last executing test programs: 23.389632248s ago: executing program 4 (id=313): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x63a, 0x0, 0x0, 0x0, 0x3ff}, [@call={0x85, 0x0, 0x0, 0xa8}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffc}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000bc0)={{0x12, 0x1, 0x0, 0x44, 0x39, 0xdc, 0x40, 0x1660, 0x1921, 0x1f84, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x3, 0x0, 0x0, 0xf6, 0x62, 0x70}}]}}]}}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x6c, 0xf9, 0x6b, 0x10, 0x9e8, 0x62, 0x80f2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf0, 0x3e, 0xfc}}]}}]}}, 0x0) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="2085e50001000100f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r2) pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00') syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) 20.336734432s ago: executing program 4 (id=327): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x400, 0x20000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8}, @TCA_FQ_PIE_BYTEMODE={0x8}]}}]}, 0x44}}, 0x4) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000100)={r4, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0x4], [0x0, 0x0, 0x0, 0x40000], [0x0, 0x0, 0x1]}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000300)={r4}) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000002c0)={r5, 0x0}) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f0000000000)={r6}) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f0000000280)={r6}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r7}, 0x10) r8 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000000)={'macsec0\x00', 0x300}) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000240)={'macsec0\x00', 0x1}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x20008844) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x400, 0x20000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8}, @TCA_FQ_PIE_BYTEMODE={0x8}]}}]}, 0x44}}, 0x4) (async) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) (async) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) (async) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) (async) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r3}) (async) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000100)={r4, 0x0, 0x0, 0x0, 0x0, [], [0x0, 0x4], [0x0, 0x0, 0x0, 0x40000], [0x0, 0x0, 0x1]}) (async) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000300)={r4}) (async) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000002c0)={r5}) (async) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f0000000000)={r6}) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f0000000280)={r6}) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r7}, 0x10) (async) socket$inet6_udp(0xa, 0x2, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000000)={'macsec0\x00', 0x300}) (async) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000240)={'macsec0\x00', 0x1}) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x20008844) (async) 19.997810717s ago: executing program 4 (id=328): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40040d0}, 0x24000010) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010026"], 0x0, 0x26, 0x0, 0xa}, 0x28) (fail_nth: 7) 19.93574103s ago: executing program 4 (id=330): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'macvtap0\x00', &(0x7f0000000300)=@ethtool_link_settings={0x14, 0x3, 0x6, 0xf1, 0x7, 0xf, 0x0, 0xb6, 0x0, 0x4, [0x2, 0x1, 0xfffffff1, 0x9, 0x7fff, 0x4, 0xffffffff, 0x3]}}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20) 19.108798466s ago: executing program 4 (id=336): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x0) 18.152734895s ago: executing program 4 (id=339): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x82) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000000)=""/45, 0x2d) getdents64(r2, 0x0, 0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000000206050000000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a30000000000500040000400000050005000a000000050001000600000014000780080006400000000008001340"], 0x64}}, 0x24002800) 17.769895811s ago: executing program 32 (id=339): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x82) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000000)=""/45, 0x2d) getdents64(r2, 0x0, 0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000000206050000000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a30000000000500040000400000050005000a000000050001000600000014000780080006400000000008001340"], 0x64}}, 0x24002800) 8.315592815s ago: executing program 1 (id=371): pipe(0x0) socket$inet6_sctp(0xa, 0x1, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000c00)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}]]}, 0x30}}, 0x4040000) fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r5 = gettid() r6 = syz_open_procfs(r5, &(0x7f0000000040)='timerslack_ns\x00') write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x0, 0x0, 0x600}}, 0x30) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x88, 0x94, 0x5b, 0x40, 0x46d, 0x8b7, 0xca8e, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x7f, 0x0, 0xc0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xdd, 0xc5, 0x42}}]}}]}}, 0x0) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) syz_emit_ethernet(0xba, &(0x7f0000000200)={@local, @broadcast, @void, {@llc={0x4, {@snap={0x0, 0xaa, "e4", "0f6ab6", 0x8100, "1fda2376ded2e2452034da9fd770b3db3b4a0f3a12b083ae935bfce6d04b057b808907022cf1c676820f4cd90dbbdaf80a703d4687dafac94496d422fa15d4b2f5ce2ff53a37fe42b08083de4fcc5d22050d43a7cfe7dc1c325fcb9a0f7eabd0619662109eefe2ac60ec1d6ca41075732d3801ad1eb3356babcf7c098e8427a83b852e2135e0bc6fbefe76e34ca7f99035abe748163bf9a019c034b242be916c0d6c17ae"}}}}}, 0x0) ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000)) 6.417293262s ago: executing program 3 (id=376): syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) socket(0x40000000015, 0x5, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0) shmget(0x1, 0xffffffffff000, 0x200, &(0x7f0000ffb000/0x3000)=nil) 5.733838798s ago: executing program 0 (id=378): socket$netlink(0x10, 0x3, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x1c, r1, 0xfc5, 0x70bd2a, 0x0, {{0x11}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4804}, 0x0) 5.571462175s ago: executing program 1 (id=379): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x400, 0x870, 0x1, 0x3, 0xd59f80, 0xc00, 0x3f, 0x5, 0x3, 0x5, 0x2800, 0x9, 0x2, 0xba2, 0xc, 0x30, {0x8, 0x1}, 0xd0, 0x9}}) 5.47413049s ago: executing program 0 (id=380): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, r0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000000)={r2, 0x0, 0xfffffffffffffffe}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000"], 0x0, 0x2}, 0x94) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x14, 0x0, 0x4}, 0x14}}, 0x0) sendmsg$NLBL_MGMT_C_REMOVE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, 0x0, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_MGMT_A_DOMAIN={0xc, 0x1, '\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8800}, 0x40000) sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f0000000300)={&(0x7f0000000200), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYBLOB="000129bd7000fbdbdf250700000200000008000400030000000800080000010000080007000a01010006000b001a000000140005000000000000711029fd0000"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x8011) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10) shutdown(r3, 0x1) ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@none}) 5.428831127s ago: executing program 1 (id=381): socket$netlink(0x10, 0x3, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x1c, r1, 0xfc5, 0x70bd2a, 0x0, {{0x11}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4804}, 0x0) 5.343066682s ago: executing program 2 (id=382): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffff7}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x8002, 0x7}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r1, 0x0, &(0x7f0000001700)=""/53}, 0x20) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4c840) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x492492492492846, 0x0) fcntl$setstatus(r3, 0x4, 0x2800) r4 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x4, 0x2}, 0x6) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='ext4_mballoc_prealloc\x00', r5, 0x0, 0x4}, 0x18) 5.218825977s ago: executing program 3 (id=383): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = memfd_secret(0x80000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r1, 0x0) ftruncate(r1, 0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x4}, 0x50) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf2500000000000000000000000004000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000001000000000000004400050000000000000000000000000000000000000000022b0000000a000000fc0100000000000000000000000000000000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f156893e9"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c) 5.217997556s ago: executing program 0 (id=384): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x20004e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r5, 0x40045567, 0x0) write$uinput_user_dev(r5, &(0x7f0000000540)={'syz1\x00', {0x6, 0x7fff, 0xb25, 0xb}, 0x6, [0x9, 0x8, 0x5, 0x6, 0x6, 0x3, 0xafc, 0x32, 0x838, 0xb2, 0x6ff5, 0x9f5, 0x5, 0x1000000, 0x0, 0x6, 0x8001, 0x6, 0x4a4c, 0x3, 0xfffffffd, 0x9, 0x10, 0x8001, 0x5, 0x1, 0xd4a, 0xffffe87a, 0x1, 0x6, 0x9, 0x9, 0x8, 0x0, 0x0, 0xe, 0xf9c6, 0x3ff, 0x3ff, 0x4, 0xd, 0xff, 0x8, 0x9, 0x3ff, 0x83f5, 0x0, 0x2, 0x7, 0x7ff, 0x8, 0x3, 0x4, 0x2, 0xa45, 0x1df, 0xffff, 0x3, 0x2, 0x9, 0xf, 0x101, 0x200, 0x9a0], [0x3, 0x8, 0x6, 0xd, 0x1, 0xad10, 0x6, 0x13a0, 0x86, 0x7fff, 0x101, 0x8, 0x5, 0x1, 0x2, 0xffff, 0x4, 0x4a, 0xf, 0xfffff32a, 0xfffffff7, 0x4c4, 0x400, 0x7f, 0x1, 0x7, 0x4, 0x8, 0x30, 0x9, 0x1, 0x3, 0x4c6fbc51, 0x10001, 0xd35, 0xa, 0x6, 0x1, 0x1, 0x200, 0x20, 0x9, 0x0, 0x401, 0x0, 0x3, 0x3, 0x2, 0x4, 0x6, 0xe51, 0x1, 0x7, 0x8, 0x3, 0x2, 0x0, 0x62, 0x7, 0x6, 0x4, 0x6, 0xfff, 0x4], [0xffffffff, 0x9, 0x6, 0xffff, 0x6, 0x8, 0xffffffff, 0xfd, 0x20, 0x8, 0x9, 0x74, 0x283, 0x2, 0x4d, 0x6, 0x6, 0x3ff, 0x10000, 0x5, 0x40, 0x4, 0x8, 0x0, 0x4, 0x5, 0x8001, 0x7, 0x1, 0xffff, 0x5, 0x7, 0x1, 0x9, 0x4, 0xfff, 0x3, 0x0, 0x1, 0x80000001, 0x53c2, 0x4, 0x4, 0x3, 0x80, 0x50, 0x3, 0xc, 0x8, 0x5, 0x8, 0x400, 0x3, 0x5, 0x86, 0x6, 0x400000, 0xb, 0x4, 0x0, 0x400, 0xfe6c, 0x2, 0x9], [0x3, 0x9, 0xffffffff, 0x2, 0x66, 0xffff, 0x401, 0x6, 0x3, 0x3, 0x101, 0x4, 0x9, 0x8, 0xce, 0x2, 0x8001, 0x1, 0x7, 0x6, 0x601000, 0x9, 0x5, 0xd, 0x1, 0x446, 0x800, 0x2, 0x0, 0x3, 0x2, 0x375, 0x428, 0x6, 0x5, 0x4, 0x7fff, 0x4, 0x3a2, 0x3, 0x2005, 0xe, 0xee6, 0x0, 0x7, 0x3, 0x8241, 0x7, 0x3, 0x9, 0x8, 0x3, 0x1, 0x1, 0x3, 0x296, 0x6, 0x7, 0xf, 0x0, 0x3, 0x7, 0xd, 0x56be]}, 0x45c) ioctl$UI_DEV_CREATE(r5, 0x5501) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) pivot_root(&(0x7f0000000100)='./file0\x00', &(0x7f00000003c0)='./file0\x00') close_range(r6, 0xffffffffffffffff, 0x0) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, 0x0) 4.997778326s ago: executing program 3 (id=385): syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r1, &(0x7f00000000c0)='cpu.idle\x00', 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000400)='syscall\x00') lseek(r2, 0x8, 0x0) 4.377898334s ago: executing program 1 (id=386): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r1) sendmmsg$unix(r0, &(0x7f0000000d40)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x30}, 0x6e, 0x0}}], 0x1, 0x0) 4.30051925s ago: executing program 0 (id=387): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000380)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWSETELEM={0x60, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_EXPRESSIONS={0x4, 0x6, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0x6}, @val={0x480}}}]}]}]}]}], {0x14, 0x10}}, 0xe4}}, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x3, r2, 0xcccccccc}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f0000000440)=[r2], &(0x7f0000000200), &(0x7f00000000c0)=[r5], &(0x7f0000000040), 0x0, 0x300}) 4.154912633s ago: executing program 1 (id=388): syz_usb_connect(0x3, 0x2d, &(0x7f0000001040)=ANY=[@ANYBLOB="1201000229639010861a2d754d2d0102030109021b000100000000090401"], 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x81, 0x0) syz_usb_connect$cdc_ecm(0x6, 0xcd, &(0x7f0000000280)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbb, 0x1, 0x1, 0x0, 0x30, 0x7, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x2, 0x6, 0x0, 0x9, {{0x9, 0x24, 0x6, 0x0, 0x0, "6310f5f7"}, {0x5, 0x24, 0x0, 0xfff}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x9, 0x28, 0x3}, [@network_terminal={0x7, 0x24, 0xa, 0x8, 0x1, 0xed, 0x1}, @mdlm_detail={0x62, 0x24, 0x13, 0x0, "e1b5852b3af5331b3474d3971b1702d00dd44ab85c2a07f4c6d4d8fc34195ce361a08935fa94ef119e926413fdc06f160182b09c37b9ad3c0cfef05aaea17e90fa4fd7e444b6417a9e264524d1e91b4f2805e9fc426280fd5f42cb7978ee"}, @country_functional={0xc, 0x24, 0x7, 0x8, 0x8000, [0x4, 0xffff, 0x4]}, @network_terminal={0x7, 0x24, 0xa, 0xf3, 0x3, 0x1, 0x7}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x14, 0xf, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x9, 0x0, 0x1}}}}}]}}]}}, &(0x7f0000000180)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x250, 0x5, 0x9a, 0xf8, 0x40, 0x2}, 0x47, &(0x7f0000000100)={0x5, 0xf, 0x47, 0x4, [@ssp_cap={0x24, 0x10, 0xa, 0x3, 0x6, 0x9, 0x0, 0x71, [0xc0, 0x0, 0xff0000, 0xffc00f, 0x18, 0x30]}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "1107752b8fa871254d0fe94b7a9ba3b4"}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x2, 0x0, 0xfffb}, @ptm_cap={0x3}]}, 0x1, [{0x7d, &(0x7f0000000380)=@string={0x7d, 0x3, "370388dd4874443b12bfa6f147e465028c31518b16ac86d1f167b63bb745bc14ac74c387dd8818cdd5f04d94ae880609be2ae1316c6f068f9284a7774bcb4cf403bc4c10bd8e9e8989f9ee9fea303f6f7b7175dabd208b63f0fa9862239b984d0dc5ca2377c839b98c13347e349018e9cf09c67ff2ed59b2e04f87"}}]}) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) syz_usb_connect$cdc_ecm(0x5, 0x5a, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000102505a1a440000000010109024800010100200009040000ff02020000052406000005240004000d240f010900000000000000000424020a090581032000037fff0905820200000001000905030208e1"], 0x0) r5 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7736, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8}) io_uring_enter(r5, 0x47bc, 0x0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES32=r0], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x10) 3.745792207s ago: executing program 2 (id=389): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000000)={r2, 0x0, 0xfffffffffffffffe}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000"], 0x0, 0x2}, 0x94) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x14, 0x0, 0x4}, 0x14}}, 0x0) r7 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000012c0), r6) sendmsg$NLBL_MGMT_C_REMOVE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, r7, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_MGMT_A_DOMAIN={0xc, 0x1, '\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8800}, 0x40000) sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f0000000300)={&(0x7f0000000200), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYBLOB="000129bd7000fbdbdf250700000200000008000400030000000800080000010000080007000a01010006000b001a000000140005000000000000711029fd0000000000000100000000"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x8011) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) shutdown(r3, 0x1) ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@none}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) 3.269764988s ago: executing program 2 (id=390): ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x400, 0x870, 0x1, 0x3, 0xd59f80, 0xc00, 0x3f, 0x5, 0x3, 0x5, 0x2800, 0x9, 0x2, 0xba2, 0xc, 0x30, {0x8, 0x1}, 0xd0, 0x9}}) 3.102398004s ago: executing program 2 (id=391): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r2, &(0x7f0000000140)=[{&(0x7f0000000a40)=""/65, 0x41}], 0x1, 0xfffffffc, 0x104) 1.81719882s ago: executing program 2 (id=392): syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) socket(0x40000000015, 0x5, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0) shmget(0x1, 0xffffffffff000, 0x200, &(0x7f0000ffb000/0x3000)=nil) 1.64035663s ago: executing program 3 (id=393): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, r0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000000)={r2, 0x0, 0xfffffffffffffffe}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000"], 0x0, 0x2}, 0x94) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x14, 0x0, 0x4}, 0x14}}, 0x0) sendmsg$NLBL_MGMT_C_REMOVE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, 0x0, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_MGMT_A_DOMAIN={0xc, 0x1, '\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8800}, 0x40000) sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f0000000300)={&(0x7f0000000200), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYBLOB="000129bd7000fbdbdf250700000200000008000400030000000800080000010000080007000a01010006000b001a000000140005000000000000711029fd0000"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x8011) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10) shutdown(r3, 0x1) ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@none}) 1.430679965s ago: executing program 0 (id=394): openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) r0 = socket(0xa, 0x3, 0x3b) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, 0xffffffffffffffff, 0x39, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x100000}}, 0x40) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x1, 0x0, 0x2}, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) clock_nanosleep(0xa, 0x0, 0x0, 0x0) r3 = syz_open_dev$sg(0x0, 0x0, 0x5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, &(0x7f00000000c0)=0x20, 0x4) ioctl(0xffffffffffffffff, 0x5, &(0x7f00000002c0)="2f57dc2df2f3f2d24a5b17fede7e55c34b8d0f8b2e97f479d5bf5e9b121131f316c31ea417ece8507aa228e7cfeeafc5260df3c390a9cb23e01707b13a8d2658d660ac34f421ae9d8d93fc191a8a017ade5d5f671c5937") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f000001aa40)=""/102400, 0x19000) ioctl$SG_IO(r3, 0x2285, 0x0) prctl$PR_GET_THP_DISABLE(0x2a) keyctl$get_keyring_id(0x0, 0x0, 0x1000) setrlimit(0xc, &(0x7f0000000100)={0x1, 0x9}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, 0x0, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x20000045, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000040)='lp\x00', 0x3) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_GET(r7, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000940)={0x14, r6, 0x705, 0x70bd23, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20004000}, 0x4000) shutdown(r5, 0x1) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_NOACK_MAP(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01002dbd9568ffdbdf255700000008000300", @ANYRES32=r9, @ANYBLOB="06009500fa"], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x40) 1.26895809s ago: executing program 3 (id=395): mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x1ff) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) writev(r2, &(0x7f0000004380)=[{&(0x7f00000007c0)='e', 0x1}], 0x1) socket$tipc(0x1e, 0x5, 0x0) socket$tipc(0x1e, 0x5, 0x0) r3 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7278, 0x0, 0x1, 0x18e}, &(0x7f0000000000)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_uring_enter(r3, 0x26c8, 0x0, 0x1, 0x0, 0x10) readahead(r1, 0xd28b, 0x1) 158.705651ms ago: executing program 2 (id=396): r0 = socket$pppl2tp(0x18, 0x1, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x2, &(0x7f0000000240)=0x9, 0x4) setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f00000002c0)=0xffff, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0xd2, &(0x7f0000000d00)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60000000009c1100fe8000000000000000000000000000bbff02000000000000000000000000000100000e22009c90"], 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000040)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000) read$qrtrtun(0xffffffffffffffff, &(0x7f00000004c0)=""/57, 0x39) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r4 = gettid() r5 = epoll_create(0x20003fd) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r6, 0x6, 0x17, 0x0, &(0x7f0000000100)) r7 = eventfd(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, &(0x7f0000000000)={0x2}) kcmp$KCMP_EPOLL_TFD(r4, r4, 0x7, r7, &(0x7f0000000080)={r5, r7}) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) mlockall(0x6) ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x100}}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) 157.695677ms ago: executing program 3 (id=397): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r1) sendmmsg$unix(r0, &(0x7f0000000d40)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x30}, 0x6e, 0x0}}], 0x1, 0x0) 135.777636ms ago: executing program 1 (id=398): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x37, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') futimesat(r1, &(0x7f0000000080)='./mnt\x00', 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000640)={0x24, 0x0, 0x0, &(0x7f00000005c0)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "2e6e2711"}]}}, 0x0}, 0x0) 0s ago: executing program 0 (id=399): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000501c0007800c0001"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00158018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$inet6(0xa, 0x2, 0x4892) sendmsg$inet(r5, &(0x7f0000000300)={&(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1100000000000000000000000100000000000000000000001c00000000000000000000000700000044"], 0x38}, 0x0) unshare(0x2c020400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0xf, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94) close(0xffffffffffffffff) socketpair(0x2c, 0x3, 0x0, &(0x7f0000000740)) socket$nl_route(0x10, 0x3, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000070000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0xe, 0x0, &(0x7f00000002c0)="00001a000000002ac7b04b1b980f", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfd}, 0x50) dup(0xffffffffffffffff) read$FUSE(0xffffffffffffffff, &(0x7f0000002340)={0x2020}, 0x2020) kernel console output (not intermixed with test programs): idge_slave_0: entered promiscuous mode [ 62.392892][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.399969][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.407164][ T5827] bridge_slave_0: entered allmulticast mode [ 62.414245][ T5827] bridge_slave_0: entered promiscuous mode [ 62.422372][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.429709][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.437026][ T5827] bridge_slave_1: entered allmulticast mode [ 62.444537][ T5827] bridge_slave_1: entered promiscuous mode [ 62.468619][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.475916][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.484470][ T5819] bridge_slave_1: entered allmulticast mode [ 62.491270][ T5819] bridge_slave_1: entered promiscuous mode [ 62.515081][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.528768][ T5809] hsr_slave_0: entered promiscuous mode [ 62.535752][ T5809] hsr_slave_1: entered promiscuous mode [ 62.550665][ T5812] team0: Port device team_slave_0 added [ 62.565264][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.577517][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.604422][ T5812] team0: Port device team_slave_1 added [ 62.612555][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.623168][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.666233][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.693531][ T5810] team0: Port device team_slave_0 added [ 62.705198][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.712223][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.738167][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.758230][ T5827] team0: Port device team_slave_0 added [ 62.766774][ T5827] team0: Port device team_slave_1 added [ 62.781529][ T5810] team0: Port device team_slave_1 added [ 62.787738][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.795026][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.820927][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.881398][ T5819] team0: Port device team_slave_0 added [ 62.899309][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.907057][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.933511][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.953184][ T5819] team0: Port device team_slave_1 added [ 62.963546][ T5812] hsr_slave_0: entered promiscuous mode [ 62.969591][ T5812] hsr_slave_1: entered promiscuous mode [ 62.975658][ T5812] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.983411][ T5812] Cannot create hsr debugfs directory [ 62.989490][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.996497][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.022547][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.037508][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.044557][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.070527][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.097371][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.104398][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.130336][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.151443][ T5824] Bluetooth: hci3: command tx timeout [ 63.157237][ T5828] Bluetooth: hci0: command tx timeout [ 63.172506][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.179448][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.205569][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.218940][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.226240][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.252689][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.300645][ T5810] hsr_slave_0: entered promiscuous mode [ 63.306648][ T5810] hsr_slave_1: entered promiscuous mode [ 63.312632][ T5810] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.320167][ T5810] Cannot create hsr debugfs directory [ 63.323218][ T5818] Bluetooth: hci1: command tx timeout [ 63.331404][ T5824] Bluetooth: hci2: command tx timeout [ 63.337005][ T5828] Bluetooth: hci4: command tx timeout [ 63.406334][ T5827] hsr_slave_0: entered promiscuous mode [ 63.412703][ T5827] hsr_slave_1: entered promiscuous mode [ 63.418555][ T5827] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.426170][ T5827] Cannot create hsr debugfs directory [ 63.466454][ T5819] hsr_slave_0: entered promiscuous mode [ 63.472837][ T5819] hsr_slave_1: entered promiscuous mode [ 63.478675][ T5819] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.486318][ T5819] Cannot create hsr debugfs directory [ 63.676018][ T5809] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.708082][ T5809] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.739120][ T5809] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.762112][ T5809] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.810007][ T5812] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.825363][ T5812] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.842571][ T5812] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.863445][ T5812] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.906585][ T5819] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.917422][ T5819] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.933894][ T5819] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.963410][ T5819] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 64.025316][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.037712][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.048664][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.058675][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.154393][ T5810] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 64.164519][ T5810] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 64.174696][ T5810] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 64.184785][ T5810] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 64.204208][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.218845][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.266492][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.301075][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.316988][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.324194][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.334786][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.341915][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.362667][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.375288][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.382395][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.394826][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.401934][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.426790][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.447211][ T5819] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.493631][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.500754][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.509408][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.516485][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.556724][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.578155][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.585282][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.628211][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.656514][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 64.656528][ T30] audit: type=1400 audit(1750996247.416:86): avc: denied { sys_module } for pid=5809 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 64.665856][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.719852][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.727019][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.765513][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.772666][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.801494][ T4550] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.808597][ T4550] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.941710][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.002748][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.143273][ T5812] veth0_vlan: entered promiscuous mode [ 65.152769][ T5809] veth0_vlan: entered promiscuous mode [ 65.196557][ T5809] veth1_vlan: entered promiscuous mode [ 65.208231][ T5812] veth1_vlan: entered promiscuous mode [ 65.233621][ T5824] Bluetooth: hci0: command tx timeout [ 65.233629][ T5828] Bluetooth: hci3: command tx timeout [ 65.247975][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.309762][ T5809] veth0_macvtap: entered promiscuous mode [ 65.324081][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.336146][ T5809] veth1_macvtap: entered promiscuous mode [ 65.359236][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.381650][ T5812] veth0_macvtap: entered promiscuous mode [ 65.389216][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.397972][ T5828] Bluetooth: hci2: command tx timeout [ 65.398095][ T5824] Bluetooth: hci4: command tx timeout [ 65.404037][ T5828] Bluetooth: hci1: command tx timeout [ 65.416372][ T5819] veth0_vlan: entered promiscuous mode [ 65.424556][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.436000][ T5812] veth1_macvtap: entered promiscuous mode [ 65.446870][ T5809] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.456765][ T5809] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.465864][ T5809] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.477803][ T5809] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.524644][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.536147][ T5819] veth1_vlan: entered promiscuous mode [ 65.558058][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.594533][ T5812] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.606789][ T5812] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.618635][ T5812] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.627872][ T5812] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.679781][ T5819] veth0_macvtap: entered promiscuous mode [ 65.707863][ T5827] veth0_vlan: entered promiscuous mode [ 65.722515][ T5819] veth1_macvtap: entered promiscuous mode [ 65.756786][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.758869][ T5827] veth1_vlan: entered promiscuous mode [ 65.773963][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.819034][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.834751][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.843425][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.874190][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.887508][ T5827] veth0_macvtap: entered promiscuous mode [ 65.899806][ T5827] veth1_macvtap: entered promiscuous mode [ 65.914324][ T30] audit: type=1400 audit(1750996248.666:87): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/root/syzkaller.I0B4Ax/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 65.922355][ T5810] veth0_vlan: entered promiscuous mode [ 65.946036][ T30] audit: type=1400 audit(1750996248.666:88): avc: denied { mount } for pid=5809 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 65.969520][ T30] audit: type=1400 audit(1750996248.666:89): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/root/syzkaller.I0B4Ax/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 66.000067][ T5819] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.009924][ T5819] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.011235][ T5809] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 66.020899][ T5819] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.042885][ T30] audit: type=1400 audit(1750996248.666:90): avc: denied { mount } for pid=5809 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 66.044926][ T5819] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.065670][ T30] audit: type=1400 audit(1750996248.666:91): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/root/syzkaller.I0B4Ax/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 66.101627][ T30] audit: type=1400 audit(1750996248.676:92): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/root/syzkaller.I0B4Ax/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=6810 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 66.106977][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.145905][ T30] audit: type=1400 audit(1750996248.676:93): avc: denied { unmount } for pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 66.148993][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.168831][ T30] audit: type=1400 audit(1750996248.716:94): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2774 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 66.182299][ T5810] veth1_vlan: entered promiscuous mode [ 66.202112][ T30] audit: type=1400 audit(1750996248.716:95): avc: denied { mount } for pid=5809 comm="syz-executor" name="/" dev="gadgetfs" ino=6816 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 66.240754][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.253494][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.304530][ T5827] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.315975][ T5827] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.326973][ T5827] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.336128][ T5827] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.354103][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.371089][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.379357][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.388650][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.510963][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.519275][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 66.528837][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 66.560357][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.750851][ T5810] veth0_macvtap: entered promiscuous mode [ 66.929864][ T5810] veth1_macvtap: entered promiscuous mode [ 67.140665][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 67.324855][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.332247][ T5828] Bluetooth: hci0: command tx timeout [ 67.337652][ T5828] Bluetooth: hci3: command tx timeout [ 67.387332][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.434111][ T5810] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.468729][ T5810] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.470652][ T5828] Bluetooth: hci4: command tx timeout [ 67.480521][ T5818] Bluetooth: hci2: command tx timeout [ 67.482819][ T5824] Bluetooth: hci1: command tx timeout [ 67.498624][ T5810] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.507417][ T5810] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.579368][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.589551][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.590687][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.604811][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.703506][ T4550] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.745258][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.756054][ T5934] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7'. [ 67.781391][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 67.802153][ T4550] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.833386][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.870869][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.267357][ T4391] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.289425][ T4391] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.320843][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.474189][ T4550] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.484218][ T4550] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.814541][ T5946] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 69.035379][ T5942] kvm: emulating exchange as write [ 69.262715][ T5942] dummy0: entered promiscuous mode [ 69.284237][ T5942] macsec1: entered allmulticast mode [ 69.292487][ T5955] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 69.303160][ T5942] dummy0: entered allmulticast mode [ 69.391083][ T5828] Bluetooth: hci0: command tx timeout [ 69.396980][ T5824] Bluetooth: hci3: command tx timeout [ 69.551269][ T5824] Bluetooth: hci2: command tx timeout [ 69.556693][ T5828] Bluetooth: hci1: command tx timeout [ 69.556711][ T5818] Bluetooth: hci4: command tx timeout [ 69.693023][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 69.693037][ T30] audit: type=1400 audit(1750996252.456:146): avc: denied { execute } for pid=5960 comm="syz.4.10" name="file1" dev="tmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 69.693275][ T5962] process 'syz.4.10' launched './file1' with NULL argv: empty string added [ 69.762150][ T30] audit: type=1400 audit(1750996252.526:147): avc: denied { execute_no_trans } for pid=5960 comm="syz.4.10" path="/1/file1" dev="tmpfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 69.886448][ T30] audit: type=1400 audit(1750996252.636:148): avc: denied { create } for pid=5960 comm="syz.4.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 70.326418][ T30] audit: type=1400 audit(1750996252.646:149): avc: denied { allowed } for pid=5960 comm="syz.4.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 70.345443][ C1] vkms_vblank_simulate: vblank timer overrun [ 70.560559][ T30] audit: type=1400 audit(1750996252.646:150): avc: denied { create } for pid=5960 comm="syz.4.10" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 70.651834][ T30] audit: type=1400 audit(1750996252.646:151): avc: denied { map } for pid=5960 comm="syz.4.10" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=8346 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 70.676561][ T30] audit: type=1400 audit(1750996252.646:152): avc: denied { read write } for pid=5960 comm="syz.4.10" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=8346 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 70.701116][ T30] audit: type=1400 audit(1750996252.676:153): avc: denied { read } for pid=5965 comm="syz.0.11" name="media6" dev="devtmpfs" ino=988 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 70.723984][ T30] audit: type=1400 audit(1750996252.676:154): avc: denied { open } for pid=5965 comm="syz.0.11" path="/dev/media6" dev="devtmpfs" ino=988 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.046729][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.053110][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.094231][ T30] audit: type=1400 audit(1750996252.816:155): avc: denied { ioctl } for pid=5965 comm="syz.0.11" path="/dev/media6" dev="devtmpfs" ino=988 ioctlcmd=0x7c05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 72.126735][ T5988] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15'. [ 72.176731][ T5983] [U]  [ 73.189063][ T5997] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17'. [ 74.625885][ T6008] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 74.867317][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 74.867332][ T30] audit: type=1400 audit(1750996257.626:164): avc: denied { write } for pid=5989 comm="syz.3.16" name="mcfilter" dev="proc" ino=4026532827 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 74.896636][ C1] vkms_vblank_simulate: vblank timer overrun [ 75.090302][ T6014] netlink: 8 bytes leftover after parsing attributes in process `syz.4.21'. [ 75.382271][ T30] audit: type=1400 audit(1750996258.146:165): avc: denied { mounton } for pid=6017 comm="syz.2.22" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 75.620375][ T30] audit: type=1400 audit(1750996258.206:166): avc: denied { create } for pid=6017 comm="syz.2.22" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 75.800813][ T30] audit: type=1400 audit(1750996258.216:167): avc: denied { write } for pid=6017 comm="syz.2.22" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 75.822438][ T30] audit: type=1400 audit(1750996258.216:168): avc: denied { getopt } for pid=6017 comm="syz.2.22" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 75.825146][ T6031] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 75.842766][ T30] audit: type=1400 audit(1750996258.376:169): avc: denied { ioctl } for pid=6016 comm="syz.0.24" path="socket:[8457]" dev="sockfs" ino=8457 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 75.877012][ C1] vkms_vblank_simulate: vblank timer overrun [ 76.719438][ T6022] XFS (nullb0): Invalid superblock magic number [ 76.856397][ T6043] netlink: 8 bytes leftover after parsing attributes in process `syz.4.26'. [ 76.885878][ T30] audit: type=1400 audit(1750996258.576:170): avc: denied { write } for pid=6017 comm="syz.2.22" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 77.541613][ T30] audit: type=1400 audit(1750996260.226:171): avc: denied { read write } for pid=6046 comm="syz.3.28" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 77.612776][ T30] audit: type=1400 audit(1750996260.226:172): avc: denied { open } for pid=6046 comm="syz.3.28" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 77.777735][ T30] audit: type=1400 audit(1750996260.236:173): avc: denied { ioctl } for pid=6046 comm="syz.3.28" path="/dev/uinput" dev="devtmpfs" ino=920 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 79.938002][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 79.938018][ T30] audit: type=1400 audit(1750996262.696:175): avc: denied { create } for pid=6073 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 80.079833][ T6076] netlink: 8 bytes leftover after parsing attributes in process `syz.2.36'. [ 80.098491][ T30] audit: type=1400 audit(1750996262.696:176): avc: denied { connect } for pid=6073 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 80.189537][ T6078] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 80.259820][ T6081] block nbd3: NBD_DISCONNECT [ 80.465476][ T6087] netlink: 28 bytes leftover after parsing attributes in process `syz.1.40'. [ 80.474335][ T6087] netlink: 28 bytes leftover after parsing attributes in process `syz.1.40'. [ 80.710659][ T30] audit: type=1400 audit(1750996263.336:177): avc: denied { ioctl } for pid=6090 comm="syz.1.42" path="socket:[8587]" dev="sockfs" ino=8587 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 81.041161][ T30] audit: type=1400 audit(1750996263.776:178): avc: denied { create } for pid=6096 comm="syz.0.43" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 81.086555][ T30] audit: type=1400 audit(1750996263.826:179): avc: denied { bind } for pid=6096 comm="syz.0.43" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 81.106122][ T30] audit: type=1400 audit(1750996263.826:180): avc: denied { setopt } for pid=6096 comm="syz.0.43" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 81.125647][ T30] audit: type=1400 audit(1750996263.826:181): avc: denied { accept } for pid=6096 comm="syz.0.43" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 81.144741][ C1] vkms_vblank_simulate: vblank timer overrun [ 81.155329][ T975] cfg80211: failed to load regulatory.db [ 81.170576][ T30] audit: type=1400 audit(1750996263.846:182): avc: denied { write } for pid=6096 comm="syz.0.43" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 81.243752][ T30] audit: type=1400 audit(1750996263.846:183): avc: denied { read } for pid=6096 comm="syz.0.43" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 81.728418][ T6110] EXT4-fs (nullb0): VFS: Can't find ext4 filesystem [ 81.875079][ T6114] overlayfs: missing 'lowerdir' [ 82.078449][ T6101] [U]  [ 83.781593][ T6128] netlink: 8 bytes leftover after parsing attributes in process `syz.4.52'. [ 84.009353][ T6137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.54'. [ 84.213209][ T6135] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9 [ 86.671226][ T30] audit: type=1400 audit(1750996269.176:184): avc: denied { read } for pid=6156 comm="syz.0.58" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 86.698169][ T30] audit: type=1400 audit(1750996269.186:185): avc: denied { open } for pid=6156 comm="syz.0.58" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 86.863734][ T30] audit: type=1400 audit(1750996269.536:186): avc: denied { ioctl } for pid=6156 comm="syz.0.58" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 86.902523][ T6155] [U]  [ 87.271845][ T6175] netlink: 28 bytes leftover after parsing attributes in process `syz.2.63'. [ 87.280687][ T6175] netlink: 28 bytes leftover after parsing attributes in process `syz.2.63'. [ 88.495449][ T30] audit: type=1400 audit(1750996271.256:187): avc: denied { create } for pid=6182 comm="syz.1.67" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 89.024018][ T6193] netlink: 8 bytes leftover after parsing attributes in process `syz.2.69'. [ 89.572279][ T30] audit: type=1400 audit(1750996272.336:188): avc: denied { connect } for pid=6196 comm="syz.1.70" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 89.595503][ T6198] netlink: 40 bytes leftover after parsing attributes in process `syz.1.70'. [ 89.861641][ T30] audit: type=1400 audit(1750996272.336:189): avc: denied { create } for pid=6196 comm="syz.1.70" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 89.882919][ T30] audit: type=1400 audit(1750996272.356:190): avc: denied { write } for pid=6196 comm="syz.1.70" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 89.902929][ T30] audit: type=1400 audit(1750996272.616:191): avc: denied { create } for pid=6196 comm="syz.1.70" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 90.455767][ T6215] netlink: 4 bytes leftover after parsing attributes in process `syz.1.73'. [ 90.543973][ T6214] FAULT_INJECTION: forcing a failure. [ 90.543973][ T6214] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 90.695981][ T6214] CPU: 0 UID: 0 PID: 6214 Comm: syz.3.75 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 90.696005][ T6214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 90.696019][ T6214] Call Trace: [ 90.696024][ T6214] [ 90.696030][ T6214] dump_stack_lvl+0x16c/0x1f0 [ 90.696058][ T6214] should_fail_ex+0x512/0x640 [ 90.696083][ T6214] _copy_from_user+0x2e/0xd0 [ 90.696107][ T6214] video_usercopy+0xedd/0x1720 [ 90.696130][ T6214] ? __pfx_subdev_do_ioctl_lock+0x10/0x10 [ 90.696148][ T6214] ? selinux_kernel_read_file+0xa0/0x130 [ 90.696169][ T6214] ? __pfx_video_usercopy+0x10/0x10 [ 90.696205][ T6214] v4l2_ioctl+0x1ba/0x250 [ 90.696223][ T6214] ? __pfx_v4l2_ioctl+0x10/0x10 [ 90.696243][ T6214] __x64_sys_ioctl+0x18b/0x210 [ 90.696263][ T6214] do_syscall_64+0xcd/0x4c0 [ 90.696288][ T6214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.696304][ T6214] RIP: 0033:0x7f804b18e929 [ 90.696317][ T6214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.696332][ T6214] RSP: 002b:00007f804bf80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 90.696347][ T6214] RAX: ffffffffffffffda RBX: 00007f804b3b5fa0 RCX: 00007f804b18e929 [ 90.696357][ T6214] RDX: 00002000000000c0 RSI: 000000004020565a RDI: 0000000000000003 [ 90.696366][ T6214] RBP: 00007f804bf80090 R08: 0000000000000000 R09: 0000000000000000 [ 90.696375][ T6214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 90.696384][ T6214] R13: 0000000000000000 R14: 00007f804b3b5fa0 R15: 00007ffe4c3dd178 [ 90.696411][ T6214] [ 90.866872][ T6205] [U]  [ 91.114718][ T6200] netlink: 'syz.0.71': attribute type 10 has an invalid length. [ 91.265352][ T6222] netlink: 8 bytes leftover after parsing attributes in process `syz.3.76'. [ 92.376199][ T30] audit: type=1400 audit(1750996275.136:192): avc: denied { read write } for pid=6226 comm="syz.4.78" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 92.418486][ T30] audit: type=1400 audit(1750996275.136:193): avc: denied { open } for pid=6226 comm="syz.4.78" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 92.443384][ C1] vkms_vblank_simulate: vblank timer overrun [ 92.693869][ T30] audit: type=1400 audit(1750996275.146:194): avc: denied { setopt } for pid=6226 comm="syz.4.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 92.846373][ T30] audit: type=1400 audit(1750996275.166:195): avc: denied { create } for pid=6202 comm="syz.2.72" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 92.926459][ T30] audit: type=1400 audit(1750996275.166:196): avc: denied { getopt } for pid=6202 comm="syz.2.72" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 92.947198][ T30] audit: type=1400 audit(1750996275.236:197): avc: denied { ioctl } for pid=6202 comm="syz.2.72" path="socket:[8053]" dev="sockfs" ino=8053 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 93.265092][ T6243] netlink: 4 bytes leftover after parsing attributes in process `syz.0.80'. [ 93.485850][ T30] audit: type=1400 audit(1750996276.246:198): avc: denied { sqpoll } for pid=6226 comm="syz.4.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 93.541146][ T30] audit: type=1400 audit(1750996276.306:199): avc: denied { create } for pid=6247 comm="syz.2.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 93.561187][ C1] vkms_vblank_simulate: vblank timer overrun [ 93.581728][ T30] audit: type=1400 audit(1750996276.326:200): avc: denied { write } for pid=6247 comm="syz.2.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 93.601872][ T30] audit: type=1400 audit(1750996276.336:201): avc: denied { connect } for pid=6247 comm="syz.2.