm="syz.4.318" name="/" dev="hugetlbfs" ino=11769 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 168.200341][ T7125] netlink: 28 bytes leftover after parsing attributes in process `syz.3.322'. [ 168.206725][ T7127] netlink: 4 bytes leftover after parsing attributes in process `syz.0.321'. [ 168.239261][ T30] audit: type=1400 audit(1749494744.303:323): avc: denied { bind } for pid=7128 comm="syz.4.323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 168.313131][ T30] audit: type=1400 audit(1749494744.373:324): avc: denied { write } for pid=7128 comm="syz.4.323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 168.466151][ T5849] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 168.466151][ T5961] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 168.495521][ T7143] netlink: 32 bytes leftover after parsing attributes in process `syz.0.328'. [ 168.530622][ T7143] netlink: 'syz.0.328': attribute type 10 has an invalid length. [ 168.538495][ T7143] netlink: 152 bytes leftover after parsing attributes in process `syz.0.328'. [ 168.595026][ T7146] fuse: Bad value for 'fd' [ 168.636050][ T5961] usb 3-1: Using ep0 maxpacket: 16 [ 168.648006][ T5961] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.656033][ T5849] usb 4-1: Using ep0 maxpacket: 16 [ 168.661665][ T5961] usb 3-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 168.673910][ T5961] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.680340][ T5849] usb 4-1: config 0 has an invalid interface number: 198 but max is 0 [ 168.693845][ T5849] usb 4-1: config 0 has no interface number 0 [ 168.696569][ T5961] usb 3-1: config 0 descriptor?? [ 168.702262][ T5849] usb 4-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=30.1d [ 168.852661][ T5849] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.887114][ T5849] usb 4-1: Product: syz [ 168.902256][ T5849] usb 4-1: Manufacturer: syz [ 168.908247][ T5849] usb 4-1: SerialNumber: syz [ 169.038977][ T5849] usb 4-1: config 0 descriptor?? [ 169.110913][ T5849] usb_ehset_test 4-1:0.198: probe with driver usb_ehset_test failed with error -32 [ 169.225499][ T7156] SELinux: security_context_str_to_sid (5] S9q#) failed with errno=-22 [ 169.476300][ T51] Bluetooth: hci5: command 0x1003 tx timeout [ 169.483429][ T5828] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 169.679683][ T5849] usb 4-1: USB disconnect, device number 6 [ 169.852455][ T5961] usbhid 3-1:0.0: can't add hid device: -71 [ 169.866117][ T5961] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 169.903635][ T5961] usb 3-1: USB disconnect, device number 8 [ 170.145140][ T7170] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 170.152790][ T7170] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 170.418937][ T30] audit: type=1400 audit(1749494746.453:325): avc: denied { execute } for pid=7173 comm="syz.3.336" path="/70/bus" dev="tmpfs" ino=380 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 171.350420][ T7178] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 171.367242][ T24] lo speed is unknown, defaulting to 1000 [ 171.494663][ T7178] usb usb8: usbfs: process 7178 (syz.2.337) did not claim interface 0 before use [ 171.574958][ T30] audit: type=1400 audit(1749494747.633:326): avc: denied { setopt } for pid=7177 comm="syz.2.337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 173.446649][ T7197] netlink: 4 bytes leftover after parsing attributes in process `syz.1.343'. [ 173.744213][ T7205] lo speed is unknown, defaulting to 1000 [ 175.127456][ T7217] netlink: 596 bytes leftover after parsing attributes in process `syz.1.347'. [ 176.565857][ T30] audit: type=1400 audit(1749494752.593:327): avc: denied { unmount } for pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 176.644713][ T7235] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 177.599987][ T30] audit: type=1400 audit(1749494753.663:328): avc: denied { write } for pid=7231 comm="syz.4.353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 177.644873][ T30] audit: type=1400 audit(1749494753.693:329): avc: denied { connect } for pid=7231 comm="syz.4.353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 177.746597][ T7247] netlink: 2 bytes leftover after parsing attributes in process `syz.2.357'. [ 178.042083][ T7236] delete_channel: no stack [ 178.091580][ T30] audit: type=1400 audit(1749494753.693:330): avc: denied { write } for pid=7231 comm="syz.4.353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 178.127770][ T30] audit: type=1400 audit(1749494753.823:331): avc: denied { setopt } for pid=7236 comm="syz.2.357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 178.253631][ T7251] netlink: 32 bytes leftover after parsing attributes in process `syz.3.358'. [ 178.272404][ T7251] netlink: 32 bytes leftover after parsing attributes in process `syz.3.358'. [ 178.421546][ T7257] bridge0: port 3(netdevsim2) entered blocking state [ 178.428529][ T7257] bridge0: port 3(netdevsim2) entered disabled state [ 178.441626][ T7257] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 178.805631][ T30] audit: type=1400 audit(1749494754.863:332): avc: denied { listen } for pid=7249 comm="syz.0.359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 179.159948][ T7270] netlink: 16 bytes leftover after parsing attributes in process `syz.1.362'. [ 179.482095][ T7256] netlink: 32 bytes leftover after parsing attributes in process `syz.2.360'. [ 179.509933][ T7257] netdevsim netdevsim0 netdevsim2: entered promiscuous