last executing test programs: 24.7723551s ago: executing program 0 (id=1149): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) prlimit64(r0, 0xb, &(0x7f0000000140)={0xfffffffffffffff3, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, 0x1, 0x7}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='rcu_stall_warning\x00', r3, 0x0, 0x3}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x7809786e) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0) read(r6, 0x0, 0x0) fsmount(r5, 0x0, 0x0) ptrace$getsig(0x4202, 0x0, 0x2, &(0x7f0000000300)) tkill(0x0, 0xb) 23.183836491s ago: executing program 2 (id=1158): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) prlimit64(r0, 0xb, &(0x7f0000000140)={0xfffffffffffffff3, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, 0x1, 0x7}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000380)='rcu_stall_warning\x00', r4, 0x0, 0x3}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x7809786e) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r7 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r8 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0) read(r8, 0x0, 0x0) fsmount(r6, 0x0, 0x0) ptrace$getsig(0x4202, 0x0, 0x2, &(0x7f0000000300)) tkill(r7, 0xb) 21.44870542s ago: executing program 3 (id=1162): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x38, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x54583}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty}}}], 0x20}}], 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r6, 0xc058534b, &(0x7f0000000440)={0x80}) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 20.839055767s ago: executing program 4 (id=1164): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = syz_open_dev$radio(&(0x7f0000000140), 0x3, 0x2) io_setup(0x3, &(0x7f0000000180)=0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="88f3e01af117fb0e4aebd1c4a44bd77a41f2d9d1714687054d34cf860cca13f964d38235bb551525964a4639f0a74f143faa93caa7c1e04089119e571cf9d3ed697587259fd10f3337a7cbcc3a939f155dd15268dbbd65f6a7a70b99"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup3(r5, r4, 0x0) connect$unix(r6, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x7, 0xb, &(0x7f0000000300)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r7 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000071122000000000009500000700"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, 0x0) r10 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) dup(r10) io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x300, 0x0, 0x5, 0x0, r0, 0x0}]) syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) 20.634387368s ago: executing program 0 (id=1165): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00') preadv(r1, &(0x7f0000001240)=[{&(0x7f0000000040)=""/18, 0x12}], 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6(0xa, 0x1, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x11, 0x4, 0x0, 0x0, 0x44, 0x64, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x4, 0x0, 0x0, 0x9}, @timestamp_prespec={0x44, 0x24, 0x2e, 0x3, 0x1, [{@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@rand_addr=0x64010102}]}, @noop, @noop, @lsrr={0x83, 0x3, 0xdc}, @noop]}}}}}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='tracefs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2204c3b, &(0x7f0000000380)={[{@gid}]}) r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) r9 = dup(r8) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000001040)) write$UHID_INPUT(r9, &(0x7f0000001040)={0xa, {"a2e3ad08ed6b52f99cfbf4c087f71e9b3d0963ff7fc6e5539b9b3b0a8b9b441b4552101b080d29558f0e1ac6e7049b3468959b189a242a9b4bf3988f7ef319520700ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) write$binfmt_script(r7, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x80010, 0xffffffffffffffff, 0x0) dup(r3) 18.792113736s ago: executing program 2 (id=1168): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) write(0xffffffffffffffff, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r4 = dup(r3) ioctl$BLKROSET(r4, 0x125d, 0x0) ioctl$BLKRRPART(r4, 0x125f, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x19, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x800005, 0x11, 0xffffffffffffffff, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0xb81a, @any, 0x7ff}, 0xe) socket$kcm(0x10, 0x2, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x2, {0x1, @rand_addr=0x64010102}}, 0x1e) 18.790755128s ago: executing program 3 (id=1169): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = syz_open_dev$radio(&(0x7f0000000140), 0x3, 0x2) io_setup(0x3, &(0x7f0000000180)=0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="88f3e01af117fb0e4aebd1c4a44bd77a41f2d9d1714687054d34cf860cca13f964d38235bb551525964a4639f0a74f143faa93caa7c1e04089119e571cf9d3ed697587259fd10f3337a7cbcc3a939f155dd15268dbbd65f6a7a70b99"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup3(r5, r4, 0x0) connect$unix(r6, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x7, 0xb, &(0x7f0000000300)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r7 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000071122000000000009500000700"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) r10 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) dup(r10) io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x300, 0x0, 0x5, 0x0, r0, 0x0}]) syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) 18.78988635s ago: executing program 4 (id=1170): r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000b80)={0x0, 0x52f1, 0x10100, 0x3}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) openat$qrtrtun(0xffffffffffffff9c, &(0x7f00000001c0), 0x80) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r4, &(0x7f0000000300)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @remote}, 0x14) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00') preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000480)=""/187, 0xbb}], 0x1, 0x4c, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) socket(0x23, 0x5, 0x0) syz_open_dev$dri(0x0, 0xf8d, 0x200000) openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000c00)={0x2020}, 0x2020) sched_setscheduler(0x0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04131d07c900ff7fc9000300c90000fd04192d02c900bb480100363a00000100"], 0x20) r7 = socket$igmp6(0xa, 0x3, 0x2) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'wg2\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x92, 0x1, 0x8}}}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008840}, 0x0) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) r10 = gettid() fcntl$lock(r9, 0x25, &(0x7f0000004fc0)={0x2, 0x1, 0x8, 0x0, r10}) connect$inet6(r9, &(0x7f0000000040)={0xa, 0x4e22, 0x6, @mcast2}, 0x1c) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 17.205411301s ago: executing program 3 (id=1172): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) write(0xffffffffffffffff, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r4 = dup(r3) ioctl$BLKROSET(r4, 0x125d, 0x0) ioctl$BLKRRPART(r4, 0x125f, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x19, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x800005, 0x11, 0xffffffffffffffff, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0xb81a, @any, 0x7ff}, 0xe) socket$kcm(0x10, 0x2, 0x0) r5 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r5, &(0x7f0000000080)={0x18, 0x2, {0x1, @rand_addr=0x64010102}}, 0x1e) 17.160722006s ago: executing program 4 (id=1173): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7040000080000008500000095000000950006000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) getpid() r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x30000000}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x50, 0x6000000}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x2}, {0x3, 0x3, 0x6, 0xa, 0xa}, {0x7, 0x1, 0x2, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x3, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 16.405041212s ago: executing program 2 (id=1174): r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_open_dev$loop(0x0, 0xc, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x120801, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x8, &(0x7f0000001c40)=ANY=[], &(0x7f0000000580)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @cgroup_sock_addr, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x8}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1200000004000000040000000c00000000000000", @ANYRES32, @ANYBLOB="000000f500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={r1, 0x58, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340), 0x4) r6 = dup3(r2, r0, 0x80000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x17, &(0x7f00000007c0)=@raw=[@map_fd={0x18, 0x9, 0x1, 0x0, r6}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x240}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10001}}], &(0x7f0000000180)='GPL\x00', 0xe54, 0x0, &(0x7f00000001c0), 0x41100, 0x10, '\x00', r4, 0x25, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000500)={0x0, 0x6, 0x7fff, 0x13}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000540)=[r6, r3, 0xffffffffffffffff, r3, r3, r3, r3, r3], &(0x7f00000005c0)=[{0x4, 0x1, 0xd, 0xa}], 0x10, 0xb94, @void, @value}, 0x94) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r7 = getpid() sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x4) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001e61e410b1134200557b0102030109021b0001000000000904000001cf28fc000905e20040"], 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x0, 0x20000000) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x1d, 0x2, 0x0) r10 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r10) socket(0x22, 0x2, 0x3) getpeername$packet(r10, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, 0xffffffffffffffff) close_range(r1, 0xffffffffffffffff, 0x0) 16.404310331s ago: executing program 0 (id=1175): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x38, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x54583}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty}}}], 0x20}}], 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r6, 0xc058534b, &(0x7f0000000440)={0x80}) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 15.847586713s ago: executing program 4 (id=1176): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0x47f) bind$inet(r0, &(0x7f00000002c0)={0x2, 0x4e21}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000040)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000440)={0x0, 0x8001, 0xfffe}, 0x14) shutdown(r0, 0x2) 15.683714659s ago: executing program 1 (id=1177): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000000), &(0x7f00000000c0)=0x40) (fail_nth: 1) 15.656570855s ago: executing program 0 (id=1178): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0xc, &(0x7f0000000500)=@framed={{0x18, 0x2, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x87}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (fail_nth: 3) 15.655507564s ago: executing program 3 (id=1179): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x2a, 0x2, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newlink={0x44, 0x10, 0xffffff1f, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x290, 0x46212}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r2}]}}}, @IFLA_MTU={0x8, 0x4, 0x40000500}]}, 0x44}}, 0x0) 15.618691272s ago: executing program 4 (id=1180): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = syz_open_dev$radio(&(0x7f0000000140), 0x3, 0x2) io_setup(0x3, &(0x7f0000000180)=0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="88f3e01af117fb0e4aebd1c4a44bd77a41f2d9d1714687054d34cf860cca13f964d38235bb551525964a4639f0a74f143faa93caa7c1e04089119e571cf9d3ed697587259fd10f3337a7cbcc3a939f155dd15268dbbd65f6a7a70b99"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup3(r5, r4, 0x0) connect$unix(r6, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x7, 0xb, &(0x7f0000000300)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r7 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000071122000000000009500000700"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) ioctl$BTRFS_IOC_SEND(0xffffffffffffffff, 0x40489426, 0x0) r10 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) dup(r10) io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x300, 0x0, 0x5, 0x0, r0, 0x0}]) syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) 15.011785008s ago: executing program 1 (id=1181): socket$netlink(0x10, 0x3, 0x0) io_setup(0x3, &(0x7f0000000140)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='jbd2_shrink_scan_exit\x00', 0xffffffffffffffff, 0x0, 0x7c}, 0x18) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x0, 0x2b8, 0xb0000010, 0x2, 0x5c8f0200, 0x388, 0x3a8, 0x3a8, 0x388, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x248, 0x290, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0xf1, 0x0, 0x33, 0x0, 0x0, 0x1, 0x7fffffff}}}, @common=@unspec=@limit={{0x48}, {0x0, 0x3}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x206, 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00'}, 0x10) syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="02c83020001c0001000b0204004c00000002080400030003080303080000000200d3"], 0x25) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) close(r5) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000005580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0ebe097fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822a0269a660e717a04becff0f7191070000000000002ea37e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7ae22e16c6c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85ecb29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bba3d005585bf07d70e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56bd86acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbf"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="2f000000f0fbb25f69"], 0x20) 15.011240688s ago: executing program 3 (id=1182): syz_init_net_socket$ax25(0x3, 0x2, 0xcf) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x2) (async) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) syz_open_dev$tty1(0xc, 0x4, 0x1) (async) sched_setscheduler(r0, 0x6, &(0x7f0000000000)=0xffff7fff) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r4 = dup(r3) ioctl$KVM_CAP_HYPERV_VP_INDEX(r4, 0x4068aea3, 0x0) syz_emit_ethernet(0x3b6, &(0x7f00000003c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff86dd6043009303803afffe800000000000000000000000000000ff02000000000000000000000000000186009078000000000000000000000000000aa78ce5400659808000ffffc0fe4023493b87aafaffffffffffffff2373247202fa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0502000100000000000000000800ee000018fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978001d06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000000bd47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0192107fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e4163ed09bdb581c9fe68a356f542b0430509da61bfb02b3235e1d16212fb00145e14f0e74d2d52cfb3f27fafb60845f90b6dfc87c6905bbc94d33e45"], 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) sched_setscheduler(0x0, 0x2, 0x0) (async) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) (async) ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @remote}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0xe, {0x2, 0x4e20, @multicast2}, 'ip6tnl0\x00'}) (async) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r6, &(0x7f0000000080)=[{&(0x7f0000000b40)=""/119, 0x77}, {0x0}], 0x2, 0x4000ffe, 0x0) (async) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) ioctl$SNDCTL_SYNTH_INFO(r7, 0xc08c5102, &(0x7f0000000080)={"500111940cbe927c256e2726cf78bdac279de5c00935968beac00022b139", 0xfffffff4, 0x1, 0x1, 0x101, 0xffffffff, 0x2, 0x6, 0x5, [0x10004, 0x800, 0x3, 0x7, 0x6, 0x7, 0xfffffff9, 0x3, 0xfffffffd, 0x4, 0x3, 0x8, 0x3, 0x20, 0x0, 0xdd83, 0x7, 0x2, 0x7f]}) (async) syz_open_dev$tty1(0xc, 0x4, 0x1) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r1, &(0x7f0000000c80)=[{{&(0x7f00000000c0)={0xa, 0x4e22, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f0000001900)=[{&(0x7f0000000240)="ad30b68484b2c5f0967bc045f364223f332e0017021cd36885c5b27bf4f23c98d57c26ba1bd89adedae55ba15daa277b571a57962ce9c75c3d726f5528035c54efffe7e8a29b2e8c9c35b19e7c7a54883f023efb20b1549a6bc8255567da4e0167e36cf7aa39dfb5356330f0353455bcdd2f53d1d931db6a95cb2b3262bbe78eb9e64d1bc6e01e8dc956cb1a6e90b709d4e0cb82", 0x94}], 0x1}}, {{&(0x7f0000000100)={0xa, 0x4e24, 0x1, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000800)="2c0095deae2ef8cac1b43a5a076066e66475dcce825567809b2932bebc9ddc43ca9591939fcf99301c3fce694b8fc2436d7eeee41b23ad913dc068c35282af8247d346368d7b7d338beb610a8c70b3ab7c46bd7012d62d53b55f8cb50cdecc3bb7e71c26e5fe13ae154785bc58175f7dee3a63059d3cf061b6c77d5b5cfca42196011c7b38603fe62386d18b4c9ec55beec8fc8876b38d446051bd2c161aeb", 0x9f}, {0x0}, {&(0x7f0000000300)}, {&(0x7f0000000980)="a0ec6ca0069aa3563485f724dd51748370389882e9c85ca8f0630bb2fb609ddcfa6aece36ddeadaa0ccabe26f65ba279800d5993c6718c666856b18ea1eb37779369c60bb27aa9fbd228b7ab", 0x4c}], 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000290000000080000000000000000000001400000000000000290000000b0000000000000200000000280000000000000029000000390000007302020000000000ff011800"/86], 0x58}}, {{&(0x7f0000000a80)={0xa, 0x4e24, 0xa, @ipv4={'\x00', '\xff\xff', @remote}, 0x9}, 0x1c, &(0x7f0000000ac0), 0x0, &(0x7f0000000c40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}], 0x18}}], 0x3, 0x0) socket$netlink(0x10, 0x3, 0x4) 15.010853023s ago: executing program 3 (id=1183): syz_usb_connect(0x1, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f000200000009050502"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x0, &(0x7f0000000300)=0x103) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = dup(r7) ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000480)=ANY=[@ANYBLOB="73000000000000008b"]) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffff", @ANYRES16=r2, @ANYRES8=r1, @ANYRES32=r3, @ANYBLOB], 0x1c}}, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r1) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r9 = getpid() sched_setaffinity(r4, 0x8, &(0x7f0000000340)=0x101) sched_setscheduler(r9, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r10, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r11, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 13.916318043s ago: executing program 0 (id=1184): set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000040), 0x604840, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r1, 0x5452, &(0x7f0000002300)={{}, 0x0, 0xc, @inherit={0x0, 0x0}, @subvolid=0x1}) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000280)={@broadcast, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0xc, &(0x7f00000007c0)=ANY=[], 0x0, 0x1004000, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x89, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$MRT_FLUSH(r5, 0x0, 0xd4, &(0x7f0000000200)=0x41c16f48c89e823e, 0x4) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58) accept(r6, &(0x7f00000001c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, &(0x7f0000000240)=0x80) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) clock_adjtime(0x0, &(0x7f0000000340)={0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffc99a3b}) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) 13.465392545s ago: executing program 1 (id=1185): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) write(0xffffffffffffffff, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r4 = dup(r3) ioctl$BLKROSET(r4, 0x125d, 0x0) ioctl$BLKRRPART(r4, 0x125f, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x19, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x800005, 0x11, 0xffffffffffffffff, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0xb81a, @any, 0x7ff}, 0xe) socket$kcm(0x10, 0x2, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x2, {0x1, @rand_addr=0x64010102}}, 0x1e) 13.462284803s ago: executing program 4 (id=1186): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000b40d504010000000000000109022400010000000009"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0x160001, 0x0, [0x0, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0, 0x0, 