last executing test programs: 43.247360173s ago: executing program 1 (id=34): ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000280)={&(0x7f0000000400)=[0x0, 0x0], &(0x7f0000000280), 0x2, r1}) r3 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000240)={0x0, &(0x7f0000000440)=[@wr_crn={0x46, 0x20, {0x8, 0xffffffffffffcc52}}, @code={0xa, 0x79, {"48b800800000000000000f23d00f21f8350000000f0f23f8652e0f0966b8b2000f00d866410f5f4d97b9800000c00f3235001000000f30c4417e2d8c190050000066b85c000f00d83e0f23980f20e035100000000f22e0b9cd020000b800000000ba008000000f30"}}, @out_dx={0xaa, 0x28, {0xaee0, 0x0, 0x7}}, @in_dx={0x82, 0x20, {0xe2e6, 0x5}}, @uexit={0x0, 0x18, 0x6}, @cpuid={0x14, 0x18, {0x0, 0x1}}, @wr_drn={0x6e, 0x20, {0x1, 0x695}}, @wr_crn={0x46, 0x20, {0x4, 0x9}}, @in_dx={0x82, 0x20, {0x96f9}}, @in_dx={0x82, 0x20, {0xef75, 0x6}}, @cpuid={0x14, 0x18, {0xf5, 0x4}}, @wr_crn={0x46, 0x20, {0x3, 0x7bb3}}, @wr_crn={0x46, 0x20, {0x4}}, @uexit={0x0, 0x18, 0xffffffff}, @out_dx={0xaa, 0x28, {0xb0cd, 0x3, 0x9}}, @rdmsr={0x32, 0x18, {0x2d7}}, @rdmsr={0x32, 0x18, {0xbfb}}, @rdmsr={0x32, 0x18, {0x33c}}, @rdmsr={0x32, 0x18, {0x35a}}], 0x289}) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000340)=@arm64_fp={0x604000000010009e, &(0x7f00000002c0)=0x7f}) ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f0000000380)=[r1], &(0x7f00000003c0)=[0x7], &(0x7f0000000300)=[r2], &(0x7f0000000180)=[0x31], 0x0, 0xff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) r4 = syz_usb_connect(0x0, 0x24, &(0x7f00000004c0)=ANY=[@ANYBLOB="120100001517ee40f00a057a0000010203010902120001000000000904000000ff"], 0x0) syz_usb_control_io$printer(r4, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="203111"], 0x0, 0x0, 0x0, 0x0, 0x0}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000700), 0x4000, 0x0) pipe2$watch_queue(&(0x7f0000002240)={0xffffffffffffffff}, 0x80) r6 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r5, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0xffffffffffffff6c, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000002000)=""/102400, 0x19000) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r8, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2) 39.810285385s ago: executing program 1 (id=46): socket$nl_rdma(0x10, 0x3, 0x14) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x4500, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) vmsplice(r0, 0x0, 0x0, 0x4) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00') r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x18) sched_setscheduler(0x0, 0x2, 0x0) getpid() r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000980)={0x1, @pix_mp={0x8d2, 0x0, 0x35314241, 0x0, 0x4, [{0x0, 0xfffffffd}, {0x0, 0x8}, {0x0, 0x80000}, {0xffff7fff}, {0x8}, {0x2, 0xb}, {0x0, 0x7}], 0x8a, 0xfd, 0x2, 0x0, 0x7}}) socket$nl_netfilter(0x10, 0x3, 0xc) pread64(r1, &(0x7f0000001140)=""/228, 0x87, 0x8) socket$nl_route(0x10, 0x3, 0x0) 38.877717097s ago: executing program 1 (id=51): ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = socket$inet(0xa, 0x801, 0x414e) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x208) r3 = accept4(r2, 0x0, 0x0, 0x80000) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000180), 0x8) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMP(r4, 0x1, 0x23, &(0x7f0000000080)=0x5, 0x4) bind$inet(r4, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="1f", 0x1}], 0x1}, 0x4000841) recvmmsg(r4, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r6, 0xae64, 0x0) ioctl$KVM_SET_PIT2(r6, 0xae71, &(0x7f0000000080)={[{0x10000, 0x0, 0x20, 0x0, 0x20, 0xfd, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x100000000000000}, {0xfffffffe, 0xd340, 0x20, 0x0, 0x0, 0x0, 0xc9, 0x0, 0x4, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0x3, 0xfe}]}) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') preadv(r7, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="b80b000000050104000000000000000003000080540201"], 0xbb8}, 0x1, 0x0, 0x0, 0x2000}, 0x4004040) ioctl$I2C_RETRIES(r7, 0x701, 0xe) setitimer(0x1, &(0x7f00000000c0)={{}, {0x0, 0x2710}}, &(0x7f00000001c0)) 36.965275364s ago: executing program 1 (id=53): socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xa7) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) 36.568652772s ago: executing program 1 (id=56): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1}, 0x0, 0x0}, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000001900010000000000000000001c53f1a4507862fc80"], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x7, 0x4000000000000e51, 0xfffffffffffffffe, 0x5479, 0x1035, 0x200000000006, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0xbf4, 0xfff, 0x8000000000005, 0x800000068], 0x2000, 0x80cd4}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendmmsg$sock(r4, &(0x7f0000000740)=[{{&(0x7f0000000080)=@phonet={0x23, 0x7, 0x0, 0x7}, 0x14, 0x0, 0x0, &(0x7f0000000240)=[@mark={{0x14, 0x1, 0x24, 0x8}}], 0x18}}], 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000200)) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0) r6 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x9, 0x400001) ioctl$VIDIOC_LOG_STATUS(r6, 0x5646, 0x0) cachestat(r5, &(0x7f0000000040)={0xff, 0x4}, &(0x7f0000000080), 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0) 33.388331114s ago: executing program 1 (id=65): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) timer_create(0x0, &(0x7f0000000080)={0x0, 0x8012, 0x0, @thr={0x0, 0x0}}, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x50) pwrite64(r0, &(0x7f00000005c0)='\"', 0x1, 0x4fed0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r5}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 33.188000007s ago: executing program 32 (id=65): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) timer_create(0x0, &(0x7f0000000080)={0x0, 0x8012, 0x0, @thr={0x0, 0x0}}, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x50) pwrite64(r0, &(0x7f00000005c0)='\"', 0x1, 0x4fed0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r5}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 15.374322797s ago: executing program 4 (id=111): prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ptrace$ARCH_MAP_VDSO_X32(0x1e, r0, 0xaa, 0x2001) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) mq_notify(r3, &(0x7f00000000c0)={0x0, 0xc, 0x0, @thr={0x0, 0x0}}) readv(r3, &(0x7f0000000000)=[{&(0x7f0000000100)=""/251}], 0x59) r4 = socket$netlink(0x10, 0x3, 0x8000000004) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r4, {0x8000, 0xfffffe01}}, './file0\x00'}) ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001380), 0x2040, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000003c0)={@fallback=r5, 0x20, 0x0, 0x1000, &(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r9}, 0x18) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000400)={r5, r7, 0x25, 0x11, @val=@tcx={@void, @value=r9, @void, @void, r8}}, 0x1c) ioctl$TIOCNOTTY(r6, 0x5422) writev(r4, &(0x7f0000000140)=[{&(0x7f0000000340)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a0010000300080c10000000000000000000", 0x58}], 0x1) 14.408455971s ago: executing program 4 (id=114): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r3, 0xfffffffc) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, r6, 0x7}, 0x14}}, 0x0) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f0000000080)=0x7) r8 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x10000000, 0x10802) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r8, 0x40045532, &(0x7f0000000840)) r9 = syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_FORWARD(r9, 0x40084149, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r10 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) bind$bt_rfcomm(r10, &(0x7f0000000580)={0x1f, @none, 0xff}, 0xa) recvmsg(r10, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)=""/44, 0x2c}, {&(0x7f0000000100)=""/224, 0xe0}, {&(0x7f0000000040)=""/1, 0x1}, {&(0x7f0000000200)=""/154, 0x9a}, {&(0x7f00000002c0)=""/34, 0x22}, {&(0x7f0000000300)=""/157, 0x9d}], 0x6, &(0x7f0000000440)=""/224, 0xe0}, 0x40002000) connect$bt_rfcomm(r10, &(0x7f00000000c0)={0x1f, @none, 0x6}, 0xa) 14.0266118s ago: executing program 0 (id=117): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0}) 12.350793777s ago: executing program 4 (id=121): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x13, &(0x7f0000000740)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c2500000000002020207b1ae8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000dd0600008500000006000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000080)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast}) write$cgroup_devices(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e0308004d6b71ef288563", @ANYBLOB="13f029f54211bef11b3b861be8e26f", @ANYRESHEX=r0], 0xffdd) 11.20628319s ago: executing program 2 (id=126): r0 = socket$pppoe(0x18, 0x1, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f00000001c0)=0x1e00) r1 = socket$inet6(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) timer_settime(r2, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) timer_settime(r2, 0x0, &(0x7f0000000180)={{r3, r4+60000000}, {0x0, 0x3938700}}, &(0x7f0000000240)) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x2}, &(0x7f0000000040)=0x8) r6 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r6, &(0x7f00000000c0), 0x10) setsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, &(0x7f0000000100)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000080)={0x40, 0x800c, 0x4b, 0x3f, r5}, &(0x7f00000000c0)=0x10) r7 = getpid() r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x8924, &(0x7f00000002c0)={'ip6erspan0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}) r9 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0xd, 0x3, &(0x7f0000000040)=@framed={{0xb6, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0xc0}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7) syz_open_dev$sg(&(0x7f0000000080), 0xf9ba, 0x143882) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r10 = getpid() connect$unix(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r10, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x2010, r9, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r11, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r12, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r11, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) 10.20740963s ago: executing program 5 (id=127): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x880) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) sendmsg$nl_generic(r0, 0x0, 0x4000000) 10.01814817s ago: executing program 0 (id=129): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r2, &(0x7f0000000040)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x0) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0xa964c761d5ec79d1, 0x31, 0xffffffffffffffff, 0xcee90000) capset(&(0x7f0000002ffa)={0x20080522, 0xffffffffffffffff}, 0x0) r4 = open(&(0x7f0000000080)='./bus\x00', 0x145542, 0x40) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') read$FUSE(r3, &(0x7f0000004c80)={0x2020}, 0x2020) ftruncate(r4, 0x2007ffd) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r4, &(0x7f0000000500)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYRES16=0x0, @ANYBLOB="00032abd7000fbdbdf25190000001400018008000300000000000800030001000000600001800800030003000000080003000000000008000100", @ANYBLOB="0800030001000000080003000200000014000200626f6e645f736c6176655f300000000008000300030000", @ANYRES32=0x0, @ANYBLOB="241001000001000000bf03000000000000640100", @ANYRES32=0x0, @ANYBLOB="080003", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0xac}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000000)='cubic', 0x9) recvfrom$inet(r6, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) r7 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') 9.160887496s ago: executing program 5 (id=130): r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff0524060000"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0) syz_usb_control_io$printer(r1, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000400)={0x40, 0x9, 0x8, "0800000000000001"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r1, 0x0, 0x0) 8.890149938s ago: executing program 0 (id=132): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000b80)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0xba, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x8, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x6}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x7, {[@global=@item_012={0x1, 0x1, 0x8, "1f"}, @main=@item_012={0x2, 0x0, 0x8, 'Q;'}, @local=@item_012={0x1, 0x2, 0x5, "96"}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, &(0x7f0000000080)={0x40, 0x9, 0x8a, {0x8a, 0xd, "66f9488c3fa59c305dd883964ab3fd2bb7d11055c355034f68dbdabafee8b9ec2abb8bec6994f8a248939b06ec54e957418462023be3914dfbb99d458cabcaef1ea35a8a7721c6c30731f592decb66f4f3462ae6fd15b1594ed1dead82861b757ba3ea6fd56bb958d03986261a64c0f79c287ab2bf4a9eabe6f22791713557f786681c8d63f83370"}}, &(0x7f0000000000)={0x0, 0x3, 0x11, @string={0x11, 0x3, "6021370ea16b357494a4d1ccdd435b"}}, &(0x7f0000000140)={0x0, 0x22, 0x1c, {[@global=@item_012={0x1, 0x1, 0x9, 's'}, @local=@item_012={0x0, 0x2, 0x2}, @local=@item_4={0x3, 0x2, 0xa, "179c70c9"}, @global=@item_4={0x3, 0x1, 0xb, "e7cc8d09"}, @main=@item_4={0x3, 0x0, 0x9, "6dbc82c3"}, @main=@item_4={0x3, 0x0, 0xb, "d51fad76"}, @main=@item_4={0x3, 0x0, 0xa, "bf0e4bd4"}]}}, &(0x7f0000000180)={0x0, 0x21, 0x9, {0x9, 0x21, 0xe, 0x5, 0x1, {0x22, 0xae3}}}}, &(0x7f0000000400)={0x2c, &(0x7f0000000240)={0xcdf2cc215141e466, 0x1, 0x58, "bd200d47ef863007bbb5b0a998b8ceca6b30a64cdf1ecd1bdf57c955e2f719b049c4b09baf9adaad624055164a47f6d3b87443dd8f7015ccce1dd5dcf43a3a16470e8745d698cf2d2ffbe01859a81e022f22418363bdbc38"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000340)={0x20, 0x1, 0x4f, "5b3228496a940756e42ae67a8cdbf12953b4ecc011565392fac87dfe43ebb0deb446bcd85abbb9a91093ad54509513c27c31533527fa57b81f5b7549c8d64293cee3ddcf4e0d839c790a579a9c598f"}, &(0x7f00000003c0)={0x20, 0x3, 0x1, 0x3}}) 7.869727538s ago: executing program 2 (id=134): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0}) 7.774745337s ago: executing program 4 (id=135): mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x291) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_BMAP(r0, &(0x7f0000000340)={0x18, 0x0, r1, {0x1c0000000000000}}, 0x18) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt(r2, 0xff, 0x1, 0x0, 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c) setsockopt$inet6_IPV6_PKTINFO(r4, 0x29, 0x32, &(0x7f0000000300)={@ipv4={'\x00', '\xff\xff', @broadcast}}, 0x14) chdir(&(0x7f0000000140)='./bus\x00') socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001300), 0x28200, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r8 = dup(r7) r9 = syz_io_uring_setup(0xc0f, &(0x7f00000000c0)={0x0, 0x6efd, 0x80, 0xffffffff, 0x1a}, &(0x7f00000003c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r8, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r9, 0x47f5, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000100)={'pimreg1\x00', &(0x7f0000000500)=@ethtool_drvinfo={0x3, "1e038d410063e30b963c42f26e8cdd218798bef865ad87c645ff71c2d5f90f9b", "eb63e750a7718ad651e9363f86f18675483e1146fcfab23141e1c3a1c2c754ee", "db1952184621d0525ee344689c0394d5e56b2842de9fc11a4324c6a1c24b4460", "39948d8e103639d2833fa77e4836a6fac607c3f64f22b052af408e86c3830890", "5514f49cd49563c2b9280baf029a210a8b56d7a96c275c5d60381c4fc4870aa3", "6d42873d8b7373fdb0f12252", 0x9, 0x9, 0x10000, 0x4, 0x7fffffff}}) r12 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r12, 0x3b81, &(0x7f00000000c0)={0xc}) 7.132899726s ago: executing program 3 (id=137): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141102) syz_emit_ethernet(0x1e, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0xa964c761d5ec79d1, 0x31, 0xffffffffffffffff, 0xcee90000) capset(&(0x7f0000002ffa)={0x20080522, 0xffffffffffffffff}, 0x0) syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000340), &(0x7f0000000280)) lseek(0xffffffffffffffff, 0x3fb, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={{0x14}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x36}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x24, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x23}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x16}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xb0}}, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x4e22, 0xfffffffe, @empty}}}, 0x48) semget$private(0x0, 0x1, 0x8) syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000200)={'erspan0\x00', &(0x7f00000004c0)={'syztnl1\x00', 0x0, 0x7, 0x40, 0x6, 0x1, {{0x22, 0x4, 0x0, 0x8, 0x88, 0x67, 0x0, 0x1, 0x2f, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x3b}, {[@cipso={0x86, 0x1b, 0x1, [{0x6, 0xd, "fd3276073703e967faf44a"}, {0x5, 0x8, "20bc709c3f0f"}]}, @timestamp_addr={0x44, 0x14, 0x2b, 0x1, 0x2, [{@multicast1, 0xe}, {@broadcast, 