last executing test programs: 11.136246019s ago: executing program 4 (id=68): fsopen(&(0x7f0000000000)='bpf\x00', 0x0) syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82000) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000001, 0x100010, r0, 0x8c0a7000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r4, &(0x7f0000000240)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x803}, 0xe) r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581f6b8"], 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r5, 0x400448c8, &(0x7f0000000340)={r4, r4, 0x1, 0x0, 0x0, 0xb, 0x64, 0x0, 0xfff9, 0x10, 0x2, 0x8, 'syz0\x00'}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x13, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r10, @ANYBLOB="25003300d0000000080211000001080211000000deae25992dae7f1c505050505050000003010000"], 0x44}}, 0x4004090) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) 9.68658397s ago: executing program 3 (id=72): syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="1201000047ff4f40d3131132677a010203010902120001760fb30f09040001"], 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) io_setup(0x3, &(0x7f0000000180)) ptrace(0x8, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001300)={{r1, 0xffffffffffffffff}, &(0x7f0000000400), &(0x7f00000003c0)='%pK \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000900)={r2}, 0x4) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x2, r1}, 0x38) socket$nl_sock_diag(0x10, 0x3, 0x4) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000580)=[{0x0}], 0x1}, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000008300), r3) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r5) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r3, &(0x7f0000008440)={0x0, 0x0, &(0x7f0000008400)={&(0x7f0000008340)={0x4c, r4, 0x9, 0x70bd2c, 0x25dfcbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={0xffffffffffffffff, 0x0}, 0x20) 9.074801818s ago: executing program 1 (id=74): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071111f00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000630122000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000280)={0x3c, r1, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "fc1efec006"}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac08}, @NL80211_KEY_IDX={0x5, 0x2, 0x1}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4014}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x22, 0x301, 0x270bd24, 0x25dfdbfd, {0x1}}, 0x14}}, 0x0) 8.921392356s ago: executing program 1 (id=76): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) memfd_create(&(0x7f0000000000)='&*/@:){\x01', 0x2) 8.005167391s ago: executing program 4 (id=80): r0 = ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000000)={0x1, 0x4, [{0xffffffffffffffff, 0x0, 0x2000, 0xfffffffffffff000}, {0xffffffffffffffff, 0x0, 0x0, 0xfffff000}, {0xffffffffffffffff, 0x0, 0x100000000, 0x1efef000}, {0xffffffffffffffff, 0x0, 0x1000000005800, 0x2000}]}) (async) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) sendfile(r0, r1, &(0x7f0000000140)=0x7, 0x7) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x419, 0x600, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) (async) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f00000027c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000002800)={0x20, r4, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x4000) (async) syz_usb_control_io$hid(r2, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, 0x0, 0x48) (async) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0) (async, rerun: 64) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) (rerun: 64) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async) syz_usb_control_io$hid(r2, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x2, "0f580fe0"}]}}, 0x0}, 0x0) 7.92419821s ago: executing program 0 (id=81): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010000304220000000000000000000400", @ANYRES32=r1, @ANYBLOB="e0d8010004a701001c00128009000100626f6e64000000000c000280050001"], 0x3c}, 0x1, 0x0, 0x0, 0x11}, 0x4000044) 7.835972292s ago: executing program 4 (id=82): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) r1 = syz_socket_connect_nvme_tcp() r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="4000000000100000000089759300000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x69) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r2}, &(0x7f0000000500), &(0x7f0000000200)}, 0x20) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r1, 0x8010661b, &(0x7f0000000000)) socket$key(0xf, 0x3, 0x2) r4 = timerfd_create(0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000e50000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300001e334185850000007300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc240, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) timerfd_settime(r4, 0x3, &(0x7f0000000200)={{}, {0x77359400}}, 0x0) clock_adjtime(0x0, &(0x7f0000000040)={0xd58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x732}) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r6, 0x5201) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) r9 = dup(r8) ioctl$USBDEVFS_CONTROL(r9, 0xc0185500, &(0x7f0000000080)={0x0, 0x1, 0x1, 0x4002, 0x0, 0x5, 0x0}) ioctl$RFKILL_IOCTL_NOINPUT(r6, 0x5201) ioctl$TFD_IOC_SET_TICKS(r4, 0x40085400, &(0x7f0000000000)=0x10001) r10 = socket$inet_udp(0x2, 0x2, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f0000000100)=ANY=[@ANYBLOB="120100000000e30a00000000000001020301090aca00dff03d9275a81be503130070000904000000010100000a24010800000201a88724060000030800000000000000240803960c03112d9cd2ce0c08240605060201000009240300030000004d4300000000000067822c09147da8c48f17e187ed67faeb7c49f375db80ccdec8cd288ac95f4b3ac18a5dbeb992f9d2480e27ace09e011762814f0f2b961f3ed9394ad794f8b268fa0584f63bd2f79d47d6070fd71aa57534eb6ae3f29229b3fce03f8601b9fe984289da3b0143d9e94efd6df59fc1dfdc", @ANYRES64=r0, @ANYRES8=r10], 0x0) 7.685108614s ago: executing program 0 (id=83): r0 = open$dir(0x0, 0x0, 0x8c) faccessat2(r0, &(0x7f00000000c0)='./file1\x00', 0x7, 0x300) syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x13) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x3, 0x204, 0x3, 0x101}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[r2, r1, r1], &(0x7f0000000340), 0x10, 0xfffffffb, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) rt_sigprocmask(0x0, &(0x7f0000000480)={[0x8000]}, &(0x7f00000004c0), 0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185647, &(0x7f0000000100)={0x980000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90b, 0x8000000, '\x00', @p_u16=0x0}}) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="03000000520001002abd708200ffffff0afe", @ANYRES32=r4, @ANYBLOB="d60611a1c4743ea9340d4560d5f6d0a22ec6ba7529afc990c00ffe438ccd8b0b2931dacb1981a2fa7cda308adea20f3890668e5c2c2100"], 0x1c}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000080)='bbr\x00', 0x4) bind$inet(r7, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r7, 0x0, 0x0, 0x200007bd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000280)=0x4) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 7.684751232s ago: executing program 1 (id=84): r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) read$FUSE(r0, 0x0, 0x0) prctl$PR_GET_FPEMU(0x9, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, 0x0, 0x0) preadv(r1, 0x0, 0x0, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) openat$full(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB, @ANYRES8=r3], 0x3c}}, 0x0) syz_usb_connect(0x1, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a86200000904000002ca744d07090503020000ff99090805848f"], &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x50, r2, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x2}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x774f5b5b}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xb1c}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x362}], @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0xbb}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0xd}]}, 0x50}, 0x1, 0x0, 0x0, 0x40d1}, 0x20004000) 6.71359434s ago: executing program 0 (id=85): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000700)=ANY=[]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x4001, 0x3, 0x2b8, 0x0, 0x37f, 0x148, 0x0, 0x148, 0x220, 0x240, 0x240, 0x220, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr=0x64010101, @rand_addr=0x64010101, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x6}, 0x0, 0xe8, 0x150, 0x0, {}, [@common=@inet=@ecn={{0x28}, {0x10}}, @common=@inet=@multiport={{0x50}, {0x40, 0x0, [0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e21]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x14, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @local, 0x3, 0x0, [0x6, 0x25, 0xd, 0x13, 0x39, 0x3f, 0x38, 0x8, 0x3b, 0x5, 0x15, 0x8, 0x4, 0x20, 0x13, 0x3], 0x1, 0x8, 0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318) shutdown(0xffffffffffffffff, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f00000003c0)={0x3, {{0x2, 0x4e23, @remote}}}, 0x88) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f0000000080)=[{&(0x7f0000000340)="480000001400190d09034beafd0d36020a841a000000230f00000000a2bc5603ca00000f7f89004e00200000000101ff00c00e03000200000000000000000300005839c900910000", 0x48}], 0x1) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={0x0, 0x2}, 0x8) 5.623499295s ago: executing program 3 (id=88): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000002080)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x3}) 5.493183259s ago: executing program 3 (id=90): r0 = syz_open_dev$loop(&(0x7f0000000040), 0x3, 0xaf00) r1 = memfd_create(&(0x7f0000000080)='(,,&\x00', 0x7) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='stat\x00') preadv(r2, &(0x7f00000004c0)=[{&(0x7f0000000a80)=""/196, 0xc4}], 0x1, 0x4fe, 0x0) syz_emit_ethernet(0x56, &(0x7f0000000340)={@broadcast, @dev, @void, {@ipv6={0x86dd, @tipc_packet={0x4, 0x6, "d6e87e", 0x20, 0x6, 0x1, @loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], @payload_direct={{{{0x20, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x2, 0x101, 0x0, 0x1, 0x5, 0x7, 0x3, 0xd1f, 0xa, 0xfffffffe, 0x4e21, 0x4e21}, 0x1, 0x3}}}}}}}}, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001400), 0x40801, 0x0) syz_open_dev$loop(&(0x7f0000000000), 0x6, 0x240201) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f00000001c0)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd308", 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) open(0x0, 0x143042, 0xe2) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r4, 0x6, &(0x7f0000000000)={0x1}) fcntl$lock(r4, 0x26, &(0x7f0000000080)) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r3) 5.0824509s ago: executing program 1 (id=91): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x22, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000fa00ffffffff18110000a4b136f3117f0c4617957555403b204373720b1edb323da7d3b0fd658ec423464c5090e412b15443a51345ac46682855f4767ec15f90a740c74f302da3f81d190e8ba6f24b02b12c382b184516fbfa87b1cbe597e415224a3735f4c19683b7e84b7579566207412237f1b1dd54d6ff13dd750fd0cc", @ANYRES32=r1, @ANYRESHEX=r2, @ANYRES32=r1, @ANYRESDEC=r2, @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x5a, &(0x7f0000000340)=""/90, 0x41100, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000400)={0x1, 0x5, 0x200, 0x6}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000180)=[{0x1, 0x2, 0xf, 0x8}, {0x2, 0x5, 0xa, 0x4}, {0x2, 0x2, 0x6}, {0x3, 0x5, 0x6, 0x1}], 0x10, 0x3, @void, @value}, 0x94) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES64=r2, @ANYRESDEC=r3, @ANYRESDEC=r0, @ANYRESOCT=r0, @ANYBLOB="be957c034dc697e4ee34eaf0c8ab1093ec7b1c8df0", @ANYRES32=r1], 0x20) mkdir(0x0, 0x0) getpeername$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000000c0)=0x14) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r4, 0x1, 0x25, &(0x7f00000000c0)=0xffff, 0x4) syz_usb_connect(0x6, 0x24, &(0x7f0000000080)=ANY=[], 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000ea2e00000000000000"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x5, &(0x7f0000000100)) ioprio_set$pid(0x3, 0x0, 0x0) creat(&(0x7f0000000240)='./file1\x00', 0xd) acct(&(0x7f0000000080)='./file1\x00') acct(0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x23ac00) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) timerfd_create(0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 5.05777108s ago: executing program 2 (id=92): r0 = open$dir(0x0, 0x0, 0x8c) faccessat2(r0, &(0x7f00000000c0)='./file1\x00', 0x7, 0x300) syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x13) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x3, 0x204, 0x3, 0x101}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[r2, r1, r1], &(0x7f0000000340), 0x10, 0xfffffffb, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) rt_sigprocmask(0x0, &(0x7f0000000480)={[0x8000]}, &(0x7f00000004c0), 0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="03000000520001002abd708200ffffff0afe", @ANYRES32=r4, @ANYBLOB="d60611a1c4743ea9340d4560d5f6d0a22ec6ba7529afc990c00ffe438ccd8b0b2931dacb1981a2fa7cda308adea20f3890668e5c2c2100"], 0x1c}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000080)='bbr\x00', 0x4) bind$inet(r7, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r7, 0x0, 0x0, 0x200007bd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000280)=0x4) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 3.978718178s ago: executing program 2 (id=93): openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x0, &(0x7f0000000100)}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000017c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aec110000060a0104000000000000000002000000c0110480bc1101800e000100696d6d656469617465000000a81102809c1102801600010058bc49c1118ce47114ee8a595eb997d63b060000e50001002ed05f89378c372e455861188104371f6ea53a13c046a60332c7878365eb78c59db9cea8c89d803309bc923e8bfeeb99bbad6b8f193acc0799386e256c4c1e1a85c965d3586824b09b7da33858b8fb1e98930debac3d6ee04f367a9f8dcf183e65417632108b40ee1017f581b26b8164ed7bde2ec62e33955e70413cd899aea54508a4eb3d5865d7e75c505aa08ed2657fb4b18106eaffe21a729be8253d4699cacf6e28dbbfb76f4030fd114694e980882d31919d6e6ca41ad8250858d038a4613521f07af39ca66ba5c768d62bc293ca2450c28b700d7c3232a81718188e8af2000000440002800900020073797a32000000000900020073797a320000000008000340000000040900020073797a31000000000900020073797a320000000008000340000000011800028008000340000000030900020073797a3000000000041001006f74361198f068c4254115fcde207e9cdc7a55e8cf66baf2fb77ce60e19863d2d10d0f9384e4d98bc013f2922876b13027f1eb28a73f0ce65058f639ffbc03f50c73a0a4225c15867fd4a3d43cfe8d8d157091b89ca097ea52fb61dffd09677674101c9cae2fd26ad3bef365cda7fba7c218e7fe1f7c5b8a19b7c337c3e157fc24642ff9ccb76ee1ff88cb03c4c4d0a3e26decbe86f1f1e0dae5ceb8c8af9081cfee19e2b585ff064b0830b2d2e8097d6b8656a3a6fe45902fedbf354d1667d4d6e6692b80375c4b99e3dc7d3e578b6b6e2155214d489a7ead2f01f02be8eaa240915898cc039ebcba5b08b60235572549bb8d1362501a39f15a4c423a7a898a0a2e8a409a9703f8958d7b23d666edf0279e467814c9f42609d0d327549a693fae695fc7fcbdf11351b50ea49be8c3447622f5f1c2544363c24d4a20d880d7c9b22b280a974d7920a796fef96cc644865bf8ec6541dc2abd4f1c55d6def991cc18145c2a74490b26048cc8697835788de3c02f36227795a6c33ce2a4014a4b34007a140696b38947375625a387f95bf789f47d6e5e0e2da0f18bc8b914dcba51554eee51ab01d01fa70918641638f1cc59689cbe28bd2aeb43a46e079a2e39641dfa59bb225bafc69719eda14fc0b24ff9142d03f650a68426589a4bbe6f559db2020bd6aa7a7a2b1c1b9ba50a030df3fa10cafcf902248e37aef7af21a8fcbffb747e20de86a0dcc46167c9746c22a0a322bc153343f81d26764633582710127c7451602576f21d10a8c9701af81c6c4e1e1c1f647be5b02807406bc8267ff2ca3ebb3a7016123ec9a289783eb8cbd5740a44d8228d7a7760532b3fc992c5b3fa91098456aaa04fff641833f65c966e476efc2b912e3c079ed2eda902db084a9bf254b41afc0256bab5cf0b1ab27b7225eba3bb45a39ada9f2d9025608bef686b2a999fca7494ad75945f05b7a169cfc1e7078af143ec221b09e8166d7eaf65dd76054aeefb28fda937093baf96d5fc7d05f978387de5c87e5b51b082a7bdd7b4290df9bb6431a50cf25b5f108e12380a9fc092c79b5b5511ead464559a84dce114f37f82f90870976761c9982b2568465117251f2317cfc98496b5e0db41f9870d4e3d4c8f8e920003f3858be3927e34d1969ea8c0f59f4c1198f559049a5cfda7b7e82203379f0b30bd42a01f4bc8ae57521e8a8a4f039816e4c4f3c843d503ff4bdf7026860f05dc7701a6b782ec52410a1e4e4bd0aa20d28b6dce609c45d7a635f8e982418dbdac778991c5207e6c91e417095e60c5a305d6a78cf17b2d9e4ef63a08bfc341719e26fceba4114a605790db7cf532e4c9ca6b3eff496e81e31e127bd4fd6af0aee472614ce60c93260dac28c284a2eb398cdc0a85fbcad676910c8f2cc2c51d1fa4fed8a9de9f47cb31976c08e8052330d5ab6f3bcadf6887f9f06c9397bb035e2a4eea9d4767de457ed31b3dace54c14056ffcf7d29043639f0d3a80cfeaafe8b625e675932b3a0eb510448df313b5ea9a4eb1f4e080448040a7401922eb11bbe8b7a2f866f8956cc7a4b0eb47916e4e02e0dfeb9ddf473d2c7830a52b66146400e058311668e7f8bf147f236843ad854c10cf28b6cafe61a3a130944068e153ea43a665ebcceb63f3c69973ce336a95fd183fb011b7eabd28cc542d1b9d29672d7e156057c7f038e32718c8833624959cdef08eb0580cdc69dce6851c453148e2fe619b95b7b6efdf49a4a9100508c39c8d743d5430a8867bc1c725c5da5ca10998f7bd016eefc1194d5133c69c644aafc95f6399460b7165d162e09c957bb890da6311a499a1508e83e2af7fbad70c4640bc684dad44544bc9c21766a98f831e411f92cdce0d495c1845b86697680a3967a88e326adf631bafcba9bf9820a746f95f4007188be341d26fdc7477fcfc8f4c0d3d7d43daaa604726aaf3b729d5b0cb780b1106259855529854bcfa3098fbb5c034720ff0f446fd610eb1fb43b079d19bb3bb34fecff74249f089e0b4f3ebdf9daaff47ca921adce89cab6e3e9a5240b95ffbd965420f4657df7c1e36404bf271dda42dcaf083c2973f4f923b010d9e84a7109daa4de6882a3156c76504d44fcdc137da8f5c24d73226eb9ec2b53a261f3a5dd39d396a92ca25858b7e6277b024e8392f0d3eb7545510f7080e0371abb50475e3a76201404d5713805f4523cfd9ac80267cbf630a58e01a7069bb7ea88ca275e0d45101738c46b951e31c6028c71a5ca3449e55ec44077d83b60d081211872e793610fb87b7b4afe3c9f553b635291f6f9f84d4ae65079878d6264a090000005c88597d7c85d2903fcb2f45acc34a9b5569c4a68fd3673e6be3e7bee12b535fad1da5058b8a542267e6deff2bc57b3300b53f77385c6cdb9b9b9caa8ed803a395b49236cbc8302e19bc417b322b563e421792bb3feb824690833620a42387468b268a0402e50082fd188711dcc73a710eff4eef161c6b99371a4f487ab5b88d233e8322be4b01595533c0cd7ad630f14890c505bfbfe5c2aff2abe08c117cb02967f065d01dd9471b9eaae1613a665c82c0113fe8c5699d45c94144846a6f6436155b0907b469e522330549f3e5e1d21d664f13c898512116f2edb457e6c8894c655eeca71f0ba4e2ce66d66876aacd39eb9be15d68544a2a9b5acfb6c8d9c2c0c02e08b65ee5c16f841c6706e23702e8b1d3234093eb7c1fc3e970643e9118a99ec5dcec473affa7751c4e67705ebe3e113954d1344aed430e2dd85e6bcc94bfe4f711e714d0e4d8972be9b8cb55477d3f14d95d76bbe758ef6c0df33d3d5d64db6ce55394a77d76297fece0d8969736806c87661197fbc6ad9159ac8f826f70def6903807a64b4e2a062fe525b50058b558600b5bf66f98f0860087d9d20a578ba00b5c9e3c04f8ef3e9e5169b5a97b1aebb3fc0f6c6b831dab4965094a0306d0a6996a191b3103499d911146a24af3933a333b2e9f07a8d76d2c682d43b57056d1e2ddee1edc9f78699ed9401ff7978a1db342b81713b2e540128c6cec8e759beddb2eb57cd5aa70be2aa96349ff3f802339609678552a2b03c5f3a85817d63ab247af864c3d603b2312377e9b345d48f4b221f3c5beb5b57e2f60ee9ed8f44e0cc10c86e42db73861e30d888b3c3443b8a577eeac49baffe1a4d30d6fb2d0d7bd905f2f06fbb3873418d03ed992c62982fcb8bad213605ee76118343843b4dc85f812bb34fee1a5adbd1f28c38325af562feda5e341e7ead59407e9c84ab4eaec24283b8a102bd96bb82cde181521ea46e0f6dfe5cd882f0fe3c1d9b041cf051fee98fd9269840b2e8710a07b590254bfbdb5d5b3534b53911846cad4c58876b5f97e3c88f53a68a5e802981f8b46355c90a2c3b1cdcf4b59f6af55f0495e87f0edd01bff32b25dc6a14cf2c86f4e86dbd5a19853c19eecb4429519c77f159b892aedc97c9a883074f7aad57b757e264d7be000a8622f4df07af9ff08e79abc349bd22c98a78c1c8be7a50abcd7c390306a2a60d10ec9120818ace64a4cfc634b6f035db01ccdd766e8870a105863a4fafd234bac25be9df79957615783318c066e44f3b97a897dad4fd176f27654ee31572d5da9770d0e7d0c29ecbc82671cc13d43bd89bcd812d38e605c304689c9c4499ae323e3ff98e65ff6693b7cf08ed099749e5c5cf6071cf0bc5870e7c13c8d850030f858171664db179310ec38f9e5f8c55c21027d5282773dfcca2c7be1d6c15575ac20e6c0682cc2d4a37716e641b92fdec7aabc0ee9aa5f65ff6b634a3becfd3d8683505da62cab97f5cf3ff51f45efbcc9560a3c7dc6893763ba1350cec5598dd12572f65cdd24ed8aebcc4f082b69fedd47db99ebc9ba18f69f72b76f7653e9404a8ccc2e175391993173b06c5e20a6357b7e873cb27bf5e68acc209cac067cb2db47d19c5a91df22e69315eba98470880c61e2b02e17f296b4cb253e276209b16f2f08ac0d3d6f4fe7c561af3ddd118b60b06ff28a94b428f1c620c2392cf00643bbbab7a69bd00f011e47592379a0dfd76a34b1b79dcffc01a6738a895447b2bcbade693424f49b25c34634a040342fdafdc4d38303db16359c8e28d29ea89d09ec53e6896006467f166805fefde085d7f95179950adae9c4625dc6389814ab50d9cbf2ab830fa6cf718238d4ea8fa60b8e7ee5b7cd26f0f824ffb3d51ba31015a99c55c4915dfdeb30c9494d02e1830c8d17de5e764379d02128dfaaee1acbad93348f9b1fab61552762a53f91531bf2a7526e7a091c00e7b74e860df67367d46733cad1cb4275fc25564b8a7683163b0bbcc8462f0c55a00ce190cbaa2cd3b859515da92e20d9307100c01054fab03e8bbbef5218f9471277f5cbd99eae1f5473b8889f71df002554128fc696dc0cd41a22a23fb1ab2972a518447d6f25c69d7562cd0819f4532d8eace1cf7c"], 0x1214}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) fstat(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket(0x1f, 0x3, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) statx(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x0, 0x400, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0}) statx(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x400, 0x200, 0x0) socket$nl_route(0x10, 0x3, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000010002000000000002000100", @ANYRES32=r4, @ANYBLOB="02000300", @ANYRES32, @ANYBLOB="02", @ANYRES32=0xee00, @ANYBLOB="02", @ANYBLOB="0200", @ANYRES32=r6, @ANYBLOB="02000600", @ANYRES32=r7, @ANYBLOB="040005000000", @ANYRES32, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB, @ANYBLOB="eec0fe", @ANYRES32, @ANYBLOB="08000200", @ANYRES32=r8, @ANYBLOB="10000600000000002000000000000000"], 0x84, 0x3) 3.531279467s ago: executing program 4 (id=94): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_update={'update ', 'default', 0x20, 'trusted:', 'new '}, 0x1c, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x2068, &(0x7f00000001c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}, {0x2, 0x10, 0x5, 0x100003}]}) r1 = getpid() process_vm_readv(r1, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = epoll_create1(0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000300)={0xa0002002}) madvise(&(0x7f00006d2000/0x2000)=nil, 0x2000, 0xc) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_subtree(r4, &(0x7f0000000040), 0x2, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 3.530596536s ago: executing program 0 (id=95): setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1}) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc000ff}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f0000000180)={r4}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r5, 0x3, r3, 0x5}) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0xff, @rand_addr=' \x01\x00'}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9c) close(r1) r8 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r8, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd600000f500140600fc020000000000000000000000000001fe8000000000000000000000000000aa40004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="810000000000c7df"], 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x7d, 0x0, &(0x7f00000001c0)) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYRESHEX=0x0], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c00db5b686158bbcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) 3.500973769s ago: executing program 2 (id=96): r0 = open$dir(0x0, 0x0, 0x8c) faccessat2(r0, &(0x7f00000000c0)='./file1\x00', 0x7, 0x300) syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x101000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x13) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000540)={0x3, 0x204, 0x3, 0x101}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000240)=[r2, r1, r1], &(0x7f0000000340), 0x10, 0xfffffffb, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) rt_sigprocmask(0x0, &(0x7f0000000480)={[0x8000]}, &(0x7f00000004c0), 0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185647, &(0x7f0000000100)={0x980000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90b, 0x8000000, '\x00', @p_u16=0x0}}) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="03000000520001002abd708200ffffff0afe", @ANYRES32=r4, @ANYBLOB="d60611a1c4743ea9340d4560d5f6d0a22ec6ba7529afc990c00ffe438ccd8b0b2931dacb1981a2fa7cda308adea20f3890668e5c2c2100"], 0x1c}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000080)='bbr\x00', 0x4) bind$inet(r7, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r7, 0x0, 0x0, 0x200007bd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000280)=0x4) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 3.221381576s ago: executing program 3 (id=97): r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1f"], 0x118) ftruncate(r3, 0x5) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2) 3.210782438s ago: executing program 1 (id=98): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r3}, 0x10) sendmsg$nl_route_sched(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@delqdisc={0x4c, 0x25, 0x2, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xfff2}, {0xfffe, 0x10}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x5}, @TCA_RATE={0x6, 0x5, {0x8, 0x6}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x80000001}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xbfd}, @TCA_RATE={0x6, 0x5, {0xfd, 0x2}}]}, 0x4c}}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/37, @ANYRESOCT=r2], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x5, &(0x7f0000000100)=ANY=[], 0x0, 0x40000a, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000a00)={0x3, 0x0, [{0x518056eeefc34830, 0x1000, &(0x7f0000003880)=""/4096}, {0x8080000, 0x91, &(0x7f0000000740)=""/145}, {0xffff1000, 0xb8, &(0x7f00000008c0)=""/184}]}) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001500)=ANY=[], 0x1c}}, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r5, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000005c0)=""/66, 0x0, &(0x7f0000002840)=""/4101}) ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) 2.359202173s ago: executing program 2 (id=99): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000001600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000040002850000008600"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_init_net_socket$netrom(0x6, 0x5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x10) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c40)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = syz_open_procfs(0x0, &(0x7f0000000580)='mountinfo\x00') epoll_create1(0x0) r3 = io_uring_setup(0x203c, &(0x7f00000000c0)={0x0, 0xd4b5, 0x2, 0x3}) r4 = syz_io_uring_setup(0x6f7f, &(0x7f00000003c0)={0x0, 0xf92c, 0x10100, 0x2, 0x1df, 0x0, r2}, &(0x7f0000000300)=0x0, &(0x7f0000000040)=0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_queued\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0xb, 0x0, {0x0, 0x0, r3}}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)) write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r4, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 2.358922762s ago: executing program 3 (id=100): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x12, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="560a00000000000079111000000000001800"/31], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) unshare(0x60020c80) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, 0x0, 0x810) syz_emit_ethernet(0x3e, &(0x7f0000000640)={@multicast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @dev}}}}}}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r6}, 0x0, &(0x7f0000000640)=r5}, 0x20) sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000000214010028bd7000fddbdf250900020073797a3100000000080001000000000008004400", @ANYRES32, @ANYBLOB="050054000100b2ac08000100000000000900020073"], 0x48}, 0x1, 0x0, 0x0, 0x4000801}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x7, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(r7, 0x0, 0x8090) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000180)=0x810001, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x8a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 2.221582279s ago: executing program 3 (id=101): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000b80)={0x44, &(0x7f0000000980)={0x60, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') writev(r1, &(0x7f0000000340)=[{&(0x7f0000000280)='0', 0x1}, {&(0x7f0000000500)="354f80", 0x3}], 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'batadv_slave_1\x00', 0x0}) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000900)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x6, '\x00', r2, r4, 0x2, 0x2, 0x1, 0x0, @void, @value, @void, @value}, 0x50) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000b00)={0x14, &(0x7f00000009c0)={0x0, 0x8, 0x22, {0x22, 0x22, "b133d6cbd013a5d6231b51e9778a71d05cf21830156e4144ee2f8925f9e3c573"}}, &(0x7f0000000a00)={0x0, 0x3, 0xf8, @string={0xf8, 0x3, "779e1778ce4a51cb085c82f245174ec1bfcc431f1a3af9b92a010075e63033d2440928be91c896b3bf26d11dba0d037e8d6d26a7224235ec7e010830f57f56c4ebe38d27f79dc70376427d249ef9c554ce8e0f58f3e8f228b1d606a23b99253285faea6eb5e1f3b2610f47fab6f078adc533262fa58890f2bc199907c23fc4ef42526d056cb59c71326adbd072d47b316b1589ab960628efd6cef329fad6f5c47093765f78615a1d1ade77191d569d5cd9b667640725ced49f356b524b0297d5cb393916b220f778854582ba7672a97782af994492b59a965c89d37dc30753936214b022bbda649dc3babc91a7bdcb5b93ce9651a4af"}}}, &(0x7f0000000dc0)={0x44, &(0x7f0000000b40)={0x0, 0x17, 0xb, "36de1423e63c6d8a342a28"}, &(0x7f0000000c00)={0x0, 0xa, 0x1}, &(0x7f0000000c40)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000c80)={0x20, 0x81, 0x2, 'e%'}, &(0x7f0000000cc0)={0x20, 0x82, 0x3, "b7eeef"}, &(0x7f0000000d00)={0x20, 0x83, 0x1, "84"}, &(0x7f0000000d40)={0x20, 0x84, 0x1, "bb"}, &(0x7f0000000d80)={0x20, 0x85, 0x3, "9c3e54"}}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r5 = syz_usb_connect$uac1(0x4, 0xbe, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xac, 0x3, 0x1, 0x8, 0x10, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x5, 0x6f}, [@extension_unit={0x9, 0x24, 0x8, 0x6, 0x1, 0xd, "f9fa"}, @mixer_unit={0x7, 0x24, 0x4, 0x2, 0x4, "e3ea"}, @processing_unit={0x9, 0x24, 0x7, 0x2, 0x5, 0x6, "e3a0"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x8, 0x4, 0x40, "ec90"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x7, 0x4, 0x7, 0x7f, "0f707946f7bfb70c4f"}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x3, 0x4, 0x5, {0x7, 0x25, 0x1, 0x3, 0x33, 0xb}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x8, 0xfffb}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x5, 0x4, 0x9, "56c30ff4f0c9"}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x1, 0x5, 0x5, {0x7, 0x25, 0x1, 0x82, 0x1, 0xa}}}}}}}]}}, &(0x7f0000000140)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0x81, 0x6, 0x0, 0x40, 0x8}, 0x11e, &(0x7f0000000200)={0x5, 0xf, 0x11e, 0x3, [@generic={0x102, 0x10, 0x79714c8299534d91, "40db86ea87c17631edbdc8580bce4513e6169a12759589397605c226440c19920be66efce57785256d0ac8ead39491eaa697395ba8a95730981437f0bcf8fde39c883019c0027d600371f9db074da466f547dd96524deb03debc2465691da2d950359f90456b677597498d0df3dc423722d9f9399b087a11d4519200a94760554b8bf0a6899eec825bf838be22465a6720165d614ac439ca8442454bba34b35084cc0a9b9405eaf7bcccf3b04ecfd32ec5a9ada81c44ceca545695f4e9bc7f604c94519f1d5690c0d2ab16343443166a0d0bf3bd42c73763836faf4172dfda6ca0c623c140cfa5181c0250ae9e75d721c3e2b505c4d47523d177002f74167c"}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "b3218c9dc9ec3704e907dc15b5f4187b"}, @ptm_cap={0x3}]}, 0x1, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x100a}}]}) syz_usb_control_io$uac1(r5, &(0x7f0000000440)={0x14, &(0x7f0000000340)={0x40, 0x1, 0xe4, {0xe4, 0x24, "14b1a6e605ee0ff21ed5ef79b4a208dc41a5f94c49b7995fa812e3f1f7f0da9d48b022facd5b8005887c7ccd434ae0340e036c9bd8b8c5d96b2fac509f8ef7c20133554e08f14cf3396ee3a6b92d6d8410d230e2869668ab77904b98efb11a537d9219695f6c1eceb485c42092025ad223c4f99384bd29439976454423cacac4ca52a1542bb65bdbcd7f750141b0adb433bbaeaa8628d1fe2d2121013c7b22bd20dbe1451717677a73c6a5b260685d907d4a38b238bcedd35bd6f1730a85f311b4811bd519c41d99da334647c42dbec2fb08dd1815d0b1958c38cc48532391761f31"}}, &(0x7f0000000180)={0x0, 0x3, 0x29, @string={0x29, 0x3, "3f0c9c2c1cba814a3311a393a80973a0486a512c8fd84fd076c8449965bfd5b14117e24e736cca"}}}, &(0x7f0000000840)={0x44, &(0x7f0000000600)={0x20, 0x17, 0xd6, "ebc689316285326301b231601ccf20547731d276c4250a2653e78a24d91056c28fb359e5f2aaa38da511de7aec1e78483e5c86fdf3a778b87abc12b936c6cdffce4c5067c92cba2a617a9ace58686f8d2f3578e233137f0f7a6cd065fad602292b15dae0f12571b0fc7240e28eadb6181f9459695b0935ba16ec754469cfaac1ad231ba9e64f3b36bf7fd8bbd1a77482774dc76cc947bfc763a01050269cba210dd376c5bfdb418402377a02398d908942f7d6908fa6ba6b1391e5b7cde7aa07750d6edb67de40d6a76d6c65a57e48b72c95e7753193"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000540)={0x20, 0x81, 0x1, '\a'}, &(0x7f0000000700)={0x20, 0x82, 