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 93.829238][ T6227] bond0: Error: Cannot enslave bond to itself. [ 93.841340][ T5867] usb 3-1: new low-speed USB device number 2 using dummy_hcd [ 94.033610][ T6254] FAULT_INJECTION: forcing a failure. [ 94.033610][ T6254] name failslab, interval 1, probability 0, space 0, times 1 [ 94.047500][ T6254] CPU: 1 UID: 0 PID: 6254 Comm: syz.3.84 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 94.047525][ T6254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.047535][ T6254] Call Trace: [ 94.047541][ T6254] [ 94.047547][ T6254] dump_stack_lvl+0x16c/0x1f0 [ 94.047577][ T6254] should_fail_ex+0x512/0x640 [ 94.047599][ T6254] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 94.047626][ T6254] should_failslab+0xc2/0x120 [ 94.047651][ T6254] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 94.047673][ T6254] ? __alloc_skb+0x2b2/0x380 [ 94.047701][ T6254] __alloc_skb+0x2b2/0x380 [ 94.047722][ T6254] ? __pfx___alloc_skb+0x10/0x10 [ 94.047746][ T6254] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 94.047780][ T6254] netlink_alloc_large_skb+0x69/0x130 [ 94.047797][ T6254] netlink_sendmsg+0x6a1/0xdd0 [ 94.047819][ T6254] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.047845][ T6254] ____sys_sendmsg+0xa98/0xc70 [ 94.047863][ T6254] ? copy_msghdr_from_user+0x10a/0x160 [ 94.047886][ T6254] ? __pfx_____sys_sendmsg+0x10/0x10 [ 94.047915][ T6254] ___sys_sendmsg+0x134/0x1d0 [ 94.047939][ T6254] ? __pfx____sys_sendmsg+0x10/0x10 [ 94.047959][ T6254] ? __lock_acquire+0x622/0x1c90 [ 94.048015][ T6254] __sys_sendmsg+0x16d/0x220 [ 94.048039][ T6254] ? __pfx___sys_sendmsg+0x10/0x10 [ 94.048078][ T6254] do_syscall_64+0xcd/0x4c0 [ 94.048105][ T6254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.048121][ T6254] RIP: 0033:0x7f804b18e929 [ 94.048135][ T6254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.048150][ T6254] RSP: 002b:00007f804bf80038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.048167][ T6254] RAX: ffffffffffffffda RBX: 00007f804b3b5fa0 RCX: 00007f804b18e929 [ 94.048178][ T6254] RDX: 0000000000000800 RSI: 00002000000006c0 RDI: 0000000000000003 [ 94.048188][ T6254] RBP: 00007f804bf80090 R08: 0000000000000000 R09: 0000000000000000 [ 94.048198][ T6254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.048208][ T6254] R13: 0000000000000000 R14: 00007f804b3b5fa0 R15: 00007ffe4c3dd178 [ 94.048231][ T6254] [ 94.264655][ C1] vkms_vblank_simulate: vblank timer overrun [ 94.388162][ T5867] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 94.397409][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.422020][ T5867] usb 3-1: config 0 descriptor?? [ 94.786109][ T6263] nbd: must specify at least one socket [ 96.207563][ T6248] trusted_key: syz.2.83 sent an empty control message without MSG_MORE. [ 96.271968][ T5867] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 96.282384][ T5867] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 96.293297][ T5867] asix 3-1:0.0: probe with driver asix failed with error -71 [ 96.613878][ T5867] usb 3-1: USB disconnect, device number 2 [ 97.398713][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 97.398728][ T30] audit: type=1400 audit(1750996280.156:204): avc: denied { create } for pid=6280 comm="syz.0.92" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1 [ 97.478188][ T6287] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input10 [ 97.603815][ T30] audit: type=1400 audit(1750996280.356:205): avc: denied { write } for pid=6280 comm="syz.0.92" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 97.772930][ T6297] Zero length message leads to an empty skb [ 97.919328][ T30] audit: type=1400 audit(1750996280.666:206): avc: denied { setopt } for pid=6283 comm="syz.3.93" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 98.123360][ T30] audit: type=1400 audit(1750996280.676:207): avc: denied { getopt } for pid=6283 comm="syz.3.93" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 98.155875][ T30] audit: type=1400 audit(1750996280.686:208): avc: denied { mount } for pid=6283 comm="syz.3.93" name="/" dev="ramfs" ino=8148 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 98.370021][ T30] audit: type=1400 audit(1750996280.956:209): avc: denied { read } for pid=6280 comm="syz.0.92" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 98.524794][ T30] audit: type=1400 audit(1750996281.266:210): avc: denied { create } for pid=6280 comm="syz.0.92" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 98.657982][ T6306] netlink: 4 bytes leftover after parsing attributes in process `syz.4.97'. [ 98.824162][ T30] audit: type=1400 audit(1750996281.266:211): avc: denied { ioctl } for pid=6280 comm="syz.0.92" path="socket:[8160]" dev="sockfs" ino=8160 ioctlcmd=0x4943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 99.033861][ T6307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.98'. [ 99.621842][ T975] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 99.932186][ T975] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 99.957344][ T975] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 99.974006][ T975] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 100.010554][ T975] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.094119][ T6308] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 100.195784][ T975] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 100.416788][ T30] audit: type=1400 audit(1750996283.176:212): avc: denied { setopt } for pid=6305 comm="syz.1.99" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 100.419075][ T24] IPVS: starting estimator thread 0... [ 100.447696][ T6308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.456880][ T6308] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.589422][ T30] audit: type=1400 audit(1750996283.206:213): avc: denied { ioctl } for pid=6305 comm="syz.1.99" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 100.623671][ C0] vkms_vblank_simulate: vblank timer overrun [ 100.694034][ T6317] IPVS: using max 38 ests per chain, 91200 per kthread [ 100.937181][ T6308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.966599][ T6308] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.070778][ T6308] netlink: 40 bytes leftover after parsing attributes in process `syz.1.99'. [ 101.228814][ T24] usb 2-1: USB disconnect, device number 2 [ 102.156650][ T6335] capability: warning: `syz.0.106' uses deprecated v2 capabilities in a way that may be insecure [ 102.436092][ T6343] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input11 [ 102.645901][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 102.645917][ T30] audit: type=1400 audit(1750996285.406:217): avc: denied { bind } for pid=6349 comm="syz.3.110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 102.677026][ T30] audit: type=1400 audit(1750996285.436:218): avc: denied { name_bind } for pid=6349 comm="syz.3.110" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 102.698745][ T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 102.709574][ T30] audit: type=1400 audit(1750996285.436:219): avc: denied { node_bind } for pid=6349 comm="syz.3.110" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 102.738843][ T30] audit: type=1400 audit(1750996285.496:220): avc: denied { connect } for pid=6349 comm="syz.3.110" lport=20001 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 102.759443][ T30] audit: type=1400 audit(1750996285.496:221): avc: denied { name_connect } for pid=6349 comm="syz.3.110" dest=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 102.879994][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 102.892218][ T24] usb 2-1: config 8 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 132, changing to 11 [ 102.903639][ T24] usb 2-1: config 8 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.914477][ T24] usb 2-1: config 8 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 102.929527][ T24] usb 2-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00 [ 102.938643][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.190734][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 103.348893][ T6342] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.357427][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 103.380591][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 103.380900][ T6342] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.415758][ T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 103.457787][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.472551][ T9] usb 5-1: Product: syz [ 103.476793][ T9] usb 5-1: Manufacturer: syz [ 103.513002][ T9] usb 5-1: SerialNumber: syz [ 103.538209][ T9] usb 5-1: config 0 descriptor?? [ 103.567495][ T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 103.579183][ T9] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 103.626313][ T6366] netlink: 8 bytes leftover after parsing attributes in process `syz.3.115'. [ 103.756932][ T24] megaworld 0003:07B5:0312.0001: hidraw0: USB HID v0.00 Device [HID 07b5:0312] on usb-dummy_hcd.1-1/input0 [ 103.775485][ T6352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.807079][ T24] megaworld 0003:07B5:0312.0001: no inputs found [ 103.831053][ T6352] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.044480][ T24] usb 2-1: USB disconnect, device number 3 [ 104.302363][ T9] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 104.313889][ T9] em28xx 5-1:0.0: Config register raw data: 0x41 [ 104.444295][ T30] audit: type=1400 audit(1750996287.206:222): avc: denied { read write } for pid=6371 comm="syz.2.117" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 105.293912][ T30] audit: type=1400 audit(1750996287.206:223): avc: denied { open } for pid=6371 comm="syz.2.117" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 105.318380][ T30] audit: type=1400 audit(1750996287.286:224): avc: denied { listen } for pid=6371 comm="syz.2.117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 105.339605][ T30] audit: type=1400 audit(1750996287.286:225): avc: denied { accept } for pid=6371 comm="syz.2.117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 105.359358][ C0] vkms_vblank_simulate: vblank timer overrun [ 105.975859][ T6376] netlink: 4 bytes leftover after parsing attributes in process `syz.0.118'. [ 105.995673][ T30] audit: type=1400 audit(1750996288.746:226): avc: denied { write } for pid=6377 comm="syz.2.119" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 106.422284][ T975] usb 5-1: USB disconnect, device number 2 [ 106.429247][ T975] em28xx 5-1:0.0: Disconnecting em28xx [ 106.439087][ T975] em28xx 5-1:0.0: Freeing device [ 106.522396][ T6387] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input12 [ 106.976003][ T6400] netlink: 8 bytes leftover after parsing attributes in process `syz.4.124'. [ 108.052499][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 108.052514][ T30] audit: type=1400 audit(1750996290.816:228): avc: denied { execute } for pid=6411 comm="syz.1.128" name="file1" dev="tmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 108.085215][ T30] audit: type=1400 audit(1750996290.846:229): avc: denied { execute_no_trans } for pid=6411 comm="syz.1.128" path="/23/file1" dev="tmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 109.084013][ T6425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.130'. [ 109.331414][ T30] audit: type=1400 audit(1750996292.056:230): avc: denied { append } for pid=6416 comm="syz.2.129" name="001" dev="devtmpfs" ino=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 109.368829][ T6428] mmap: syz.3.131 (6428) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 109.368949][ T30] audit: type=1326 audit(1750996292.066:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e1878e929 code=0x7ffc0000 [ 109.511443][ T30] audit: type=1326 audit(1750996292.066:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f6e1878e929 code=0x7ffc0000 [ 109.735650][ T30] audit: type=1326 audit(1750996292.066:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e1878e929 code=0x7ffc0000 [ 109.758895][ C0] vkms_vblank_simulate: vblank timer overrun [ 109.762696][ T6434] warning: `syz.4.132' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 109.776979][ T30] audit: type=1326 audit(1750996292.066:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7f6e1878e929 code=0x7ffc0000 [ 109.920534][ T30] audit: type=1326 audit(1750996292.066:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e1878e929 code=0x7ffc0000 [ 109.943765][ C0] vkms_vblank_simulate: vblank timer overrun [ 110.105848][ T30] audit: type=1326 audit(1750996292.066:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6416 comm="syz.2.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e1878e929 code=0x7ffc0000 [ 110.123770][ T6442] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input13 [ 110.129068][ C0] vkms_vblank_simulate: vblank timer overrun [ 110.356197][ T6448] netlink: 4 bytes leftover after parsing attributes in process `syz.1.138'. [ 110.459589][ T6445] netlink: 8 bytes leftover after parsing attributes in process `syz.0.136'. [ 110.789391][ T6454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.140'. [ 111.920052][ T6463] netlink: 28 bytes leftover after parsing attributes in process `syz.2.141'. [ 111.934167][ T6463] netlink: 28 bytes leftover after parsing attributes in process `syz.2.141'. [ 112.618902][ T30] audit: type=1400 audit(1750996295.376:237): avc: denied { read write } for pid=6480 comm="syz.3.147" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 112.642046][ C0] vkms_vblank_simulate: vblank timer overrun [ 112.860420][ T6490] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input14 [ 113.895123][ T6499] netlink: 8 bytes leftover after parsing attributes in process `syz.1.152'. [ 114.441256][ T6505] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input15 [ 114.801111][ T6512] netlink: 8 bytes leftover after parsing attributes in process `syz.1.156'. [ 114.851796][ T6516] FAULT_INJECTION: forcing a failure. [ 114.851796][ T6516] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.867435][ T6516] CPU: 0 UID: 0 PID: 6516 Comm: syz.2.158 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 114.867458][ T6516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.867467][ T6516] Call Trace: [ 114.867473][ T6516] [ 114.867479][ T6516] dump_stack_lvl+0x16c/0x1f0 [ 114.867508][ T6516] should_fail_ex+0x512/0x640 [ 114.867534][ T6516] _copy_to_user+0x32/0xd0 [ 114.867560][ T6516] copy_to_sockptr_offset.constprop.0+0x129/0x150 [ 114.867582][ T6516] ? __pfx_copy_to_sockptr_offset.constprop.0+0x10/0x10 [ 114.867605][ T6516] ? bpf_vlog_finalize+0x1ba/0x360 [ 114.867632][ T6516] btf_new_fd+0x16b9/0x5490 [ 114.867649][ T6516] ? avc_has_perm_noaudit+0x149/0x3b0 [ 114.867686][ T6516] ? __pfx_btf_new_fd+0x10/0x10 [ 114.867707][ T6516] ? cap_capable+0xb3/0x250 [ 114.867726][ T6516] ? bpf_lsm_capable+0x9/0x10 [ 114.867743][ T6516] ? security_capable+0x7e/0x260 [ 114.867763][ T6516] ? ns_capable+0xd7/0x110 [ 114.867784][ T6516] __sys_bpf+0x1adb/0x4d80 [ 114.867811][ T6516] ? __pfx___sys_bpf+0x10/0x10 [ 114.867835][ T6516] ? ksys_write+0x190/0x250 [ 114.867860][ T6516] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 114.867902][ T6516] ? fput+0x70/0xf0 [ 114.867927][ T6516] ? ksys_write+0x1ac/0x250 [ 114.867946][ T6516] ? __pfx_ksys_write+0x10/0x10 [ 114.867972][ T6516] __x64_sys_bpf+0x78/0xc0 [ 114.867995][ T6516] ? lockdep_hardirqs_on+0x7c/0x110 [ 114.868018][ T6516] do_syscall_64+0xcd/0x4c0 [ 114.868044][ T6516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.868062][ T6516] RIP: 0033:0x7f6e1878e929 [ 114.868076][ T6516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.868091][ T6516] RSP: 002b:00007f6e195c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 114.868108][ T6516] RAX: ffffffffffffffda RBX: 00007f6e189b5fa0 RCX: 00007f6e1878e929 [ 114.868118][ T6516] RDX: 0000000000000028 RSI: 0000200000000100 RDI: 0000000000000012 [ 114.868129][ T6516] RBP: 00007f6e195c6090 R08: 0000000000000000 R09: 0000000000000000 [ 114.868139][ T6516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.868149][ T6516] R13: 0000000000000001 R14: 00007f6e189b5fa0 R15: 00007ffefce326f8 [ 114.868172][ T6516] [ 115.090632][ C0] vkms_vblank_simulate: vblank timer overrun [ 115.108237][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 115.108250][ T30] audit: type=1400 audit(1750996297.866:241): avc: denied { bind } for pid=6517 comm="syz.0.157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 115.595287][ T30] audit: type=1400 audit(1750996297.866:242): avc: denied { node_bind } for pid=6517 comm="syz.0.157" saddr=172.30.1.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 115.671119][ T30] audit: type=1400 audit(1750996297.866:243): avc: denied { create } for pid=6517 comm="syz.0.157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 115.692306][ T30] audit: type=1400 audit(1750996297.866:244): avc: denied { read } for pid=6517 comm="syz.0.157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 115.752598][ T30] audit: type=1400 audit(1750996298.516:245): avc: denied { unmount } for pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 115.862568][ T6532] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input16 [ 116.470679][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 116.927937][ T9] usb 3-1: device descriptor read/64, error -71 [ 117.329331][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 117.495741][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.0.165'. [ 117.774172][ T9] usb 3-1: device descriptor read/64, error -71 [ 118.190805][ T9] usb usb3-port1: attempt power cycle [ 118.540798][ T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 118.898308][ T9] usb 3-1: device descriptor read/8, error -71 [ 119.647754][ T30] audit: type=1326 audit(1750996302.406:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6558 comm="syz.2.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e1878e929 code=0x7ffc0000 [ 119.690323][ T30] audit: type=1326 audit(1750996302.436:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6558 comm="syz.2.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f6e1878e929 code=0x7ffc0000 [ 119.714202][ T30] audit: type=1326 audit(1750996302.446:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6558 comm="syz.2.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e1878e929 code=0x7ffc0000 [ 119.737671][ T30] audit: type=1326 audit(1750996302.446:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6558 comm="syz.2.