0x29]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000140)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e066f30fa7c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x54}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13.365900359s ago: executing program 2 (id=1187): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020100000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a32000000001400000011001f"], 0x7c}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000008c0)={0x20, 0x0, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24004000}, 0x4) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) process_vm_readv(0x0, &(0x7f0000001140)=[{&(0x7f0000000200)=""/92, 0x57}, {&(0x7f0000004240)=""/4100, 0x1004}], 0x70, &(0x7f00000011c0)=[{0xffffffffffffffff}], 0x1, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = dup(r3) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000e006"]) 12.799743021s ago: executing program 1 (id=1188): sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xffffffffffffff18, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c913000180f0ffffeb", 0x1dd}], 0x1}, 0x0) r0 = socket(0x10, 0x80002, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001c00071bab0925000900070007ab08000c000000f0007e93210001c000000000000000000000000000039915fa2c1ec28670e9889bb94b46fe0000000a0002", 0xff82) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492856, 0x0) 12.742880863s ago: executing program 1 (id=1189): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_x25_SIOCADDRT(r0, 0x890b, &(0x7f0000000780)={@remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}, 0xfffffffc, 'bridge_slave_1\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) capset(&(0x7f0000000480)={0x19980330}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x8}) r3 = socket(0xa, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, 0x0, 0x2a8) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000340)=ANY=[@ANYBLOB="580000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000300012800c0001006d6163766c616e0020000280080001001000000008000300000000000a000400aaaaaaaaaaaa000008000500", @ANYRES32=r4, @ANYBLOB], 0x58}}, 0x0) 12.733805128s ago: executing program 2 (id=1190): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0x47f) bind$inet(r0, &(0x7f00000002c0)={0x2, 0x4e21}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000040)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000440)={0x0, 0x8001, 0xfffe}, 0x14) shutdown(r0, 0x2) 12.71276718s ago: executing program 0 (id=1191): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0) write$UHID_CREATE2(r1, &(0x7f00000006c0)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0x85, 0x9, 0x7, 0x9, 0x8, 0x8, "9611badc6b619a26c6d82aacf662157c1a55fe4b594c8fec199a0a4337d2d4cd6098318d6f6ccb239395fb7b39d8c3eae3b449ae8ef96ae927b4bc9fdc9524d00d8976e227920e81e229f86e5c97f5568ede56db963166511941ca0bfb620d3248fb811fe26f6779b3e3ea1a80845e4145f8500416824dbd16a183575e469352fbd6da9a88"}}, 0x19d) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x18) r4 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r4) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r5, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000004ac0)=""/102389, 0x18ff5}], 0x1}}], 0x1, 0x0, 0x0) write$binfmt_elf64(r5, &(0x7f00000000c0)=ANY=[], 0xc63b9e35) 12.560628355s ago: executing program 1 (id=1192): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0) write$UHID_CREATE2(r1, &(0x7f00000006c0)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0x85, 0x9, 0x7, 0x9, 0x8, 0x8, "9611badc6b619a26c6d82aacf662157c1a55fe4b594c8fec199a0a4337d2d4cd6098318d6f6ccb239395fb7b39d8c3eae3b449ae8ef96ae927b4bc9fdc9524d00d8976e227920e81e229f86e5c97f5568ede56db963166511941ca0bfb620d3248fb811fe26f6779b3e3ea1a80845e4145f8500416824dbd16a183575e469352fbd6da9a88"}}, 0x19d) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x18) r4 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r4) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r4}) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r5, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000004ac0)=""/102389, 0x18ff5}], 0x1}}], 0x1, 0x0, 0x0) write$binfmt_elf64(r5, &(0x7f00000000c0)=ANY=[], 0xc63b9e35) 12.56013854s ago: executing program 2 (id=1193): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4001, 0x3, 0x2b0, 0x138, 0x0, 0x148, 0x0, 0x148, 0x218, 0x240, 0x240, 0x218, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00'}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@connlabel={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ip6erspan0\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310) syz_emit_ethernet(0x86, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a00000000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e000000000000000000140000001100010000000000000000000000000ae5e1e8ddfea2b2165f45cbc04696bd27ccaf9db16e6883bfddfe1f660e9a0616854984e5a4de56b236a859a2c24db6797b4087c86759d81af64746cdd0"], 0x80}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000180)={@dev, @multicast, @val={@void, {0x8864}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1, @empty}}}}}}, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) lseek(r2, 0x0, 0x0) syz_genetlink_get_family_id$smc(&(0x7f0000000000), r2) syz_emit_ethernet(0x11a, &(0x7f0000000040)={@local, @broadcast, @void, {@ipv4={0x800, @tipc={{0xf, 0x4, 0x3, 0x3, 0x10c, 0x66, 0x0, 0x7, 0x6, 0x0, @local, @local, {[@timestamp_addr={0x44, 0x4, 0x80, 0x1, 0x3}, @timestamp={0x44, 0x24, 0x14, 0x0, 0x0, [0xb8a, 0x7ff, 0x80000001, 0xfffffffe, 0x97, 0x80, 0x3, 0xcb]}]}}, @name_distributor={{0xd0, 0x0, 0x0, 0x0, 0x0, 0xa, 0xb, 0x2, 0x9, 0x0, 0x0, 0x3, 0x4, 0x1, 0x4e24, 0x4e22, 0x2, 0x3}, [{0x80000000, 0x8e, 0x9, 0x80000001, 0x401, 0x4, 0x7, 0x1}, {0x9, 0x5, 0x1, 0x2, 0x9, 0xffffffff, 0x3, 0xffffffb}, {0xffffffc6, 0xe, 0x1, 0x6, 0x7, 0xffffffff, 0x1, 0x7}, {0x8, 0x8, 0x9, 0xf, 0xfffff22f, 0x0, 0x5, 0x3}, {0x5, 0x80000000, 0x97, 0x1000, 0x7a, 0x9, 0xb, 0xffffff2}, {0xfffffff7, 0x80000001, 0x7, 0xffffffff, 0xda4c, 0x4, 0xd, 0xbd60}]}}}}}, 0x0) 0s ago: executing program 32 (id=1183): syz_usb_connect(0x1, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f000200000009050502"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x0, &(0x7f0000000300)=0x103) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = dup(r7) ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000480)=ANY=[@ANYBLOB="73000000000000008b"]) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffff", @ANYRES16=r2, @ANYRES8=r1, @ANYRES32=r3, @ANYBLOB], 0x1c}}, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r1) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r9 = getpid() sched_setaffinity(r4, 0x8, &(0x7f0000000340)=0x101) sched_setscheduler(r9, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r10, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r11, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0) kernel console output (not intermixed with test programs): es leftover after parsing attributes in process `syz.4.704'. [ 287.655413][ T5874] usb 1-1: USB disconnect, device number 34 [ 288.412920][ T8651] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 289.283905][ T5874] libceph: connect (1)[c::]:6789 error -101 [ 289.289941][ T5874] libceph: mon0 (1)[c::]:6789 connect error [ 289.380913][ T8639] ceph: No mds server is up or the cluster is laggy [ 290.467442][ T8682] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 291.712593][ T5874] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 291.883240][ T5874] usb 3-1: Using ep0 maxpacket: 8 [ 291.925945][ T5874] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 292.269713][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.297726][ T5874] usb 3-1: Product: syz [ 292.304043][ T5874] usb 3-1: Manufacturer: syz [ 292.311823][ T5874] usb 3-1: SerialNumber: syz [ 292.339346][ T5874] usb 3-1: config 0 descriptor?? [ 292.664070][ T8702] netlink: 24 bytes leftover after parsing attributes in process `syz.4.724'. [ 292.705744][ T5874] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 292.722801][ T5834] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 292.837612][ T8705] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 293.302542][ T9] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 293.323858][ T5834] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 293.342425][ T5834] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 293.353748][ T5834] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 293.363576][ T5834] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 293.377656][ T5834] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 293.386891][ T5834] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.401610][ T5834] usb 1-1: config 0 descriptor?? [ 293.452512][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 293.465172][ T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 293.474543][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.507272][ T9] usb 2-1: Product: syz [ 293.511514][ T9] usb 2-1: Manufacturer: syz [ 293.516625][ T9] usb 2-1: SerialNumber: syz [ 293.553327][ T9] usb 2-1: config 0 descriptor?? [ 294.521918][ T8712] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 294.557475][ T5826] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 294.629759][ T9] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 294.649051][ T5834] usbhid 1-1:0.0: can't add hid device: -71 [ 294.656572][ T5834] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 294.815059][ T5834] usb 1-1: USB disconnect, device number 35 [ 294.873494][ T5874] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 294.884580][ T5874] usb 3-1: USB disconnect, device number 25 [ 295.622081][ T8731] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 296.158375][ T9] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 296.367882][ T9] usb 2-1: USB disconnect, device number 31 [ 296.788990][ T8741] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 297.252498][ T5826] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 297.282502][ T9] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 297.454934][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 297.526014][ T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 297.556957][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.588133][ T9] usb 2-1: Product: syz [ 297.598236][ T9] usb 2-1: Manufacturer: syz [ 297.603102][ T5878] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 297.621441][ T9] usb 2-1: SerialNumber: syz [ 297.634488][ T9] usb 2-1: config 0 descriptor?? [ 297.772432][ T5878] usb 3-1: Using ep0 maxpacket: 8 [ 297.779225][ T5878] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 297.792159][ T5878] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 297.807617][ T5878] usb 3-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 297.831698][ T5878] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 297.841079][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.860770][ T9] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 297.889255][ T5878] usbtmc 3-1:16.0: bulk endpoints not found [ 297.943604][ T8745] ceph: No mds server is up or the cluster is laggy [ 297.959074][ T45] libceph: connect (1)[c::]:6789 error -101 [ 297.965201][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 298.103082][ T5878] usb 3-1: USB disconnect, device number 26 [ 298.964783][ T8762] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 299.035710][ T5826] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 300.825361][ T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 300.846469][ T9] dvbdev: DVB: registering new adapter (TerraTec NOXON DAB Stick) [ 300.854424][ T9] usb 2-1: media controller created [ 300.867812][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 301.719095][ T9] i2c i2c-1: Added multiplexed i2c bus 2 [ 301.724904][ T9] rtl2832 1-0010: Realtek RTL2832 successfully attached [ 301.732037][ T9] usb 2-1: DVB: registering adapter 1 frontend 0 (Realtek RTL2832 (DVB-T))... [ 301.741873][ T9] dvbdev: dvb_create_media_entity: media entity 'Realtek RTL2832 (DVB-T)' registered. [ 301.752630][ T45] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 301.921415][ T9] DVB: Unable to find symbol r820t_attach() [ 302.000701][ T9] usb 2-1: USB disconnect, device number 32 [ 302.042782][ T45] usb 4-1: Using ep0 maxpacket: 32 [ 302.053358][ T45] usb 4-1: config 0 has an invalid interface number: 250 but max is 0 [ 302.062223][ T45] usb 4-1: config 0 has no interface number 0 [ 302.207182][ T25] usb 3-1: new full-speed USB device number 27 using dummy_hcd [ 302.443510][ T45] usb 4-1: New USB device found, idVendor=04f1, idProduct=1001, bcdDevice=19.63 [ 302.497686][ T25] usb 3-1: config 1 interface 0 altsetting 245 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 302.542753][ T25] usb 3-1: config 1 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 302.615376][ T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.637415][ T45] usb 4-1: Product: syz [ 302.641603][ T45] usb 4-1: Manufacturer: syz [ 302.646641][ T25] usb 3-1: config 1 interface 0 has no altsetting 0 [ 302.672199][ T45] usb 4-1: SerialNumber: syz [ 302.679488][ T25] usb 3-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice= 0.40 [ 302.693389][ T45] usb 4-1: config 0 descriptor?? [ 302.702543][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.713472][ T45] gspca_main: sunplus-2.14.0 probing 04f1:1001 [ 302.731098][ T25] usb 3-1: Product: syz [ 302.742405][ T25] usb 3-1: Manufacturer: syz [ 302.752767][ T25] usb 3-1: SerialNumber: syz [ 302.768807][ T8777] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 302.802605][ T9] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 303.035584][ T8791] netlink: 'syz.3.746': attribute type 1 has an invalid length. [ 303.072436][ T45] gspca_sunplus: reg_w_riv err -71 [ 303.077637][ T45] sunplus 4-1:0.250: probe with driver sunplus failed with error -71 [ 303.077683][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 303.089840][ T45] usb 4-1: USB disconnect, device number 28 [ 303.176151][ T8795] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 303.669674][ T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 303.705518][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.731225][ T25] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input26 [ 303.735803][ T9] usb 2-1: Product: syz [ 303.754408][ T8791] netlink: 8 bytes leftover after parsing attributes in process `syz.3.746'. [ 303.763279][ T9] usb 2-1: Manufacturer: syz [ 303.768249][ T9] usb 2-1: SerialNumber: syz [ 303.772435][ T8791] netlink: 4 bytes leftover after parsing attributes in process `syz.3.746'. [ 303.784813][ T9] usb 2-1: config 0 descriptor?? [ 303.862901][ T965] libceph: connect (1)[c::]:6789 error -101 [ 303.869070][ T965] libceph: mon0 (1)[c::]:6789 connect error [ 303.894375][ T8791] bond1 (unregistering): Released all slaves [ 303.925888][ T8797] ceph: No mds server is up or the cluster is laggy [ 303.993701][ T8804] netlink: 4 bytes leftover after parsing attributes in process `syz.0.747'. [ 304.037906][ T8804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.747'. [ 304.099126][ T9] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 304.245332][ T5185] bcm5974 3-1:1.0: could not read from device [ 304.658511][ T5185] bcm5974 3-1:1.0: could not read from device [ 304.703312][ T5834] usb 3-1: USB disconnect, device number 27 [ 304.709463][ T7648] bcm5974 3-1:1.0: could not read from device [ 304.723562][ T5185] bcm5974 3-1:1.0: could not read from device [ 305.442759][ T45] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 305.657762][ T45] usb 1-1: Using ep0 maxpacket: 32 [ 305.680030][ T45] usb 1-1: config 0 has an invalid interface number: 250 but max is 0 [ 305.712529][ T45] usb 1-1: config 0 has no interface number 0 [ 305.731049][ T45] usb 1-1: New USB device found, idVendor=04f1, idProduct=1001, bcdDevice=19.63 [ 305.782534][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.810615][ T45] usb 1-1: Product: syz [ 305.828218][ T45] usb 1-1: Manufacturer: syz [ 305.835658][ T8820] netlink: 4 bytes leftover after parsing attributes in process `syz.2.751'. [ 305.848521][ T45] usb 1-1: SerialNumber: syz [ 305.861580][ T45] usb 1-1: config 0 descriptor?? [ 305.872547][ T8820] netlink: 8 bytes leftover after parsing attributes in process `syz.2.751'. [ 305.881061][ T45] gspca_main: sunplus-2.14.0 probing 04f1:1001 [ 306.402685][ T45] gspca_sunplus: reg_w_riv err -110 [ 306.420648][ T45] sunplus 1-1:0.250: probe with driver sunplus failed with error -110 [ 306.751432][ T9] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 306.769601][ T9] usb 2-1: USB disconnect, device number 33 [ 306.920147][ T8831] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 307.067599][ T5826] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 307.731171][ T8842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.757'. [ 307.769576][ T8842] netlink: 8 bytes leftover after parsing attributes in process `syz.3.757'. [ 307.796893][ T8842] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (458764) [ 307.812504][ T8842] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 307.849597][ T45] usb 1-1: USB disconnect, device number 36 [ 308.192421][ T965] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 308.286423][ T8849] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 308.577355][ T965] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 308.637515][ T965] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.711257][ T965] usb 5-1: Product: syz [ 308.733724][ T965] usb 5-1: Manufacturer: syz [ 308.770964][ T965] usb 5-1: SerialNumber: syz [ 308.821565][ T965] r8152-cfgselector 5-1: Unknown version 0x0000 [ 308.827888][ T965] r8152-cfgselector 5-1: config 0 descriptor?? [ 311.503776][ T5834] r8152-cfgselector 5-1: USB disconnect, device number 20 [ 311.701514][ T8867] netlink: 4 bytes leftover after parsing attributes in process `syz.4.765'. [ 311.772865][ T8867] netlink: 8 bytes leftover after parsing attributes in process `syz.4.765'. [ 311.795016][ T8870] sg_write: data in/out 11/14 bytes for SCSI command 0x0-- guessing data in; [ 311.795016][ T8870] program syz.2.762 not setting count and/or reply_len properly [ 312.062625][ T29] audit: type=1400 audit(1731060723.233:551): avc: denied { read write } for pid=8863 comm="syz.2.762" name="sg0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 312.135143][ T29] audit: type=1400 audit(1731060723.233:552): avc: denied { open } for pid=8863 comm="syz.2.762" path="/dev/sg0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 312.470895][ T29] audit: type=1400 audit(1731060723.823:553): avc: denied { mount } for pid=8863 comm="syz.2.762" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 312.542502][ T29] audit: type=1400 audit(1731060723.983:554): avc: denied { unmount } for pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 312.562491][ C0] vkms_vblank_simulate: vblank timer overrun [ 313.082528][ T5834] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 313.483029][ T5834] usb 2-1: Using ep0 maxpacket: 32 [ 313.498410][ T5834] usb 2-1: config 0 has an invalid interface number: 250 but max is 0 [ 313.518580][ T5834] usb 2-1: config 0 has no interface number 0 [ 313.537251][ T5834] usb 2-1: New USB device found, idVendor=04f1, idProduct=1001, bcdDevice=19.63 [ 313.550292][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.558708][ T5834] usb 2-1: Product: syz [ 313.569937][ T5834] usb 2-1: Manufacturer: syz [ 313.575276][ T5834] usb 2-1: SerialNumber: syz [ 313.665714][ T25] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 313.697475][ T5834] usb 2-1: config 0 descriptor?? [ 313.725947][ T5834] gspca_main: sunplus-2.14.0 probing 04f1:1001 [ 313.904184][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 314.063655][ T25] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 314.077757][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 314.109093][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 314.165810][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 314.192698][ T25] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 314.272710][ T5834] gspca_sunplus: reg_w_riv err -110 [ 