mode [ 179.510671][ T7257] bridge0: port 3(netdevsim2) entered blocking state [ 179.510761][ T7257] bridge0: port 3(netdevsim2) entered forwarding state [ 179.527646][ T30] audit: type=1400 audit(1749494755.223:333): avc: denied { write } for pid=7260 comm="syz.1.362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 179.703572][ C1] vkms_vblank_simulate: vblank timer overrun [ 179.744906][ T7252] fuse: Bad value for 'fd' [ 180.952659][ T6740] wlan0: Trigger new scan to find an IBSS to join [ 181.572564][ T7292] nftables ruleset with unbound set [ 181.605677][ T7295] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 181.720288][ T7298] Cannot find map_set index 0 as target [ 181.757070][ T30] audit: type=1400 audit(1749494757.823:334): avc: denied { watch } for pid=7300 comm="syz.3.375" path="/81/control" dev="tmpfs" ino=437 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 181.909159][ T7309] netlink: 128 bytes leftover after parsing attributes in process `syz.1.377'. [ 181.922887][ T30] audit: type=1400 audit(1749494757.973:335): avc: denied { setopt } for pid=7305 comm="syz.1.377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 182.168429][ T30] audit: type=1400 audit(1749494758.233:336): avc: denied { mount } for pid=7313 comm="syz.1.379" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 182.275810][ T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 182.390843][ T30] audit: type=1400 audit(1749494758.453:337): avc: denied { create } for pid=7321 comm="syz.2.383" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 182.412413][ T7322] fuse: Bad value for 'user_id' [ 182.446581][ T7322] fuse: Bad value for 'user_id' [ 182.471636][ T30] audit: type=1400 audit(1749494758.483:338): avc: denied { mounton } for pid=7321 comm="syz.2.383" path="/78/file0" dev="tmpfs" ino=432 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 182.581623][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 182.601055][ T24] usb 4-1: config 0 has an invalid interface number: 122 but max is 0 [ 182.609468][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 182.622898][ T24] usb 4-1: config 0 has no interface number 0 [ 182.629173][ T24] usb 4-1: config 0 interface 122 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 182.640944][ T24] usb 4-1: config 0 interface 122 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 8 [ 182.650856][ T24] usb 4-1: config 0 interface 122 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 8 [ 182.932671][ T30] audit: type=1400 audit(1749494758.723:339): avc: denied { unlink } for pid=5814 comm="syz-executor" name="file0" dev="tmpfs" ino=432 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 183.045563][ T24] usb 4-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice= 5.b7 [ 183.058486][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.094142][ T24] usb 4-1: Product: syz [ 183.110265][ T24] usb 4-1: Manufacturer: syz [ 183.122899][ T24] usb 4-1: SerialNumber: syz [ 183.221812][ T30] audit: type=1400 audit(1749494759.213:340): avc: denied { shutdown } for pid=7327 comm="syz.4.385" lport=41257 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 183.363927][ T24] usb 4-1: config 0 descriptor?? [ 183.375842][ T7311] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 183.488814][ T30] audit: type=1400 audit(1749494759.213:341): avc: denied { read } for pid=7327 comm="syz.4.385" lport=41257 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 184.715446][ T30] audit: type=1400 audit(1749494760.773:342): avc: denied { watch } for pid=7327 comm="syz.4.385" path="/64" dev="tmpfs" ino=350 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 185.711630][ T6740] wlan0: Trigger new scan to find an IBSS to join [ 186.029298][ T30] audit: type=1400 audit(1749494760.773:343): avc: denied { watch_sb watch_reads } for pid=7327 comm="syz.4.385" path="/64" dev="tmpfs" ino=350 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 186.095675][ T24] usb 4-1: NFC: intf ffff8880212fb000 id ffffffff8f5649c0 [ 186.098677][ T7360] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 186.107425][ T7362] vlan2: entered allmulticast mode [ 186.110712][ T7360] netlink: 20 bytes leftover after parsing attributes in process `syz.2.392'. [ 186.153004][ T24] usb 4-1: USB disconnect, device number 7 [ 186.158990][ T7362] veth1_to_batadv: entered allmulticast mode [ 186.464776][ T7374] i2c i2c-0: Invalid block write size 33 [ 187.845339][ T7381] netlink: 32 bytes leftover after parsing attributes in process `syz.2.400'. [ 187.860816][ T7381] netlink: 32 bytes leftover after parsing attributes in process `syz.2.400'. [ 188.087651][ T6740] wlan0: Creating new IBSS network, BSSID ea:8f:fc:ac:ed:05 [ 188.122112][ T5828] Bluetooth: hci0: command tx timeout [ 188.868467][ T7389] bridge_slave_0: left allmulticast mode [ 188.874180][ T7389] bridge_slave_0: left promiscuous mode [ 188.944343][ T7389] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.003958][ T7389] bridge_slave_1: left allmulticast mode [ 189.010152][ T7389] bridge_slave_1: left promiscuous mode [ 189.019622][ T7389] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.171852][ T7389] bond0: (slave bond_slave_0): Releasing backup interface [ 189.188801][ T7389] bond0: (slave bond_slave_1): Releasing backup interface [ 189.216575][ T7402] netlink: 'syz.2.404': attribute type 10 has an invalid length. [ 189.316416][ T7405] netlink: 4 bytes leftover after parsing attributes in process `syz.2.404'. [ 189.325955][ T30] audit: type=1400 audit(1749494765.393:344): avc: denied { read write } for pid=7403 comm="syz.3.407" name="ptp0" dev="devtmpfs" ino=1266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 189.414426][ T7389] team0: Port device team_slave_0 removed [ 189.431932][ T30] audit: type=1400 audit(1749494765.413:345): avc: denied { open } for pid=7403 comm="syz.3.407" path="/dev/ptp0" dev="devtmpfs" ino=1266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 189.459093][ T7389] team0: Port device team_slave_1 removed [ 189.468627][ T7389] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 189.490001][ T7389] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 189.503622][ T7389] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 189.515354][ T7389] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 189.534524][ T30] audit: type=1400 audit(1749494765.433:346): avc: denied { ioctl } for pid=7403 comm="syz.3.407" path="/dev/ptp0" dev="devtmpfs" ino=1266 ioctlcmd=0x3d04 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 189.559313][ C1] vkms_vblank_simulate: vblank timer overrun [ 189.582756][ T30] audit: type=1400 audit(1749494765.433:347): avc: denied { setopt } for pid=7403 comm="syz.3.407" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 189.587387][ T7391] team0: Mode changed to "loadbalance" [ 189.610335][ T30] audit: type=1400 audit(1749494765.433:348): avc: denied { write } for pid=7403 comm="syz.3.407" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 189.638891][ T7411] FAULT_INJECTION: forcing a failure. [ 189.638891][ T7411] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 189.640681][ T30] audit: type=1400 audit(1749494765.443:349): avc: denied { read } for pid=7403 comm="syz.3.407" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 189.653299][ T7411] CPU: 1 UID: 0 PID: 7411 Comm: syz.4.409 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 189.653319][ T7411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 189.653328][ T7411] Call Trace: [ 189.653334][ T7411] [ 189.653339][ T7411] dump_stack_lvl+0x16c/0x1f0 [ 189.653367][ T7411] should_fail_ex+0x512/0x640 [ 189.653398][ T7411] _copy_from_user+0x2e/0xd0 [ 189.653422][ T7411] copy_msghdr_from_user+0x98/0x160 [ 189.653445][ T7411] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 189.653481][ T7411] ___sys_sendmsg+0xfe/0x1d0 [ 189.653505][ T7411] ? __pfx____sys_sendmsg+0x10/0x10 [ 189.653525][ T7411] ? __lock_acquire+0x622/0x1c90 [ 189.653575][ T7411] __sys_sendmsg+0x16d/0x220 [ 189.653597][ T7411] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.653634][ T7411] do_syscall_64+0xcd/0x4c0 [ 189.653658][ T7411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.653674][ T7411] RIP: 0033:0x7f9d9bf8e929 [ 189.653686][ T7411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.653701][ T7411] RSP: 002b:00007f9d9ce4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 189.653716][ T7411] RAX: ffffffffffffffda RBX: 00007f9d9c1b5fa0 RCX: 00007f9d9bf8e929 [ 189.653726][ T7411] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003 [ 189.653735][ T7411] RBP: 00007f9d9ce4f090 R08: 0000000000000000 R09: 0000000000000000 [ 189.653743][ T7411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.653752][ T7411] R13: 0000000000000000 R14: 00007f9d9c1b5fa0 R15: 00007fff9345fe08 [ 189.653772][ T7411] [ 189.675869][ T5961] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 189.693227][ T7402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.894004][ T5961] usb 4-1: device descriptor read/64, error -71 [ 189.948194][ T7402] team0: Port device bond0 added [ 190.012347][ T7414] FAULT_INJECTION: forcing a failure. [ 190.012347][ T7414] name failslab, interval 1, probability 0, space 0, times 0 [ 190.025071][ T7414] CPU: 1 UID: 0 PID: 7414 Comm: syz.4.410 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 190.025091][ T7414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.025106][ T7414] Call Trace: [ 190.025112][ T7414] [ 190.025118][ T7414] dump_stack_lvl+0x16c/0x1f0 [ 190.025147][ T7414] should_fail_ex+0x512/0x640 [ 190.025168][ T7414] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 190.025193][ T7414] should_failslab+0xc2/0x120 [ 190.025215][ T7414] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 190.025236][ T7414] ? __alloc_skb+0x2b2/0x380 [ 190.025263][ T7414] __alloc_skb+0x2b2/0x380 [ 190.025285][ T7414] ? __pfx___alloc_skb+0x10/0x10 [ 190.025310][ T7414] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 190.025332][ T7414] netlink_alloc_large_skb+0x69/0x130 [ 190.025351][ T7414] netlink_sendmsg+0x6a1/0xdd0 [ 190.025372][ T7414] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.025398][ T7414] ____sys_sendmsg+0xa98/0xc70 [ 190.025417][ T7414] ? copy_msghdr_from_user+0x10a/0x160 [ 190.025439][ T7414] ? __pfx_____sys_sendmsg+0x10/0x10 [ 190.025468][ T7414] ___sys_sendmsg+0x134/0x1d0 [ 190.025492][ T7414] ? __pfx____sys_sendmsg+0x10/0x10 [ 190.025513][ T7414] ? __lock_acquire+0x622/0x1c90 [ 190.025565][ T7414] __sys_sendmsg+0x16d/0x220 [ 190.025589][ T7414] ? __pfx___sys_sendmsg+0x10/0x10 [ 190.025627][ T7414] do_syscall_64+0xcd/0x4c0 [ 190.025652][ T7414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.025668][ T7414] RIP: 0033:0x7f9d9bf8e929 [ 190.025681][ T7414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.025697][ T7414] RSP: 002b:00007f9d9ce2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 190.025717][ T7414] RAX: ffffffffffffffda RBX: 00007f9d9c1b6080 RCX: 00007f9d9bf8e929 [ 190.025728][ T7414] RDX: 0000000020000000 RSI: 0000200000000940 RDI: 0000000000000006 [ 190.025738][ T7414] RBP: 00007f9d9ce2e090 R08: 0000000000000000 R09: 0000000000000000 [ 190.025748][ T7414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.025757][ T7414] R13: 0000000000000000 R14: 00007f9d9c1b6080 R15: 00007fff9345fe08 [ 190.025783][ T7414] [ 190.237899][ C1] vkms_vblank_simulate: vblank timer overrun [ 190.314220][ T7405] team0 (unregistering): Port device bond0 removed [ 190.377642][ T5961] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 190.504568][ T7426] netlink: 'syz.4.415': attribute type 10 has an invalid length. [ 190.515840][ T5961] usb 4-1: device descriptor read/64, error -71 [ 295.515687][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 295.515705][ C1] rcu: 0-...!: (1 GPs behind) idle=c484/1/0x4000000000000000 softirq=24551/24552 fqs=1 [ 295.516134][ C1] rcu: (detected by 1, t=10502 jiffies, g=15301, q=176 ncpus=2) [ 295.516151][ C1] Sending NMI from CPU 1 to CPUs 0: [ 295.516173][ C0] NMI backtrace for cpu 0 [ 295.516184][ C0] CPU: 0 UID: 0 PID: 7426 Comm: syz.4.415 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 295.516201][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.516209][ C0] RIP: 0010:__lock_acquire+0x3f7/0x1c90 [ 295.516234][ C0] Code: 48 89 ef e8 9b f3 ff ff 85 c0 74 5e ba 08 00 00 00 4c 89 ee 48 89 ef e8 87 f3 ff ff 85 c0 74 4a 8b 05 dd f3 43 19 85 c0 74 72 <48> 8b 8d e0 0a 00 00 85 db 0f 85 56 03 00 00 8b 05 c4 f3 43 19 85 [ 295.516247][ C0] RSP: 0018:ffffc90000007bc8 EFLAGS: 00000047 [ 295.516260][ C0] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000008 [ 295.516268][ C0] RDX: 0000000000000000 RSI: ffff88807c3c53e8 RDI: ffff88807c3c4880 [ 295.516277][ C0] RBP: ffff88807c3c4880 R08: 0000000000000001 R09: 0000000000000001 [ 295.516285][ C0] R10: 0000000000000078 R11: 0000000000000001 R12: ffff88807c3c5370 [ 295.516293][ C0] R13: ffff88807c3c53e8 R14: 0000000000000003 R15: 0000000000000002 [ 295.516302][ C0] FS: 00007f9d9ce4f6c0(0000) GS:ffff888124754000(0000) knlGS:0000000000000000 [ 295.516316][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 295.516325][ C0] CR2: 000000110c2ddce2 CR3: 000000007d11e000 CR4: 00000000003526f0 [ 295.516333][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 295.516346][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 295.516355][ C0] Call Trace: [ 295.516359][ C0] [ 295.516365][ C0] ? __lock_acquire+0xb8a/0x1c90 [ 295.516386][ C0] lock_acquire+0x179/0x350 [ 295.516405][ C0] ? debug_object_activate+0x14c/0x4c0 [ 295.516420][ C0] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 295.516435][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 295.516452][ C0] ? debug_object_activate+0x14c/0x4c0 [ 295.516465][ C0] debug_object_activate+0x14c/0x4c0 [ 295.516478][ C0] ? __pfx_debug_object_activate+0x10/0x10 [ 295.516493][ C0] ? do_raw_spin_lock+0x12c/0x2b0 [ 295.516507][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 295.516522][ C0] enqueue_hrtimer+0x23/0x3b0 [ 295.516536][ C0] __hrtimer_run_queues+0x8ff/0xad0 [ 295.516553][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 295.516566][ C0] ? read_tsc+0x9/0x20 [ 295.516583][ C0] hrtimer_interrupt+0x397/0x8e0 [ 295.516602][ C0] __sysvec_apic_timer_interrupt+0x108/0x3f0 [ 295.516623][ C0] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 295.516641][ C0] [ 295.516645][ C0] [ 295.516650][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 295.516664][ C0] RIP: 0010:console_flush_all+0x9a2/0xc60 [ 295.516680][ C0] Code: 00 e8 92 99 28 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 40 c4 20 00 48 85 db 0f 85 55 01 00 00 e8 c2 c8 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 a7 86 87 [ 295.516692][ C0] RSP: 0018:ffffc900036f6f90 EFLAGS: 00000287 [ 295.516702][ C0] RAX: ffffffff8f2eb858 RBX: 0000000000000000 RCX: ffffc9000e3da000 [ 295.516710][ C0] RDX: 0000000000080000 RSI: ffffffff819b53ee RDI: 0000000000000007 [ 295.516718][ C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 295.516726][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8f2eb858 [ 295.516735][ C0] R13: ffffffff8f2eb800 R14: ffffc900036f7020 R15: dffffc0000000000 [ 295.516747][ C0] ? console_flush_all+0x99e/0xc60 [ 295.516767][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 295.516786][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 295.516804][ C0] console_unlock+0xd8/0x210 [ 295.516819][ C0] ? __pfx_console_unlock+0x10/0x10 [ 295.516833][ C0] ? do_raw_spin_unlock+0x100/0x230 [ 295.516847][ C0] ? _printk+0xc7/0x100 [ 295.516866][ C0] ? __down_trylock_console_sem+0xb0/0x140 [ 295.516879][ C0] vprintk_emit+0x418/0x6d0 [ 295.516895][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 295.516910][ C0] ? find_held_lock+0x2b/0x80 [ 295.516926][ C0] _printk+0xc7/0x100 [ 295.516944][ C0] ? __pfx__printk+0x10/0x10 [ 295.516963][ C0] ? __pfx____ratelimit+0x10/0x10 [ 295.516982][ C0] __nla_validate_parse+0x1870/0x2880 [ 295.516999][ C0] ? __pfx___nla_validate_parse+0x10/0x10 [ 295.517015][ C0] __nla_parse+0x40/0x60 [ 295.517027][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 295.517047][ C0] rtnl_newlink+0x19a/0x2000 [ 295.517069][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 295.517086][ C0] ? find_held_lock+0x2b/0x80 [ 295.517101][ C0] ? avc_has_perm_noaudit+0x117/0x3b0 [ 295.517116][ C0] ? avc_has_perm_noaudit+0x149/0x3b0 [ 