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7f6e1878e929 code=0x7ffc0000 [ 119.761040][ T30] audit: type=1326 audit(1750996302.446:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6558 comm="syz.2.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e1878e929 code=0x7ffc0000 [ 120.515761][ T6577] netlink: 28 bytes leftover after parsing attributes in process `syz.4.175'. [ 120.528135][ T6581] FAULT_INJECTION: forcing a failure. [ 120.528135][ T6581] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.547576][ T6577] netlink: 28 bytes leftover after parsing attributes in process `syz.4.175'. [ 120.556860][ T6581] CPU: 0 UID: 0 PID: 6581 Comm: syz.3.178 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 120.556883][ T6581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.556893][ T6581] Call Trace: [ 120.556899][ T6581] [ 120.556905][ T6581] dump_stack_lvl+0x16c/0x1f0 [ 120.556933][ T6581] should_fail_ex+0x512/0x640 [ 120.556959][ T6581] _copy_to_user+0x32/0xd0 [ 120.556985][ T6581] ptr_to_user+0x23d/0x5c0 [ 120.557011][ T6581] ? __pfx_ptr_to_user+0x10/0x10 [ 120.557043][ T6581] try_set_ext_ctrls_common+0x103d/0x1d40 [ 120.557081][ T6581] ? __pfx_try_set_ext_ctrls_common+0x10/0x10 [ 120.557120][ T6581] try_set_ext_ctrls+0x81/0x1e0 [ 120.557149][ T6581] v4l_s_ext_ctrls+0x29a/0x3a0 [ 120.557170][ T6581] __video_do_ioctl+0xb3d/0xfc0 [ 120.557193][ T6581] ? __might_fault+0xe3/0x190 [ 120.557215][ T6581] ? __pfx___video_do_ioctl+0x10/0x10 [ 120.557244][ T6581] video_usercopy+0x4cd/0x1720 [ 120.557266][ T6581] ? __pfx___video_do_ioctl+0x10/0x10 [ 120.557286][ T6581] ? selinux_kernel_read_file+0xa1/0x130 [ 120.557308][ T6581] ? __pfx_video_usercopy+0x10/0x10 [ 120.557346][ T6581] v4l2_ioctl+0x1ba/0x250 [ 120.557365][ T6581] ? __pfx_v4l2_ioctl+0x10/0x10 [ 120.557385][ T6581] __x64_sys_ioctl+0x18b/0x210 [ 120.557407][ T6581] do_syscall_64+0xcd/0x4c0 [ 120.557434][ T6581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.557451][ T6581] RIP: 0033:0x7f804b18e929 [ 120.557465][ T6581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.557485][ T6581] RSP: 002b:00007f804bf80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 120.557501][ T6581] RAX: ffffffffffffffda RBX: 00007f804b3b5fa0 RCX: 00007f804b18e929 [ 120.557512][ T6581] RDX: 0000200000000100 RSI: 00000000c0205648 RDI: 0000000000000003 [ 120.557522][ T6581] RBP: 00007f804bf80090 R08: 0000000000000000 R09: 0000000000000000 [ 120.557532][ T6581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.557542][ T6581] R13: 0000000000000000 R14: 00007f804b3b5fa0 R15: 00007ffe4c3dd178 [ 120.557566][ T6581] [ 120.767431][ C0] vkms_vblank_simulate: vblank timer overrun [ 120.779848][ T6582] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input17 [ 120.910929][ T5944] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 121.252868][ T5944] usb 2-1: config 0 has an invalid interface number: 176 but max is 2 [ 121.273679][ T5944] usb 2-1: config 0 has an invalid interface number: 255 but max is 2 [ 121.324447][ T5944] usb 2-1: config 0 has no interface number 0 [ 121.422870][ T5944] usb 2-1: config 0 has no interface number 1 [ 121.690545][ T5944] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 121.727684][ T5944] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 121.759176][ T5944] usb 2-1: config 0 interface 255 has no altsetting 0 [ 121.769106][ T5944] usb 2-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 121.787720][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.026867][ T5944] usb 2-1: config 0 descriptor?? [ 122.206715][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 122.206730][ T30] audit: type=1400 audit(1750996304.966:252): avc: denied { write } for pid=6603 comm="syz.0.184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 122.304935][ T5944] qcserial 2-1:0.2: Qualcomm USB modem converter detected [ 122.331702][ T5944] usb 2-1: selecting invalid altsetting 0 [ 122.337462][ T5944] usb 2-1: Could not set interface, error -22 [ 122.416132][ T30] audit: type=1400 audit(1750996305.176:253): avc: denied { search } for pid=6611 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 122.480286][ T30] audit: type=1400 audit(1750996305.196:254): avc: denied { search } for pid=6611 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1832 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 122.560291][ T24] usb 2-1: USB disconnect, device number 4 [ 122.572669][ T24] qcserial 2-1:0.2: device disconnected [ 122.578368][ T30] audit: type=1400 audit(1750996305.196:255): avc: denied { search } for pid=6611 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 122.624524][ T30] audit: type=1400 audit(1750996305.196:256): avc: denied { search } for pid=6611 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1837 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 122.658040][ T30] audit: type=1400 audit(1750996305.226:257): avc: denied { read open } for pid=6617 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1837 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 122.738215][ T30] audit: type=1400 audit(1750996305.226:258): avc: denied { getattr } for pid=6617 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1837 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 123.010173][ T30] audit: type=1400 audit(1750996305.226:259): avc: denied { getattr } for pid=6617 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=1878 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 123.202351][ T30] audit: type=1400 audit(1750996305.406:260): avc: denied { read } for pid=6619 comm="sed" name="eth0.dhcp" dev="tmpfs" ino=1878 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 123.508097][ T30] audit: type=1400 audit(1750996305.406:261): avc: denied { open } for pid=6619 comm="sed" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=1878 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 124.151102][ T6639] nbd: must specify a size in bytes for the device [ 125.081682][ T6656] netlink: 28 bytes leftover after parsing attributes in process `syz.3.193'. [ 125.158723][ T6656] netlink: 28 bytes leftover after parsing attributes in process `syz.3.193'. [ 125.644438][ T6670] netlink: 8 bytes leftover after parsing attributes in process `syz.4.198'. [ 128.655159][ T6705] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input20 [ 128.699958][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 128.699971][ T30] audit: type=1400 audit(1750996311.456:272): avc: denied { shutdown } for pid=6704 comm="syz.2.207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 128.725623][ C0] vkms_vblank_simulate: vblank timer overrun [ 128.842108][ T6706] netlink: 68 bytes leftover after parsing attributes in process `syz.2.207'. [ 128.871202][ T24] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 129.058335][ T24] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 129.330542][ T30] audit: type=1400 audit(1750996311.466:273): avc: denied { name_connect } for pid=6704 comm="syz.2.207" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 129.387690][ T24] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 129.428327][ T24] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 129.455066][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.497540][ T6702] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 129.515918][ T24] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 129.981263][ T30] audit: type=1400 audit(1750996312.726:274): avc: denied { write } for pid=6701 comm="syz.1.205" laddr=172.20.20.170 lport=20002 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 130.037885][ T24] usb 2-1: USB disconnect, device number 5 [ 130.372217][ T6732] netlink: 8 bytes leftover after parsing attributes in process `syz.0.212'. [ 130.405831][ T30] audit: type=1400 audit(1750996312.846:275): avc: denied { ioctl } for pid=6717 comm="syz.3.210" path="socket:[10956]" dev="sockfs" ino=10956 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 130.430497][ C0] vkms_vblank_simulate: vblank timer overrun [ 130.642851][ T30] audit: type=1400 audit(1750996313.336:276): avc: denied { write } for pid=6717 comm="syz.3.210" name="001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 131.095694][ T6758] FAULT_INJECTION: forcing a failure. [ 131.095694][ T6758] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.145096][ T6758] CPU: 1 UID: 0 PID: 6758 Comm: syz.1.215 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 131.145121][ T6758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.145130][ T6758] Call Trace: [ 131.145136][ T6758] [ 131.145143][ T6758] dump_stack_lvl+0x16c/0x1f0 [ 131.145172][ T6758] should_fail_ex+0x512/0x640 [ 131.145199][ T6758] _copy_from_user+0x2e/0xd0 [ 131.145224][ T6758] memdup_user_nul+0x6c/0x120 [ 131.145250][ T6758] sel_commit_bools_write+0x13e/0x420 [ 131.145271][ T6758] ? __pfx_sel_commit_bools_write+0x10/0x10 [ 131.145298][ T6758] ? __pfx_sel_commit_bools_write+0x10/0x10 [ 131.145315][ T6758] vfs_writev+0x5df/0xde0 [ 131.145334][ T6758] ? __pfx___mutex_trylock_common+0x10/0x10 [ 131.145370][ T6758] ? __pfx_vfs_writev+0x10/0x10 [ 131.145390][ T6758] ? __mutex_lock+0x1ca/0xb90 [ 131.145421][ T6758] ? __pfx___mutex_lock+0x10/0x10 [ 131.145455][ T6758] ? __fget_files+0x20e/0x3c0 [ 131.145476][ T6758] ? __fget_files+0x160/0x3c0 [ 131.145504][ T6758] ? do_writev+0x132/0x340 [ 131.145522][ T6758] do_writev+0x132/0x340 [ 131.145542][ T6758] ? __pfx_do_writev+0x10/0x10 [ 131.145569][ T6758] do_syscall_64+0xcd/0x4c0 [ 131.145596][ T6758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.145614][ T6758] RIP: 0033:0x7f149838e929 [ 131.145629][ T6758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.145645][ T6758] RSP: 002b:00007f1499290038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 131.145662][ T6758] RAX: ffffffffffffffda RBX: 00007f14985b5fa0 RCX: 00007f149838e929 [ 131.145673][ T6758] RDX: 0000000000000002 RSI: 00002000000009c0 RDI: 0000000000000004 [ 131.145683][ T6758] RBP: 00007f1499290090 R08: 0000000000000000 R09: 0000000000000000 [ 131.145692][ T6758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.145702][ T6758] R13: 0000000000000000 R14: 00007f14985b5fa0 R15: 00007ffd86248468 [ 131.145726][ T6758] [ 131.348906][ T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 131.611682][ T24] usb 3-1: device descriptor read/64, error -71 [ 131.822761][ T6764] netlink: 'syz.4.216': attribute type 21 has an invalid length. [ 131.850878][ T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 131.879770][ T6772] netlink: 8 bytes leftover after parsing attributes in process `syz.4.216'. [ 131.898081][ T30] audit: type=1400 audit(1750996314.636:277): avc: denied { ioctl } for pid=6760 comm="syz.4.216" path="socket:[11079]" dev="sockfs" ino=11079 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 131.923794][ C0] vkms_vblank_simulate: vblank timer overrun [ 132.051008][ T24] usb 3-1: device descriptor read/64, error -71 [ 132.190901][ T6764] netlink: 'syz.4.216': attribute type 6 has an invalid length. [ 132.212101][ T6764] netlink: 64 bytes leftover after parsing attributes in process `syz.4.216'. [ 132.321341][ T6764] netlink: 8 bytes leftover after parsing attributes in process `syz.4.216'. [ 132.351536][ T24] usb usb3-port1: attempt power cycle [ 132.365096][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.371501][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.495385][ T6764] netlink: 8 bytes leftover after parsing attributes in process `syz.4.216'. [ 132.530873][ T6779] FAULT_INJECTION: forcing a failure. [ 132.530873][ T6779] name failslab, interval 1, probability 0, space 0, times 0 [ 132.630660][ T6779] CPU: 1 UID: 0 PID: 6779 Comm: syz.0.219 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 132.630687][ T6779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.630697][ T6779] Call Trace: [ 132.630703][ T6779] [ 132.630709][ T6779] dump_stack_lvl+0x16c/0x1f0 [ 132.630738][ T6779] should_fail_ex+0x512/0x640 [ 132.630760][ T6779] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 132.630782][ T6779] should_failslab+0xc2/0x120 [ 132.630806][ T6779] __kmalloc_cache_noprof+0x6a/0x3e0 [ 132.630825][ T6779] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 132.630847][ T6779] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 132.630867][ T6779] ? genl_start+0x1e8/0x980 [ 132.630889][ T6779] genl_start+0x1e8/0x980 [ 132.630912][ T6779] __netlink_dump_start+0x60b/0x990 [ 132.630944][ T6779] genl_family_rcv_msg_dumpit+0x1e2/0x2e0 [ 132.630966][ T6779] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 132.630986][ T6779] ? find_held_lock+0x2b/0x80 [ 132.631018][ T6779] ? __pfx_genl_get_cmd+0x10/0x10 [ 132.631034][ T6779] ? __pfx_genl_start+0x10/0x10 [ 132.631051][ T6779] ? __pfx_genl_dumpit+0x10/0x10 [ 132.631068][ T6779] ? __pfx_genl_done+0x10/0x10 [ 132.631090][ T6779] ? __radix_tree_lookup+0x21f/0x2c0 [ 132.631117][ T6779] genl_rcv_msg+0x46e/0x800 [ 132.631140][ T6779] ? __pfx_genl_rcv_msg+0x10/0x10 [ 132.631161][ T6779] ? __pfx_devlink_nl_trap_group_get_dumpit+0x10/0x10 [ 132.631198][ T6779] netlink_rcv_skb+0x158/0x420 [ 132.631215][ T6779] ? __pfx_genl_rcv_msg+0x10/0x10 [ 132.631236][ T6779] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 132.631264][ T6779] ? netlink_deliver_tap+0x1ae/0xd30 [ 132.631295][ T6779] genl_rcv+0x28/0x40 [ 132.631312][ T6779] netlink_unicast+0x53a/0x7f0 [ 132.631333][ T6779] ? __pfx_netlink_unicast+0x10/0x10 [ 132.631358][ T6779] netlink_sendmsg+0x8d1/0xdd0 [ 132.631379][ T6779] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.631407][ T6779] ____sys_sendmsg+0xa98/0xc70 [ 132.631426][ T6779] ? copy_msghdr_from_user+0x10a/0x160 [ 132.631450][ T6779] ? __pfx_____sys_sendmsg+0x10/0x10 [ 132.631480][ T6779] ___sys_sendmsg+0x134/0x1d0 [ 132.631506][ T6779] ? __pfx____sys_sendmsg+0x10/0x10 [ 132.631527][ T6779] ? __lock_acquire+0x622/0x1c90 [ 132.631587][ T6779] __sys_sendmsg+0x16d/0x220 [ 132.631611][ T6779] ? __pfx___sys_sendmsg+0x10/0x10 [ 132.631653][ T6779] do_syscall_64+0xcd/0x4c0 [ 132.631679][ T6779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.631697][ T6779] RIP: 0033:0x7f8eec18e929 [ 132.631712][ T6779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.631728][ T6779] RSP: 002b:00007f8eed052038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 132.631744][ T6779] RAX: ffffffffffffffda RBX: 00007f8eec3b5fa0 RCX: 00007f8eec18e929 [ 132.631755][ T6779] RDX: 000000000004c000 RSI: 0000200000000140 RDI: 0000000000000003 [ 132.631765][ T6779] RBP: 00007f8eed052090 R08: 0000000000000000 R09: 0000000000000000 [ 132.631774][ T6779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 132.631783][ T6779] R13: 0000000000000000 R14: 00007f8eec3b5fa0 R15: 00007ffcd1d3e478 [ 132.631808][ T6779] [ 133.240629][ T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 133.263162][ T24] usb 3-1: device descriptor read/8, error -71 [ 133.500710][ T24] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 133.767805][ T30] audit: type=1326 audit(1750996316.506:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6784 comm="syz.0.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eec18e929 code=0x7ffc0000 [ 133.769508][ T24] usb 3-1: device descriptor read/8, error -71 [ 133.791058][ C0] vkms_vblank_simulate: vblank timer overrun [ 134.042164][ T6797] netlink: 8 bytes leftover after parsing attributes in process `syz.3.223'. [ 134.220525][ T30] audit: type=1326 audit(1750996316.516:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6784 comm="syz.0.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f8eec18e929 code=0x7ffc0000 [ 134.243717][ C0] vkms_vblank_simulate: vblank timer overrun [ 134.320778][ T24] usb usb3-port1: unable to enumerate USB device [ 134.326776][ T30] audit: type=1326 audit(1750996316.516:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6784 comm="syz.0.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eec18e929 code=0x7ffc0000 [ 134.461145][ T30] audit: type=1326 audit(1750996316.516:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6784 comm="syz.0.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eec18e929 code=0x7ffc0000 [ 134.555297][ T6806] netlink: 8 bytes leftover after parsing attributes in process `syz.1.224'. [ 134.564291][ T6806] netlink: 8 bytes leftover after parsing attributes in process `syz.1.224'. [ 134.795952][ T6808] vivid-008: disconnect [ 134.924605][ T6807] vivid-008: reconnect [ 135.817961][ T6805] block device autoloading is deprecated and will be removed. [ 135.850536][ T30] audit: type=1326 audit(1750996316.516:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6784 comm="syz.0.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7f8eec18e929 code=0x7ffc0000 [ 135.873737][ C0] vkms_vblank_simulate: vblank timer overrun [ 135.873797][ T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 135.888252][ T6805] syz.1.224: attempt to access beyond end of device [ 135.888252][ T6805] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 136.024319][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 136.060759][ T30] audit: type=1326 audit(1750996316.516:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6784 comm="syz.0.