0x2}]}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x3c, 0xcd, 0x3, 0x7, [{@broadcast, 0xfffffff9}, {@empty, 0xffff7fff}, {@remote, 0x1}, {@remote, 0x4}, {@multicast1, 0xfffffffa}, {@loopback, 0x101}, {@empty, 0xe9}]}]}}}}}) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x60, 0x60, 0x9, [@enum={0x4, 0x7, 0x0, 0x6, 0x4, [{0x8}, {0x3, 0x6}, {0x10, 0xef62}, {0x4, 0x8}, {0xa, 0x4}, {0x5, 0x2}, {0x6, 0xe244}]}, @int={0x3, 0x0, 0x0, 0x1, 0x0, 0xa, 0x0, 0x6b, 0x4}, @const={0xc, 0x0, 0x0, 0xa, 0x4}]}, {0x0, [0x30, 0x61, 0x61, 0x0, 0x61, 0x30, 0x5f]}}, &(0x7f0000000780)=""/4096, 0x81, 0x1000, 0x0, 0xfffffff1, 0x10000}, 0x28) r4 = syz_open_dev$loop(&(0x7f00000000c0), 0x100000067e, 0x1) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r5, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0xffffffff9673e35d]}}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={0x1}, 0x4) 6.861670369s ago: executing program 4 (id=138): r0 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000200)={0x2, 0x0, &(0x7f0000000300)=[0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f00000003c0)={&(0x7f0000001280), 0x0, r1, 0x0, '\x00', 0x1ffffffffffffd64, 0x20}) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000020450c125100060009022400010000006409040000040300030009210000000122070009058103ff03001004"], 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0}) 6.709273866s ago: executing program 3 (id=139): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 5.829833348s ago: executing program 0 (id=140): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x880) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) sendmsg$nl_generic(r0, 0x0, 0x4000000) 5.82750896s ago: executing program 5 (id=141): r0 = socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r3, 0xfffffffc) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, r6, 0x7}, 0x14}}, 0x0) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r7, 0x40045010, &(0x7f0000000080)=0x7) r8 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x10000000, 0x10802) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r8, 0x40045532, &(0x7f0000000840)) r9 = syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_FORWARD(r9, 0x40084149, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r10 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) bind$bt_rfcomm(r10, &(0x7f0000000580)={0x1f, @none, 0xff}, 0xa) recvmsg(r10, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)=""/44, 0x2c}, {&(0x7f0000000100)=""/224, 0xe0}, {&(0x7f0000000040)=""/1, 0x1}, {&(0x7f0000000200)=""/154, 0x9a}, {&(0x7f00000002c0)=""/34, 0x22}, {&(0x7f0000000300)=""/157, 0x9d}], 0x6, &(0x7f0000000440)=""/224, 0xe0}, 0x40002000) connect$bt_rfcomm(r10, &(0x7f00000000c0)={0x1f, @none, 0x6}, 0xa) 5.765851892s ago: executing program 0 (id=142): r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_procfs(r0, &(0x7f00000000c0)='task\x00') lseek(r1, 0x80000000004, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$ARCH_GET_GS(0x1e, r2, &(0x7f0000000180), 0x1004) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r4 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x10000) syz_usb_disconnect(r4) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_uring_setup(0x27ca, &(0x7f0000000440)={0x0, 0xada1, 0x20, 0x3, 0x332}) io_uring_enter(0xffffffffffffffff, 0x133d, 0x3e000000, 0x8, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1, {0x6, 0x6d4}, 0xf0}, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) openat(r1, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x48) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x31, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xd, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="720ac4ff000000007110ab000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x94) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r5, &(0x7f000000a280)={0x2020}, 0x2020) mknod$loop(&(0x7f00000002c0)='./file0/../file0/file0\x00', 0xffff2000, 0x0) 5.00167302s ago: executing program 2 (id=143): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000060000000410000010"], 0x50) close(0x3) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x200c008, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000600)={0x0, 0xb}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x8000000000001de, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000380)='hpfs\x00', 0x2208004, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r5, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0xfffffffffffffffd, 0x1, 0x2000200000a95c, 0x4, 0x4000000201, 0x1, 0x48cd, 0xfffffffffffffffc, 0x800000df}) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/uts\x00') r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x6, 0x40, 0x40, 0x41}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYRES16=r6], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$SG_SET_TIMEOUT(r5, 0x2201, &(0x7f0000000080)=0x8001) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000b00), &(0x7f0000000280)="2e5faaf8236a8d33044b3e08828ec5eea11e6aef7dc37afce92f00"/36, 0x867f}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000340)=""/233}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r7, 0x0, 0x8}, 0x18) 4.06456048s ago: executing program 2 (id=144): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="020000000400000006000000aa0b"], 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000940), &(0x7f0000000200), 0xa7c, r0}, 0x38) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RREMOVE(r1, &(0x7f0000000040)={0x7, 0x7b, 0x1}, 0x7) 3.957200779s ago: executing program 2 (id=145): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000404c05f20dafd60000000109022400010000000009040000010300010009210101000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x4, 0x0, 0xffffffffffffffff, 0x400000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x50) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r1, 0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000740)=r2}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={r3, &(0x7f0000000040), 0x0}, 0x20) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRES8=r0, @ANYRES64=r0], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_usb_control_io(r0, 0x0, &(0x7f0000000e40)={0x84, &(0x7f0000000180)=ANY=[@ANYBLOB="001e1400000009"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.95652202s ago: executing program 5 (id=146): socketpair$tipc(0x1e, 0x2, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x4c, r1, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0xffffffff}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0x6}]}]}, 0xfffffcc1}, 0x1, 0x0, 0x0, 0x4000}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x50d, 0x3201, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x60, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x8, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f0000000340)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0, 0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x8031, 0xffffffffffffffff, 0x60dd9000) socket$inet_sctp(0x2, 0x1, 0x84) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r4 = syz_open_pts(0xffffffffffffffff, 0x60000) ioctl$PIO_UNIMAPCLR(r4, 0x4b68, &(0x7f0000000000)={0x5, 0x5, 0x7}) munlockall() getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000000c0)=""/24, &(0x7f0000000100)=0x18) 3.752926692s ago: executing program 4 (id=147): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0}) 3.716717553s ago: executing program 3 (id=148): sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x4000) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000280)='g', 0x1, 0x4008891, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f00000000c0)={0xb, 0x4, 0xfe, 0x2, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5}, 0xe) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x4) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000140)='./file1\x00', 0x1a0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000100)='./file1\x00') getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r4 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) r5 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r5, 0xc0287c02, &(0x7f0000000100)={0x80000000, 0x0, 0x0}) ioctl$MEDIA_IOC_ENUM_ENTITIES(r4, 0xc1007c01, &(0x7f0000000500)) fallocate(r3, 0x1, 0x9, 0x81) 1.90124689s ago: executing program 3 (id=149): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000060000000410000010"], 0x50) close(0x3) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x200c008, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000600)={0x0, 0xb}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x8000000000001de, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000380)='hpfs\x00', 0x2208004, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r5, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0xfffffffffffffffd, 0x1, 0x2000200000a95c, 0x4, 0x4000000201, 0x1, 0x48cd, 0xfffffffffffffffc, 0x800000df}) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/uts\x00') r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x6, 0x40, 0x40, 0x41}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYRES16=r6], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$SG_SET_TIMEOUT(r5, 0x2201, &(0x7f0000000080)=0x8001) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a00000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r8, 0x0, &(0x7f0000000340)=""/233}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r7, 0x0, 0x8}, 0x18) 1.082803685s ago: executing program 0 (id=150): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x4b, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000038000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a400000000504000480140000001100010000000000000000000000000a260da29e329bd3a9a6e12438cd8296feec8e4444fd734bd11e69212f631ead2dcb7bd09554762097cf0d2cc90bb10d2e56bab98ae07e223c75abc7d68198f629675c27137306e52ce1f9657e7eebc31705018b5d5e19bab9634d84ed423baa3bc5f135b443d0b5b6008002484a5e1155abbfe328018b69ebd09c1288b3bb74986a5c8b2b6677a87b0097ac8565a465ce9b1ec4ca8878cbe7bf0e4b2c61808dfb534dc349ae4490c20e8b71e6e56328864ec0cf3d6265a0a16ab5c702b2f6c7eb5c1eb4cbd2ebec52cb0332a48f7def4eadf758b764b19932e159fb383713398a88fa081651f007bba11710b52d2e374c4819e114be265e8757d0d4dfc5ca3bacfad49bdcd77d67880b952b053c4a9bb69cd5c2a8a6f34473a2be68968c39aea7815d3a3803e9ad2c024b135229d8a39ecac49fcee83b5e8100"/454], 0x80}}, 0xc800) r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="00000800000008048263d1cb392ee6262d168b33aca6c4419e26a06d31c66505701b7d6df7375f4272f4ec7f1f4c718875e08cb6005f8d89f22f"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write(r2, 0x81, 0x1, &(0x7f0000000040)='P') r3 = socket(0x10, 0x3, 0x0) sendto$inet6(r3, &(0x7f0000000880)="7800000018002507b9409b14ffff00000204be04020b06050e020909430009003f00064c0a0000000d0085a168d0bf46d32345653600648d270012000200000049935ade4a460c89b6ec2069e91b4123b243da377aaae6ac0cff3959547f509058ba86c902000000004a32000400160012000a0000000000", 0x78, 0x0, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x18, r5, 0x100, 0x70bd27, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 908.729346ms ago: executing program 3 (id=151): pipe(&(0x7f0000000080)) io_setup(0x5, &(0x7f0000000540)=0x0) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') io_submit(r0, 0x1, &(0x7f0000000880)=[&(0x7f00000000c0)={0x0, 0x300, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0xffff000000000000}]) 779.160764ms ago: executing program 3 (id=152): r0 = syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000102505a1a44000000001010902440001fd00000009040000ff0202ffff0524060000"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0) syz_usb_control_io$printer(r1, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000400)={0x40, 0x9, 0x8, "0800000000000001"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r1, 0x0, 0x0) 586.533256ms ago: executing program 2 (id=153): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYRESOCT], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x48) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000"], 0x48) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/mdstat\x00', 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r4}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8) fsopen(&(0x7f0000000480)='adfs\x00', 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r7 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r7, 0xc0184800, &(0x7f0000000100)={0x4, r6}) ioctl$DMA_BUF_SET_NAME_A(r8, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') ioctl$DMA_BUF_IOCTL_SYNC(r8, 0x40086200, &(0x7f0000000540)=0x1) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x3938700}}, 0x0) 144.101364ms ago: executing program 5 (id=154): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b80)=ANY=[@ANYBLOB="170000005400e5012abd7000ffffffff07000000", @ANYRES32=r2, @ANYBLOB="20000100", @ANYRES32=r4, @ANYBLOB="00000000f9"], 0x38}}, 0x40084c0) 0s ago: executing program 5 (id=155): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000060000000410000010"], 0x50) close(0x3) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x200c008, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000600)={0x0, 0xb}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f00000004c0)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x8000000000001de, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000380)='hpfs\x00', 0x2208004, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r5, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0xfffffffffffffffd, 0x1, 0x2000200000a95c, 0x4, 0x4000000201, 0x1, 0x48cd, 0xfffffffffffffffc, 0x800000df}) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/uts\x00') r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x6, 0x40, 0x40, 0x41}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYRES16=r6], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$SG_SET_TIMEOUT(r5, 0x2201, &(0x7f0000000080)=0x8001) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000b00), &(0x7f0000000280)="2e5faaf8236a8d33044b3e08828ec5eea11e6aef7dc37afce92f00"/36, 0x867f}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, &(0x7f0000000340)=""/233}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r7, 0x0, 0x8}, 0x18) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.48' (ED25519) to the list of known hosts. [ 59.509285][ T30] audit: type=1400 audit(1758692169.808:62): avc: denied { mounton } for pid=5833 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 59.512490][ T5833] cgroup: Unknown subsys name 'net' [ 59.532026][ T30] audit: type=1400 audit(1758692169.808:63): avc: denied { mount } for pid=5833 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 59.561503][ T30] audit: type=1400 audit(1758692169.868:64): avc: denied { unmount } for pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 59.697619][ T5833] cgroup: Unknown subsys name 'cpuset' [ 59.705397][ T5833] cgroup: Unknown subsys name 'rlimit' [ 59.832068][ T30] audit: type=1400 audit(1758692170.128:65): avc: denied { setattr } for pid=5833 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 59.855841][ T30] audit: type=1400 audit(1758692170.128:66): avc: denied { create } for pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 59.889631][ T30] audit: type=1400 audit(1758692170.128:67): avc: denied { write } for pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 59.910531][ T30] audit: type=1400 audit(1758692170.128:68): avc: denied { read } for pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 59.930975][ T30] audit: type=1400 audit(1758692170.158:69): avc: denied { mounton } for pid=5833 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 59.955830][ T30] audit: type=1400 audit(1758692170.158:70): avc: denied { mount } for pid=5833 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 59.979096][ T30] audit: type=1400 audit(1758692170.168:71): avc: denied { read } for pid=5515 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 59.983338][ T5835] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 60.945954][ T5833] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 63.127800][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.136174][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 63.143614][ T5863] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 63.156055][ T5863] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 63.166175][ T5862] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 63.171075][ T5856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.180496][ T5863] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 63.181116][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 63.195221][ T5863] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 63.195315][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 63.209572][ T5863] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 63.210322][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.222372][ T5865] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 