0x2, '+y'}, &(0x7f0000000740)={0x20, 0x83, 0x2, "2c99"}, &(0x7f0000000780)={0x20, 0x84, 0x2, "b698"}, &(0x7f0000000800)={0x20, 0x85, 0x3, "2660e0"}}) syz_usb_control_io$printer(r0, &(0x7f0000000f00)={0x14, &(0x7f0000000e40)={0x20, 0x8, 0x43, {0x43, 0x23, "42479b166c804c3085e52691a79fa1ceac9e8eacd4b64de116ede142f4dca7f713c7a4fa41bb293c4da6ac19746f0c73fe60df4dbf0a101882b99037281a487ec8"}}, &(0x7f0000000ec0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x43e}}}, &(0x7f00000011c0)={0x34, &(0x7f0000000f40)={0x20, 0xf, 0xfe, "ce6048472c59e973df1e31e93dab85c452af80048687eb01b6eb9dbcf6d8ff8b44d99b60d0358a683cc36e4a0e0740e102ededffd705ff16e760af7db03af8b785fcce5f87e7d61c297c79763ed7c9f04d2f7bb1df9b179868d6ba0a20bf8928386fad243586b2deb26fc50dba6827fa5eb950abcd381a924b4b8a9ba0df40c6c07895a066aa2c9350fb23c85d43972a60265b6f8b868e9112f7881713c9c5ef8e53170d19225e68f400db63107740d73a42d77c91905b1e1369d5c7714aa31d08b2989af245b169b0c1d99b88d7a08e21bbe781b35bf6090186a53dabd2ed7618fbc92dbbdb13d3c096b241607c61e87eb48a67dd6d9d1e5e20b80f823e"}, &(0x7f0000001080)={0x0, 0xa, 0x1, 0xa}, &(0x7f00000010c0)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000001100)={0x20, 0x0, 0x1a, {0x18, "46649109fa6e7ab253d4e29400259b9fbbccbe089ff9b24c"}}, &(0x7f0000001140)={0x20, 0x1, 0x1, 0x79}, &(0x7f0000001180)={0x20, 0x0, 0x1, 0xf}}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.115632917s ago: executing program 2 (id=102): pipe2(&(0x7f0000000040), 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x10}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="340000002e00030500000000000000002000"], 0x34}], 0x1}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x400000000000077, 0x761c) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0xfffffffffffffe9f, r0}, './file1\x00'}) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000340)) 1.581141509s ago: executing program 4 (id=103): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) bind(r0, &(0x7f0000000140)=@ax25={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2006}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @bcast, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x80) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0f00000004000000040000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00'/28], 0x48) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x4}) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x800448d3, &(0x7f0000002440)="3859c14664") bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000340)=0x1, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000006000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x4810}, 0x0) 1.408062205s ago: executing program 2 (id=104): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_mptcp_buf(r1, 0x11c, 0x2, &(0x7f00000000c0)=""/63, &(0x7f0000000100)=0x14) syz_open_dev$evdev(&(0x7f0000000200), 0xe26, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x11, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b040000000000000000020000004c000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c5920800024000000002140001800b0001006c6f6f6b75700000040002800900010073797a30000000000900020073797a32"], 0x1ec}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r2, @ANYRES32=r2], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000001c0)=r0, 0x4) syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="1201e9cf030104000000a35f099700"/26], 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r4}, 0x10) socketpair(0xa, 0x1, 0x0, &(0x7f0000000000)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000007600110d0000000000000000030000000000000008000500c355d6ba"], 0x20}, 0x1, 0x0, 0x0, 0x4000080}, 0x20048840) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1803000000000000000000009f000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='tlb_flush\x00', r6}, 0x10) 1.157207049s ago: executing program 1 (id=105): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000700)=ANY=[]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x4001, 0x3, 0x2b8, 0x0, 0x37f, 0x148, 0x0, 0x148, 0x220, 0x240, 0x240, 0x220, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr=0x64010101, @rand_addr=0x64010101, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x6}, 0x0, 0xe8, 0x150, 0x0, {}, [@common=@inet=@ecn={{0x28}, {0x10}}, @common=@inet=@multiport={{0x50}, {0x40, 0x0, [0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e21]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x14, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @local, 0x3, 0x0, [0x6, 0x25, 0xd, 0x13, 0x39, 0x3f, 0x38, 0x8, 0x3b, 0x5, 0x15, 0x8, 0x4, 0x20, 0x13, 0x3], 0x1, 0x8, 0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318) shutdown(0xffffffffffffffff, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f00000003c0)={0x3, {{0x2, 0x4e23, @remote}}}, 0x88) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f0000000080)=[{&(0x7f0000000340)="480000001400190d09034beafd0d36020a841a000000230f00000000a2bc5603ca00000f7f89004e00200000000101ff00c00e03000200000000000000000300005839c900910000", 0x48}], 0x1) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={0x0, 0x2}, 0x8) 1.012749673s ago: executing program 4 (id=106): r0 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="e00000001000090500c63703b60000000000d00008004300ff030000a90000002b0e13e735a3184f123d6da2f1acfac0ee2dd2b184b27d08000000337c0004000000000000bf852c8986626691b01b5f44e4ce28715f2828", @ANYBLOB="e7a762aba6549a41761b31fcef7733c40d25fb66cbd25860bfe66101d032571bdb16e277bc01cb279d11d95bcf844c7e80fbeb9d19f78203"], 0xe0}], 0x1}, 0x0) r1 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000001340)=@hci={0x1f, 0xd00, 0xe}, 0x80, &(0x7f0000000940)=[{&(0x7f00000006c0)='b', 0x1}], 0x1}, 0x0) r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2) r4 = socket$inet(0x2, 0x1, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r6 = syz_usbip_server_init(0x4) syz_usb_connect(0x1, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c00712152230000000010902"], 0x0) write$usbip_server(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="000000030000000100000000000000010000000400000fff000000000000003400000003000000030000000000000000000000010000008600000076d478e58302ead0b63d0b2f43d21102000059610000001e072533"], 0x60) mount$9p_fd(0x0, &(0x7f0000000340)='.\x00', &(0x7f0000000400), 0x6, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r4}}) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x2}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) connect$unix(r2, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e) 385.187726ms ago: executing program 0 (id=107): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x40040) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r2) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000f80)=ANY=[@ANYBLOB="30010000", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088004010c8004000b801c000b8008000a00c193"], 0x130}}, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000200)={r4, r5, r6, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r7, r6, 0x3, 0x0, 0x3, 0x800, {0x1, 0x1, 0x3, 0x1030, 0x200, 0x2, 0x2, 0x5, 0x4cab, 0xe154, 0x1000, 0x1, 0xff, 0xf9, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}}) socket$inet(0x2, 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) syz_open_dev$swradio(&(0x7f00000019c0), 0x1, 0x2) r8 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x2, 0x0) read$FUSE(r8, 0x0, 0x0) openat$cgroup_ro(r8, &(0x7f0000000180)='blkio.bfq.time\x00', 0x275a, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, 0x0) open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) sched_getattr(0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xc, 0xfffffffffffffffe}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) unshare(0x62040200) 0s ago: executing program 0 (id=108): socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat$autofs(0xffffffffffffff9c, &(0x7f0000001100), 0x8001, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) gettid() timer_settime(0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(0xffffffffffffffff, 0x0, 0xb) splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0x1000, 0x0) splice(0xffffffffffffffff, 0x0, r5, 0x0, 0x80, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={0xffffffffffffffff}, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, r6}}, 0x30) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='befs\x00', 0x109, 0x0) (fail_nth: 2) ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000080)={@host}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.20' (ED25519) to the list of known hosts. [ 50.588802][ T29] audit: type=1400 audit(1733481129.004:88): avc: denied { mounton } for pid=5803 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 50.593044][ T5803] cgroup: Unknown subsys name 'net' [ 50.616813][ T29] audit: type=1400 audit(1733481129.004:89): avc: denied { mount } for pid=5803 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 50.641002][ T29] audit: type=1400 audit(1733481129.064:90): avc: denied { unmount } for pid=5803 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 50.814749][ T5803] cgroup: Unknown subsys name 'cpuset' [ 50.823503][ T5803] cgroup: Unknown subsys name 'rlimit' [ 50.945016][ T29] audit: type=1400 audit(1733481129.364:91): avc: denied { setattr } for pid=5803 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 50.968880][ T29] audit: type=1400 audit(1733481129.364:92): avc: denied { create } for pid=5803 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 50.992997][ T29] audit: type=1400 audit(1733481129.364:93): avc: denied { write } for pid=5803 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 51.014189][ T29] audit: type=1400 audit(1733481129.364:94): avc: denied { read } for pid=5803 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 51.034744][ T29] audit: type=1400 audit(1733481129.384:95): avc: denied { read } for pid=5485 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 51.055918][ T29] audit: type=1400 audit(1733481129.394:96): avc: denied { mounton } for pid=5803 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 51.070784][ T5807] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 51.081110][ T29] audit: type=1400 audit(1733481129.394:97): avc: denied { mount } for pid=5803 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 52.001325][ T5803] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.956151][ T5815] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.964575][ T5815] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.972620][ T5815] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 54.000875][ T5818] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 54.019450][ T5821] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 54.027609][ T5821] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 54.036059][ T5821] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 54.044011][ T5821] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 54.052490][ T5821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 54.061093][ T5821] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 54.065072][ T5827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 54.076862][ T5827] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 54.083049][ T5821] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 54.084322][ T5827] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 54.099969][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 54.106102][ T5828] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 54.116322][ T5827] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 54.122697][ T5821] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 54.130743][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 54.134382][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 54.146242][ T5815] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 54.147461][ T5829] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 54.163609][ T5815] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 54.171181][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 54.172209][ T5827] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 54.179367][ T5829] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 54.189293][ T5827] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 54.192911][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 54.199915][ T5827] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 54.222799][ T5827] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 54.525574][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 54.546342][ T5813] chnl_net:caif_netlink_parms(): no params data found [ 54.584045][ T5817] chnl_net:caif_netlink_parms(): no params data found [ 54.598334][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 54.723563][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.730905][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.738581][ T5816] bridge_slave_0: entered allmulticast mode [ 54.745688][ T5816] bridge_slave_0: entered promiscuous mode [ 54.765980][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 54.787646][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.795008][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.802474][ T5816] bridge_slave_1: entered allmulticast mode [ 54.808915][ T5816] bridge_slave_1: entered promiscuous mode [ 54.828887][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.836441][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.843980][ T5817] bridge_slave_0: entered allmulticast mode [ 54.850380][ T5817] bridge_slave_0: entered promiscuous mode [ 54.871112][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.878441][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.885869][ T5813] bridge_slave_0: entered allmulticast mode [ 54.892469][ T5813] bridge_slave_0: entered promiscuous mode [ 54.905692][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.912812][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.919940][ T5817] bridge_slave_1: entered allmulticast mode [ 54.926776][ T5817] bridge_slave_1: entered promiscuous mode [ 54.946812][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.958211][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.967653][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.975815][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.983272][ T5813] bridge_slave_1: entered allmulticast mode [ 54.989725][ T5813] bridge_slave_1: entered promiscuous mode [ 55.038637][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.046398][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.053778][ T5822] bridge_slave_0: entered allmulticast mode [ 55.060295][ T5822] bridge_slave_0: entered promiscuous mode [ 55.068952][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.080743][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.090286][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.098112][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.105375][ T5823] bridge_slave_0: entered allmulticast mode [ 55.112156][ T5823] bridge_slave_0: entered promiscuous mode [ 55.124006][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.133621][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.140756][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.148043][ T5822] bridge_slave_1: entered allmulticast mode [ 55.155183][ T5822] bridge_slave_1: entered promiscuous mode [ 55.172598][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.179760][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.187119][ T5823] bridge_slave_1: entered allmulticast mode [ 55.194101][ T5823] bridge_slave_1: entered promiscuous mode [ 55.202599][ T5816] team0: Port device team_slave_0 added [ 55.216475][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.242523][ T5816] team0: Port device team_slave_1 added [ 55.251622][ T5817] team0: Port device team_slave_0 added [ 55.267754][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.280448][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.301194][ T5817] team0: Port device team_slave_1 added [ 55.308983][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.320818][ T5813] team0: Port device team_slave_0 added [ 55.329129][ T5813] team0: Port device team_slave_1 added [ 55.348540][ T5822] team0: Port device team_slave_0 added [ 55.365733][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.379923][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.387295][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.414210][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.426764][ T5822] team0: Port device team_slave_1 added [ 55.438542][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.445671][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.471801][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.495493][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.502651][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.528723][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.544833][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.551976][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.577915][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.602459][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.609444][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.635650][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.647950][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.656101][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.682332][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.696937][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.703956][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.729887][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.746513][ T5823] team0: Port device team_slave_0 added [ 55.756693][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.763719][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.790282][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.803829][ T5823] team0: Port device team_slave_1 added [ 55.834909][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.842011][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.868079][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.894372][ T5813] hsr_slave_0: entered promiscuous mode [ 55.900625][ T5813] hsr_slave_1: entered promiscuous mode [ 55.917407][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.924557][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.951173][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.964852][ T5816] hsr_slave_0: entered promiscuous mode [ 55.971200][ T5816] hsr_slave_1: entered promiscuous mode [ 55.977411][ T5816] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.985444][ T5816] Cannot create hsr debugfs directory [ 56.006898][ T5822] hsr_slave_0: entered promiscuous mode [ 56.013075][ T5822] hsr_slave_1: entered promiscuous mode [ 56.019182][ T5822] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.026849][ T5822] Cannot create hsr debugfs directory [ 56.046042][ T5817] hsr_slave_0: entered promiscuous mode [ 56.052975][ T5817] hsr_slave_1: entered promiscuous mode [ 56.058918][ T5817] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.066693][ T5817] Cannot create hsr debugfs directory [ 56.132557][ T5818] Bluetooth: hci0: command tx timeout [ 56.149453][ T5823] hsr_slave_0: entered promiscuous mode [ 56.157948][ T5823] hsr_slave_1: entered promiscuous mode [ 56.164453][ T5823] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.174022][ T5823] Cannot create hsr debugfs directory [ 56.212513][ T5818] Bluetooth: hci1: command tx timeout [ 56.291880][ T5818] Bluetooth: hci4: command tx timeout [ 56.297788][ T5818] Bluetooth: hci3: command tx timeout [ 56.303558][ T5827] Bluetooth: hci2: command tx timeout [ 56.357408][ T5816] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 56.376466][ T5816] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 56.385776][ T5816] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 56.397929][ T5816] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 56.436004][ T5817] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.445132][ T5817] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.455339][ T5817] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.468320][ T5817] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.520020][ T5813] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 56.531096][ T5813] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 56.548266][ T5813] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 56.558499][ T5813] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 56.617265][ T5822] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 56.632426][ T5822] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 56.665070][ T5822] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 56.679204][ T5822] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 56.707400][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.727791][ T5823] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 56.747795][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.756421][ T5823] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 56.765166][ T5823] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 56.775088][ T5823] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 56.795583][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.802914][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.822563][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.829753][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.859472][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.908251][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.938059][ T5817] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.964640][ T5813] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.983659][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 56.983675][ T29] audit: type=1400 audit(1733481135.404:111): avc: denied { sys_module } for pid=5816 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 57.033544][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.041308][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.048435][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.058683][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.065803][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.118082][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.125208][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.139508][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.146668][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.167124][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.190463][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.197617][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.206845][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.214013][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.240427][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.251116][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.290603][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.308511][ T5813] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 57.328869][ T5813] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.391640][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.398866][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.439719][ T1101] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.447038][ T1101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.483686][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.551651][ T5822] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 57.577836][ T5822] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.620556][ T5817] veth0_vlan: entered promiscuous mode [ 57.656382][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.670765][ T5817] veth1_vlan: entered promiscuous mode [ 57.737573][ T5817] veth0_macvtap: entered promiscuous mode [ 57.748577][ T5816] veth0_vlan: entered promiscuous mode [ 57.774244][ T5817] veth1_macvtap: entered promiscuous mode [ 57.790016][ T5813] veth0_vlan: entered promiscuous mode [ 57.804507][ T5816] veth1_vlan: entered promiscuous mode [ 57.826751][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.836225][ T5813] veth1_vlan: entered promiscuous mode [ 57.845050][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.856427][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.867182][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.883923][ T5817] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.894448][ T5817] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.903774][ T5817] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.912681][ T5817] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.935780][ T5816] veth0_macvtap: entered promiscuous mode [ 57.947807][ T5816] veth1_macvtap: entered promiscuous mode [ 57.996277][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.007653][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.018891][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.030581][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.041502][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.052497][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.068549][ T5823] veth0_vlan: entered promiscuous mode [ 58.076181][ T5816] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.085811][ T5816] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.095312][ T5816] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.105296][ T5816] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.120554][ T5813] veth0_macvtap: entered promiscuous mode [ 58.154691][ T5813] veth1_macvtap: entered promiscuous mode [ 58.176878][ T5823] veth1_vlan: entered promiscuous mode [ 58.190563][ T5822] veth0_vlan: entered promiscuous mode [ 58.204294][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.213698][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.213889][ T5818] Bluetooth: hci0: command tx timeout [ 58.247280][ T5822] veth1_vlan: entered promiscuous mode [ 58.269005][ T5813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.281012][ T5813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.291464][ T5813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.302406][ T5818] Bluetooth: hci1: command tx timeout [ 58.303234][ T5813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.323026][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.333369][ T5813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.344016][ T5813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.354239][ T5813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.364965][ T5813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.375448][ T5818] Bluetooth: hci3: command tx timeout [ 58.375501][ T5818] Bluetooth: hci2: command tx timeout [ 58.385894][ T5827] Bluetooth: hci4: command tx timeout [ 58.388956][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.405847][ T3549] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.406216][ T5813] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.413918][ T3549] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.427158][ T5813] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.439270][ T5813] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.448284][ T5813] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.466475][ T5823] veth0_macvtap: entered promiscuous mode [ 58.477785][ T29] audit: type=1400 audit(1733481136.894:112): avc: denied { mounton } for pid=5817 comm="syz-executor" path="/root/syzkaller.g0drhr/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 58.510589][ T29] audit: type=1400 audit(1733481136.924:113): avc: denied { mount } for pid=5817 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 58.518542][ T5822] veth0_macvtap: entered promiscuous mode [ 58.545118][ T29] audit: type=1400 audit(1733481136.924:114): avc: denied { mounton } for pid=5817 comm="syz-executor" path="/root/syzkaller.g0drhr/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 58.561181][ T5823] veth1_macvtap: entered promiscuous mode [ 58.583056][ T29] audit: type=1400 audit(1733481136.924:115): avc: denied { mount } for pid=5817 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 58.602779][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.607427][ T29] audit: type=1400 audit(1733481136.924:116): avc: denied { mounton } for pid=5817 comm="syz-executor" path="/root/syzkaller.g0drhr/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 58.617025][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.659613][ T5817] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 58.672811][ T5822] veth1_macvtap: entered promiscuous mode [ 58.701458][ T29] audit: type=1400 audit(1733481136.924:117): avc: denied { mounton } for pid=5817 comm="syz-executor" path="/root/syzkaller.g0drhr/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7315 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 58.732948][ T29] audit: type=1400 audit(1733481136.924:118): avc: denied { unmount } for pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 58.760350][ T29] audit: type=1400 audit(1733481137.004:119): avc: denied { mounton } for pid=5817 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=2724 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 58.767021][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.795033][ T29] audit: type=1400 audit(1733481137.004:120): avc: denied { mount } for pid=5817 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 58.822862][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.832992][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.843747][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.853863][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.865518][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.876534][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.905877][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.912349][ T5898] can0: slcan on ttyS3. [ 58.917329][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.931190][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.946747][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.957397][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.972187][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.983038][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.001539][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.012320][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.022432][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.025758][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.033141][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.050902][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.051789][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.061346][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.078526][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.089145][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.099934][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.111893][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.122380][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.132266][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.142872][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.152870][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.163549][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.173558][ T5822] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.184050][ T5822] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.194811][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.205904][ T5822] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.214693][ T5822] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.223499][ T5822] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.232284][ T5822] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.287087][ T5823] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.296129][ T5823] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.305012][ T5823] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.313943][ T5823] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.334467][ T5899] can0 (unregistered): slcan off ttyS3. [ 59.396794][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.419661][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.567765][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.614697][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.647802][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.685396][ T5910] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6'. [ 59.687476][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.764309][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.787200][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.928315][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.943868][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.954412][ T5923] netlink: 'syz.1.2': attribute type 10 