314.278079][ T5834] sunplus 2-1:0.250: probe with driver sunplus failed with error -110 [ 314.353450][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.376695][ T25] usb 3-1: config 0 descriptor?? [ 314.495248][ T8908] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 314.683312][ T8886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.732404][ T8886] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.747334][ T8886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.757638][ T8886] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.776457][ T8886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.786705][ T8886] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.799248][ T8886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.809465][ T8886] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.823421][ T8886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.832091][ T8886] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.843026][ T5826] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 315.041355][ T29] audit: type=1400 audit(1731060726.483:555): avc: denied { read } for pid=8912 comm="syz.2.775" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 315.050793][ T25] usbhid 3-1:0.0: can't add hid device: -71 [ 315.077830][ T25] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 315.082502][ T29] audit: type=1400 audit(1731060726.483:556): avc: denied { open } for pid=8912 comm="syz.2.775" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 315.088506][ T25] usb 3-1: USB disconnect, device number 28 [ 315.126100][ T29] audit: type=1400 audit(1731060726.483:557): avc: denied { ioctl } for pid=8912 comm="syz.2.775" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 315.292957][ T5883] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 315.442580][ T5883] usb 1-1: Using ep0 maxpacket: 8 [ 315.453380][ T5883] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 315.478279][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.495999][ T5883] usb 1-1: Product: syz [ 315.510823][ T5883] usb 1-1: Manufacturer: syz [ 315.524922][ T5883] usb 1-1: SerialNumber: syz [ 315.627429][ T965] usb 2-1: USB disconnect, device number 34 [ 315.639305][ T5883] usb 1-1: config 0 descriptor?? [ 316.268319][ T5883] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 316.292498][ T29] audit: type=1400 audit(1731060727.733:558): avc: denied { connect } for pid=8914 comm="syz.3.777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 316.402525][ T5834] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 317.607342][ T965] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 317.673289][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.679768][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.803274][ T5834] usb 5-1: Using ep0 maxpacket: 8 [ 317.810372][ T5834] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 317.813442][ T965] usb 3-1: Using ep0 maxpacket: 32 [ 317.819124][ T5834] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 317.835256][ T5834] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 317.848324][ T5834] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 317.857480][ T5834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.869486][ T8937] netlink: 32 bytes leftover after parsing attributes in process `syz.3.782'. [ 317.880209][ T5834] usbtmc 5-1:16.0: bulk endpoints not found [ 317.912304][ T965] usb 3-1: config 0 has an invalid interface number: 250 but max is 0 [ 317.920724][ T965] usb 3-1: config 0 has no interface number 0 [ 318.006958][ T965] usb 3-1: New USB device found, idVendor=04f1, idProduct=1001, bcdDevice=19.63 [ 318.016138][ T965] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.024363][ T965] usb 3-1: Product: syz [ 318.028549][ T965] usb 3-1: Manufacturer: syz [ 318.042435][ T965] usb 3-1: SerialNumber: syz [ 318.073208][ T965] usb 3-1: config 0 descriptor?? [ 318.091663][ T965] gspca_main: sunplus-2.14.0 probing 04f1:1001 [ 318.134611][ T5834] usb 5-1: USB disconnect, device number 21 [ 318.291083][ T25] libceph: connect (1)[c::]:6789 error -101 [ 318.308444][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 318.574253][ T25] libceph: connect (1)[c::]:6789 error -101 [ 318.591179][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 318.602575][ T965] gspca_sunplus: reg_w_riv err -110 [ 318.607843][ T965] sunplus 3-1:0.250: probe with driver sunplus failed with error -110 [ 318.835421][ T8942] ceph: No mds server is up or the cluster is laggy [ 319.260738][ T965] libceph: connect (1)[c::]:6789 error -101 [ 319.266849][ T965] libceph: mon0 (1)[c::]:6789 connect error [ 319.333533][ T8960] FAULT_INJECTION: forcing a failure. [ 319.333533][ T8960] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 319.872394][ T965] libceph: connect (1)[c::]:6789 error -101 [ 319.892131][ T8960] CPU: 0 UID: 0 PID: 8960 Comm: syz.1.787 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 319.902750][ T8960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 319.912825][ T8960] Call Trace: [ 319.916100][ T8960] [ 319.919027][ T8960] dump_stack_lvl+0x16c/0x1f0 [ 319.923710][ T8960] should_fail_ex+0x497/0x5b0 [ 319.928403][ T8960] ? fs_reclaim_acquire+0xae/0x150 [ 319.933519][ T8960] should_fail_alloc_page+0xe7/0x130 [ 319.938839][ T8960] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 319.945010][ T8960] __alloc_pages_noprof+0x190/0x25a0 [ 319.950306][ T8960] ? bpf_trace_run4+0x2ba/0x5a0 [ 319.955171][ T8960] ? __pfx_mark_lock+0x10/0x10 [ 319.959935][ T8960] ? psi_task_switch+0x203/0x8e0 [ 319.964885][ T8960] ? find_held_lock+0x2d/0x110 [ 319.969663][ T8960] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 319.975410][ T8960] ? __pfx_lock_release+0x10/0x10 [ 319.980429][ T8960] ? mark_held_locks+0x9f/0xe0 [ 319.985175][ T8960] ? finish_task_switch.isra.0+0x217/0xcc0 [ 319.990963][ T8960] ? lockdep_hardirqs_on+0x7c/0x110 [ 319.996152][ T8960] ? finish_task_switch.isra.0+0x217/0xcc0 [ 320.001954][ T8960] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 320.007847][ T8960] ? policy_nodemask+0xea/0x4e0 [ 320.012694][ T8960] alloc_pages_mpol_noprof+0x2c9/0x610 [ 320.018150][ T8960] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 320.024122][ T8960] ? __pfx_mark_lock+0x10/0x10 [ 320.028886][ T8960] get_free_pages_noprof+0xc/0x40 [ 320.033925][ T8960] vcs_write+0x11b/0xdb0 [ 320.038204][ T8960] ? __pfx___might_resched+0x10/0x10 [ 320.043487][ T8960] ? __pfx_vcs_write+0x10/0x10 [ 320.048248][ T8960] ? inode_security+0x101/0x130 [ 320.053098][ T8960] loop_rw_iter+0x22e/0x590 [ 320.057599][ T8960] io_write+0xf85/0x13d0 [ 320.061831][ T8960] io_issue_sqe+0x175/0x13d0 [ 320.066412][ T8960] io_submit_sqes+0x9b4/0x2530 [ 320.071168][ T8960] __do_sys_io_uring_enter+0xc0f/0x1170 [ 320.076718][ T8960] ? __fget_files+0x244/0x3f0 [ 320.081396][ T8960] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 320.087366][ T8960] ? xfd_validate_state+0x5d/0x180 [ 320.092461][ T8960] ? rcu_is_watching+0x12/0xc0 [ 320.097231][ T8960] do_syscall_64+0xcd/0x250 [ 320.101818][ T8960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.107712][ T8960] RIP: 0033:0x7f134ed7e719 [ 320.112111][ T8960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.131701][ T8960] RSP: 002b:00007f134fb1e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 320.140114][ T8960] RAX: ffffffffffffffda RBX: 00007f134ef35f80 RCX: 00007f134ed7e719 [ 320.148159][ T8960] RDX: 0000000000000000 RSI: 0000000000007a98 RDI: 0000000000000004 [ 320.156130][ T8960] RBP: 00007f134fb1e090 R08: 0000000000000000 R09: 0000000000000000 [ 320.164086][ T8960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.172040][ T8960] R13: 0000000000000000 R14: 00007f134ef35f80 R15: 00007ffd988d4d58 [ 320.180003][ T8960] [ 320.183726][ T965] libceph: mon0 (1)[c::]:6789 connect error [ 320.243185][ T5883] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 320.271045][ T5883] usb 1-1: USB disconnect, device number 37 [ 320.379449][ T965] usb 3-1: USB disconnect, device number 29 [ 320.412812][ T8954] ceph: No mds server is up or the cluster is laggy [ 320.884385][ T25] libceph: connect (1)[c::]:6789 error -101 [ 320.890833][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 321.075799][ T5834] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 321.350406][ T5834] usb 5-1: Using ep0 maxpacket: 16 [ 321.362524][ T965] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 321.373664][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 321.383984][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 321.421053][ T5834] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 321.461955][ T8970] ip6tnl1: entered promiscuous mode [ 321.491487][ T5834] usb 5-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=15.7a [ 321.512595][ T5834] usb 5-1: New USB device strings: Mfr=5, Product=2, SerialNumber=3 [ 321.532453][ T5834] usb 5-1: Product: syz [ 321.536761][ T5834] usb 5-1: Manufacturer: syz [ 321.541362][ T5834] usb 5-1: SerialNumber: syz [ 321.554099][ T965] usb 3-1: Using ep0 maxpacket: 32 [ 321.573931][ T5834] usb 5-1: config 0 descriptor?? [ 321.600910][ T5834] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 321.608584][ T965] usb 3-1: config 0 has an invalid interface number: 250 but max is 0 [ 321.619852][ T965] usb 3-1: config 0 has no interface number 0 [ 321.643637][ T965] usb 3-1: New USB device found, idVendor=04f1, idProduct=1001, bcdDevice=19.63 [ 321.663527][ T965] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.671551][ T965] usb 3-1: Product: syz [ 321.692531][ T965] usb 3-1: Manufacturer: syz [ 321.700525][ T965] usb 3-1: SerialNumber: syz [ 321.728192][ T965] usb 3-1: config 0 descriptor?? [ 321.750701][ T965] gspca_main: sunplus-2.14.0 probing 04f1:1001 [ 321.772679][ T7647] udevd[7647]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 321.862518][ T5883] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 321.897118][ T5834] usb 5-1: USB disconnect, device number 22 [ 321.902591][ T5874] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 322.013410][ T5883] usb 1-1: Using ep0 maxpacket: 8 [ 322.021484][ T5883] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 322.039185][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.047690][ T5883] usb 1-1: Product: syz [ 322.052229][ T5883] usb 1-1: Manufacturer: syz [ 322.062772][ T29] audit: type=1400 audit(1731060733.513:559): avc: denied { setopt } for pid=8983 comm="syz.3.794" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 322.064316][ T5874] usb 2-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 322.082634][ T5883] usb 1-1: SerialNumber: syz [ 322.101909][ T5874] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.110227][ T5883] usb 1-1: config 0 descriptor?? [ 322.134134][ T5874] usb 2-1: config 0 descriptor?? [ 322.241020][ T8984] netlink: 8 bytes leftover after parsing attributes in process `syz.3.794'. [ 322.302542][ T965] gspca_sunplus: reg_w_riv err -110 [ 322.325791][ T5883] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 322.327735][ T965] sunplus 3-1:0.250: probe with driver sunplus failed with error -110 [ 322.452708][ T29] audit: type=1400 audit(1731060733.893:560): avc: denied { ioctl } for pid=8990 comm="syz.4.796" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 322.542490][ T5834] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 322.547620][ T5874] usbhid 2-1:0.0: can't add hid device: -71 [ 322.559177][ T5874] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 322.575365][ T29] audit: type=1400 audit(1731060734.023:561): avc: denied { append } for pid=8993 comm="syz.4.797" name="media0" dev="devtmpfs" ino=929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 322.597949][ C1] vkms_vblank_simulate: vblank timer overrun [ 322.607614][ T5874] usb 2-1: USB disconnect, device number 35 [ 322.619717][ T6181] udevd[6181]: setting mode of /dev/bus/usb/002/035 to 020664 failed: No such file or directory [ 322.621091][ T29] audit: type=1400 audit(1731060734.023:562): avc: denied { create } for pid=8993 comm="syz.4.797" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 322.631896][ T6181] udevd[6181]: setting owner of /dev/bus/usb/002/035 to uid=0, gid=0 failed: No such file or directory [ 322.722606][ T5834] usb 4-1: Using ep0 maxpacket: 8 [ 322.729835][ T5834] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 322.741148][ T5834] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 322.751280][ T5834] usb 4-1: New USB device found, idVendor=09da, idProduct=022b, bcdDevice= 0.00 [ 322.760699][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.772000][ T5834] usb 4-1: config 0 descriptor?? [ 323.079616][ T29] audit: type=1400 audit(1731060734.513:563): avc: denied { create } for pid=8988 comm="syz.3.795" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 323.315193][ T5878] usb 3-1: USB disconnect, device number 30 [ 323.499939][ T9002] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '' [ 323.511712][ T29] audit: type=1400 audit(1731060734.963:564): avc: denied { setopt } for pid=9001 comm="syz.4.800" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 324.754475][ T5883] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 324.785091][ T29] audit: type=1400 audit(1731060734.983:565): avc: denied { connect } for pid=9001 comm="syz.4.800" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 325.372591][ T29] audit: type=1400 audit(1731060736.813:566): avc: denied { create } for pid=9010 comm="syz.4.802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 325.492632][ T5874] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 325.702799][ T29] audit: type=1400 audit(1731060736.993:567): avc: denied { mount } for pid=9010 comm="syz.4.802" name="/" dev="ramfs" ino=16940 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 325.703540][ T5883] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 325.725573][ T5874] usb 3-1: Using ep0 maxpacket: 32 [ 325.791907][ T5874] usb 3-1: config 0 has an invalid interface number: 250 but max is 0 [ 325.821338][ T5834] usbhid 4-1:0.0: can't add hid device: -71 [ 325.827433][ T5874] usb 3-1: config 0 has no interface number 0 [ 325.833696][ T5834] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 325.843745][ T29] audit: type=1804 audit(1731060737.193:568): pid=9014 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.802" name="/newroot/159/file0/bus" dev="ramfs" ino=16941 res=1 errno=0 [ 325.878297][ T5874] usb 3-1: New USB device found, idVendor=04f1, idProduct=1001, bcdDevice=19.63 [ 325.884264][ T5834] usb 4-1: USB disconnect, device number 29 [ 325.888393][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.901338][ T5874] usb 3-1: Product: syz [ 325.905559][ T5874] usb 3-1: Manufacturer: syz [ 325.910176][ T5874] usb 3-1: SerialNumber: syz [ 325.917032][ T5874] usb 3-1: config 0 descriptor?? [ 325.962445][ T5883] usb 2-1: Using ep0 maxpacket: 8 [ 326.012742][ T5874] gspca_main: sunplus-2.14.0 probing 04f1:1001 [ 326.046011][ T5883] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 326.062005][ T5878] usb 1-1: USB disconnect, device number 38 [ 326.071226][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.080341][ T5883] usb 2-1: Product: syz [ 326.085013][ T5883] usb 2-1: Manufacturer: syz [ 326.089619][ T5883] usb 2-1: SerialNumber: syz [ 326.106410][ T5883] usb 2-1: config 0 descriptor?? [ 326.262881][ T9022] FAULT_INJECTION: forcing a failure. [ 326.262881][ T9022] name fail_futex, interval 1, probability 0, space 0, times 1 [ 326.311188][ T9022] CPU: 0 UID: 0 PID: 9022 Comm: syz.0.805 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 326.321814][ T9022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 326.331870][ T9022] Call Trace: [ 326.332826][ T5826] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 326.335138][ T9022] [ 326.335149][ T9022] dump_stack_lvl+0x16c/0x1f0 [ 326.350360][ T9022] should_fail_ex+0x497/0x5b0 [ 326.355045][ T9022] get_futex_key+0x1bc/0x10a0 [ 326.359730][ T9022] ? __pfx_get_futex_key+0x10/0x10 [ 326.364847][ T9022] ? kasan_save_track+0x14/0x30 [ 326.369695][ T9022] ? __kasan_kmalloc+0xaa/0xb0 [ 326.374456][ T9022] futex_lock_pi+0x258/0x710 [ 326.379057][ T9022] ? __pfx_futex_lock_pi+0x10/0x10 [ 326.384188][ T9022] ? find_held_lock+0x2d/0x110 [ 326.388959][ T9022] ? __pfx_futex_wake_mark+0x10/0x10 [ 326.394255][ T9022] ? vfs_write+0x306/0x1150 [ 326.398774][ T9022] do_futex+0x11b/0x350 [ 326.402948][ T9022] ? __pfx_do_futex+0x10/0x10 [ 326.407634][ T9022] __x64_sys_futex+0x1e1/0x4c0 [ 326.412401][ T9022] ? fput+0x30/0x390 [ 326.416295][ T9022] ? __pfx___x64_sys_futex+0x10/0x10 [ 326.421591][ T9022] ? ksys_write+0x1ad/0x260 [ 326.426109][ T9022] ? __pfx_ksys_write+0x10/0x10 [ 326.430987][ T9022] do_syscall_64+0xcd/0x250 [ 326.435498][ T9022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.441409][ T9022] RIP: 0033:0x7f837417e719 [ 326.445822][ T9022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.465450][ T9022] RSP: 002b:00007f8374f9e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 326.473871][ T9022] RAX: ffffffffffffffda RBX: 00007f8374335f80 RCX: 00007f837417e719 [ 326.481845][ T9022] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000020000140 [ 326.489815][ T9022] RBP: 00007f8374f9e090 R08: 0000000000000000 R09: 0000000000000002 [ 326.497784][ T9022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 326.505759][ T9022] R13: 0000000000000000 R14: 00007f8374335f80 R15: 00007ffc3dded378 [ 326.513745][ T9022] [ 326.765252][ T5883] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 327.083445][ T5874] gspca_sunplus: reg_w_riv err -110 [ 327.179533][ T5874] sunplus 3-1:0.250: probe with driver sunplus failed with error -110 [ 327.317126][ T5878] usb 3-1: USB disconnect, device number 31 [ 327.626588][ T9036] netlink: 'syz.0.808': attribute type 1 has an invalid length. [ 327.666012][ T9036] bond2 (unregistering): Released all slaves [ 328.067102][ T25] libceph: connect (1)[c::]:6789 error -101 [ 328.076640][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 328.172416][ T5874] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 328.332427][ T965] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 328.340096][ T5874] usb 1-1: Using ep0 maxpacket: 8 [ 328.345956][ T25] libceph: connect (1)[c::]:6789 error -101 [ 328.352249][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 328.361095][ T5874] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 328.375486][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.390086][ T5874] usb 1-1: Product: syz [ 328.397611][ T5874] usb 1-1: Manufacturer: syz [ 328.405802][ T5874] usb 1-1: SerialNumber: syz [ 328.416317][ T5874] usb 1-1: config 0 descriptor?? [ 328.506134][ T9045] ceph: No mds server is up or the cluster is laggy [ 328.515957][ T965] usb 4-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 328.525136][ T965] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.562112][ T965] usb 4-1: config 0 descriptor?? [ 328.642723][ T5874] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 328.797814][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 328.797829][ T29] audit: type=1400 audit(1731060740.243:571): avc: denied { map } for pid=9050 comm="syz.2.812" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=732 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 328.860618][ T29] audit: type=1400 audit(1731060740.303:572): avc: denied { ioctl } for pid=9050 comm="syz.2.812" path="socket:[17240]" dev="sockfs" ino=17240 ioctlcmd=0x6721 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 328.902205][ T29] audit: type=1400 audit(1731060740.343:573): avc: denied { execmod } for pid=9050 comm="syz.2.812" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=732 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 328.930767][ T29] audit: type=1400 audit(1731060740.343:574): avc: denied { execute } for pid=9050 comm="syz.2.812" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=732 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 328.983440][ T965] usbhid 4-1:0.0: can't add hid device: -71 [ 328.989703][ T965] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 329.001992][ T965] usb 4-1: USB disconnect, device number 30 [ 329.195665][ T29] audit: type=1400 audit(1731060740.643:575): avc: denied { create } for