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eec18e929 code=0x7ffc0000 [ 136.071114][ T24] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 136.143863][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.472429][ T24] usb 3-1: config 0 descriptor?? [ 136.502616][ T24] gspca_main: sq930x-2.14.0 probing 041e:403c [ 136.520547][ T30] audit: type=1326 audit(1750996316.516:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6784 comm="syz.0.221" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8eec18e929 code=0x7ffc0000 [ 136.522882][ T6824] FAULT_INJECTION: forcing a failure. [ 136.522882][ T6824] name failslab, interval 1, probability 0, space 0, times 0 [ 136.543746][ C0] vkms_vblank_simulate: vblank timer overrun [ 136.571494][ T6823] netlink: 'syz.4.230': attribute type 1 has an invalid length. [ 136.582761][ T6823] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 136.822557][ T6824] CPU: 1 UID: 0 PID: 6824 Comm: syz.1.229 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 136.822584][ T6824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 136.822594][ T6824] Call Trace: [ 136.822600][ T6824] [ 136.822608][ T6824] dump_stack_lvl+0x16c/0x1f0 [ 136.822638][ T6824] should_fail_ex+0x512/0x640 [ 136.822660][ T6824] ? fs_reclaim_acquire+0xae/0x150 [ 136.822682][ T6824] ? tomoyo_encode2+0x100/0x3e0 [ 136.822704][ T6824] should_failslab+0xc2/0x120 [ 136.822729][ T6824] __kmalloc_noprof+0xd2/0x510 [ 136.822751][ T6824] ? d_absolute_path+0x136/0x1a0 [ 136.822773][ T6824] tomoyo_encode2+0x100/0x3e0 [ 136.822800][ T6824] tomoyo_encode+0x29/0x50 [ 136.822822][ T6824] tomoyo_realpath_from_path+0x18f/0x6e0 [ 136.822854][ T6824] tomoyo_path_number_perm+0x245/0x580 [ 136.822873][ T6824] ? tomoyo_path_number_perm+0x237/0x580 [ 136.822895][ T6824] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 136.822917][ T6824] ? find_held_lock+0x2b/0x80 [ 136.822968][ T6824] ? find_held_lock+0x2b/0x80 [ 136.822988][ T6824] ? hook_file_ioctl_common+0x145/0x410 [ 136.823021][ T6824] ? __fget_files+0x20e/0x3c0 [ 136.823049][ T6824] security_file_ioctl+0x9b/0x240 [ 136.823075][ T6824] __x64_sys_ioctl+0xb7/0x210 [ 136.823097][ T6824] do_syscall_64+0xcd/0x4c0 [ 136.823123][ T6824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.823141][ T6824] RIP: 0033:0x7f149838e929 [ 136.823156][ T6824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.823171][ T6824] RSP: 002b:00007f1499290038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 136.823188][ T6824] RAX: ffffffffffffffda RBX: 00007f14985b5fa0 RCX: 00007f149838e929 [ 136.823199][ T6824] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 136.823209][ T6824] RBP: 00007f1499290090 R08: 0000000000000000 R09: 0000000000000000 [ 136.823219][ T6824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.823229][ T6824] R13: 0000000000000000 R14: 00007f14985b5fa0 R15: 00007ffd86248468 [ 136.823253][ T6824] [ 136.823286][ T6824] ERROR: Out of memory at tomoyo_realpath_from_path. [ 137.155702][ T6830] Illegal XDP return value 4294967282 on prog (id 68) dev N/A, expect packet loss! [ 137.433407][ T24] gspca_sq930x: reg_r 001f failed -110 [ 137.438947][ T24] sq930x 3-1:0.0: probe with driver sq930x failed with error -110 [ 137.701452][ T6836] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input21 [ 138.930734][ T5893] usb 3-1: USB disconnect, device number 11 [ 139.262442][ T5866] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 139.458430][ T5866] usb 1-1: config 0 has an invalid interface number: 176 but max is 2 [ 139.587838][ T5866] usb 1-1: config 0 has an invalid interface number: 255 but max is 2 [ 139.710685][ T5866] usb 1-1: config 0 has no interface number 0 [ 139.792615][ T5866] usb 1-1: config 0 has no interface number 1 [ 139.808973][ T5866] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 140.108834][ T5866] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 140.234346][ T5866] usb 1-1: config 0 interface 255 has no altsetting 0 [ 140.309087][ T5866] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 140.420292][ T5866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.588055][ T5866] usb 1-1: config 0 descriptor?? [ 140.720568][ T30] audit: type=1400 audit(1750996323.456:285): avc: denied { mount } for pid=6868 comm="syz.1.241" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 140.742297][ C0] vkms_vblank_simulate: vblank timer overrun [ 140.791511][ T30] audit: type=1400 audit(1750996323.536:286): avc: denied { unmount } for pid=5812 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 140.889399][ T6876] netlink: 28 bytes leftover after parsing attributes in process `syz.3.240'. [ 140.912837][ T6875] netlink: 'syz.4.243': attribute type 1 has an invalid length. [ 140.939884][ T6876] netlink: 28 bytes leftover after parsing attributes in process `syz.3.240'. [ 140.960602][ T6875] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 140.976304][ T5866] usb 1-1: Could not set interface, error -71 [ 141.008459][ T30] audit: type=1400 audit(1750996323.766:287): avc: denied { create } for pid=6879 comm="syz.2.244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 141.008538][ T5866] usb 1-1: selecting invalid altsetting 0 [ 141.875364][ T5866] usb 1-1: Could not set interface, error -22 [ 141.977053][ T6892] FAULT_INJECTION: forcing a failure. [ 141.977053][ T6892] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 142.024430][ T5866] usb 1-1: USB disconnect, device number 2 [ 142.129221][ T6892] CPU: 1 UID: 0 PID: 6892 Comm: syz.4.247 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 142.129246][ T6892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 142.129255][ T6892] Call Trace: [ 142.129260][ T6892] [ 142.129266][ T6892] dump_stack_lvl+0x16c/0x1f0 [ 142.129295][ T6892] should_fail_ex+0x512/0x640 [ 142.129320][ T6892] _copy_to_user+0x32/0xd0 [ 142.129345][ T6892] simple_read_from_buffer+0xcb/0x170 [ 142.129370][ T6892] proc_fail_nth_read+0x197/0x270 [ 142.129392][ T6892] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 142.129414][ T6892] ? rw_verify_area+0xcf/0x680 [ 142.129433][ T6892] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 142.129454][ T6892] vfs_read+0x1e1/0xc60 [ 142.129478][ T6892] ? __pfx___mutex_lock+0x10/0x10 [ 142.129502][ T6892] ? __pfx_vfs_read+0x10/0x10 [ 142.129528][ T6892] ? __fget_files+0x20e/0x3c0 [ 142.129558][ T6892] ksys_read+0x12a/0x250 [ 142.129577][ T6892] ? __pfx_ksys_read+0x10/0x10 [ 142.129605][ T6892] do_syscall_64+0xcd/0x4c0 [ 142.129639][ T6892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.129661][ T6892] RIP: 0033:0x7fbec1f8d33c [ 142.129676][ T6892] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 142.129691][ T6892] RSP: 002b:00007fbec2dd8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 142.129708][ T6892] RAX: ffffffffffffffda RBX: 00007fbec21b5fa0 RCX: 00007fbec1f8d33c [ 142.129719][ T6892] RDX: 000000000000000f RSI: 00007fbec2dd80a0 RDI: 0000000000000004 [ 142.129729][ T6892] RBP: 00007fbec2dd8090 R08: 0000000000000000 R09: 0000000000000000 [ 142.129740][ T6892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.129754][ T6892] R13: 0000000000000000 R14: 00007fbec21b5fa0 R15: 00007ffdcc6059f8 [ 142.129778][ T6892] [ 142.361518][ T30] audit: type=1400 audit(1750996325.126:288): avc: denied { create } for pid=6887 comm="syz.1.245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 142.583815][ T30] audit: type=1400 audit(1750996325.346:289): avc: denied { write } for pid=6887 comm="syz.1.245" path="socket:[11392]" dev="sockfs" ino=11392 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 143.242685][ T6902] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input22 [ 143.363871][ T6905] netlink: 28 bytes leftover after parsing attributes in process `syz.4.248'. [ 143.372840][ T6905] netlink: 28 bytes leftover after parsing attributes in process `syz.4.248'. [ 143.621548][ T30] audit: type=1400 audit(1750996326.386:290): avc: denied { read write } for pid=6908 comm="syz.3.252" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 143.685671][ T30] audit: type=1400 audit(1750996326.386:291): avc: denied { open } for pid=6908 comm="syz.3.252" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 143.712479][ T30] audit: type=1400 audit(1750996326.406:292): avc: denied { ioctl } for pid=6908 comm="syz.3.252" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 143.738096][ T30] audit: type=1400 audit(1750996326.436:293): avc: denied { read write } for pid=6908 comm="syz.3.252" name="sg0" dev="devtmpfs" ino=765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 143.764766][ T30] audit: type=1400 audit(1750996326.436:294): avc: denied { open } for pid=6908 comm="syz.3.252" path="/dev/sg0" dev="devtmpfs" ino=765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 143.932910][ T6916] netlink: 8 bytes leftover after parsing attributes in process `syz.0.254'. [ 144.700980][ T6919] netlink: 'syz.4.257': attribute type 1 has an invalid length. [ 144.708725][ T6919] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 145.197764][ T6936] netlink: 8 bytes leftover after parsing attributes in process `syz.3.259'. [ 145.208344][ T6935] netlink: 28 bytes leftover after parsing attributes in process `syz.2.255'. [ 145.218575][ T6935] netlink: 28 bytes leftover after parsing attributes in process `syz.2.255'. [ 147.203400][ T6945] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input23 [ 147.370810][ T6949] netlink: 8 bytes leftover after parsing attributes in process `syz.4.263'. [ 148.214827][ T6964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.267'. [ 148.592450][ T6972] netlink: 277 bytes leftover after parsing attributes in process `syz.1.270'. [ 148.611006][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 148.611020][ T30] audit: type=1400 audit(1750996331.366:296): avc: denied { read write } for pid=6970 comm="syz.1.270" name="mouse0" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 148.629143][ T6975] 9pnet_fd: Insufficient options for proto=fd [ 148.640481][ C0] vkms_vblank_simulate: vblank timer overrun [ 148.724999][ T30] audit: type=1400 audit(1750996331.366:297): avc: denied { open } for pid=6970 comm="syz.1.270" path="/dev/input/mouse0" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 149.182725][ T6982] netlink: 8 bytes leftover after parsing attributes in process `syz.0.271'. [ 149.390576][ T5893] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 149.825387][ T5893] usb 2-1: Using ep0 maxpacket: 16 [ 150.672656][ T5893] usb 2-1: config 1 has an invalid descriptor of length 56, skipping remainder of the config [ 151.170189][ T5893] usb 2-1: config 1 interface 0 has no altsetting 0 [ 151.198560][ T5893] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 151.212879][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.233005][ T5893] usb 2-1: Product: syz [ 151.260685][ T5893] usb 2-1: Manufacturer: 鈂赶贆緲좗닐ⅉ彘⨧쾋ᬢ괜튾掏넼﬍曜Ɂ䬁鎋ഛ㸏喂θЁῪ췃랮ﴐ䵻ᛎ텼㉁杷乷卓಩೉῜ॷꂎ턳偼揼꬇ሔᶪ謜솤픶巖⏪있䋏䒼䟳㌤푀䮈玘쏋퓂郭渘쐢춗炍㠱깄ɶڀ᠑㖞ឫ岈䥎 [ 151.366399][ T6991] FAULT_INJECTION: forcing a failure. [ 151.366399][ T6991] name failslab, interval 1, probability 0, space 0, times 0 [ 151.512578][ T6992] netlink: 8 bytes leftover after parsing attributes in process `syz.2.275'. [ 151.668874][ T5893] usb 2-1: SerialNumber: syz [ 151.694578][ T5893] usb 2-1: can't set config #1, error -71 [ 151.702493][ T5893] usb 2-1: USB disconnect, device number 6 [ 151.717903][ T6991] CPU: 1 UID: 0 PID: 6991 Comm: syz.4.276 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 151.717919][ T6991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.717925][ T6991] Call Trace: [ 151.717929][ T6991] [ 151.717933][ T6991] dump_stack_lvl+0x16c/0x1f0 [ 151.717953][ T6991] should_fail_ex+0x512/0x640 [ 151.717966][ T6991] ? fs_reclaim_acquire+0xae/0x150 [ 151.717978][ T6991] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 151.717993][ T6991] should_failslab+0xc2/0x120 [ 151.718008][ T6991] __kmalloc_noprof+0xd2/0x510 [ 151.718024][ T6991] tomoyo_realpath_from_path+0xc2/0x6e0 [ 151.718040][ T6991] ? tomoyo_profile+0x47/0x60 [ 151.718057][ T6991] tomoyo_path_number_perm+0x245/0x580 [ 151.718069][ T6991] ? tomoyo_path_number_perm+0x237/0x580 [ 151.718082][ T6991] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 151.718095][ T6991] ? find_held_lock+0x2b/0x80 [ 151.718120][ T6991] ? find_held_lock+0x2b/0x80 [ 151.718132][ T6991] ? hook_file_ioctl_common+0x145/0x410 [ 151.718152][ T6991] ? __fget_files+0x20e/0x3c0 [ 151.718169][ T6991] security_file_ioctl+0x9b/0x240 [ 151.718184][ T6991] __x64_sys_ioctl+0xb7/0x210 [ 151.718197][ T6991] do_syscall_64+0xcd/0x4c0 [ 151.718213][ T6991] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.718224][ T6991] RIP: 0033:0x7fbec1f8e929 [ 151.718233][ T6991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 151.718243][ T6991] RSP: 002b:00007fbec2dd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 151.718253][ T6991] RAX: ffffffffffffffda RBX: 00007fbec21b5fa0 RCX: 00007fbec1f8e929 [ 151.718259][ T6991] RDX: 00002000000000c0 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 151.718265][ T6991] RBP: 00007fbec2dd8090 R08: 0000000000000000 R09: 0000000000000000 [ 151.718271][ T6991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 151.718277][ T6991] R13: 0000000000000000 R14: 00007fbec21b5fa0 R15: 00007ffdcc6059f8 [ 151.718290][ T6991] [ 151.718294][ T6991] ERROR: Out of memory at tomoyo_realpath_from_path. [ 152.365472][ T6997] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input24 [ 152.436370][ T30] audit: type=1400 audit(1750996335.146:298): avc: denied { bind } for pid=7000 comm="syz.2.279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 152.545574][ T30] audit: type=1400 audit(1750996335.156:299): avc: denied { setopt } for pid=7000 comm="syz.2.279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 152.612818][ T7006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.280'. [ 153.413099][ T30] audit: type=1400 audit(1750996336.166:300): avc: denied { read } for pid=7012 comm="syz.3.283" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 153.453047][ T30] audit: type=1400 audit(1750996336.166:301): avc: denied { open } for pid=7012 comm="syz.3.283" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 153.487584][ T30] audit: type=1400 audit(1750996336.166:302): avc: denied { ioctl } for pid=7012 comm="syz.3.283" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d0c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 153.535396][ T30] audit: type=1400 audit(1750996336.176:303): avc: denied { append } for pid=7012 comm="syz.3.283" name="video7" dev="devtmpfs" ino=949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 154.343362][ T7035] FAULT_INJECTION: forcing a failure. [ 154.343362][ T7035] name failslab, interval 1, probability 0, space 0, times 0 [ 154.370225][ T7035] CPU: 0 UID: 0 PID: 7035 Comm: syz.3.289 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 154.370251][ T7035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 154.370260][ T7035] Call Trace: [ 154.370265][ T7035] [ 154.370271][ T7035] dump_stack_lvl+0x16c/0x1f0 [ 154.370297][ T7035] should_fail_ex+0x512/0x640 [ 154.370317][ T7035] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 154.370341][ T7035] should_failslab+0xc2/0x120 [ 154.370366][ T7035] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 154.370388][ T7035] ? proc_alloc_inode+0x25/0x200 [ 154.370415][ T7035] ? __pfx_proc_alloc_inode+0x10/0x10 [ 154.370442][ T7035] proc_alloc_inode+0x25/0x200 [ 154.370465][ T7035] alloc_inode+0x61/0x240 [ 154.370484][ T7035] new_inode+0x22/0x1c0 [ 154.370503][ T7035] proc_pid_make_inode+0x22/0x160 [ 154.370529][ T7035] proc_pident_instantiate+0x85/0x320 [ 154.370578][ T7035] proc_pident_lookup+0x21d/0x290 [ 154.370611][ T7035] __lookup_slow+0x24e/0x460 [ 154.370631][ T7035] ? __pfx___lookup_slow+0x10/0x10 [ 154.370666][ T7035] ? lookup_fast+0x156/0x610 [ 154.370686][ T7035] ? __pfx_proc_pid_permission+0x10/0x10 [ 154.370711][ T7035] walk_component+0x353/0x5b0 [ 154.370734][ T7035] link_path_walk+0x627/0xe20 [ 154.370764][ T7035] path_openat+0x1b0/0x2cb0 [ 154.370786][ T7035] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.370813][ T7035] ? __pfx_path_openat+0x10/0x10 [ 154.370839][ T7035] ? __lock_acquire+0xb8a/0x1c90 [ 154.370869][ T7035] do_filp_open+0x20b/0x470 [ 154.370893][ T7035] ? __pfx_do_filp_open+0x10/0x10 [ 154.370926][ T7035] ? __pfx_kfree_link+0x10/0x10 [ 154.370954][ T7035] ? alloc_fd+0x471/0x7d0 [ 154.370984][ T7035] do_sys_openat2+0x11b/0x1d0 [ 154.371000][ T7035] ? __pfx_do_sys_openat2+0x10/0x10 [ 154.371015][ T7035] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 154.371042][ T7035] ? kvm_sched_clock_read+0x11/0x20 [ 154.371064][ T7035] ? sched_clock+0x38/0x60 [ 154.371090][ T7035] __x64_sys_openat+0x174/0x210 [ 154.371107][ T7035] ? __pfx___x64_sys_openat+0x10/0x10 [ 154.371126][ T7035] ? __pfx___rdmsr_safe_on_cpu+0x10/0x10 [ 154.371155][ T7035] do_syscall_64+0xcd/0x4c0 [ 154.371182][ T7035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.371199][ T7035] RIP: 0033:0x7f804b18d290 [ 154.371214][ T7035] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 154.371229][ T7035] RSP: 002b:00007f804bf5ef10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 154.371246][ T7035] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f804b18d290 [ 154.371258][ T7035] RDX: 0000000000000002 RSI: 00007f804bf5efa0 RDI: 00000000ffffff9c [ 154.371268][ T7035] RBP: 00007f804bf5efa0 R08: 0000000000000000 R09: 0000000000000000 [ 154.371278][ T7035] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 154.371288][ T7035] R13: 0000000000000001 R14: 00007f804b3b6080 R15: 00007ffe4c3dd178 [ 154.371312][ T7035] [ 154.657624][ C0] vkms_vblank_simulate: vblank timer overrun [ 154.800153][ T7030] netlink: 28 bytes leftover after parsing attributes in process `syz.2.288'. [ 154.809213][ T7030] netlink: 28 bytes leftover after parsing attributes in process `syz.2.288'. [ 155.162779][ T7048] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input25 [ 157.430899][ T30] audit: type=1400 audit(1750996340.196:304): avc: denied { create } for pid=7078 comm="syz.0.