has an invalid length. [ 59.972892][ T5922] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7'. [ 60.016249][ T5922] FAULT_INJECTION: forcing a failure. [ 60.016249][ T5922] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 60.038636][ T5922] CPU: 1 UID: 0 PID: 5922 Comm: syz.4.7 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0 [ 60.049103][ T5922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 60.059192][ T5922] Call Trace: [ 60.062586][ T5922] [ 60.065532][ T5922] dump_stack_lvl+0x16c/0x1f0 [ 60.070250][ T5922] should_fail_ex+0x497/0x5b0 [ 60.074961][ T5922] _copy_from_user+0x2e/0xd0 [ 60.079577][ T5922] bpf_test_init.isra.0+0xf1/0x150 [ 60.084716][ T5922] bpf_prog_test_run_skb+0x246/0x2270 [ 60.090123][ T5922] ? lock_acquire+0x2f/0xb0 [ 60.094659][ T5922] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 60.100501][ T5922] ? fput+0x67/0x440 [ 60.104433][ T5922] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 60.110271][ T5922] __sys_bpf+0xfc6/0x49c0 [ 60.114892][ T5922] ? __pfx_lock_release+0x10/0x10 [ 60.119945][ T5922] ? __pfx___sys_bpf+0x10/0x10 [ 60.124738][ T5922] ? vfs_write+0x306/0x1150 [ 60.129288][ T5922] ? __mutex_unlock_slowpath+0x164/0x690 [ 60.135002][ T5922] ? fput+0x67/0x440 [ 60.138935][ T5922] ? ksys_write+0x1ba/0x250 [ 60.143458][ T5922] ? __pfx_ksys_write+0x10/0x10 [ 60.148341][ T5922] __x64_sys_bpf+0x78/0xc0 [ 60.152794][ T5922] ? lockdep_hardirqs_on+0x7c/0x110 [ 60.158039][ T5922] do_syscall_64+0xcd/0x250 [ 60.162576][ T5922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 60.168528][ T5922] RIP: 0033:0x7ff03df7ff19 [ 60.172975][ T5922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.192643][ T5922] RSP: 002b:00007ff03ecf1058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 60.201093][ T5922] RAX: ffffffffffffffda RBX: 00007ff03e145fa0 RCX: 00007ff03df7ff19 [ 60.209085][ T5922] RDX: 0000000000000048 RSI: 0000000020000080 RDI: 000000000000000a [ 60.217075][ T5922] RBP: 00007ff03ecf10a0 R08: 0000000000000000 R09: 0000000000000000 [ 60.225102][ T5922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.233095][ T5922] R13: 0000000000000000 R14: 00007ff03e145fa0 R15: 00007fff7faddf88 [ 60.241099][ T5922] [ 60.292142][ T5827] Bluetooth: hci0: command tx timeout [ 60.363617][ T5923] team0: Port device wlan1 added [ 60.375024][ T5827] Bluetooth: hci1: command tx timeout [ 60.388158][ T3471] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.404564][ T3471] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.454714][ T5827] Bluetooth: hci4: command tx timeout [ 60.460958][ T5827] Bluetooth: hci2: command tx timeout [ 60.467236][ T5827] Bluetooth: hci3: command tx timeout [ 60.652504][ T5896] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 60.678493][ T5953] trusted_key: syz.4.8 sent an empty control message without MSG_MORE. [ 60.812481][ T5896] usb 2-1: Using ep0 maxpacket: 16 [ 60.831445][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 60.860458][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 61.041275][ T5960] 9pnet_fd: Insufficient options for proto=fd [ 61.054733][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 61.077983][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 61.091908][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 61.180567][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.184341][ T5963] netlink: 256 bytes leftover after parsing attributes in process `syz.4.11'. [ 61.385311][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 61.641372][ T5964] Zero length message leads to an empty skb [ 61.918008][ T5896] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 61.933380][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 61.980583][ T5896] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 62.000262][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 62.003112][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.016720][ T5896] usb 2-1: Product: syz [ 62.020909][ T5896] usb 2-1: Manufacturer: syz [ 62.026343][ T5896] usb 2-1: SerialNumber: syz [ 62.040688][ T5896] usb 2-1: config 0 descriptor?? [ 62.154436][ T5967] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12'. [ 62.193070][ T29] kauditd_printk_skb: 58 callbacks suppressed [ 62.193094][ T29] audit: type=1400 audit(1733481140.614:179): avc: denied { create } for pid=5968 comm="syz.3.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 62.292159][ T29] audit: type=1400 audit(1733481140.704:180): avc: denied { create } for pid=5970 comm="syz.3.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 62.334898][ T5923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 62.358104][ T29] audit: type=1400 audit(1733481140.744:181): avc: denied { bind } for pid=5970 comm="syz.3.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 62.382178][ T5818] Bluetooth: hci0: command tx timeout [ 62.390136][ T29] audit: type=1400 audit(1733481140.744:182): avc: denied { connect } for pid=5970 comm="syz.3.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 62.422605][ T29] audit: type=1400 audit(1733481140.764:183): avc: denied { read } for pid=5970 comm="syz.3.14" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 62.452991][ T5818] Bluetooth: hci1: command tx timeout [ 62.470055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 62.471917][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 62.478759][ T29] audit: type=1400 audit(1733481140.764:184): avc: denied { open } for pid=5970 comm="syz.3.14" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 62.512204][ T29] audit: type=1400 audit(1733481140.834:185): avc: denied { name_connect } for pid=5970 comm="syz.3.14" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 62.533182][ T29] audit: type=1400 audit(1733481140.834:186): avc: denied { ioctl } for pid=5970 comm="syz.3.14" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4605 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 62.558896][ T29] audit: type=1400 audit(1733481140.834:187): avc: denied { bind } for pid=5970 comm="syz.3.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.570004][ T5818] Bluetooth: hci3: command tx timeout [ 62.579462][ T29] audit: type=1400 audit(1733481140.834:188): avc: denied { getopt } for pid=5970 comm="syz.3.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.588337][ T5827] Bluetooth: hci2: command tx timeout [ 62.631477][ T5818] Bluetooth: hci4: command tx timeout [ 62.687116][ T5896] usb 2-1: Cannot retrieve CPort count: -110 [ 62.708123][ T5896] usb 2-1: Cannot retrieve CPort count: -110 [ 62.729520][ T5896] es2_ap_driver 2-1:0.0: probe with driver es2_ap_driver failed with error -110 [ 63.409531][ T5867] usb 2-1: USB disconnect, device number 2 [ 64.522046][ T5869] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 64.684794][ T5869] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 64.714578][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 64.735640][ T5869] usb 2-1: Product: syz [ 64.746517][ T5869] usb 2-1: Manufacturer: syz [ 64.757253][ T5869] usb 2-1: SerialNumber: syz [ 64.775889][ T5869] usb 2-1: config 0 descriptor?? [ 64.791297][ T5869] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 003 [ 64.998191][ T5869] (null): failure setting delay to 10us [ 65.005788][ T5869] i2c-tiny-usb 2-1:0.0: probe with driver i2c-tiny-usb failed with error -5 [ 65.113664][ T5869] usb 2-1: USB disconnect, device number 3 [ 65.751963][ T969] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 65.923969][ T969] usb 1-1: config 0 has an invalid interface number: 18 but max is 0 [ 65.942038][ T969] usb 1-1: config 0 has no interface number 0 [ 65.960850][ T969] usb 1-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.005970][ T969] usb 1-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.022062][ T971] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 66.033217][ T969] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 66.053078][ T969] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 66.088561][ T969] usb 1-1: Manufacturer: syz [ 66.107123][ T969] usb 1-1: config 0 descriptor?? [ 66.181977][ T971] usb 4-1: Using ep0 maxpacket: 16 [ 66.200276][ T971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 66.258426][ T971] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 66.290603][ T971] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.312524][ T971] usb 4-1: Product: syz [ 66.319099][ T971] usb 4-1: Manufacturer: syz [ 66.324200][ T971] usb 4-1: SerialNumber: syz [ 66.353458][ T971] usb 4-1: config 0 descriptor?? [ 66.361162][ T971] hub 4-1:0.0: bad descriptor, ignoring hub [ 66.379690][ T971] hub 4-1:0.0: probe with driver hub failed with error -5 [ 66.426410][ T971] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input5 [ 66.569406][ T969] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.18/0003:054C:03D5.0001/input/input6 [ 66.881546][ T969] sony 0003:054C:03D5.0001: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.0-1/input18 [ 67.792637][ T969] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 67.977006][ T6037] bridge1: entered promiscuous mode [ 68.011964][ T6037] bridge1: entered allmulticast mode [ 68.063748][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 68.063766][ T29] audit: type=1400 audit(1733481146.484:210): avc: denied { execute } for pid=6034 comm="syz.2.31" name="team0" dev="tmpfs" ino=40 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 68.063954][ T6038] process 'syz.2.31' launched 'team0' with NULL argv: empty string added [ 68.080480][ T29] audit: type=1400 audit(1733481146.494:211): avc: denied { create } for pid=6040 comm="syz.1.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 68.106256][ T6037] team0: Port device bridge1 added [ 68.425739][ T29] audit: type=1400 audit(1733481146.604:212): avc: denied { create } for pid=6040 comm="syz.1.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 68.573199][ T29] audit: type=1400 audit(1733481146.964:213): avc: denied { execute_no_trans } for pid=6034 comm="syz.2.31" path="/3/team0" dev="tmpfs" ino=40 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 68.619664][ T5868] usb 1-1: USB disconnect, device number 2 [ 69.001158][ T6048] netlink: 16 bytes leftover after parsing attributes in process `syz.0.34'. [ 69.034687][ T29] audit: type=1400 audit(1733481147.424:214): avc: denied { create } for pid=6053 comm="syz.2.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 69.066455][ T29] audit: type=1400 audit(1733481147.434:215): avc: denied { sqpoll } for pid=6053 comm="syz.2.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 69.138867][ T6059] netlink: 24 bytes leftover after parsing attributes in process `syz.2.37'. [ 69.493155][ T5869] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 69.604687][ T5176] usb 4-1: reset high-speed USB device number 2 using dummy_hcd [ 69.613405][ T29] audit: type=1400 audit(1733481148.024:216): avc: denied { create } for pid=6067 comm="syz.1.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 69.647356][ T5176] usb 4-1: device reset changed ep0 maxpacket size! [ 69.659414][ T29] audit: type=1400 audit(1733481148.034:217): avc: denied { bind } for pid=6067 comm="syz.1.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 69.831850][ T5869] usb 5-1: Using ep0 maxpacket: 32 [ 69.954105][ T971] usb 4-1: USB disconnect, device number 2 [ 70.024603][ T5869] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 70.064042][ T5869] usb 5-1: config 0 has no interface number 0 [ 70.084687][ T5869] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 70.112507][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.136598][ T5869] usb 5-1: Product: syz [ 70.146743][ T5869] usb 5-1: Manufacturer: syz [ 70.151449][ T5869] usb 5-1: SerialNumber: syz [ 70.169018][ T5869] usb 5-1: config 0 descriptor?? [ 70.510057][ T5869] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 70.531874][ T971] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 70.725741][ T5869] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 70.799047][ T5869] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 71.001619][ T29] audit: type=1400 audit(1733481149.254:218): avc: denied { name_bind } for pid=6081 comm="syz.2.44" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 71.028952][ T29] audit: type=1400 audit(1733481149.254:219): avc: denied { node_bind } for pid=6081 comm="syz.2.44" saddr=224.0.0.2 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 71.628069][ T971] usb 4-1: Using ep0 maxpacket: 32 [ 71.639276][ T971] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 71.648484][ T971] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.972899][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 71.981463][ T5869] usb 5-1: USB disconnect, device number 2 [ 71.991040][ T5869] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 72.054169][ T971] usb 4-1: Product: syz [ 72.058401][ T971] usb 4-1: Manufacturer: syz [ 72.063105][ T971] usb 4-1: SerialNumber: syz [ 72.069411][ T971] usb 4-1: config 0 descriptor?? [ 72.076642][ T971] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 72.101579][ T5869] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 72.185874][ T5869] quatech2 5-1:0.51: device disconnected [ 72.253347][ T971] gspca_ov534_9: reg_w failed -71 [ 72.713731][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 72.722359][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 73.625744][ T971] gspca_ov534_9: Unknown sensor 0000 [ 73.625815][ T971] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22 [ 73.664048][ T971] usb 4-1: USB disconnect, device number 3 [ 73.710356][ T6118] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 73.864844][ T29] audit: type=1400 audit(1733481152.184:220): avc: denied { shutdown } for pid=6098 comm="syz.4.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 74.073404][ T29] audit: type=1400 audit(1733481152.264:221): avc: denied { write } for pid=6098 comm="syz.4.50" path="socket:[9567]" dev="sockfs" ino=9567 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 74.336910][ T29] audit: type=1400 audit(1733481152.264:222): avc: denied { nlmsg_read } for pid=6098 comm="syz.4.