pid=9054 comm="syz.4.813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 329.252092][ T29] audit: type=1400 audit(1731060740.693:576): avc: denied { ioctl } for pid=9054 comm="syz.4.813" path="socket:[17247]" dev="sockfs" ino=17247 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 329.276656][ C0] vkms_vblank_simulate: vblank timer overrun [ 329.645622][ T5883] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 329.681515][ T5883] usb 2-1: USB disconnect, device number 36 [ 330.557305][ T8] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 330.805958][ T8] usb 5-1: device descriptor read/64, error -71 [ 331.092560][ T8] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 331.710979][ T29] audit: type=1400 audit(1731060742.643:577): avc: denied { remount } for pid=9070 comm="syz.1.818" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 331.746132][ T5874] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 331.766169][ T8] usb 5-1: device descriptor read/64, error -71 [ 331.777381][ T5874] usb 1-1: USB disconnect, device number 39 [ 331.962450][ T8] usb usb5-port1: attempt power cycle [ 331.993004][ T29] audit: type=1400 audit(1731060743.433:578): avc: denied { read write } for pid=9084 comm="syz.2.821" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 332.016831][ T29] audit: type=1400 audit(1731060743.433:579): avc: denied { open } for pid=9084 comm="syz.2.821" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 332.040608][ T29] audit: type=1400 audit(1731060743.453:580): avc: denied { name_connect } for pid=9088 comm="syz.1.822" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 332.302551][ T8] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 332.335138][ T8] usb 5-1: device descriptor read/8, error -71 [ 332.549237][ T45] hid (null): invalid report_count 47633 [ 332.558910][ T45] hid-generic 0009:0007:0009.0011: invalid report_count 47633 [ 332.566685][ T45] hid-generic 0009:0007:0009.0011: item 0 2 1 9 parsing failed [ 332.574706][ T45] hid-generic 0009:0007:0009.0011: probe with driver hid-generic failed with error -22 [ 332.606069][ T9092] netlink: 68 bytes leftover after parsing attributes in process `syz.1.823'. [ 332.805805][ T9099] netlink: 8 bytes leftover after parsing attributes in process `syz.1.824'. [ 333.412507][ T8] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 333.542205][ T9105] netlink: 24 bytes leftover after parsing attributes in process `syz.4.827'. [ 333.652616][ T8] usb 5-1: device not accepting address 26, error -71 [ 333.662657][ T8] usb usb5-port1: unable to enumerate USB device [ 335.183119][ T5874] libceph: connect (1)[c::]:6789 error -101 [ 335.190090][ T5874] libceph: mon0 (1)[c::]:6789 connect error [ 335.201768][ T5874] libceph: connect (1)[c::]:6789 error -101 [ 335.213110][ T5874] libceph: mon0 (1)[c::]:6789 connect error [ 335.731329][ T5874] libceph: connect (1)[c::]:6789 error -101 [ 335.742827][ T9119] ceph: No mds server is up or the cluster is laggy [ 335.777816][ T5874] libceph: mon0 (1)[c::]:6789 connect error [ 335.859891][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 335.859907][ T29] audit: type=1400 audit(1731060747.303:582): avc: denied { sqpoll } for pid=9122 comm="syz.4.832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 335.864095][ T9141] ieee802154 phy0 wpan0: encryption failed: -90 [ 335.939241][ T9145] netlink: 32 bytes leftover after parsing attributes in process `syz.2.836'. [ 336.054189][ T29] audit: type=1400 audit(1731060747.503:583): avc: denied { read write } for pid=9148 comm="syz.0.837" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 336.178874][ T9153] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 336.188124][ T29] audit: type=1400 audit(1731060747.503:584): avc: denied { open } for pid=9148 comm="syz.0.837" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 336.305105][ T8] hid (null): invalid report_count 47633 [ 336.460646][ T8] hid-generic 0009:0007:0009.0012: invalid report_count 47633 [ 337.016092][ T8] hid-generic 0009:0007:0009.0012: item 0 2 1 9 parsing failed [ 337.024145][ T8] hid-generic 0009:0007:0009.0012: probe with driver hid-generic failed with error -22 [ 337.376098][ T29] audit: type=1400 audit(1731060748.823:585): avc: denied { create } for pid=9165 comm="syz.0.841" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 337.432461][ T29] audit: type=1400 audit(1731060748.863:586): avc: denied { getopt } for pid=9165 comm="syz.0.841" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 337.638411][ T29] audit: type=1400 audit(1731060748.863:587): avc: denied { read write } for pid=9165 comm="syz.0.841" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 337.638453][ T29] audit: type=1400 audit(1731060748.863:588): avc: denied { open } for pid=9165 comm="syz.0.841" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 338.024297][ T9186] netlink: 24 bytes leftover after parsing attributes in process `syz.3.843'. [ 338.800010][ T9191] ip6tnl1: entered promiscuous mode [ 339.849886][ T9202] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 339.997048][ T9204] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 340.128902][ T5826] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 340.408748][ T29] audit: type=1400 audit(1731060751.813:589): avc: denied { mount } for pid=9200 comm="syz.2.849" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 340.430452][ C1] vkms_vblank_simulate: vblank timer overrun [ 340.532851][ T29] audit: type=1400 audit(1731060751.903:590): avc: denied { unmount } for pid=9200 comm="syz.2.849" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 340.977124][ T9218] netlink: 68 bytes leftover after parsing attributes in process `syz.4.852'. [ 341.592682][ T29] audit: type=1400 audit(1731060752.423:591): avc: denied { write } for pid=9211 comm="syz.4.852" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 341.892552][ T5878] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 341.982726][ T29] audit: type=1400 audit(1731060752.423:592): avc: denied { nlmsg_write } for pid=9211 comm="syz.4.852" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 342.872423][ T5878] usb 5-1: Using ep0 maxpacket: 8 [ 342.879267][ T5878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 342.941194][ T5878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 342.964349][ T5878] usb 5-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 342.974190][ T5878] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.980989][ T9226] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 343.004359][ T9226] audit: out of memory in audit_log_start [ 343.019973][ T9226] IPVS: length: 128 != 24 [ 343.043219][ T5878] usb 5-1: config 0 descriptor?? [ 343.498695][ T5878] logitech 0003:046D:C24F.0013: hidraw0: USB HID v0.00 Device [HID 046d:c24f] on usb-dummy_hcd.4-1/input0 [ 343.517116][ T5878] logitech 0003:046D:C24F.0013: no inputs found [ 343.570219][ T9233] netlink: 24 bytes leftover after parsing attributes in process `syz.0.857'. [ 343.611783][ T9234] veth0_macvtap: left promiscuous mode [ 343.662518][ T29] audit: type=1400 audit(1731060755.113:593): avc: denied { map } for pid=9231 comm="syz.3.858" path="socket:[18043]" dev="sockfs" ino=18043 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 343.743059][ T9234] macvtap0: entered allmulticast mode [ 343.930888][ T9239] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 344.260934][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 344.403823][ T29] audit: type=1400 audit(1731060755.813:594): avc: denied { unlink } for pid=9231 comm="syz.3.858" name="#1" dev="tmpfs" ino=996 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 344.538424][ T29] audit: type=1400 audit(1731060755.833:595): avc: denied { mount } for pid=9231 comm="syz.3.858" name="/" dev="overlay" ino=991 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 344.796162][ T8] usb 5-1: USB disconnect, device number 27 [ 345.130237][ T9252] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 345.215855][ T5829] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 346.000599][ T9257] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 346.027438][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 346.856320][ T8] hid (null): invalid report_count 47633 [ 346.868221][ T8] hid-generic 0009:0007:0009.0014: invalid report_count 47633 [ 346.896206][ T8] hid-generic 0009:0007:0009.0014: item 0 2 1 9 parsing failed [ 347.208997][ T8] hid-generic 0009:0007:0009.0014: probe with driver hid-generic failed with error -22 [ 347.767138][ T9285] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 347.843797][ T5829] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 347.898392][ T29] audit: type=1400 audit(1731060759.343:596): avc: denied { create } for pid=9287 comm="syz.0.872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 348.018740][ T29] audit: type=1400 audit(1731060759.383:597): avc: denied { setopt } for pid=9287 comm="syz.0.872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 348.040276][ T29] audit: type=1400 audit(1731060759.403:598): avc: denied { write } for pid=9287 comm="syz.0.872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 348.062476][ T8] usb 2-1: new low-speed USB device number 37 using dummy_hcd [ 348.277489][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 348.295450][ T45] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 348.295517][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 348.313748][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 348.326915][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 348.337237][ T8] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 348.362945][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.377067][ T8] hub 2-1:1.0: bad descriptor, ignoring hub [ 348.388255][ T8] hub 2-1:1.0: probe with driver hub failed with error -5 [ 348.397595][ T8] cdc_wdm 2-1:1.0: skipping garbage [ 348.405708][ T8] cdc_wdm 2-1:1.0: skipping garbage [ 348.414975][ T8] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 348.420933][ T8] cdc_wdm 2-1:1.0: Unknown control protocol [ 348.604322][ T9300] netlink: 32 bytes leftover after parsing attributes in process `syz.4.876'. [ 348.718608][ T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 348.729851][ T45] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 348.739078][ T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.773165][ T45] usb 4-1: config 0 descriptor?? [ 349.167574][ T8] usb 2-1: USB disconnect, device number 37 [ 349.173877][ T9286] cdc_wdm 2-1:1.0: Error autopm - -16 [ 349.234029][ T45] keytouch 0003:0926:3333.0015: fixing up Keytouch IEC report descriptor [ 349.245210][ T45] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0015/input/input28 [ 349.392704][ T8] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 349.432458][ T29] audit: type=1400 audit(1731060760.843:599): avc: denied { create } for pid=9289 comm="syz.3.873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 349.452136][ T29] audit: type=1400 audit(1731060760.843:600): avc: denied { ioctl } for pid=9289 comm="syz.3.873" path="socket:[18726]" dev="sockfs" ino=18726 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 349.523069][ T45] keytouch 0003:0926:3333.0015: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 349.553104][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 349.571360][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 349.612419][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 349.654959][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.692576][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 349.735517][ T8] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 349.768660][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.779907][ C1] keyboard: can't emulate rawmode for keycode 240 [ 349.786910][ C1] keyboard: can't emulate rawmode for keycode 240 [ 349.794032][ C1] keyboard: can't emulate rawmode for keycode 240 [ 349.800845][ C1] keyboard: can't emulate rawmode for keycode 240 [ 349.807274][ C1] keyboard: can't emulate rawmode for keycode 240 [ 349.833366][ T8] hub 2-1:1.0: bad descriptor, ignoring hub [ 349.869710][ T8] hub 2-1:1.0: probe with driver hub failed with error -5 [ 349.911036][ T8] cdc_wdm 2-1:1.0: skipping garbage [ 349.922674][ T8] cdc_wdm 2-1:1.0: skipping garbage [ 349.949284][ T8] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 349.987836][ T8] cdc_wdm 2-1:1.0: Unknown control protocol [ 350.025687][ T9286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 350.057452][ T9286] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 350.115911][ T9286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 350.151522][ T9286] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 350.323444][ T8] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 350.359897][ T5883] usb 2-1: USB disconnect, device number 38 [ 350.993979][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 351.005473][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 351.042452][ T8] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 351.051533][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.085131][ T8] usb 3-1: config 0 descriptor?? [ 351.254328][ T5874] usb 4-1: USB disconnect, device number 31 [ 351.363420][ T9331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 351.391541][ T45] libceph: connect (1)[c::]:6789 error -101 [ 351.401298][ T9331] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 351.577197][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 351.590101][ T45] libceph: connect (1)[c::]:6789 error -101 [ 351.596208][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 351.607679][ T9330] ceph: No mds server is up or the cluster is laggy [ 351.811204][ T5874] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 352.017181][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 352.079680][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 352.281248][ T8] pyra 0003:1E7D:2CF6.0016: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0 [ 352.285198][ T5874] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 352.303759][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.323773][ T5874] usb 4-1: config 0 descriptor?? [ 352.348576][ T8] pyra 0003:1E7D:2CF6.0016: couldn't init struct pyra_device [ 352.356209][ T8] pyra 0003:1E7D:2CF6.0016: couldn't install mouse [ 352.378577][ T8] pyra 0003:1E7D:2CF6.0016: probe with driver pyra failed with error -5 [ 353.464283][ T5874] hid-multitouch 0003:1FD2:6007.0017: item fetching failed at offset 3/5 [ 353.473271][ T5874] hid-multitouch 0003:1FD2:6007.0017: probe with driver hid-multitouch failed with error -22 [ 353.703580][ T9352] netlink: 'syz.1.889': attribute type 29 has an invalid length. [ 354.309757][ T5878] usb 4-1: USB disconnect, device number 32 [ 354.345291][ T29] kauditd_printk_skb: 304 callbacks suppressed [ 354.345308][ T29] audit: type=1400 audit(1731060765.253:602): avc: denied { bind } for pid=9346 comm="syz.4.887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 354.410811][ T8] usb 3-1: USB disconnect, device number 32 [ 354.481605][ T29] audit: type=1400 audit(1731060765.253:603): avc: denied { connect } for pid=9346 comm="syz.4.887" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 354.503947][ T29] audit: type=1400 audit(1731060765.263:604): avc: denied { write } for pid=9346 comm="syz.4.887" laddr=::1 lport=7 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 354.525927][ C0] vkms_vblank_simulate: vblank timer overrun [ 354.539393][ T9352] netlink: 'syz.1.889': attribute type 29 has an invalid length. [ 354.729906][ T9359] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 355.004646][ T5829] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 355.246145][ T29] audit: type=1400 audit(1731060766.683:605): avc: denied { read write } for pid=9366 comm="syz.3.893" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 355.292125][ T29] audit: type=1400 audit(1731060766.683:606): avc: denied { open } for pid=9366 comm="syz.3.893" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 355.336826][ T29] audit: type=1400 audit(1731060766.683:607): avc: denied { ioctl } for pid=9366 comm="syz.3.893" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 355.482440][ T5878] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 355.695304][ T5878] usb 4-1: Using ep0 maxpacket: 16 [ 355.768503][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 355.850778][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 355.872559][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 355.892521][ T5878] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 356.003296][ T5878] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 356.025244][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.096256][ T9378] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 356.218941][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 356.557927][ T5878] usb 4-1: config 0 descriptor?? [ 357.043006][ T9389] netlink: 8 bytes leftover after parsing attributes in process `syz.2.899'. [ 357.070622][ T9389] netlink: 8 bytes leftover after parsing attributes in process `syz.2.899'. [ 357.090980][ T5878] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0 [ 357.103559][ T5878] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0018/input/input29 [ 357.184999][ T5878] microsoft 0003:045E:07DA.0018: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 358.041624][ T5878] usb 4-1: USB disconnect, device number 33 [ 358.532629][ T8] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 358.934701][ T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 358.989260][ T9416] ip6tnl1: entered promiscuous mode [ 359.092584][ T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 359.212497][ T8] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 359.221970][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.250322][ T8] usb 2-1: Product: syz [ 359.261002][ T8] usb 2-1: Manufacturer: syz [ 359.357950][ T8] usb 2-1: SerialNumber: syz [ 359.384916][ T8] usb 2-1: config 0 descriptor?? [ 359.410848][ T9398] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 359.428661][ T9398] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 359.437987][ T9428] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 359.458055][ T9428] Cannot find set identified by id 0 to match [ 359.483172][ T5829] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 359.712637][ T5878] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 359.857924][ T9398] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 359.872423][ T9398] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 359.918425][ T5829] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 359.942508][ T5878] usb 4-1: Using ep0 maxpacket: 16 [ 359.954026][ T5878] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 359.979866][ T5878] usb 4-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=f6.59 [ 360.001417][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.021958][ T5878] usb 4-1: Product: syz [ 360.032393][ T5878] usb 4-1: Manufacturer: syz [ 360.037031][ T5878] usb 4-1: SerialNumber: syz [ 360.058611][ T5878] usb 4-1: config 0 descriptor?? [ 360.112248][ T5878] peak_usb 4-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22 [ 360.122605][ T5878] peak_usb 4-1:0.0: unable to read PCAN-USB serial number (err -22) [ 360.642001][ T5874] libceph: connect (1)[c::]:6789 error -101 [ 360.694605][ T5874] libceph: mon0 (1)[c::]:6789 connect error [ 360.713738][ T5878] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -22 [ 360.725535][ T5874] libceph: connect (1)[c::]:6789 error -101 [ 360.818080][ T5874] libceph: mon0 (1)[c::]:6789 connect error [ 360.824260][ T9440] ceph: No mds server is up or the cluster is laggy [ 360.912835][ T9449] netlink: 32 bytes leftover after parsing attributes in process `syz.2.916'. [ 361.478175][ T29] audit: type=1400 audit(1731060772.923:608): avc: denied { read } for pid=9453 comm="syz.4.918" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 361.522073][ T29] audit: type=1400 audit(1731060772.923:609): avc: denied { open } for pid=9453 comm="syz.4.918" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 361.554598][ T8] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 