last executing test programs: 37.070844615s ago: executing program 3 (id=1318): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x401, 0x3f000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5000000}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x40}, 0x1, 0xd}, 0x0) 36.854104722s ago: executing program 3 (id=1320): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='sched\x00') write$FUSE_INIT(r0, 0x0, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r1, &(0x7f0000001640)={&(0x7f0000000240)={0x2, 0x4e20, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_tos_int={{0x14}}], 0x18}, 0x1) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x19) ioctl$TCFLSH(r2, 0x40085500, 0x2) r3 = syz_io_uring_setup(0x422d, &(0x7f0000000340)={0x0, 0xfffffffd, 0x20, 0x3}, &(0x7f0000000000), &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x7, 0x0, &(0x7f00000000c0)) syz_io_uring_setup(0x1866, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000100)) r6 = socket$kcm(0x10, 0x2, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES64=r7], 0x4c}}, 0x0) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$kcm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000140)="d800000018007b29e00212ba0d8105040a601800fe0f040b067c55a1bc001e00b80006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ccd40dd601edef3d93452a92307ff0ff0e97031e9f05e9f16e9cb500"/216, 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000480)={0x8, 0x80f, &(0x7f0000000280)="83533cb8", &(0x7f0000000440)="6d1785fdda4a311963e59964804db65b2d9cf9fa5b4ccb03dd872183fe4d58e4769c266de78ed5f1bc82f68c", 0x4, 0x2c}) syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r3, 0x184d, 0x0, 0x42, 0x0, 0x0) 36.170618935s ago: executing program 3 (id=1321): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000002380), 0x0, 0x0) read$fb(r0, &(0x7f0000000040)=""/12, 0xc) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000003c0), 0x240, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10002, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x180, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = epoll_create(0x3) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET_DEF(r5, 0x4b72, &(0x7f0000000040)={0x2, 0x0, 0x1c, 0x1c, 0x152, 0x0}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x40000002}) ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000580)=""/96) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0xd7, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x0, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) 35.238649366s ago: executing program 3 (id=1324): openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x800, 0x3}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_emit_ethernet(0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) socket$nl_generic(0x10, 0x3, 0x10) io_uring_enter(r2, 0x47ba, 0xfffffff5, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x9, 0x4, 0x8040000000000000}) close_range(r5, 0xffffffffffffffff, 0x200000000000000) 35.071840749s ago: executing program 3 (id=1326): syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x100000) r0 = epoll_create1(0x0) r1 = socket(0x1, 0x80802, 0x0) r2 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xa000000d}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) r3 = syz_io_uring_setup(0x88f, &(0x7f00000001c0)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffff8}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}}) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x14, 0x1, 0x0, 0x0, {{@in=@multicast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xf, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x2}, 0x2, 0x8}}, 0xb8}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x20002003}) epoll_pwait(r2, &(0x7f0000000080), 0x0, 0x80000020, 0x0, 0x0) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001780), 0x2, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(r7, &(0x7f0000001900)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0xb}}, 0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, 0x0, 0x0) close(r2) shutdown(r1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$netlink(0x10, 0x3, 0x14) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) r9 = getpid() ioctl$sock_SIOCSPGRP(r8, 0x8902, &(0x7f0000000040)=r9) sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r8, &(0x7f0000000300)='\t&', 0x2, 0x44031, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0}, 0x18) socket(0x15, 0x5, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) 33.770699319s ago: executing program 3 (id=1332): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="454bf47b848bc12bd2d316af00"/32, @ANYRES32=0x0, @ANYRES32], 0x48) r1 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) madvise(&(0x7f000004a000/0x1000)=nil, 0x1000, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = open$dir(0x0, 0x480002, 0x200) r3 = open_tree(r2, 0x0, 0x1) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r4, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) read$char_usb(r5, &(0x7f0000000b00)=""/4096, 0x1000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b708", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="00000000000001018510000007", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$IOC_PR_RESERVE(r3, 0x401070c9, &(0x7f00000001c0)={0xc, 0x200}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = getpid() sched_setscheduler(r6, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) io_setup(0xa, 0x0) io_submit(0x0, 0x0, &(0x7f0000000180)) 25.566667135s ago: executing program 2 (id=1359): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, 0x0, 0x20000000) r1 = socket$inet6(0xa, 0x6, 0x0) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x7) ioctl$TIOCSETD(r2, 0x5423, 0x0) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[], 0x10b8}, 0x200008c0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x9, '\x00', r5, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0, @void, @value, @void, @value}, 0x50) r6 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) fcntl$setlease(r6, 0x400, 0x0) mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\xc078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x0, 0x0) mq_unlink(&(0x7f0000000340)='eth0\x00') r7 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r7, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[], 0x18, 0xe000}, 0x5}], 0x1, 0x0) 25.487083248s ago: executing program 2 (id=1360): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) (async, rerun: 32) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x12, 0xffffffffffffffff, 0x0) (rerun: 32) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000250, 0x0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60}) (async) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) (async) readv(r3, &(0x7f0000000240)=[{0x0}], 0x1) (async, rerun: 32) close(r3) (async, rerun: 32) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000040)={{0x0, 0x1}}) (async) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r6, 0x80585414, &(0x7f0000000080)) (async, rerun: 32) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async, rerun: 32) clock_gettime(0x0, &(0x7f0000001200)) (async) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10e\x00'/18, 0x0) recvmmsg(r7, &(0x7f0000001040), 0x0, 0x2b90760db42614d4, 0x0) (async, rerun: 64) pwritev(r7, &(0x7f00000008c0), 0x0, 0xd, 0x1) (async, rerun: 64) sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) (async) bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r5}, 0xc) syz_open_dev$hiddev(0x0, 0x8, 0x80200) 25.46151267s ago: executing program 2 (id=1361): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff1d6405000000000065040400210000000404000001e37c60b704000000000e006a0a00fe000000008500000032000000b70000000000000095000000000000000ce0de7621e5e832249c04112cf7af2b75d0d1f034b1b3fb6bd3ce8fa62c7941272ff49142d860010ab162aa2264ab67e55a00000000000000edfe0969a9ddc125b686a1e83c8790c893d713b3295dad0ea697181d1e85b64126b5d72f204754d1d4a93f24215dee354e93cfc3f50ff23f8432c72012f021c84c59a9d4c142f439d3040cfee621589fb3a2f1407c7cbed48e7026f8d52d4bca2608c79aa4a73732028f88ce07ed1075da4a2ef44e3d8b88873f0b1de87dfb6d15936ec0a27cb554def9e27396df6b7851ffa26237ea6730880f06371beb3b290b7d8629a6f0373fefa0acb60888fc14ad2b83ca03ac2aee792482ced58af4140cc4ce3efef26e00c5b2200a91cb80c6065a697d6fc8aa8b65aee0783b04cff0218ce82c9687b4474da89c474c23727555fc5e5f8ad0f2f7a261140440fce1f12cc6df312accd011d888384283092d987c40bbb46f68c2431b97906f00000000349834fa147bd5923bbd4e606708034931a8f1a89bdf77093a0000427aab8e21e1a33d3fe093547532fce6549dd648ad233e05a7b3ea178007c1c32e871ac81f287c4aabbd153390b16d1d41ee433e3aee000000000009e106d6b5289f0000000000000000000000f7bc9f46cb71f6b889d37807865e3b4e9916dd0f72c9d58ea333b90f8886dcbf5ddda0e42ca08e3303632401f2f5212b40c0e88c957fd767dbfc80b07ad668b4f6f92fb209d7c2dbac597843c8eb7bf92fe6d0bb0b72549795c2ed19e441eb69869844152ba9da0588e42cdbc5fcd245ce5e3ef0dca64931276702a312db7956f0a75eb9caa17d47a6331c7c963cbf86a845ce27c26b7136d3e7207318b1df7a6320c64f18ccd926eaeddcde8d5006d6c38db117fb1115221a66169172720ccca770bff37e59511b2606138377eda44b2f288b491ab8aae0e11a98303b0e407e0f9d21f4a3ebbd3fabf6da9a1a1f869a339fab465d8322b7280b0734fd115a19b33c8644fff71b3c62f2e1b827e2663e06a751182e968c8ab05fb1d0115d4b11d944f2c06acc023a02b7416a9a10218d21503cda13bb5df6c992e52e1c01793b728eac000058ab3b3900d279297dadc127e2f38fc60c23af2e1fefa5a83456647191ba1953d320f59aa261fe79613df6bf43884e9649691e32680d75a541c27ffe74f9d13340f2cf1c7dc2b7db01213216cd4ecfd30efe137641471987"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x5, 0x0, 0x0) r8 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000280)={0x1, @pix={0x0, 0xfffffffe, 0x3247504d, 0x7, 0x0, 0x100000, 0x1, 0xfeedcafe, 0x3, 0x7, 0x1, 0x2}}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r3, 0x0, 0xffffffffffffffff, 0x1}) r9 = syz_io_uring_setup(0x39, &(0x7f0000000280)={0x0, 0xe7b7, 0x800, 0x3}, &(0x7f0000000240), &(0x7f0000001880)) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r9, 0x21, &(0x7f0000000440), 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) 23.408126942s ago: executing program 4 (id=1364): r0 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'gretap0\x00', &(0x7f0000000300)={'gretap0\x00', 0x0, 0x80, 0x20, 0xfff, 0x3178, {{0x23, 0x4, 0x2, 0x2d, 0x8c, 0x66, 0x0, 0xfe, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0xe}, @rand_addr=0x64010100, {[@timestamp_addr={0x44, 0x1c, 0xba, 0x1, 0xd, [{@empty, 0x2}, {@broadcast, 0x7}, {@broadcast, 0x9}]}, @timestamp={0x44, 0x14, 0x7f, 0x0, 0x8, [0x4, 0xee, 0x6, 0x1d46]}, @timestamp={0x44, 0xc, 0x6f, 0x0, 0x1, [0x966, 0x3]}, @lsrr={0x83, 0x23, 0xa1, [@local, @broadcast, @empty, @empty, @rand_addr=0x64010102, @local, @empty, @multicast1]}, @noop, @cipso={0x86, 0x16, 0x3, [{0x1, 0x10, "9b244262d01b4c722753f7df8221"}]}]}}}}}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000240)=ANY=[@ANYRESHEX=r0, @ANYRES16=r1], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r2}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) listen(0xffffffffffffffff, 0x4000000) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) write$khugepaged_scan(r0, &(0x7f00000003c0), 0x8) 23.394130063s ago: executing program 1 (id=1365): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ptrace(0x10, r0) ptrace$peeksig(0x4209, r0, &(0x7f0000000700), 0x0) socket$nl_generic(0x10, 0x3, 0x10) getxattr(0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e62, 0xffffff01, @mcast1, 0x5}, 0x1c) socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x89}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) preadv(r2, &(0x7f0000000200)=[{&(0x7f0000000100)=""/24, 0x11}, {0x0, 0x2}], 0x2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000002000)=""/102400, 0x19000) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x400a101) 23.214969081s ago: executing program 4 (id=1366): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xd, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x1c}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x30000000}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x50, 0x6000000}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x2}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0xf1}, {0x7, 0x1, 0x2, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x3, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 22.775831496s ago: executing program 0 (id=1367): getpid() syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000000c0)={0x4f, 0x8204, 0x5, 0x10000, 0x0}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000200)={r1, @in6={{0xa, 0x4e24, 0xfffffff9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9}}}, 0x84) getpid() bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff) openat$fb0(0xffffffffffffff9c, 0x0, 0x180300, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02006edc844d64ee034a562ad8b72b3200", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r5}, 0x10) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) r6 = syz_open_procfs(0x0, &(0x7f0000002700)='cmdline\x00') read$FUSE(r6, &(0x7f0000000000)={0x2020}, 0xfffffc7a) 21.921210158s ago: executing program 4 (id=1368): getpid() syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000000c0)={0x4f, 0x8204, 0x5, 0x10000, 0x0}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000200)={r1, @in6={{0xa, 0x4e24, 0xfffffff9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9}}}, 0x84) getpid() bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff) openat$fb0(0xffffffffffffff9c, 0x0, 0x180300, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02006edc844d64ee034a562ad8b72b3200", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r5}, 0x10) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) r6 = syz_open_procfs(0x0, &(0x7f0000002700)='cmdline\x00') read$FUSE(r6, &(0x7f0000000000)={0x2020}, 0xfffffc7a) 21.920322572s ago: executing program 2 (id=1369): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYNAME(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000006060102000000000000000007000005050001"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20004080) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) r4 = io_uring_setup(0x6b4d, &(0x7f0000000180)={0x0, 0x1adb, 0x0, 0x2, 0xdffffffd}) r5 = memfd_create(0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000800)=[{{&(0x7f0000000000)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000280)="b14b3656d25efdb31c5a1e18cb546293fbc8f69ee46733a9777b988aed50edd40d6f1f67dd720e7cabaf2574560abfd1757b69a8b27448595a97a07fa478926f7b31e51cc588ab3a856bc28ecc30142b237f4043dea549bc1aa259fea472b62cb984d33ad860cc20182b761ad4c08e49e996799fb930ab07617f85daa33b23c4da76e40b227a7722412d04b855a25f6b8aabc2606e3f0b80d6071ee25de55cdac5c75714b48ccd30992af834fda845ec1338efe077c637ffe13957fbf0efa2e5ada7805b0a833d3438bfee9f06e19ce9d5b2bb81dd2d87cdbc60f5e802c5600255fe330d9d", 0xe5}, {&(0x7f0000000140)="6d142016879e364eef33a85ab5f131b19c3ced7ade744dbb0d402f0a1d9899df098fbaf9e84639a7d030503cca", 0x2d}, {&(0x7f0000000380)="1724274ebc8bfeef13f09a2e2ba92c4701aacb144c94851d349d13c568e378f972a46a5bf9cd5e84d617dcd12bc6a175f1ceed0d42c094e56eb22083058ca7cde565ad83bde761d252b286a986f63f21c76e306b1992d9ec2b", 0x59}, {&(0x7f0000000440)="cb63dc410a6695da215cb110e6577b8bd5604124665be221ffdacb50", 0x1c}, {&(0x7f0000000540)="ce5594872ae223d5a6c5b6b593ea6e3664b1bed9ba270c9ede0e74f654a806389ba1baf0f7fb1a9fee6a64215d1ef15ce1d1d66636ab613cc150ba343c8023289b89032f6f8778823e9ad1ebe96c6ca2ef9a746ee5312aab65404d157d4e8ef2f172475d15014e8c40e012219f8ca109556d3cc9062c42fe468b3667142c683af9b97b86d5ba360f8b0878a408de0d1c11c1a0ae3bc65014d84716d4f7bc1ba46f60203695880a2c40f4c8ab0035c7fdac82afd48bbee7c70ff9472d96bd1757b781f1ee4fde183479b6e2a64631a409f3e20340c327037d79d81f7a5d9b49506a11b99fb69c5ff91ebb0666e75c4ae32b", 0xf1}], 0x5, &(0x7f0000000740)=[@rights={{0x30, 0x1, 0x1, [r3, r3, r4, 0xffffffffffffffff, r4, r5, r3, r4]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r0, r5]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, r3, 0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xc0, 0x8000}}], 0x1, 0x44040) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x40000160, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r8, 0x4048ae9b, &(0x7f0000000200)={0x4376ea830d56d49d}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) openat$cgroup_root(0xffffff9c, 0x0, 0x200002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) 21.918352589s ago: executing program 1 (id=1370): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) fcntl$setlease(r2, 0x400, 0x0) mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\xc078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x8, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) io_uring_setup(0x3e45, 0x0) clock_gettime(0x0, &(0x7f0000000300)) fsopen(&(0x7f00000001c0)='affs\x00', 0x1) close_range(r0, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) 21.730776673s ago: executing program 1 (id=1371): r0 = socket$nl_route(0x10, 0x3, 0x0) pipe2$watch_queue(&(0x7f0000002240)={0xffffffffffffffff}, 0x80) (async) r2 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff) keyctl$KEYCTL_WATCH_KEY(0x20, r2, r1, 0x0) (async) getuid() (async) newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2000) keyctl$chown(0xf, r2, r3, r4) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@ipv4_delroute={0x2c, 0x19, 0x901, 0x70bd29, 0x80, {0x2, 0x18, 0x10, 0x0, 0x0, 0x3, 0x2, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_FLOW={0x8, 0xb, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x0) 21.730334644s ago: executing program 1 (id=1372): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000180001000000000000000000020000000000ff0500"], 0x1c}}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r1, 0x1, 0x70bd2b, 0x8, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x20000004) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), 0xffffffffffffffff) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0) pselect6(0x40, &(0x7f0000000000)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70ee}, 0x0, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000001b00)={0x2, {0x2, 0x13d, 0x0, 0x8, 0x1001}}) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) syz_io_uring_setup(0x39, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$dri(&(0x7f0000000280), 0x5, 0x220801) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x2, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000080)={0xc}) ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r5, 0x3b70, &(0x7f00000000c0)={0x50, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}, {}]}}) 21.001053484s ago: executing program 2 (id=1373): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000180001000000000000000000020000000000ff0500"], 0x1c}}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r1, 0x1, 0x70bd2b, 0x8, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x20000004) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), 0xffffffffffffffff) r3 = dup(0xffffffffffffffff) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0) pselect6(0x40, &(0x7f0000000000)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70ee}, 0x0, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000001b00)={0x2, {0x2, 0x13d, 0x0, 0x8, 0x1001}}) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)=0x0) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=0x0) syz_io_uring_setup(0x39, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$dri(&(0x7f0000000280), 0x5, 0x220801) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) r7 = socket$inet6(0xa, 0x2, 0x0) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r8, 0x3b88, &(0x7f0000000200)={0xc, r9}) ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r8, 0x3b70, &(0x7f00000000c0)={0x50, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}, {}]}}) connect$inet6(r7, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r7, &(0x7f00000092c0), 0x4ff, 0x7ffffff7) sendmsg$NFC_CMD_VENDOR(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x90, r2, 0x2, 0x70bd2a, 0x9, {}, [@NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x800}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_VENDOR_ID={0x8, 0x1d, 0x4}, @NFC_ATTR_VENDOR_DATA={0x54, 0x1f, "832c952d4b4f293f68338063eed053d1de4eb3d7c7420d954479bed1ec2ab67880ab61766319f7807a72cc66672ade51b46845e578eb7a0f9c925ad68dc26adc3e5a58fe1da54f7bbb88fbd374023421"}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x90}, 0x1, 0x0, 0x0, 0x24008850}, 0x80) 20.59747685s ago: executing program 1 (id=1374): ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000280)=0x8) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x5f, 0x2a, 0xb4, 0x20, 0xc72, 0xd, 0x279b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xdb, 0xa2, 0x92}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0}) 20.576371243s ago: executing program 2 (id=1375): setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r1, 0x5608, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) socket$inet6(0xa, 0x5, 0x0) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x6c, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x1e}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x6c}}, 0x0) bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r3, &(0x7f0000000000), 0xd) 18.898166083s ago: executing program 4 (id=1376): socket$rds(0x15, 0x5, 0x0) ioctl$PPPIOCSFLAGS(0xffffffffffffffff, 