63.223861][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 63.230531][ T5863] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 63.238437][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.245738][ T5865] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.251986][ T5856] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 63.266196][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 63.266307][ T5863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.273629][ T5856] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 63.288469][ T5863] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 63.289130][ T5856] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 63.315558][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 63.323326][ T5171] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 63.666268][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 63.735012][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 63.838582][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.848283][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.856594][ T5846] bridge_slave_0: entered allmulticast mode [ 63.863221][ T5846] bridge_slave_0: entered promiscuous mode [ 63.874624][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.881730][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.890597][ T5846] bridge_slave_1: entered allmulticast mode [ 63.897489][ T5846] bridge_slave_1: entered promiscuous mode [ 63.927025][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 63.982121][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.989429][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.996706][ T5844] bridge_slave_0: entered allmulticast mode [ 64.003298][ T5844] bridge_slave_0: entered promiscuous mode [ 64.013124][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.020282][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.027696][ T5844] bridge_slave_1: entered allmulticast mode [ 64.034248][ T5844] bridge_slave_1: entered promiscuous mode [ 64.058749][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.070323][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.111702][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.147308][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 64.161407][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.184867][ T5846] team0: Port device team_slave_0 added [ 64.192970][ T5846] team0: Port device team_slave_1 added [ 64.266316][ T5844] team0: Port device team_slave_0 added [ 64.272277][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.279506][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.286667][ T5845] bridge_slave_0: entered allmulticast mode [ 64.293317][ T5845] bridge_slave_0: entered promiscuous mode [ 64.300344][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 64.310068][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.317323][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.343227][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.359773][ T5844] team0: Port device team_slave_1 added [ 64.365953][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.373045][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.380296][ T5845] bridge_slave_1: entered allmulticast mode [ 64.387684][ T5845] bridge_slave_1: entered promiscuous mode [ 64.397864][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.404797][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.430821][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.502344][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.514241][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.533716][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.540867][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.548299][ T5843] bridge_slave_0: entered allmulticast mode [ 64.554855][ T5843] bridge_slave_0: entered promiscuous mode [ 64.561909][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.569013][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.595350][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.626443][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.633567][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.640989][ T5843] bridge_slave_1: entered allmulticast mode [ 64.647895][ T5843] bridge_slave_1: entered promiscuous mode [ 64.654530][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.661580][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.687677][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.711365][ T5845] team0: Port device team_slave_0 added [ 64.742246][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.755759][ T5845] team0: Port device team_slave_1 added [ 64.782141][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.810445][ T5846] hsr_slave_0: entered promiscuous mode [ 64.816520][ T5846] hsr_slave_1: entered promiscuous mode [ 64.853392][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.860367][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.886694][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.900782][ T5844] hsr_slave_0: entered promiscuous mode [ 64.906885][ T5844] hsr_slave_1: entered promiscuous mode [ 64.912714][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 64.919056][ T5844] Cannot create hsr debugfs directory [ 64.934981][ T5843] team0: Port device team_slave_0 added [ 64.941367][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.948729][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.955907][ T5858] bridge_slave_0: entered allmulticast mode [ 64.962497][ T5858] bridge_slave_0: entered promiscuous mode [ 64.979385][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.986359][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.012471][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.025115][ T5843] team0: Port device team_slave_1 added [ 65.031337][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.038456][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.045835][ T5858] bridge_slave_1: entered allmulticast mode [ 65.052415][ T5858] bridge_slave_1: entered promiscuous mode [ 65.112238][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.119412][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.145726][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.158363][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.170039][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.203494][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.210632][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.236804][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.265861][ T5845] hsr_slave_0: entered promiscuous mode [ 65.271831][ T5845] hsr_slave_1: entered promiscuous mode [ 65.277984][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 65.284478][ T5845] Cannot create hsr debugfs directory [ 65.319705][ T5858] team0: Port device team_slave_0 added [ 65.336367][ T5171] Bluetooth: hci3: command tx timeout [ 65.342042][ T5859] Bluetooth: hci1: command tx timeout [ 65.342066][ T5853] Bluetooth: hci2: command tx timeout [ 65.348048][ T5856] Bluetooth: hci4: command tx timeout [ 65.353185][ T5855] Bluetooth: hci0: command tx timeout [ 65.363725][ T5858] team0: Port device team_slave_1 added [ 65.401068][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.408139][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.434435][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.472138][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.479153][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.505602][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.523062][ T5843] hsr_slave_0: entered promiscuous mode [ 65.529446][ T5843] hsr_slave_1: entered promiscuous mode [ 65.535399][ T5843] debugfs: 'hsr0' already exists in 'hsr' [ 65.541113][ T5843] Cannot create hsr debugfs directory [ 65.645012][ T5858] hsr_slave_0: entered promiscuous mode [ 65.651484][ T5858] hsr_slave_1: entered promiscuous mode [ 65.657992][ T5858] debugfs: 'hsr0' already exists in 'hsr' [ 65.663710][ T5858] Cannot create hsr debugfs directory [ 65.814597][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.824878][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.847694][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.870403][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.938846][ T5844] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 65.951861][ T5844] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 65.967808][ T5844] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 65.979854][ T5844] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 66.026214][ T5845] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 66.038546][ T5845] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 66.053831][ T5845] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 66.067686][ T5845] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 66.140645][ T5858] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 66.160924][ T5858] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 66.171508][ T5858] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 66.181047][ T5858] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 66.264706][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.279285][ T5843] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 66.289642][ T5843] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 66.299646][ T5843] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 66.311561][ T5843] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 66.332817][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.348731][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.355911][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.381594][ T1329] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.388714][ T1329] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.462451][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.480890][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.490884][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.532819][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.542357][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.558665][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.565783][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.574389][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 66.574400][ T30] audit: type=1400 audit(1758692176.868:86): avc: denied { sys_module } for pid=5846 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 66.607338][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.627040][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.634115][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.643831][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.650966][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.660317][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.667479][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.681980][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.689084][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.714828][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.722185][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.760179][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.838413][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.859623][ T5844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.877512][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.892062][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.899200][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.932902][ T5845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.971857][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.978980][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.086337][ T5846] veth0_vlan: entered promiscuous mode [ 67.187086][ T5846] veth1_vlan: entered promiscuous mode [ 67.202673][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.292052][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.311774][ T5846] veth0_macvtap: entered promiscuous mode [ 67.344887][ T5846] veth1_macvtap: entered promiscuous mode [ 67.363815][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.399049][ T5858] veth0_vlan: entered promiscuous mode [ 67.407153][ T5844] veth0_vlan: entered promiscuous mode [ 67.416298][ T5855] Bluetooth: hci0: command tx timeout [ 67.421692][ T5855] Bluetooth: hci2: command tx timeout [ 67.427389][ T5853] Bluetooth: hci4: command tx timeout [ 67.428848][ T5856] Bluetooth: hci1: command tx timeout [ 67.432764][ T5853] Bluetooth: hci3: command tx timeout [ 67.453733][ T5858] veth1_vlan: entered promiscuous mode [ 67.467549][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.503307][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.514027][ T5844] veth1_vlan: entered promiscuous mode [ 67.554183][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.582872][ T5858] veth0_macvtap: entered promiscuous mode [ 67.603760][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.612545][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.623542][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.634349][ T5858] veth1_macvtap: entered promiscuous mode [ 67.643678][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.692569][ T5844] veth0_macvtap: entered promiscuous mode [ 67.716699][ T5844] veth1_macvtap: entered promiscuous mode [ 67.748027][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.780018][ T5843] veth0_vlan: entered promiscuous mode [ 67.787473][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.806510][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.818515][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.826263][ T2990] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.844093][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.854901][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.872615][ T2990] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.881388][ T2990] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.915107][ T2990] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.924226][ T5843] veth1_vlan: entered promiscuous mode [ 67.937493][ T3557] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.937830][ T2990] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.957708][ T2990] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.959626][ T3557] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.979758][ T2990] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.988965][ T2990] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.013838][ T30] audit: type=1400 audit(1758692178.308:87): avc: denied { mounton } for pid=5846 comm="syz-executor" path="/root/syzkaller.TijVSq/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 68.039909][ T30] audit: type=1400 audit(1758692178.308:88): avc: denied { mount } for pid=5846 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 68.062519][ T30] audit: type=1400 audit(1758692178.308:89): avc: denied { mounton } for pid=5846 comm="syz-executor" path="/root/syzkaller.TijVSq/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 68.094475][ T30] audit: type=1400 audit(1758692178.308:90): avc: denied { mount } for pid=5846 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 68.129621][ T5843] veth0_macvtap: entered promiscuous mode [ 68.130298][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 68.142430][ T5845] veth0_vlan: entered promiscuous mode [ 68.158706][ T30] audit: type=1400 audit(1758692178.308:91): avc: denied { mounton } for pid=5846 comm="syz-executor" path="/root/syzkaller.TijVSq/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 68.181150][ T2990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.191872][ T30] audit: type=1400 audit(1758692178.308:92): avc: denied { mounton } for pid=5846 comm="syz-executor" path="/root/syzkaller.TijVSq/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 68.196833][ T2990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.234413][ T5843] veth1_macvtap: entered promiscuous mode [ 68.240471][ T30] audit: type=1400 audit(1758692178.308:93): avc: denied { unmount } for pid=5846 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 68.271979][ T30] audit: type=1400 audit(1758692178.348:94): avc: denied { mounton } for pid=5846 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 68.298240][ T5845] veth1_vlan: entered promiscuous mode [ 68.321250][ T30] audit: type=1400 audit(1758692178.348:95): avc: denied { mount } for pid=5846 comm="syz-executor" name="/" dev="gadgetfs" ino=7740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 68.357161][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.368183][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.388265][ T5960] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'. [ 68.390746][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.423426][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.427054][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.445058][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.476219][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.493271][ T5845] veth0_macvtap: entered promiscuous mode [ 68.557418][ T2990] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.574993][ T5845] veth1_macvtap: entered promiscuous mode [ 68.588762][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.598748][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.607923][ T2990] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.619522][ T2990] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.822784][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.869167][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.926002][ T5897] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 68.955776][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.964548][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.999131][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.131017][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.151033][ T5897] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 69.161448][ T5897] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.169501][ T5897] usb 1-1: Product: syz [ 69.174216][ T5897] usb 1-1: Manufacturer: syz [ 69.179668][ T5897] usb 1-1: SerialNumber: syz [ 69.215040][ T5897] usb 1-1: config 0 descriptor?? [ 69.243073][ T2990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.260773][ T2990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.386138][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.393967][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.404175][ T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.419126][ T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.449793][ T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.467661][ T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.475119][ T5897] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 69.484433][ T5929] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 69.495774][ T5855] Bluetooth: hci3: command tx timeout [ 69.505528][ T5855] Bluetooth: hci2: command tx timeout [ 69.505842][ T5853] Bluetooth: hci1: command tx timeout [ 69.510940][ T5855] Bluetooth: hci4: command tx timeout [ 69.516521][ T5853] Bluetooth: hci0: command tx timeout [ 69.660783][ T5929] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 69.678030][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.708990][ T5929] usb 2-1: Product: syz [ 69.713268][ T5929] usb 2-1: Manufacturer: syz [ 69.718258][ T5929] usb 2-1: SerialNumber: syz [ 69.728523][ T5929] usb 2-1: config 0 descriptor?? [ 69.895512][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 69.946286][ T43] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 69.961073][ T5929] usb-storage 2-1:0.0: USB Mass Storage device detected [ 70.115485][ T43] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 70.133914][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.152327][ T43] usb 5-1: config 0 descriptor?? [ 70.335481][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 70.355456][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 70.373676][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 70.382858][ T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!! [ 70.392152][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 70.402800][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 70.411762][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 70.535925][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 70.555214][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 70.575238][ T5904] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 70.959750][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.071346][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.080209][ T5997] netlink: 'syz.1.2': attribute type 10 has an invalid length. [ 71.087809][ T5997] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2'. [ 71.123706][ T5997] team0: Port device geneve0 added [ 71.143826][ T43] usb 5-1: Cannot set autoneg [ 71.168422][ T43] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 71.209440][ T43] usb 5-1: USB disconnect, device number 2 [ 71.245303][ T5904] usb 4-1: device descriptor read/64, error -71 [ 71.325015][ T6005] usb 2-1: USB disconnect, device number 2 [ 71.485489][ T5904] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 71.511051][ T5897] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 71.522672][ T5897] usb 1-1: USB disconnect, device number 2 [ 71.575783][ T5853] Bluetooth: hci0: command tx timeout [ 71.575812][ T5171] Bluetooth: hci1: command tx timeout [ 71.581357][ T5853] Bluetooth: hci2: command tx timeout [ 71.586699][ T5856] Bluetooth: hci3: command tx timeout [ 71.597599][ T5855] Bluetooth: hci4: command tx timeout [ 71.615340][ T5904] usb 4-1: device descriptor read/64, error -71 [ 71.691688][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 71.691703][ T30] audit: type=1400 audit(1758692181.988:136): avc: denied { ioctl } for pid=6011 comm="syz.4.12" path="pid:[4026532784]" dev="nsfs" ino=4026532784 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 71.722222][ C0] vkms_vblank_simulate: vblank timer overrun [ 71.730665][ T6008] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 71.739939][ T5904] usb usb4-port1: attempt power cycle [ 71.758772][ T30] audit: type=1400 audit(1758692182.038:137): avc: denied { create } for pid=6011 comm="syz.4.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 71.934314][ T6008] usb 3-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config [ 71.955562][ T6008] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 72.113974][ T6008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10 [ 72.126351][ T5904] usb 4-1: new low-speed USB device number 4 using dummy_hcd [ 72.161344][ T6008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64 [ 72.173919][ T5904] usb 4-1: device descriptor read/8, error -71 [ 72.197114][ T6008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 39326, setting to 64 [ 72.241843][ T6017] netlink: 5872 bytes leftover after parsing attributes in process `syz.4.14'. [ 72.251100][ T6008] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 72.272550][ T30] audit: type=1400 audit(1758692182.558:138): avc: denied { ioctl } for pid=6018 comm="syz.1.15" path="/dev/radio0" dev="devtmpfs" ino=955 ioctlcmd=0x5647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 72.303199][ T30] audit: type=1400 audit(1758692182.568:139): avc: denied { create } for pid=6016 comm="syz.4.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 72.324598][ T30] audit: type=1400 audit(1758692182.568:140): avc: denied { setopt } for pid=6016 comm="syz.4.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 72.332801][ T6008] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 72.346451][ T30] audit: type=1400 audit(1758692182.568:141): avc: denied { bind } for pid=6016 comm="syz.4.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 72.377551][ T30] audit: type=1400 audit(1758692182.568:142): avc: denied { name_bind } for pid=6016 comm="syz.4.14" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 72.399017][ T6008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.399043][ T6008] usb 3-1: Product: syz [ 72.399057][ T6008] usb 3-1: Manufacturer: syz [ 72.399070][ T6008] usb 3-1: SerialNumber: syz [ 72.400984][ T6008] usb 3-1: config 0 descriptor?? [ 72.409785][ T30] audit: type=1400 audit(1758692182.568:143): avc: denied { node_bind } for pid=6016 comm="syz.4.14" saddr=2001::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 72.425332][ T5904] usb 4-1: new low-speed USB device number 5 using dummy_hcd [ 72.429620][ T30] audit: type=1400 audit(1758692182.568:144): avc: denied { execute } for pid=6016 comm="syz.4.14" path="/3/cpu.stat" dev="tmpfs" ino=34 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 72.487149][ T6010] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 72.494537][ T6010] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 72.545920][ T5968] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 72.548787][ T5904] usb 4-1: device descriptor read/8, error -71 [ 72.666010][ T30] audit: type=1400 audit(1758692182.568:145): avc: denied { create } for pid=6016 comm="syz.4.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 72.725444][ T5968] usb 2-1: Using ep0 maxpacket: 8 [ 72.740380][ T5968] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 72.812596][ T5968] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.815444][ T5904] usb usb4-port1: unable to enumerate USB device [ 72.858330][ T6024] netlink: 'syz.0.16': attribute type 32 has an invalid length. [ 72.947561][ T6022] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 72.959782][ T5968] pvrusb2: Hardware description: Terratec Grabster AV400 [ 72.991401][ T5968] pvrusb2: ********** [ 73.007004][ T5968] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 73.021326][ T5968] pvrusb2: Important functionality might not be entirely working. [ 73.029446][ T5968] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 73.057553][ T5968] pvrusb2: ********** [ 73.334173][ T2337] pvrusb2: Invalid write control endpoint [ 73.357083][ T5968] usb 2-1: USB disconnect, device number 3 [ 73.365295][ T5929] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 73.469393][ T2337] pvrusb2: Invalid write control endpoint [ 73.478135][ T2337] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 73.489647][ T2337] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 73.499943][ T2337] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 73.511001][ T2337] pvrusb2: Device being rendered inoperable [ 73.523357][ T2337] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 73.549734][ T2337] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 73.570765][ T5929] usb 5-1: Using ep0 maxpacket: 8 [ 73.575535][ T2337] pvrusb2: Attached sub-driver cx25840 [ 73.583096][ T2337] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 73.620018][ T2337] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 73.625786][ T5929] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03 [ 73.688355][ T5929] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.700307][ T5929] usb 5-1: Product: syz [ 73.716631][ T5929] usb 5-1: Manufacturer: syz [ 73.722855][ T5929] usb 5-1: SerialNumber: syz [ 73.737516][ T5929] usb 5-1: config 0 descriptor?? [ 73.744965][ T5929] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state. [ 73.762256][ T6008] rc_core: IR keymap rc-snapstream-firefly not found [ 73.771266][ T6008] Registered IR keymap rc-empty [ 73.787899][ T6008] rc rc0: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 73.798288][ T5929] dvb-usb: bulk message failed: -22 (2/0) [ 73.804269][ T5929] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 73.829617][ T6008] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input5 [ 73.853600][ T5929] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver) [ 73.872760][ T5929] usb 5-1: media controller created [ 73.892626][ T6008] input: syz syz mouse as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input6 [ 73.935099][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 74.082160][ T6008] usb 3-1: USB disconnect, device number 2 [ 74.088067][ C0] ati_remote 3-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19 [ 74.105255][ T5852] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 74.107329][ T5929] dvb-usb: bulk message failed: -22 (1/0) [ 74.552317][ T5929] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' [ 74.589625][ T5852] usb 1-1: Using ep0 maxpacket: 8 [ 74.598157][ T5852] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 74.613432][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.629531][ T5929] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input7 [ 74.636131][ T5852] usb 1-1: config 0 descriptor?? [ 74.744327][ T5929] dvb-usb: schedule remote query interval to 50 msecs. [ 74.789239][ T5929] dvb-usb: bulk message failed: -22 (2/0) [ 74.811743][ T6044] syz.1.22 uses obsolete (PF_INET,SOCK_PACKET) [ 74.844073][ T5929] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected. [ 74.853382][ T6044] netlink: 24 bytes leftover after parsing attributes in process `syz.1.22'. [ 74.855551][ T5904] dvb-usb: bulk message failed: -22 (1/0) [ 74.904518][ T5904] dvb-usb: error while querying for an remote control event. [ 74.923495][ T6044] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55 sclass=netlink_route_socket pid=6044 comm=syz.1.22 [ 74.985283][ T5904] dvb-usb: bulk message failed: -22 (1/0) [ 74.991047][ T5904] dvb-usb: error while querying for an remote control event. [ 75.065241][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 75.071195][ T6008] dvb-usb: error while querying for an remote control event. [ 75.080614][ T5852] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 75.094966][ T5852] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffc3 [ 75.149291][ T5852] asix 1-1:0.0: probe with driver asix failed with error -61 [ 75.166113][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 75.187865][ T6008] dvb-usb: error while querying for an remote control event. [ 75.268168][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 75.284169][ T6008] dvb-usb: error while querying for an remote control event. [ 75.375250][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 75.381024][ T6008] dvb-usb: error while querying for an remote control event. [ 75.455408][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 75.461249][ T6008] dvb-usb: error while querying for an remote control event. [ 75.535440][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 75.548510][ T6008] dvb-usb: error while querying for an remote control event. [ 75.635271][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 75.647308][ T6008] dvb-usb: error while querying for an remote control event. [ 75.726380][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 75.739848][ T6008] dvb-usb: error while querying for an remote control event. [ 75.815696][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 75.821487][ T6008] dvb-usb: error while querying for an remote control event. [ 75.885301][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 75.894232][ T6008] dvb-usb: error while querying for an remote control event. [ 75.965294][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 75.971593][ T6008] dvb-usb: error while querying for an remote control event. [ 76.530238][ T6008] dvb-usb: bulk message failed: -22 (1/0) [ 76.539262][ T6008] dvb-usb: error while querying for an remote control event. [ 76.566532][ T6008] usb 5-1: USB disconnect, device number 3 [ 76.615913][ T5904] dvb-usb: bulk message failed: -22 (1/0) [ 76.678884][ T5904] dvb-usb: error while querying for an remote control event. [ 76.699854][ T6075] FAULT_INJECTION: forcing a failure. [ 76.699854][ T6075] name failslab, interval 1, probability 0, space 0, times 1 [ 76.714146][ T6075] CPU: 0 UID: 0 PID: 6075 Comm: syz.1.30 Not tainted syzkaller #0 PREEMPT(full) [ 76.714168][ T6075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 76.714178][ T6075] Call Trace: [ 76.714183][ T6075] [ 76.714189][ T6075] dump_stack_lvl+0x16c/0x1f0 [ 76.714215][ T6075] should_fail_ex+0x512/0x640 [ 76.714236][ T6075] ? fs_reclaim_acquire+0xae/0x150 [ 76.714260][ T6075] should_failslab+0xc2/0x120 [ 76.714280][ T6075] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 76.714300][ T6075] ? security_inode_alloc+0x3b/0x2b0 [ 76.714326][ T6075] security_inode_alloc+0x3b/0x2b0 [ 76.714349][ T6075] inode_init_always_gfp+0xce4/0x1030 [ 76.714372][ T6075] alloc_inode+0x86/0x240 [ 76.714396][ T6075] new_inode+0x22/0x1c0 [ 76.714421][ T6075] proc_pid_make_inode+0x22/0x160 [ 76.714446][ T6075] proc_pident_instantiate+0x85/0x310 [ 76.714471][ T6075] proc_pident_lookup+0x1f5/0x270 [ 76.714499][ T6075] ? __pfx_proc_tgid_base_lookup+0x10/0x10 [ 76.714522][ T6075] lookup_open.isra.0+0x4da/0x1580 [ 76.714544][ T6075] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 76.714572][ T6075] ? mnt_get_write_access+0x20c/0x300 [ 76.714599][ T6075] path_openat+0x893/0x2cb0 [ 76.714628][ T6075] ? __pfx_path_openat+0x10/0x10 [ 76.714645][ T6075] ? lockdep_hardirqs_on+0x7c/0x110 [ 76.714671][ T6075] do_filp_open+0x20b/0x470 [ 76.714690][ T6075] ? __pfx_do_filp_open+0x10/0x10 [ 76.714708][ T6075] ? rcu_is_watching+0x12/0xc0 [ 76.714736][ T6075] ? __pfx_kfree_link+0x10/0x10 [ 76.714768][ T6075] ? alloc_fd+0x471/0x7d0 [ 76.714793][ T6075] do_sys_openat2+0x11b/0x1d0 [ 76.714818][ T6075] ? __pfx_do_sys_openat2+0x10/0x10 [ 76.714843][ T6075] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 76.714868][ T6075] __x64_sys_openat+0x174/0x210 [ 76.714892][ T6075] ? __pfx___x64_sys_openat+0x10/0x10 [ 76.714920][ T6075] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 76.714944][ T6075] do_syscall_64+0xcd/0x4e0 [ 76.714968][ T6075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.714985][ T6075] RIP: 0033:0x7f892f58d710 [ 76.715000][ T6075] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 76.715016][ T6075] RSP: 002b:00007f8930403f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 76.715032][ T6075] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f892f58d710 [ 76.715042][ T6075] RDX: 0000000000000002 RSI: 00007f8930403fa0 RDI: 00000000ffffff9c [ 76.715051][ T6075] RBP: 00007f8930403fa0 R08: 0000000000000000 R09: 0000000000000000 [ 76.715061][ T6075] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 76.715070][ T6075] R13: 00007f892f7e6128 R14: 00007f892f7e6090 R15: 00007ffdb322ff58 [ 76.715098][ T6075] [ 76.980797][ C0] vkms_vblank_simulate: vblank timer overrun [ 77.464236][ T30] kauditd_printk_skb: 41 callbacks suppressed [ 77.464276][ T30] audit: type=1400 audit(1758692187.758:187): avc: denied { create } for pid=6079 comm="syz.2.33" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 77.602768][ T10] usb 1-1: USB disconnect, device number 3 [ 77.904953][ T6008] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected. [ 78.108992][ T30] audit: type=1400 audit(1758692187.778:188): avc: denied { connect } for pid=6078 comm="syz.1.