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 157.529438][ T30] audit: type=1400 audit(1750996340.216:305): avc: denied { connect } for pid=7078 comm="syz.0.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 157.696752][ T30] audit: type=1400 audit(1750996340.356:306): avc: denied { mounton } for pid=7078 comm="syz.0.302" path="/proc/218/task" dev="proc" ino=12728 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 157.866276][ T7089] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 158.266864][ T7096] FAULT_INJECTION: forcing a failure. [ 158.266864][ T7096] name failslab, interval 1, probability 0, space 0, times 0 [ 158.280944][ T7096] CPU: 1 UID: 0 PID: 7096 Comm: syz.1.306 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 158.280969][ T7096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.280979][ T7096] Call Trace: [ 158.280985][ T7096] [ 158.280991][ T7096] dump_stack_lvl+0x16c/0x1f0 [ 158.281021][ T7096] should_fail_ex+0x512/0x640 [ 158.281043][ T7096] ? fs_reclaim_acquire+0xae/0x150 [ 158.281063][ T7096] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 158.281086][ T7096] should_failslab+0xc2/0x120 [ 158.281111][ T7096] __kmalloc_noprof+0xd2/0x510 [ 158.281140][ T7096] tomoyo_realpath_from_path+0xc2/0x6e0 [ 158.281166][ T7096] ? tomoyo_profile+0x47/0x60 [ 158.281195][ T7096] tomoyo_path_perm+0x274/0x460 [ 158.281213][ T7096] ? tomoyo_path_perm+0x260/0x460 [ 158.281235][ T7096] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 158.281253][ T7096] ? __pfx___schedule+0x10/0x10 [ 158.281304][ T7096] ? find_held_lock+0x2b/0x80 [ 158.281324][ T7096] ? __pfx___up_read+0x10/0x10 [ 158.281342][ T7096] ? kernfs_dop_revalidate+0x350/0x740 [ 158.281373][ T7096] tomoyo_path_rmdir+0x91/0xe0 [ 158.281398][ T7096] ? __pfx_tomoyo_path_rmdir+0x10/0x10 [ 158.281430][ T7096] security_path_rmdir+0x145/0x2b0 [ 158.281452][ T7096] do_rmdir+0x27b/0x3c0 [ 158.281477][ T7096] ? __pfx_do_rmdir+0x10/0x10 [ 158.281508][ T7096] ? getname_flags.part.0+0x1c5/0x550 [ 158.281529][ T7096] __x64_sys_rmdir+0xc5/0x110 [ 158.281553][ T7096] do_syscall_64+0xcd/0x4c0 [ 158.281579][ T7096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.281597][ T7096] RIP: 0033:0x7f149838e929 [ 158.281611][ T7096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.281626][ T7096] RSP: 002b:00007f149924e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054 [ 158.281643][ T7096] RAX: ffffffffffffffda RBX: 00007f14985b6160 RCX: 00007f149838e929 [ 158.281654][ T7096] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140 [ 158.281664][ T7096] RBP: 00007f149924e090 R08: 0000000000000000 R09: 0000000000000000 [ 158.281674][ T7096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.281684][ T7096] R13: 0000000000000000 R14: 00007f14985b6160 R15: 00007ffd86248468 [ 158.281709][ T7096] [ 158.504337][ T7096] ERROR: Out of memory at tomoyo_realpath_from_path. [ 158.779031][ T30] audit: type=1400 audit(1750996341.536:307): avc: denied { remount } for pid=7098 comm="syz.2.307" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 158.800478][ T7099] ======================================================= [ 158.800478][ T7099] WARNING: The mand mount option has been deprecated and [ 158.800478][ T7099] and is ignored by this kernel. Remove the mand [ 158.800478][ T7099] option from the mount to silence this warning. [ 158.800478][ T7099] ======================================================= [ 158.845374][ T30] audit: type=1400 audit(1750996341.606:308): avc: denied { bind } for pid=7101 comm="syz.0.309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 158.865319][ T30] audit: type=1400 audit(1750996341.606:309): avc: denied { setopt } for pid=7101 comm="syz.0.309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 158.891235][ T7099] netlink: 24 bytes leftover after parsing attributes in process `syz.2.307'. [ 158.906886][ T30] audit: type=1400 audit(1750996341.606:310): avc: denied { write } for pid=7101 comm="syz.0.309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 158.999410][ T7105] mkiss: ax0: crc mode is auto. [ 159.032578][ T30] audit: type=1400 audit(1750996341.736:311): avc: denied { read } for pid=7104 comm="syz.0.310" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 159.060728][ T30] audit: type=1400 audit(1750996341.736:312): avc: denied { open } for pid=7104 comm="syz.0.310" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 159.086248][ T7107] netlink: 20 bytes leftover after parsing attributes in process `syz.1.311'. [ 159.105649][ T7108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.310'. [ 159.123647][ T7107] netlink: 8 bytes leftover after parsing attributes in process `syz.1.311'. [ 159.134672][ T30] audit: type=1400 audit(1750996341.846:313): avc: denied { connect } for pid=7106 comm="syz.1.311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 159.411360][ T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 159.480631][ T5894] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 159.572740][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.576899][ T7119] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7119 comm=syz.2.314 [ 159.585471][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 159.607934][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.618588][ T9] usb 2-1: Product: syz [ 159.626052][ T9] usb 2-1: Manufacturer: syz [ 159.638043][ T9] usb 2-1: SerialNumber: syz [ 159.641917][ T5894] usb 5-1: config 0 has an invalid interface number: 3 but max is 0 [ 159.662781][ T5894] usb 5-1: config 0 has no interface number 0 [ 159.671667][ T5894] usb 5-1: New USB device found, idVendor=1660, idProduct=1921, bcdDevice=1f.84 [ 159.685523][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.696276][ T5894] usb 5-1: Product: syz [ 159.701402][ T5894] usb 5-1: Manufacturer: syz [ 159.707324][ T5894] usb 5-1: SerialNumber: syz [ 159.716978][ T5894] usb 5-1: config 0 descriptor?? [ 159.935543][ T7113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.947039][ T7113] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.959683][ T5894] dvb-usb: found a 'Medion CTX1921 DVB-T USB' in cold state, will try to load a firmware [ 160.006926][ T5894] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 160.016808][ T5894] dib0700: firmware download failed at 7 with -22 [ 160.095919][ T7132] netlink: 136 bytes leftover after parsing attributes in process `syz.3.319'. [ 160.107853][ T7132] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 160.416181][ T7143] netlink: 'syz.2.323': attribute type 1 has an invalid length. [ 160.430882][ T7143] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 160.658823][ T7144] netlink: 4 bytes leftover after parsing attributes in process `syz.3.321'. [ 161.527005][ T9] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 161.569640][ T9] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 161.653945][ T9] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 161.815968][ T7152] netlink: 28 bytes leftover after parsing attributes in process `syz.2.325'. [ 161.825292][ T7152] netlink: 28 bytes leftover after parsing attributes in process `syz.2.325'. [ 162.004143][ T9] cdc_ncm 2-1:1.0: setting tx_max = 88 [ 162.022404][ T9] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 162.039134][ T9] usb 2-1: USB disconnect, device number 7 [ 162.048436][ T9] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 162.209052][ T5944] usb 5-1: USB disconnect, device number 3 [ 162.244885][ T7157] veth1_macvtap: left promiscuous mode [ 162.251709][ T7157] macsec0: entered promiscuous mode [ 162.257047][ T7157] macsec0: entered allmulticast mode [ 162.268601][ T7157] veth1_macvtap: entered promiscuous mode [ 162.274509][ T7157] veth1_macvtap: entered allmulticast mode [ 162.280484][ T7157] macsec0: left promiscuous mode [ 162.286925][ T7157] macsec0: left allmulticast mode [ 162.292037][ T7157] veth1_macvtap: left allmulticast mode [ 162.299362][ T7157] netlink: 8 bytes leftover after parsing attributes in process `syz.4.327'. [ 162.310613][ T7157] netlink: 24 bytes leftover after parsing attributes in process `syz.4.327'. [ 162.353762][ T7162] FAULT_INJECTION: forcing a failure. [ 162.353762][ T7162] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.368416][ T7162] CPU: 1 UID: 0 PID: 7162 Comm: syz.4.328 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 162.368440][ T7162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 162.368450][ T7162] Call Trace: [ 162.368455][ T7162] [ 162.368462][ T7162] dump_stack_lvl+0x16c/0x1f0 [ 162.368481][ T7162] should_fail_ex+0x512/0x640 [ 162.368498][ T7162] _copy_to_user+0x32/0xd0 [ 162.368514][ T7162] simple_read_from_buffer+0xcb/0x170 [ 162.368530][ T7162] proc_fail_nth_read+0x197/0x270 [ 162.368544][ T7162] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 162.368558][ T7162] ? rw_verify_area+0xcf/0x680 [ 162.368569][ T7162] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 162.368582][ T7162] vfs_read+0x1e1/0xc60 [ 162.368597][ T7162] ? __pfx___mutex_lock+0x10/0x10 [ 162.368613][ T7162] ? __pfx_vfs_read+0x10/0x10 [ 162.368629][ T7162] ? __fget_files+0x20e/0x3c0 [ 162.368648][ T7162] ksys_read+0x12a/0x250 [ 162.368660][ T7162] ? __pfx_ksys_read+0x10/0x10 [ 162.368678][ T7162] do_syscall_64+0xcd/0x4c0 [ 162.368704][ T7162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.368715][ T7162] RIP: 0033:0x7fbec1f8d33c [ 162.368725][ T7162] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 162.368735][ T7162] RSP: 002b:00007fbec2dd8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 162.368746][ T7162] RAX: ffffffffffffffda RBX: 00007fbec21b5fa0 RCX: 00007fbec1f8d33c [ 162.368752][ T7162] RDX: 000000000000000f RSI: 00007fbec2dd80a0 RDI: 0000000000000003 [ 162.368759][ T7162] RBP: 00007fbec2dd8090 R08: 0000000000000000 R09: 0000000000000000 [ 162.368765][ T7162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.368771][ T7162] R13: 0000000000000000 R14: 00007fbec21b5fa0 R15: 00007ffdcc6059f8 [ 162.368784][ T7162] [ 163.529131][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 163.529148][ T30] audit: type=1400 audit(1750996346.216:330): avc: denied { getopt } for pid=7176 comm="syz.2.334" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 163.555338][ C0] vkms_vblank_simulate: vblank timer overrun [ 164.082311][ T30] audit: type=1400 audit(1750996346.286:331): avc: denied { append } for pid=7178 comm="syz.0.335" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 164.105796][ C0] vkms_vblank_simulate: vblank timer overrun [ 164.176541][ T30] audit: type=1400 audit(1750996346.936:332): avc: denied { name_connect } for pid=7183 comm="syz.1.337" dest=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 164.198320][ T5944] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 164.234660][ T7188] __nla_validate_parse: 2 callbacks suppressed [ 164.234671][ T7188] netlink: 84 bytes leftover after parsing attributes in process `syz.1.337'. [ 164.400545][ T5944] usb 1-1: Using ep0 maxpacket: 32 [ 164.416436][ T1151] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.430632][ T5944] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 164.448691][ T5944] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 164.480765][ T5944] usb 1-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00 [ 164.496812][ T5944] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.523393][ T1151] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.543935][ T5944] usb 1-1: config 0 descriptor?? [ 164.553186][ T5944] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 164.634491][ T1151] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.744411][ T1151] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.808105][ T7180] loop6: detected capacity change from 0 to 7 [ 164.834621][ T5820] Dev loop6: unable to read RDB block 7 [ 164.866297][ T5820] loop6: unable to read partition table [ 164.880346][ T5820] loop6: partition table beyond EOD, truncated [ 164.911818][ T7180] Dev loop6: unable to read RDB block 7 [ 164.938652][ T7180] loop6: unable to read partition table [ 164.969356][ T7180] loop6: partition table beyond EOD, truncated [ 165.010605][ T7180] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 165.052917][ T1151] bridge_slave_1: left allmulticast mode [ 165.076640][ T1151] bridge_slave_1: left promiscuous mode [ 165.104583][ T1151] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.104592][ T5867] usb 1-1: USB disconnect, device number 3 [ 165.299067][ T1151] bridge_slave_0: left allmulticast mode [ 165.313284][ T1151] bridge_slave_0: left promiscuous mode [ 165.319143][ T1151] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.708644][ T5824] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 165.718005][ T5824] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 165.727205][ T5824] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 165.737568][ T5824] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 165.747974][ T5824] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 165.780331][ T30] audit: type=1400 audit(1750996348.536:333): avc: denied { mounton } for pid=7211 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 166.064436][ T30] audit: type=1400 audit(1750996348.826:334): avc: denied { setopt } for pid=7219 comm="syz.3.345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 166.137369][ T7223] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input26 [ 166.179709][ T7229] Bluetooth: MGMT ver 1.23 [ 166.185290][ T30] audit: type=1400 audit(1750996348.946:335): avc: denied { kexec_image_load } for pid=7203 comm="syz.2.342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 166.435970][ T7234] netlink: 40 bytes leftover after parsing attributes in process `syz.3.347'. [ 166.858742][ T7243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.348'. [ 167.269159][ T1151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 167.318048][ T1151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 167.359339][ T1151] bond0 (unregistering): Released all slaves [ 167.797558][ T5824] Bluetooth: hci1: command tx timeout [ 167.945790][ T7261] ptrace attach of ""[7262] was attempted by "./syz-executor exec"[7261] [ 168.170290][ T30] audit: type=1400 audit(1750996350.776:336): avc: denied { connect } for pid=7248 comm="syz.1.350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 168.358043][ T7268] netlink: 8 bytes leftover after parsing attributes in process `syz.2.354'. [ 168.880557][ T5894] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 169.052451][ T5894] usb 4-1: config 0 has an invalid interface number: 176 but max is 2 [ 169.075619][ T5894] usb 4-1: config 0 has no interface number 1 [ 169.091910][ T5894] usb 4-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 169.115474][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.141225][ T5894] usb 4-1: config 0 descriptor?? [ 169.499258][ T5894] qcserial 4-1:0.2: Qualcomm USB modem converter detected [ 169.685395][ T7290] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input27 [ 169.795350][ T5944] usb 4-1: USB disconnect, device number 2 [ 169.831714][ T5944] qcserial 4-1:0.2: device disconnected [ 169.870711][ T5824] Bluetooth: hci1: command tx timeout [ 170.162425][ T1151] hsr_slave_0: left promiscuous mode [ 170.186943][ T1151] hsr_slave_1: left promiscuous mode [ 170.193599][ T1151] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 170.201726][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 170.213486][ T1151] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 170.217970][ T7303] netlink: 44 bytes leftover after parsing attributes in process `syz.0.360'. [ 170.225184][ T1151] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 170.238745][ T7303] netlink: 4 bytes leftover after parsing attributes in process `syz.0.360'. [ 170.290800][ T1151] veth1_macvtap: left promiscuous mode [ 170.303319][ T1151] veth0_macvtap: left promiscuous mode [ 170.977925][ T7319] netlink: 8 bytes leftover after parsing attributes in process `syz.3.361'. [ 171.960757][ T5824] Bluetooth: hci1: command tx timeout [ 172.123773][ T7333] netlink: 8 bytes leftover after parsing attributes in process `syz.1.365'. [ 173.997628][ T7346] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input28 [ 174.040605][ T5824] Bluetooth: hci1: command tx timeout [ 174.189742][ T1151] team0 (unregistering): Port device team_slave_1 removed [ 174.225866][ T1151] team0 (unregistering): Port device team_slave_0 removed [ 174.606936][ T5935] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 174.650115][ T7211] chnl_net:caif_netlink_parms(): no params data found [ 175.187163][ T5935] usb 2-1: New USB device found, idVendor=046d, idProduct=08b7, bcdDevice=ca.8e [ 175.199199][ T7360] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 175.221706][ T5935] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.477446][ T7371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.373'. [ 175.899376][ T5935] pwc: Logitech ViewPort AV 100 webcam detected. [ 176.011669][ T7211] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.026608][ T7211] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.043066][ T7211] bridge_slave_0: entered allmulticast mode [ 176.056755][ T7211] bridge_slave_0: entered promiscuous mode [ 176.338037][ T7355] bpq0: entered promiscuous mode [ 176.345913][ T5935] pwc: Failed to set LED on/off time (-71) [ 176.364185][ T5935] pwc: send_video_command error -71 [ 176.369410][ T5935] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 176.370139][ T7211] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.389111][ T5935] Philips webcam 2-1:127.0: probe with driver Philips webcam failed with error -71 [ 176.422852][ T7211] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.440970][ T7211] bridge_slave_1: entered allmulticast mode [ 176.465925][ T7373] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=49 sclass=netlink_audit_socket pid=7373 comm=syz.0.375 [ 176.479998][ T7211] bridge_slave_1: entered promiscuous mode [ 176.548664][ T5935] usb 2-1: USB disconnect, device number 8 [ 176.647859][ T7211] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.682991][ T7211] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.772606][ T7211] team0: Port device team_slave_0 added [ 176.789303][ T7211] team0: Port device team_slave_1 added [ 176.876200][ T7211] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.883723][ T7211] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.909618][ C0] vkms_vblank_simulate: vblank timer overrun [ 176.920285][ T7211] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.933550][ T7211] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.940797][ T7211] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.993132][ T7211] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.124831][ T7211] hsr_slave_0: entered promiscuous mode [ 177.140262][ T7211] hsr_slave_1: entered promiscuous mode [ 177.151815][ T7211] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 177.165377][ T7399] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input29 [ 177.185928][ T7211] Cannot create hsr debugfs directory [ 177.343167][ T7403] netlink: 'syz.2.382': attribute type 4 has an invalid length. [ 177.882530][ T7417] input: syz1 as /devices/virtual/input/input30 [ 178.476483][ T7429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.387'. [ 178.680742][ T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 178.706500][ T7211] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 178.726172][ T7211] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 178.742645][ T7211] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 178.777600][ T7211] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 178.850652][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 178.867861][ T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 178.878424][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 178.916414][ T10] usb 2-1: config 0 has no interface number 0 [ 178.971709][ T10] usb 2-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 178.988119][ T7445] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input31 [ 179.111673][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.129741][ T7211] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.212780][ T10] usb 2-1: Product: syz [ 179.216981][ T10] usb 2-1: Manufacturer: syz [ 179.241930][ T10] usb 2-1: SerialNumber: syz [ 179.262805][ T7211] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.274731][ T10] usb 2-1: config 0 descriptor?? [ 179.316016][ T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 179.329590][ T7323] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.336697][ T7323] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.383799][ T10] snd-usb-audio 2-1:0.1: probe with driver snd-usb-audio failed with error -2 [ 179.422445][ T7323] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.429542][ T7323] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.561842][ T5820] udevd[5820]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 179.629848][ T7211] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 179.649429][ T7428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 179.731448][ T7428] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.953797][ T7211] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.996587][ T5893] usb 2-1: USB disconnect, device number 9 [ 181.102135][ T7470] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input32 [ 181.239320][ T30] audit: type=1400 audit(1750996363.996:337): avc: denied { read write } for pid=7477 comm="syz.0.394" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 181.351156][ T30] audit: type=1400 audit(1750996364.036:338): avc: denied { open } for pid=7477 comm="syz.0.394" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 181.375399][ C0] vkms_vblank_simulate: vblank timer overrun [ 182.303286][ T7211] veth0_vlan: entered promiscuous mode [ 182.316933][ T7211] veth1_vlan: entered promiscuous mode [ 182.342866][ T7211] veth0_macvtap: entered promiscuous mode [ 182.358285][ T7211] veth1_macvtap: entered promiscuous mode [ 182.466452][ T30] audit: type=1400 audit(1750996365.216:339): avc: denied { name_bind } for pid=7484 comm="syz.2.396" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 182.487807][ C0] vkms_vblank_simulate: vblank timer overrun [ 182.599311][ T7211] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 182.704520][ T7488] ------------[ cut here ]------------ [ 182.704609][ T7488] WARNING: CPU: 0 PID: 7488 at drivers/gpu/drm/vkms/vkms_crtc.c:97 vkms_get_vblank_timestamp+0x167/0x1b0 [ 182.704657][ T7488] Modules linked in: [ 182.704735][ T7488] CPU: 0 UID: 0 PID: 7488 Comm: syz.2.396 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 182.704772][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.704796][ T7488] RIP: 0010:vkms_get_vblank_timestamp+0x167/0x1b0 [ 182.704831][ T7488] Code: b7 fb e8 1c ab a4 fb 4c 89 e1 48 ba 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c 11 00 75 43 49 89 04 24 eb c0 e8 fa 42 b7 fb 90 <0f> 0b 90 eb b5 e8 5f 20 1e fc e9 dc fe ff ff e8 e5 20 1e fc e9 14 [ 182.704862][ T7488] RSP: 0018:ffffc9000f636fc0 EFLAGS: 00010283 [ 182.704906][ T7488] RAX: 00000000000056dc RBX: ffff888025d78028 RCX: ffffc9000dca9000 [ 182.704932][ T7488] RDX: 0000000000080000 RSI: ffffffff8604dd76 RDI: 0000000000000006 [ 182.704956][ T7488] RBP: 0000002a8822df03 R08: 0000000000000006 R09: 0000002a8822df03 [ 182.704981][ T7488] R10: 0000002a8822df03 R11: 0000000000000001 R12: ffffc9000f637128 [ 182.705005][ T7488] R13: 0000002a8822df03 R14: 0000000000004e20 R15: ffffffff8604dc10 [ 182.705030][ T7488] FS: 00007f6e195a56c0(0000) GS:ffff888124752000(0000) knlGS:0000000000000000 [ 182.705061][ T7488] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 182.705089][ T7488] CR2: 0000200000001900 CR3: 000000002cf88000 CR4: 00000000003526f0 [ 182.705117][ T7488] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 182.705141][ T7488] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 182.705166][ T7488] Call Trace: [ 182.705188][ T7488] [ 182.705210][ T7488] ? lockdep_hardirqs_on+0x7c/0x110 [ 182.705260][ T7488] drm_crtc_get_last_vbltimestamp+0x102/0x1b0 [ 182.705298][ T7488] ? __pfx_drm_crtc_get_last_vbltimestamp+0x10/0x10 [ 182.705359][ T7488] drm_crtc_next_vblank_start+0x182/0x300 [ 182.705390][ T7488] ? lockdep_hardirqs_on+0x7c/0x110 [ 182.705429][ T7488] drm_atomic_helper_wait_for_fences+0x203/0x830 [ 182.705475][ T7488] ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10 [ 182.705514][ T7488] ? ktime_get+0x221/0x310 [ 182.705551][ T7488] ? ktime_get+0xad/0x310 [ 182.705586][ T7488] ? read_tsc+0x9/0x20 [ 182.705618][ T7488] ? ktime_get+0x1a7/0x310 [ 182.705658][ T7488] commit_tail+0x83/0x400 [ 182.705717][ T7488] drm_atomic_helper_commit+0x2fd/0x380 [ 182.705757][ T7488] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 182.705798][ T7488] drm_atomic_commit+0x234/0x300 [ 182.705829][ T7488] ? __pfx_drm_atomic_commit+0x10/0x10 [ 182.705859][ T7488] ? __pfx___drm_printfn_info+0x10/0x10 [ 182.705912][ T7488] ? drm_client_modeset_commit_atomic+0x695/0x7e0 [ 182.705956][ T7488] drm_client_modeset_commit_atomic+0x69d/0x7e0 [ 182.706021][ T7488] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 182.706127][ T7488] ? drm_client_modeset_commit_locked+0xd7/0x580 [ 182.706189][ T7488] drm_client_modeset_commit_locked+0x14d/0x580 [ 182.706241][ T7488] drm_fb_helper_pan_display+0x32d/0xa40 [ 182.706284][ T7488] ? lockdep_hardirqs_on+0x7c/0x110 [ 182.706343][ T7488] fb_pan_display+0x479/0x7d0 [ 182.706379][ T7488] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 182.706420][ T7488] bit_update_start+0x49/0x1f0 [ 182.706459][ T7488] ? fbcon_switch+0xafa/0x14c0 [ 182.706496][ T7488] fbcon_switch+0xbf8/0x14c0 [ 182.706555][ T7488] ? __pfx_fbcon_switch+0x10/0x10 [ 182.706638][ T7488] ? set_origin+0x15a/0x3f0 [ 182.706671][ T7488] ? set_origin+0x22d/0x3f0 [ 182.706722][ T7488] redraw_screen+0x2c1/0x760 [ 182.706761][ T7488] ? __pfx_redraw_screen+0x10/0x10 [ 182.706820][ T7488] fbcon_blank+0x652/0xd20 [ 182.706861][ T7488] ? __pfx_fbcon_blank+0x10/0x10 [ 182.706920][ T7488] ? irqentry_exit+0x3b/0x90 [ 182.706957][ T7488] ? lockdep_hardirqs_on+0x7c/0x110 [ 182.706996][ T7488] ? __pfx_fbcon_blank+0x10/0x10 [ 182.707056][ T7488] ? __pfx_fbcon_blank+0x10/0x10 [ 182.707093][ T7488] do_unblank_screen+0x27b/0x4c0 [ 182.707130][ T7488] poke_blanked_console+0x24c/0x2d0 [ 182.707170][ T7488] set_selection_kernel+0xb8/0x14a0 [ 182.707206][ T7488] ? bpf_lsm_capable+0x9/0x10 [ 182.707243][ T7488] ? security_capable+0x7e/0x260 [ 182.707281][ T7488] set_selection_user+0xe8/0x140 [ 182.707316][ T7488] ? __pfx_set_selection_user+0x10/0x10 [ 182.707355][ T7488] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 182.707392][ T7488] tioclinux+0x2b1/0x640 [ 182.707432][ T7488] vt_ioctl+0x1fdf/0x30a0 [ 182.707473][ T7488] ? __pfx_vt_ioctl+0x10/0x10 [ 182.707504][ T7488] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 182.707542][ T7488] ? rcu_is_watching+0x12/0xc0 [ 182.707577][ T7488] ? irqentry_exit+0x3b/0x90 [ 182.707614][ T7488] ? lockdep_hardirqs_on+0x7c/0x110 [ 182.707676][ T7488] ? tty_jobctrl_ioctl+0x152/0xe00 [ 182.707710][ T7488] ? tty_jobctrl_ioctl+0x152/0xe00 [ 182.707744][ T7488] ? tty_jobctrl_ioctl+0x152/0xe00 [ 182.707778][ T7488] ? __pfx_vt_ioctl+0x10/0x10 [ 182.707808][ T7488] tty_ioctl+0x661/0x1640 [ 182.707848][ T7488] ? __pfx_tty_ioctl+0x10/0x10 [ 182.707886][ T7488] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 182.707950][ T7488] ? hook_file_ioctl_common+0x145/0x410 [ 182.708014][ T7488] ? selinux_file_ioctl+0x180/0x270 [ 182.708051][ T7488] ? selinux_file_ioctl+0xb4/0x270 [ 182.708090][ T7488] ? __pfx_tty_ioctl+0x10/0x10 [ 182.708130][ T7488] __x64_sys_ioctl+0x18b/0x210 [ 182.708168][ T7488] do_syscall_64+0xcd/0x4c0 [ 182.708210][ T7488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.708247][ T7488] RIP: 0033:0x7f6e1878e929 [ 182.708277][ T7488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.708308][ T7488] RSP: 002b:00007f6e195a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 182.708329][ T7488] RAX: ffffffffffffffda RBX: 00007f6e189b6080 RCX: 00007f6e1878e929 [ 182.708354][ T7488] RDX: 0000200000001900 RSI: 000000000000541c RDI: 000000000000000a [ 182.708379][ T7488] RBP: 00007f6e18810b39 R08: 0000000000000000 R09: 0000000000000000 [ 182.708403][ T7488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.708426][ T7488] R13: 0000000000000000 R14: 00007f6e189b6080 R15: 00007ffefce326f8 [ 182.708480][ T7488] [ 182.708504][ T7488] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 182.708517][ T7488] CPU: 0 UID: 0 PID: 7488 Comm: syz.2.396 Not tainted 6.16.0-rc3-syzkaller-00116-ge34a79b96ab9 #0 PREEMPT(full) [ 182.708540][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.708552][ T7488] Call Trace: [ 182.708559][ T7488] [ 182.708566][ T7488] dump_stack_lvl+0x3d/0x1f0 [ 182.708594][ T7488] panic+0x71c/0x800 [ 182.708622][ T7488] ? __pfx_panic+0x10/0x10 [ 182.708650][ T7488] ? show_trace_log_lvl+0x29b/0x3e0 [ 182.708689][ T7488] ? vkms_get_vblank_timestamp+0x167/0x1b0 [ 182.708710][ T7488] check_panic_on_warn+0xab/0xb0 [ 182.708740][ T7488] __warn+0xf6/0x3c0 [ 182.708769][ T7488] ? vkms_get_vblank_timestamp+0x167/0x1b0 [ 182.708790][ T7488] report_bug+0x3c3/0x580 [ 182.708814][ T7488] ? vkms_get_vblank_timestamp+0x167/0x1b0 [ 182.708836][ T7488] handle_bug+0x184/0x210 [ 182.708866][ T7488] exc_invalid_op+0x17/0x50 [ 182.708884][ T7488] asm_exc_invalid_op+0x1a/0x20 [ 182.708901][ T7488] RIP: 0010:vkms_get_vblank_timestamp+0x167/0x1b0 [ 182.708921][ T7488] Code: b7 fb e8 1c ab a4 fb 4c 89 e1 48 ba 00 00 00 00 00 fc ff df 48 c1 e9 03 80 3c 11 00 75 43 49 89 04 24 eb c0 e8 fa 42 b7 fb 90 <0f> 0b 90 eb b5 e8 5f 20 1e fc e9 dc fe ff ff e8 e5 20 1e fc e9 14 [ 182.708940][ T7488] RSP: 0018:ffffc9000f636fc0 EFLAGS: 00010283 [ 182.708954][ T7488] RAX: 00000000000056dc RBX: ffff888025d78028 RCX: ffffc9000dca9000 [ 182.708967][ T7488] RDX: 0000000000080000 RSI: ffffffff8604dd76 RDI: 0000000000000006 [ 182.708979][ T7488] RBP: 0000002a8822df03 R08: 0000000000000006 R09: 0000002a8822df03 [ 182.708990][ T7488] R10: 0000002a8822df03 R11: 0000000000000001 R12: ffffc9000f637128 [ 182.709002][ T7488] R13: 0000002a8822df03 R14: 0000000000004e20 R15: ffffffff8604dc10 [ 182.709014][ T7488] ? __pfx_vkms_get_vblank_timestamp+0x10/0x10 [ 182.709041][ T7488] ? vkms_get_vblank_timestamp+0x166/0x1b0 [ 182.709065][ T7488] ? lockdep_hardirqs_on+0x7c/0x110 [ 182.709092][ T7488] drm_crtc_get_last_vbltimestamp+0x102/0x1b0 [ 182.709115][ T7488] ? __pfx_drm_crtc_get_last_vbltimestamp+0x10/0x10 [ 182.709147][ T7488] drm_crtc_next_vblank_start+0x182/0x300 [ 182.709167][ T7488] ? lockdep_hardirqs_on+0x7c/0x110 [ 182.709194][ T7488] drm_atomic_helper_wait_for_fences+0x203/0x830 [ 182.709234][ T7488] ? __pfx_drm_atomic_helper_wait_for_fences+0x10/0x10 [ 182.709260][ T7488] ? ktime_get+0x221/0x310 [ 182.709286][ T7488] ? ktime_get+0xad/0x310 [ 182.709312][ T7488] ? read_tsc+0x9/0x20 [ 182.709331][ T7488] ? ktime_get+0x1a7/0x310 [ 182.709360][ T7488] commit_tail+0x83/0x400 [ 182.709392][ T7488] drm_atomic_helper_commit+0x2fd/0x380 [ 182.709420][ T7488] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 182.709449][ T7488] drm_atomic_commit+0x234/0x300 [ 182.709467][ T7488] ? __pfx_drm_atomic_commit+0x10/0x10 [ 182.709483][ T7488] ? __pfx___drm_printfn_info+0x10/0x10 [ 182.709510][ T7488] ? drm_client_modeset_commit_atomic+0x695/0x7e0 [ 182.709544][ T7488] drm_client_modeset_commit_atomic+0x69d/0x7e0 [ 182.709584][ T7488] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 182.709636][ T7488] ? drm_client_modeset_commit_locked+0xd7/0x580 [ 182.709676][ T7488] drm_client_modeset_commit_locked+0x14d/0x580 [ 182.709711][ T7488] drm_fb_helper_pan_display+0x32d/0xa40 [ 182.709739][ T7488] ? lockdep_hardirqs_on+0x7c/0x110 [ 182.709769][ T7488] fb_pan_display+0x479/0x7d0 [ 182.709792][ T7488] ? __pfx_drm_fb_helper_pan_display+0x10/0x10 [ 182.709821][ T7488] bit_update_start+0x49/0x1f0 [ 182.709846][ T7488] ? fbcon_switch+0xafa/0x14c0 [ 182.709871][ T7488] fbcon_switch+0xbf8/0x14c0 [ 182.709903][ T7488] ? __pfx_fbcon_switch+0x10/0x10 [ 182.709945][ T7488] ? set_origin+0x15a/0x3f0 [ 182.709965][ T7488] ? set_origin+0x22d/0x3f0 [ 182.709988][ T7488] redraw_screen+0x2c1/0x760 [ 182.710014][ T7488] ? __pfx_redraw_screen+0x10/0x10 [ 182.710046][ T7488] fbcon_blank+0x652/0xd20 [ 182.710075][ T7488] ? __pfx_fbcon_blank+0x10/0x10 [ 182.710105][ T7488] ? irqentry_exit+0x3b/0x90 [ 182.710130][ T7488] ? lockdep_hardirqs_on+0x7c/0x110 [ 182.710158][ T7488] ? __pfx_fbcon_blank+0x10/0x10 [ 182.710190][ T7488] ? __pfx_fbcon_blank+0x10/0x10 [ 182.710215][ T7488] do_unblank_screen+0x27b/0x4c0 [ 182.710250][ T7488] poke_blanked_console+0x24c/0x2d0 [ 182.710279][ T7488] set_selection_kernel+0xb8/0x14a0 [ 182.710304][ T7488] ? bpf_lsm_capable+0x9/0x10 [ 182.710323][ T7488] ? security_capable+0x7e/0x260 [ 182.710349][ T7488] set_selection_user+0xe8/0x140 [ 182.710371][ T7488] ? __pfx_set_selection_user+0x10/0x10 [ 182.710397][ T7488] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 182.710420][ T7488] tioclinux+0x2b1/0x640 [ 182.710449][ T7488] vt_ioctl+0x1fdf/0x30a0 [ 182.710471][ T7488] ? __pfx_vt_ioctl+0x10/0x10 [ 182.710487][ T7488] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 182.710507][ T7488] ? rcu_is_watching+0x12/0xc0 [ 182.710527][ T7488] ? irqentry_exit+0x3b/0x90 [ 182.710549][ T7488] ? lockdep_hardirqs_on+0x7c/0x110 [ 182.710582][ T7488] ? tty_jobctrl_ioctl+0x152/0xe00 [ 182.710602][ T7488] ? tty_jobctrl_ioctl+0x152/0xe00 [ 182.710623][ T7488] ? tty_jobctrl_ioctl+0x152/0xe00 [ 182.710645][ T7488] ? __pfx_vt_ioctl+0x10/0x10 [ 182.710663][ T7488] tty_ioctl+0x661/0x1640 [ 182.710690][ T7488] ? __pfx_tty_ioctl+0x10/0x10 [ 182.710717][ T7488] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 182.710752][ T7488] ? hook_file_ioctl_common+0x145/0x410 [ 182.710789][ T7488] ? selinux_file_ioctl+0x180/0x270 [ 182.710813][ T7488] ? selinux_file_ioctl+0xb4/0x270 [ 182.710839][ T7488] ? __pfx_tty_ioctl+0x10/0x10 [ 182.710866][ T7488] __x64_sys_ioctl+0x18b/0x210 [ 182.710891][ T7488] do_syscall_64+0xcd/0x4c0 [ 182.710920][ T7488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.710938][ T7488] RIP: 0033:0x7f6e1878e929 [ 182.710953][ T7488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.710971][ T7488] RSP: 002b:00007f6e195a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 182.710989][ T7488] RAX: ffffffffffffffda RBX: 00007f6e189b6080 RCX: 00007f6e1878e929 [ 182.711002][ T7488] RDX: 0000200000001900 RSI: 000000000000541c RDI: 000000000000000a [ 182.711013][ T7488] RBP: 00007f6e18810b39 R08: 0000000000000000 R09: 0000000000000000 [ 182.711025][ T7488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.711036][ T7488] R13: 0000000000000000 R14: 00007f6e189b6080 R15: 00007ffefce326f8 [ 182.711062][ T7488] [ 182.711261][ T7488] Kernel Offset: disabled