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 74.417269][ T29] audit: type=1400 audit(1733481152.574:223): avc: denied { create } for pid=6109 comm="syz.2.51" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 74.442123][ T29] audit: type=1400 audit(1733481152.584:224): avc: denied { create } for pid=6109 comm="syz.2.51" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 74.506296][ T29] audit: type=1400 audit(1733481152.924:225): avc: denied { read } for pid=6121 comm="syz.1.55" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 74.532658][ T5869] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 74.942942][ T29] audit: type=1400 audit(1733481153.044:226): avc: denied { ioctl } for pid=6121 comm="syz.1.55" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=9601 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 75.233013][ T29] audit: type=1400 audit(1733481153.344:227): avc: denied { create } for pid=6109 comm="syz.2.51" name="file5" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 75.310923][ T5869] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 75.340616][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.364268][ T5869] usb 5-1: Product: syz [ 75.368480][ T5869] usb 5-1: Manufacturer: syz [ 75.395555][ T29] audit: type=1400 audit(1733481153.814:228): avc: denied { unlink } for pid=5822 comm="syz-executor" name="file5" dev="tmpfs" ino=78 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 75.432242][ T5869] usb 5-1: can't set config #1, error -71 [ 75.463164][ T6134] FAULT_INJECTION: forcing a failure. [ 75.463164][ T6134] name failslab, interval 1, probability 0, space 0, times 0 [ 75.482837][ T6131] Driver unsupported XDP return value 0 on prog (id 15) dev N/A, expect packet loss! [ 75.518852][ T6134] CPU: 1 UID: 0 PID: 6134 Comm: syz.4.58 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0 [ 75.527156][ T5869] usb 5-1: USB disconnect, device number 3 [ 75.529409][ T6134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 75.529426][ T6134] Call Trace: [ 75.529432][ T6134] [ 75.529441][ T6134] dump_stack_lvl+0x16c/0x1f0 [ 75.556096][ T6134] should_fail_ex+0x497/0x5b0 [ 75.560878][ T6134] ? fs_reclaim_acquire+0xae/0x150 [ 75.566100][ T6134] should_failslab+0xc2/0x120 [ 75.570778][ T6134] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 75.576135][ T6134] ? alloc_empty_file+0x73/0x1e0 [ 75.581056][ T6134] alloc_empty_file+0x73/0x1e0 [ 75.585810][ T6134] path_openat+0xe1/0x2d60 [ 75.590207][ T6134] ? hlock_class+0x4e/0x130 [ 75.594743][ T6134] ? __lock_acquire+0x15a9/0x3c40 [ 75.599786][ T6134] ? __pfx_path_openat+0x10/0x10 [ 75.604728][ T6134] ? __pfx___lock_acquire+0x10/0x10 [ 75.609920][ T6134] ? lock_acquire.part.0+0x11b/0x380 [ 75.615210][ T6134] ? find_held_lock+0x2d/0x110 [ 75.619961][ T6134] do_filp_open+0x20c/0x470 [ 75.624466][ T6134] ? __pfx_do_filp_open+0x10/0x10 [ 75.629520][ T6134] ? find_held_lock+0x2d/0x110 [ 75.634336][ T6134] ? alloc_fd+0x41f/0x760 [ 75.638704][ T6134] do_sys_openat2+0x17a/0x1e0 [ 75.643420][ T6134] ? __pfx_do_sys_openat2+0x10/0x10 [ 75.648662][ T6134] ? __fget_files+0x206/0x3a0 [ 75.653359][ T6134] __x64_sys_openat+0x175/0x210 [ 75.658224][ T6134] ? __pfx___x64_sys_openat+0x10/0x10 [ 75.663612][ T6134] ? ksys_write+0x1ba/0x250 [ 75.668107][ T6134] do_syscall_64+0xcd/0x250 [ 75.672635][ T6134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.678541][ T6134] RIP: 0033:0x7ff03df7ff19 [ 75.682952][ T6134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.702558][ T6134] RSP: 002b:00007ff03ecf1058 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 75.710958][ T6134] RAX: ffffffffffffffda RBX: 00007ff03e145fa0 RCX: 00007ff03df7ff19 [ 75.718914][ T6134] RDX: 0000000000185000 RSI: 0000000020000180 RDI: ffffffffffffff9c [ 75.726879][ T6134] RBP: 00007ff03ecf10a0 R08: 0000000000000000 R09: 0000000000000000 [ 75.734858][ T6134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 75.742854][ T6134] R13: 0000000000000000 R14: 00007ff03e145fa0 R15: 00007fff7faddf88 [ 75.750866][ T6134] [ 75.830721][ T6135] xt_connbytes: Forcing CT accounting to be enabled [ 75.877532][ T6135] xt_NFQUEUE: number of total queues is 0 [ 75.992031][ T29] audit: type=1400 audit(1733481154.404:229): avc: denied { ioctl } for pid=6142 comm="syz.1.59" path="socket:[9631]" dev="sockfs" ino=9631 ioctlcmd=0x89fc scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 76.121738][ T6151] syz.4.60 uses obsolete (PF_INET,SOCK_PACKET) [ 76.144668][ T6124] xt_connbytes: Forcing CT accounting to be enabled [ 76.161451][ T6124] xt_NFQUEUE: number of total queues is 0 [ 77.610050][ T25] cfg80211: failed to load regulatory.db [ 78.948064][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 78.948081][ T29] audit: type=1400 audit(1733481157.044:238): avc: denied { write } for pid=6159 comm="syz.1.62" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 79.370138][ T29] audit: type=1400 audit(1733481157.754:239): avc: denied { accept } for pid=6172 comm="syz.4.65" lport=4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 79.711976][ T971] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 79.788480][ T29] audit: type=1400 audit(1733481158.084:240): avc: denied { create } for pid=6163 comm="syz.0.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 80.031793][ T971] usb 2-1: Using ep0 maxpacket: 32 [ 80.045085][ T971] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 80.064725][ T971] usb 2-1: config 0 has no interface number 0 [ 80.193351][ T29] audit: type=1400 audit(1733481158.614:241): avc: denied { map } for pid=6186 comm="syz.4.68" path="socket:[9676]" dev="sockfs" ino=9676 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 80.271269][ T971] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 80.319970][ T971] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.320122][ T29] audit: type=1400 audit(1733481158.714:242): avc: denied { connect } for pid=6186 comm="syz.4.68" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 80.368391][ T971] usb 2-1: Product: syz [ 80.387493][ T971] usb 2-1: Manufacturer: syz [ 80.396533][ T971] usb 2-1: SerialNumber: syz [ 80.552512][ T971] usb 2-1: config 0 descriptor?? [ 80.617041][ T6184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 80.628237][ T971] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 80.869832][ T971] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 80.888066][ T971] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 80.987685][ T5866] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 81.123742][ T25] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 81.147383][ T5866] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 81.157949][ T5866] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 81.174839][ T5866] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 81.318362][ T25] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 81.331754][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 81.355277][ T5866] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 184 [ 81.368716][ T25] usb 1-1: Product: syz [ 81.374197][ T25] usb 1-1: Manufacturer: syz [ 81.381871][ T25] usb 1-1: SerialNumber: syz [ 81.388537][ T5866] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 81.397975][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 81.410563][ T25] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 81.431511][ T5866] usb 5-1: Product: syz [ 81.436783][ T5833] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 81.451492][ T5866] usb 5-1: Manufacturer: syz [ 81.459860][ T6175] netlink: 16 bytes leftover after parsing attributes in process `syz.1.66'. [ 81.492459][ T5865] usb 2-1: USB disconnect, device number 4 [ 81.492465][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 81.537435][ T6191] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 81.559725][ T5866] cdc_wdm 5-1:1.0: skipping garbage [ 81.594387][ T5866] cdc_wdm 5-1:1.0: skipping garbage [ 81.604195][ T5865] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 81.632433][ T5866] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 81.646601][ T5868] usb 1-1: USB disconnect, device number 3 [ 81.687673][ T5865] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 81.714004][ T5865] quatech2 2-1:0.51: device disconnected [ 81.750250][ T6187] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input7 [ 81.901888][ T5869] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 81.941792][ T969] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 82.063330][ T5869] usb 4-1: config 118 interface 0 has no altsetting 0 [ 82.074406][ T5869] usb 4-1: New USB device found, idVendor=13d3, idProduct=3211, bcdDevice=7a.67 [ 82.083700][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.091864][ T5869] usb 4-1: Product: syz [ 82.096039][ T5869] usb 4-1: Manufacturer: syz [ 82.100620][ T5869] usb 4-1: SerialNumber: syz [ 82.105945][ T969] usb 3-1: Using ep0 maxpacket: 16 [ 82.116307][ T969] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 82.126601][ T969] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 8 [ 82.149340][ T969] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 82.158947][ T969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.167142][ T969] usb 3-1: Product: syz [ 82.171365][ T969] usb 3-1: Manufacturer: syz [ 82.176526][ T969] usb 3-1: SerialNumber: syz [ 82.185642][ T969] usb 3-1: config 0 descriptor?? [ 82.451870][ T5833] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 82.555565][ T5833] ath9k_htc: Failed to initialize the device [ 82.571499][ T29] audit: type=1400 audit(1733481160.984:243): avc: denied { read } for pid=6214 comm="syz.0.77" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 82.603457][ T5868] usb 1-1: ath9k_htc: USB layer deinitialized [ 82.640389][ T29] audit: type=1400 audit(1733481160.984:244): avc: denied { open } for pid=6214 comm="syz.0.77" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 82.873863][ T29] audit: type=1400 audit(1733481161.014:245): avc: denied { ioctl } for pid=6214 comm="syz.0.77" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 83.125574][ T29] audit: type=1400 audit(1733481161.014:246): avc: denied { set_context_mgr } for pid=6214 comm="syz.0.77" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 83.148294][ T5868] usb 5-1: USB disconnect, device number 4 [ 83.215297][ T29] audit: type=1400 audit(1733481161.634:247): avc: denied { create } for pid=6226 comm="syz.0.79" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 83.424524][ T6234] bond0: option mode: unable to set because the bond device has slaves [ 83.754234][ T6239] netlink: 24 bytes leftover after parsing attributes in process `syz.1.84'. [ 84.021964][ T969] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 84.376259][ T5833] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 84.523606][ T5833] usb 5-1: device descriptor read/64, error -71 [ 84.573391][ T969] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 84.581305][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 84.594523][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 84.608902][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 84.621082][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 84.650099][ T969] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 84.659558][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 84.670478][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 84.681184][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 84.692900][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 84.704403][ T969] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 84.715417][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 84.741929][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 84.752129][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 84.763549][ T969] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 84.778092][ T969] usb 2-1: string descriptor 0 read error: -22 [ 84.796532][ T5833] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 84.797561][ T969] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 84.816551][ T969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.941970][ T971] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 85.002119][ T5833] usb 5-1: device descriptor read/64, error -71 [ 85.002898][ T969] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 85.037419][ T5866] usb 3-1: USB disconnect, device number 2 [ 85.214514][ T5833] usb usb5-port1: attempt power cycle [ 85.257280][ T969] usb 2-1: USB disconnect, device number 5 [ 85.295253][ T971] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 85.351949][ T971] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.371993][ T971] usb 1-1: Product: syz [ 85.376299][ T971] usb 1-1: Manufacturer: syz [ 85.386458][ T971] usb 1-1: SerialNumber: syz [ 85.404426][ T971] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 85.421877][ T5901] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 85.532497][ T5869] dvb-usb: found a 'Pinnacle PCTV 310e' in warm state. [ 85.543290][ T5869] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 85.562510][ T5869] dvbdev: DVB: registering new adapter (Pinnacle PCTV 310e) [ 85.597037][ T5869] usb 4-1: media controller created [ 85.622403][ T5833] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 85.632918][ T5868] usb 1-1: USB disconnect, device number 4 [ 85.656855][ T5869] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 85.673705][ T5833] usb 5-1: device descriptor read/8, error -71 [ 85.735174][ T5869] DVB: Unable to find symbol mt352_attach() [ 85.741607][ T5869] dvb-usb: no frontend was attached by 'Pinnacle PCTV 310e' [ 85.798965][ T5869] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input8 [ 85.894156][ T6261] netlink: 16 bytes leftover after parsing attributes in process `syz.2.89'. [ 85.952516][ T5833] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 86.101514][ T5833] usb 5-1: device descriptor read/8, error -71 [ 86.111131][ T5869] dvb-usb: schedule remote query interval to 100 msecs. [ 86.118865][ T5869] dvb-usb: Pinnacle PCTV 310e successfully initialized and connected. [ 86.142607][ T5869] dvb_usb_m920x 4-1:118.0: probe with driver dvb_usb_m920x failed with error -71 [ 86.155853][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 86.155870][ T29] audit: type=1400 audit(1733481164.550:251): avc: denied { append } for pid=6259 comm="syz.3.90" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 86.215745][ T5833] usb usb5-port1: unable to enumerate USB device [ 86.229956][ T5896] m920x_read = error: -71 [ 86.240980][ T5896] dvb-usb: error while querying for an remote control event. [ 86.252118][ T5869] usb 4-1: USB disconnect, device number 4 [ 86.258217][ T29] audit: type=1400 audit(1733481164.660:252): avc: denied { write } for pid=6259 comm="syz.3.90" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 86.277005][ T6266] sock: sock_timestamping_bind_phc: sock not bind to device [ 86.281475][ T29] audit: type=1400 audit(1733481164.660:253): avc: denied { open } for pid=6259 comm="syz.3.90" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 86.295184][ T6266] Process accounting resumed [ 86.353267][ T969] m920x_read = error: -19 [ 86.357661][ T969] dvb-usb: error while querying for an remote control event. [ 86.442936][ T29] audit: type=1400 audit(1733481164.870:254): avc: denied { ioctl } for pid=6259 comm="syz.3.90" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x4c06 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 86.481826][ T5896] m920x_read = error: -19 [ 86.486327][ T5896] dvb-usb: error while querying for an remote control event. [ 86.497535][ T5901] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 86.506732][ T5901] ath9k_htc: Failed to initialize the device [ 87.149667][ T5868] usb 1-1: ath9k_htc: USB layer deinitialized [ 87.254211][ T5824] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 87.258710][ T6275] netlink: 24 bytes leftover after parsing attributes in process `syz.2.93'. [ 87.263733][ T5824] Bluetooth: hci2: Injecting HCI hardware error event [ 87.272497][ T5896] m920x_read = error: -19 [ 87.280881][ T5827] Bluetooth: hci2: hardware error 0x00 [ 87.284313][ T5896] dvb-usb: error while querying for an remote control event. [ 87.413779][ T5896] m920x_read = error: -19 [ 87.419026][ T5896] dvb-usb: error while querying for an remote control event. [ 87.691875][ T5868] m920x_read = error: -19 [ 87.696330][ T5868] dvb-usb: error while querying for an remote control event. [ 87.758974][ T29] audit: type=1400 audit(1733481166.180:255): avc: denied { lock } for pid=6279 comm="syz.0.95" path="socket:[9149]" dev="sockfs" ino=9149 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 87.919717][ T29] audit: type=1326 audit(1733481166.340:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6279 comm="syz.0.