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 78.243111][ T30] audit: type=1400 audit(1758692188.228:189): avc: denied { create } for pid=6084 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 78.264371][ T30] audit: type=1400 audit(1758692188.338:190): avc: denied { create } for pid=6084 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 78.283528][ C0] vkms_vblank_simulate: vblank timer overrun [ 78.291601][ T5929] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 78.291789][ T30] audit: type=1400 audit(1758692188.338:191): avc: denied { bind } for pid=6084 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 78.326962][ T30] audit: type=1400 audit(1758692188.338:192): avc: denied { setopt } for pid=6084 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 78.346904][ T30] audit: type=1400 audit(1758692188.348:193): avc: denied { accept } for pid=6084 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 78.446559][ T30] audit: type=1400 audit(1758692188.348:194): avc: denied { write } for pid=6084 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 78.475803][ T30] audit: type=1400 audit(1758692188.348:195): avc: denied { read } for pid=6084 comm="syz.0.35" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 78.498402][ T30] audit: type=1400 audit(1758692188.428:196): avc: denied { watch watch_reads } for pid=6084 comm="syz.0.35" path="/4" dev="tmpfs" ino=34 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 78.521637][ C0] vkms_vblank_simulate: vblank timer overrun [ 78.529140][ T5929] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 78.539207][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.547512][ T5929] usb 2-1: Product: syz [ 78.552761][ T5929] usb 2-1: Manufacturer: syz [ 78.561269][ T5929] usb 2-1: SerialNumber: syz [ 78.588504][ T5929] usb 2-1: config 0 descriptor?? [ 78.800924][ T5929] usb-storage 2-1:0.0: USB Mass Storage device detected [ 79.217331][ T6109] input: syz0 as /devices/virtual/input/input8 [ 79.290667][ T6110] netlink: 12 bytes leftover after parsing attributes in process `syz.2.39'. [ 79.617686][ T6111] netlink: 'syz.1.34': attribute type 10 has an invalid length. [ 79.625544][ T6111] netlink: 40 bytes leftover after parsing attributes in process `syz.1.34'. [ 79.959786][ T6114] block nbd3: Attempted send on invalid socket [ 79.966962][ T6114] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 79.984192][ T6114] hfsplus: unable to find HFS+ superblock [ 80.128880][ T5852] usb 2-1: USB disconnect, device number 4 [ 80.144595][ T6118] netlink: 'syz.2.42': attribute type 1 has an invalid length. [ 81.178970][ T879] cfg80211: failed to load regulatory.db [ 81.827287][ T6140] process 'syz.4.48' launched './file1' with NULL argv: empty string added [ 82.056407][ T6141] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.153915][ T5171] Bluetooth: hci4: command 0x0405 tx timeout [ 82.308149][ T6151] Zero length message leads to an empty skb [ 82.929142][ T6154] netlink: 2384 bytes leftover after parsing attributes in process `syz.1.51'. [ 83.007341][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 83.175289][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 83.295071][ T10] usb 1-1: config index 0 descriptor too short (expected 274, got 18) [ 83.405333][ T10] usb 1-1: config 0 has an invalid interface number: 252 but max is 0 [ 83.413767][ T10] usb 1-1: config 0 has no interface number 0 [ 83.425425][ T10] usb 1-1: config 0 interface 252 has no altsetting 0 [ 83.448804][ T10] usb 1-1: New USB device found, idVendor=1934, idProduct=0706, bcdDevice=99.89 [ 83.497864][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.571959][ T10] usb 1-1: Product: syz [ 83.587840][ T10] usb 1-1: Manufacturer: syz [ 83.615321][ T10] usb 1-1: SerialNumber: syz [ 83.632344][ T10] usb 1-1: config 0 descriptor?? [ 83.862347][ T10] f81232 1-1:0.252: f81232 converter detected [ 83.891527][ T10] usb 1-1: f81232 converter now attached to ttyUSB0 [ 83.985974][ T10] usb 1-1: USB disconnect, device number 4 [ 84.021134][ T10] f81232 ttyUSB0: f81232 converter now disconnected from ttyUSB0 [ 84.062223][ T10] f81232 1-1:0.252: device disconnected [ 84.221345][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 84.221356][ T30] audit: type=1400 audit(1758692194.518:212): avc: denied { mount } for pid=6159 comm="syz.1.53" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 84.305838][ T6162] ======================================================= [ 84.305838][ T6162] WARNING: The mand mount option has been deprecated and [ 84.305838][ T6162] and is ignored by this kernel. Remove the mand [ 84.305838][ T6162] option from the mount to silence this warning. [ 84.305838][ T6162] ======================================================= [ 84.340719][ C0] vkms_vblank_simulate: vblank timer overrun [ 84.349539][ T30] audit: type=1400 audit(1758692194.608:213): avc: denied { mounton } for pid=6159 comm="syz.1.53" path="/10/file0/file0" dev="afs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1 [ 84.384871][ T30] audit: type=1400 audit(1758692194.678:214): avc: denied { mount } for pid=6159 comm="syz.1.53" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 84.527786][ T30] audit: type=1400 audit(1758692194.828:215): avc: denied { unmount } for pid=5844 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 84.554949][ T30] audit: type=1400 audit(1758692194.828:216): avc: denied { unmount } for pid=5844 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 85.293805][ T30] audit: type=1400 audit(1758692195.358:217): avc: denied { write } for pid=6170 comm="syz.0.57" name="001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 85.316392][ C0] vkms_vblank_simulate: vblank timer overrun [ 85.533348][ T30] audit: type=1400 audit(1758692195.568:218): avc: denied { read write } for pid=6170 comm="syz.0.57" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 85.575878][ T30] audit: type=1400 audit(1758692195.568:219): avc: denied { open } for pid=6170 comm="syz.0.57" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 85.683528][ T30] audit: type=1326 audit(1758692195.638:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6170 comm="syz.0.57" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff686f8eec9 code=0x0 [ 86.192198][ T30] audit: type=1400 audit(1758692196.488:221): avc: denied { create } for pid=6179 comm="syz.0.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 86.870284][ T43] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 87.000879][ T6191] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6191 comm=syz.0.61 [ 87.448327][ T43] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 87.464404][ T6181] netlink: 'syz.4.55': attribute type 14 has an invalid length. [ 87.472242][ T6181] netlink: 4 bytes leftover after parsing attributes in process `syz.4.55'. [ 87.472254][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.489721][ T43] usb 4-1: Product: syz [ 87.490795][ T6181] netlink: 'syz.4.55': attribute type 14 has an invalid length. [ 87.493947][ T43] usb 4-1: Manufacturer: syz [ 87.501542][ T6181] netlink: 4 bytes leftover after parsing attributes in process `syz.4.55'. [ 87.553561][ T2990] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.572511][ T2990] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.584411][ T2990] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.606711][ T2990] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 87.669289][ T43] usb 4-1: SerialNumber: syz [ 87.684949][ T43] usb 4-1: config 0 descriptor?? [ 87.754502][ T6074] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.813141][ T6074] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.895336][ T10] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 87.902889][ T6008] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 87.918754][ T43] usb-storage 4-1:0.0: USB Mass Storage device detected [ 87.930169][ T6074] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.062377][ T10] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 88.072441][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.073933][ T6074] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.082602][ T6008] usb 5-1: config 0 has an invalid interface number: 151 but max is 0 [ 88.180621][ T6202] netlink: 'syz.3.60': attribute type 10 has an invalid length. [ 88.188619][ T6202] netlink: 40 bytes leftover after parsing attributes in process `syz.3.60'. [ 88.235516][ T10] usb 3-1: Product: syz [ 88.241360][ T10] usb 3-1: Manufacturer: syz [ 88.297391][ T6008] usb 5-1: config 0 has no interface number 0 [ 88.432042][ T10] usb 3-1: SerialNumber: syz [ 88.439821][ T6008] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 88.453304][ T10] usb 3-1: config 0 descriptor?? [ 88.466916][ T6008] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 88.481572][ T6008] usb 5-1: New USB device found, idVendor=0499, idProduct=6bab, bcdDevice=68.2f [ 88.493998][ T6008] usb 5-1: New USB device strings: Mfr=20, Product=2, SerialNumber=3 [ 88.517716][ T6008] usb 5-1: Product: syz [ 88.526522][ T6008] usb 5-1: Manufacturer: syz [ 88.539998][ T6008] usb 5-1: SerialNumber: syz [ 88.554555][ T6008] usb 5-1: config 0 descriptor?? [ 88.563460][ T6202] team0: Port device geneve0 added [ 88.608030][ T5852] usb 4-1: USB disconnect, device number 6 [ 88.648977][ T5855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.663957][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.666998][ T10] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 88.680366][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.688253][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.700885][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.895863][ T6008] usb 5-1: USB disconnect, device number 4 [ 88.902757][ T6074] bridge_slave_1: left allmulticast mode [ 88.927597][ T6074] bridge_slave_1: left promiscuous mode [ 88.932567][ T6000] udevd[6000]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 88.939989][ T6074] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.998802][ T6074] bridge_slave_0: left allmulticast mode [ 89.007539][ T6074] bridge_slave_0: left promiscuous mode [ 89.018412][ T6074] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.506453][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 89.506483][ T30] audit: type=1400 audit(1758692199.808:238): avc: denied { bind } for pid=6218 comm="syz.4.69" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 89.532409][ C0] vkms_vblank_simulate: vblank timer overrun [ 89.551027][ T30] audit: type=1400 audit(1758692199.838:239): avc: denied { name_bind } for pid=6218 comm="syz.4.69" src=65530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=rawip_socket permissive=1 [ 89.574386][ T30] audit: type=1400 audit(1758692199.838:240): avc: denied { node_bind } for pid=6218 comm="syz.4.69" saddr=172.20.20.170 src=65530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 89.609085][ T30] audit: type=1400 audit(1758692199.908:241): avc: denied { wake_alarm } for pid=6216 comm="syz.0.68" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 89.681401][ T30] audit: type=1400 audit(1758692199.978:242): avc: denied { add_name } for pid=6207 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 89.703737][ C0] vkms_vblank_simulate: vblank timer overrun [ 89.751751][ T30] audit: type=1400 audit(1758692199.978:243): avc: denied { create } for pid=6207 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 89.780344][ T30] audit: type=1400 audit(1758692199.978:244): avc: denied { write } for pid=6207 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth1.link" dev="tmpfs" ino=2253 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 89.806333][ C0] vkms_vblank_simulate: vblank timer overrun [ 89.866912][ T30] audit: type=1400 audit(1758692199.978:245): avc: denied { append } for pid=6207 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" dev="tmpfs" ino=2253 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 89.891935][ T6008] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 89.941481][ T30] audit: type=1400 audit(1758692200.158:246): avc: denied { remove_name } for pid=6232 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=2253 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 90.001776][ T30] audit: type=1400 audit(1758692200.158:247): avc: denied { unlink } for pid=6232 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=2253 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 90.045422][ T6074] team0: Port device geneve0 removed [ 90.066949][ T6008] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.078261][ T6008] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 90.088393][ T6008] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 90.122088][ T6235] netlink: 2384 bytes leftover after parsing attributes in process `syz.0.71'. [ 90.147220][ T10] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 90.179737][ T6008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.207567][ T10] usb 3-1: USB disconnect, device number 3 [ 90.237127][ T6008] usb 5-1: config 0 descriptor?? [ 90.410785][ T6074] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 90.428162][ T6074] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 90.441243][ T6074] bond0 (unregistering): Released all slaves [ 90.502415][ T6008] cp2112 0003:10C4:EA90.0001: item fetching failed at offset 5/7 [ 90.516571][ T6008] cp2112 0003:10C4:EA90.0001: parse failed [ 90.555331][ T6008] cp2112 0003:10C4:EA90.0001: probe with driver cp2112 failed with error -22 [ 90.805821][ T5855] Bluetooth: hci0: command tx timeout [ 91.498725][ T6204] chnl_net:caif_netlink_parms(): no params data found [ 91.728723][ T6204] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.742136][ T6204] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.758765][ T6204] bridge_slave_0: entered allmulticast mode [ 91.797194][ T6204] bridge_slave_0: entered promiscuous mode [ 91.811691][ T6204] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.852818][ T6204] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.869901][ T6204] bridge_slave_1: entered allmulticast mode [ 91.892104][ T6204] bridge_slave_1: entered promiscuous mode [ 92.245884][ T6204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.371650][ T6204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.538295][ T6008] usb 5-1: USB disconnect, device number 5 [ 92.897587][ T5855] Bluetooth: hci0: command tx timeout [ 93.066120][ T6204] team0: Port device team_slave_0 added [ 93.150485][ T6204] team0: Port device team_slave_1 added [ 93.270797][ T6074] hsr_slave_0: left promiscuous mode [ 93.296181][ T6074] hsr_slave_1: left promiscuous mode [ 93.303838][ T6074] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.313174][ T6305] FAULT_INJECTION: forcing a failure. [ 93.313174][ T6305] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 93.350917][ T6305] CPU: 1 UID: 0 PID: 6305 Comm: syz.2.82 Not tainted syzkaller #0 PREEMPT(full) [ 93.350938][ T6305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 93.350946][ T6305] Call Trace: [ 93.350951][ T6305] [ 93.350956][ T6305] dump_stack_lvl+0x16c/0x1f0 [ 93.350986][ T6305] should_fail_ex+0x512/0x640 [ 93.351008][ T6305] _copy_from_user+0x2e/0xd0 [ 93.351030][ T6305] copy_msghdr_from_user+0x98/0x160 [ 93.351049][ T6305] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 93.351077][ T6305] ___sys_sendmsg+0xfe/0x1d0 [ 93.351096][ T6305] ? __pfx____sys_sendmsg+0x10/0x10 [ 93.351139][ T6305] __sys_sendmsg+0x16d/0x220 [ 93.351156][ T6305] ? __pfx___sys_sendmsg+0x10/0x10 [ 93.351187][ T6305] do_syscall_64+0xcd/0x4e0 [ 93.351209][ T6305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.351225][ T6305] RIP: 0033:0x7fca87b8eec9 [ 93.351236][ T6305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.351249][ T6305] RSP: 002b:00007fca88995038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.351264][ T6305] RAX: ffffffffffffffda