0x40047459, &(0x7f0000000040)=0x100040) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0xee00, 0xee01}}, './file0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) r5 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x12, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x58, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) sendmsg$nl_route_sched(r5, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)=@delqdisc={0x24, 0x25, 0x300, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0x6, 0xfff2}, {0x480bd72125a0c189, 0x5}, {0xffe0, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4808}, 0x408c0) connect$inet(r4, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) r7 = syz_open_procfs(0x0, &(0x7f0000000580)='net/tcp6\x00') preadv(r7, &(0x7f0000000780)=[{&(0x7f0000000000)=""/65, 0x41}], 0x1, 0x91, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 18.879546228s ago: executing program 0 (id=1377): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYRESDEC=r0, @ANYBLOB="c2b8b4c4f66c13dc2099c88959ee8859d5a11789a0fbdba1405e533774b9c2b87bb372898ab024f363301e03f8", @ANYBLOB="0008000007500500280012800b0001006272696467650000180002800c002300010000000000000005002a0000000000"], 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0) connect$pptp(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) socket$alg(0x26, 0x5, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee3, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000005340)=[{{&(0x7f0000000000)=@xdp, 0x80, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/139, 0x8b}, {&(0x7f0000005440)=""/4106, 0x100a}, {&(0x7f00000000c0)=""/41, 0x29}], 0x3, &(0x7f0000000480)=""/253, 0xfd}, 0x5}, {{&(0x7f0000000700)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @initdev}}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000980)=""/108, 0x6c}, {&(0x7f0000000a00)=""/243, 0xf3}, {&(0x7f0000000b00)=""/231, 0xe7}], 0x3, &(0x7f0000000c00)=""/172, 0xac}, 0x5}, {{&(0x7f0000000d40)=@nfc, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000dc0)}], 0x1, &(0x7f0000003100)=""/4096, 0x1000}, 0x4}, {{0x0, 0x0, &(0x7f00000052c0)=[{&(0x7f0000000e40)=""/210, 0xd2}, {&(0x7f0000004100)=""/4096, 0x1000}, {&(0x7f0000000f40)=""/134, 0x86}, {&(0x7f0000001000)=""/25, 0x19}, {&(0x7f0000001040)=""/45, 0x2d}, {&(0x7f0000005100)=""/178, 0xb2}, {&(0x7f00000051c0)=""/128, 0x80}, {&(0x7f0000005240)=""/114, 0x72}], 0x8}, 0x3}], 0x4, 0x10002, 0x0) syz_open_procfs(0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), 0xffffffffffffffff) r4 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1ff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r7}, 0x10) getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000080), &(0x7f0000000240)=0x30) r8 = openat$uhid(0xffffffffffffff9c, &(0x7f0000001900), 0x802, 0x0) write$UHID_CREATE2(r8, 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000800)={r9, 0x0, {0x2a00, 0x80010000, 0x0, 0x21e, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fcffffffffffffff2000b8785d960000000000000000000000000f00000000000100000000000000000000000000000200", "2809e897bdb2128bfc82525edd665240f45f819e01982861ac0000000000000000001100", "90be8b1c551265406c7f306003d8a0f4bd00", [0x20, 0x2]}}) ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r5) 18.318652371s ago: executing program 32 (id=1332): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="454bf47b848bc12bd2d316af00"/32, @ANYRES32=0x0, @ANYRES32], 0x48) r1 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) madvise(&(0x7f000004a000/0x1000)=nil, 0x1000, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = open$dir(0x0, 0x480002, 0x200) r3 = open_tree(r2, 0x0, 0x1) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r4, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) read$char_usb(r5, &(0x7f0000000b00)=""/4096, 0x1000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b708", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="00000000000001018510000007", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$IOC_PR_RESERVE(r3, 0x401070c9, &(0x7f00000001c0)={0xc, 0x200}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = getpid() sched_setscheduler(r6, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) io_setup(0xa, 0x0) io_submit(0x0, 0x0, &(0x7f0000000180)) 17.950007753s ago: executing program 0 (id=1379): r0 = syz_open_dev$media(&(0x7f00000012c0), 0x7ff, 0x180502) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000003ec0)={0x8c0, 0x91, 0x23}, 0x18) ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0}) 17.872119181s ago: executing program 0 (id=1380): r0 = landlock_create_ruleset(&(0x7f00000004c0)={0x0, 0x1}, 0x10, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000380), 0x1020, 0x0) ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f00000003c0)=0x8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000400)={0x14, 0x0, 0x200, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4044800}, 0x10) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r7, @ANYBLOB="140001000040000000000000000000000000000014000200fe800000"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff05"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1004c892}, 0x84) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r0, 0x2, &(0x7f0000000500)={0x2}, 0x0) 17.860905711s ago: executing program 4 (id=1381): socket$packet(0x11, 0x3, 0x300) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x8804}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00') pipe2$watch_queue(0x0, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0xfffffffdffffffff) read$FUSE(r1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) r2 = socket$inet6(0xa, 0x6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r6 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r2, 0x5) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) sendmmsg(r6, &(0x7f0000002980), 0x400000000000239, 0x500) 17.234374593s ago: executing program 1 (id=1382): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0xfffffffd, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x5fd}, 0x1c) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = eventfd(0x0) ioctl$TUNGETVNETBE(r0, 0x800454df, &(0x7f0000000140)) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f00000000c0)={r7, 0x1}) r8 = eventfd2(0xa83e, 0x800) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f00000001c0)={r7, 0x4, 0x0, r8}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mlockall(0x4) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) r9 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_int(r9, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) sendmmsg(r9, &(0x7f0000001a00)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x54, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r4, {0x4, 0x4}, {}, {0xffe0, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_PERTURB={0x8, 0xc, 0x1}, @TCA_FLOW_XOR={0x8, 0x7, 0x7}, @TCA_FLOW_KEYS={0x8, 0x1, 0x737c}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x54}}, 0x4) 16.889964271s ago: executing program 0 (id=1383): r0 = socket(0x200000100000011, 0x803, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r5 = memfd_create(&(0x7f0000000080)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\x8aSpA\xd4\x98\x85D\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97\xe7\xe6\x97\xf9\xb3\xf6\xb9\v\xb5$\xee\x84\x1cn,B\xd5?\xe5E:+Pm\x1d\xb4\xb8', 0x0) r6 = open(0x0, 0x143042, 0xfe) ftruncate(r6, 0x2008002) ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r6, 0xc01064ac, &(0x7f0000000180)={0x0, 0xf4, &(0x7f00000003c0)=""/244}) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) splice(r7, 0x0, r5, &(0x7f0000000140), 0x4, 0x0) dup3(r4, r0, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r10}, 0xc) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x4, 0x0) mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x0, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000001c0)={0x30, r8, 0x1, 0x0, 0x0, {{0x2}, {@void, @val={0xc}}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}]]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) ioctl$VIDIOC_ENUMAUDOUT(r2, 0xc0345642, &(0x7f0000000080)={0xffffffff, "498bd9c6c6515f1f455fd0ffff000010cb20fa5e00"}) 16.708517218s ago: executing program 4 (id=1384): syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x100) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000020000010000000900010073797a30000000002c000000030a05000000000000000000010000000900030073797a31000000000900010073797a300000000084000000060a010400000000000000000100000008000b40000000000900010073797a30000000005c00048040000180080001006e6174003400028008000540eb000009080001"], 0xf8}, 0x1, 0x0, 0x0, 0x814}, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x3, @local, 0x5}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) syz_emit_ethernet(0x72, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbaaaaaaaaaabb0800450000640000000000019078ac1e0001ac1414aa03"], 0x0) socket$kcm(0xa, 0x6, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000100)) r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x850642) ioctl$VIDIOC_S_PARM(r5, 0xc0cc5616, &(0x7f0000000080)={0x1, @output={0x0, 0x0, {0x4, 0x100d}, 0x81, 0xfffffffc}}) 15.894722073s ago: executing program 0 (id=1385): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000180001000000000000000000020000000000ff0500"], 0x1c}}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r1, 0x1, 0x70bd2b, 0x8, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x20000004) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), 0xffffffffffffffff) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0) pselect6(0x40, &(0x7f0000000000)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70ee}, 0x0, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000001b00)={0x2, {0x2, 0x13d, 0x0, 0x8, 0x1001}}) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) syz_io_uring_setup(0x39, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$dri(&(0x7f0000000280), 0x5, 0x220801) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x2, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000080)={0xc}) ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r5, 0x3b70, &(0x7f00000000c0)={0x50, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}, {}]}}) 5.494438541s ago: executing program 33 (id=1375): setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r1, 0x5608, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) socket$inet6(0xa, 0x5, 0x0) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x6c, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x1e}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x6c}}, 0x0) bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r3, &(0x7f0000000000), 0xd) 2.004415035s ago: executing program 34 (id=1382): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0xfffffffd, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x5fd}, 0x1c) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = socket(0x10, 0x803, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = eventfd(0x0) ioctl$TUNGETVNETBE(r0, 0x800454df, &(0x7f0000000140)) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f00000000c0)={r7, 0x1}) r8 = eventfd2(0xa83e, 0x800) ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f00000001c0)={r7, 0x4, 0x0, r8}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mlockall(0x4) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) r9 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_int(r9, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) sendmmsg(r9, &(0x7f0000001a00)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x54, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r4, {0x4, 0x4}, {}, {0xffe0, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_PERTURB={0x8, 0xc, 0x1}, @TCA_FLOW_XOR={0x8, 0x7, 0x7}, @TCA_FLOW_KEYS={0x8, 0x1, 0x737c}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x54}}, 0x4) 1.505672284s ago: executing program 35 (id=1384): syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x100) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000020000010000000900010073797a30000000002c000000030a05000000000000000000010000000900030073797a31000000000900010073797a300000000084000000060a010400000000000000000100000008000b40000000000900010073797a30000000005c00048040000180080001006e6174003400028008000540eb000009080001"], 0xf8}, 0x1, 0x0, 0x0, 0x814}, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x3, @local, 0x5}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) syz_emit_ethernet(0x72, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbaaaaaaaaaabb0800450000640000000000019078ac1e0001ac1414aa03"], 0x0) socket$kcm(0xa, 0x6, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) ioctl$FS_IOC_GETFSLABEL(r3, 0x400452c8, &(0x7f0000000100)) r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x850642) ioctl$VIDIOC_S_PARM(r5, 0xc0cc5616, &(0x7f0000000080)={0x1, @output={0x0, 0x0, {0x4, 0x100d}, 0x81, 0xfffffffc}}) 0s ago: executing program 36 (id=1385): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000180001000000000000000000020000000000ff0500"], 0x1c}}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r1, 0x1, 0x70bd2b, 0x8, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x20000004) syz_genetlink_get_family_id$nfc(&(0x7f0000000040), 0xffffffffffffffff) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = dup(r2) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0) pselect6(0x40, &(0x7f0000000000)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70ee}, 0x0, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000001b00)={0x2, {0x2, 0x13d, 0x0, 0x8, 0x1001}}) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) syz_io_uring_setup(0x39, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$dri(&(0x7f0000000280), 0x5, 0x220801) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6(0xa, 0x2, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000080)={0xc}) ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r5, 0x3b70, &(0x7f00000000c0)={0x50, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}, {}]}}) kernel console output (not intermixed with test programs): text=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 320.434420][ T9] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 320.683754][ T5907] usb 3-1: new full-speed USB device number 34 using dummy_hcd [ 320.790177][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 320.799812][ T9] usb 2-1: config 0 has no interface number 0 [ 320.807910][ T5907] usb 3-1: too many configurations: 171, using maximum allowed: 8 [ 320.819094][ T5907] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 320.826774][ T9] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 320.936782][ T5907] usb 3-1: can't read configurations, error -61 [ 320.978534][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.463569][ T9] usb 2-1: config 0 descriptor?? [ 323.490734][ T9] usb 2-1: can't set config #0, error -71 [ 323.513865][ T5907] usb 3-1: new full-speed USB device number 35 using dummy_hcd [ 323.524211][ T9] usb 2-1: USB disconnect, device number 28 [ 323.746693][ T30] audit: type=1400 audit(1745261766.859:800): avc: denied { mount } for pid=9149 comm="syz.4.824" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 323.770385][ T9150] fuse: Bad value for 'fd' [ 323.810036][ T5907] usb 3-1: device not accepting address 35, error -71 [ 323.818787][ T5907] usb usb3-port1: unable to enumerate USB device [ 323.832653][ T30] audit: type=1400 audit(1745261766.889:801): avc: denied { mounton } for pid=9149 comm="syz.4.824" path="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 323.930957][ T9155] ieee802154 phy0 wpan0: encryption failed: -22 [ 324.103827][ T9] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 324.134929][ T9156] netlink: 4 bytes leftover after parsing attributes in process `syz.2.826'. [ 324.147581][ T30] audit: type=1400 audit(1745261767.049:802): avc: denied { write } for pid=9144 comm="syz.3.825" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 324.313741][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 324.580299][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 324.659417][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 324.732944][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 324.823054][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 324.984602][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 325.079117][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.328520][ T9162] netlink: 60 bytes leftover after parsing attributes in process `syz.3.827'. [ 325.333705][ T30] audit: type=1400 audit(1745261767.279:803): avc: denied { connect } for pid=9153 comm="syz.2.826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 325.386493][ T9162] netlink: 60 bytes leftover after parsing attributes in process `syz.3.827'. [ 325.488731][ T30] audit: type=1400 audit(1745261767.489:804): avc: denied { ioctl } for pid=9153 comm="syz.2.826" path="socket:[22689]" dev="sockfs" ino=22689 ioctlcmd=0x48c8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 325.515314][ T9] usb 2-1: GET_CAPABILITIES returned 0 [ 325.532087][ T9] usbtmc 2-1:16.0: can't read capabilities [ 325.969782][ T30] audit: type=1400 audit(1745261767.919:805): avc: denied { unmount } for pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 325.990268][ T30] audit: type=1400 audit(1745261768.499:806): avc: denied { listen } for pid=9163 comm="syz.4.829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 326.009665][ T30] audit: type=1400 audit(1745261768.829:807): avc: denied { setopt } for pid=9140 comm="syz.1.822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 326.768142][ T1774] usb 5-1: new low-speed USB device number 24 using dummy_hcd [ 326.986310][ T1774] usb 5-1: device descriptor read/64, error -71 [ 327.323714][ T1774] usb 5-1: new low-speed USB device number 25 using dummy_hcd [ 327.334682][ T30] audit: type=1400 audit(1745261770.459:808): avc: denied { remount } for pid=9190 comm="syz.0.834" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 327.343714][ T9] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 327.463999][ T1774] usb 5-1: device descriptor read/64, error -71 [ 327.516215][ T9] usb 3-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 327.525749][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.536261][ T9] usb 3-1: config 0 descriptor?? [ 327.574291][ T1774] usb usb5-port1: attempt power cycle [ 327.914026][ T1774] usb 5-1: new low-speed USB device number 26 using dummy_hcd [ 327.944758][ T1774] usb 5-1: device descriptor read/8, error -71 [ 327.963130][ T9] hid (null): unknown global tag 0xd [ 328.020812][ T9] creative-sb0540 0003:041E:3100.0014: unknown global tag 0xd [ 328.042499][ T47] usb 2-1: USB disconnect, device number 29 [ 328.047532][ T9] creative-sb0540 0003:041E:3100.0014: item 0 0 1 13 parsing failed [ 328.244525][ T1774] usb 5-1: new low-speed USB device number 27 using dummy_hcd [ 328.254058][ T9] creative-sb0540 0003:041E:3100.0014: parse failed [ 328.285976][ T1774] usb 5-1: device descriptor read/8, error -71 [ 328.293881][ T9] creative-sb0540 0003:041E:3100.0014: probe with driver creative-sb0540 failed with error -22 [ 328.529101][ T1774] usb usb5-port1: unable to enumerate USB device [ 328.549378][ T9] usb 3-1: USB disconnect, device number 36 [ 329.042018][ T9239] libceph: resolve '. [ 329.042018][ T9239] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 329.042018][ T9239] ' (ret=-3): failed [ 330.190613][ T24] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 330.693779][ T5907] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 330.703895][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 330.827766][ T24] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 330.859787][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.045558][ T5907] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 331.077058][ T5907] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 331.077076][ T24] usb 3-1: Product: syz [ 331.116877][ T5907] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 331.139621][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.188146][ T9250] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 331.195466][ T24] usb 3-1: Manufacturer: syz [ 331.200109][ T24] usb 3-1: SerialNumber: syz [ 331.218997][ T5907] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 331.351749][ T24] usb 3-1: config 0 descriptor?? [ 331.674215][ T971] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 331.712747][ T9304] netlink: 'syz.4.851': attribute type 16 has an invalid length. [ 331.729991][ T9304] netlink: 64138 bytes leftover after parsing attributes in process `syz.4.851'. [ 331.776839][ T30] audit: type=1400 audit(1745261774.889:809): avc: denied { write } for pid=9303 comm="syz.4.851" name="001" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 331.801881][ T9305] netlink: 'syz.3.849': attribute type 3 has an invalid length. [ 331.850946][ T971] usb 2-1: Using ep0 maxpacket: 16 [ 332.171399][ T971] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 332.198741][ T24] peak_usb 3-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 332.209253][ T971] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 332.229987][ T971] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 332.246461][ T971] usb 2-1: config 0 interface 0 has no altsetting 0 [ 332.272272][ T971] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 332.291050][ T971] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.300645][ T24] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71 [ 332.312676][ T24] usb 3-1: USB disconnect, device number 37 [ 332.313044][ T971] usb 2-1: Product: syz [ 332.323091][ T971] usb 2-1: Manufacturer: syz [ 332.330672][ T971] usb 2-1: SerialNumber: syz [ 332.338814][ T971] usb 2-1: config 0 descriptor?? [ 332.684576][ T971] usb 1-1: USB disconnect, device number 32 [ 332.696991][ T9245] delete_channel: no stack [ 334.161753][ T30] audit: type=1400 audit(1745261777.279:810): avc: denied { unmount } for pid=5822 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 334.500010][ T30] audit: type=1400 audit(1745261777.429:811): avc: denied { read write } for pid=9291 comm="syz.1.850" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 334.536682][ T24] usb 2-1: USB disconnect, device number 30 [ 334.601741][ T30] audit: type=1400 audit(1745261777.429:812): avc: denied { open } for pid=9291 comm="syz.1.850" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 334.641813][ T9361] netlink: 8 bytes leftover after parsing attributes in process `syz.4.857'. [ 334.653489][ T9361] netlink: 20 bytes leftover after parsing attributes in process `syz.4.857'. [ 334.925791][ T9363] FAULT_INJECTION: forcing a failure. [ 334.925791][ T9363] name failslab, interval 1, probability 0, space 0, times 0 [ 334.940774][ T9363] CPU: 1 UID: 0 PID: 9363 Comm: syz.0.856 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 334.940798][ T9363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 334.940809][ T9363] Call Trace: [ 334.940815][ T9363] [ 334.940822][ T9363] dump_stack_lvl+0x16c/0x1f0 [ 334.940850][ T9363] should_fail_ex+0x512/0x640 [ 334.940868][ T9363] ? fs_reclaim_acquire+0xae/0x150 [ 334.940894][ T9363] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 334.940925][ T9363] should_failslab+0xc2/0x120 [ 334.940945][ T9363] __kmalloc_noprof+0xd2/0x510 [ 334.940968][ T9363] tomoyo_realpath_from_path+0xc2/0x6e0 [ 334.940995][ T9363] ? tomoyo_profile+0x47/0x60 [ 334.941013][ T9363] tomoyo_path_number_perm+0x245/0x580 [ 334.941034][ T9363] ? tomoyo_path_number_perm+0x237/0x580 [ 334.941057][ T9363] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 334.941080][ T9363] ? find_held_lock+0x2b/0x80 [ 334.941124][ T9363] ? find_held_lock+0x2b/0x80 [ 334.941145][ T9363] ? hook_file_ioctl_common+0x145/0x410 [ 334.941166][ T9363] ? __fget_files+0x20e/0x3c0 [ 334.941188][ T9363] security_file_ioctl+0x9b/0x240 [ 334.941215][ T9363] __x64_sys_ioctl+0xb7/0x200 [ 334.941240][ T9363] do_syscall_64+0xcd/0x260 [ 334.941266][ T9363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.941283][ T9363] RIP: 0033:0x7f8674f8e169 [ 334.941297][ T9363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.941313][ T9363] RSP: 002b:00007f8675d5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 334.941330][ T9363] RAX: ffffffffffffffda RBX: 00007f86751b6160 RCX: 00007f8674f8e169 [ 334.941341][ T9363] RDX: 00002000000013c0 RSI: 00000000c100565c RDI: 000000000000000c [ 334.941351][ T9363] RBP: 00007f8675d5e090 R08: 0000000000000000 R09: 0000000000000000 [ 334.941361][ T9363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.941370][ T9363] R13: 0000000000000000 R14: 00007f86751b6160 R15: 00007fff9c7825e8 [ 334.941394][ T9363] [ 334.941400][ T9363] ERROR: Out of memory at tomoyo_realpath_from_path. [ 335.526081][ T30] audit: type=1400 audit(1745261778.649:813): avc: denied { mount } for pid=9376 comm="syz.1.861" name="/" dev="configfs" ino=1126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 335.548578][ C1] vkms_vblank_simulate: vblank timer overrun [ 335.565582][ T30] audit: type=1400 audit(1745261778.689:814): avc: denied { search } for pid=9376 comm="syz.1.861" name="/" dev="configfs" ino=1126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 335.594012][ T30] audit: type=1400 audit(1745261778.689:815): avc: denied { read } for pid=9376 comm="syz.1.861" name="/" dev="configfs" ino=1126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 335.597988][ T9379] netlink: 'syz.1.861': attribute type 39 has an invalid length. [ 335.620234][ T9382] netlink: 'syz.2.854': attribute type 3 has an invalid length. [ 335.682924][ T30] audit: type=1400 audit(1745261778.689:816): avc: denied { open } for pid=9376 comm="syz.1.861" path="/" dev="configfs" ino=1126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 335.731287][ T30] audit: type=1400 audit(1745261778.719:817): avc: denied { watch } for pid=9376 comm="syz.1.861" path="/" dev="configfs" ino=1126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 335.758640][ T30] audit: type=1400 audit(1745261778.719:818): avc: denied { write } for pid=9376 comm="syz.1.861" name="/" dev="configfs" ino=1126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 335.780520][ C1] vkms_vblank_simulate: vblank timer overrun [ 335.810816][ T9385] netlink: 44 bytes leftover after parsing attributes in process `syz.4.862'. [ 335.844836][ T9384] netlink: 44 bytes leftover after parsing attributes in process `syz.4.862'. [ 335.952955][ T9397] »»»»»» speed is unknown, defaulting to 1000 [ 335.968160][ T9397] lo speed is unknown, defaulting to 1000 [ 336.782987][ T9418] vlan2: entered promiscuous mode [ 336.788049][ T9418] veth0_virt_wifi: entered promiscuous mode [ 336.794017][ T9418] vlan2: entered allmulticast mode [ 336.799108][ T9418] veth0_virt_wifi: entered allmulticast mode [ 336.995772][ T5907] kernel write not supported for file /594/net/ip_vs_stats (pid: 5907 comm: kworker/0:5) [ 337.365451][ T5907] usb 5-1: new full-speed USB device number 28 using dummy_hcd [ 337.427208][ T9444] netlink: 'syz.1.868': attribute type 3 has an invalid length. [ 337.494804][ T9451] nvme_fabrics: missing parameter 'transport=%s' [ 337.501602][ T9451] nvme_fabrics: missing parameter 'nqn=%s' [ 337.633601][ T9397] netlink: 12 bytes leftover after parsing attributes in process `syz.0.864'. [ 337.706382][ T5907] usb 5-1: unable to get BOS descriptor or descriptor too short [ 337.714909][ T5907] usb 5-1: not running at top speed; connect to a high speed hub [ 337.728531][ T5907] usb 5-1: config 4 has an invalid interface number: 147 but max is 0 [ 337.740515][ T5907] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 337.752002][ T5907] usb 5-1: config 4 has no interface number 0 [ 337.753807][ T47] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 337.768314][ T5907] usb 5-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 337.778074][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.787424][ T5907] usb 5-1: Product: syz [ 337.791683][ T5907] usb 5-1: Manufacturer: syz [ 337.796410][ T5907] usb 5-1: SerialNumber: syz [ 337.867864][ T30] audit: type=1400 audit(1745261780.989:819): avc: denied { connect } for pid=9456 comm="syz.2.871" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 337.896568][ T30] audit: type=1400 audit(1745261780.989:820): avc: denied { append } for pid=9456 comm="syz.2.871" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 337.913684][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 337.929486][ T47] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 337.953283][ T47] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 337.975838][ T47] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 338.137146][ T30] audit: type=1400 audit(1745261781.259:821): avc: denied { map } for pid=9456 comm="syz.2.871" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 338.162766][ T47] usb 4-1: config 0 interface 0 has no altsetting 0 [ 338.173531][ T47] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 338.182659][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.190886][ T47] usb 4-1: Product: syz [ 338.195073][ T47] usb 4-1: Manufacturer: syz [ 338.202804][ T47] usb 4-1: SerialNumber: syz [ 338.218813][ T47] usb 4-1: config 0 descriptor?? [ 338.235841][ T5907] usb 5-1: USB disconnect, device number 28 [ 338.254056][ T30] audit: type=1400 audit(1745261781.259:822): avc: denied { execute } for pid=9456 comm="syz.2.871" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 339.035767][ T971] usb 4-1: USB disconnect, device number 17 [ 339.474082][ T9] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 339.543329][ T971] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 339.624030][ T9] usb 5-1: device descriptor read/64, error -71 [ 339.873766][ T971] usb 4-1: Using ep0 maxpacket: 16 [ 339.881607][ T971] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 339.891767][ T971] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 339.902842][ T971] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 339.916326][ T971] usb 4-1: config 0 interface 0 has no altsetting 0 [ 339.923918][ T9] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 339.932282][ T971] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 339.941580][ T971] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.949685][ T971] usb 4-1: Product: syz [ 339.953908][ T971] usb 4-1: Manufacturer: syz [ 339.958506][ T971] usb 4-1: SerialNumber: syz [ 339.965255][ T971] usb 4-1: config 0 descriptor?? [ 340.063714][ T9] usb 5-1: device descriptor read/64, error -71 [ 340.179743][ T9] usb usb5-port1: attempt power cycle [ 340.235537][ T9522] netlink: 8 bytes leftover after parsing attributes in process `syz.1.878'. [ 340.423738][ T47] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 340.701650][ T971] usb 4-1: USB disconnect, device number 18 [ 340.773928][ T9] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 340.787885][ T47] usb 1-1: Using ep0 maxpacket: 32 [ 340.800592][ T47] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 340.817684][ T9] usb 5-1: device descriptor read/8, error -71 [ 340.827978][ T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.845205][ T47] usb 1-1: Product: syz [ 340.856221][ T47] usb 1-1: Manufacturer: syz [ 340.863044][ T47] usb 1-1: SerialNumber: syz [ 340.872920][ T47] usb 1-1: config 0 descriptor?? [ 340.882415][ T9538] tmpfs: Unknown parameter 'huge½always' [ 341.207978][ T9] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 341.256215][ T9] usb 5-1: device descriptor read/8, error -71 [ 341.374104][ T9] usb usb5-port1: unable to enumerate USB device [ 341.436274][ T47] peak_usb 1-1:0.0 can0: unable to request usb[type=0 value=0] err=-71 [ 341.465065][ T47] peak_usb 1-1:0.0: unable to read PCAN-USB Pro bootloader info (err -71) [ 341.534980][ T47] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -71 [ 341.553985][ T8974] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 341.613866][ T1774] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 341.715594][ T47] usb 1-1: USB disconnect, device number 33 [ 341.833453][ T8974] usb 3-1: config 32 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 341.833716][ T1774] usb 4-1: Using ep0 maxpacket: 16 [ 341.882173][ T1774] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 341.894466][ T1774] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 341.904902][ T1774] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 341.923748][ T8974] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 341.925819][ T1774] usb 4-1: config 0 interface 0 has no altsetting 0 [ 341.933583][ T8974] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 341.942301][ T1774] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 341.982420][ T8974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.992128][ T1774] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.005062][ T1774] usb 4-1: Product: syz [ 342.009239][ T1774] usb 4-1: Manufacturer: syz [ 342.014445][ T1774] usb 4-1: SerialNumber: syz [ 342.035291][ T1774] usb 4-1: config 0 descriptor?? [ 342.205268][ T8974] usb 3-1: string descriptor 0 read error: -71 [ 342.235707][ T8974] usb 3-1: USB disconnect, device number 38 [ 342.507638][ T9604] netlink: 96 bytes leftover after parsing attributes in process `syz.4.886'. [ 342.535199][ T9604] netlink: 'syz.4.886': attribute type 5 has an invalid length. [ 342.543069][ T9604] netlink: 44 bytes leftover after parsing attributes in process `syz.4.886'. [ 343.283146][ T8974] usb 4-1: USB disconnect, device number 19 [ 343.547934][ T9619] netlink: 156 bytes leftover after parsing attributes in process `syz.1.888'. [ 343.601073][ T9621] »»»»»» speed is unknown, defaulting to 1000 [ 343.615198][ T9621] lo speed is unknown, defaulting to 1000 [ 344.376546][ T9654] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 344.826753][ T9668] netlink: 'syz.2.889': attribute type 3 has an invalid length. [ 345.560185][ T9682] xt_l2tp: v2 doesn't support IP mode [ 345.862210][ T9687] veth0_vlan: left promiscuous mode [ 345.869039][ T9687] veth0_vlan: entered promiscuous mode [ 346.795194][ T30] audit: type=1400 audit(1745261789.919:823): avc: denied { read } for pid=9696 comm="syz.3.903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 347.739016][ T9721] netlink: 96 bytes leftover after parsing attributes in process `syz.1.905'. [ 347.791048][ T9721] netlink: 'syz.1.905': attribute type 5 has an invalid length. [ 347.853788][ T9721] netlink: 44 bytes leftover after parsing attributes in process `syz.1.905'. [ 348.067162][ T9737] netlink: 68 bytes leftover after parsing attributes in process `syz.3.909'. [ 348.133978][ T30] audit: type=1400 audit(1745261791.249:824): avc: denied { create } for pid=9729 comm="syz.3.909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 348.809705][ T9749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.914'. [ 348.862077][ T30] audit: type=1400 audit(1745261791.979:825): avc: denied { ioctl } for pid=9751 comm="syz.3.916" path="socket:[23372]" dev="sockfs" ino=23372 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 349.543761][ T24] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 349.696456][ T9761] netlink: 48 bytes leftover after parsing attributes in process `syz.3.919'. [ 349.727517][ T24] usb 3-1: New USB device found, idVendor=04a5, idProduct=3035, bcdDevice= d.df [ 349.738398][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.779386][ T24] usb 3-1: config 0 descriptor?? [ 349.790535][ T24] gspca_main: benq-2.14.0 probing 04a5:3035 [ 349.845254][ T9775] netlink: 8 bytes leftover after parsing attributes in process `syz.0.923'. [ 349.907898][ T9784] SET target dimension over the limit! [ 349.933887][ T30] audit: type=1400 audit(1745261793.049:826): avc: denied { read } for pid=9783 comm="syz.4.924" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 350.215024][ T30] audit: type=1400 audit(1745261793.049:827): avc: denied { open } for pid=9783 comm="syz.4.924" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 350.326832][ T30] audit: type=1400 audit(1745261793.059:828): avc: denied { ioctl } for pid=9783 comm="syz.4.924" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9371 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 350.427527][ T971] usb 3-1: USB disconnect, device number 39 [ 350.462491][ T30] audit: type=1326 audit(1745261793.579:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9795 comm="syz.0.925" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8674f8e169 code=0x0 [ 350.788612][ T9807] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=9807 comm=syz.0.925 [ 352.088687][ T30] audit: type=1400 audit(1745261795.209:830): avc: denied { mount } for pid=9819 comm="syz.1.930" name="/" dev="autofs" ino=23802 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 352.163873][ T30] audit: type=1400 audit(1745261795.279:831): avc: denied { unmount } for pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 352.235693][ T9827] loop8: detected capacity change from 0 to 8 [ 352.246027][ T9827] Dev loop8: unable to read RDB block 8 [ 352.255793][ T9827] loop8: unable to read partition table [ 352.262370][ T9827] loop8: partition table beyond EOD, truncated [ 352.268716][ T9827] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 352.303775][ T9831] netlink: 96 bytes leftover after parsing attributes in process `syz.0.931'. [ 352.318676][ T9831] netlink: 'syz.0.931': attribute type 5 has an invalid length. [ 352.327334][ T9831] netlink: 44 bytes leftover after parsing attributes in process `syz.0.931'. [ 353.393743][ T1774] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 353.540005][ T30] audit: type=1400 audit(1745261796.659:832): avc: denied { write } for pid=5180 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 353.569980][ T30] audit: type=1400 audit(1745261796.689:833): avc: denied { remove_name } for pid=5180 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 353.593734][ T1774] usb 2-1: Using ep0 maxpacket: 16 [ 353.601074][ T30] audit: type=1400 audit(1745261796.689:834): avc: denied { rename } for pid=5180 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 353.625229][ T30] audit: type=1400 audit(1745261796.689:835): avc: denied { add_name } for pid=5180 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 353.628913][ T1774] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 353.701238][ T1774] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 353.722467][ T30] audit: type=1400 audit(1745261796.689:836): avc: denied { unlink } for pid=5180 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 353.728726][ T1774] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 353.747708][ T30] audit: type=1400 audit(1745261796.689:837): avc: denied { create } for pid=5180 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 353.838599][ T1774] usb 2-1: config 0 interface 0 has no altsetting 0 [ 353.843308][ T9857] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 353.856433][ T1774] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 353.899207][ T1774] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.913679][ T1774] usb 2-1: Product: syz [ 353.929740][ T1774] usb 2-1: Manufacturer: syz [ 353.957630][ T1774] usb 2-1: SerialNumber: syz [ 353.980407][ T1774] usb 2-1: config 0 descriptor?? [ 354.065109][ T9863] netlink: 8 bytes leftover after parsing attributes in process `syz.2.940'. [ 354.075123][ T9863] IPVS: Unknown mcast interface: vcan0 [ 355.153132][ T971] usb 2-1: USB disconnect, device number 31 [ 355.947251][ T5139] Bluetooth: hci2: hardware error 0x00 [ 356.560298][ T9] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 356.587785][ T9905] afs: Unknown parameter '00000000000000000000003' [ 356.598040][ T9905] netlink: 36 bytes leftover after parsing attributes in process `syz.0.949'. [ 357.123720][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 357.137412][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 357.160217][ T9] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 357.306848][ T9] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 357.328116][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 357.337154][ T9] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 357.352665][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.418204][ T9922] netlink: 20 bytes leftover after parsing attributes in process `syz.0.953'. [ 357.439563][ T9922] netlink: 20 bytes leftover after parsing attributes in process `syz.0.953'. [ 357.534452][ T9] usb 4-1: Product: syz [ 357.538707][ T9] usb 4-1: Manufacturer: syz [ 357.543309][ T9] usb 4-1: SerialNumber: syz [ 357.561757][ T9] usb 4-1: config 0 descriptor?? [ 357.678426][ T9930] delete_channel: no stack [ 358.054808][ T5139] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 358.258075][ T1774] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 358.724163][ T9] usb 1-1: new full-speed USB device number 34 using dummy_hcd [ 358.732615][ T24] usb 4-1: USB disconnect, device number 20 [ 358.836486][ T1774] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 358.850183][ T1774] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 358.861768][ T1774] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 358.884773][ T1774] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.900009][ T9930] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 358.968830][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 358.994319][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 359.005352][ T9] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 359.015250][ T9] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 359.025403][ T9] usb 1-1: Manufacturer: syz [ 359.054398][ T9] usb 1-1: config 0 descriptor?? [ 359.114029][ T1774] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 359.173818][ T30] audit: type=1326 audit(1745261802.289:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9963 comm="syz.2.959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298e169 code=0x7fc00000 [ 359.609935][ T30] audit: type=1400 audit(1745261802.729:839): avc: denied { accept } for pid=9979 comm="syz.4.960" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 359.661339][ T9] cougar 0003:060B:700A.0015: unknown main item tag 0x0 [ 359.669385][ T9] cougar 0003:060B:700A.0015: unknown main item tag 0x0 [ 359.677423][ T9] cougar 0003:060B:700A.0015: unknown main item tag 0x0 [ 359.695767][ T9] cougar 0003:060B:700A.0015: unknown main item tag 0x0 [ 359.956806][ T9] cougar 0003:060B:700A.0015: unknown main item tag 0x0 [ 359.988549][ T9] cougar 0003:060B:700A.0015: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 360.043539][ T9] usb 1-1: USB disconnect, device number 34 [ 361.202994][ T24] usb 2-1: USB disconnect, device number 32 [ 361.243738][ T1774] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 361.424100][ T1774] usb 3-1: Using ep0 maxpacket: 32 [ 361.441659][ T1774] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 361.451151][ T1774] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 361.461115][ T1774] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 361.523534][ T1774] usb 3-1: config 1 has no interface number 0 [ 361.573141][ T1774] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 361.677203][ T1774] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 361.689645][T10042] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 361.697323][T10042] IPv6: NLM_F_CREATE should be set when creating new route [ 361.704545][T10042] IPv6: NLM_F_CREATE should be set when creating new route [ 361.704599][ T1774] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 361.722033][ T1774] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.745908][ T1774] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 361.919077][ T30] audit: type=1400 audit(1745261805.039:840): avc: denied { accept } for pid=10033 comm="syz.1.968" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 361.956476][ T1774] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 362.153849][ T5870] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 362.399673][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.419348][ T5870] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 362.429420][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.560344][ T5870] usb 5-1: config 0 descriptor?? [ 362.649578][T10069] openvswitch: netlink: Missing key (keys=40, expected=100) [ 362.984992][ T47] snd_usb_pod 3-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 363.308285][T10075] netlink: 20 bytes leftover after parsing attributes in process `syz.3.967'. [ 363.331142][T10075] netlink: 20 bytes leftover after parsing attributes in process `syz.3.967'. [ 363.832565][ T30] audit: type=1400 audit(1745261806.919:841): avc: denied { write } for pid=10016 comm="syz.2.964" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 363.903846][T10075] Can't find ip_set type hash:net,po [ 363.997170][ T5870] keytouch 0003:0926:3333.0016: fixing up Keytouch IEC report descriptor [ 364.021472][ T5870] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0016/input/input41 [ 364.064118][T10087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.977'. [ 364.111536][ T5870] keytouch 0003:0926:3333.0016: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 364.149762][ T30] audit: type=1400 audit(1745261807.269:842): avc: denied { setattr } for pid=10104 comm="syz.1.980" name="UDPLITEv6" dev="sockfs" ino=24897 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 364.208825][T10108] delete_channel: no stack [ 364.668256][ T30] audit: type=1400 audit(1745261807.279:843): avc: denied { accept } for pid=10104 comm="syz.1.980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 364.927454][ T5870] usb 5-1: USB disconnect, device number 33 [ 364.943334][ T30] audit: type=1800 audit(1745261808.059:844): pid=10106 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.978" name="/" dev="fuse" ino=1 res=0 errno=0 [ 365.020303][ T47] usb 3-1: USB disconnect, device number 40 [ 365.041607][ T47] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 365.059210][ T971] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 365.179387][T10109] syz.1.980 (10109): drop_caches: 2 [ 365.370059][ T971] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 365.389849][ T971] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 365.400413][ T971] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 365.414160][ T971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.436343][T10107] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 365.450447][ T971] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 365.473725][ T8974] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 365.600165][T10170] netlink: 8 bytes leftover after parsing attributes in process `syz.4.984'. [ 365.609176][ T24] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 365.618237][T10170] SET target dimension over the limit! [ 365.636493][ T8974] usb 4-1: Using ep0 maxpacket: 32 [ 365.643316][ T8974] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 365.667679][ T8974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.683197][ T8974] usb 4-1: config 0 descriptor?? [ 365.691585][ T8974] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 365.766052][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 365.816119][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 365.826263][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 365.839345][ T24] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 365.848497][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.858324][ T24] usb 2-1: config 0 descriptor?? [ 365.922533][T10179] tmpfs: Cannot enable swap on remount if it was disabled on first mount [ 367.246956][ T8974] gspca_vc032x: reg_w err -110 [ 367.252107][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.257510][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.262779][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.268144][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.273423][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.280361][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.294387][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.299741][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.308030][ T24] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving [ 367.313713][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.321097][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.343657][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.344111][ T24] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 367.349296][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.349309][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.349317][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.349325][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.349332][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.349340][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.349348][ T8974] gspca_vc032x: I2c Bus Busy Wait 00 [ 367.349356][ T8974] gspca_vc032x: Unknown sensor... [ 367.349411][ T8974] vc032x 4-1:0.0: probe with driver vc032x failed with error -22 [ 367.467912][ T9] usb 1-1: USB disconnect, device number 35 [ 367.820118][ T30] audit: type=1400 audit(1745261810.929:845): avc: denied { name_bind } for pid=10201 comm="syz.0.990" src=514 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 368.082296][ C0] plantronics 0003:047F:FFFF.0017: hid_field_extract() called with n (132) > 32! (syz.1.983) [ 368.197127][ T30] audit: type=1400 audit(1745261810.929:846): avc: denied { node_bind } for pid=10201 comm="syz.0.990" saddr=fe80::aa src=514 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 368.453692][ T8974] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 368.515675][ T9] usb 4-1: USB disconnect, device number 21 [ 368.527203][T10190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 368.570351][T10190] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 368.691337][ T8974] usb 5-1: Using ep0 maxpacket: 32 [ 369.734095][ T5868] usb 2-1: reset high-speed USB device number 33 using dummy_hcd [ 370.250931][ T24] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 370.427084][ T8974] usb 5-1: device descriptor read/all, error -71 [ 370.635741][ T24] usb 1-1: config 3 has an invalid interface number: 7 but max is 0 [ 370.706553][ T24] usb 1-1: config 3 has no interface number 0 [ 370.713865][ T5868] usb 2-1: device descriptor read/64, error -71 [ 370.719989][ T24] usb 1-1: config 3 interface 7 altsetting 6 has an endpoint descriptor with address 0x1A, changing to 0xA [ 370.788180][ T24] usb 1-1: config 3 interface 7 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 370.802948][ T24] usb 1-1: config 3 interface 7 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.813278][ T24] usb 1-1: config 3 interface 7 has no altsetting 0 [ 370.825359][ T24] usb 1-1: New USB device found, idVendor=06e1, idProduct=a155, bcdDevice=3f.7b [ 370.837635][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.846157][ T24] usb 1-1: Product: syz [ 370.850333][ T24] usb 1-1: Manufacturer: syz [ 370.856754][ T24] usb 1-1: SerialNumber: syz [ 370.939864][T10266] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 370.950251][T10266] fuse: Unknown parameter '00000000000000000000044ÿ00000000000000000004' [ 371.035611][ T5868] usb 2-1: reset high-speed USB device number 33 using dummy_hcd [ 371.044019][ T5868] usb 2-1: device reset changed ep0 maxpacket size! [ 371.057111][ T30] audit: type=1400 audit(1745261814.179:847): avc: denied { read } for pid=10267 comm="syz.3.997" laddr=40:: lport=42447 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 371.057992][ T5907] usb 2-1: USB disconnect, device number 33 [ 371.078338][ C1] vkms_vblank_simulate: vblank timer overrun [ 371.089493][T10235] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 371.094199][T10268] gfs2: not a GFS2 filesystem [ 371.099386][T10235] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 371.140071][ T1774] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0 [ 371.179688][T10241] Process accounting resumed [ 371.194764][ T1774] hid-generic 0000:0000:0000.0018: hidraw0: HID v0.00 Device [syz1] on syz0 [ 371.268889][ T5907] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 371.288547][T10288] delete_channel: no stack [ 371.625010][ T5907] usb 2-1: Using ep0 maxpacket: 16 [ 371.734258][ T5907] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 371.744520][ T5907] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 372.271508][ T5907] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 372.408088][ T5907] usb 2-1: config 0 interface 0 has no altsetting 0 [ 372.418031][ T5907] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 372.471049][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.481766][ T5907] usb 2-1: Product: syz [ 372.487120][ T5907] usb 2-1: Manufacturer: syz [ 372.491946][ T5907] usb 2-1: SerialNumber: syz [ 372.523691][ T971] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 372.531555][ T24] radio-si470x 1-1:3.7: si470x_get_report: usb_control_msg returned -71 [ 372.555060][ T24] radio-si470x 1-1:3.7: probe with driver radio-si470x failed with error -5 [ 372.586518][ T5907] usb 2-1: config 0 descriptor?? [ 372.670052][ T24] usb 1-1: USB disconnect, device number 36 [ 372.747802][ T971] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 372.759965][ T971] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 372.778170][ T971] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 372.790698][ T971] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.881601][T10288] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 372.890883][ T971] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 372.899753][T10335] fuse: Bad value for 'fd' [ 372.905364][T10335] FAULT_INJECTION: forcing a failure. [ 372.905364][T10335] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 372.919645][T10335] CPU: 0 UID: 0 PID: 10335 Comm: syz.0.1003 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 372.919676][T10335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 372.919686][T10335] Call Trace: [ 372.919691][T10335] [ 372.919697][T10335] dump_stack_lvl+0x16c/0x1f0 [ 372.919721][T10335] should_fail_ex+0x512/0x640 [ 372.919742][T10335] _copy_to_user+0x32/0xd0 [ 372.919762][T10335] simple_read_from_buffer+0xcb/0x170 [ 372.919780][T10335] proc_fail_nth_read+0x197/0x270 [ 372.919797][T10335] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 372.919814][T10335] ? rw_verify_area+0xcf/0x680 [ 372.919828][T10335] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 372.919843][T10335] vfs_read+0x1de/0xc70 [ 372.919861][T10335] ? __pfx___mutex_lock+0x10/0x10 [ 372.919876][T10335] ? __pfx_vfs_read+0x10/0x10 [ 372.919894][T10335] ? __fget_files+0x20e/0x3c0 [ 372.919908][T10335] ksys_read+0x12a/0x240 [ 372.919916][T10335] ? __pfx_ksys_read+0x10/0x10 [ 372.919931][T10335] ? rcu_is_watching+0x12/0xc0 [ 372.919948][T10335] do_syscall_64+0xcd/0x260 [ 372.919964][T10335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.919975][T10335] RIP: 0033:0x7f8674f8cb7c [ 372.919984][T10335] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 372.919994][T10335] RSP: 002b:00007f8675d7f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 372.920004][T10335] RAX: ffffffffffffffda RBX: 00007f86751b6080 RCX: 00007f8674f8cb7c [ 372.920010][T10335] RDX: 000000000000000f RSI: 00007f8675d7f0a0 RDI: 0000000000000005 [ 372.920016][T10335] RBP: 00007f8675d7f090 R08: 0000000000000000 R09: 0000000000000000 [ 372.920022][T10335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 372.920027][T10335] R13: 0000000000000000 R14: 00007f86751b6080 R15: 00007fff9c7825e8 [ 372.920040][T10335] [ 373.402849][T10310] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 373.421686][T10310] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 373.464512][T10310] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 373.492748][T10310] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 373.698464][T10337] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 374.362490][ T30] audit: type=1400 audit(1745261817.479:848): avc: denied { ioctl } for pid=10368 comm="syz.0.1006" path="socket:[25137]" dev="sockfs" ino=25137 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 374.708183][ T24] usb 2-1: USB disconnect, device number 34 [ 374.748569][ T5139] Bluetooth: hci1: command 0x0c1a tx timeout [ 374.789605][ T971] usb 4-1: USB disconnect, device number 22 [ 375.021201][T10404] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1007'. [ 375.093711][T10404] netlink: 'syz.2.1007': attribute type 5 has an invalid length. [ 375.121834][T10404] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1007'. [ 375.433639][ T24] usb 2-1: new full-speed USB device number 35 using dummy_hcd [ 375.534848][ T5139] Bluetooth: hci3: command 0x0c1a tx timeout [ 375.541576][ T5139] Bluetooth: hci4: command 0x0c1a tx timeout [ 375.624100][ T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 375.737795][ T24] usb 2-1: config 0 has no interfaces? [ 375.755382][ T24] usb 2-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 375.764619][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.772609][ T24] usb 2-1: Product: syz [ 375.788995][ T24] usb 2-1: Manufacturer: syz [ 375.814571][ T24] usb 2-1: SerialNumber: syz [ 375.821575][ T24] usb 2-1: config 0 descriptor?? [ 376.584442][ T24] usb 2-1: USB disconnect, device number 35 [ 377.290825][T10448] Driver unsupported XDP return value 0 on prog (id 184) dev N/A, expect packet loss! [ 377.643888][ T5139] Bluetooth: hci4: command 0x0c1a tx timeout [ 377.694843][ T1774] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 378.728139][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.815311][ T1774] usb 5-1: Using ep0 maxpacket: 16 [ 378.828009][ T1774] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 378.949626][ T1774] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 378.962427][ T1774] usb 5-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 378.975607][ T1774] usb 5-1: config 0 interface 0 has no altsetting 0 [ 378.999919][ T1774] usb 5-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 379.009139][ T1774] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.017249][ T1774] usb 5-1: Product: syz [ 379.021490][ T1774] usb 5-1: Manufacturer: syz [ 379.031069][ T1774] usb 5-1: SerialNumber: syz [ 379.051736][ T1774] usb 5-1: config 0 descriptor?? [ 379.523269][T10486] siw: device registration error -23 [ 380.371718][ T9] usb 5-1: USB disconnect, device number 36 [ 380.935194][ T971] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 381.141714][ T971] usb 1-1: Using ep0 maxpacket: 16 [ 381.293238][ T30] audit: type=1400 audit(1745261824.279:849): avc: denied { bind } for pid=10507 comm="syz.2.1032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 381.329568][ T971] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 381.379913][ T971] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 381.395205][ T971] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 381.413072][ T971] usb 1-1: config 0 interface 0 has no altsetting 0 [ 381.423058][T10518] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1033'. [ 381.433883][ T971] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 381.442958][ T971] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.468207][T10518] »»»»»» speed is unknown, defaulting to 1000 [ 381.474515][ T971] usb 1-1: Product: syz [ 381.478775][ T971] usb 1-1: Manufacturer: syz [ 381.488636][T10518] lo speed is unknown, defaulting to 1000 [ 381.495061][ T971] usb 1-1: SerialNumber: syz [ 381.502393][ T971] usb 1-1: config 0 descriptor?? [ 381.517148][ T30] audit: type=1400 audit(1745261824.639:850): avc: denied { ioctl } for pid=10513 comm="syz.3.1033" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 381.542540][ C1] vkms_vblank_simulate: vblank timer overrun [ 381.590618][ T30] audit: type=1400 audit(1745261824.709:851): avc: denied { append } for pid=10545 comm="syz.2.1035" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 381.655066][ T5868] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 381.883709][ T5868] usb 2-1: device descriptor read/64, error -71 [ 382.090117][ T24] usb 1-1: USB disconnect, device number 37 [ 382.145888][ T5868] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 382.283773][ T5868] usb 2-1: device descriptor read/64, error -71 [ 382.378983][ T30] audit: type=1400 audit(1745261825.499:852): avc: denied { bind } for pid=10575 comm="syz.2.1039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 382.405793][ T30] audit: type=1400 audit(1745261825.529:853): avc: denied { connect } for pid=10575 comm="syz.2.1039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 382.425274][ C1] vkms_vblank_simulate: vblank timer overrun [ 382.434039][ T5868] usb usb2-port1: attempt power cycle [ 382.490355][ T30] audit: type=1400 audit(1745261825.529:854): avc: denied { shutdown } for pid=10575 comm="syz.2.1039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 382.509917][ C1] vkms_vblank_simulate: vblank timer overrun [ 382.660422][ T30] audit: type=1400 audit(1745261825.779:855): avc: denied { ioctl } for pid=10579 comm="syz.4.1041" path="socket:[24525]" dev="sockfs" ino=24525 ioctlcmd=0x4943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 382.811321][ T5868] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 383.020554][ T5868] usb 2-1: device descriptor read/8, error -71 [ 383.126821][ T5139] Bluetooth: hci4: unexpected event for opcode 0x1009 [ 383.153271][ T30] audit: type=1400 audit(1745261826.269:856): avc: denied { ioctl } for pid=10593 comm="syz.2.1044" path="socket:[25624]" dev="sockfs" ino=25624 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 383.423704][ T5868] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 383.658836][ T5868] usb 2-1: device not accepting address 39, error -71 [ 383.731117][ T5868] usb usb2-port1: unable to enumerate USB device [ 384.403712][ T1774] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 384.419034][T10622] openvswitch: netlink: Key type 303 is out of range max 32 [ 384.449714][T10624] openvswitch: netlink: Key type 303 is out of range max 32 [ 384.483800][ T5868] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 384.500523][T10627] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1049'. [ 384.509759][T10627] netlink: 'syz.0.1049': attribute type 5 has an invalid length. [ 384.534161][T10627] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1049'. [ 384.566428][ T1774] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 384.579656][ T1774] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 384.593126][ T1774] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 384.611280][ T1774] usb 4-1: SerialNumber: syz [ 384.623207][T10613] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 384.644222][ T5868] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 384.660146][ T5868] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 384.675217][ T5868] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 384.694994][ T30] audit: type=1400 audit(1745261827.819:857): avc: denied { bind } for pid=10630 comm="syz.2.1052" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 384.716821][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0 [ 384.736968][ T5868] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 384.783731][ T5868] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 384.812564][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0 [ 384.820483][ T5868] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 384.840361][T10610] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 384.854693][ T5868] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 384.892045][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0 [ 384.912300][ T5868] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 384.950026][ T5868] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 385.059294][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0 [ 385.184457][ T5868] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 385.339138][ T5868] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 