295.517130][ C0] ? cred_has_capability.isra.0+0x193/0x2f0 [ 295.517148][ C0] ? __lock_acquire+0x622/0x1c90 [ 295.517171][ C0] ? find_held_lock+0x2b/0x80 [ 295.517184][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 295.517202][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 295.517220][ C0] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 295.517239][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 295.517258][ C0] rtnetlink_rcv_msg+0x95b/0xe90 [ 295.517278][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 295.517299][ C0] ? ref_tracker_free+0x37c/0x830 [ 295.517318][ C0] netlink_rcv_skb+0x155/0x420 [ 295.517332][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 295.517357][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 295.517375][ C0] ? netlink_deliver_tap+0x1ae/0xd30 [ 295.517390][ C0] netlink_unicast+0x53d/0x7f0 [ 295.517406][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 295.517423][ C0] netlink_sendmsg+0x8d1/0xdd0 [ 295.517439][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 295.517458][ C0] ____sys_sendmsg+0xa98/0xc70 [ 295.517472][ C0] ? copy_msghdr_from_user+0x10a/0x160 [ 295.517491][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 295.517504][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 295.517523][ C0] ? try_to_wake_up+0xa2f/0x1680 [ 295.517540][ C0] ___sys_sendmsg+0x134/0x1d0 [ 295.517559][ C0] ? __pfx____sys_sendmsg+0x10/0x10 [ 295.517576][ C0] ? __lock_acquire+0x622/0x1c90 [ 295.517610][ C0] __sys_sendmsg+0x16d/0x220 [ 295.517628][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 295.517646][ C0] ? __x64_sys_futex+0x1e0/0x4c0 [ 295.517673][ C0] do_syscall_64+0xcd/0x4c0 [ 295.517693][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.517706][ C0] RIP: 0033:0x7f9d9bf8e929 [ 295.517718][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.517729][ C0] RSP: 002b:00007f9d9ce4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 295.517742][ C0] RAX: ffffffffffffffda RBX: 00007f9d9c1b5fa0 RCX: 00007f9d9bf8e929 [ 295.517750][ C0] RDX: 0000000004058880 RSI: 0000200000000600 RDI: 0000000000000003 [ 295.517759][ C0] RBP: 00007f9d9c010b39 R08: 0000000000000000 R09: 0000000000000000 [ 295.517767][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.517774][ C0] R13: 0000000000000000 R14: 00007f9d9c1b5fa0 R15: 00007fff9345fe08 [ 295.517789][ C0] [ 295.518169][ C1] rcu: rcu_preempt kthread starved for 10500 jiffies! g15301 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 295.518189][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 295.518197][ C1] rcu: RCU grace-period kthread stack dump: [ 295.518203][ C1] task:rcu_preempt state:R running task stack:27272 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 295.518261][ C1] Call Trace: [ 295.518267][ C1] [ 295.518277][ C1] __schedule+0x116a/0x5de0 [ 295.518309][ C1] ? __lock_acquire+0x622/0x1c90 [ 295.518338][ C1] ? __pfx___schedule+0x10/0x10 [ 295.518366][ C1] ? find_held_lock+0x2b/0x80 [ 295.518386][ C1] ? schedule+0x2d7/0x3a0 [ 295.518412][ C1] schedule+0xe7/0x3a0 [ 295.518435][ C1] schedule_timeout+0x123/0x290 [ 295.518456][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 295.518478][ C1] ? __pfx_process_timeout+0x10/0x10 [ 295.518502][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 295.518526][ C1] ? prepare_to_swait_event+0xf5/0x480 [ 295.518555][ C1] rcu_gp_fqs_loop+0x1ea/0xb00 [ 295.518583][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 295.518610][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 295.518634][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 295.518657][ C1] ? rcu_gp_cleanup+0x7c1/0xd90 [ 295.518687][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 295.518713][ C1] rcu_gp_kthread+0x270/0x380 [ 295.518739][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 295.518763][ C1] ? rcu_is_watching+0x12/0xc0 [ 295.518784][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 295.518809][ C1] ? __kthread_parkme+0x19e/0x250 [ 295.518834][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 295.518860][ C1] kthread+0x3c5/0x780 [ 295.518877][ C1] ? __pfx_kthread+0x10/0x10 [ 295.518895][ C1] ? rcu_is_watching+0x12/0xc0 [ 295.518915][ C1] ? __pfx_kthread+0x10/0x10 [ 295.518931][ C1] ret_from_fork+0x5d4/0x6f0 [ 295.518954][ C1] ? __pfx_kthread+0x10/0x10 [ 295.518970][ C1] ret_from_fork_asm+0x1a/0x30 [ 295.519000][ C1] [ 295.519006][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 295.519015][ C1] CPU: 1 UID: 0 PID: 7428 Comm: syz.0.414 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 295.519035][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.519044][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x8/0x20 [ 295.519064][ C1] Code: bf 03 00 00 00 e9 58 fe ff ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <89> f2 89 fe bf 05 00 00 00 e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00 [ 295.519080][ C1] RSP: 0018:ffffc900036e7a40 EFLAGS: 00000202 [ 295.519100][ C1] RAX: 0000000000000001 RBX: ffff8880b8443ba0 RCX: ffffffff81b0011d [ 295.519111][ C1] RDX: 0000000000080000 RSI: 0000000000000001 RDI: 0000000000000000 [ 295.519122][ C1] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 295.519133][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 295.519144][ C1] R13: 0000000000000003 R14: ffffed1017088775 R15: ffff8880b853cf40 [ 295.519155][ C1] FS: 00007f8e2ab4d6c0(0000) GS:ffff888124854000(0000) knlGS:0000000000000000 [ 295.519172][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 