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4021d7ff19 code=0x7fc00000 [ 87.960871][ T5868] m920x_read = error: -19 [ 87.965843][ T5868] dvb-usb: error while querying for an remote control event. [ 88.002351][ T29] audit: type=1326 audit(1733481166.340:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6279 comm="syz.0.95" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f4021d7ff19 code=0x7fc00000 [ 88.105033][ T5896] m920x_read = error: -19 [ 88.121266][ T5896] dvb-usb: error while querying for an remote control event. [ 88.534743][ T6291] FAULT_INJECTION: forcing a failure. [ 88.534743][ T6291] name failslab, interval 1, probability 0, space 0, times 0 [ 88.555725][ T6291] CPU: 1 UID: 0 PID: 6291 Comm: syz.3.97 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0 [ 88.566287][ T6291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 88.576455][ T6291] Call Trace: [ 88.579750][ T6291] [ 88.582690][ T6291] dump_stack_lvl+0x16c/0x1f0 [ 88.587451][ T6291] should_fail_ex+0x497/0x5b0 [ 88.592140][ T6291] ? fs_reclaim_acquire+0xae/0x150 [ 88.597266][ T6291] should_failslab+0xc2/0x120 [ 88.601934][ T6291] __kmalloc_noprof+0xcb/0x510 [ 88.606687][ T6291] io_alloc_async_data+0x9d/0x150 [ 88.611708][ T6291] io_msg_alloc_async+0x82/0x390 [ 88.616643][ T6291] io_recvmsg_prep+0x5aa/0xf00 [ 88.621398][ T6291] ? __pfx_io_recvmsg_prep+0x10/0x10 [ 88.626679][ T6291] ? irqentry_exit+0x3b/0x90 [ 88.631261][ T6291] ? lockdep_hardirqs_on+0x7c/0x110 [ 88.636453][ T6291] ? io_submit_sqes+0x58a/0x25c0 [ 88.641385][ T6291] io_submit_sqes+0x853/0x25c0 [ 88.646150][ T6291] __do_sys_io_uring_enter+0xd43/0x1620 [ 88.651698][ T6291] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 88.657691][ T6291] ? __pfx___schedule+0x10/0x10 [ 88.662534][ T6291] ? preempt_schedule_notrace_thunk+0x1a/0x30 [ 88.668593][ T6291] do_syscall_64+0xcd/0x250 [ 88.673086][ T6291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.678970][ T6291] RIP: 0033:0x7f4733d7ff19 [ 88.683389][ T6291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.702983][ T6291] RSP: 002b:00007f4734b84058 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 88.711395][ T6291] RAX: ffffffffffffffda RBX: 00007f4733f45fa0 RCX: 00007f4733d7ff19 [ 88.719351][ T6291] RDX: 0000000000000000 RSI: 0000000000002d3e RDI: 0000000000000003 [ 88.727305][ T6291] RBP: 00007f4734b840a0 R08: 0000000000000000 R09: 0000000000000000 [ 88.735263][ T6291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 88.743220][ T6291] R13: 0000000000000000 R14: 00007f4733f45fa0 R15: 00007ffcbd8a49e8 [ 88.751184][ T6291] [ 88.757790][ T5896] m920x_read = error: -19 [ 88.813959][ T6294] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method [ 88.824446][ T5869] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 88.832466][ T5896] dvb-usb: error while querying for an remote control event. [ 88.907542][ T29] audit: type=1400 audit(1733481167.330:258): avc: denied { write } for pid=6296 comm="syz.3.100" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 88.914338][ T6297] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 88.932895][ T29] audit: type=1400 audit(1733481167.330:259): avc: denied { create } for pid=6296 comm="syz.3.100" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 88.968955][ T5896] m920x_read = error: -19 [ 88.981800][ T5869] usb 1-1: device descriptor read/64, error -71 [ 88.996202][ T5896] dvb-usb: error while querying for an remote control event. [ 89.002212][ T29] audit: type=1400 audit(1733481167.420:260): avc: denied { read write } for pid=6277 comm="syz.4.94" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 89.134378][ T5896] m920x_read = error: -19 [ 89.148350][ T5896] dvb-usb: error while querying for an remote control event. [ 89.292222][ T5869] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 89.311543][ T6306] netlink: 16 bytes leftover after parsing attributes in process `syz.2.102'. [ 89.332105][ T5901] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 89.344521][ T5827] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 89.490377][ T5896] m920x_read = error: -19 [ 89.502414][ T5901] usb 4-1: Using ep0 maxpacket: 8 [ 89.526123][ T5901] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 89.527105][ T5869] usb 1-1: device descriptor read/64, error -71 [ 89.536242][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.555673][ T5901] usb 4-1: Product: syz [ 89.565453][ T5901] usb 4-1: Manufacturer: syz [ 89.565851][ T5896] dvb-usb: error while querying for an remote control event. [ 89.570133][ T5901] usb 4-1: SerialNumber: syz [ 89.595508][ T5901] usb 4-1: config 0 descriptor?? [ 89.688839][ T5869] usb usb1-port1: attempt power cycle [ 89.791047][ T9] m920x_read = error: -19 [ 89.797332][ T9] dvb-usb: error while querying for an remote control event. [ 89.821619][ T5901] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 89.992026][ T5896] m920x_read = error: -19 [ 90.037729][ T5896] dvb-usb: error while querying for an remote control event. [ 90.089304][ T6312] netlink: 332 bytes leftover after parsing attributes in process `syz.2.104'. [ 90.172571][ T9] m920x_read = error: -19 [ 90.176969][ T9] dvb-usb: error while querying for an remote control event. [ 90.248094][ T6317] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 90.254971][ T6317] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 90.266713][ T6317] vhci_hcd vhci_hcd.0: Device attached [ 90.296262][ T969] m920x_read = error: -19 [ 90.301528][ T969] dvb-usb: error while querying for an remote control event. [ 90.309594][ T5869] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 90.332494][ T5869] usb 1-1: device descriptor read/8, error -71 [ 90.371892][ T5896] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 90.413034][ T5833] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 90.413055][ T5865] m920x_read = error: -19 [ 90.413073][ T5865] dvb-usb: error while querying for an remote control event. [ 90.442927][ T9] vhci_hcd: vhci_device speed not set [ 90.501821][ T5896] usb 3-1: device descriptor read/64, error -71 [ 90.508207][ T9] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 90.521859][ T5868] usb 5-1: new low-speed USB device number 9 using dummy_hcd [ 90.541893][ T5865] m920x_read = error: -19 [ 90.546460][ T5865] dvb-usb: error while querying for an remote control event. [ 90.571854][ T5869] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 90.587318][ T5833] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 90.592258][ T5869] usb 1-1: device descriptor read/8, error -71 [ 90.596710][ T5833] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.610795][ T5833] usb 2-1: Product: syz [ 90.616771][ T5833] usb 2-1: Manufacturer: syz [ 90.621502][ T5833] usb 2-1: SerialNumber: syz [ 90.630103][ T5833] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 90.644620][ T5866] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 90.661950][ T5865] m920x_read = error: -19 [ 90.669935][ T5865] dvb-usb: error while querying for an remote control event. [ 90.687417][ T5868] usb 5-1: config 0 has no interfaces? [ 90.696713][ T5868] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 90.708484][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.720716][ T5869] usb usb1-port1: unable to enumerate USB device [ 90.740347][ T5868] usb 5-1: config 0 descriptor?? [ 90.745644][ T5896] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 90.811887][ T5869] m920x_read = error: -19 [ 90.816272][ T5869] dvb-usb: error while querying for an remote control event. [ 90.847912][ T6322] netlink: 224 bytes leftover after parsing attributes in process `syz.0.107'. [ 90.862151][ T6322] netlink: 16 bytes leftover after parsing attributes in process `syz.0.107'. [ 90.875470][ T5869] usb 2-1: USB disconnect, device number 6 [ 90.982729][ T5868] m920x_read = error: -19 [ 90.987577][ T5896] usb 3-1: device descriptor read/64, error -71 [ 90.993985][ T5868] dvb-usb: error while querying for an remote control event. [ 91.043161][ T6318] vhci_hcd: unknown pdu 1 [ 91.067042][ T6069] vhci_hcd: stop threads [ 91.071333][ T6069] vhci_hcd: release socket [ 91.088196][ T6069] vhci_hcd: disconnect device [ 91.095927][ T6317] 9pnet_fd: Insufficient options for proto=fd [ 91.102288][ T5868] m920x_read = error: -19 [ 91.106860][ T5896] usb usb3-port1: attempt power cycle [ 91.112403][ T5868] dvb-usb: error while querying for an remote control event. [ 91.120694][ T9] vhci_hcd: vhci_device speed not set [ 91.137795][ T5868] usb 5-1: USB disconnect, device number 9 [ 91.221933][ T5865] m920x_read = error: -19 [ 91.226311][ T5865] dvb-usb: error while querying for an remote control event. [ 91.369166][ T5868] m920x_read = error: -19 [ 91.377411][ T5868] dvb-usb: error while querying for an remote control event. [ 91.462443][ T6327] syz.0.108[6327] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.462826][ T6327] syz.0.108[6327] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.474695][ T6327] syz.0.108[6327] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 91.501931][ T6327] FAULT_INJECTION: forcing a failure. [ 91.501931][ T6327] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.502851][ T6327] [ 91.502863][ T6327] ====================================================== [ 91.502871][ T6327] WARNING: possible circular locking dependency detected [ 91.502878][ T6327] 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0 Not tainted [ 91.502887][ T6327] ------------------------------------------------------ [ 91.502892][ T6327] syz.0.108/6327 is trying to acquire lock: [ 91.502900][ T6327] ffffffff8e0c8800 (console_owner){..-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0 [ 91.502950][ T6327] [ 91.502950][ T6327] but task is already holding lock: [ 91.502955][ T6327] ffff8880b863ebd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 91.502994][ T6327] [ 91.502994][ T6327] which lock already depends on the new lock. [ 91.502994][ T6327] [ 91.503004][ T6327] [ 91.503004][ T6327] the existing dependency chain (in reverse order) is: [ 91.503009][ T6327] [ 91.503009][ T6327] -> #4 (&rq->__lock){-.-.}-{2:2}: [ 91.503031][ T6327] _raw_spin_lock_nested+0x31/0x40 [ 91.503051][ T6327] raw_spin_rq_lock_nested+0x29/0x130 [ 91.503073][ T6327] task_rq_lock+0xcf/0x3b0 [ 91.503091][ T6327] cgroup_move_task+0x82/0x250 [ 91.503106][ T6327] css_set_move_task+0x288/0x5f0 [ 91.503124][ T6327] cgroup_post_fork+0x1c6/0x910 [ 91.503149][ T6327] copy_process+0x50d9/0x8df0 [ 91.503171][ T6327] kernel_clone+0xfd/0x960 [ 91.503192][ T6327] user_mode_thread+0xb4/0xf0 [ 91.503213][ T6327] rest_init+0x23/0x2b0 [ 91.503236][ T6327] start_kernel+0x3e4/0x4d0 [ 91.503260][ T6327] x86_64_start_reservations+0x18/0x30 [ 91.503282][ T6327] x86_64_start_kernel+0xb2/0xc0 [ 91.503302][ T6327] common_startup_64+0x13e/0x148 [ 91.503323][ T6327] [ 91.503323][ T6327] -> #3 (&p->pi_lock){-.-.}-{2:2}: [ 91.503343][ T6327] _raw_spin_lock_irqsave+0x3a/0x60 [ 91.503360][ T6327] try_to_wake_up+0xb6/0x1490 [ 91.503376][ T6327] __wake_up_common+0x131/0x1e0 [ 91.503397][ T6327] __wake_up+0x31/0x60 [ 91.503411][ T6327] tty_port_default_wakeup+0x2a/0x40 [ 91.503429][ T6327] serial8250_tx_chars+0x68e/0x860 [ 91.503450][ T6327] serial8250_handle_irq+0x74d/0xc80 [ 91.503469][ T6327] serial8250_default_handle_irq+0x9a/0x210 [ 91.503490][ T6327] serial8250_interrupt+0x103/0x210 [ 91.503516][ T6327] __handle_irq_event_percpu+0x229/0x7d0 [ 91.503538][ T6327] handle_irq_event+0xab/0x1e0 [ 91.503558][ T6327] handle_edge_irq+0x263/0xd10 [ 91.503578][ T6327] __common_interrupt+0xdf/0x250 [ 91.503603][ T6327] common_interrupt+0xba/0xe0 [ 91.503626][ T6327] asm_common_interrupt+0x26/0x40 [ 91.503648][ T6327] _raw_spin_unlock_irqrestore+0x31/0x80 [ 91.503665][ T6327] debug_check_no_obj_freed+0x327/0x600 [ 91.503686][ T6327] kmem_cache_free+0x2d4/0x4c0 [ 91.503704][ T6327] putname+0x13c/0x180 [ 91.503723][ T6327] do_sys_openat2+0x160/0x1e0 [ 91.503743][ T6327] __x64_sys_openat+0x175/0x210 [ 91.503762][ T6327] do_syscall_64+0xcd/0x250 [ 91.503782][ T6327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.503803][ T6327] [ 91.503803][ T6327] -> #2 (&tty->write_wait){-.-.}-{3:3}: [ 91.503824][ T6327] _raw_spin_lock_irqsave+0x3a/0x60 [ 91.503841][ T6327] __wake_up+0x1c/0x60 [ 91.503855][ T6327] tty_port_default_wakeup+0x2a/0x40 [ 91.503872][ T6327] serial8250_tx_chars+0x68e/0x860 [ 91.503890][ T6327] serial8250_handle_irq+0x74d/0xc80 [ 91.503909][ T6327] serial8250_default_handle_irq+0x9a/0x210 [ 91.503930][ T6327] serial8250_interrupt+0x103/0x210 [ 91.503948][ T6327] __handle_irq_event_percpu+0x229/0x7d0 [ 91.503965][ T6327] handle_irq_event+0xab/0x1e0 [ 91.503986][ T6327] handle_edge_irq+0x263/0xd10 [ 91.504014][ T6327] __common_interrupt+0xdf/0x250 [ 91.504037][ T6327] common_interrupt+0xba/0xe0 [ 91.504060][ T6327] asm_common_interrupt+0x26/0x40 [ 91.504081][ T6327] _raw_spin_unlock_irqrestore+0x31/0x80 [ 91.504098][ T6327] uart_write+0x2a4/0xb30 [ 91.504114][ T6327] n_tty_write+0x419/0x1140 [ 91.504133][ T6327] file_tty_write.constprop.0+0x506/0x9a0 [ 91.504149][ T6327] redirected_tty_write+0xcc/0x140 [ 91.504164][ T6327] vfs_write+0x5ae/0x1150 [ 91.504179][ T6327] ksys_write+0x12b/0x250 [ 91.504193][ T6327] do_syscall_64+0xcd/0x250 [ 91.504213][ T6327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.504233][ T6327] [ 91.504233][ T6327] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 91.504254][ T6327] _raw_spin_lock_irqsave+0x3a/0x60 [ 91.504271][ T6327] serial8250_console_write+0xb56/0x17c0 [ 91.504291][ T6327] console_flush_all+0x803/0xc60 [ 91.504312][ T6327] console_unlock+0xd9/0x210 [ 91.504332][ T6327] vprintk_emit+0x424/0x6f0 [ 91.504352][ T6327] vprintk+0x7f/0xa0 [ 91.504374][ T6327] _printk+0xc8/0x100 [ 91.504389][ T6327] register_console+0xbfd/0x1170 [ 91.504411][ T6327] univ8250_console_init+0x5f/0x90 [ 91.504430][ T6327] console_init+0x154/0x690 [ 91.504451][ T6327] start_kernel+0x29a/0x4d0 [ 91.504472][ T6327] x86_64_start_reservations+0x18/0x30 [ 91.504493][ T6327] x86_64_start_kernel+0xb2/0xc0 [ 91.504513][ T6327] common_startup_64+0x13e/0x148 [ 91.504532][ T6327] [ 91.504532][ T6327] -> #0 (console_owner){..-.}-{0:0}: [ 91.504552][ T6327] __lock_acquire+0x249e/0x3c40 [ 91.504569][ T6327] lock_acquire.part.0+0x11b/0x380 [ 91.504586][ T6327] console_lock_spinning_enable+0xb0/0xd0 [ 91.504606][ T6327] console_flush_all+0x7ac/0xc60 [ 91.504627][ T6327] console_unlock+0xd9/0x210 [ 91.504647][ T6327] vprintk_emit+0x424/0x6f0 [ 91.504667][ T6327] vprintk+0x7f/0xa0 [ 91.504689][ T6327] _printk+0xc8/0x100 [ 91.504705][ T6327] should_fail_ex+0x46c/0x5b0 [ 91.504729][ T6327] copy_to_user_nofault+0xac/0x180 [ 91.504747][ T6327] bpf_probe_write_user+0xaf/0xf0 [ 91.504770][ T6327] bpf_prog_6303d92f98284ad8+0x44/0x48 [ 91.504783][ T6327] bpf_trace_run4+0x245/0x5a0 [ 91.504799][ T6327] __bpf_trace_sched_switch+0x13e/0x190 [ 91.504818][ T6327] __schedule+0x1b71/0x5ad0 [ 91.504835][ T6327] preempt_schedule_irq+0x51/0x90 [ 91.504852][ T6327] irqentry_exit+0x36/0x90 [ 91.504871][ T6327] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 91.504897][ T6327] fs_reclaim_release+0x55/0x100 [ 91.504921][ T6327] __kmalloc_node_track_caller_noprof+0xbc/0x510 [ 91.504940][ T6327] memdup_user+0x2a/0xd0 [ 91.504956][ T6327] strndup_user+0x78/0xe0 [ 91.504970][ T6327] __x64_sys_mount+0x138/0x320 [ 91.504989][ T6327] do_syscall_64+0xcd/0x250 [ 91.505013][ T6327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.505034][ T6327] [ 91.505034][ T6327] other info that might help us debug this: [ 91.505034][ T6327] [ 91.505039][ T6327] Chain exists of: [ 91.505039][ T6327] console_owner --> &p->pi_lock --> &rq->__lock [ 91.505039][ T6327] [ 91.505061][ T6327] Possible unsafe locking scenario: [ 91.505061][ T6327] [ 91.505065][ T6327] CPU0 CPU1 [ 91.505072][ T6327] ---- ---- [ 91.505076][ T6327] lock(&rq->__lock); [ 91.505085][ T6327] lock(&p->pi_lock); [ 91.505095][ T6327] lock(&rq->__lock); [ 91.505105][ T6327] lock(console_owner); [ 91.505114][ T6327] [ 91.505114][ T6327] *** DEADLOCK *** [ 91.505114][ T6327] [ 91.505118][ T6327] 5 locks held by syz.0.108/6327: [ 91.505128][ T6327] #0: ffffffff8e34f060 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_node_track_caller_noprof+0xb5/0x510 [ 91.505170][ T6327] #1: ffff8880b863ebd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130 [ 91.505208][ T6327] #2: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1d6/0x5a0 [ 91.505245][ T6327] #3: ffffffff8e1a8c40 (console_lock){+.+.}-{0:0}, at: vprintk+0x7f/0xa0 [ 91.505288][ T6327] #4: ffffffff8e1a8cb0 (console_srcu){....