385.367887][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0 [ 385.401471][ T5868] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 385.516494][ T30] audit: type=1400 audit(1745261828.639:858): avc: denied { ioctl } for pid=10644 comm="syz.4.1055" path="socket:[25678]" dev="sockfs" ino=25678 ioctlcmd=0x89f8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 385.521167][ T5868] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 385.541215][ C1] vkms_vblank_simulate: vblank timer overrun [ 385.637869][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0 [ 385.645747][ T5868] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 385.654925][ T5868] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 385.666085][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0 [ 385.674372][ T5868] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 385.827596][ T5868] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 385.838675][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0 [ 385.851355][ T5868] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 385.874634][ T5868] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 386.161872][ T5868] usb 2-1: Product: syz [ 386.166311][ T5868] usb 2-1: Manufacturer: syz [ 386.170930][ T5868] usb 2-1: SerialNumber: syz [ 386.177364][ T5868] usb 2-1: config 0 descriptor?? [ 386.188178][ T5868] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 386.213952][ T971] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 386.284510][ T9] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 386.373811][ T971] usb 1-1: Using ep0 maxpacket: 16 [ 386.380286][ T971] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 386.390740][ T971] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 386.400959][ T971] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 386.407972][T10603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 386.414029][ T971] usb 1-1: config 0 interface 0 has no altsetting 0 [ 386.415870][ T971] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 386.430326][T10603] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 386.439190][ T971] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.455113][ T971] usb 1-1: Product: syz [ 386.459359][ T971] usb 1-1: Manufacturer: syz [ 386.459378][ T971] usb 1-1: SerialNumber: syz [ 386.463157][ T971] usb 1-1: config 0 descriptor?? [ 386.475104][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 386.476839][ T9] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 386.476886][ T9] usb 5-1: config 0 has no interface number 0 [ 386.476920][ T9] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 386.476943][ T9] usb 5-1: config 0 interface 85 has no altsetting 0 [ 386.479097][ T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 386.484007][T10603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 386.487189][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.492849][T10603] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 386.507369][ T9] usb 5-1: Product: syz [ 386.566360][ T9] usb 5-1: Manufacturer: syz [ 386.566379][ T9] usb 5-1: SerialNumber: syz [ 386.568684][ T9] usb 5-1: config 0 descriptor?? [ 386.598681][ T5907] usb 2-1: USB disconnect, device number 40 [ 386.608378][ T5907] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 386.655139][ T1774] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 386.672983][ T1774] usb 4-1: USB disconnect, device number 23 [ 386.851099][T10701] delete_channel: no stack [ 387.268079][T10703] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1060'. [ 387.289888][T10703] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1060'. [ 387.434261][ T9] appletouch 5-1:0.85: Geyser mode initialized. [ 387.461841][ T9] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input44 [ 387.493151][ T971] usb 1-1: USB disconnect, device number 38 [ 387.957376][ T1774] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 388.832394][T10657] Set syz1 is full, maxelem 65536 reached [ 388.884745][ T24] usb 5-1: USB disconnect, device number 37 [ 388.891863][ T1774] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 388.905663][ T1774] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 388.915532][ T1774] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 388.931590][ T1774] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.943015][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 388.943028][ T30] audit: type=1400 audit(1745261832.069:860): avc: denied { bind } for pid=10725 comm="syz.1.1061" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 388.944796][T10730] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 388.980435][T10718] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 389.029711][ T24] appletouch 5-1:0.85: input: appletouch disconnected [ 389.036882][T10726] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1061'. [ 389.092093][ T1774] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 389.279448][ T30] audit: type=1800 audit(1745261832.399:861): pid=10757 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1066" name="file1" dev="overlay" ino=1291 res=0 errno=0 [ 390.823943][ T1774] usb 3-1: USB disconnect, device number 41 [ 390.894148][ T30] audit: type=1326 audit(1745261834.009:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10752 comm="syz.1.1064" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f561998e169 code=0x0 [ 391.171408][ T30] audit: type=1400 audit(1745261834.289:863): avc: denied { mounton } for pid=10752 comm="syz.1.1064" path="/proc/689/task/690/net" dev="proc" ino=26678 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 391.194721][ C1] vkms_vblank_simulate: vblank timer overrun [ 391.418813][T10792] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1067'. [ 391.531177][T10792] netlink: 'syz.3.1067': attribute type 5 has an invalid length. [ 391.584145][T10789] random: crng reseeded on system resumption [ 391.593759][ T30] audit: type=1400 audit(1745261834.709:864): avc: denied { append } for pid=10786 comm="syz.0.1068" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 391.673739][T10792] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1067'. [ 392.046239][T10802] fuse: Bad value for 'fd' [ 392.161404][T10811] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 392.983013][T10820] delete_channel: no stack [ 393.113660][ T971] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 393.273717][ T971] usb 3-1: Using ep0 maxpacket: 32 [ 393.316940][T10835] delete_channel: no stack [ 393.369830][ T971] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 393.380527][ T971] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 393.390031][ T971] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 393.416332][ T9] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 393.425210][ T971] usb 3-1: config 1 has no interface number 0 [ 393.432479][ T971] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 393.444256][ T971] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 393.457523][ T971] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 393.467085][ T971] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.602375][ T971] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 393.633724][ T24] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 393.645897][ T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 393.667192][ T9] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 393.677316][ T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 393.692952][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.796374][ T24] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 393.817228][ T24] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 393.838018][ T24] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 393.860590][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.886616][T10835] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 393.897870][ T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 393.920689][T10820] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 393.937896][ T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 393.945612][ T971] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 394.153571][ T9] usb 3-1: USB disconnect, device number 42 [ 394.164785][ T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 394.425434][ T30] audit: type=1400 audit(1745261837.519:865): avc: denied { nlmsg_read } for pid=10874 comm="syz.3.1080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 395.322998][T10883] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 395.472607][T10883] xt_CT: You must specify a L4 protocol and not use inversions on it [ 395.555646][ T30] audit: type=1800 audit(1745261838.679:866): pid=10895 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1085" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 396.076429][ T30] audit: type=1326 audit(1745261838.949:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10892 comm="syz.2.1084" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f578298e169 code=0x0 [ 396.271292][ T5870] usb 2-1: USB disconnect, device number 41 [ 396.404971][ T24] usb 5-1: USB disconnect, device number 38 [ 397.418809][T10941] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1088'. [ 397.607900][T10941] netlink: 'syz.4.1088': attribute type 5 has an invalid length. [ 397.618298][T10951] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1091'. [ 397.619271][T10941] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1088'. [ 397.990259][ T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 398.233773][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 398.255443][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 398.298958][ T9] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 398.309043][ T9] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 398.324822][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 398.333395][ T9] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 398.355856][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.369645][ T9] usb 4-1: Product: syz [ 398.378093][ T9] usb 4-1: Manufacturer: syz [ 398.386833][ T9] usb 4-1: SerialNumber: syz [ 398.395010][ T9] usb 4-1: config 0 descriptor?? [ 398.753696][ T5907] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 398.861091][ T30] audit: type=1400 audit(1745261841.979:868): avc: denied { read write } for pid=10986 comm="syz.4.1096" name="sg0" dev="devtmpfs" ino=735 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 398.885270][ T30] audit: type=1400 audit(1745261841.979:869): avc: denied { open } for pid=10986 comm="syz.4.1096" path="/dev/sg0" dev="devtmpfs" ino=735 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 398.909135][ C1] vkms_vblank_simulate: vblank timer overrun [ 399.323654][ T24] usb 4-1: USB disconnect, device number 24 [ 399.324991][ T5907] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 399.352261][ T5907] usb 3-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 399.787442][ T5907] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 400.178688][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.199029][ T5907] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 400.342202][ T5907] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 400.537375][T10979] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 401.059630][T10979] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 401.078185][ T30] audit: type=1400 audit(1745261844.199:870): avc: denied { read } for pid=10971 comm="syz.2.1094" name="usbmon4" dev="devtmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 401.137989][ T30] audit: type=1400 audit(1745261844.199:871): avc: denied { open } for pid=10971 comm="syz.2.1094" path="/dev/usbmon4" dev="devtmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 401.161728][ C1] vkms_vblank_simulate: vblank timer overrun [ 401.177117][ T30] audit: type=1400 audit(1745261844.229:872): avc: denied { ioctl } for pid=10971 comm="syz.2.1094" path="/dev/usbmon4" dev="devtmpfs" ino=728 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 401.746056][ T5907] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 402.063735][ T5907] usb 2-1: Using ep0 maxpacket: 16 [ 402.600245][ T5907] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 402.610446][ T5907] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 402.620238][ T5907] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 402.643686][ T5907] usb 2-1: config 0 interface 0 has no altsetting 0 [ 402.701377][ T5907] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 402.719434][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.768072][ T5907] usb 2-1: Product: syz [ 402.772277][ T5907] usb 2-1: Manufacturer: syz [ 402.878167][ T5907] usb 2-1: SerialNumber: syz [ 402.887065][ T9] usb 3-1: USB disconnect, device number 43 [ 402.916719][ T5907] usb 2-1: config 0 descriptor?? [ 403.059110][ T30] audit: type=1400 audit(1745261846.179:873): avc: denied { mount } for pid=11076 comm="syz.4.1109" name="/" dev="pstore" ino=1870 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 403.159355][T11081] FAULT_INJECTION: forcing a failure. [ 403.159355][T11081] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 403.173141][T11081] CPU: 0 UID: 0 PID: 11081 Comm: syz.2.1108 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 403.173166][T11081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 403.173177][T11081] Call Trace: [ 403.173183][T11081] [ 403.173189][T11081] dump_stack_lvl+0x16c/0x1f0 [ 403.173217][T11081] should_fail_ex+0x512/0x640 [ 403.173247][T11081] _copy_from_iter+0x2a4/0x15b0 [ 403.173273][T11081] ? __pfx__copy_from_iter+0x10/0x10 [ 403.173299][T11081] ? __pfx___might_resched+0x10/0x10 [ 403.173323][T11081] ? iov_iter_revert+0x264/0x5a0 [ 403.173345][T11081] file_tty_write.constprop.0+0x486/0x9b0 [ 403.173378][T11081] vfs_write+0x5ba/0x1180 [ 403.173406][T11081] ? __pfx_tty_write+0x10/0x10 [ 403.173432][T11081] ? __pfx_vfs_write+0x10/0x10 [ 403.173455][T11081] ? find_held_lock+0x2b/0x80 [ 403.173494][T11081] ksys_write+0x12a/0x240 [ 403.173509][T11081] ? __pfx_ksys_write+0x10/0x10 [ 403.173523][T11081] ? rcu_is_watching+0x12/0xc0 [ 403.173553][T11081] do_syscall_64+0xcd/0x260 [ 403.173579][T11081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.173600][T11081] RIP: 0033:0x7f578298e169 [ 403.173613][T11081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.173628][T11081] RSP: 002b:00007f57807d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 403.173644][T11081] RAX: ffffffffffffffda RBX: 00007f5782bb6160 RCX: 00007f578298e169 [ 403.173654][T11081] RDX: 00000000fffffdef RSI: 0000200000001040 RDI: 0000000000000008 [ 403.173664][T11081] RBP: 00007f57807d5090 R08: 0000000000000000 R09: 0000000000000000 [ 403.173674][T11081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 403.173683][T11081] R13: 0000000000000000 R14: 00007f5782bb6160 R15: 00007ffe7269a048 [ 403.173707][T11081] [ 403.786544][T11084] input: syz0 as /devices/virtual/input/input45 [ 403.876057][ T9] usb 2-1: USB disconnect, device number 42 [ 404.636662][T11102] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1109'. [ 405.252531][T11117] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1114'. [ 405.275841][T11117] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1114'. [ 405.423671][ T1774] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 405.573700][ T1774] usb 4-1: Using ep0 maxpacket: 16 [ 405.580682][ T1774] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 405.591091][ T1774] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 405.604008][ T1774] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 405.619689][ T1774] usb 4-1: config 0 interface 0 has no altsetting 0 [ 405.631881][T11121] loop9: detected capacity change from 0 to 6 [ 405.639183][T11121] Dev loop9: unable to read RDB block 6 [ 405.644814][T11121] loop9: unable to read partition table [ 405.651351][T11121] loop9: partition table beyond EOD, truncated [ 405.657599][T11121] loop_reread_partitions: partition scan of loop9 (þ被xüÿÿÿÿÿÿÿ ) failed (rc=-5) [ 405.679378][ T1774] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 405.688944][ T1774] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.698443][T11121] Dev loop9: unable to read RDB block 6 [ 405.704091][T11121] loop9: unable to read partition table [ 405.709891][T11121] loop9: partition table beyond EOD, truncated [ 405.716109][T11121] loop_reread_partitions: partition scan of loop9 (þ被xüÿÿÿÿÿÿÿ ) failed (rc=-5) [ 405.718672][T11125] netlink: 212 bytes leftover after parsing attributes in process `syz.1.1117'. [ 405.739505][ T1774] usb 4-1: Product: syz [ 405.743812][ T1774] usb 4-1: Manufacturer: syz [ 405.749379][ T1774] usb 4-1: SerialNumber: syz [ 405.766053][ T1774] usb 4-1: config 0 descriptor?? [ 407.022303][ T9] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 407.157830][ T971] usb 4-1: USB disconnect, device number 25 [ 407.233814][ T5907] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 407.241593][ T5868] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 407.265313][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 407.276419][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 407.287402][ T9] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 407.297185][ T9] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 407.310307][ T9] usb 2-1: config 0 interface 0 has no altsetting 0 [ 407.321784][ T9] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 407.337093][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.345440][ T9] usb 2-1: Product: syz [ 407.349684][ T9] usb 2-1: Manufacturer: syz [ 407.357531][ T9] usb 2-1: SerialNumber: syz [ 407.364897][ T9] usb 2-1: config 0 descriptor?? [ 407.413982][ T5907] usb 1-1: Using ep0 maxpacket: 8 [ 407.419272][ T5868] usb 5-1: Using ep0 maxpacket: 16 [ 407.998937][ T5907] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 408.012788][ T5907] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.021900][ T5907] usb 1-1: Product: syz [ 408.026343][ T5868] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 408.036719][ T5907] usb 1-1: Manufacturer: syz [ 408.041336][ T5907] usb 1-1: SerialNumber: syz [ 408.048480][ T5868] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 408.061268][ T5907] usb 1-1: config 0 descriptor?? [ 408.066287][ T5868] usb 5-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 408.079368][ T5868] usb 5-1: config 0 interface 0 has no altsetting 0 [ 408.160563][ T5868] usb 5-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 408.173707][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.181932][ T5868] usb 5-1: Product: syz [ 408.186433][ T5868] usb 5-1: Manufacturer: syz [ 408.191775][ T5868] usb 5-1: SerialNumber: syz [ 408.198981][ T5868] usb 5-1: config 0 descriptor?? [ 408.360621][ T5907] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 408.419978][T11188] xt_hashlimit: size too large, truncated to 1048576 [ 409.218879][ T9] usb 2-1: USB disconnect, device number 43 [ 409.446253][ T5868] usb 5-1: USB disconnect, device number 39 [ 409.724363][ T1774] hid-generic C98F:0003:0000.0019: unknown main item tag 0x0 [ 409.733975][ T1774] hid-generic C98F:0003:0000.0019: unknown main item tag 0x0 [ 409.741409][ T1774] hid-generic C98F:0003:0000.0019: unknown main item tag 0x0 [ 409.753859][ T1774] hid-generic C98F:0003:0000.0019: unknown main item tag 0x0 [ 409.761413][ T1774] hid-generic C98F:0003:0000.0019: unknown main item tag 0x0 [ 409.777168][ T1774] hid-generic C98F:0003:0000.0019: hidraw0: HID v0.00 Device [syz0] on syz1 [ 409.825170][ T30] audit: type=1400 audit(1745261852.949:874): avc: denied { getopt } for pid=11215 comm="syz.2.1132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 409.950431][ T30] audit: type=1400 audit(1745261853.069:875): avc: denied { read } for pid=11220 comm="syz.2.1133" name="btrfs-control" dev="devtmpfs" ino=1311 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 409.979581][ T30] audit: type=1400 audit(1745261853.069:876): avc: denied { open } for pid=11220 comm="syz.2.1133" path="/dev/btrfs-control" dev="devtmpfs" ino=1311 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 410.006963][ T30] audit: type=1400 audit(1745261853.069:877): avc: denied { ioctl } for pid=11220 comm="syz.2.1133" path="/dev/btrfs-control" dev="devtmpfs" ino=1311 ioctlcmd=0xae46 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 410.009366][T11221] xt_CT: You must specify a L4 protocol and not use inversions on it [ 410.039704][ T30] audit: type=1400 audit(1745261853.159:878): avc: denied { read } for pid=11220 comm="syz.2.1133" dev="sockfs" ino=26253 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 410.284079][ T1774] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 410.471955][ T1774] usb 3-1: device descriptor read/64, error -71 [ 410.753783][ T1774] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 410.913918][ T1774] usb 3-1: device descriptor read/64, error -71 [ 410.932554][T11145] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1122'. [ 411.076129][ T1774] usb usb3-port1: attempt power cycle [ 411.130612][ T30] audit: type=1326 audit(1745261854.249:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11228 comm="syz.1.1135" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f561998e169 code=0x0 [ 411.846421][ T5907] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 411.904044][ T1774] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 