295.519183][ C1] CR2: 00007f8e2ab4cf98 CR3: 000000005d82f000 CR4: 00000000003526f0 [ 295.519195][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 295.519205][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 295.519216][ C1] Call Trace: [ 295.519222][ C1] [ 295.519228][ C1] smp_call_function_many_cond+0xd9d/0x1510 [ 295.519250][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 295.519276][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 295.519306][ C1] ? __pfx___text_poke+0x10/0x10 [ 295.519325][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 295.519341][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 295.519363][ C1] ? io_submit_sqes+0x38a/0x2580 [ 295.519381][ C1] smp_text_poke_batch_finish+0x27b/0xdb0 [ 295.519401][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 295.519429][ C1] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 295.519453][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 295.519473][ C1] ? find_held_lock+0x2b/0x80 [ 295.519501][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 295.519521][ C1] jump_label_update+0x376/0x550 [ 295.519544][ C1] static_key_slow_inc_cpuslocked+0x82/0x120 [ 295.519566][ C1] static_key_slow_inc+0x1a/0x30 [ 295.519584][ C1] io_uring_setup+0x18f9/0x2120 [ 295.519609][ C1] ? __pfx_io_uring_setup+0x10/0x10 [ 295.519628][ C1] ? avc_has_perm_noaudit+0x117/0x3b0 [ 295.519650][ C1] ? avc_has_perm_noaudit+0x149/0x3b0 [ 295.519683][ C1] ? do_user_addr_fault+0x843/0x1370 [ 295.519713][ C1] __x64_sys_io_uring_setup+0xc2/0x170 [ 295.519735][ C1] do_syscall_64+0xcd/0x4c0 [ 295.519762][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.519779][ C1] RIP: 0033:0x7f8e29d8e929 [ 295.519792][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.519808][ C1] RSP: 002b:00007f8e2ab4d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 295.519825][ C1] RAX: ffffffffffffffda RBX: 00007f8e29fb5fa0 RCX: 00007f8e29d8e929 [ 295.519837][ C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000191a [ 295.519847][ C1] RBP: 00007f8e29e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 295.519858][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.519868][ C1] R13: 0000000000000001 R14: 00007f8e29fb5fa0 R15: 00007ffc30590148 [ 295.519892][ C1] [ 441.770095][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 246s! [syz.0.414:7428] [ 441.770116][ C1] Modules linked in: [ 441.770125][ C1] irq event stamp: 895542 [ 441.770131][ C1] hardirqs last enabled at (895541): [] irqentry_exit+0x3b/0x90 [ 441.770164][ C1] hardirqs last disabled at (895542): [] sysvec_apic_timer_interrupt+0xe/0xc0 [ 441.770189][ C1] softirqs last enabled at (895538): [] handle_softirqs+0x5be/0x8e0 [ 441.770211][ C1] softirqs last disabled at (895523): [] __irq_exit_rcu+0x109/0x170 [ 441.770236][ C1] CPU: 1 UID: 0 PID: 7428 Comm: syz.0.414 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 441.770255][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 441.770265][ C1] RIP: 0010:smp_call_function_many_cond+0xd7b/0x1510 [ 441.770287][ C1] Code: e8 1a 17 0c 00 45 85 ed 74 46 48 8b 14 24 49 89 d6 49 89 d5 49 c1 ee 03 41 83 e5 07 4d 01 e6 41 83 c5 03 e8 b7 1b 0c 00 f3 90 <41> 0f b6 06 41 38 c5 7c 08 84 c0 0f 85 6f 05 00 00 8b 43 08 31 ff [ 441.770303][ C1] RSP: 0018:ffffc900036e7a48 EFLAGS: 00000246 [ 441.770316][ C1] RAX: 0000000000080000 RBX: ffff8880b8443ba0 RCX: ffffc90005a73000 [ 441.770327][ C1] RDX: 0000000000080000 RSI: ffffffff81b000f9 RDI: 0000000000000005 [ 441.770337][ C1] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 441.770346][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 441.770356][ C1] R13: 0000000000000003 R14: ffffed1017088775 R15: ffff8880b853cf40 [ 441.770367][ C1] FS: 00007f8e2ab4d6c0(0000) GS:ffff888124854000(0000) knlGS:0000000000000000 [ 441.770384][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 441.770396][ C1] CR2: 00007f8e2ab4cf98 CR3: 000000005d82f000 CR4: 00000000003526f0 [ 441.770406][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 441.770416][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 441.770425][ C1] Call Trace: [ 441.770431][ C1] [ 441.770438][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 441.770464][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 441.770493][ C1] ? __pfx___text_poke+0x10/0x10 [ 441.770511][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 441.770527][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 441.770548][ C1] ? io_submit_sqes+0x38a/0x2580 [ 441.770568][ C1] smp_text_poke_batch_finish+0x27b/0xdb0 [ 441.770593][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 441.770621][ C1] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 441.770644][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 441.770662][ C1] ? find_held_lock+0x2b/0x80 [ 441.770688][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 441.770706][ C1] jump_label_update+0x376/0x550 [ 441.770728][ C1] static_key_slow_inc_cpuslocked+0x82/0x120 [ 441.770748][ C1] static_key_slow_inc+0x1a/0x30 [ 441.770766][ C1] io_uring_setup+0x18f9/0x2120 [ 441.770789][ C1] ? __pfx_io_uring_setup+0x10/0x10 [ 441.770807][ C1] ? avc_has_perm_noaudit+0x117/0x3b0 [ 441.770828][ C1] ? avc_has_perm_noaudit+0x149/0x3b0 [ 441.770856][ C1] ? do_user_addr_fault+0x843/0x1370 [ 441.770884][ C1] __x64_sys_io_uring_setup+0xc2/0x170 [ 441.770905][ C1] do_syscall_64+0xcd/0x4c0 [ 441.770932][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.770948][ C1] RIP: 0033:0x7f8e29d8e929 [ 441.770962][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.770977][ C1] RSP: 002b:00007f8e2ab4d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 441.770991][ C1] RAX: ffffffffffffffda RBX: 00007f8e29fb5fa0 RCX: 00007f8e29d8e929 [ 441.771002][ C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000191a [ 441.771012][ C1] RBP: 00007f8e29e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 441.771021][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 441.771031][ C1] R13: 0000000000000001 R14: 00007f8e29fb5fa0 R15: 00007ffc30590148 [ 441.771054][ C1] [ 441.771061][ C1] Sending NMI from CPU 1 to CPUs 0: [ 441.771083][ C0] NMI backtrace for cpu 0 [ 441.771092][ C0] CPU: 0 UID: 0 PID: 7426 Comm: syz.4.415 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 441.771107][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 441.771115][ C0] RIP: 0010:__hrtimer_run_queues+0x1ff/0xad0 [ 441.771131][ C0] Code: 00 00 fc ff df 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 5f 08 00 00 48 8b 44 24 30 4c 89 f7 c7 80 d8 0a 00 00 01 00 00 00 41 ff d7 <0f> 1f 00 41 89 c7 48 8b 44 24 18 48 8d b8 d8 0a 00 00 48 b8 00 00 [ 441.771143][ C0] RSP: 0018:ffffc90000007e40 EFLAGS: 00000082 [ 441.771153][ C0] RAX: 0000000000000001 RBX: ffff8880b8427d80 RCX: ffffc90000007d54 [ 441.771162][ C0] RDX: 0000000000000000 RSI: ffffffff8ddf3a61 RDI: ffff88807c3c4cc4 [ 441.771171][ C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 441.771179][ C0] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880b8427c80 [ 441.771187][ C0] R13: 0000000000000000 R14: ffff88801b962340 R15: ffffffff899272e0 [ 441.771195][ C0] FS: 00007f9d9ce4f6c0(0000) GS:ffff888124754000(0000) knlGS:0000000000000000 [ 441.771209][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 441.771218][ C0] CR2: 000000110c2ddce2 CR3: 000000007d11e000 CR4: 00000000003526f0 [ 441.771227][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 441.771235][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 441.771243][ C0] Call Trace: [ 441.771247][ C0] [ 441.771255][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 441.771269][ C0] ? read_tsc+0x9/0x20 [ 441.771285][ C0] hrtimer_interrupt+0x397/0x8e0 [ 441.771304][ C0] __sysvec_apic_timer_interrupt+0x108/0x3f0 [ 441.771325][ C0] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 441.771342][ C0] [ 441.771346][ C0] [ 441.771351][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 441.771365][ C0] RIP: 0010:console_flush_all+0x9a2/0xc60 [ 441.771382][ C0] Code: 00 e8 92 99 28 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 40 c4 20 00 48 85 db 0f 85 55 01 00 00 e8 c2 c8 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 a7 86 87 [ 441.771394][ C0] RSP: 0018:ffffc900036f6f90 EFLAGS: 00000287 [ 441.771405][ C0] RAX: ffffffff8f2eb858 RBX: 0000000000000000 RCX: ffffc9000e3da000 [ 441.771413][ C0] RDX: 0000000000080000 RSI: ffffffff819b53ee RDI: 0000000000000007 [ 441.771422][ C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 441.771429][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8f2eb858 [ 441.771437][ C0] R13: ffffffff8f2eb800 R14: ffffc900036f7020 R15: dffffc0000000000 [ 441.771449][ C0] ? console_flush_all+0x99e/0xc60 [ 441.771468][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 441.771486][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 441.771504][ C0] console_unlock+0xd8/0x210 [ 441.771518][ C0] ? __pfx_console_unlock+0x10/0x10 [ 441.771539][ C0] ? do_raw_spin_unlock+0x100/0x230 [ 441.771554][ C0] ? _printk+0xc7/0x100 [ 441.771572][ C0] ? __down_trylock_console_sem+0xb0/0x140 [ 441.771586][ C0] vprintk_emit+0x418/0x6d0 [ 441.771602][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 441.771617][ C0] ? find_held_lock+0x2b/0x80 [ 441.771634][ C0] _printk+0xc7/0x100 [ 441.771653][ C0] ? __pfx__printk+0x10/0x10 [ 441.771673][ C0] ? __pfx____ratelimit+0x10/0x10 [ 441.771694][ C0] __nla_validate_parse+0x1870/0x2880 [ 441.771712][ C0] ? __pfx___nla_validate_parse+0x10/0x10 [ 441.771730][ C0] __nla_parse+0x40/0x60 [ 441.771742][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 441.771763][ C0] rtnl_newlink+0x19a/0x2000 [ 441.771786][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 441.771804][ C0] ? find_held_lock+0x2b/0x80 [ 441.771819][ C0] ? avc_has_perm_noaudit+0x117/0x3b0 [ 441.771839][ C0] ? avc_has_perm_noaudit+0x149/0x3b0 [ 441.771853][ C0] ? cred_has_capability.isra.0+0x193/0x2f0 [ 441.771873][ C0] ? __lock_acquire+0x622/0x1c90 [ 441.771898][ C0] ? find_held_lock+0x2b/0x80 [ 441.771912][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 441.771931][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 441.771948][ C0] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 441.771968][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 441.771987][ C0] rtnetlink_rcv_msg+0x95b/0xe90 [ 441.772008][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 441.772031][ C0] ? ref_tracker_free+0x37c/0x830 [ 441.772051][ C0] netlink_rcv_skb+0x155/0x420 [ 441.772066][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 441.772086][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 441.772105][ C0] ? netlink_deliver_tap+0x1ae/0xd30 [ 441.772121][ C0] netlink_unicast+0x53d/0x7f0 [ 441.772136][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 441.772154][ C0] netlink_sendmsg+0x8d1/0xdd0 [ 441.772171][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 441.772190][ C0] ____sys_sendmsg+0xa98/0xc70 [ 441.772205][ C0] ? copy_msghdr_from_user+0x10a/0x160 [ 441.772223][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 441.772237][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 441.772256][ C0] ? try_to_wake_up+0xa2f/0x1680 [ 441.772273][ C0] ___sys_sendmsg+0x134/0x1d0 [ 441.772292][ C0] ? __pfx____sys_sendmsg+0x10/0x10 [ 441.772309][ C0] ? __lock_acquire+0x622/0x1c90 [ 441.772344][ C0] __sys_sendmsg+0x16d/0x220 [ 441.772363][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 441.772381][ C0] ? __x64_sys_futex+0x1e0/0x4c0 [ 441.772408][ C0] do_syscall_64+0xcd/0x4c0 [ 441.772427][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.772440][ C0] RIP: 0033:0x7f9d9bf8e929 [ 441.772451][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.772463][ C0] RSP: 002b:00007f9d9ce4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 441.772475][ C0] RAX: ffffffffffffffda RBX: 00007f9d9c1b5fa0 RCX: 00007f9d9bf8e929 [ 441.772484][ C0] RDX: 0000000004058880 RSI: 0000200000000600 RDI: 0000000000000003 [ 441.772492][ C0] RBP: 00007f9d9c010b39 R08: 0000000000000000 R09: 0000000000000000 [ 441.772500][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 441.772508][ C0] R13: 0000000000000000 R14: 00007f9d9c1b5fa0 R15: 00007fff9345fe08 [ 441.772523][ C0] [ 441.773080][ C1] Kernel panic - not syncing: softlockup: hung tasks [ 441.773092][ C1] CPU: 1 UID: 0 PID: 7428 Comm: syz.0.414 Tainted: G L 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 441.773116][ C1] Tainted: [L]=SOFTLOCKUP [ 441.773122][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 441.773132][ C1] Call Trace: [ 441.773138][ C1] [ 441.773145][ C1] dump_stack_lvl+0x3d/0x1f0 [ 441.773171][ C1] panic+0x71c/0x800 [ 441.773195][ C1] ? __pfx_panic+0x10/0x10 [ 441.773216][ C1] ? __pfx__printk+0x10/0x10 [ 441.773243][ C1] ? nmi_backtrace_stall_check+0x6e/0x540 [ 441.773269][ C1] ? irq_work_queue+0xce/0x100 [ 441.773291][ C1] ? watchdog_timer_fn+0x5f9/0x7d0 [ 441.773310][ C1] ? watchdog_timer_fn+0x5ec/0x7d0 [ 441.773332][ C1] watchdog_timer_fn+0x60a/0x7d0 [ 441.773354][ C1] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 441.773372][ C1] __hrtimer_run_queues+0x5ed/0xad0 [ 441.773397][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 441.773415][ C1] ? read_tsc+0x9/0x20 [ 441.773440][ C1] hrtimer_interrupt+0x397/0x8e0 [ 441.773470][ C1] __sysvec_apic_timer_interrupt+0x108/0x3f0 [ 441.773497][ C1] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 441.773520][ C1] [ 441.773526][ C1] [ 441.773533][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 441.773551][ C1] RIP: 0010:smp_call_function_many_cond+0xd7b/0x1510 [ 441.773572][ C1] Code: e8 1a 17 0c 00 45 85 ed 74 46 48 8b 14 24 49 89 d6 49 89 d5 49 c1 ee 03 41 83 e5 07 4d 01 e6 41 83 c5 03 e8 b7 1b 0c 00 f3 90 <41> 0f b6 06 41 38 c5 7c 08 84 c0 0f 85 6f 05 00 00 8b 43 08 31 ff [ 441.773594][ C1] RSP: 0018:ffffc900036e7a48 EFLAGS: 00000246 [ 441.773608][ C1] RAX: 0000000000080000 RBX: ffff8880b8443ba0 RCX: ffffc90005a73000 [ 441.773620][ C1] RDX: 0000000000080000 RSI: ffffffff81b000f9 RDI: 0000000000000005 [ 441.773631][ C1] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 441.773641][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 441.773651][ C1] R13: 0000000000000003 R14: ffffed1017088775 R15: ffff8880b853cf40 [ 441.773672][ C1] ? smp_call_function_many_cond+0xd79/0x1510 [ 441.773696][ C1] ? smp_call_function_many_cond+0xd79/0x1510 [ 441.773718][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 441.773742][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 441.773770][ C1] ? __pfx___text_poke+0x10/0x10 [ 441.773788][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 441.773805][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 441.773827][ C1] ? io_submit_sqes+0x38a/0x2580 [ 441.773843][ C1] smp_text_poke_batch_finish+0x27b/0xdb0 [ 441.773864][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 441.773891][ C1] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 441.773914][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 441.773934][ C1] ? find_held_lock+0x2b/0x80 [ 441.773960][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 441.773980][ C1] jump_label_update+0x376/0x550 [ 441.774002][ C1] static_key_slow_inc_cpuslocked+0x82/0x120 [ 441.774023][ C1] static_key_slow_inc+0x1a/0x30 [ 441.774041][ C1] io_uring_setup+0x18f9/0x2120 [ 441.774065][ C1] ? __pfx_io_uring_setup+0x10/0x10 [ 441.774084][ C1] ? avc_has_perm_noaudit+0x117/0x3b0 [ 441.774104][ C1] ? avc_has_perm_noaudit+0x149/0x3b0 [ 441.774134][ C1] ? do_user_addr_fault+0x843/0x1370 [ 441.774162][ C1] __x64_sys_io_uring_setup+0xc2/0x170 [ 441.774183][ C1] do_syscall_64+0xcd/0x4c0 [ 441.774210][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.774226][ C1] RIP: 0033:0x7f8e29d8e929 [ 441.774238][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.774254][ C1] RSP: 002b:00007f8e2ab4d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 441.774269][ C1] RAX: ffffffffffffffda RBX: 00007f8e29fb5fa0 RCX: 00007f8e29d8e929 [ 441.774280][ C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000191a [ 441.774291][ C1] RBP: 00007f8e29e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 441.774301][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 441.774311][ C1] R13: 0000000000000001 R14: 00007f8e29fb5fa0 R15: 00007ffc30590148 [ 441.774335][ C1] [ 442.875039][ C1] Shutting down cpus with NMI [ 442.875242][ C1] Kernel Offset: disabled