}-{0:0}, at: console_flush_all+0x159/0xc60 [ 91.505330][ T6327] [ 91.505330][ T6327] stack backtrace: [ 91.505337][ T6327] CPU: 1 UID: 0 PID: 6327 Comm: syz.0.108 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0 [ 91.505356][ T6327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 91.505365][ T6327] Call Trace: [ 91.505371][ T6327] [ 91.505378][ T6327] dump_stack_lvl+0x116/0x1f0 [ 91.505401][ T6327] print_circular_bug+0x419/0x5d0 [ 91.505420][ T6327] check_noncircular+0x31a/0x400 [ 91.505438][ T6327] ? __pfx_check_noncircular+0x10/0x10 [ 91.505458][ T6327] ? lockdep_lock+0xc6/0x200 [ 91.505481][ T6327] ? __pfx_lockdep_lock+0x10/0x10 [ 91.505506][ T6327] __lock_acquire+0x249e/0x3c40 [ 91.505528][ T6327] ? __pfx___lock_acquire+0x10/0x10 [ 91.505549][ T6327] lock_acquire.part.0+0x11b/0x380 [ 91.505567][ T6327] ? console_lock_spinning_enable+0x9f/0xd0 [ 91.505591][ T6327] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 91.505610][ T6327] ? rcu_is_watching+0x12/0xc0 [ 91.505633][ T6327] ? trace_lock_acquire+0x14e/0x1f0 [ 91.505657][ T6327] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 91.505678][ T6327] ? console_lock_spinning_enable+0x9f/0xd0 [ 91.505701][ T6327] ? lock_acquire+0x2f/0xb0 [ 91.505718][ T6327] ? console_lock_spinning_enable+0x9f/0xd0 [ 91.505742][ T6327] console_lock_spinning_enable+0xb0/0xd0 [ 91.505763][ T6327] ? console_lock_spinning_enable+0x9f/0xd0 [ 91.505789][ T6327] console_flush_all+0x7ac/0xc60 [ 91.505814][ T6327] ? __pfx_console_flush_all+0x10/0x10 [ 91.505839][ T6327] ? printk_percpu_data_ready+0x9/0x20 [ 91.505860][ T6327] ? nbcon_get_cpu_emergency_nesting+0x3b/0x50 [ 91.505876][ T6327] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 91.505901][ T6327] console_unlock+0xd9/0x210 [ 91.505922][ T6327] ? __pfx_console_unlock+0x10/0x10 [ 91.505945][ T6327] ? lock_acquire+0x2f/0xb0 [ 91.505962][ T6327] ? vprintk+0x7f/0xa0 [ 91.505986][ T6327] ? __down_trylock_console_sem+0xb0/0x140 [ 91.506011][ T6327] vprintk_emit+0x424/0x6f0 [ 91.506034][ T6327] ? __pfx_vprintk_emit+0x10/0x10 [ 91.506059][ T6327] vprintk+0x7f/0xa0 [ 91.506082][ T6327] _printk+0xc8/0x100 [ 91.506099][ T6327] ? __pfx__printk+0x10/0x10 [ 91.506117][ T6327] ? ___ratelimit+0x24c/0x570 [ 91.506138][ T6327] ? __pfx____ratelimit+0x10/0x10 [ 91.506159][ T6327] should_fail_ex+0x46c/0x5b0 [ 91.506185][ T6327] copy_to_user_nofault+0xac/0x180 [ 91.506204][ T6327] bpf_probe_write_user+0xaf/0xf0 [ 91.506229][ T6327] bpf_prog_6303d92f98284ad8+0x44/0x48 [ 91.506243][ T6327] bpf_trace_run4+0x245/0x5a0 [ 91.506260][ T6327] ? __pfx_bpf_trace_run4+0x10/0x10 [ 91.506278][ T6327] ? __pfx_mark_lock+0x10/0x10 [ 91.506296][ T6327] ? lock_acquire.part.0+0x11b/0x380 [ 91.506317][ T6327] __bpf_trace_sched_switch+0x13e/0x190 [ 91.506336][ T6327] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 91.506355][ T6327] ? plist_check_prev_next+0x101/0x1a0 [ 91.506375][ T6327] ? psi_task_switch+0x6db/0x8e0 [ 91.506402][ T6327] __schedule+0x1b71/0x5ad0 [ 91.506422][ T6327] ? __pfx_mark_lock+0x10/0x10 [ 91.506441][ T6327] ? __pfx___schedule+0x10/0x10 [ 91.506460][ T6327] ? __pfx___lock_acquire+0x10/0x10 [ 91.506477][ T6327] ? __pfx_lock_release+0x10/0x10 [ 91.506500][ T6327] ? mark_held_locks+0x9f/0xe0 [ 91.506519][ T6327] preempt_schedule_irq+0x51/0x90 [ 91.506539][ T6327] irqentry_exit+0x36/0x90 [ 91.506559][ T6327] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 91.506581][ T6327] RIP: 0010:fs_reclaim_release+0x55/0x100 [ 91.506608][ T6327] Code: f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 a2 00 00 00 8b 45 2c a9 00 00 0c 10 75 6d f6 c7 04 74 4e 65 48 8b 2d 6b ec 14 7e <48> 8d 7d 2c 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f [ 91.506623][ T6327] RSP: 0018:ffffc900030e7db8 EFLAGS: 00000202 [ 91.506637][ T6327] RAX: 0000000000400140 RBX: 0000000000102cc0 RCX: ffffc900030e7d58 [ 91.506651][ T6327] RDX: 0000000000000000 RSI: ffffffff8b6cdb40 RDI: ffff88802666802c [ 91.506662][ T6327] RBP: ffff888026668000 R08: 0000000000000000 R09: fffffbfff20be07a [ 91.506673][ T6327] R10: ffffffff905f03d7 R11: 0000000000000001 R12: ffff88801b041500 [ 91.506683][ T6327] R13: 0000000000102cc0 R14: 0000000000000005 R15: 00000000ffffffff [ 91.506700][ T6327] __kmalloc_node_track_caller_noprof+0xbc/0x510 [ 91.506729][ T6327] ? strndup_user+0x78/0xe0 [ 91.506747][ T6327] memdup_user+0x2a/0xd0 [ 91.506762][ T6327] strndup_user+0x78/0xe0 [ 91.506779][ T6327] __x64_sys_mount+0x138/0x320 [ 91.506798][ T6327] ? __pfx___x64_sys_mount+0x10/0x10 [ 91.506821][ T6327] do_syscall_64+0xcd/0x250 [ 91.506843][ T6327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.506865][ T6327] RIP: 0033:0x7f4021d7ff19 [ 91.506879][ T6327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.506894][ T6327] RSP: 002b:00007f4022bd1058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 91.506908][ T6327] RAX: ffffffffffffffda RBX: 00007f4021f46160 RCX: 00007f4021d7ff19 [ 91.506918][ T6327] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00000000200000c0 [ 91.506929][ T6327] RBP: 00007f4022bd10a0 R08: 0000000000000000 R09: 0000000000000000 [ 91.506939][ T6327] R10: 0000000000000109 R11: 0000000000000246 R12: 0000000000000001 [ 91.506949][ T6327] R13: 0000000000000000 R14: 00007f4021f46160 R15: 00007ffd83fc6ab8 [ 91.506964][ T6327] [ 92.812066][ T6327] CPU: 1 UID: 0 PID: 6327 Comm: syz.0.108 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0 [ 92.822633][ T6327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 92.832683][ T6327] Call Trace: [ 92.835941][ T6327] [ 92.838958][ T6327] dump_stack_lvl+0x116/0x1f0 [ 92.843632][ T6327] should_fail_ex+0x497/0x5b0 [ 92.848347][ T6327] copy_to_user_nofault+0xac/0x180 [ 92.853442][ T6327] bpf_probe_write_user+0xaf/0xf0 [ 92.858482][ T6327] bpf_prog_6303d92f98284ad8+0x44/0x48 [ 92.863949][ T6327] bpf_trace_run4+0x245/0x5a0 [ 92.868633][ T6327] ? __pfx_bpf_trace_run4+0x10/0x10 [ 92.873818][ T6327] ? __pfx_mark_lock+0x10/0x10 [ 92.878554][ T6327] ? lock_acquire.part.0+0x11b/0x380 [ 92.883827][ T6327] __bpf_trace_sched_switch+0x13e/0x190 [ 92.889346][ T6327] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 92.895383][ T6327] ? plist_check_prev_next+0x101/0x1a0 [ 92.900811][ T6327] ? psi_task_switch+0x6db/0x8e0 [ 92.905733][ T6327] __schedule+0x1b71/0x5ad0 [ 92.910208][ T6327] ? __pfx_mark_lock+0x10/0x10 [ 92.914950][ T6327] ? __pfx___schedule+0x10/0x10 [ 92.919782][ T6327] ? __pfx___lock_acquire+0x10/0x10 [ 92.924947][ T6327] ? __pfx_lock_release+0x10/0x10 [ 92.929942][ T6327] ? mark_held_locks+0x9f/0xe0 [ 92.934763][ T6327] preempt_schedule_irq+0x51/0x90 [ 92.939758][ T6327] irqentry_exit+0x36/0x90 [ 92.944145][ T6327] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 92.949575][ T6327] RIP: 0010:fs_reclaim_release+0x55/0x100 [ 92.955280][ T6327] Code: f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 a2 00 00 00 8b 45 2c a9 00 00 0c 10 75 6d f6 c7 04 74 4e 65 48 8b 2d 6b ec 14 7e <48> 8d 7d 2c 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f [ 92.974857][ T6327] RSP: 0018:ffffc900030e7db8 EFLAGS: 00000202 [ 92.980893][ T6327] RAX: 0000000000400140 RBX: 0000000000102cc0 RCX: ffffc900030e7d58 [ 92.988843][ T6327] RDX: 0000000000000000 RSI: ffffffff8b6cdb40 RDI: ffff88802666802c [ 92.996786][ T6327] RBP: ffff888026668000 R08: 0000000000000000 R09: fffffbfff20be07a [ 93.004727][ T6327] R10: ffffffff905f03d7 R11: 0000000000000001 R12: ffff88801b041500 [ 93.012670][ T6327] R13: 0000000000102cc0 R14: 0000000000000005 R15: 00000000ffffffff [ 93.020790][ T6327] __kmalloc_node_track_caller_noprof+0xbc/0x510 [ 93.027130][ T6327] ? strndup_user+0x78/0xe0 [ 93.031617][ T6327] memdup_user+0x2a/0xd0 [ 93.035842][ T6327] strndup_user+0x78/0xe0 [ 93.040174][ T6327] __x64_sys_mount+0x138/0x320 [ 93.044918][ T6327] ? __pfx___x64_sys_mount+0x10/0x10 [ 93.050182][ T6327] do_syscall_64+0xcd/0x250 [ 93.054692][ T6327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.060585][ T6327] RIP: 0033:0x7f4021d7ff19 [ 93.065077][ T6327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.084662][ T6327] RSP: 002b:00007f4022bd1058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 93.093078][ T6327] RAX: ffffffffffffffda RBX: 00007f4021f46160 RCX: 00007f4021d7ff19 [ 93.101020][ T6327] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00000000200000c0 [ 93.108961][ T6327] RBP: 00007f4022bd10a0 R08: 0000000000000000 R09: 0000000000000000 [ 93.116914][ T6327] R10: 0000000000000109 R11: 0000000000000246 R12: 0000000000000001 [ 93.124863][ T6327] R13: 0000000000000000 R14: 00007f4021f46160 R15: 00007ffd83fc6ab8 [ 93.132820][ T6327] [ 93.135885][ C0] vkms_vblank_simulate: vblank timer overrun [ 93.143618][ T5896] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 93.153828][ T29] kauditd_printk_skb: 15 callbacks suppressed [ 93.153843][ T29] audit: type=1400 audit(1733481169.910:276): avc: denied { write } for pid=6324 comm="syz.0.108" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 93.153972][ T5868] m920x_read = error: -19 [ 93.159938][ T29] audit: type=1400 audit(1733481169.910:277): avc: denied { open } for pid=6324 comm="syz.0.108" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 93.182998][ T5868] dvb-usb: error while querying for an remote control event. [ 93.202103][ T5896] usb 3-1: device descriptor read/8, error -71 [ 93.212462][ T6327] syz.0.108: attempt to access beyond end of device [ 93.212462][ T6327] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0 [ 93.238303][ T6327] befs: (nbd0): unable to read superblock [ 93.291802][ T5868] m920x_read = error: -19 [ 93.296177][ T5868] dvb-usb: error while querying for an remote control event. [ 93.298645][ T5866] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 93.333793][ T5866] ath9k_htc: Failed to initialize the device [ 93.340635][ T5901] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 93.393733][ T5869] usb 2-1: ath9k_htc: USB layer deinitialized [ 93.393821][ T5901] usb 4-1: USB disconnect, device number 5 [ 93.414433][ T5868] m920x_read = error: -19 [ 93.417322][ T29] audit: type=1400 audit(1733481171.630:278): avc: denied { mounton } for pid=6324 comm="syz.0.108" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=38 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 93.418877][ T5868] dvb-usb: error while querying for an remote control event. [ 93.521871][ T5868] m920x_read = error: -19 [ 93.526267][ T5868] dvb-usb: error while querying for an remote control event. [ 93.642296][ T5869] m920x_read = error: -19 [ 93.646674][ T5869] dvb-usb: error while querying for an remote control event. [ 93.761975][ T9] m920x_read = error: -19 [ 93.766349][ T9] dvb-usb: error while querying for an remote control event. [ 93.882256][ T9] m920x_read = error: -19 [ 93.886630][ T9] dvb-usb: error while querying for an remote control event. [ 94.001754][ T9] m920x_read = error: -19 [ 94.006150][ T9] dvb-usb: error while querying for an remote control event. [ 94.121784][ T9] m920x_read = error: -19 [ 94.126135][ T9] dvb-usb: error while querying for an remote control event. [ 94.241818][ T9] m920x_read = error: -19 [ 94.246218][ T9] dvb-usb: error while querying for an remote control event. [ 94.361994][ T5896] m920x_read = error: -19 [ 94.366385][ T5896] dvb-usb: error while querying for an remote control event. [ 94.481858][ T9] m920x_read = error: -19 [ 94.486251][ T9] dvb-usb: error while querying for an remote control event. [ 94.602097][ T9] m920x_read = error: -19 [ 94.606490][ T9] dvb-usb: error while querying for an remote control event. [ 94.721833][ T9] m920x_read = error: -19 [ 94.726206][ T9] dvb-usb: error while querying for an remote control event. [ 94.842795][ T9] m920x_read = error: -19 [ 94.847227][ T9] dvb-usb: error while querying for an remote control event. [ 94.961796][ T9] m920x_read = error: -19 [ 94.966208][ T9] dvb-usb: error while querying for an remote control event. [ 95.081844][ T9] m920x_read = error: -19 [ 95.086259][ T9] dvb-usb: error while querying for an remote control event. [ 95.202796][ T9] m920x_read = error: -19 [ 95.207175][ T9] dvb-usb: error while querying for an remote control event. [ 95.322343][ T9] m920x_read = error: -19 [ 95.326707][ T9] dvb-usb: error while querying for an remote control event. [ 95.441776][ T5896] m920x_read = error: -19 [ 95.446332][ T5896] dvb-usb: error while querying for an remote control event. [ 95.562394][ T5896] m920x_read = error: -19 [ 95.566782][ T5896] dvb-usb: error while querying for an remote control event. [ 95.682292][ T5896] m920x_read = error: -19 [ 95.686661][ T5896] dvb-usb: error while querying for an remote control event. [ 95.802105][ T5896] m920x_read = error: -19 [ 95.806570][ T5896] dvb-usb: error while querying for an remote control event. [ 95.921844][ T5896] m920x_read = error: -19 [ 95.926220][ T5896] dvb-usb: error while querying for an remote control event. [ 96.042936][ T5896] m920x_read = error: -19 [ 96.047302][ T5896] dvb-usb: error while querying for an remote control event. [ 96.161835][ T5896] m920x_read = error: -19 [ 96.166252][ T5896] dvb-usb: error while querying for an remote control event. [ 96.282177][ T9] m920x_read = error: -19 [ 96.286601][ T9] dvb-usb: error while querying for an remote control event. [ 96.402307][ T5896] m920x_read = error: -19 [ 96.406990][ T5896] dvb-usb: error while querying for an remote control event. [ 96.522037][ T5896] m920x_read = error: -19 [ 96.526445][ T5896] dvb-usb: error while querying for an remote control event. [ 96.642427][ T9] m920x_read = error: -19 [ 96.646806][ T9] dvb-usb: error while querying for an remote control event. [ 96.762564][ T9] m920x_read = error: -19 [ 96.766934][ T9] dvb-usb: error while querying for an remote control event. [ 96.881778][ T9] m920x_read = error: -19 [ 96.886193][ T9] dvb-usb: error while querying for an remote control event. [ 97.003976][ T9] m920x_read = error: -19 [ 97.008506][ T9] dvb-usb: error while querying for an remote control event. [ 97.121747][ T9] m920x_read = error: -19 [ 97.126336][ T9] dvb-usb: error while querying for an remote control event. [ 97.241801][ T9] m920x_read = error: -19 [ 97.246192][ T9] dvb-usb: error while querying for an remote control event. [ 97.362313][ T9] m920x_read = error: -19 [ 97.366693][ T9] dvb-usb: error while querying for an remote control event. [ 97.482248][ T9] m920x_read = error: -19 [ 97.486630][ T9] dvb-usb: error while querying for an remote control event. [ 97.602236][ T9] m920x_read = error: -19 [ 97.606618][ T9] dvb-usb: error while querying for an remote control event. [ 97.721761][ T9] m920x_read = error: -19 [ 97.726130][ T9] dvb-usb: error while querying for an remote control event. [ 97.842386][ T9] m920x_read = error: -19 [ 97.846754][ T9] dvb-usb: error while querying for an remote control event. [ 97.962578][ T9] m920x_read = error: -19 [ 97.966955][ T9] dvb-usb: error while querying for an remote control event. [ 98.082716][ T9] m920x_read = error: -19 [ 98.087076][ T9] dvb-usb: error while querying for an remote control event. [ 98.202290][ T9] m920x_read = error: -19 [ 98.206711][ T9] dvb-usb: error while querying for an remote control event. [ 98.322376][ T9] m920x_read = error: -19 [ 98.326753][ T9] dvb-usb: error while querying for an remote control event. [ 98.451848][ T9] m920x_read = error: -19 [ 98.456457][ T9] dvb-usb: error while querying for an remote control event. [ 98.572779][ T9] m920x_read = error: -19 [ 98.577161][ T9] dvb-usb: error while querying for an remote control event. [ 98.691898][ T9] m920x_read = error: -19 [ 98.696286][ T9] dvb-usb: error while querying for an remote control event. [ 98.812312][ T9] m920x_read = error: -19 [ 98.816662][ T9] dvb-usb: error while querying for an remote control event. [ 98.932169][ T9] m920x_read = error: -19 [ 98.936520][ T9] dvb-usb: error while querying for an remote control event. [ 99.052257][ T9] m920x_read = error: -19 [ 99.056611][ T9] dvb-usb: error while querying for an remote control event. [ 99.172670][ T9] m920x_read = error: -19 [ 99.177042][ T9] dvb-usb: error while querying for an remote control event. [ 99.292069][ T9] m920x_read = error: -19 [ 99.296454][ T9] dvb-usb: error while querying for an remote control event. [ 99.422531][ T9] m920x_read = error: -19 [ 99.427015][ T9] dvb-usb: error while querying for an remote control event. [ 99.542107][ T9] m920x_read = error: -19 [ 99.546499][ T9] dvb-usb: error while querying for an remote control event. [ 99.662161][ T5896] m920x_read = error: -19 [ 99.666973][ T5896] dvb-usb: error while querying for an remote control event. [ 99.781861][ T5896] m920x_read = error: -19 [ 99.786427][ T5896] dvb-usb: error while querying for an remote control event. [ 99.902185][ T5896] m920x_read = error: -19 [ 99.906560][ T5896] dvb-usb: error while querying for an remote control event. [ 100.021837][ T5896] m920x_read = error: -19 [ 100.026367][ T5896] dvb-usb: error while querying for an remote control event. [ 100.142290][ T5896] m920x_read = error: -19 [ 100.146687][ T5896] dvb-usb: error while querying for an remote control event. [ 100.262114][ T5896] m920x_read = error: -19 [ 100.266499][ T5896] dvb-usb: error while querying for an remote control event. [ 100.391772][ T5896] m920x_read = error: -19 [ 100.396158][ T5896] dvb-usb: error while querying for an remote control event. [ 100.512246][ T5896] m920x_read = error: -19 [ 100.516649][ T5896] dvb-usb: error while querying for an remote control event. [ 100.631780][ T5896] m920x_read = error: -19 [ 100.636189][ T5896] dvb-usb: error while querying for an remote control event. [ 100.751782][ T5896] m920x_read = error: -19 [ 100.756210][ T5896] dvb-usb: error while querying for an remote control event. [ 100.872956][ T5896] m920x_read = error: -19 [ 100.877312][ T5896] dvb-usb: error while querying for an remote control event. [ 100.992542][ T5896] m920x_read = error: -19 [ 100.996924][ T5896] dvb-usb: error while querying for an remote control event. [ 101.111845][ T5896] m920x_read = error: -19 [ 101.116617][ T5896] dvb-usb: error while querying for an remote control event. [ 101.232483][ T5896] m920x_read = error: -19 [ 101.236960][ T5896] dvb-usb: error while querying for an remote control event. [ 101.361883][ T5896] m920x_read = error: -19 [ 101.366258][ T5896] dvb-usb: error while querying for an remote control event. [ 101.482737][ T5896] m920x_read = error: -19 [ 101.487121][ T5896] dvb-usb: error while querying for an remote control event.