411.959983][ T5907] usb 1-1: USB disconnect, device number 39 [ 411.982533][ T1774] usb 3-1: device descriptor read/8, error -71 [ 412.463688][ T1774] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 413.076601][ T1774] usb 3-1: device descriptor read/8, error -71 [ 413.106733][ T30] audit: type=1400 audit(1745261855.659:880): avc: denied { getopt } for pid=11253 comm="syz.0.1138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 413.244308][ T30] audit: type=1400 audit(1745261856.059:881): avc: denied { write } for pid=11257 comm="syz.4.1140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 413.250054][ T1774] usb usb3-port1: unable to enumerate USB device [ 413.303709][ T5912] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 413.453565][T11281] »»»»»» speed is unknown, defaulting to 1000 [ 413.461094][T11281] lo speed is unknown, defaulting to 1000 [ 413.619487][ T5912] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 413.628724][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.637532][ T5912] usb 4-1: Product: syz [ 413.641797][ T5912] usb 4-1: Manufacturer: syz [ 413.646518][ T5912] usb 4-1: SerialNumber: syz [ 413.654953][ T5912] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 413.664878][ T47] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 413.677757][ T24] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 413.793950][ T5907] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 413.813802][ T47] usb 5-1: Using ep0 maxpacket: 32 [ 413.822007][ T47] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 413.830480][ T47] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 413.839925][ T47] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 413.848974][ T47] usb 5-1: config 1 has no interface number 0 [ 413.855083][ T47] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 413.866097][ T47] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 413.883090][ T47] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 413.892272][ T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.906736][ T47] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 413.953753][ T5907] usb 3-1: Using ep0 maxpacket: 32 [ 413.962536][ T5907] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 413.972858][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.981001][ T5907] usb 3-1: Product: syz [ 413.986117][ T5907] usb 3-1: Manufacturer: syz [ 413.990750][ T5907] usb 3-1: SerialNumber: syz [ 413.998022][ T5907] usb 3-1: config 0 descriptor?? [ 414.111163][ T47] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached [ 414.526648][ T5907] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=0] err=-71 [ 414.540971][ T5907] peak_usb 3-1:0.0: unable to read PCAN-USB Pro bootloader info (err -71) [ 414.920856][ T24] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 414.937210][ T24] ath9k_htc: Failed to initialize the device [ 414.944047][ T5907] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71 [ 414.959389][ T5907] usb 3-1: USB disconnect, device number 48 [ 414.976026][ T24] usb 4-1: ath9k_htc: USB layer deinitialized [ 415.145479][ T24] snd_usb_pod 5-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 415.189481][ T24] usb 4-1: USB disconnect, device number 26 [ 415.246754][ T30] audit: type=1400 audit(1745261858.369:882): avc: denied { getopt } for pid=11349 comm="syz.1.1146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 416.720592][ T9] usb 5-1: USB disconnect, device number 40 [ 416.848051][ T9] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 419.863394][ T30] audit: type=1400 audit(1745261862.919:883): avc: denied { kexec_image_load } for pid=11404 comm="syz.0.1158" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 420.097174][T11415] vxcan1: tx drop: invalid da for name 0x0000000000002001 [ 421.109159][T11422] netlink: 'syz.0.1162': attribute type 3 has an invalid length. [ 421.201452][ T30] audit: type=1400 audit(1745261864.319:884): avc: denied { mount } for pid=11424 comm="syz.2.1163" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 421.231589][ T24] IPVS: starting estimator thread 0... [ 421.325079][T11427] IPVS: using max 47 ests per chain, 112800 per kthread [ 422.214044][ T30] audit: type=1400 audit(1745261865.329:885): avc: denied { unmount } for pid=5829 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 422.241162][T11444] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1167'. [ 422.250442][T11444] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1167'. [ 422.264582][ T24] usb 4-1: new low-speed USB device number 27 using dummy_hcd [ 422.494149][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 422.519931][T11446] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 422.583904][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 422.678348][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 422.693100][ T24] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 422.702291][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.715231][T11437] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 422.726131][ T24] hub 4-1:1.0: bad descriptor, ignoring hub [ 422.732057][ T24] hub 4-1:1.0: probe with driver hub failed with error -5 [ 422.739932][ T24] cdc_wdm 4-1:1.0: skipping garbage [ 422.768523][ T24] cdc_wdm 4-1:1.0: skipping garbage [ 422.789301][ T24] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 422.806269][T11461] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11461 comm=syz.2.1168 [ 422.819513][T11461] bridge0: port 3(syz_tun) entered blocking state [ 422.826363][T11461] bridge0: port 3(syz_tun) entered disabled state [ 422.832884][T11461] syz_tun: entered allmulticast mode [ 422.839387][T11461] syz_tun: entered promiscuous mode [ 422.845126][T11461] bridge0: port 3(syz_tun) entered blocking state [ 422.851952][T11461] bridge0: port 3(syz_tun) entered forwarding state [ 422.879536][ T24] cdc_wdm 4-1:1.0: Unknown control protocol [ 423.209743][ T9] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 423.435007][ T9] usb 2-1: config 0 has an invalid interface number: 182 but max is 0 [ 423.443403][ T9] usb 2-1: config 0 has no interface number 0 [ 423.451408][ T9] usb 2-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice=74.fc [ 423.460879][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.469198][ T9] usb 2-1: Product: syz [ 423.473490][ T9] usb 2-1: Manufacturer: syz [ 423.478257][ T9] usb 2-1: SerialNumber: syz [ 423.486326][ T9] usb 2-1: config 0 descriptor?? [ 423.498511][ T9] pxrc 2-1:0.182: Could not find endpoint [ 423.922704][ T24] usb 2-1: USB disconnect, device number 44 [ 425.167642][ T24] usb 4-1: USB disconnect, device number 27 [ 425.533722][ T24] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 425.565900][ T5870] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 426.638765][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.650546][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 426.672499][ T5870] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 426.681660][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 426.694703][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.706523][ T24] usb 4-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 426.717114][ T5870] usb 5-1: config 0 descriptor?? [ 426.722278][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.735377][ T24] usb 4-1: config 0 descriptor?? [ 426.744915][ T24] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 426.950965][T11541] netlink: 'syz.1.1183': attribute type 3 has an invalid length. [ 427.023679][ T5907] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 427.135453][ T5870] keytouch 0003:0926:3333.001A: fixing up Keytouch IEC report descriptor [ 427.146580][ T5870] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.001A/input/input46 [ 427.392033][ T5870] keytouch 0003:0926:3333.001A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 427.555124][ T5907] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 427.566592][ T5907] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 427.575794][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.586781][ T5907] usb 1-1: config 0 descriptor?? [ 427.717223][ T5868] usb 5-1: USB disconnect, device number 41 [ 427.993842][ T24] usb 4-1: USB disconnect, device number 28 [ 428.035671][ T5907] keytouch 0003:0926:3333.001B: fixing up Keytouch IEC report descriptor [ 428.047697][ T5907] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.001B/input/input47 [ 429.376798][ T5907] keytouch 0003:0926:3333.001B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 429.740740][ T24] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 430.125727][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 430.139414][ T24] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 430.148531][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.164497][ T24] usb 5-1: config 0 descriptor?? [ 430.307156][ T5868] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 430.344575][T11642] block device autoloading is deprecated and will be removed. [ 430.363093][T11638] md: md2 stopped. [ 430.479406][ T47] usb 1-1: USB disconnect, device number 40 [ 430.513923][ T5868] usb 2-1: Using ep0 maxpacket: 16 [ 430.526603][ T5868] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 430.537300][ T5868] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 430.553167][ T5868] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 430.570554][ T5868] usb 2-1: config 0 interface 0 has no altsetting 0 [ 430.577375][T11659] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1192'. [ 430.592369][ T5868] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 430.592627][ T24] keytouch 0003:0926:3333.001C: fixing up Keytouch IEC report descriptor [ 430.611197][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.619423][ T5868] usb 2-1: Product: syz [ 430.635101][ T24] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.001C/input/input48 [ 430.637064][ T5868] usb 2-1: Manufacturer: syz [ 430.658523][ T5868] usb 2-1: SerialNumber: syz [ 430.667945][ T30] audit: type=1400 audit(1745261873.789:886): avc: denied { setopt } for pid=11667 comm="syz.0.1194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 430.687932][ C1] vkms_vblank_simulate: vblank timer overrun [ 430.792672][T11664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 430.801271][T11624] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 430.815839][T11664] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 430.825030][T11624] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 430.853689][ T9] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 431.003759][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 431.010809][ T9] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 431.020185][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.043769][ T971] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 432.205026][ T971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 432.216837][ T971] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.00 [ 432.227286][ T971] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.271658][T11744] netlink: 'syz.3.1208': attribute type 1 has an invalid length. [ 435.321796][ T30] audit: type=1326 audit(1745261878.439:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11745 comm="syz.4.1209" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa336b8e169 code=0x0 [ 435.419449][T11750] xt_CT: You must specify a L4 protocol and not use inversions on it [ 435.439889][T11750] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 436.065034][T11757] fuse: Unknown parameter 'fd0xffffffffffffffff0000000000000000000900000000000000000000' [ 436.165753][ T30] audit: type=1400 audit(1745261879.189:888): avc: denied { mounton } for pid=11752 comm="syz.3.1210" path="/265/file0" dev="tmpfs" ino=1434 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 436.275659][ T30] audit: type=1400 audit(1745261879.399:889): avc: denied { append } for pid=11752 comm="syz.3.1210" name="file0" dev="tmpfs" ino=1434 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 436.471689][T11772] delete_channel: no stack [ 436.501142][ T30] audit: type=1400 audit(1745261879.399:890): avc: denied { open } for pid=11752 comm="syz.3.1210" path="/265/file0" dev="tmpfs" ino=1434 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 436.523928][ C1] vkms_vblank_simulate: vblank timer overrun [ 436.645368][T11775] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1211'. [ 436.664139][T11775] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1211'. [ 437.378288][ T5139] Bluetooth: hci4: command 0x0c1a tx timeout [ 437.430109][T11784] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1215'. [ 437.561964][T11798] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7274 sclass=netlink_route_socket pid=11798 comm=syz.3.1218 [ 438.574215][ T30] audit: type=1326 audit(1745261881.699:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11805 comm="syz.4.1222" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa336b8e169 code=0x0 [ 438.959062][ T30] audit: type=1400 audit(1745261882.069:892): avc: denied { append } for pid=11808 comm="syz.3.1223" name="event3" dev="devtmpfs" ino=988 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 439.380322][T11820] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 439.616328][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.918688][ T30] audit: type=1400 audit(1745261884.039:893): avc: denied { shutdown } for pid=11856 comm="syz.1.1231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 440.958608][ T30] audit: type=1400 audit(1745261884.059:894): avc: denied { ioctl } for pid=11856 comm="syz.1.1231" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xf503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 441.746389][T11868] delete_channel: no stack [ 442.101936][ T30] audit: type=1400 audit(1745261885.219:895): avc: denied { link } for pid=11880 comm="syz.1.1237" name="#15" dev="tmpfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 442.143767][ T30] audit: type=1400 audit(1745261885.259:896): avc: denied { rename } for pid=11880 comm="syz.1.1237" name="#16" dev="tmpfs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 442.171393][ T30] audit: type=1800 audit(1745261885.289:897): pid=11881 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.1237" name="bus" dev="overlay" ino=10 res=0 errno=0 [ 442.406395][T11893] FAULT_INJECTION: forcing a failure. [ 442.406395][T11893] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 442.421066][T11893] CPU: 1 UID: 0 PID: 11893 Comm: syz.2.1239 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 442.421092][T11893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 442.421102][T11893] Call Trace: [ 442.421108][T11893] [ 442.421115][T11893] dump_stack_lvl+0x16c/0x1f0 [ 442.421142][T11893] should_fail_ex+0x512/0x640 [ 442.421164][T11893] _copy_from_iter+0x2a4/0x15b0 [ 442.421186][T11893] ? __alloc_skb+0x200/0x380 [ 442.421208][T11893] ? __pfx__copy_from_iter+0x10/0x10 [ 442.421229][T11893] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 442.421259][T11893] netlink_sendmsg+0x829/0xdd0 [ 442.421286][T11893] ? __pfx_netlink_sendmsg+0x10/0x10 [ 442.421318][T11893] ____sys_sendmsg+0xa95/0xc70 [ 442.421343][T11893] ? copy_msghdr_from_user+0x10a/0x160 [ 442.421363][T11893] ? __pfx_____sys_sendmsg+0x10/0x10 [ 442.421399][T11893] ___sys_sendmsg+0x134/0x1d0 [ 442.421420][T11893] ? __pfx____sys_sendmsg+0x10/0x10 [ 442.421470][T11893] __sys_sendmsg+0x16d/0x220 [ 442.421490][T11893] ? __pfx___sys_sendmsg+0x10/0x10 [ 442.421525][T11893] do_syscall_64+0xcd/0x260 [ 442.421550][T11893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.421567][T11893] RIP: 0033:0x7f578298e169 [ 442.421581][T11893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 442.421597][T11893] RSP: 002b:00007f5783718038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 442.421614][T11893] RAX: ffffffffffffffda RBX: 00007f5782bb5fa0 RCX: 00007f578298e169 [ 442.421624][T11893] RDX: 0000000004040140 RSI: 00002000000000c0 RDI: 0000000000000003 [ 442.421635][T11893] RBP: 00007f5783718090 R08: 0000000000000000 R09: 0000000000000000 [ 442.421645][T11893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 442.421654][T11893] R13: 0000000000000000 R14: 00007f5782bb5fa0 R15: 00007ffe7269a048 [ 442.421676][T11893] [ 442.612593][ C1] vkms_vblank_simulate: vblank timer overrun [ 442.856469][T11897] netlink: 'syz.2.1240': attribute type 3 has an invalid length. [ 445.926130][T11941] FAULT_INJECTION: forcing a failure. [ 445.926130][T11941] name failslab, interval 1, probability 0, space 0, times 0 [ 445.978483][T11941] CPU: 0 UID: 0 PID: 11941 Comm: syz.1.1248 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 445.978510][T11941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 445.978520][T11941] Call Trace: [ 445.978525][T11941] [ 445.978531][T11941] dump_stack_lvl+0x16c/0x1f0 [ 445.978559][T11941] should_fail_ex+0x512/0x640 [ 445.978577][T11941] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 445.978597][T11941] should_failslab+0xc2/0x120 [ 445.978615][T11941] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 445.978632][T11941] ? __mutex_trylock_common+0xe9/0x250 [ 445.978647][T11941] ? __alloc_skb+0x2b2/0x380 [ 445.978670][T11941] __alloc_skb+0x2b2/0x380 [ 445.978688][T11941] ? __pfx___alloc_skb+0x10/0x10 [ 445.978706][T11941] ? trace_contention_end+0xdd/0x130 [ 445.978723][T11941] ? __mutex_lock+0x1ca/0xb90 [ 445.978752][T11941] rtnl_stats_get+0x5b7/0x970 [ 445.978776][T11941] ? __pfx_rtnl_stats_get+0x10/0x10 [ 445.978808][T11941] ? __pfx_rtnl_stats_get+0x10/0x10 [ 445.978830][T11941] rtnetlink_rcv_msg+0x3c6/0xe90 [ 445.978853][T11941] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 445.978886][T11941] netlink_rcv_skb+0x16a/0x440 [ 445.978909][T11941] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 445.978932][T11941] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 445.978969][T11941] ? netlink_deliver_tap+0x1ae/0xd30 [ 445.978995][T11941] netlink_unicast+0x53a/0x7f0 [ 445.979020][T11941] ? __pfx_netlink_unicast+0x10/0x10 [ 445.979050][T11941] netlink_sendmsg+0x8d1/0xdd0 [ 445.979076][T11941] ? __pfx_netlink_sendmsg+0x10/0x10 [ 445.979108][T11941] ____sys_sendmsg+0xa95/0xc70 [ 445.979133][T11941] ? copy_msghdr_from_user+0x10a/0x160 [ 445.979153][T11941] ? __pfx_____sys_sendmsg+0x10/0x10 [ 445.979189][T11941] ___sys_sendmsg+0x134/0x1d0 [ 445.979211][T11941] ? __pfx____sys_sendmsg+0x10/0x10 [ 445.979261][T11941] __sys_sendmsg+0x16d/0x220 [ 445.979282][T11941] ? __pfx___sys_sendmsg+0x10/0x10 [ 445.979313][T11941] ? rcu_is_watching+0x12/0xc0 [ 445.979341][T11941] do_syscall_64+0xcd/0x260 [ 445.979365][T11941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.979382][T11941] RIP: 0033:0x7f561998e169 [ 445.979395][T11941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 445.979409][T11941] RSP: 002b:00007f561a806038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 445.979425][T11941] RAX: ffffffffffffffda RBX: 00007f5619bb5fa0 RCX: 00007f561998e169 [ 445.979436][T11941] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 445.979446][T11941] RBP: 00007f561a806090 R08: 0000000000000000 R09: 0000000000000000 [ 445.979456][T11941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 445.979470][T11941] R13: 0000000000000000 R14: 00007f5619bb5fa0 R15: 00007ffdbe5526a8 [ 445.979492][T11941] [ 446.601171][T11961] xt_CT: You must specify a L4 protocol and not use inversions on it [ 446.611975][T11961] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 446.626244][T11961] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 446.950727][T11965] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1253'. [ 446.983470][T11964] delete_channel: no stack [ 447.545090][T11987] delete_channel: no stack [ 448.308771][T12004] delete_channel: no stack [ 451.060581][ T30] audit: type=1400 audit(1745261894.089:898): avc: denied { ioctl } for pid=12050 comm="syz.2.1266" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 454.831649][ T30] audit: type=1400 audit(1745261897.949:899): avc: denied { mount } for pid=12115 comm="syz.1.1280" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 454.856396][ T30] audit: type=1400 audit(1745261897.979:900): avc: denied { search } for pid=12115 comm="syz.1.1280" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 454.881186][ T30] audit: type=1400 audit(1745261897.979:901): avc: denied { read } for pid=12115 comm="syz.1.1280" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 454.903392][ T30] audit: type=1400 audit(1745261897.979:902): avc: denied { open } for pid=12115 comm="syz.1.1280" path="/240/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 454.928366][ T30] audit: type=1400 audit(1745261898.059:903): avc: denied { unmount } for pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 455.188005][T12121] IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id = 0 [ 455.193953][T12120] IPVS: stopping backup sync thread 12121 ... [ 455.426772][T12129] trusted_key: syz.0.1282 sent an empty control message without MSG_MORE. [ 456.949611][T12163] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1291'. [ 456.978834][T12163] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1291'. [ 458.537948][ T30] audit: type=1400 audit(1745261901.659:904): avc: denied { name_bind } for pid=12193 comm="syz.2.1297" src=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 458.570903][ T30] audit: type=1400 audit(1745261901.659:905): avc: denied { name_connect } for pid=12193 comm="syz.2.1297" dest=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 458.618163][ T5139] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 459.966734][T12216] [U] .