361.580218][ T29] audit: type=1400 audit(1731060772.953:610): avc: denied { ioctl } for pid=9453 comm="syz.4.918" path="/dev/input/mice" dev="devtmpfs" ino=916 ioctlcmd=0x5602 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 361.621736][ T8] dm9601 2-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet, 54:00:00:00:00:00 [ 361.654563][ T29] audit: type=1400 audit(1731060772.963:611): avc: denied { ioctl } for pid=9453 comm="syz.4.918" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d0c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 361.670168][ T8] usb 2-1: USB disconnect, device number 39 [ 361.685874][ T29] audit: type=1400 audit(1731060772.963:612): avc: denied { create } for pid=9453 comm="syz.4.918" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 361.744840][ T29] audit: type=1400 audit(1731060772.963:613): avc: denied { setopt } for pid=9453 comm="syz.4.918" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 361.760381][ T8] dm9601 2-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet [ 361.790169][ T29] audit: type=1400 audit(1731060773.233:614): avc: denied { search } for pid=5494 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 361.877522][ T29] audit: type=1400 audit(1731060773.233:615): avc: denied { read } for pid=5494 comm="dhcpcd" name="n101" dev="tmpfs" ino=5527 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 362.061649][ T29] audit: type=1400 audit(1731060773.233:616): avc: denied { open } for pid=5494 comm="dhcpcd" path="/run/udev/data/n101" dev="tmpfs" ino=5527 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 362.311277][ T29] audit: type=1400 audit(1731060773.233:617): avc: denied { getattr } for pid=5494 comm="dhcpcd" path="/run/udev/data/n101" dev="tmpfs" ino=5527 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 362.474390][ T5874] usb 4-1: USB disconnect, device number 34 [ 362.802562][ T25] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 363.052568][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 363.212029][ T25] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 363.277493][ T25] usb 5-1: config 0 has no interface number 0 [ 363.330616][ T9478] ip6tnl1: entered promiscuous mode [ 363.332172][ T25] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 363.393204][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.410568][ T25] usb 5-1: Product: syz [ 363.422429][ T25] usb 5-1: Manufacturer: syz [ 363.471131][ T25] usb 5-1: SerialNumber: syz [ 363.712215][ T25] usb 5-1: config 0 descriptor?? [ 363.719541][ T25] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 363.792595][ T45] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 363.962612][ T45] usb 1-1: Using ep0 maxpacket: 8 [ 363.979664][ T45] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 364.010045][ T45] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 364.040121][ T45] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 364.092633][ T45] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 364.163718][ T45] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 364.319610][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.623241][ T45] usb 1-1: GET_CAPABILITIES returned 0 [ 364.650227][ T45] usbtmc 1-1:16.0: can't read capabilities [ 365.005073][ T9514] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9514 comm=syz.1.931 [ 365.064401][ T45] usb 1-1: USB disconnect, device number 40 [ 365.148349][ T8526] libceph: connect (1)[c::]:6789 error -101 [ 365.154685][ T8526] libceph: mon0 (1)[c::]:6789 connect error [ 365.292066][ T9529] netlink: 24 bytes leftover after parsing attributes in process `syz.1.932'. [ 365.306412][ T9516] ceph: No mds server is up or the cluster is laggy [ 365.316923][ T45] libceph: connect (1)[c::]:6789 error -101 [ 365.323230][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 365.367657][ T9528] ceph: No mds server is up or the cluster is laggy [ 366.552752][ T29] kauditd_printk_skb: 21 callbacks suppressed [ 366.552785][ T29] audit: type=1400 audit(1731060777.993:639): avc: denied { bind } for pid=9537 comm="syz.1.935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 366.615775][ T25] gspca_spca1528: reg_r err -71 [ 366.620704][ T25] spca1528 5-1:0.1: probe with driver spca1528 failed with error -71 [ 366.637768][ T25] usb 5-1: USB disconnect, device number 28 [ 366.672663][ T29] audit: type=1400 audit(1731060778.043:640): avc: denied { setopt } for pid=9537 comm="syz.1.935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 366.702420][ T5829] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 366.711067][ T5829] Bluetooth: hci2: Injecting HCI hardware error event [ 366.719313][ T5829] Bluetooth: hci2: hardware error 0x00 [ 366.772432][ T9540] syz.3.934 uses obsolete (PF_INET,SOCK_PACKET) [ 366.819381][ T29] audit: type=1400 audit(1731060778.263:641): avc: denied { ioctl } for pid=9538 comm="syz.3.934" path="socket:[19224]" dev="sockfs" ino=19224 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 366.851331][ T9544] netlink: 'syz.0.937': attribute type 9 has an invalid length. [ 367.386722][ T9562] FAULT_INJECTION: forcing a failure. [ 367.386722][ T9562] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 367.411522][ T9562] CPU: 1 UID: 0 PID: 9562 Comm: syz.4.942 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 367.422139][ T9562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 367.432190][ T9562] Call Trace: [ 367.435456][ T9562] [ 367.438371][ T9562] dump_stack_lvl+0x16c/0x1f0 [ 367.443037][ T9562] should_fail_ex+0x497/0x5b0 [ 367.447700][ T9562] _copy_from_user+0x2e/0xd0 [ 367.452277][ T9562] copy_msghdr_from_user+0x99/0x160 [ 367.457462][ T9562] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 367.463258][ T9562] ? __pfx___lock_acquire+0x10/0x10 [ 367.468440][ T9562] ___sys_sendmsg+0xff/0x1e0 [ 367.473014][ T9562] ? __pfx____sys_sendmsg+0x10/0x10 [ 367.478205][ T9562] ? lock_acquire+0x2f/0xb0 [ 367.482686][ T9562] ? __fget_files+0x40/0x3f0 [ 367.487268][ T9562] ? fdget+0x176/0x210 [ 367.491325][ T9562] __sys_sendmsg+0x117/0x1f0 [ 367.495899][ T9562] ? __pfx___sys_sendmsg+0x10/0x10 [ 367.500990][ T9562] ? __fget_files+0x244/0x3f0 [ 367.505665][ T9562] do_syscall_64+0xcd/0x250 [ 367.510151][ T9562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.516033][ T9562] RIP: 0033:0x7f3ce777e719 [ 367.520432][ T9562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.540034][ T9562] RSP: 002b:00007f3ce84d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 367.548449][ T9562] RAX: ffffffffffffffda RBX: 00007f3ce7935f80 RCX: 00007f3ce777e719 [ 367.556411][ T9562] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 367.564367][ T9562] RBP: 00007f3ce84d5090 R08: 0000000000000000 R09: 0000000000000000 [ 367.572334][ T9562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 367.580297][ T9562] R13: 0000000000000000 R14: 00007f3ce7935f80 R15: 00007ffd903b3898 [ 367.588268][ T9562] [ 367.673809][ T9564] netlink: 128 bytes leftover after parsing attributes in process `syz.3.943'. [ 367.733492][ T9564] netlink: 16 bytes leftover after parsing attributes in process `syz.3.943'. [ 367.866321][ T9572] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 367.930598][ T5826] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 368.242434][ T8526] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 368.434019][ T5883] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 368.452638][ T8526] usb 1-1: Using ep0 maxpacket: 8 [ 368.478918][ T8526] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 368.493442][ T8526] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.544295][ T8526] usb 1-1: Product: syz [ 368.570812][ T8526] usb 1-1: Manufacturer: syz [ 368.599341][ T8526] usb 1-1: SerialNumber: syz [ 368.673282][ T8526] usb 1-1: config 0 descriptor?? [ 368.710321][ T5883] usb 5-1: Using ep0 maxpacket: 8 [ 368.748660][ T5883] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.765733][ T5829] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 368.782102][ T5883] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 368.802637][ T8] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 368.838307][ T5883] usb 5-1: New USB device found, idVendor=09da, idProduct=022b, bcdDevice= 0.00 [ 368.857379][ T25] libceph: connect (1)[c::]:6789 error -101 [ 368.863830][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 368.865652][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.879168][ T9584] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.949'. [ 368.893308][ T5883] usb 5-1: config 0 descriptor?? [ 368.942197][ T8526] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 368.983894][ T9579] ceph: No mds server is up or the cluster is laggy [ 368.992391][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 369.000719][ T8] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 369.021316][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.039201][ T8] usb 2-1: Product: syz [ 369.056397][ T8] usb 2-1: Manufacturer: syz [ 369.066008][ T8] usb 2-1: SerialNumber: syz [ 369.084101][ T8] usb 2-1: config 0 descriptor?? [ 369.852419][ T8] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 370.081226][ T9571] ======================================================= [ 370.081226][ T9571] WARNING: The mand mount option has been deprecated and [ 370.081226][ T9571] and is ignored by this kernel. Remove the mand [ 370.081226][ T9571] option from the mount to silence this warning. [ 370.081226][ T9571] ======================================================= [ 370.119908][ T9571] syz.4.946: attempt to access beyond end of device [ 370.119908][ T9571] loop4: rw=0, sector=2, nr_sectors = 1 limit=0 [ 370.133229][ T9571] hfs: can't find a HFS filesystem on dev loop4 [ 370.162741][ T5883] usbhid 5-1:0.0: can't add hid device: -71 [ 370.168747][ T5883] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 370.213760][ T5883] usb 5-1: USB disconnect, device number 29 [ 371.732453][ T9580] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 372.043075][ T9580] usb 5-1: Using ep0 maxpacket: 8 [ 372.187767][ T9580] usb 5-1: config 0 has an invalid descriptor of length 159, skipping remainder of the config [ 372.240286][ T9580] usb 5-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54 [ 372.262481][ T9580] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.282417][ T9580] usb 5-1: Product: syz [ 372.286657][ T9580] usb 5-1: Manufacturer: syz [ 372.291281][ T9580] usb 5-1: SerialNumber: syz [ 372.320149][ T9580] usb 5-1: config 0 descriptor?? [ 372.355404][ T9580] cdc_phonet 5-1:0.0: probe with driver cdc_phonet failed with error -22 [ 372.483945][ T8] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 372.506241][ T8] usb 2-1: USB disconnect, device number 40 [ 373.575220][ T8526] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 373.599479][ T8526] usb 1-1: USB disconnect, device number 41 [ 373.931170][ T1201] usb 5-1: USB disconnect, device number 30 [ 374.110491][ T29] audit: type=1400 audit(1731060785.553:642): avc: denied { listen } for pid=9633 comm="syz.2.962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 374.137118][ T9634] syz.2.962 (9634) used greatest stack depth: 20912 bytes left [ 375.312620][ T8526] usb 1-1: new full-speed USB device number 42 using dummy_hcd [ 375.754349][ T8526] usb 1-1: unable to get BOS descriptor or descriptor too short [ 375.762606][ T8526] usb 1-1: not running at top speed; connect to a high speed hub [ 375.771152][ T8526] usb 1-1: config 64 has an invalid interface number: 16 but max is 0 [ 375.779629][ T8526] usb 1-1: config 64 has no interface number 0 [ 375.786414][ T8526] usb 1-1: config 64 interface 16 altsetting 6 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 375.820805][ T8526] usb 1-1: config 64 interface 16 altsetting 6 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 376.001284][ T8526] usb 1-1: config 64 interface 16 altsetting 6 endpoint 0x8F has invalid maxpacket 57417, setting to 64 [ 376.024552][ T8526] usb 1-1: config 64 interface 16 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 376.287969][ T8526] usb 1-1: config 64 interface 16 has no altsetting 0 [ 376.305052][ T8526] usb 1-1: string descriptor 0 read error: -22 [ 376.311285][ T8526] usb 1-1: New USB device found, idVendor=040b, idProduct=6521, bcdDevice=3c.11 [ 376.321946][ T8526] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.343607][ T9629] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 376.405929][ T9658] afs: Unknown parameter '¯N¶­D[ùR’¡V×U‹àÅó@š敟‚Ÿ)ø{"Ýö­Žïå:¶íKéƒÕõ' [ 376.462656][ T8526] rc_core: IR keymap rc-xbox-dvd not found [ 376.468509][ T8526] Registered IR keymap rc-empty [ 376.668416][ T8526] rc rc0: Xbox DVD USB Remote Control(040b,6521) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:64.16/rc/rc0 [ 376.689319][ T8526] input: Xbox DVD USB Remote Control(040b,6521) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:64.16/rc/rc0/input30 [ 377.747647][ C1] xbox_remote 1-1:64.16: xbox_remote_irq_in: usb_submit_urb()=-19 [ 377.761739][ T45] usb 1-1: USB disconnect, device number 42 [ 378.350841][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.363207][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.423123][ T29] audit: type=1400 audit(1731060789.843:643): avc: denied { create } for pid=9679 comm="syz.0.975" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 378.450326][ T9680] FAULT_INJECTION: forcing a failure. [ 378.450326][ T9680] name failslab, interval 1, probability 0, space 0, times 0 [ 378.661267][ T9680] CPU: 1 UID: 0 PID: 9680 Comm: syz.0.975 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 378.671895][ T9680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 378.681957][ T9680] Call Trace: [ 378.685240][ T9680] [ 378.688167][ T9680] dump_stack_lvl+0x16c/0x1f0 [ 378.692853][ T9680] should_fail_ex+0x497/0x5b0 [ 378.697538][ T9680] ? fs_reclaim_acquire+0xae/0x150 [ 378.702654][ T9680] should_failslab+0xc2/0x120 [ 378.707339][ T9680] __kmalloc_noprof+0xcb/0x400 [ 378.712113][ T9680] copy_splice_read+0x1a8/0xb90 [ 378.716974][ T9680] ? look_up_lock_class+0x59/0x150 [ 378.722185][ T9680] ? __pfx_copy_splice_read+0x10/0x10 [ 378.727571][ T9680] ? do_splice_read+0x85/0x370 [ 378.732341][ T9680] ? __pfx_shmem_file_splice_read+0x10/0x10 [ 378.738236][ T9680] do_splice_read+0x2bd/0x370 [ 378.742922][ T9680] splice_direct_to_actor+0x2a4/0xa40 [ 378.748284][ T9680] ? __pfx_direct_splice_actor+0x10/0x10 [ 378.753905][ T9680] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 378.759787][ T9680] ? __pfx_file_has_perm+0x10/0x10 [ 378.764891][ T9680] do_splice_direct+0x178/0x250 [ 378.769726][ T9680] ? __pfx_do_splice_direct+0x10/0x10 [ 378.775087][ T9680] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 378.780964][ T9680] ? bpf_lsm_file_permission+0x9/0x10 [ 378.786319][ T9680] ? security_file_permission+0x71/0x210 [ 378.791937][ T9680] do_sendfile+0xb0c/0xe40 [ 378.796345][ T9680] ? __pfx_do_sendfile+0x10/0x10 [ 378.801269][ T9680] ? __pfx___schedule+0x10/0x10 [ 378.806109][ T9680] __x64_sys_sendfile64+0x1da/0x220 [ 378.811292][ T9680] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 378.817002][ T9680] do_syscall_64+0xcd/0x250 [ 378.821494][ T9680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.827376][ T9680] RIP: 0033:0x7f837417e719 [ 378.831789][ T9680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.851393][ T9680] RSP: 002b:00007f8374f9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 378.859798][ T9680] RAX: ffffffffffffffda RBX: 00007f8374335f80 RCX: 00007f837417e719 [ 378.867752][ T9680] RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000000000000010 [ 378.875715][ T9680] RBP: 00007f8374f9e090 R08: 0000000000000000 R09: 0000000000000000 [ 378.883668][ T9680] R10: 0000000100000002 R11: 0000000000000246 R12: 0000000000000001 [ 378.891623][ T9680] R13: 0000000000000000 R14: 00007f8374335f80 R15: 00007ffc3dded378 [ 378.899585][ T9680] [ 379.242826][ T5873] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 379.442926][ T5873] usb 4-1: Using ep0 maxpacket: 32 [ 379.488991][ T5873] usb 4-1: config 0 has an invalid interface number: 5 but max is 0 [ 379.507950][ T5873] usb 4-1: config 0 has no interface number 0 [ 379.531438][ T5873] usb 4-1: config 0 interface 5 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 379.554339][ T5873] usb 4-1: config 0 interface 5 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 379.564825][ T5873] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 379.574220][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.648550][ T5873] usb 4-1: config 0 descriptor?? [ 379.762911][ T45] usb 1-1: new full-speed USB device number 43 using dummy_hcd [ 379.963229][ T45] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 379.972533][ T45] usb 1-1: config 0 has no interface number 0 [ 379.978794][ T45] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 380.033160][ T45] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 380.235491][ T5873] ft260 0003:0403:6030.0019: unknown main item tag 0x0 [ 380.288582][ T45] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 380.462301][ T45] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64 [ 380.474451][ T5873] ft260 0003:0403:6030.0019: chip code: 5e81 abf2 [ 380.492383][ T45] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 380.512651][ T45] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 380.521721][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.563185][ T45] usb 1-1: config 0 descriptor?? [ 380.570443][ T9691] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 380.582227][ T45] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 380.678076][ T5873] ft260 0003:0403:6030.0019: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input5 [ 380.728072][ T45] libceph: connect (1)[c::]:6789 error -101 [ 380.741935][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 380.878616][ T5873] ft260 0003:0403:6030.0019: failed to retrieve status: -32, no wakeup [ 380.887048][ T9705] ceph: No mds server is up or the cluster is laggy [ 381.098513][ T5873] ft260 0003:0403:6030.0019: failed to reset I2C controller: -71 [ 381.172543][ T5873] usb 4-1: USB disconnect, device number 35 [ 381.402962][ T8] usb 1-1: USB disconnect, device number 43 [ 381.445097][ T8] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 382.477835][ T8] hid (null): invalid report_count 47633 [ 382.488367][ T8] hid-generic 0009:0007:0009.001A: invalid report_count 47633 [ 382.551943][ T8] hid-generic 0009:0007:0009.001A: item 0 2 1 9 parsing failed [ 382.684209][ T8] hid-generic 0009:0007:0009.001A: probe with driver hid-generic failed with error -22 [ 382.697542][ T9726] overlayfs: missing 'workdir' [ 383.602837][ T45] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 384.032495][ T45] usb 1-1: Using ep0 maxpacket: 16 [ 384.108753][ T45] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=36.00 [ 384.226977][ T45] usb 1-1: New USB device strings: Mfr=168, Product=81, SerialNumber=40 [ 384.446359][ T45] usb 1-1: Product: syz [ 384.459893][ T45] usb 1-1: Manufacturer: syz [ 384.475516][ T45] usb 1-1: SerialNumber: syz [ 384.494563][ T45] usb 1-1: config 0 descriptor?? [ 384.716403][ T45] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 384.756301][ T45] usb 1-1: Detected FT4232HA [ 384.781511][ T45] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 384.842841][ T45] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 384.850817][ T45] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 384.857754][ T45] usb 1-1: USB disconnect, device number 44 [ 384.863825][ T45] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 384.864159][ T45] ftdi_sio 1-1:0.0: device disconnected [ 385.204393][ T9760] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 385.214011][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 386.692554][ T8] hid (null): invalid report_count 47633 [ 386.703914][ T8] hid-generic 0009:0007:0009.001B: invalid report_count 47633 [ 386.711401][ T8] hid-generic 0009:0007:0009.001B: item 0 2 1 9 parsing failed [ 386.801533][ T8] hid-generic 0009:0007:0009.001B: probe with driver hid-generic failed with error -22 [ 386.904886][ T5829] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 387.015328][ T45] libceph: connect (1)[c::]:6789 error -101 [ 387.021399][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 387.244047][ T9778] ceph: No mds server is up or the cluster is laggy [ 387.282962][ T45] libceph: connect (1)[c::]:6789 error -101 [ 387.302532][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 388.194086][ T9793] ip6tnl1: entered promiscuous mode [ 389.837568][ T9814] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 389.951751][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 391.093682][ T29] audit: type=1400 audit(1731060802.543:644): avc: denied { read } for pid=9822 comm="syz.0.1013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 391.353772][ T9828] syz.2.1015: attempt to access beyond end of device [ 391.353772][ T9828] loop2: rw=0, sector=2, nr_sectors = 1 limit=0 [ 391.563328][ T9833] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 392.070917][ T5829] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 392.193748][ T9828] hfs: can't find a HFS filesystem on dev loop2 [ 392.314870][ T29] audit: type=1400 audit(1731060803.763:645): avc: denied { read } for pid=9837 comm="syz.0.1017" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 392.844719][ T25] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 392.921466][ T29] audit: type=1400 audit(1731060804.293:646): avc: denied { create } for pid=9842 comm="syz.0.1019" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 393.932062][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 393.948543][ T25] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 393.960528][ T25] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 393.970495][ T25] usb 3-1: config 1 has no interface number 1 [ 393.977885][ T25] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 394.601794][ T25] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 394.611208][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.607438][ T25] usb 3-1: Product: syz [ 395.612037][ T25] usb 3-1: Manufacturer: syz [ 395.692377][ T25] usb 3-1: SerialNumber: syz [ 395.730608][ T25] usb 3-1: can't set config #1, error -71 [ 395.743512][ T25] usb 3-1: USB disconnect, device number 33 [ 395.998537][ T5829] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 396.047508][ T9878] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 396.064084][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 397.290107][ T29] audit: type=1400 audit(1731060808.733:647): avc: denied { ioctl } for pid=9894 comm="syz.1.1032" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x125d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 397.523582][ T29] audit: type=1400 audit(1731060808.783:648): avc: denied { connect } for pid=9894 comm="syz.1.1032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 397.544448][ T29] audit: type=1400 audit(1731060808.793:649): avc: denied { bind } for pid=9894 comm="syz.1.1032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 397.582447][ T29] audit: type=1400 audit(1731060808.793:650): avc: denied { connect } for pid=9894 comm="syz.1.1032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 398.303759][ T9906] netlink: 'syz.1.1035': attribute type 1 has an invalid length. [ 398.438319][ T9913] netlink: 'syz.4.1038': attribute type 1 has an invalid length. [ 398.477757][ T9913] 8021q: adding VLAN 0 to HW filter on device batadv7 [ 398.486297][ T9913] bond5: (slave batadv7): Enslaving as a backup interface with an up link [ 398.526683][ T9906] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 398.547371][ T9906] bond2: (slave batadv1): Enslaving as a backup interface with an up link [ 399.706592][ T9936] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 400.244257][ T5878] hid (null): invalid report_count 47633 [ 400.252220][ T5878] hid-generic 0009:0007:0009.001C: invalid report_count 47633 [ 400.260339][ T5878] hid-generic 0009:0007:0009.001C: item 0 2 1 9 parsing failed [ 400.292830][ T5878] hid-generic 0009:0007:0009.001C: probe with driver hid-generic failed with error -22 [ 402.245330][ T8526] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 402.433864][ T8526] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 402.455676][ T8526] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 402.492471][ T8526] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 402.524541][ T8526] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 402.559117][ T8526] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 402.596891][ T8526] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.632538][ T8526] usb 5-1: config 0 descriptor?? [ 402.638002][ T9] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 402.794104][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.805536][ T9] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 402.826785][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.851223][ T9] usb 2-1: config 0 descriptor?? [ 403.109908][ T8526] plantronics 0003:047F:FFFF.001D: No inputs registered, leaving [ 403.322825][ T8526] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 403.480849][ T9] keytouch 0003:0926:3333.001E: fixing up Keytouch IEC report descriptor [ 403.501894][ T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.001E/input/input31 [ 404.563815][ T9] keytouch 0003:0926:3333.001E: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 404.589675][ T25] hid (null): invalid report_count 47633 [ 404.599533][ T25] hid-generic 0009:0007:0009.001F: invalid report_count 47633 [ 404.620540][ T29] audit: type=1400 audit(1731060816.063:651): avc: denied { ioctl } for pid=9991 comm="syz.2.1057" path="/dev/sg0" dev="devtmpfs" ino=710 ioctlcmd=0x563d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 404.655079][ T25] hid-generic 0009:0007:0009.001F: item 0 2 1 9 parsing failed [ 404.682721][ T25] hid-generic 0009:0007:0009.001F: probe with driver hid-generic failed with error -22 [ 405.807038][ T25] usb 5-1: USB disconnect, device number 31 [ 405.972493][ T9] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 406.024451][ T5883] usb 2-1: USB disconnect, device number 41 [ 406.133992][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 406.152458][ T9] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 406.209524][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.946756][ T9] usb 3-1: config 0 descriptor?? [ 407.309043][T10030] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1064'. [ 407.739621][ T9] keytouch 0003:0926:3333.0020: fixing up Keytouch IEC report descriptor [ 407.751789][ T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0020/input/input32 [ 407.871318][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 407.902463][ T8526] usb 4-1: new full-speed USB device number 36 using dummy_hcd [ 407.926958][ T9] keytouch 0003:0926:3333.0020: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 408.155338][ T8526] usb 4-1: config 1 interface 0 has no altsetting 0 [ 408.172506][ T8526] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 408.199557][ T8526] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.214322][ T8526] usb 4-1: Product: syz [ 408.218566][ T8526] usb 4-1: Manufacturer: syz [ 408.265803][ T8526] usb 4-1: SerialNumber: syz [ 408.943894][ C0] keyboard: can't emulate rawmode for keycode 240 [ 408.950805][ C0] keyboard: can't emulate rawmode for keycode 240 [ 408.958132][ C0] keyboard: can't emulate rawmode for keycode 240 [ 408.964896][ C0] keyboard: can't emulate rawmode for keycode 240 [ 408.971325][ C0] keyboard: can't emulate rawmode for keycode 240 [ 408.977799][ C0] keyboard: can't emulate rawmode for keycode 240 [ 408.984225][ C0] keyboard: can't emulate rawmode for keycode 240 [ 408.984835][T10046] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1069'. [ 408.991249][ C0] keyboard: can't emulate rawmode for keycode 240 [ 409.006025][ C0] keyboard: can't emulate rawmode for keycode 240 [ 409.065347][ T8526] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 36 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 409.279111][ T8526] usb 4-1: USB disconnect, device number 36 [ 409.297601][ T8526] usblp0: removed [ 409.910560][T10058] FAULT_INJECTION: forcing a failure. [ 409.910560][T10058] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 409.943258][T10058] CPU: 0 UID: 0 PID: 10058 Comm: syz.3.1073 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 409.954056][T10058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 409.964114][T10058] Call Trace: [ 409.967394][T10058] [ 409.970332][T10058] dump_stack_lvl+0x16c/0x1f0 [ 409.975022][T10058] should_fail_ex+0x497/0x5b0 [ 409.979688][T10058] _copy_from_user+0x2e/0xd0 [ 409.984269][T10058] wext_handle_ioctl+0xc5/0x2c0 [ 409.989119][T10058] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 409.994569][T10058] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 410.001057][T10058] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 410.007559][T10058] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 410.014399][T10058] sock_ioctl+0x3a6/0x6c0 [ 410.018720][T10058] ? __pfx_sock_ioctl+0x10/0x10 [ 410.023567][T10058] ? selinux_file_ioctl+0x180/0x270 [ 410.028750][T10058] ? selinux_file_ioctl+0xb4/0x270 [ 410.033848][T10058] ? __pfx_sock_ioctl+0x10/0x10 [ 410.038695][T10058] __x64_sys_ioctl+0x18f/0x220 [ 410.044321][T10058] do_syscall_64+0xcd/0x250 [ 410.048813][T10058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.054721][T10058] RIP: 0033:0x7ff70b37e719 [ 410.059149][T10058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.078741][T10058] RSP: 002b:00007ff70c265038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 410.087138][T10058] RAX: ffffffffffffffda RBX: 00007ff70b535f80 RCX: 00007ff70b37e719 [ 410.095092][T10058] RDX: 0000000020000040 RSI: 0000000000008b2c RDI: 0000000000000004 [ 410.103054][T10058] RBP: 00007ff70c265090 R08: 0000000000000000 R09: 0000000000000000 [ 410.111025][T10058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 410.118980][T10058] R13: 0000000000000000 R14: 00007ff70b535f80 R15: 00007ffc3e3d17b8 [ 410.126943][T10058] [ 410.542707][ T45] usb 3-1: USB disconnect, device number 34 [ 410.833924][ T5878] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 411.009943][ T5878] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 411.046824][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 411.378086][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 411.648516][ T5878] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 411.673262][T10084] netlink: 'syz.0.1080': attribute type 1 has an invalid length. [ 411.821691][ T5878] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 411.861376][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.991728][ T5878] usb 4-1: config 0 descriptor?? [ 413.198185][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 413.398005][ T5878] plantronics 0003:047F:FFFF.0021: No inputs registered, leaving [ 413.634110][ T5878] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 413.745819][T10116] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1091'. [ 413.748618][ T29] kauditd_printk_skb: 302 callbacks suppressed [ 413.748633][ T29] audit: type=1400 audit(1731060825.193:655): avc: denied { watch watch_reads } for pid=10117 comm="syz.2.1090" path="/220" dev="tmpfs" ino=1163 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 413.755043][T10116] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1091'. [ 413.882638][T10116] ieee802154 phy0 wpan0: encryption failed: -22 [ 414.183089][ T29] audit: type=1400 audit(1731060825.553:656): avc: denied { block_suspend } for pid=10126 comm="syz.0.1093" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 415.344213][ T29] audit: type=1400 audit(1731060826.793:657): avc: denied { create } for pid=10152 comm="syz.4.1101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 415.392627][ T5878] usb 4-1: reset high-speed USB device number 37 using dummy_hcd [ 415.428306][T10155] capability: warning: `syz.4.1101' uses 32-bit capabilities (legacy support in use) [ 415.593379][T10157] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1101'. [ 415.608732][ T29] audit: type=1400 audit(1731060827.043:658): avc: denied { write } for pid=10152 comm="syz.4.1101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 415.637970][ T29] audit: type=1400 audit(1731060827.083:659): avc: denied { write } for pid=10152 comm="syz.4.1101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 417.759194][ T9] usb 4-1: USB disconnect, device number 37 [ 419.281730][T10199] netlink: 'syz.4.1113': attribute type 1 has an invalid length. [ 420.212054][T10191] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 420.264784][ T5829] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 420.314812][T10200] 8021q: adding VLAN 0 to HW filter on device batadv8 [ 420.381948][T10200] bond6: (slave batadv8): Enslaving as a backup interface with an up link [ 420.586349][ T5878] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 420.617584][T10210] futex_wake_op: syz.4.1116 tries to shift op by -1; fix this program [ 421.635402][ T5878] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 421.647037][ T5878] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 421.657956][ T5878] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 421.667703][ T5878] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 421.680654][ T5878] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 421.862427][ T5878] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.885376][ T5878] usb 2-1: config 0 descriptor?? [ 422.019912][ T29] audit: type=1400 audit(1731060833.463:660): avc: denied { ioctl } for pid=10221 comm="syz.4.1120" path="socket:[21344]" dev="sockfs" ino=21344 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 422.481426][T10227] FAULT_INJECTION: forcing a failure. [ 422.481426][T10227] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 422.669960][T10227] CPU: 1 UID: 0 PID: 10227 Comm: syz.2.1121 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 422.680762][T10227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 422.690832][T10227] Call Trace: [ 422.694113][T10227] [ 422.697038][T10227] dump_stack_lvl+0x16c/0x1f0 [ 422.701712][T10227] should_fail_ex+0x497/0x5b0 [ 422.706395][T10227] _copy_from_user+0x2e/0xd0 [ 422.710994][T10227] tun_set_ebpf+0x7d/0x140 [ 422.715419][T10227] ? __pfx_tun_set_ebpf+0x10/0x10 [ 422.720442][T10227] ? __rcu_read_unlock+0x2b4/0x580 [ 422.725026][ T5878] plantronics 0003:047F:FFFF.0022: No inputs registered, leaving [ 422.725547][T10227] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 422.735206][ T5878] plantronics 0003:047F:FFFF.0022: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 422.739100][T10227] __tun_chr_ioctl+0x2889/0x4760 [ 422.756272][T10227] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 422.762783][T10227] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 422.769293][T10227] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 422.774612][T10227] ? selinux_file_ioctl+0x180/0x270 [ 422.779815][T10227] ? selinux_file_ioctl+0xb4/0x270 [ 422.784931][T10227] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 422.790054][T10227] __x64_sys_ioctl+0x18f/0x220 [ 422.794856][T10227] do_syscall_64+0xcd/0x250 [ 422.799365][T10227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.805270][T10227] RIP: 0033:0x7f83bab7e719 [ 422.809690][T10227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.829312][T10227] RSP: 002b:00007f83bb985038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.837743][T10227] RAX: ffffffffffffffda RBX: 00007f83bad36058 RCX: 00007f83bab7e719 [ 422.845722][T10227] RDX: 0000000000000000 RSI: 00000000800454e0 RDI: 0000000000000003 [ 422.853696][T10227] RBP: 00007f83bb985090 R08: 0000000000000000 R09: 0000000000000000 [ 422.861680][T10227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.869732][T10227] R13: 0000000000000001 R14: 00007f83bad36058 R15: 00007fffe7b799a8 [ 422.877704][T10227] [ 422.978230][ T29] audit: type=1400 audit(1731060834.423:661): avc: denied { read write } for pid=10229 comm="syz.3.1123" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 423.083582][ T29] audit: type=1400 audit(1731060834.423:662): avc: denied { ioctl } for pid=10229 comm="syz.3.1123" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 423.160735][ T29] audit: type=1400 audit(1731060834.423:663): avc: denied { write } for pid=10229 comm="syz.3.1123" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 423.614837][T10248] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1126'. [ 423.624261][T10248] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 424.409962][ T25] usb 2-1: USB disconnect, device number 42 [ 425.069502][ T5878] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 425.602464][ T5878] usb 3-1: Using ep0 maxpacket: 16 [ 425.610959][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.637044][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.677328][ T5878] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 425.847921][T10280] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 426.303977][ T5878] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 426.313114][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.328259][ T5878] usb 3-1: config 0 descriptor?? [ 426.872540][ T29] audit: type=1400 audit(1731060838.243:664): avc: denied { setopt } for pid=10283 comm="syz.3.1137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 426.917659][ T5878] microsoft 0003:045E:07DA.0023: ignoring exceeding usage max [ 427.036108][ T29] audit: type=1400 audit(1731060838.253:665): avc: denied { write } for pid=10283 comm="syz.3.1137" path="socket:[21445]" dev="sockfs" ino=21445 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 427.105818][ T5878] microsoft 0003:045E:07DA.0023: No inputs registered, leaving [ 427.158263][ T5878] microsoft 0003:045E:07DA.0023: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 427.178823][ T5878] microsoft 0003:045E:07DA.0023: no inputs found [ 427.185857][ T5878] microsoft 0003:045E:07DA.0023: could not initialize ff, continuing anyway [ 427.200669][ T5878] usb 3-1: USB disconnect, device number 35 [ 427.252505][ T45] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 427.403897][ T45] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 427.425101][ T45] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 427.459305][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.742542][ T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 427.747061][ T45] usb 1-1: config 0 descriptor?? [ 427.969470][T10301] FAULT_INJECTION: forcing a failure. [ 427.969470][T10301] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 427.998568][T10301] CPU: 1 UID: 0 PID: 10301 Comm: syz.2.1143 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 428.009357][T10301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 428.019414][T10301] Call Trace: [ 428.022681][T10301] [ 428.025597][T10301] dump_stack_lvl+0x16c/0x1f0 [ 428.030271][T10301] should_fail_ex+0x497/0x5b0 [ 428.034936][T10301] _copy_from_user+0x2e/0xd0 [ 428.039517][T10301] kstrtouint_from_user+0xd7/0x1c0 [ 428.044706][T10301] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 428.050420][T10301] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 428.056037][T10301] proc_fail_nth_write+0x84/0x250 [ 428.061048][T10301] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 428.066669][T10301] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 428.072283][T10301] vfs_write+0x24c/0x1150 [ 428.076610][T10301] ? __fget_files+0x23a/0x3f0 [ 428.081274][T10301] ? fdget_pos+0x24c/0x360 [ 428.085693][T10301] ? __pfx_lock_release+0x10/0x10 [ 428.090699][T10301] ? trace_lock_acquire+0x14a/0x1d0 [ 428.095882][T10301] ? __pfx_vfs_write+0x10/0x10 [ 428.100634][T10301] ? __pfx___mutex_lock+0x10/0x10 [ 428.105647][T10301] ? __fget_files+0x244/0x3f0 [ 428.110317][T10301] ksys_write+0x12f/0x260 [ 428.114636][T10301] ? __pfx_ksys_write+0x10/0x10 [ 428.119588][T10301] do_syscall_64+0xcd/0x250 [ 428.124073][T10301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.129952][T10301] RIP: 0033:0x7f83bab7d1ff [ 428.134353][T10301] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 428.153942][T10301] RSP: 002b:00007f83bb985030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 