RBX: 00007fca87de5fa0 RCX: 00007fca87b8eec9 [ 93.351273][ T6305] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 93.351282][ T6305] RBP: 00007fca88995090 R08: 0000000000000000 R09: 0000000000000000 [ 93.351290][ T6305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.351299][ T6305] R13: 00007fca87de6038 R14: 00007fca87de5fa0 R15: 00007ffcf1f41778 [ 93.351320][ T6305] [ 93.354891][ T6074] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.524432][ T6074] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.531893][ T6074] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.580528][ T6074] veth1_macvtap: left promiscuous mode [ 93.645604][ T10] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 93.666007][ T6074] veth0_macvtap: left promiscuous mode [ 93.694919][ T6074] veth1_vlan: left promiscuous mode [ 93.724268][ T6074] veth0_vlan: left promiscuous mode [ 93.903783][ T10] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 93.982437][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.064837][ T10] usb 1-1: Product: syz [ 94.103987][ T10] usb 1-1: Manufacturer: syz [ 94.158107][ T10] usb 1-1: SerialNumber: syz [ 94.270237][ T10] usb 1-1: config 0 descriptor?? [ 94.431356][ T879] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 94.659258][ T10] usb-storage 1-1:0.0: USB Mass Storage device detected [ 94.691420][ T879] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 94.723399][ T879] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 94.948421][ T5855] Bluetooth: hci0: command tx timeout [ 95.023757][ T6321] netlink: 'syz.0.80': attribute type 10 has an invalid length. [ 95.031669][ T6321] netlink: 40 bytes leftover after parsing attributes in process `syz.0.80'. [ 95.163235][ T879] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 95.221565][ T879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.253537][ T879] usb 3-1: config 0 descriptor?? [ 95.283977][ T6317] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 95.489784][ T6074] team0 (unregistering): Port device team_slave_1 removed [ 95.529448][ T6074] team0 (unregistering): Port device team_slave_0 removed [ 95.545216][ T10] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 95.589618][ T6331] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.87'. [ 95.696642][ T879] hkems 0003:2006:0118.0002: item fetching failed at offset 5/7 [ 95.708441][ T879] hkems 0003:2006:0118.0002: parse failed [ 95.714275][ T879] hkems 0003:2006:0118.0002: probe with driver hkems failed with error -22 [ 95.723146][ T10] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 95.732425][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.741277][ T10] usb 5-1: Product: syz [ 95.747669][ T10] usb 5-1: Manufacturer: syz [ 95.776156][ T10] usb 5-1: SerialNumber: syz [ 95.783200][ T10] usb 5-1: config 0 descriptor?? [ 95.999614][ T10] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 96.166447][ T6008] usb 3-1: USB disconnect, device number 4 [ 96.342004][ T6321] team0: Port device geneve0 added [ 96.363742][ T5929] usb 1-1: USB disconnect, device number 5 [ 96.590772][ T6204] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.597847][ T6204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.624876][ T6204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.646543][ T6204] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.653811][ T6204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.035319][ T5929] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 97.055012][ T6204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.095242][ T5855] Bluetooth: hci0: command tx timeout [ 97.222233][ T6204] hsr_slave_0: entered promiscuous mode [ 97.227891][ T5929] usb 1-1: Using ep0 maxpacket: 16 [ 97.234745][ T5929] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.251002][ T6204] hsr_slave_1: entered promiscuous mode [ 97.261171][ T6204] debugfs: 'hsr0' already exists in 'hsr' [ 97.269328][ T6344] netlink: 'syz.2.90': attribute type 1 has an invalid length. [ 97.270573][ T5929] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 97.289786][ T6346] netlink: 'syz.3.89': attribute type 1 has an invalid length. [ 97.301223][ T6204] Cannot create hsr debugfs directory [ 97.317663][ T5929] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 97.498782][ T5929] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.507241][ T5929] usb 1-1: Product: syz [ 97.522564][ T10] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 97.548360][ T10] usb 5-1: USB disconnect, device number 6 [ 97.571427][ T5929] usb 1-1: Manufacturer: syz [ 97.593577][ T5929] usb 1-1: SerialNumber: syz [ 97.640639][ T5929] usb 1-1: config 0 descriptor?? [ 98.188665][ T6204] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 98.206592][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 98.206606][ T30] audit: type=1400 audit(1758692208.498:257): avc: denied { ioctl } for pid=6357 comm="syz.4.91" path="socket:[10560]" dev="sockfs" ino=10560 ioctlcmd=0x4600 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 98.252351][ T6204] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 98.278313][ T6204] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 98.303097][ T6204] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 98.471127][ T6204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.516232][ T6204] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.543926][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.551092][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.593823][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.600989][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.820037][ T30] audit: type=1400 audit(1758692209.118:258): avc: denied { sys_module } for pid=6204 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 99.018042][ T6379] input: syz1 as /devices/virtual/input/input11 [ 99.117877][ T30] audit: type=1400 audit(1758692209.328:259): avc: denied { name_connect } for pid=6373 comm="syz.3.92" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 99.214116][ T6204] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.239856][ T6381] nvme_fabrics: missing parameter 'transport=%s' [ 99.284401][ T6381] nvme_fabrics: missing parameter 'nqn=%s' [ 99.285304][ T24] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 99.450640][ T10] usb 1-1: USB disconnect, device number 6 [ 99.513876][ T5929] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 99.525086][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 99.595323][ T24] usb 4-1: New USB device found, idVendor=050d, idProduct=3201, bcdDevice= 0.00 [ 99.661200][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.675376][ T5929] usb 5-1: device descriptor read/64, error -71 [ 99.724778][ T24] usb 4-1: config 0 descriptor?? [ 99.755601][ T6379] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 99.974896][ T30] audit: type=1400 audit(1758692210.088:260): avc: denied { create } for pid=6402 comm="syz.0.96" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 99.979675][ T6204] veth0_vlan: entered promiscuous mode [ 100.006396][ T6204] veth1_vlan: entered promiscuous mode [ 100.025217][ T5929] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 100.079921][ T6204] veth0_macvtap: entered promiscuous mode [ 100.094497][ T30] audit: type=1400 audit(1758692210.318:261): avc: denied { mounton } for pid=6402 comm="syz.0.96" path="/20/file0" dev="tmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 100.116767][ C0] vkms_vblank_simulate: vblank timer overrun [ 100.129706][ T6204] veth1_macvtap: entered promiscuous mode [ 100.175222][ T5929] usb 5-1: device descriptor read/64, error -71 [ 100.263111][ T6204] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.296439][ T5929] usb usb5-port1: attempt power cycle [ 100.464228][ T6204] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.499930][ T2990] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.511051][ T2990] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.527651][ T2990] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.572557][ T2990] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.638390][ T30] audit: type=1400 audit(1758692210.928:262): avc: denied { unmount } for pid=5858 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 100.665523][ T5929] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 100.696764][ T5929] usb 5-1: device descriptor read/8, error -71 [ 100.706156][ T2990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.716733][ T5968] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 100.750043][ T2990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.788789][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.798646][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.864385][ T30] audit: type=1400 audit(1758692211.158:263): avc: denied { create } for pid=6413 comm="syz.0.98" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 100.883581][ C0] vkms_vblank_simulate: vblank timer overrun [ 100.898196][ T5968] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 100.914868][ T5968] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.919116][ T30] audit: type=1400 audit(1758692211.218:264): avc: denied { read } for pid=6413 comm="syz.0.98" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 100.946437][ T5929] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 100.968000][ T5929] usb 5-1: device descriptor read/8, error -71 [ 100.994683][ T5968] usb 3-1: Product: syz [ 101.016508][ T5968] usb 3-1: Manufacturer: syz [ 101.021149][ T5968] usb 3-1: SerialNumber: syz [ 101.143224][ T5929] usb usb5-port1: unable to enumerate USB device [ 101.380698][ T30] audit: type=1400 audit(1758692211.558:265): avc: denied { create } for pid=6420 comm="syz.5.66" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 101.416084][ T5968] usb 3-1: config 0 descriptor?? [ 101.428248][ T30] audit: type=1400 audit(1758692211.558:266): avc: denied { setopt } for pid=6420 comm="syz.5.66" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 101.650777][ T5968] usb-storage 3-1:0.0: USB Mass Storage device detected [ 101.923870][ T6430] netlink: 'syz.2.97': attribute type 10 has an invalid length. [ 101.931757][ T6430] netlink: 40 bytes leftover after parsing attributes in process `syz.2.97'. [ 101.972355][ T6430] team0: Port device geneve0 added [ 102.230066][ T5929] usb 3-1: USB disconnect, device number 5 [ 102.531841][ T24] usbhid 4-1:0.0: can't add hid device: -71 [ 102.543010][ T24] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 102.567405][ T24] usb 4-1: USB disconnect, device number 7 [ 103.062664][ T6443] netlink: 'syz.3.101': attribute type 1 has an invalid length. [ 103.683591][ T6449] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 103.863096][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 103.869246][ T30] audit: type=1400 audit(1758692214.048:268): avc: denied { ioctl } for pid=6446 comm="syz.4.102" path="/dev/sg0" dev="devtmpfs" ino=762 ioctlcmd=0x1276 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 103.894495][ C0] vkms_vblank_simulate: vblank timer overrun [ 104.343838][ T6454] fuse: Unknown parameter 'grou00000000000000000000' [ 105.381015][ T6468] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=11280 sclass=netlink_route_socket pid=6468 comm=syz.5.108 [ 105.421333][ T30] audit: type=1400 audit(1758692215.698:269): avc: denied { create } for pid=6465 comm="syz.5.108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 105.672995][ T30] audit: type=1400 audit(1758692215.718:270): avc: denied { setopt } for pid=6465 comm="syz.5.108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 106.125701][ T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 106.413149][ T6481] 9pnet_fd: Insufficient options for proto=fd [ 106.532423][ T24] usb 3-1: device descriptor read/64, error -71 [ 106.825307][ T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 107.047227][ T24] usb 3-1: device descriptor read/64, error -71 [ 107.047820][ T30] audit: type=1400 audit(1758692217.328:271): avc: denied { bind } for pid=6487 comm="syz.4.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 107.073020][ C0] vkms_vblank_simulate: vblank timer overrun [ 107.163198][ T24] usb usb3-port1: attempt power cycle [ 107.526531][ T879] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 107.561239][ T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 107.605840][ T24] usb 3-1: device descriptor read/8, error -71 [ 107.702788][ T879] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 107.702818][ T879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.702838][ T879] usb 1-1: Product: syz [ 107.702852][ T879] usb 1-1: Manufacturer: syz [ 107.702866][ T879] usb 1-1: SerialNumber: syz [ 107.705036][ T879] usb 1-1: config 0 descriptor?? [ 107.865554][ T6518] fuse: Unknown parameter 'grou00000000000000000000' [ 108.338059][ T879] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 108.421298][ T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 108.514391][ T24] usb 3-1: device descriptor read/8, error -71 [ 108.567985][ T6514] tty tty31: ldisc open failed (-12), clearing slot 30 [ 108.616510][ T24] usb usb3-port1: unable to enumerate USB device [ 109.076228][ T30] audit: type=1400 audit(1758692219.348:272): avc: denied { create } for pid=6521 comm="syz.2.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 109.296703][ T6525] tmpfs: Unknown parameter '}pol' [ 109.328091][ T6522] syzkaller0: entered promiscuous mode [ 109.333612][ T6522] syzkaller0: entered allmulticast mode [ 109.399216][ T30] audit: type=1400 audit(1758692219.428:273): avc: denied { write } for pid=6521 comm="syz.2.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 109.543914][ T6533] netlink: 16 bytes leftover after parsing attributes in process `syz.2.124'. [ 109.754292][ T6534] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 109.774382][ T6534] cramfs: wrong magic [ 109.920822][ T879] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 109.931534][ T879] usb 1-1: USB disconnect, device number 7 [ 110.003950][ T30] audit: type=1400 audit(1758692220.298:274): avc: denied { getopt } for pid=6535 comm="syz.2.126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 112.287209][ T24] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 112.456163][ T5852] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 112.468135][ T24] usb 6-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 112.489552][ T24] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 112.501740][ T24] usb 6-1: config 253 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 112.529553][ T24] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 112.539185][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 112.547965][ T24] usb 6-1: SerialNumber: syz [ 112.646367][ T6566] fuse: Unknown parameter 'grou00000000000000000000' [ 113.039532][ T24] usb 6-1: bad CDC descriptors [ 113.047486][ T24] usb 6-1: USB disconnect, device number 2 [ 113.058526][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.069342][ T5852] usb 1-1: New USB device found, idVendor=056a, idProduct=00ba, bcdDevice= 0.00 [ 113.079356][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.092316][ T5852] usb 1-1: config 0 descriptor?? [ 113.364515][ T30] audit: type=1400 audit(1758692223.658:275): avc: denied { getopt } for pid=6571 comm="syz.4.135" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 113.395418][ T24] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 113.413654][ T30] audit: type=1400 audit(1758692223.708:276): avc: denied { ioctl } for pid=6555 comm="syz.5.130" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 113.438347][ C0] vkms_vblank_simulate: vblank timer overrun [ 113.518708][ T5852] wacom 0003:056A:00BA.0003: Unknown device_type for 'HID 056a:00ba'. Assuming pen. [ 113.550057][ T5852] wacom 0003:056A:00BA.0003: hidraw0: USB HID v0.00 Device [HID 056a:00ba] on usb-dummy_hcd.0-1/input0 [ 113.561931][ T6577] autofs: Unknown parameter '' [ 113.570531][ T6577] netlink: 'syz.3.136': attribute type 1 has an invalid length. [ 113.586970][ T5961] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 113.598119][ T24] usb 6-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 113.614932][ T5852] input: Wacom Intuos4 8x13 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:00BA.0003/input/input12 [ 113.636861][ T30] audit: type=1400 audit(1758692223.938:277): avc: denied { read } for pid=6571 comm="syz.4.135" name="iommu" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 113.636930][ T24] usb 6-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 113.707031][ T24] usb 6-1: config 253 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 113.721810][ T30] audit: type=1400 audit(1758692223.938:278): avc: denied { open } for pid=6571 comm="syz.4.135" path="/dev/iommu" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 113.748984][ T24] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 113.759539][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 