úíøà [ 460.468231][ T30] audit: type=1400 audit(1745261903.589:906): avc: denied { read } for pid=12239 comm="syz.0.1305" path="socket:[29213]" dev="sockfs" ino=29213 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 461.172799][T12259] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 461.203254][T12265] FAULT_INJECTION: forcing a failure. [ 461.203254][T12265] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 461.217608][T12265] CPU: 0 UID: 0 PID: 12265 Comm: syz.0.1311 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 461.217632][T12265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 461.217642][T12265] Call Trace: [ 461.217647][T12265] [ 461.217653][T12265] dump_stack_lvl+0x16c/0x1f0 [ 461.217681][T12265] should_fail_ex+0x512/0x640 [ 461.217703][T12265] _copy_to_user+0x32/0xd0 [ 461.217725][T12265] simple_read_from_buffer+0xcb/0x170 [ 461.217753][T12265] proc_fail_nth_read+0x197/0x270 [ 461.217779][T12265] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 461.217806][T12265] ? rw_verify_area+0xcf/0x680 [ 461.217829][T12265] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 461.217854][T12265] vfs_read+0x1de/0xc70 [ 461.217883][T12265] ? __pfx___mutex_lock+0x10/0x10 [ 461.217906][T12265] ? __pfx_vfs_read+0x10/0x10 [ 461.217938][T12265] ? __fget_files+0x20e/0x3c0 [ 461.217962][T12265] ksys_read+0x12a/0x240 [ 461.217975][T12265] ? __pfx_ksys_read+0x10/0x10 [ 461.217998][T12265] ? v4l2_ioctl+0x1c5/0x250 [ 461.218028][T12265] do_syscall_64+0xcd/0x260 [ 461.218052][T12265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.218069][T12265] RIP: 0033:0x7f8674f8cb7c [ 461.218084][T12265] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 461.218099][T12265] RSP: 002b:00007f8675da0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 461.218114][T12265] RAX: ffffffffffffffda RBX: 00007f86751b5fa0 RCX: 00007f8674f8cb7c [ 461.218125][T12265] RDX: 000000000000000f RSI: 00007f8675da00a0 RDI: 0000000000000004 [ 461.218134][T12265] RBP: 00007f8675da0090 R08: 0000000000000000 R09: 0000000000000000 [ 461.218143][T12265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 461.218153][T12265] R13: 0000000000000000 R14: 00007f86751b5fa0 R15: 00007fff9c7825e8 [ 461.218176][T12265] [ 462.262386][T12291] veth0_to_bond: entered allmulticast mode [ 462.279807][T12291] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1317'. [ 462.289068][T12291] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1317'. [ 462.316208][T12291] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1317'. [ 462.333425][T12291] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1317'. [ 462.510723][T12291] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1317'. [ 462.617758][T12291] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1317'. [ 462.703088][T12309] netlink: 'syz.3.1320': attribute type 30 has an invalid length. [ 463.874277][T12317] »»»»»» speed is unknown, defaulting to 1000 [ 463.899266][T12317] lo speed is unknown, defaulting to 1000 [ 464.234314][ T30] audit: type=1400 audit(1745261907.359:907): avc: denied { write } for pid=12347 comm="syz.3.1324" path="socket:[29343]" dev="sockfs" ino=29343 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 465.241053][T12366] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1326'. [ 465.658778][ T8974] kernel read not supported for file /sysvipc/msg (pid: 8974 comm: kworker/0:6) [ 465.812658][ T8974] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 466.754854][T12419] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1334'. [ 466.767289][T12419] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1334'. [ 466.792799][T12418] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1334'. [ 468.652018][T12451] autofs: Bad value for 'fd' [ 468.678400][ T30] audit: type=1400 audit(1745261911.789:908): avc: denied { ioctl } for pid=12442 comm="syz.4.1341" path="socket:[29442]" dev="sockfs" ino=29442 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 468.703047][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.711536][ T30] audit: type=1400 audit(1745261911.789:909): avc: denied { write } for pid=12442 comm="syz.4.1341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 468.732939][ T30] audit: type=1400 audit(1745261911.789:910): avc: denied { setopt } for pid=12442 comm="syz.4.1341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 468.752352][ C1] vkms_vblank_simulate: vblank timer overrun [ 469.429320][ T30] audit: type=1400 audit(1745261912.549:911): avc: denied { mount } for pid=12456 comm="syz.1.1343" name="/" dev="rpc_pipefs" ino=29452 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 469.452497][ C1] vkms_vblank_simulate: vblank timer overrun [ 469.499531][T12459] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=30273 sclass=netlink_route_socket pid=12459 comm=syz.1.1344 [ 470.614885][T12471] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 470.639356][T12471] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1347'. [ 470.648700][T12471] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1347'. [ 471.430727][ T30] audit: type=1326 audit(1745261914.549:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12491 comm="syz.0.1351" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8674f8e169 code=0x0 [ 471.593133][T12498] netlink: 129 bytes leftover after parsing attributes in process `syz.4.1352'. [ 473.924405][ T30] audit: type=1400 audit(1745261917.049:913): avc: denied { audit_write } for pid=12523 comm="syz.1.1357" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 474.013006][ T30] audit: type=1400 audit(1745261917.079:914): avc: denied { watch } for pid=12523 comm="syz.1.1357" path="pipe:[29578]" dev="pipefs" ino=29578 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 475.132870][T12554] netlink: 'syz.1.1362': attribute type 1 has an invalid length. [ 475.141017][T12554] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1362'. [ 476.137885][ T30] audit: type=1326 audit(1745261919.249:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12569 comm="syz.1.1365" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f561998e169 code=0x0 [ 480.532824][ T30] audit: type=1400 audit(1745261923.649:916): avc: denied { execmod } for pid=12628 comm="syz.4.1376" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=30260 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 480.532959][ T30] audit: type=1400 audit(1745261923.649:917): avc: denied { execute } for pid=12628 comm="syz.4.1376" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=30260 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 481.253202][ T5824] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 481.254905][ T5824] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 481.256570][ T5824] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 481.258037][ T5824] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 481.259042][ T5824] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 481.262268][ T30] audit: type=1400 audit(1745261924.379:918): avc: denied { mounton } for pid=12642 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 481.284253][T12642] »»»»»» speed is unknown, defaulting to 1000 [ 481.284967][T12642] lo speed is unknown, defaulting to 1000 [ 481.453408][T12642] chnl_net:caif_netlink_parms(): no params data found [ 481.618041][T12642] bridge0: port 1(bridge_slave_0) entered blocking state [ 481.618167][T12642] bridge0: port 1(bridge_slave_0) entered disabled state [ 481.618275][T12642] bridge_slave_0: entered allmulticast mode [ 481.619516][T12642] bridge_slave_0: entered promiscuous mode [ 481.622970][T12642] bridge0: port 2(bridge_slave_1) entered blocking state [ 481.623089][T12642] bridge0: port 2(bridge_slave_1) entered disabled state [ 481.623190][T12642] bridge_slave_1: entered allmulticast mode [ 481.628383][T12642] bridge_slave_1: entered promiscuous mode [ 481.656206][T12642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 481.658579][T12642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 481.685006][T12642] team0: Port device team_slave_0 added [ 481.687308][T12642] team0: Port device team_slave_1 added [ 481.712887][T12642] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 481.712902][T12642] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 481.712923][T12642] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 481.714645][T12642] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 481.714658][T12642] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 481.714677][T12642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 481.810713][T12642] hsr_slave_0: entered promiscuous mode [ 481.811432][T12642] hsr_slave_1: entered promiscuous mode [ 481.811924][T12642] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 481.811993][T12642] Cannot create hsr debugfs directory [ 481.887344][T12869] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1380'. [ 481.960690][T12870] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1380'. [ 482.803110][T12978] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1384'. [ 483.293664][ T5139] Bluetooth: hci5: command tx timeout [ 485.373694][ T5139] Bluetooth: hci5: command tx timeout [ 487.464163][ T5139] Bluetooth: hci5: command tx timeout [ 489.533876][ T5139] Bluetooth: hci5: command tx timeout [ 494.079253][ T5824] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 494.079888][ T5824] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 494.080486][ T5824] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 494.081600][ T5824] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 494.082121][ T5824] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 496.173959][ T5139] Bluetooth: hci6: command tx timeout [ 497.626128][ T5824] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 497.627864][ T5824] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 497.629529][ T5824] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 497.630270][ T5824] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 497.630736][ T5824] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 498.095696][ T5824] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 498.097312][ T5824] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 498.097875][ T5824] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 498.099074][ T5824] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 498.099938][ T5824] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 498.253817][ T5824] Bluetooth: hci6: command tx timeout [ 499.590505][ T5139] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 499.591114][ T5139] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 499.591692][ T5139] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 499.592437][ T5139] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 499.592913][ T5139] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 499.693712][ T5824] Bluetooth: hci7: command tx timeout [ 500.173861][ T5824] Bluetooth: hci8: command tx timeout [ 500.343747][ T5824] Bluetooth: hci6: command tx timeout [ 501.056839][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.613780][ T5824] Bluetooth: hci9: command tx timeout [ 501.773809][ T5824] Bluetooth: hci7: command tx timeout [ 502.253650][ T5824] Bluetooth: hci8: command tx timeout [ 502.414205][ T5824] Bluetooth: hci6: command tx timeout [ 503.695505][ T5824] Bluetooth: hci9: command tx timeout [ 503.853666][ T5824] Bluetooth: hci7: command tx timeout [ 504.333784][ T5824] Bluetooth: hci8: command tx timeout [ 505.773713][ T5824] Bluetooth: hci9: command tx timeout [ 505.933666][ T5824] Bluetooth: hci7: command tx timeout [ 506.413755][ T5824] Bluetooth: hci8: command tx timeout [ 507.863801][ T5824] Bluetooth: hci9: command tx timeout [ 542.132998][ T5139] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 542.133948][ T5139] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 542.136009][ T5139] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 542.136744][ T5139] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 542.137635][ T5139] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 544.183657][ T5824] Bluetooth: hci10: command tx timeout [ 546.253667][ T5824] Bluetooth: hci10: command tx timeout [ 548.333637][ T5824] Bluetooth: hci10: command tx timeout [ 550.414757][ T5824] Bluetooth: hci10: command tx timeout [ 554.155097][ T5139] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 554.156717][ T5139] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 554.157705][ T5139] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 554.158697][ T5139] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 554.159182][ T5139] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 556.173932][ T5824] Bluetooth: hci11: command tx timeout [ 557.650250][ T5139] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 557.650850][ T5139] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 557.651770][ T5139] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 557.652886][ T5139] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 557.653362][ T5139] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 558.253627][ T5824] Bluetooth: hci11: command tx timeout [ 558.651809][ T5139] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 558.652944][ T5139] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 558.653523][ T5139] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 558.655762][ T5139] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 558.656252][ T5139] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 559.654373][ T5139] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 559.656624][ T5139] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 559.657534][ T5139] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 559.658622][ T5139] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 559.659500][ T5139] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 559.693801][ T5139] Bluetooth: hci12: command tx timeout [ 560.333764][ T5139] Bluetooth: hci11: command tx timeout [ 560.733822][ T5139] Bluetooth: hci13: command tx timeout [ 561.693738][ T5139] Bluetooth: hci14: command tx timeout [ 561.773667][ T5139] Bluetooth: hci12: command tx timeout [ 562.413696][ T5139] Bluetooth: hci11: command tx timeout [ 562.505510][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.823729][ T5139] Bluetooth: hci13: command tx timeout [ 563.773801][ T5139] Bluetooth: hci14: command tx timeout [ 563.854152][ T5139] Bluetooth: hci12: command tx timeout [ 564.893839][ T5139] Bluetooth: hci13: command tx timeout [ 565.863755][ T5139] Bluetooth: hci14: command tx timeout [ 565.943774][ T5139] Bluetooth: hci12: command tx timeout [ 566.973745][ T5139] Bluetooth: hci13: command tx timeout [ 567.933977][ T5139] Bluetooth: hci14: command tx timeout [ 586.175174][ T31] INFO: task kworker/0:0:9 blocked for more than 143 seconds. [ 586.175196][ T31] Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 [ 586.175206][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.175213][ T31] task:kworker/0:0 state:D stack:21880 pid:9 tgid:9 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 586.175261][ T31] Workqueue: usb_hub_wq hub_event [ 586.175278][ T31] Call Trace: [ 586.175281][ T31] [ 586.175288][ T31] __schedule+0x116f/0x5de0 [ 586.175307][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 586.175320][ T31] ? __pfx___schedule+0x10/0x10 [ 586.175336][ T31] ? find_held_lock+0x2b/0x80 [ 586.175350][ T31] ? schedule+0x2d7/0x3a0 [ 586.175365][ T31] schedule+0xe7/0x3a0 [ 586.175378][ T31] schedule_timeout+0x257/0x290 [ 586.175389][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 586.175405][ T31] ? mark_held_locks+0x49/0x80 [ 586.175414][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 586.175428][ T31] __wait_for_common+0x2fc/0x4e0 [ 586.175442][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 586.175455][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 586.175471][ T31] ? devtmpfs_submit_req+0x94/0x100 [ 586.175489][ T31] devtmpfs_submit_req+0xa8/0x100 [ 586.175506][ T31] devtmpfs_create_node+0x18a/0x230 [ 586.175522][ T31] ? __pfx_devtmpfs_create_node+0x10/0x10 [ 586.175540][ T31] ? up_write+0x1b2/0x520 [ 586.175556][ T31] ? kernfs_create_link+0x1bd/0x240 [ 586.175573][ T31] ? kernfs_put+0x35/0x60 [ 586.175584][ T31] ? sysfs_do_create_link_sd+0xbb/0x140 [ 586.175597][ T31] device_add+0x10bd/0x1a70 [ 586.175610][ T31] ? __pfx_device_add+0x10/0x10 [ 586.175619][ T31] ? usb_detect_static_quirks+0x335/0x3e0 [ 586.175637][ T31] ? __usb_get_extra_descriptor+0x158/0x1c0 [ 586.175652][ T31] usb_new_device+0xd07/0x1a20 [ 586.175671][ T31] ? do_raw_spin_lock+0x12c/0x2b0 [ 586.175683][ T31] ? __pfx_usb_new_device+0x10/0x10 [ 586.175701][ T31] ? mark_held_locks+0x49/0x80 [ 586.175713][ T31] hub_event+0x2eb7/0x4fa0 [ 586.175734][ T31] ? __pfx_hub_event+0x10/0x10 [ 586.175744][ T31] ? debug_object_deactivate+0x1ec/0x3a0 [ 586.175765][ T31] ? rcu_is_watching+0x12/0xc0 [ 586.175785][ T31] process_one_work+0x9cc/0x1b70 [ 586.175802][ T31] ? __pfx_hcd_resume_work+0x10/0x10 [ 586.175814][ T31] ? __pfx_process_one_work+0x10/0x10 [ 586.175830][ T31] ? assign_work+0x1a0/0x250 [ 586.175843][ T31] worker_thread+0x6c8/0xf10 [ 586.175861][ T31] ? __pfx_worker_thread+0x10/0x10 [ 586.175873][ T31] kthread+0x3c2/0x780 [ 586.175885][ T31] ? __pfx_kthread+0x10/0x10 [ 586.175895][ T31] ? __pfx_kthread+0x10/0x10 [ 586.175905][ T31] ? __pfx_kthread+0x10/0x10 [ 586.175915][ T31] ? __pfx_kthread+0x10/0x10 [ 586.175925][ T31] ? rcu_is_watching+0x12/0xc0 [ 586.175939][ T31] ? __pfx_kthread+0x10/0x10 [ 586.175950][ T31] ret_from_fork+0x45/0x80 [ 586.175961][ T31] ? __pfx_kthread+0x10/0x10 [ 586.175972][ T31] ret_from_fork_asm+0x1a/0x30 [ 586.175996][ T31] [ 586.176005][ T31] INFO: task kworker/1:1:47 blocked for more than 143 seconds. [ 586.176013][ T31] Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 [ 586.176019][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.176023][ T31] task:kworker/1:1 state:D stack:18392 pid:47 tgid:47 ppid:2 task_flags:0x4288060 flags:0x00004000 [ 586.176048][ T31] Workqueue: usb_hub_wq hub_event [ 586.176057][ T31] Call Trace: [ 586.176060][ T31] [ 586.176066][ T31] __schedule+0x116f/0x5de0 [ 586.176079][ T31] ? __pfx_widen_string+0x10/0x10 [ 586.176091][ T31] ? __lock_acquire+0xa90/0x1ba0 [ 586.176106][ T31] ? __pfx___schedule+0x10/0x10 [ 586.176121][ T31] ? find_held_lock+0x2b/0x80 [ 586.176135][ T31] ? schedule+0x2d7/0x3a0 [ 586.176150][ T31] schedule+0xe7/0x3a0 [ 586.176163][ T31] schedule_timeout+0x257/0x290 [ 586.176174][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 586.176190][ T31] ? mark_held_locks+0x49/0x80 [ 586.176199][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 586.176213][ T31] __wait_for_common+0x2fc/0x4e0 [ 586.176227][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 586.176240][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 586.176255][ T31] ? devtmpfs_submit_req+0x94/0x100 [ 586.176273][ T31] devtmpfs_submit_req+0xa8/0x100 [ 586.176289][ T31] devtmpfs_delete_node+0xf6/0x160 [ 586.176305][ T31] ? __pfx_devtmpfs_delete_node+0x10/0x10 [ 586.176328][ T31] ? kobject_put+0xab/0x5a0 [ 586.176344][ T31] ? __pfx_klist_children_put+0x10/0x10 [ 586.176356][ T31] ? klist_children_put+0x44/0x60 [ 586.176368][ T31] ? klist_put+0xf9/0x1b0 [ 586.176383][ T31] device_del+0x734/0x9f0 [ 586.176399][ T31] ? __pfx_device_del+0x10/0x10 [ 586.176415][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 586.176433][ T31] cdev_device_del+0x1d/0x110 [ 586.176446][ T31] evdev_disconnect+0x40/0xb0 [ 586.176462][ T31] __input_unregister_device+0x1f5/0x470 [ 586.176481][ T31] input_unregister_device+0xb9/0x100 [ 586.176498][ T31] hidinput_disconnect+0x14d/0x3d0 [ 586.176516][ T31] hid_disconnect+0x14d/0x1b0 [ 586.176529][ T31] hid_device_remove+0x1a8/0x260 [ 586.176543][ T31] ? __pfx_hid_device_remove+0x10/0x10 [ 586.176558][ T31] device_remove+0xc8/0x170 [ 586.176573][ T31] device_release_driver_internal+0x44b/0x620 [ 586.176592][ T31] bus_remove_device+0x22f/0x420 [ 586.176608][ T31] device_del+0x396/0x9f0 [ 586.176624][ T31] ? __pfx_device_del+0x10/0x10 [ 586.176639][ T31] ? do_raw_spin_lock+0x12c/0x2b0 [ 586.176654][ T31] hid_destroy_device+0x19c/0x240 [ 586.176667][ T31] usbhid_disconnect+0xa0/0xe0 [ 586.176684][ T31] usb_unbind_interface+0x1da/0x9a0 [ 586.176699][ T31] ? kernfs_remove_by_name_ns+0xbe/0x110 [ 586.176713][ T31] ? __pfx_usb_unbind_interface+0x10/0x10 [ 586.176726][ T31] device_remove+0x122/0x170 [ 586.176740][ T31] device_release_driver_internal+0x44b/0x620 [ 586.176759][ T31] bus_remove_device+0x22f/0x420 [ 586.176779][ T31] device_del+0x396/0x9f0 [ 586.176795][ T31] ? __pfx_device_del+0x10/0x10 [ 586.176809][ T31] ? kobject_put+0x210/0x5a0 [ 586.176827][ T31] usb_disable_device+0x355/0x7d0 [ 586.176848][ T31] usb_disconnect+0x2e1/0x920 [ 586.176868][ T31] hub_event+0x1c57/0x4fa0 [ 586.177145][ T31] ? __lock_acquire+0xaa4/0x1ba0 [ 586.177168][ T31] ? __pfx_hub_event+0x10/0x10 [ 586.177184][ T31] ? debug_object_deactivate+0x1ec/0x3a0 [ 586.177216][ T31] ? rcu_is_watching+0x12/0xc0 [ 586.177240][ T31] process_one_work+0x9cc/0x1b70 [ 586.177270][ T31] ? __pfx_process_one_work+0x10/0x10 [ 586.177300][ T31] ? assign_work+0x1a0/0x250 [ 586.177320][ T31] worker_thread+0x6c8/0xf10 [ 586.177352][ T31] ? __pfx_worker_thread+0x10/0x10 [ 586.177372][ T31] kthread+0x3c2/0x780 [ 586.177634][ T31] ? __pfx_kthread+0x10/0x10 [ 586.177652][ T31] ? __pfx_kthread+0x10/0x10 [ 586.177669][ T31] ? __pfx_kthread+0x10/0x10 [ 586.177686][ T31] ? __pfx_kthread+0x10/0x10 [ 586.177703][ T31] ? rcu_is_watching+0x12/0xc0 [ 586.177723][ T31] ? __pfx_kthread+0x10/0x10 [ 586.177742][ T31] ret_from_fork+0x45/0x80 [ 586.177760][ T31] ? __pfx_kthread+0x10/0x10 [ 586.177783][ T31] ret_from_fork_asm+0x1a/0x30 [ 586.177822][ T31] [ 586.177849][ T31] INFO: task kworker/0:2:971 blocked for more than 143 seconds. [ 586.177861][ T31] Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 [ 586.177871][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.177876][ T31] task:kworker/0:2 state:D stack:22488 pid:971 tgid:971 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 586.177904][ T31] Workqueue: usb_hub_wq hub_event [ 586.177915][ T31] Call Trace: [ 586.177918][ T31] [ 586.177924][ T31] __schedule+0x116f/0x5de0 [ 586.177941][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 586.177954][ T31] ? __pfx___schedule+0x10/0x10 [ 586.177970][ T31] ? find_held_lock+0x2b/0x80 [ 586.177983][ T31] ? schedule+0x2d7/0x3a0 [ 586.177998][ T31] schedule+0xe7/0x3a0 [ 586.178010][ T31] schedule_timeout+0x257/0x290 [ 586.178021][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 586.178037][ T31] ? mark_held_locks+0x49/0x80 [ 586.178046][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 586.178060][ T31] __wait_for_common+0x2fc/0x4e0 [ 586.178074][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 586.178087][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 586.178103][ T31] ? devtmpfs_submit_req+0x94/0x100 [ 586.178121][ T31] devtmpfs_submit_req+0xa8/0x100 [ 586.178137][ T31] devtmpfs_create_node+0x18a/0x230 [ 586.178153][ T31] ? __pfx_devtmpfs_create_node+0x10/0x10 [ 586.178169][ T31] ? up_write+0x1b2/0x520 [ 586.178185][ T31] ? kernfs_create_link+0x1bd/0x240 [ 586.178201][ T31] ? kernfs_put+0x35/0x60 [ 586.178212][ T31] ? sysfs_do_create_link_sd+0xbb/0x140 [ 586.178225][ T31] device_add+0x10bd/0x1a70 [ 586.178237][ T31] ? __pfx_device_add+0x10/0x10 [ 586.178247][ T31] ? usb_detect_static_quirks+0x335/0x3e0 [ 586.178264][ T31] ? __usb_get_extra_descriptor+0x158/0x1c0 [ 586.178278][ T31] usb_new_device+0xd07/0x1a20 [ 586.178297][ T31] ? do_raw_spin_lock+0x12c/0x2b0 [ 586.178309][ T31] ? __pfx_usb_new_device+0x10/0x10 [ 586.178327][ T31] ? mark_held_locks+0x49/0x80 [ 586.178338][ T31] hub_event+0x2eb7/0x4fa0 [ 586.178360][ T31] ? __pfx_hub_event+0x10/0x10 [ 586.178369][ T31] ? debug_object_deactivate+0x1ec/0x3a0 [ 586.178388][ T31] ? rcu_is_watching+0x12/0xc0 [ 586.178403][ T31] process_one_work+0x9cc/0x1b70 [ 586.178419][ T31] ? __pfx_hcd_resume_work+0x10/0x10 [ 586.178431][ T31] ? __pfx_process_one_work+0x10/0x10 [ 586.178447][ T31] ? assign_work+0x1a0/0x250 [ 586.178460][ T31] worker_thread+0x6c8/0xf10 [ 586.178476][ T31] ? __kthread_parkme+0x19e/0x250 [ 586.178493][ T31] ? __pfx_worker_thread+0x10/0x10 [ 586.178505][ T31] kthread+0x3c2/0x780 [ 586.178516][ T31] ? __pfx_kthread+0x10/0x10 [ 586.178526][ T31] ? __pfx_kthread+0x10/0x10 [ 586.178536][ T31] ? __pfx_kthread+0x10/0x10 [ 586.178546][ T31] ? __pfx_kthread+0x10/0x10 [ 586.178556][ T31] ? rcu_is_watching+0x12/0xc0 [ 586.178569][ T31] ? __pfx_kthread+0x10/0x10 [ 586.178580][ T31] ret_from_fork+0x45/0x80 [ 586.178591][ T31] ? __pfx_kthread+0x10/0x10 [ 586.178602][ T31] ret_from_fork_asm+0x1a/0x30 [ 586.178624][ T31] [ 586.178670][ T31] INFO: task kworker/0:3:5868 blocked for more than 143 seconds. [ 586.178677][ T31] Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 [ 586.178683][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.178687][ T31] task:kworker/0:3 state:D stack:21304 pid:5868 tgid:5868 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 586.178713][ T31] Workqueue: usb_hub_wq hub_event [ 586.178722][ T31] Call Trace: [ 586.178725][ T31] [ 586.178731][ T31] __schedule+0x116f/0x5de0 [ 586.178747][ T31] ? __lock_acquire+0x5ca/0x1ba0 [ 586.178760][ T31] ? __pfx___schedule+0x10/0x10 [ 586.178780][ T31] ? find_held_lock+0x2b/0x80 [ 586.178794][ T31] ? schedule+0x2d7/0x3a0 [ 586.178808][ T31] schedule+0xe7/0x3a0 [ 586.178821][ T31] schedule_timeout+0x257/0x290 [ 586.178832][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 586.178848][ T31] ? mark_held_locks+0x49/0x80 [ 586.178857][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 586.178870][ T31] __wait_for_common+0x2fc/0x4e0 [ 586.178884][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 586.178898][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 586.178914][ T31] ? devtmpfs_submit_req+0x94/0x100 [ 586.178932][ T31] devtmpfs_submit_req+0xa8/0x100 [ 586.178948][ T31] devtmpfs_create_node+0x18a/0x230 [ 586.178963][ T31] ? __pfx_devtmpfs_create_node+0x10/0x10 [ 586.178979][ T31] ? up_write+0x1b2/0x520 [ 586.178995][ T31] ? kernfs_create_link+0x1bd/0x240 [ 586.179011][ T31] ? kernfs_put+0x35/0x60 [ 586.179022][ T31] ? sysfs_do_create_link_sd+0xbb/0x140 [ 586.179035][ T31] device_add+0x10bd/0x1a70 [ 586.179047][ T31] ? __pfx_device_add+0x10/0x10 [ 586.179057][ T31] ? add_device_randomness+0xb7/0xf0 [ 586.179070][ T31] ? __usb_get_extra_descriptor+0x158/0x1c0 [ 586.179084][ T31] usb_new_device+0xd07/0x1a20 [ 586.179103][ T31] ? do_raw_spin_lock+0x12c/0x2b0 [ 586.179115][ T31] ? __pfx_usb_new_device+0x10/0x10 [ 586.179132][ T31] ? mark_held_locks+0x49/0x80 [ 586.179144][ T31] hub_event+0x2eb7/0x4fa0 [ 586.179165][ T31] ? __pfx_hub_event+0x10/0x10 [ 586.179175][ T31] ? debug_object_deactivate+0x1ec/0x3a0 [ 586.179195][ T31] ? rcu_is_watching+0x12/0xc0 [ 586.179209][ T31] process_one_work+0x9cc/0x1b70 [ 586.179225][ T31] ? __pfx_hcd_resume_work+0x10/0x10 [ 586.179237][ T31] ? __pfx_process_one_work+0x10/0x10 [ 586.179253][ T31] ? assign_work+0x1a0/0x250 [ 586.179265][ T31] worker_thread+0x6c8/0xf10 [ 586.179282][ T31] ? __kthread_parkme+0x19e/0x250 [ 586.179298][ T31] ? __pfx_worker_thread+0x10/0x10 [ 586.179311][ T31] kthread+0x3c2/0x780 [ 586.179322][ T31] ? __pfx_kthread+0x10/0x10 [ 586.179332][ T31] ? __pfx_kthread+0x10/0x10 [ 586.179342][ T31] ? __pfx_kthread+0x10/0x10 [ 586.179352][ T31] ? __pfx_kthread+0x10/0x10 [ 586.179363][ T31] ? rcu_is_watching+0x12/0xc0 [ 586.179376][ T31] ? __pfx_kthread+0x10/0x10 [ 586.179387][ T31] ret_from_fork+0x45/0x80 [ 586.179398][ T31] ? __pfx_kthread+0x10/0x10 [ 586.179408][ T31] ret_from_fork_asm+0x1a/0x30 [ 586.179431][ T31] [ 586.179436][ T31] INFO: task kworker/0:5:5907 blocked for more than 143 seconds. [ 586.179442][ T31] Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 [ 586.179448][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.179453][ T31] task:kworker/0:5 state:D stack:21896 pid:5907 tgid:5907 ppid:2 task_flags:0x4288060 flags:0x00004000 [ 586.179479][ T31] Workqueue: md_misc mddev_delayed_delete [ 586.179489][ T31] Call Trace: [ 586.179493][ T31] [ 586.179499][ T31] __schedule+0x116f/0x5de0 [ 586.179519][ T31] ? __pfx___schedule+0x10/0x10 [ 586.179531][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 586.179545][ T31] ? find_held_lock+0x2b/0x80 [ 586.179558][ T31] ? schedule+0x2d7/0x3a0 [ 586.179572][ T31] schedule+0xe7/0x3a0 [ 586.179585][ T31] schedule_timeout+0x257/0x290 [ 586.179597][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 586.179612][ T31] ? mark_held_locks+0x49/0x80 [ 586.179621][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 586.179635][ T31] __wait_for_common+0x2fc/0x4e0 [ 586.179649][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 586.179662][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 586.179678][ T31] ? devtmpfs_submit_req+0x94/0x100 [ 586.179696][ T31] devtmpfs_submit_req+0xa8/0x100 [ 586.179712][ T31] devtmpfs_delete_node+0xf6/0x160 [ 586.179727][ T31] ? __pfx_devtmpfs_delete_node+0x10/0x10 [ 586.179746][ T31] ? __call_rcu_common.constprop.0+0x3e5/0x9f0 [ 586.179758][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 586.179781][ T31] ? kernfs_put+0x4e/0x60 [ 586.179792][ T31] ? sysfs_remove_group+0xc6/0x180 [ 586.179805][ T31] device_del+0x734/0x9f0 [ 586.179822][ T31] ? __pfx_device_del+0x10/0x10 [ 586.179837][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 586.179850][ T31] ? _raw_spin_unlock_irq+0x2e/0x50 [ 586.179865][ T31] del_gendisk+0x486/0xc40 [ 586.179879][ T31] ? __pfx_del_gendisk+0x10/0x10 [ 586.179889][ T31] ? kernfs_put.part.0+0x18b/0x630 [ 586.179904][ T31] md_kobj_release+0xb2/0x100 [ 586.179918][ T31] kobject_put+0x1e4/0x5a0 [ 586.179935][ T31] process_one_work+0x9cc/0x1b70 [ 586.179952][ T31] ? __pfx_process_one_work+0x10/0x10 [ 586.179969][ T31] ? assign_work+0x1a0/0x250 [ 586.179981][ T31] worker_thread+0x6c8/0xf10 [ 586.179997][ T31] ? __kthread_parkme+0x19e/0x250 [ 586.180013][ T31] ? __pfx_worker_thread+0x10/0x10 [ 586.180025][ T31] kthread+0x3c2/0x780 [ 586.180037][ T31] ? __pfx_kthread+0x10/0x10 [ 586.180047][ T31] ? __pfx_kthread+0x10/0x10 [ 586.180057][ T31] ? __pfx_kthread+0x10/0x10 [ 586.180067][ T31] ? __pfx_kthread+0x10/0x10 [ 586.180077][ T31] ? rcu_is_watching+0x12/0xc0 [ 586.180091][ T31] ? __pfx_kthread+0x10/0x10 [ 586.180102][ T31] ret_from_fork+0x45/0x80 [ 586.180112][ T31] ? __pfx_kthread+0x10/0x10 [ 586.180123][ T31] ret_from_fork_asm+0x1a/0x30 [ 586.180145][ T31] [ 586.180163][ T31] [ 586.180163][ T31] Showing all locks held in the system: [ 586.180168][ T31] 3 locks held by kworker/0:0/9: [ 586.180174][ T31] #0: ffff888144e8d148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 586.180203][ T31] #1: ffffc900000e7d18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 586.180230][ T31] #2: ffff888145b82198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fa0 [ 586.180256][ T31] 7 locks held by kworker/1:0/24: [ 586.180262][ T31] #0: ffff888144e8d148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 586.180288][ T31] #1: ffffc900001e7d18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 586.180315][ T31] #2: ffff888145bb2198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fa0 [ 586.180338][ T31] #3: ffff888065f45198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0 [ 586.180368][ T31] #4: ffff88805d516160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0 [ 586.180397][ T31] #5: ffff8880709a1a20 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0 [ 586.180426][ T31] #6: ffffffff8f9650e8 (input_mutex){+.+.}-{4:4}, at: input_register_device+0x98a/0x1130 [ 586.180456][ T31] 2 locks held by kdevtmpfs/26: [ 586.180462][ T31] #0: ffff88801c6d8950 (&type->i_mutex_dir_key/1){+.+.}-{4:4}, at: __kern_path_locked+0x132/0x2a0 [ 586.180496][ T31] #1: ffffffff8eef4368 (major_names_lock){+.+.}-{4:4}, at: blk_probe_dev+0x25/0x1a0 [ 586.180527][ T31] 1 lock held by khungtaskd/31: [ 586.180533][ T31] #0: ffffffff8e3bf5c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 586.180558][ T31] 3 locks held by kworker/u8:2/36: [ 586.180564][ T31] #0: ffff888031655948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 586.180591][ T31] #1: ffffc90000ad7d18 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 586.180618][ T31] #2: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30 [ 586.180647][ T31] 7 locks held by kworker/1:1/47: [ 586.180653][ T31] #0: ffff888144e8d148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 586.180680][ T31] #1: ffffc90000b87d18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 586.180707][ T31] #2: ffff8880290c2198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fa0 [ 586.180730][ T31] #3: ffff888032160198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0x10a/0x920 [ 586.180760][ T31] #4: ffff88805464e160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xa4/0x620 [ 586.180795][ T31] #5: ffff888024c19a20 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xa4/0x620 [ 586.180826][ T31] #6: ffffffff8f9650e8 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x156/0x470 [ 586.180860][ T31] 3 locks held by kworker/0:2/971: [ 586.180866][ T31] #0: ffff888144e8d148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 586.180892][ T31] #1: ffffc90003c9fd18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 586.180919][ T31] #2: ffff888145b9a198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fa0 [ 586.180945][ T31] 3 locks held by kworker/1:3/1774: [ 586.180951][ T31] #0: ffff88801b479d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 586.180978][ T31] #1: ffffc90005637d18 ((crda_timeout).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 586.181005][ T31] #2: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: crda_timeout_work+0x15/0x50 [ 586.181040][ T31] 2 locks held by getty/5583: [ 586.181046][ T31] #0: ffff8880322c30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 586.181075][ T31] #1: ffffc900033532f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 586.181103][ T31] 3 locks held by kworker/0:3/5868: [ 586.181109][ T31] #0: ffff888144e8d148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 586.181136][ T31] #1: ffffc900030dfd18 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 586.181163][ T31] #2: ffff888145b72198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fa0 [ 586.181186][ T31] 3 locks held by kworker/1:5/5870: [ 586.181192][ T31] #0: ffff88801b479d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 586.181220][ T31] #1: ffffc900030bfd18 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 586.181247][ T31] #2: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x83/0x1170 [ 586.181277][ T31] 2 locks held by kworker/0:5/5907: [ 586.181283][ T31] #0: ffff888144e8dd48 ((wq_completion)md_misc){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 586.181310][ T31] #1: ffffc90004a87d18 ((work_completion)(&mddev->del_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 586.181338][ T31] 3 locks held by kworker/u8:11/7518: [ 586.181344][ T31] #0: ffff88801b481148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 586.181372][ T31] #1: ffffc900041afd18 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 586.181398][ T31] #2: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 [ 586.181430][ T31] 4 locks held by kworker/0:6/8974: [ 586.181436][ T31] #0: ffff88801b478d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 586.181462][ T31] #1: ffffc9000cb57d18 ((work_completion)(&uhid->worker)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 586.181489][ T31] #2: ffff888030461a20 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0 [ 586.181518][ T31] #3: ffffffff8fe7f230 (minors_rwsem){+.+.}-{4:4}, at: hidraw_connect+0x75/0x440 [ 586.181550][ T31] 1 lock held by syz.2.1375/12621: [ 586.181555][ T31] #0: ffffffff8e3ace40 (console_lock){+.+.}-{0:0}, at: vt_ioctl+0x164b/0x2f50 [ 586.181582][ T31] 2 locks held by syz-executor/12642: [ 586.181588][ T31] #0: ffffffff90868640 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x113/0x2c0 [ 586.181618][ T31] #1: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x600/0x2000 [ 586.181646][ T31] 1 lock held by syz.1.1382/12931: [ 586.181652][ T31] #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230 [ 586.181680][ T31] 1 lock held by syz.1.1382/12932: [ 586.181685][ T31] #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x371/0xe90 [ 586.181713][ T31] 1 lock held by syz.4.1384/12979: [ 586.181719][ T31] #0: ffffffff903c9008 (rfcomm_ioctl_mutex){+.+.}-{4:4}, at: rfcomm_dev_ioctl+0x90a/0x1ca0 [ 586.181748][ T31] 1 lock held by syz.0.1385/12986: [ 586.181754][ T31] #0: ffffffff8f0b08e8 (vc_sel.lock){+.+.}-{4:4}, at: set_selection_kernel+0x34/0x14a0 [ 586.181786][ T31] 1 lock held by syz-executor/12993: [ 586.181792][ T31] #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 [ 586.181822][ T31] 1 lock held by syz-executor/13000: [ 586.181827][ T31] #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 [ 586.181855][ T31] 1 lock held by syz-executor/13007: [ 586.181861][ T31] #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 [ 586.181889][ T31] 1 lock held by syz-executor/13014: [ 586.181895][ T31] #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 [ 586.181922][ T31] 1 lock held by syz-executor/13021: [ 586.181928][ T31] #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 [ 586.181956][ T31] 1 lock held by syz-executor/13029: [ 586.181962][ T31] #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 [ 586.181990][ T31] 1 lock held by syz-executor/13037: [ 586.181996][ T31] #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 [ 586.182024][ T31] 1 lock held by syz-executor/13044: [ 586.182029][ T31] #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 [ 586.182057][ T31] 1 lock held by syz-executor/13051: [ 586.182063][ T31] #0: ffffffff9012ae68 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x30c/0x1540 [ 586.182091][ T31] [ 586.182094][ T31] ============================================= [ 586.182094][ T31] [ 586.182098][ T31] NMI backtrace for cpu 0 [ 586.182105][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 586.182117][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 586.182123][ T31] Call Trace: [ 586.182126][ T31] [ 586.182129][ T31] dump_stack_lvl+0x116/0x1f0 [ 586.182144][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 586.182155][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 586.182166][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 586.182178][ T31] watchdog+0xf70/0x12c0 [ 586.182191][ T31] ? __pfx_watchdog+0x10/0x10 [ 586.182200][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 586.182214][ T31] ? __kthread_parkme+0x19e/0x250 [ 586.182229][ T31] ? __pfx_watchdog+0x10/0x10 [ 586.182239][ T31] kthread+0x3c2/0x780 [ 586.182249][ T31] ? __pfx_kthread+0x10/0x10 [ 586.182258][ T31] ? __pfx_kthread+0x10/0x10 [ 586.182267][ T31] ? __pfx_kthread+0x10/0x10 [ 586.182276][ T31] ? __pfx_kthread+0x10/0x10 [ 586.182285][ T31] ? rcu_is_watching+0x12/0xc0 [ 586.182298][ T31] ? __pfx_kthread+0x10/0x10 [ 586.182308][ T31] ret_from_fork+0x45/0x80 [ 586.182318][ T31] ? __pfx_kthread+0x10/0x10 [ 586.182327][ T31] ret_from_fork_asm+0x1a/0x30 [ 586.182348][ T31] [ 586.182351][ T31] Sending NMI from CPU 0 to CPUs 1: [ 586.182380][ C1] NMI backtrace for cpu 1 [ 586.182389][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 586.182404][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 586.182411][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 586.182428][ C1] Code: 35 5d 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d b3 4a 17 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 586.182440][ C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c6 [ 586.182450][ C1] RAX: 000000000220a8e9 RBX: 0000000000000001 RCX: ffffffff8b72a419 [ 586.182459][ C1] RDX: 0000000000000000 RSI: ffffffff8dbef846 RDI: ffffffff8bf46540 [ 586.182466][ C1] RBP: ffffed1003b5a488 R08: 0000000000000001 R09: ffffed10170a65bd [ 586.182474][ C1] R10: ffff8880b8532deb R11: 0000000000000000 R12: 0000000000000001 [ 586.182482][ C1] R13: ffff88801dad2440 R14: ffffffff90864910 R15: 0000000000000000 [ 586.182490][ C1] FS: 0000000000000000(0000) GS:ffff888124ab2000(0000) knlGS:0000000000000000 [ 586.182503][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 586.182512][ C1] CR2: 00007f14d6f399e0 CR3: 000000000e180000 CR4: 00000000003526f0 [ 586.182520][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 586.182534][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 586.182542][ C1] Call Trace: [ 586.182546][ C1] [ 586.182550][ C1] default_idle+0x13/0x20 [ 586.182566][ C1] default_idle_call+0x6d/0xb0 [ 586.182583][ C1] do_idle+0x391/0x510 [ 586.182599][ C1] ? __pfx_do_idle+0x10/0x10 [ 586.182614][ C1] ? trace_sched_exit_tp+0x31/0x130 [ 586.182633][ C1] cpu_startup_entry+0x4f/0x60 [ 586.182648][ C1] start_secondary+0x21d/0x2b0 [ 586.182660][ C1] ? __pfx_start_secondary+0x10/0x10 [ 586.182674][ C1] common_startup_64+0x13e/0x148 [ 586.182694][ C1] [ 586.183365][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 586.183373][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 586.183386][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 586.183391][ T31] Call Trace: [ 586.183395][ T31] [ 586.183399][ T31] dump_stack_lvl+0x3d/0x1f0 [ 586.183413][ T31] panic+0x71c/0x800 [ 586.183424][ T31] ? __pfx_panic+0x10/0x10 [ 586.183432][ T31] ? __pfx__printk+0x10/0x10 [ 586.183441][ T31] ? ret_from_fork_asm+0x1a/0x30 [ 586.183458][ T31] ? nmi_backtrace_stall_check+0x6e/0x540 [ 586.183472][ T31] ? irq_work_queue+0xce/0x100 [ 586.183484][ T31] ? watchdog+0xdda/0x12c0 [ 586.183494][ T31] ? watchdog+0xdcd/0x12c0 [ 586.183506][ T31] watchdog+0xdeb/0x12c0 [ 586.183518][ T31] ? __pfx_watchdog+0x10/0x10 [ 586.183533][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 586.183554][ T31] ? __kthread_parkme+0x19e/0x250 [ 586.183576][ T31] ? __pfx_watchdog+0x10/0x10 [ 586.183586][ T31] kthread+0x3c2/0x780 [ 586.183597][ T31] ? __pfx_kthread+0x10/0x10 [ 586.183606][ T31] ? __pfx_kthread+0x10/0x10 [ 586.183616][ T31] ? __pfx_kthread+0x10/0x10 [ 586.183626][ T31] ? __pfx_kthread+0x10/0x10 [ 586.183636][ T31] ? rcu_is_watching+0x12/0xc0 [ 586.183649][ T31] ? __pfx_kthread+0x10/0x10 [ 586.183659][ T31] ret_from_fork+0x45/0x80 [ 586.183669][ T31] ? __pfx_kthread+0x10/0x10 [ 586.183680][ T31] ret_from_fork_asm+0x1a/0x30 [ 586.183703][ T31] [ 586.183895][ T31] Kernel Offset: disabled