113.775782][ T24] usb 6-1: SerialNumber: syz [ 113.795662][ T5961] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 113.804739][ T5961] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.816967][ T5961] usb 3-1: Product: syz [ 113.821274][ T5961] usb 3-1: Manufacturer: syz [ 113.825992][ T5961] usb 3-1: SerialNumber: syz [ 113.836294][ T5961] usb 3-1: config 0 descriptor?? [ 113.863863][ T6577] bond1: entered promiscuous mode [ 113.869445][ T6577] 8021q: adding VLAN 0 to HW filter on device bond1 [ 113.998022][ T24] usb 6-1: bad CDC descriptors [ 114.048280][ T30] audit: type=1400 audit(1758692224.338:279): avc: denied { write } for pid=6591 comm="syz.3.137" name="vmci" dev="devtmpfs" ino=697 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 114.094208][ T5961] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 114.105525][ T30] audit: type=1400 audit(1758692224.348:280): avc: denied { append } for pid=6591 comm="syz.3.137" name="comedi3" dev="devtmpfs" ino=1279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 114.137782][ T6592] loop8: detected capacity change from 0 to 7 [ 114.149726][ T6592] Dev loop8: unable to read RDB block 7 [ 114.155452][ T6592] loop8: AHDI p1 p2 p3 [ 114.163721][ T6592] loop8: partition table partially beyond EOD, truncated [ 114.173892][ T6592] loop8: p1 start 1601398130 is beyond EOD, truncated [ 114.197444][ T6592] loop8: p2 start 1702059890 is beyond EOD, truncated [ 114.247553][ T5220] Dev loop8: unable to read RDB block 7 [ 114.268678][ T5220] loop8: AHDI p1 p2 p3 [ 114.273305][ T5220] loop8: partition table partially beyond EOD, truncated [ 114.307005][ T5220] loop8: p1 start 1601398130 is beyond EOD, truncated [ 114.325087][ T5220] loop8: p2 start 1702059890 is beyond EOD, truncated [ 114.535411][ T5852] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 114.705302][ T5852] usb 5-1: Using ep0 maxpacket: 32 [ 114.720360][ T5852] usb 5-1: too many configurations: 36, using maximum allowed: 8 [ 114.730277][ T5852] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 114.735213][ T6008] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 114.738443][ T5852] usb 5-1: can't read configurations, error -61 [ 114.875984][ T5852] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 114.903263][ T6008] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 114.913403][ T6008] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.926514][ T6008] usb 4-1: Product: syz [ 114.930747][ T6008] usb 4-1: Manufacturer: syz [ 114.944996][ T6008] usb 4-1: SerialNumber: syz [ 114.953438][ T6008] usb 4-1: config 0 descriptor?? [ 115.028053][ T5852] usb 5-1: Using ep0 maxpacket: 32 [ 115.038903][ T5852] usb 5-1: too many configurations: 36, using maximum allowed: 8 [ 115.059208][ T5852] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 115.069726][ T5852] usb 5-1: can't read configurations, error -61 [ 115.078312][ T5852] usb usb5-port1: attempt power cycle [ 115.174312][ T6008] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 115.253431][ T5981] usb 1-1: USB disconnect, device number 8 [ 115.418907][ T5852] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 115.427322][ T879] usb 6-1: USB disconnect, device number 3 [ 115.477613][ T5852] usb 5-1: Using ep0 maxpacket: 32 [ 115.531127][ T5852] usb 5-1: too many configurations: 36, using maximum allowed: 8 [ 115.552350][ T5852] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 115.566459][ T5961] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 115.613505][ T5852] usb 5-1: can't read configurations, error -61 [ 115.654611][ T5961] usb 3-1: USB disconnect, device number 10 [ 115.757253][ T5852] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 115.788947][ T5852] usb 5-1: Using ep0 maxpacket: 32 [ 115.794653][ T5852] usb 5-1: too many configurations: 36, using maximum allowed: 8 [ 115.805082][ T5852] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 115.815741][ T5852] usb 5-1: can't read configurations, error -61 [ 115.830713][ T5852] usb usb5-port1: unable to enumerate USB device [ 115.855346][ T5981] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 116.006270][ T5981] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 116.028717][ T5981] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 116.038051][ T5981] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 116.052802][ T5981] usb 1-1: config 0 interface 0 has no altsetting 0 [ 116.063623][ T5981] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 116.075037][ T5981] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 116.088692][ T5981] usb 1-1: config 0 interface 0 has no altsetting 0 [ 116.124529][ T5981] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 116.158989][ T5981] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 116.286299][ T5981] usb 1-1: config 0 interface 0 has no altsetting 0 [ 116.294581][ T5981] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 116.315209][ T5981] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 116.328084][ T5981] usb 1-1: config 0 interface 0 has no altsetting 0 [ 116.341845][ T5981] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 116.354070][ T5981] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 116.375065][ T5981] usb 1-1: config 0 interface 0 has no altsetting 0 [ 116.384488][ T5981] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 116.397884][ T5981] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 116.844299][ T5981] usb 1-1: config 0 interface 0 has no altsetting 0 [ 116.853455][ T6008] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 116.865450][ T5981] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 116.872691][ T6008] usb 4-1: USB disconnect, device number 8 [ 116.874902][ T5981] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 116.894338][ T5981] usb 1-1: config 0 interface 0 has no altsetting 0 [ 116.906584][ T5981] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 116.932007][ T5981] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 116.963179][ T5981] usb 1-1: config 0 interface 0 has no altsetting 0 [ 117.032128][ T5981] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 117.042043][ T5981] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 117.067149][ T5981] usb 1-1: Product: syz [ 117.082531][ T5981] usb 1-1: Manufacturer: syz [ 117.094779][ T5981] usb 1-1: SerialNumber: syz [ 117.110813][ T5981] usb 1-1: config 0 descriptor?? [ 117.145293][ T5981] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 117.348551][ T6008] usb 1-1: USB disconnect, device number 9 [ 117.358612][ T6008] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 117.425365][ T10] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 117.447438][ T5981] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 117.631347][ T5981] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 118.596288][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.610060][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.620045][ T10] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 118.629876][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.640226][ T10] usb 3-1: config 0 descriptor?? [ 118.655271][ T5961] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 118.695487][ T5981] usb 6-1: New USB device found, idVendor=050d, idProduct=3201, bcdDevice= 0.00 [ 118.708794][ T5981] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.768676][ T5981] usb 6-1: config 0 descriptor?? [ 118.828798][ T6665] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 118.849448][ T5961] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 118.862806][ T5961] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.872817][ T5961] usb 5-1: Product: syz [ 118.877808][ T5961] usb 5-1: Manufacturer: syz [ 118.882724][ T5961] usb 5-1: SerialNumber: syz [ 118.927830][ T5961] usb 5-1: config 0 descriptor?? [ 119.070811][ T10] playstation 0003:054C:0DF2.0004: unknown main item tag 0x0 [ 119.088627][ T10] playstation 0003:054C:0DF2.0004: unknown main item tag 0x0 [ 119.096555][ T10] playstation 0003:054C:0DF2.0004: unknown main item tag 0x0 [ 119.104103][ T10] playstation 0003:054C:0DF2.0004: unknown main item tag 0x0 [ 119.112235][ T10] playstation 0003:054C:0DF2.0004: unknown main item tag 0x0 [ 119.130463][ T10] playstation 0003:054C:0DF2.0004: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.2-1/input0 [ 119.145537][ T5961] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 119.953763][ T10] playstation 0003:054C:0DF2.0004: Failed to retrieve feature with reportID 32: -71 [ 119.974161][ T10] playstation 0003:054C:0DF2.0004: Failed to retrieve DualSense firmware info: -71 [ 119.995402][ T10] playstation 0003:054C:0DF2.0004: Failed to get firmware info from DualSense [ 120.005018][ T10] playstation 0003:054C:0DF2.0004: Failed to create dualsense. [ 120.050437][ T10] playstation 0003:054C:0DF2.0004: probe with driver playstation failed with error -71 [ 120.074778][ T10] usb 3-1: USB disconnect, device number 11 [ 120.248897][ T5981] usbhid 6-1:0.0: can't add hid device: -71 [ 120.254970][ T5981] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 120.266212][ T5981] usb 6-1: USB disconnect, device number 4 [ 120.386949][ T5929] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 120.545796][ T5929] usb 1-1: Using ep0 maxpacket: 16 [ 120.599596][ T5852] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 120.627305][ T5929] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.639041][ T5929] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 120.648522][ T5929] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.671542][ T5929] usb 1-1: config 0 descriptor?? [ 120.780292][ T5852] usb 4-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 120.796225][ T5852] usb 4-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 120.818395][ T5852] usb 4-1: config 253 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 120.839804][ T5852] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 120.850377][ T5852] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 120.883500][ T5852] usb 4-1: SerialNumber: syz [ 121.031662][ T30] audit: type=1400 audit(1758692231.328:281): avc: denied { ioctl } for pid=6687 comm="syz.5.154" path="socket:[11179]" dev="sockfs" ino=11179 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 121.060096][ T5961] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 121.081597][ T5961] usb 5-1: USB disconnect, device number 15 [ 121.126589][ T5929] mcp2221 0003:04D8:00DD.0005: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 121.143613][ T5852] usb 4-1: bad CDC descriptors [ 121.288240][ T5852] usb 4-1: USB disconnect, device number 9 [ 121.294743][ C0] ================================================================== [ 121.302802][ C0] BUG: KASAN: slab-out-of-bounds in mcp2221_raw_event+0x1070/0x10a0 [ 121.310794][ C0] Read of size 1 at addr ffff888055143fff by task kworker/0:6/5929 [ 121.318678][ C0] [ 121.320997][ C0] CPU: 0 UID: 0 PID: 5929 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT(full) [ 121.321022][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 121.321035][ C0] Workqueue: usb_hub_wq hub_event [ 121.321063][ C0] Call Trace: [ 121.321070][ C0] [ 121.321077][ C0] dump_stack_lvl+0x116/0x1f0 [ 121.321104][ C0] print_report+0xcd/0x630 [ 121.321127][ C0] ? __virt_addr_valid+0x81/0x610 [ 121.321154][ C0] ? __phys_addr+0xe8/0x180 [ 121.321180][ C0] ? mcp2221_raw_event+0x1070/0x10a0 [ 121.321208][ C0] kasan_report+0xe0/0x110 [ 121.321229][ C0] ? mcp2221_raw_event+0x1070/0x10a0 [ 121.321260][ C0] mcp2221_raw_event+0x1070/0x10a0 [ 121.321288][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 121.321312][ C0] __hid_input_report.constprop.0+0x311/0x450 [ 121.321336][ C0] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 121.321365][ C0] hid_irq_in+0x35e/0x870 [ 121.321394][ C0] __usb_hcd_giveback_urb+0x38b/0x610 [ 121.321414][ C0] usb_hcd_giveback_urb+0x39b/0x450 [ 121.321433][ C0] dummy_timer+0x1814/0x3a30 [ 121.321468][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 121.321489][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 121.321508][ C0] ? mark_held_locks+0x49/0x80 [ 121.321537][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 121.321560][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 121.321581][ C0] __hrtimer_run_queues+0x202/0xad0 [ 121.321607][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 121.321629][ C0] ? read_tsc+0x9/0x20 [ 121.321656][ C0] hrtimer_run_softirq+0x17d/0x350 [ 121.321679][ C0] handle_softirqs+0x219/0x8e0 [ 121.321705][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 121.321730][ C0] __irq_exit_rcu+0x109/0x170 [ 121.321758][ C0] irq_exit_rcu+0x9/0x30 [ 121.321781][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 121.321804][ C0] [ 121.321810][ C0] [ 121.321817][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 121.321839][ C0] RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10 [ 121.321866][ C0] Code: fb 09 00 00 44 8b 05 b9 8d 22 0f 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 af 69 3a 00 fb 65 48 8b 1d 5e c5 4d 12 <48> 8d bb 18 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 [ 121.321885][ C0] RSP: 0018:ffffc900043de7d8 EFLAGS: 00000206 [ 121.321902][ C0] RAX: 0000000000027b41 RBX: ffff888077c4a440 RCX: 0000000000000006 [ 121.321914][ C0] RDX: 0000000000000000 RSI: ffffffff8de52d59 RDI: ffffffff8c163400 [ 121.321926][ C0] RBP: ffffc900043de820 R08: 0000000000000001 R09: 0000000000000001 [ 121.321939][ C0] R10: ffffffff90ab7697 R11: 0000000000000000 R12: ffff8880b843a300 [ 121.321950][ C0] R13: ffff88807a3d8000 R14: ffff8880b843a300 R15: ffff8880b843b170 [ 121.321969][ C0] ? finish_task_switch.isra.0+0x221/0xc10 [ 121.321993][ C0] ? __switch_to+0x7a5/0x11a0 [ 121.322016][ C0] __schedule+0x1198/0x5de0 [ 121.322037][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 121.322065][ C0] ? __pfx___schedule+0x10/0x10 [ 121.322088][ C0] ? find_held_lock+0x2b/0x80 [ 121.322111][ C0] ? schedule+0x2d7/0x3a0 [ 121.322132][ C0] schedule+0xe7/0x3a0 [ 121.322152][ C0] schedule_hrtimeout_range_clock+0x217/0x320 [ 121.322173][ C0] ? __pfx_schedule_hrtimeout_range_clock+0x10/0x10 [ 121.322196][ C0] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 121.322217][ C0] ? ktime_get+0x200/0x310 [ 121.322243][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 121.322265][ C0] ? read_tsc+0x9/0x20 [ 121.322287][ C0] ? ktime_get+0x1a7/0x310 [ 121.322314][ C0] ? usleep_range_state+0x113/0x220 [ 121.322333][ C0] usleep_range_state+0x16c/0x220 [ 121.322353][ C0] ? __pfx_usleep_range_state+0x10/0x10 [ 121.322376][ C0] mcp2221_probe+0xa69/0xc50 [ 121.322404][ C0] ? __pfx_mcp2221_probe+0x10/0x10 [ 121.322431][ C0] hid_device_probe+0x363/0x720 [ 121.322453][ C0] ? __pfx_hid_device_probe+0x10/0x10 [ 121.322475][ C0] really_probe+0x241/0xa90 [ 121.322498][ C0] __driver_probe_device+0x1de/0x440 [ 121.322521][ C0] driver_probe_device+0x4c/0x1b0 [ 121.322544][ C0] __device_attach_driver+0x1df/0x310 [ 121.322568][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 121.322591][ C0] bus_for_each_drv+0x159/0x1e0 [ 121.322610][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 121.322629][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 121.322651][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 121.322675][ C0] __device_attach+0x1e4/0x4b0 [ 121.322698][ C0] ? __pfx___device_attach+0x10/0x10 [ 121.322722][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 121.322744][ C0] bus_probe_device+0x17f/0x1c0 [ 121.322772][ C0] device_add+0x1148/0x1aa0 [ 121.322799][ C0] ? __pfx_device_add+0x10/0x10 [ 121.322827][ C0] ? debugfs_create_file_full+0x41/0x60 [ 121.322856][ C0] hid_add_device+0x373/0xa60 [ 121.322878][ C0] ? __pfx_hid_add_device+0x10/0x10 [ 121.322898][ C0] ? lockdep_init_map_type+0x5c/0x280 [ 121.322917][ C0] ? lockdep_init_map_type+0x5c/0x280 [ 121.322937][ C0] usbhid_probe+0xd38/0x13f0 [ 121.322966][ C0] usb_probe_interface+0x303/0xa40 [ 121.322997][ C0] ? __pfx_usb_probe_interface+0x10/0x10 [ 121.323026][ C0] really_probe+0x241/0xa90 [ 121.323050][ C0] __driver_probe_device+0x1de/0x440 [ 121.323075][ C0] driver_probe_device+0x4c/0x1b0 [ 121.323098][ C0] __device_attach_driver+0x1df/0x310 [ 121.323122][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 121.323145][ C0] bus_for_each_drv+0x159/0x1e0 [ 121.323164][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 121.323183][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 121.323205][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 121.323229][ C0] __device_attach+0x1e4/0x4b0 [ 121.323252][ C0] ? __pfx___device_attach+0x10/0x10 [ 121.323275][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 121.323298][ C0] bus_probe_device+0x17f/0x1c0 [ 121.323322][ C0] device_add+0x1148/0x1aa0 [ 121.323350][ C0] ? __pfx_device_add+0x10/0x10 [ 121.323374][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 121.323406][ C0] usb_set_configuration+0x1187/0x1e20 [ 121.323439][ C0] ? __pfx_usb_generic_driver_probe+0x10/0x10 [ 121.323461][ C0] usb_generic_driver_probe+0xb1/0x110 [ 121.323484][ C0] usb_probe_device+0xef/0x3e0 [ 121.323509][ C0] ? __pfx_usb_probe_device+0x10/0x10 [ 121.323534][ C0] really_probe+0x241/0xa90 [ 121.323557][ C0] __driver_probe_device+0x1de/0x440 [ 121.323580][ C0] ? usb_driver_applicable+0x1c7/0x220 [ 121.323610][ C0] driver_probe_device+0x4c/0x1b0 [ 121.323634][ C0] __device_attach_driver+0x1df/0x310 [ 121.323658][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 121.323681][ C0] bus_for_each_drv+0x159/0x1e0 [ 121.323700][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 121.323718][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 121.323744][ C0] __device_attach+0x1e4/0x4b0 [ 121.323772][ C0] ? __pfx___device_attach+0x10/0x10 [ 121.323794][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 121.323817][ C0] bus_probe_device+0x17f/0x1c0 [ 121.323838][ C0] device_add+0x1148/0x1aa0 [ 121.323864][ C0] ? __pfx_device_add+0x10/0x10 [ 121.323895][ C0] usb_new_device+0xd07/0x1a60 [ 121.323922][ C0] ? do_raw_spin_lock+0x12c/0x2b0 [ 121.323942][ C0] ? __pfx_usb_new_device+0x10/0x10 [ 121.323968][ C0] ? mark_held_locks+0x49/0x80 [ 121.323997][ C0] hub_event+0x2f34/0x4fe0 [ 121.324032][ C0] ? __pfx_hub_event+0x10/0x10 [ 121.324056][ C0] ? assoc_array_insert+0x1520/0x3970 [ 121.324090][ C0] ? rcu_is_watching+0x12/0xc0 [ 121.324115][ C0] process_one_work+0x9cc/0x1b70 [ 121.324141][ C0] ? __pfx_hcd_resume_work+0x10/0x10 [ 121.324168][ C0] ? __pfx_process_one_work+0x10/0x10 [ 121.324192][ C0] ? assign_work+0x1a0/0x250 [ 121.324211][ C0] worker_thread+0x6c8/0xf10 [ 121.324234][ C0] ? __kthread_parkme+0x19e/0x250 [ 121.324261][ C0] ? __pfx_worker_thread+0x10/0x10 [ 121.324282][ C0] kthread+0x3c2/0x780 [ 121.324301][ C0] ? __pfx_kthread+0x10/0x10 [ 121.324320][ C0] ? rcu_is_watching+0x12/0xc0 [ 121.324342][ C0] ? __pfx_kthread+0x10/0x10 [ 121.324362][ C0] ret_from_fork+0x56a/0x730 [ 121.324379][ C0] ? __pfx_kthread+0x10/0x10 [ 121.324398][ C0] ret_from_fork_asm+0x1a/0x30 [ 121.324425][ C0] [ 121.324432][ C0] [ 122.105048][ C0] Allocated by task 6519: [ 122.109350][ C0] kasan_save_stack+0x33/0x60 [ 122.114010][ C0] kasan_save_track+0x14/0x30 [ 122.118666][ C0] __kasan_slab_alloc+0x89/0x90 [ 122.123494][ C0] kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 122.129442][ C0] kmalloc_reserve+0x18b/0x2c0 [ 122.134194][ C0] __alloc_skb+0x166/0x380 [ 122.138589][ C0] inet6_rt_notify+0x1e0/0x4b0 [ 122.143339][ C0] fib6_del+0xf60/0x1770 [ 122.147558][ C0] fib6_clean_node+0x424/0x5b0 [ 122.152301][ C0] fib6_walk_continue+0x452/0x8d0 [ 122.157308][ C0] fib6_walk+0x182/0x370 [ 122.161537][ C0] fib6_clean_tree+0xd4/0x110 [ 122.166196][ C0] __fib6_clean_all+0x107/0x2d0 [ 122.171031][ C0] rt6_disable_ip+0x2ec/0x990 [ 122.175688][ C0] addrconf_ifdown.isra.0+0x11d/0x1aa0 [ 122.181126][ C0] addrconf_notify+0x220/0x19e0 [ 122.185956][ C0] notifier_call_chain+0xb9/0x410 [ 122.190965][ C0] call_netdevice_notifiers_info+0xbe/0x140 [ 122.196845][ C0] netif_close_many+0x319/0x630 [ 122.201682][ C0] unregister_netdevice_many_notify+0x563/0x24c0 [ 122.207994][ C0] unregister_netdevice_queue+0x305/0x3f0 [ 122.213702][ C0] __tun_detach+0x1249/0x1540 [ 122.218362][ C0] tun_chr_close+0xc2/0x230 [ 122.222847][ C0] __fput+0x3ff/0xb70 [ 122.226810][ C0] task_work_run+0x150/0x240 [ 122.231379][ C0] exit_to_user_mode_loop+0xeb/0x110 [ 122.236646][ C0] do_syscall_64+0x41c/0x4e0 [ 122.241218][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.247088][ C0] [ 122.249389][ C0] Freed by task 6519: [ 122.253341][ C0] kasan_save_stack+0x33/0x60 [ 122.257994][ C0] kasan_save_track+0x14/0x30 [ 122.262648][ C0] kasan_save_free_info+0x3b/0x60 [ 122.267657][ C0] __kasan_slab_free+0x60/0x70 [ 122.272397][ C0] kmem_cache_free+0x2d1/0x4d0 [ 122.277137][ C0] skb_free_head+0x1b7/0x210 [ 122.281704][ C0] skb_release_data+0x795/0x9e0 [ 122.286533][ C0] consume_skb+0xbf/0x100 [ 122.290846][ C0] netlink_broadcast_filtered+0x3ee/0xf90 [ 122.296547][ C0] nlmsg_notify+0x9e/0x220 [ 122.300948][ C0] inet6_rt_notify+0x355/0x4b0 [ 122.305699][ C0] fib6_del+0xf60/0x1770 [ 122.309922][ C0] fib6_clean_node+0x424/0x5b0 [ 122.314664][ C0] fib6_walk_continue+0x452/0x8d0 [ 122.319671][ C0] fib6_walk+0x182/0x370 [ 122.323897][ C0] fib6_clean_tree+0xd4/0x110 [ 122.328556][ C0] __fib6_clean_all+0x107/0x2d0 [ 122.333390][ C0] rt6_disable_ip+0x2ec/0x990 [ 122.338045][ C0] addrconf_ifdown.isra.0+0x11d/0x1aa0 [ 122.343483][ C0] addrconf_notify+0x220/0x19e0 [ 122.348311][ C0] notifier_call_chain+0xb9/0x410 [ 122.353320][ C0] call_netdevice_notifiers_info+0xbe/0x140 [ 122.359200][ C0] netif_close_many+0x319/0x630 [ 122.364034][ C0] unregister_netdevice_many_notify+0x563/0x24c0 [ 122.370341][ C0] unregister_netdevice_queue+0x305/0x3f0 [ 122.376043][ C0] __tun_detach+0x1249/0x1540 [ 122.380712][ C0] tun_chr_close+0xc2/0x230 [ 122.385214][ C0] __fput+0x3ff/0xb70 [ 122.389180][ C0] task_work_run+0x150/0x240 [ 122.393753][ C0] exit_to_user_mode_loop+0xeb/0x110 [ 122.399018][ C0] do_syscall_64+0x41c/0x4e0 [ 122.403590][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.409461][ C0] [ 122.411782][ C0] The buggy address belongs to the object at ffff888055143a80 [ 122.411782][ C0] which belongs to the cache skbuff_small_head of size 704 [ 122.426342][ C0] The buggy address is located 703 bytes to the right of [ 122.426342][ C0] allocated 704-byte region [ffff888055143a80, ffff888055143d40) [ 122.440984][ C0] [ 122.443294][ C0] The buggy address belongs to the physical page: [ 122.449680][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888055143740 pfn:0x55140 [ 122.459721][ C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 122.468199][ C0] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 122.476678][ C0] page_type: f5(slab) [ 122.480641][ C0] raw: 00fff00000000240 ffff8881416adb40 ffffea000160e110 ffffea0000ae7410 [ 122.489203][ C0] raw: ffff888055143740 0000000000130011 00000000f5000000 0000000000000000 [ 122.497766][ C0] head: 00fff00000000240 ffff8881416adb40 ffffea000160e110 ffffea0000ae7410 [ 122.506417][ C0] head: ffff888055143740 0000000000130011 00000000f5000000 0000000000000000 [ 122.515068][ C0] head: 00fff00000000002 ffffea0001545001 00000000ffffffff 00000000ffffffff [ 122.523714][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 122.532360][ C0] page dumped because: kasan: bad access detected [ 122.538743][ C0] page_owner tracks the page as allocated [ 122.544433][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5965, tgid 5962 (syz.2.6), ts 69378322135, free_ts 16276826519 [ 122.565336][ C0] post_alloc_hook+0x1c0/0x230 [ 122.570089][ C0] get_page_from_freelist+0x132b/0x38e0 [ 122.575614][ C0] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 122.581485][ C0] alloc_pages_mpol+0x1fb/0x550 [ 122.586315][ C0] new_slab+0x247/0x330 [ 122.590454][ C0] ___slab_alloc+0xcf2/0x1750 [ 122.595124][ C0] __slab_alloc.constprop.0+0x56/0xb0 [ 122.600486][ C0] kmem_cache_alloc_node_noprof+0xf5/0x3b0 [ 122.606270][ C0] kmalloc_reserve+0x18b/0x2c0 [ 122.611019][ C0] __alloc_skb+0x166/0x380 [ 122.615416][ C0] alloc_skb_with_frags+0xe0/0x860 [ 122.620512][ C0] sock_alloc_send_pskb+0x7fb/0x990 [ 122.625686][ C0] __ip_append_data+0x2149/0x41c0 [ 122.630697][ C0] ip_make_skb+0x27f/0x300 [ 122.635097][ C0] udp_sendmsg+0x17d7/0x2870 [ 122.639669][ C0] inet_sendmsg+0x105/0x140 [ 122.644149][ C0] page last free pid 1 tgid 1 stack trace: [ 122.649928][ C0] __free_frozen_pages+0x7d5/0x10f0 [ 122.655109][ C0] free_contig_range+0x183/0x4b0 [ 122.660031][ C0] destroy_args+0x794/0xc10 [ 122.664512][ C0] debug_vm_pgtable+0x1a32/0x3640 [ 122.669514][ C0] do_one_initcall+0x120/0x6e0 [ 122.674260][ C0] kernel_init_freeable+0x5c2/0x910 [ 122.679437][ C0] kernel_init+0x1c/0x2b0 [ 122.683752][ C0] ret_from_fork+0x56a/0x730 [ 122.688319][ C0] ret_from_fork_asm+0x1a/0x30 [ 122.693062][ C0] [ 122.695365][ C0] Memory state around the buggy address: [ 122.700975][ C0] ffff888055143e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 122.709012][ C0] ffff888055143f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 122.717048][ C0] >ffff888055143f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 122.725080][ C0] ^ [ 122.733026][ C0] ffff888055144000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 122.741063][ C0] ffff888055144080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 122.749097][ C0] ================================================================== [ 122.757131][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 122.764300][ C0] CPU: 0 UID: 0 PID: 5929 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT(full) [ 122.773648][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 122.783683][ C0] Workqueue: usb_hub_wq hub_event [ 122.788705][ C0] Call Trace: [ 122.791968][ C0] [ 122.794795][ C0] dump_stack_lvl+0x3d/0x1f0 [ 122.799370][ C0] vpanic+0x6e8/0x7a0 [ 122.803343][ C0] ? __pfx_vpanic+0x10/0x10 [ 122.807833][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 122.812845][ C0] ? mcp2221_raw_event+0x1070/0x10a0 [ 122.818122][ C0] panic+0xca/0xd0 [ 122.821830][ C0] ? __pfx_panic+0x10/0x10 [ 122.826234][ C0] ? end_report+0x4c/0x170 [ 122.830633][ C0] ? rcu_is_watching+0x12/0xc0 [ 122.835379][ C0] ? lock_release+0x201/0x2f0 [ 122.840045][ C0] check_panic_on_warn+0xab/0xb0 [ 122.844963][ C0] end_report+0x107/0x170 [ 122.849273][ C0] kasan_report+0xee/0x110 [ 122.853677][ C0] ? mcp2221_raw_event+0x1070/0x10a0 [ 122.858954][ C0] mcp2221_raw_event+0x1070/0x10a0 [ 122.864054][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 122.869845][ C0] __hid_input_report.constprop.0+0x311/0x450 [ 122.875895][ C0] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 122.881342][ C0] hid_irq_in+0x35e/0x870 [ 122.885662][ C0] __usb_hcd_giveback_urb+0x38b/0x610 [ 122.891013][ C0] usb_hcd_giveback_urb+0x39b/0x450 [ 122.896189][ C0] dummy_timer+0x1814/0x3a30 [ 122.900770][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 122.905688][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 122.910612][ C0] ? mark_held_locks+0x49/0x80 [ 122.915363][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 122.921155][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 122.926072][ C0] __hrtimer_run_queues+0x202/0xad0 [ 122.931260][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 122.936961][ C0] ? read_tsc+0x9/0x20 [ 122.941016][ C0] hrtimer_run_softirq+0x17d/0x350 [ 122.946109][ C0] handle_softirqs+0x219/0x8e0 [ 122.950858][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 122.956128][ C0] __irq_exit_rcu+0x109/0x170 [ 122.960789][ C0] irq_exit_rcu+0x9/0x30 [ 122.965014][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 122.970632][ C0] [ 122.973544][ C0] [ 122.976456][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 122.982417][ C0] RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10 [ 122.988814][ C0] Code: fb 09 00 00 44 8b 05 b9 8d 22 0f 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 af 69 3a 00 fb 65 48 8b 1d 5e c5 4d 12 <48> 8d bb 18 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 [ 123.008403][ C0] RSP: 0018:ffffc900043de7d8 EFLAGS: 00000206 [ 123.014448][ C0] RAX: 0000000000027b41 RBX: ffff888077c4a440 RCX: 0000000000000006 [ 123.022406][ C0] RDX: 0000000000000000 RSI: ffffffff8de52d59 RDI: ffffffff8c163400 [ 123.030355][ C0] RBP: ffffc900043de820 R08: 0000000000000001 R09: 0000000000000001 [ 123.038303][ C0] R10: ffffffff90ab7697 R11: 0000000000000000 R12: ffff8880b843a300 [ 123.046253][ C0] R13: ffff88807a3d8000 R14: ffff8880b843a300 R15: ffff8880b843b170 [ 123.054209][ C0] ? finish_task_switch.isra.0+0x221/0xc10 [ 123.059999][ C0] ? __switch_to+0x7a5/0x11a0 [ 123.064659][ C0] __schedule+0x1198/0x5de0 [ 123.069142][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 123.074938][ C0] ? __pfx___schedule+0x10/0x10 [ 123.079777][ C0] ? find_held_lock+0x2b/0x80 [ 123.084446][ C0] ? schedule+0x2d7/0x3a0 [ 123.088755][ C0] schedule+0xe7/0x3a0 [ 123.092807][ C0] schedule_hrtimeout_range_clock+0x217/0x320 [ 123.098854][ C0] ? __pfx_schedule_hrtimeout_range_clock+0x10/0x10 [ 123.105443][ C0] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 123.110625][ C0] ? ktime_get+0x200/0x310 [ 123.115026][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 123.120205][ C0] ? read_tsc+0x9/0x20 [ 123.124258][ C0] ? ktime_get+0x1a7/0x310 [ 123.128661][ C0] ? usleep_range_state+0x113/0x220 [ 123.133839][ C0] usleep_range_state+0x16c/0x220 [ 123.138847][ C0] ? __pfx_usleep_range_state+0x10/0x10 [ 123.144375][ C0] mcp2221_probe+0xa69/0xc50 [ 123.148963][ C0] ? __pfx_mcp2221_probe+0x10/0x10 [ 123.154074][ C0] hid_device_probe+0x363/0x720 [ 123.158913][ C0] ? __pfx_hid_device_probe+0x10/0x10 [ 123.164266][ C0] really_probe+0x241/0xa90 [ 123.168755][ C0] __driver_probe_device+0x1de/0x440 [ 123.174023][ C0] driver_probe_device+0x4c/0x1b0 [ 123.179030][ C0] __device_attach_driver+0x1df/0x310 [ 123.184386][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 123.190264][ C0] bus_for_each_drv+0x159/0x1e0 [ 123.195101][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 123.200457][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 123.205643][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 123.211435][ C0] __device_attach+0x1e4/0x4b0 [ 123.216182][ C0] ? __pfx___device_attach+0x10/0x10 [ 123.221453][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 123.226634][ C0] bus_probe_device+0x17f/0x1c0 [ 123.231469][ C0] device_add+0x1148/0x1aa0 [ 123.235961][ C0] ? __pfx_device_add+0x10/0x10 [ 123.240799][ C0] ? debugfs_create_file_full+0x41/0x60 [ 123.246332][ C0] hid_add_device+0x373/0xa60 [ 123.250993][ C0] ? __pfx_hid_add_device+0x10/0x10 [ 123.256168][ C0] ? lockdep_init_map_type+0x5c/0x280 [ 123.261518][ C0] ? lockdep_init_map_type+0x5c/0x280 [ 123.266868][ C0] usbhid_probe+0xd38/0x13f0 [ 123.271448][ C0] usb_probe_interface+0x303/0xa40 [ 123.276556][ C0] ? __pfx_usb_probe_interface+0x10/0x10 [ 123.282177][ C0] really_probe+0x241/0xa90 [ 123.286672][ C0] __driver_probe_device+0x1de/0x440 [ 123.291940][ C0] driver_probe_device+0x4c/0x1b0 [ 123.296963][ C0] __device_attach_driver+0x1df/0x310 [ 123.302318][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 123.308193][ C0] bus_for_each_drv+0x159/0x1e0 [ 123.313020][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 123.318370][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 123.323552][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 123.329340][ C0] __device_attach+0x1e4/0x4b0 [ 123.334086][ C0] ? __pfx___device_attach+0x10/0x10 [ 123.339353][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 123.344548][ C0] bus_probe_device+0x17f/0x1c0 [ 123.349397][ C0] device_add+0x1148/0x1aa0 [ 123.353896][ C0] ? __pfx_device_add+0x10/0x10 [ 123.358734][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 123.364096][ C0] usb_set_configuration+0x1187/0x1e20 [ 123.369547][ C0] ? __pfx_usb_generic_driver_probe+0x10/0x10 [ 123.375598][ C0] usb_generic_driver_probe+0xb1/0x110 [ 123.381038][ C0] usb_probe_device+0xef/0x3e0 [ 123.385787][ C0] ? __pfx_usb_probe_device+0x10/0x10 [ 123.391144][ C0] really_probe+0x241/0xa90 [ 123.395630][ C0] __driver_probe_device+0x1de/0x440 [ 123.400900][ C0] ? usb_driver_applicable+0x1c7/0x220 [ 123.406351][ C0] driver_probe_device+0x4c/0x1b0 [ 123.411357][ C0] __device_attach_driver+0x1df/0x310 [ 123.416722][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 123.422607][ C0] bus_for_each_drv+0x159/0x1e0 [ 123.427438][ C0] ? __pfx_bus_for_each_drv+0x10/0x10 [ 123.432789][ C0] ? __pfx___device_attach_driver+0x10/0x10 [ 123.438668][ C0] __device_attach+0x1e4/0x4b0 [ 123.443524][ C0] ? __pfx___device_attach+0x10/0x10 [ 123.448791][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 123.453972][ C0] bus_probe_device+0x17f/0x1c0 [ 123.458802][ C0] device_add+0x1148/0x1aa0 [ 123.463293][ C0] ? __pfx_device_add+0x10/0x10 [ 123.468132][ C0] usb_new_device+0xd07/0x1a60 [ 123.472885][ C0] ? do_raw_spin_lock+0x12c/0x2b0 [ 123.477890][ C0] ? __pfx_usb_new_device+0x10/0x10 [ 123.483072][ C0] ? mark_held_locks+0x49/0x80 [ 123.487825][ C0] hub_event+0x2f34/0x4fe0 [ 123.492235][ C0] ? __pfx_hub_event+0x10/0x10 [ 123.496985][ C0] ? assoc_array_insert+0x1520/0x3970 [ 123.502347][ C0] ? rcu_is_watching+0x12/0xc0 [ 123.507113][ C0] process_one_work+0x9cc/0x1b70 [ 123.512036][ C0] ? __pfx_hcd_resume_work+0x10/0x10 [ 123.517306][ C0] ? __pfx_process_one_work+0x10/0x10 [ 123.522664][ C0] ? assign_work+0x1a0/0x250 [ 123.527237][ C0] worker_thread+0x6c8/0xf10 [ 123.531810][ C0] ? __kthread_parkme+0x19e/0x250 [ 123.536823][ C0] ? __pfx_worker_thread+0x10/0x10 [ 123.541914][ C0] kthread+0x3c2/0x780 [ 123.545964][ C0] ? __pfx_kthread+0x10/0x10 [ 123.550536][ C0] ? rcu_is_watching+0x12/0xc0 [ 123.555280][ C0] ? __pfx_kthread+0x10/0x10 [ 123.559852][ C0] ret_from_fork+0x56a/0x730 [ 123.564422][ C0] ? __pfx_kthread+0x10/0x10 [ 123.568989][ C0] ret_from_fork_asm+0x1a/0x30 [ 123.573742][ C0] [ 123.576928][ C0] Kernel Offset: disabled [ 123.581224][ C0] Rebooting in 86400 seconds..