428.162345][T10301] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f83bab7d1ff [ 428.170301][T10301] RDX: 0000000000000001 RSI: 00007f83bb9850a0 RDI: 0000000000000003 [ 428.178259][T10301] RBP: 00007f83bb985090 R08: 0000000000000000 R09: 0000000000000000 [ 428.186214][T10301] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 428.194167][T10301] R13: 0000000000000001 R14: 00007f83bad36058 R15: 00007fffe7b799a8 [ 428.202129][T10301] [ 428.223622][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 428.245777][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 428.283010][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 428.313172][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 428.372465][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 428.394021][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.436627][ T9] usb 4-1: config 0 descriptor?? [ 428.555505][ T45] keytouch 0003:0926:3333.0024: fixing up Keytouch IEC report descriptor [ 428.566121][ T45] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0024/input/input34 [ 428.637102][ T45] keytouch 0003:0926:3333.0024: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 428.849658][ T9] plantronics 0003:047F:FFFF.0025: No inputs registered, leaving [ 428.860333][ T9] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 429.394273][ T45] hid (null): invalid report_count 47633 [ 429.405399][ T45] hid-generic 0009:0007:0009.0026: invalid report_count 47633 [ 429.412941][ T45] hid-generic 0009:0007:0009.0026: item 0 2 1 9 parsing failed [ 429.420882][ T45] hid-generic 0009:0007:0009.0026: probe with driver hid-generic failed with error -22 [ 430.229444][ T25] usb 1-1: USB disconnect, device number 45 [ 430.410162][T10329] input: syz1 as /devices/virtual/input/input35 [ 430.510275][ T5883] usb 4-1: USB disconnect, device number 38 [ 430.853460][T10336] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 430.981739][ T5829] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 431.290800][T10346] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1155'. [ 431.418471][ T5873] libceph: connect (1)[c::]:6789 error -101 [ 431.419338][T10353] FAULT_INJECTION: forcing a failure. [ 431.419338][T10353] name failslab, interval 1, probability 0, space 0, times 0 [ 431.424561][ T5873] libceph: mon0 (1)[c::]:6789 connect error [ 431.452394][T10353] CPU: 1 UID: 0 PID: 10353 Comm: syz.2.1156 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 431.463177][T10353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 431.473238][T10353] Call Trace: [ 431.476514][T10353] [ 431.479447][T10353] dump_stack_lvl+0x16c/0x1f0 [ 431.484134][T10353] should_fail_ex+0x497/0x5b0 [ 431.488823][T10353] should_failslab+0xc2/0x120 [ 431.493509][T10353] kmem_cache_alloc_node_noprof+0x71/0x310 [ 431.499331][T10353] ? __alloc_skb+0x2b1/0x380 [ 431.503943][T10353] __alloc_skb+0x2b1/0x380 [ 431.508364][T10353] ? __pfx___alloc_skb+0x10/0x10 [ 431.513303][T10353] ? __pfx_nsim_fib_event_nb+0x10/0x10 [ 431.518752][T10353] mr6_netlink_event+0xde/0x190 [ 431.523594][T10353] mroute_clean_tables+0x4e9/0xb20 [ 431.528715][T10353] ? __pfx_mroute_clean_tables+0x10/0x10 [ 431.534361][T10353] ? __might_fault+0xe3/0x190 [ 431.539050][T10353] ip6_mroute_setsockopt+0x1284/0x2630 [ 431.544511][T10353] ? __pfx_ip6_mroute_setsockopt+0x10/0x10 [ 431.550318][T10353] ? __pfx___lock_acquire+0x10/0x10 [ 431.555517][T10353] ? __pfx___lock_acquire+0x10/0x10 [ 431.560706][T10353] ? find_held_lock+0x2d/0x110 [ 431.565465][T10353] ? lock_acquire+0x2f/0xb0 [ 431.569952][T10353] ? __might_fault+0xe3/0x190 [ 431.574616][T10353] ? __might_fault+0xe3/0x190 [ 431.579286][T10353] ? do_ipv6_setsockopt+0x8e7/0x4790 [ 431.584556][T10353] do_ipv6_setsockopt+0x8e7/0x4790 [ 431.589657][T10353] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 431.595187][T10353] ? __pfx_lock_release+0x10/0x10 [ 431.600200][T10353] ? lock_acquire+0x2f/0xb0 [ 431.604686][T10353] ? avc_has_perm_noaudit+0x61/0x3a0 [ 431.609961][T10353] ? avc_has_perm_noaudit+0x143/0x3a0 [ 431.615323][T10353] ? avc_has_perm+0x11b/0x1c0 [ 431.619988][T10353] ? __pfx_avc_has_perm+0x10/0x10 [ 431.625002][T10353] ? __lock_acquire+0xbdd/0x3ce0 [ 431.629924][T10353] ? sock_has_perm+0x25d/0x2f0 [ 431.634681][T10353] ? ipv6_setsockopt+0xcb/0x170 [ 431.639514][T10353] ipv6_setsockopt+0xcb/0x170 [ 431.644180][T10353] rawv6_setsockopt+0xd7/0x680 [ 431.648926][T10353] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 431.654285][T10353] ? selinux_socket_setsockopt+0x6a/0x80 [ 431.659922][T10353] ? sock_common_setsockopt+0x2e/0xf0 [ 431.665296][T10353] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 431.671190][T10353] do_sock_setsockopt+0x222/0x480 [ 431.676211][T10353] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 431.681755][T10353] ? fdget+0x176/0x210 [ 431.685834][T10353] __sys_setsockopt+0x1a4/0x270 [ 431.690673][T10353] ? __pfx___sys_setsockopt+0x10/0x10 [ 431.696049][T10353] ? fput+0x30/0x390 [ 431.699931][T10353] ? ksys_write+0x1ad/0x260 [ 431.704423][T10353] ? __pfx_ksys_write+0x10/0x10 [ 431.709266][T10353] __x64_sys_setsockopt+0xbd/0x160 [ 431.714362][T10353] ? do_syscall_64+0x91/0x250 [ 431.719020][T10353] ? lockdep_hardirqs_on+0x7c/0x110 [ 431.724207][T10353] do_syscall_64+0xcd/0x250 [ 431.728692][T10353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.734572][T10353] RIP: 0033:0x7f83bab7e719 [ 431.738968][T10353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.758562][T10353] RSP: 002b:00007f83bb9a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 431.766959][T10353] RAX: ffffffffffffffda RBX: 00007f83bad35f80 RCX: 00007f83bab7e719 [ 431.774913][T10353] RDX: 00000000000000d4 RSI: 0000000000000029 RDI: 0000000000000003 [ 431.782868][T10353] RBP: 00007f83bb9a6090 R08: 0000000000000004 R09: 0000000000000000 [ 431.790819][T10353] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000001 [ 431.798770][T10353] R13: 0000000000000000 R14: 00007f83bad35f80 R15: 00007fffe7b799a8 [ 431.806733][T10353] [ 432.115537][ T5873] libceph: connect (1)[c::]:6789 error -101 [ 432.129608][ T5873] libceph: mon0 (1)[c::]:6789 connect error [ 432.529000][T10341] ceph: No mds server is up or the cluster is laggy [ 433.150265][ T5873] libceph: connect (1)[c::]:6789 error -101 [ 433.156394][ T5873] libceph: mon0 (1)[c::]:6789 connect error [ 433.402545][T10375] netlink: 'syz.1.1161': attribute type 1 has an invalid length. [ 433.473435][ T45] libceph: connect (1)[c::]:6789 error -101 [ 433.479578][ T45] libceph: mon0 (1)[c::]:6789 connect error [ 433.501964][T10378] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 433.567370][T10378] bond3: (slave batadv2): Enslaving as a backup interface with an up link [ 433.584538][T10373] ceph: No mds server is up or the cluster is laggy [ 436.236294][ T29] audit: type=1400 audit(1731060847.653:666): avc: denied { create } for pid=10396 comm="syz.1.1166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 436.485578][ T29] audit: type=1400 audit(1731060847.933:667): avc: denied { execute } for pid=10400 comm="syz.4.1170" path="/240/cpu.stat" dev="tmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 437.148506][T10410] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 437.504636][ T29] audit: type=1400 audit(1731060848.953:668): avc: denied { lock } for pid=10400 comm="syz.4.1170" path="socket:[22798]" dev="sockfs" ino=22798 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 437.588183][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 439.310331][ T45] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 439.362388][T10438] FAULT_INJECTION: forcing a failure. [ 439.362388][T10438] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 439.411142][T10438] CPU: 0 UID: 0 PID: 10438 Comm: syz.1.1177 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 439.421945][T10438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 439.432010][T10438] Call Trace: [ 439.435295][T10438] [ 439.438229][T10438] dump_stack_lvl+0x16c/0x1f0 [ 439.442912][T10438] should_fail_ex+0x497/0x5b0 [ 439.447596][T10438] _copy_from_user+0x2e/0xd0 [ 439.452198][T10438] do_sock_getsockopt+0x5f6/0x800 [ 439.457241][T10438] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 439.462805][T10438] ? __fget_files+0x244/0x3f0 [ 439.467490][T10438] __sys_getsockopt+0x1a1/0x270 [ 439.472329][T10438] ? __pfx___sys_getsockopt+0x10/0x10 [ 439.477687][T10438] ? fput+0x30/0x390 [ 439.481559][T10438] ? ksys_write+0x1ad/0x260 [ 439.486056][T10438] ? __pfx_ksys_write+0x10/0x10 [ 439.490899][T10438] __x64_sys_getsockopt+0xbd/0x160 [ 439.495985][T10438] ? do_syscall_64+0x91/0x250 [ 439.500647][T10438] ? lockdep_hardirqs_on+0x7c/0x110 [ 439.505853][T10438] do_syscall_64+0xcd/0x250 [ 439.510346][T10438] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.516230][T10438] RIP: 0033:0x7f134ed7e719 [ 439.520625][T10438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 439.540231][T10438] RSP: 002b:00007f134fb1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 439.548638][T10438] RAX: ffffffffffffffda RBX: 00007f134ef35f80 RCX: 00007f134ed7e719 [ 439.556597][T10438] RDX: 0000000000000480 RSI: 0000000000000000 RDI: 0000000000000003 [ 439.564557][T10438] RBP: 00007f134fb1e090 R08: 00000000200000c0 R09: 0000000000000000 [ 439.572515][T10438] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 439.580469][T10438] R13: 0000000000000000 R14: 00007f134ef35f80 R15: 00007ffd988d4d58 [ 439.588430][T10438] [ 439.642715][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.649387][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.681328][ T29] audit: type=1400 audit(1731060851.123:669): avc: denied { create } for pid=10441 comm="syz.3.1179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 439.722211][T10444] FAULT_INJECTION: forcing a failure. [ 439.722211][T10444] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 439.741817][ T45] usb 3-1: Using ep0 maxpacket: 16 [ 439.751189][T10444] CPU: 0 UID: 0 PID: 10444 Comm: syz.0.1178 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 439.752748][ T45] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 439.761958][T10444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 439.761973][T10444] Call Trace: [ 439.761979][T10444] [ 439.761987][T10444] dump_stack_lvl+0x16c/0x1f0 [ 439.777440][ T45] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 439.783477][T10444] should_fail_ex+0x497/0x5b0 [ 439.783507][T10444] _copy_from_user+0x2e/0xd0 [ 439.786842][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.789685][T10444] bpf_test_init.isra.0+0xf1/0x150 [ 439.794363][ T45] usb 3-1: Product: syz [ 439.803324][T10444] bpf_prog_test_run_skb+0x246/0x20f0 [ 439.803358][T10444] ? lock_acquire+0x2f/0xb0 [ 439.803374][T10444] ? __fget_files+0x40/0x3f0 [ 439.803400][T10444] ? __fget_files+0x244/0x3f0 [ 439.803420][T10444] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 439.803444][T10444] ? fput+0x30/0x390 [ 439.803464][T10444] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 439.803487][T10444] __sys_bpf+0xfc6/0x49a0 [ 439.831208][ T45] usb 3-1: Manufacturer: syz [ 439.835218][T10444] ? ksys_write+0x21e/0x260 [ 439.835249][T10444] ? reacquire_held_locks+0x480/0x4c0 [ 439.835268][T10444] ? __pfx___sys_bpf+0x10/0x10 [ 439.880687][ T45] usb 3-1: SerialNumber: syz [ 439.883089][T10444] ? vfs_write+0x306/0x1150 [ 439.883132][T10444] ? __mutex_unlock_slowpath+0x164/0x650 [ 439.892759][ T45] usb 3-1: config 0 descriptor?? [ 439.896910][T10444] ? fput+0x30/0x390 [ 439.911424][T10444] ? ksys_write+0x1ad/0x260 [ 439.915943][T10444] ? __pfx_ksys_write+0x10/0x10 [ 439.920807][T10444] __x64_sys_bpf+0x78/0xc0 [ 439.925232][T10444] ? lockdep_hardirqs_on+0x7c/0x110 [ 439.930448][T10444] do_syscall_64+0xcd/0x250 [ 439.934963][T10444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.940870][T10444] RIP: 0033:0x7f837417e719 [ 439.945296][T10444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 439.964912][T10444] RSP: 002b:00007f8374f9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 439.973328][T10444] RAX: ffffffffffffffda RBX: 00007f8374335f80 RCX: 00007f837417e719 [ 439.981304][T10444] RDX: 0000000000000050 RSI: 00000000200002c0 RDI: 000000000000000a [ 439.989542][T10444] RBP: 00007f8374f9e090 R08: 0000000000000000 R09: 0000000000000000 [ 439.997516][T10444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 440.005495][T10444] R13: 0000000000000000 R14: 00007f8374335f80 R15: 00007ffc3dded378 [ 440.013514][T10444] [ 440.483267][T10460] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 440.627824][ T5829] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 440.789208][ T45] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 441.001968][ T6028] usb 3-1: Failed to submit usb control message: -71 [ 441.008908][ T6028] usb 3-1: unable to send the bmi data to the device: -71 [ 441.017451][ T6028] usb 3-1: unable to get target info from device [ 441.024445][ T6028] usb 3-1: could not get target info (-71) [ 441.030553][ T6028] usb 3-1: could not probe fw (-71) [ 441.087316][ T45] usb 3-1: USB disconnect, device number 36 [ 441.095956][T10428] can: request_module (can-proto-0) failed. [ 441.672481][ T25] usb 4-1: new low-speed USB device number 39 using dummy_hcd [ 441.936200][ T25] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 441.950593][ T25] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 442.023576][ T25] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt [ 442.141223][ T25] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 442.152431][ T8] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 442.159663][ T25] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 442.214991][T10481] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1188'. [ 442.224309][ T25] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 442.234628][T10481] ip6gretap0: entered promiscuous mode [ 442.240863][T10481] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1188'. [ 442.250414][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.265445][ T25] usbtmc 4-1:16.0: bulk endpoints not found [ 442.357661][ T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 442.364837][ T29] audit: type=1400 audit(1731060853.793:670): avc: denied { ioctl } for pid=10482 comm="syz.1.1189" path="socket:[22987]" dev="sockfs" ino=22987 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 442.379454][ T8] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 442.424671][ T9] hid (null): invalid report_count 47633 [ 442.443569][ T9] hid-generic 0009:0007:0009.0027: invalid report_count 47633 [ 442.451484][ T9] hid-generic 0009:0007:0009.0027: item 0 2 1 9 parsing failed [ 442.459223][ T8] usb 5-1: New USB device found, idVendor=04d5, idProduct=0001, bcdDevice= 0.00 [ 442.469585][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.478017][ T9] hid-generic 0009:0007:0009.0027: probe with driver hid-generic failed with error -22 [ 442.496199][ T8] usb 5-1: config 0 descriptor?? [ 442.507281][ T25] hid (null): invalid report_count 47633 [ 442.515953][ T25] hid-generic 0009:0007:0009.0028: invalid report_count 47633 [ 442.524879][ T25] hid-generic 0009:0007:0009.0028: item 0 2 1 9 parsing failed [ 442.533981][ T25] hid-generic 0009:0007:0009.0028: probe with driver hid-generic failed with error -22 [ 442.959075][ T45] usb 5-1: USB disconnect, device number 32 [ 501.075964][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.085730][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.524741][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.531038][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 602.202746][ T30] INFO: task syz-executor:5832 blocked for more than 143 seconds. [ 602.210694][ T30] Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 602.218401][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 602.227129][ T30] task:syz-executor state:D stack:22928 pid:5832 tgid:5832 ppid:1 flags:0x00004004 [ 602.237473][ T30] Call Trace: [ 602.240755][ T30] [ 602.243992][ T30] __schedule+0xe55/0x5740 [ 602.248421][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 602.254872][ T30] ? mark_lock+0xb5/0xc60 [ 602.259209][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 602.264716][ T30] ? __pfx___schedule+0x10/0x10 [ 602.269579][ T30] ? schedule+0x298/0x350 [ 602.274361][ T30] ? __pfx_lock_release+0x10/0x10 [ 602.279402][ T30] ? trace_lock_acquire+0x14a/0x1d0 [ 602.285193][ T30] ? lock_acquire+0x2f/0xb0 [ 602.289699][ T30] ? schedule+0x1fd/0x350 [ 602.294307][ T30] schedule+0xe7/0x350 [ 602.298389][ T30] schedule_preempt_disabled+0x13/0x30 [ 602.304276][ T30] rwsem_down_write_slowpath+0x539/0x12a0 [ 602.310001][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 602.316509][ T30] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 602.322159][ T30] ? rcu_is_watching+0x12/0xc0 [ 602.327233][ T30] ? lock_acquire+0x2f/0xb0 [ 602.331742][ T30] ? exit_mmap+0x208/0xb30 [ 602.336452][ T30] down_write+0x1d8/0x200 [ 602.340782][ T30] ? __pfx_down_write+0x10/0x10 [ 602.345884][ T30] exit_mmap+0x208/0xb30 [ 602.350127][ T30] ? trace_contention_end+0xea/0x140 [ 602.356272][ T30] ? __pfx_exit_mmap+0x10/0x10 [ 602.361058][ T30] ? __mutex_lock+0x1a6/0x9c0 [ 602.366123][ T30] __mmput+0x12a/0x480 [ 602.370201][ T30] mmput+0x62/0x70 [ 602.374214][ T30] do_exit+0x9bf/0x2d70 [ 602.378382][ T30] ? get_signal+0x8f2/0x2770 [ 602.383274][ T30] ? __pfx_do_exit+0x10/0x10 [ 602.387878][ T30] ? do_raw_spin_lock+0x12d/0x2c0 [ 602.393191][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 602.398568][ T30] do_group_exit+0xd3/0x2a0 [ 602.403597][ T30] get_signal+0x25fb/0x2770 [ 602.408108][ T30] ? __pfx_child_wait_callback+0x10/0x10 [ 602.414042][ T30] ? __pfx_get_signal+0x10/0x10 [ 602.418914][ T30] ? __do_sys_wait4+0xd2/0x170 [ 602.423963][ T30] arch_do_signal_or_restart+0x90/0x7e0 [ 602.429533][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 602.435773][ T30] syscall_exit_to_user_mode+0x150/0x2a0 [ 602.441430][ T30] do_syscall_64+0xda/0x250 [ 602.446011][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.451925][ T30] RIP: 0033:0x7ff70b374997 [ 602.457118][ T30] RSP: 002b:00007ffc3e3d1b20 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 602.465816][ T30] RAX: fffffffffffffe00 RBX: 0000000000000361 RCX: 00007ff70b374997 [ 602.474015][ T30] RDX: 0000000040000000 RSI: 00007ffc3e3d1b7c RDI: 00000000ffffffff [ 602.482012][ T30] RBP: 00007ffc3e3d1b7c R08: 0000000000000000 R09: 00007ff70c266080 [ 602.490041][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 000055557ee095eb [ 602.498073][ T30] R13: 000055557ee09590 R14: 000000000006bb95 R15: 00007ffc3e3d1bd0 [ 602.506308][ T30] [ 602.509373][ T30] INFO: task syz.3.1183:10467 blocked for more than 143 seconds. [ 602.517732][ T30] Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 602.525572][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 602.534478][ T30] task:syz.3.1183 state:D stack:25824 pid:10467 tgid:10467 ppid:5832 flags:0x00004004 [ 602.544777][ T30] Call Trace: [ 602.548054][ T30] [ 602.550968][ T30] __schedule+0xe55/0x5740 [ 602.555425][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 602.561121][ T30] ? mark_lock+0xb5/0xc60 [ 602.565499][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 602.570718][ T30] ? __pfx___schedule+0x10/0x10 [ 602.575623][ T30] ? schedule+0x298/0x350 [ 602.579956][ T30] ? __pfx_lock_release+0x10/0x10 [ 602.585015][ T30] ? trace_lock_acquire+0x14a/0x1d0 [ 602.590233][ T30] ? lock_acquire+0x2f/0xb0 [ 602.594867][ T30] ? schedule+0x1fd/0x350 [ 602.599220][ T30] schedule+0xe7/0x350 [ 602.603392][ T30] schedule_preempt_disabled+0x13/0x30 [ 602.608864][ T30] rwsem_down_write_slowpath+0x539/0x12a0 [ 602.614623][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 602.620794][ T30] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 602.626491][ T30] ? rcu_is_watching+0x12/0xc0 [ 602.631287][ T30] ? lock_acquire+0x2f/0xb0 [ 602.635822][ T30] ? exit_mmap+0x208/0xb30 [ 602.640238][ T30] down_write+0x1d8/0x200 [ 602.644610][ T30] ? __pfx_down_write+0x10/0x10 [ 602.649469][ T30] exit_mmap+0x208/0xb30 [ 602.653761][ T30] ? trace_contention_end+0xea/0x140 [ 602.659056][ T30] ? __pfx_exit_mmap+0x10/0x10 [ 602.664467][ T30] ? __mutex_lock+0x1a6/0x9c0 [ 602.669179][ T30] __mmput+0x12a/0x480 [ 602.673299][ T30] mmput+0x62/0x70 [ 602.677019][ T30] do_exit+0x9bf/0x2d70 [ 602.681155][ T30] ? get_signal+0x8f2/0x2770 [ 602.685812][ T30] ? __pfx_do_exit+0x10/0x10 [ 602.690662][ T30] ? do_raw_spin_lock+0x12d/0x2c0 [ 602.695727][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 602.701122][ T30] do_group_exit+0xd3/0x2a0 [ 602.705661][ T30] get_signal+0x25fb/0x2770 [ 602.710180][ T30] ? down_write_killable+0x218/0x250 [ 602.715537][ T30] ? __pfx_down_write_killable+0x10/0x10 [ 602.721179][ T30] ? __pfx_get_signal+0x10/0x10 [ 602.726076][ T30] ? vm_mmap_pgoff+0xf2/0x360 [ 602.730765][ T30] arch_do_signal_or_restart+0x90/0x7e0 [ 602.736392][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 602.742577][ T30] ? __pfx___schedule+0x10/0x10 [ 602.747435][ T30] ? ksys_mmap_pgoff+0x85/0x5c0 [ 602.752431][ T30] syscall_exit_to_user_mode+0x150/0x2a0 [ 602.758078][ T30] do_syscall_64+0xda/0x250 [ 602.763411][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.769328][ T30] RIP: 0033:0x7ff70b37e753 [ 602.773799][ T30] RSP: 002b:00007ffc3e3d1758 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 602.782211][ T30] RAX: fffffffffffffffc RBX: 00007ff709ff76c0 RCX: 00007ff70b37e753 [ 602.790224][ T30] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000 [ 602.798247][ T30] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 602.806270][ T30] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffc3e3d18b0 [ 602.814288][ T30] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 602.822356][ T30] [ 602.825399][ T30] INFO: task syz.4.1186:10472 blocked for more than 143 seconds. [ 602.833151][ T30] Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 602.840782][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 602.849509][ T30] task:syz.4.1186 state:D stack:23416 pid:10472 tgid:10471 ppid:5828 flags:0x00004000 [ 602.859728][ T30] Call Trace: [ 602.863103][ T30] [ 602.866655][ T30] __schedule+0xe55/0x5740 [ 602.871096][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 602.876358][ T30] ? mark_lock+0xb5/0xc60 [ 602.880689][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 602.885930][ T30] ? __pfx___schedule+0x10/0x10 [ 602.890785][ T30] ? schedule+0x298/0x350 [ 602.895161][ T30] ? __pfx_lock_release+0x10/0x10 [ 602.900180][ T30] ? trace_lock_acquire+0x14a/0x1d0 [ 602.905414][ T30] ? lock_acquire+0x2f/0xb0 [ 602.909919][ T30] ? schedule+0x1fd/0x350 [ 602.914336][ T30] schedule+0xe7/0x350 [ 602.918407][ T30] schedule_preempt_disabled+0x13/0x30 [ 602.923907][ T30] rwsem_down_write_slowpath+0x539/0x12a0 [ 602.929655][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 602.935866][ T30] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 602.941508][ T30] ? rcu_is_watching+0x12/0xc0 [ 602.946344][ T30] ? lock_acquire+0x2f/0xb0 [ 602.950863][ T30] ? exit_mmap+0x208/0xb30 [ 602.955326][ T30] down_write+0x1d8/0x200 [ 602.959668][ T30] ? __pfx_down_write+0x10/0x10 [ 602.964591][ T30] exit_mmap+0x208/0xb30 [ 602.969477][ T30] ? trace_contention_end+0xea/0x140 [ 602.974843][ T30] ? __pfx_exit_mmap+0x10/0x10 [ 602.979617][ T30] ? __mutex_lock+0x1a6/0x9c0 [ 602.984396][ T30] __mmput+0x12a/0x480 [ 602.988476][ T30] mmput+0x62/0x70 [ 602.992198][ T30] do_exit+0x9bf/0x2d70 [ 602.996424][ T30] ? get_signal+0x8f2/0x2770 [ 603.001019][ T30] ? __pfx_do_exit+0x10/0x10 [ 603.005713][ T30] ? do_raw_spin_lock+0x12d/0x2c0 [ 603.010749][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 603.016224][ T30] do_group_exit+0xd3/0x2a0 [ 603.020742][ T30] get_signal+0x25fb/0x2770 [ 603.025496][ T30] ? __pfx_get_signal+0x10/0x10 [ 603.030348][ T30] ? __pfx_do_futex+0x10/0x10 [ 603.035056][ T30] arch_do_signal_or_restart+0x90/0x7e0 [ 603.040603][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 603.046837][ T30] ? selinux_file_ioctl+0xb4/0x270 [ 603.051955][ T30] syscall_exit_to_user_mode+0x150/0x2a0 [ 603.057631][ T30] do_syscall_64+0xda/0x250 [ 603.058030][ T29] audit: type=1400 audit(1731061014.513:671): avc: denied { write } for pid=5182 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 603.062128][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.092398][ T30] RIP: 0033:0x7f3ce777e719 [ 603.092606][ T29] audit: type=1400 audit(1731061014.533:672): avc: denied { remove_name } for pid=5182 comm="syslogd" name="messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 603.096815][ T30] RSP: 002b:00007f3ce84d50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 603.129203][ T30] RAX: fffffffffffffe00 RBX: 00007f3ce7935f88 RCX: 00007f3ce777e719 [ 603.137437][ T30] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3ce7935f88 [ 603.145617][ T30] RBP: 00007f3ce7935f80 R08: 0000000000000000 R09: 0000000000000000 [ 603.153642][ T29] audit: type=1400 audit(1731061014.533:673): avc: denied { add_name } for pid=5182 comm="syslogd" name="messages.0" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 603.176663][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3ce7935f8c [ 603.184704][ T30] R13: 0000000000000000 R14: 00007ffd903b37b0 R15: 00007ffd903b3898 [ 603.192712][ T30] [ 603.195744][ T30] INFO: task syz.0.1191:10487 blocked for more than 144 seconds. [ 603.203506][ T30] Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 603.211120][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 603.219826][ T30] task:syz.0.1191 state:D stack:24800 pid:10487 tgid:10486 ppid:5831 flags:0x00004006 [ 603.230025][ T30] Call Trace: [ 603.233334][ T30] [ 603.236273][ T30] __schedule+0xe55/0x5740 [ 603.240698][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 603.245940][ T30] ? mark_lock+0xb5/0xc60 [ 603.250261][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 603.255514][ T30] ? __pfx___schedule+0x10/0x10 [ 603.260365][ T30] ? schedule+0x298/0x350 [ 603.264738][ T30] ? __pfx_lock_release+0x10/0x10 [ 603.269761][ T30] ? trace_lock_acquire+0x14a/0x1d0 [ 603.275776][ T30] ? lock_acquire+0x2f/0xb0 [ 603.280375][ T30] ? schedule+0x1fd/0x350 [ 603.284767][ T30] schedule+0xe7/0x350 [ 603.288848][ T30] schedule_preempt_disabled+0x13/0x30 [ 603.294340][ T30] rwsem_down_write_slowpath+0x539/0x12a0 [ 603.300058][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 603.306255][ T30] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 603.311888][ T30] ? rcu_is_watching+0x12/0xc0 [ 603.316857][ T30] ? lock_acquire+0x2f/0xb0 [ 603.321362][ T30] ? exit_mmap+0x208/0xb30 [ 603.326820][ T30] down_write+0x1d8/0x200 [ 603.331169][ T30] ? __pfx_down_write+0x10/0x10 [ 603.337103][ T30] exit_mmap+0x208/0xb30 [ 603.341447][ T30] ? trace_contention_end+0xea/0x140 [ 603.346834][ T30] ? __pfx_exit_mmap+0x10/0x10 [ 603.351601][ T30] ? __mutex_lock+0x1a6/0x9c0 [ 603.356327][ T30] __mmput+0x12a/0x480 [ 603.360401][ T30] mmput+0x62/0x70 [ 603.364204][ T30] vhost_detach_mm+0xd3/0x110 [ 603.368887][ T30] vhost_dev_cleanup+0xb1b/0xe40 [ 603.373881][ T30] ? __pfx_vhost_dev_cleanup+0x10/0x10 [ 603.379987][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 603.385762][ T30] ? vhost_vsock_dev_release+0x2ce/0x400 [ 603.391410][ T30] ? __local_bh_enable_ip+0xa4/0x120 [ 603.396773][ T30] vhost_vsock_dev_release+0x2d6/0x400 [ 603.402237][ T30] ? evm_file_release+0xd0/0x1d0 [ 603.407268][ T30] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 603.413314][ T30] __fput+0x3f6/0xb60 [ 603.417307][ T30] task_work_run+0x14e/0x250 [ 603.421891][ T30] ? __pfx_task_work_run+0x10/0x10 [ 603.427071][ T30] ? do_raw_spin_unlock+0x172/0x230 [ 603.432570][ T30] do_exit+0xadd/0x2d70 [ 603.436742][ T30] ? get_signal+0x8f2/0x2770 [ 603.441326][ T30] ? __pfx_do_exit+0x10/0x10 [ 603.446052][ T30] ? do_raw_spin_lock+0x12d/0x2c0 [ 603.451083][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 603.456496][ T30] do_group_exit+0xd3/0x2a0 [ 603.461005][ T30] get_signal+0x25fb/0x2770 [ 603.465588][ T30] ? __pfx_inet_bind_sk+0x10/0x10 [ 603.470618][ T30] ? __pfx_get_signal+0x10/0x10 [ 603.476932][ T30] arch_do_signal_or_restart+0x90/0x7e0 [ 603.483654][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 603.490434][ T30] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 603.496144][ T30] syscall_exit_to_user_mode+0x150/0x2a0 [ 603.501803][ T30] do_syscall_64+0xda/0x250 [ 603.506374][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.512294][ T30] RIP: 0033:0x7f837417e719 [ 603.516735][ T30] RSP: 002b:00007f8374f9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 603.525233][ T30] RAX: fffffffffffffe00 RBX: 00007f8374335f80 RCX: 00007f837417e719 [ 603.533236][ T30] RDX: 0000000000000001 RSI: 0000000020000dc0 RDI: 000000000000000a [ 603.541200][ T30] RBP: 00007f83741f139e R08: 0000000000000000 R09: 0000000000000000 [ 603.549249][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 603.562350][ T30] R13: 0000000000000000 R14: 00007f8374335f80 R15: 00007ffc3dded378 [ 603.570362][ T30] [ 603.574375][ T30] INFO: task syz.1.1192:10490 blocked for more than 144 seconds. [ 603.582627][ T30] Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 603.590251][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 603.598983][ T30] task:syz.1.1192 state:D stack:26320 pid:10490 tgid:10489 ppid:5822 flags:0x00004006 [ 603.609319][ T30] Call Trace: [ 603.612670][ T30] [ 603.615607][ T30] __schedule+0xe55/0x5740 [ 603.620027][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 603.625245][ T30] ? mark_lock+0xb5/0xc60 [ 603.629593][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 603.634881][ T30] ? __pfx___schedule+0x10/0x10 [ 603.639742][ T30] ? schedule+0x298/0x350 [ 603.644117][ T30] ? __pfx_lock_release+0x10/0x10 [ 603.649143][ T30] ? trace_lock_acquire+0x14a/0x1d0 [ 603.654428][ T30] ? lock_acquire+0x2f/0xb0 [ 603.658929][ T30] ? schedule+0x1fd/0x350 [ 603.663336][ T30] schedule+0xe7/0x350 [ 603.667419][ T30] schedule_preempt_disabled+0x13/0x30 [ 603.672959][ T30] rwsem_down_write_slowpath+0x539/0x12a0 [ 603.678692][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 603.685535][ T30] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 603.691171][ T30] ? rcu_is_watching+0x12/0xc0 [ 603.696015][ T30] ? lock_acquire+0x2f/0xb0 [ 603.700515][ T30] ? exit_mmap+0x208/0xb30 [ 603.704966][ T30] down_write+0x1d8/0x200 [ 603.709301][ T30] ? __pfx_down_write+0x10/0x10 [ 603.714353][ T30] exit_mmap+0x208/0xb30 [ 603.718603][ T30] ? trace_contention_end+0xea/0x140 [ 603.723928][ T30] ? __pfx_exit_mmap+0x10/0x10 [ 603.728695][ T30] ? __mutex_lock+0x1a6/0x9c0 [ 603.733467][ T30] __mmput+0x12a/0x480 [ 603.737554][ T30] mmput+0x62/0x70 [ 603.741270][ T30] vhost_detach_mm+0xd3/0x110 [ 603.745983][ T30] vhost_dev_cleanup+0xb1b/0xe40 [ 603.750943][ T30] ? __pfx_vhost_dev_cleanup+0x10/0x10 [ 603.756473][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 603.761846][ T30] ? vhost_vsock_dev_release+0x2ce/0x400 [ 603.767589][ T30] ? __local_bh_enable_ip+0xa4/0x120 [ 603.773719][ T30] vhost_vsock_dev_release+0x2d6/0x400 [ 603.779187][ T30] ? evm_file_release+0xd0/0x1d0 [ 603.784176][ T30] ? __pfx_vhost_vsock_dev_release+0x10/0x10 [ 603.790916][ T30] __fput+0x3f6/0xb60 [ 603.795033][ T30] task_work_run+0x14e/0x250 [ 603.799631][ T30] ? __pfx_task_work_run+0x10/0x10 [ 603.804776][ T30] ? do_raw_spin_unlock+0x172/0x230 [ 603.809972][ T30] do_exit+0xadd/0x2d70 [ 603.814211][ T30] ? get_signal+0x8f2/0x2770 [ 603.818807][ T30] ? __pfx_do_exit+0x10/0x10 [ 603.823577][ T30] ? do_raw_spin_lock+0x12d/0x2c0 [ 603.828608][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 603.834060][ T30] do_group_exit+0xd3/0x2a0 [ 603.838574][ T30] get_signal+0x25fb/0x2770 [ 603.843114][ T30] ? __pfx_inet_bind_sk+0x10/0x10 [ 603.848145][ T30] ? __pfx_get_signal+0x10/0x10 [ 603.853558][ T30] arch_do_signal_or_restart+0x90/0x7e0 [ 603.859207][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 603.865403][ T30] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 603.870946][ T30] syscall_exit_to_user_mode+0x150/0x2a0 [ 603.876661][ T30] do_syscall_64+0xda/0x250 [ 603.881177][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.887131][ T30] RIP: 0033:0x7f134ed7e719 [ 603.892157][ T30] RSP: 002b:00007f134fb1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 603.903696][ T30] RAX: fffffffffffffe00 RBX: 00007f134ef35f80 RCX: 00007f134ed7e719 [ 603.911684][ T30] RDX: 0000000000000001 RSI: 0000000020000dc0 RDI: 000000000000000a [ 603.919719][ T30] RBP: 00007f134edf139e R08: 0000000000000000 R09: 0000000000000000 [ 603.927716][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 603.935869][ T30] R13: 0000000000000000 R14: 00007f134ef35f80 R15: 00007ffd988d4d58 [ 603.943877][ T30] [ 603.946958][ T30] INFO: task syz.2.1193:10492 blocked for more than 145 seconds. [ 603.954887][ T30] Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 603.962617][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 603.971270][ T30] task:syz.2.1193 state:D stack:26432 pid:10492 tgid:10492 ppid:5823 flags:0x00004004 [ 603.981455][ T30] Call Trace: [ 603.984789][ T30] [ 603.987721][ T30] __schedule+0xe55/0x5740 [ 603.992699][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 603.997906][ T30] ? mark_lock+0xb5/0xc60 [ 604.002233][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 604.007517][ T30] ? __pfx___schedule+0x10/0x10 [ 604.012417][ T30] ? schedule+0x298/0x350 [ 604.016753][ T30] ? __pfx_lock_release+0x10/0x10 [ 604.021768][ T30] ? trace_lock_acquire+0x14a/0x1d0 [ 604.027033][ T30] ? lock_acquire+0x2f/0xb0 [ 604.031528][ T30] ? schedule+0x1fd/0x350 [ 604.035878][ T30] schedule+0xe7/0x350 [ 604.039946][ T30] schedule_preempt_disabled+0x13/0x30 [ 604.045584][ T30] rwsem_down_write_slowpath+0x539/0x12a0 [ 604.051303][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 604.057486][ T30] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 604.063193][ T30] ? rcu_is_watching+0x12/0xc0 [ 604.067967][ T30] ? lock_acquire+0x2f/0xb0 [ 604.072498][ T30] ? exit_mmap+0x208/0xb30 [ 604.076918][ T30] down_write+0x1d8/0x200 [ 604.081241][ T30] ? __pfx_down_write+0x10/0x10 [ 604.086163][ T30] exit_mmap+0x208/0xb30 [ 604.090411][ T30] ? trace_contention_end+0xea/0x140 [ 604.096266][ T30] ? __pfx_exit_mmap+0x10/0x10 [ 604.101033][ T30] ? __mutex_lock+0x1a6/0x9c0 [ 604.105793][ T30] __mmput+0x12a/0x480 [ 604.109868][ T30] mmput+0x62/0x70 [ 604.113630][ T30] do_exit+0x9bf/0x2d70 [ 604.117798][ T30] ? get_signal+0x8f2/0x2770 [ 604.122463][ T30] ? __pfx_do_exit+0x10/0x10 [ 604.127067][ T30] ? do_raw_spin_lock+0x12d/0x2c0 [ 604.132094][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 604.137512][ T30] do_group_exit+0xd3/0x2a0 [ 604.142025][ T30] get_signal+0x25fb/0x2770 [ 604.146613][ T30] ? down_write_killable+0x218/0x250 [ 604.151913][ T30] ? __pfx_down_write_killable+0x10/0x10 [ 604.157679][ T30] ? __pfx_get_signal+0x10/0x10 [ 604.162598][ T30] ? vm_mmap_pgoff+0xf2/0x360 [ 604.167284][ T30] arch_do_signal_or_restart+0x90/0x7e0 [ 604.172881][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 604.179039][ T30] ? __fget_files+0x244/0x3f0 [ 604.183803][ T30] ? ksys_mmap_pgoff+0x85/0x5c0 [ 604.188652][ T30] syscall_exit_to_user_mode+0x150/0x2a0 [ 604.194304][ T30] do_syscall_64+0xda/0x250 [ 604.199493][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 604.205504][ T30] RIP: 0033:0x7f83bab7e753 [ 604.209918][ T30] RSP: 002b:00007fffe7b79ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 604.218350][ T30] RAX: fffffffffffffffc RBX: 0000000000400000 RCX: 00007f83bab7e753 [ 604.226410][ T30] RDX: 0000000000000003 RSI: 00000000003c0000 RDI: 0000001b2f760000 [ 604.234424][ T30] RBP: 0000001b2f760000 R08: 0000000000000004 R09: 0000000000040000 [ 604.242459][ T30] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000032 [ 604.250420][ T30] R13: 000000000006c014 R14: 000000000006bfdc R15: 00007fffe7b79dc0 [ 604.258422][ T30] [ 604.261485][ T30] [ 604.261485][ T30] Showing all locks held in the system: [ 604.269573][ T30] 1 lock held by khungtaskd/30: [ 604.274460][ T30] #0: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x7f/0x390 [ 604.284455][ T30] 2 locks held by getty/5588: [ 604.289125][ T30] #0: ffff88814d6ac0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 604.299540][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 [ 604.309731][ T30] 1 lock held by syz-executor/5812: [ 604.314951][ T30] #0: ffff88802a410198 (&mm->mmap_lock){++++}-{3:3}, at: vm_mmap_pgoff+0x160/0x360 [ 604.324456][ T30] 1 lock held by syz-executor/5832: [ 604.329657][ T30] #0: ffff88802a414d98 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x208/0xb30 [ 604.338740][ T30] 1 lock held by udevd/6181: [ 604.343386][ T30] #0: ffff88807d319e18 (&mm->mmap_lock){++++}-{3:3}, at: __vm_munmap+0x10f/0x340 [ 604.353226][ T30] 2 locks held by kworker/u8:10/7195: [ 604.358605][ T30] 1 lock held by syz.3.1183/10467: [ 604.364039][ T30] #0: ffff88807c914d98 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x208/0xb30 [ 604.373254][ T30] 1 lock held by syz.4.1186/10472: [ 604.378361][ T30] #0: ffff88802a417398 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x208/0xb30 [ 604.387504][ T30] 1 lock held by syz.0.1191/10487: [ 604.392642][ T30] #0: ffff88801b076a18 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x208/0xb30 [ 604.402235][ T30] 1 lock held by syz.1.1192/10490: [ 604.407375][ T30] #0: ffff888032a50198 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x208/0xb30 [ 604.416541][ T30] 1 lock held by syz.2.1193/10492: [ 604.421639][ T30] #0: ffff88801b072798 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x208/0xb30 [ 604.430719][ T30] [ 604.433257][ T30] ============================================= [ 604.433257][ T30] [ 604.441699][ T30] NMI backtrace for cpu 1 [ 604.446011][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 604.456505][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 604.466559][ T30] Call Trace: [ 604.469825][ T30] [ 604.472748][ T30] dump_stack_lvl+0x116/0x1f0 [ 604.477446][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 604.482405][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 604.488394][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 604.494383][ T30] watchdog+0xf0c/0x1240 [ 604.498631][ T30] ? __pfx_watchdog+0x10/0x10 [ 604.503305][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 604.508498][ T30] ? __kthread_parkme+0x148/0x220 [ 604.513513][ T30] ? __pfx_watchdog+0x10/0x10 [ 604.518184][ T30] kthread+0x2c1/0x3a0 [ 604.522242][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 604.527435][ T30] ? __pfx_kthread+0x10/0x10 [ 604.532010][ T30] ret_from_fork+0x45/0x80 [ 604.536409][ T30] ? __pfx_kthread+0x10/0x10 [ 604.540984][ T30] ret_from_fork_asm+0x1a/0x30 [ 604.545744][ T30] [ 604.549336][ T30] Sending NMI from CPU 1 to CPUs 0: [ 604.554908][ C0] NMI backtrace for cpu 0 [ 604.554917][ C0] CPU: 0 UID: 0 PID: 9182 Comm: kworker/u8:24 Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 604.554933][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 604.554942][ C0] Workqueue: events_unbound nsim_dev_trap_report_work [ 604.554964][ C0] RIP: 0010:kernel_text_address+0xc/0x100 [ 604.554979][ C0] Code: 8c 96 00 8b 44 24 04 eb a9 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 53 48 89 fb 48 83 ec 08 <48> 81 ff 00 00 00 81 72 18 48 81 ff 00 00 60 8b 73 0f 48 83 c4 08 [ 604.554991][ C0] RSP: 0018:ffffc90003da76e8 EFLAGS: 00000296 [ 604.555001][ C0] RAX: dffffc0000000000 RBX: ffffffff86c2d384 RCX: 0000000000000000 [ 604.555010][ C0] RDX: 1ffff920007b4eee RSI: ffffc90003da7be0 RDI: ffffffff86c2d384 [ 604.555019][ C0] RBP: ffffc90003da7770 R08: ffffc90003da775c R09: ffffffff917fa1ec [ 604.555027][ C0] R10: ffffc90003da7728 R11: 000000000007f461 R12: ffffffff817946c0 [ 604.555035][ C0] R13: ffffc90003da77e8 R14: 0000000000000000 R15: ffff88805f87a440 [ 604.555044][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 604.555058][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 604.555067][ C0] CR2: 00005573a94da680 CR3: 000000000df7c000 CR4: 00000000003526f0 [ 604.555076][ C0] Call Trace: [ 604.555080][ C0] [ 604.555085][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 604.555102][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 604.555120][ C0] ? nmi_handle+0x1a9/0x5c0 [ 604.555134][ C0] ? kernel_text_address+0xc/0x100 [ 604.555146][ C0] ? default_do_nmi+0x6a/0x160 [ 604.555161][ C0] ? exc_nmi+0x170/0x1e0 [ 604.555175][ C0] ? end_repeat_nmi+0xf/0x53 [ 604.555187][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 604.555203][ C0] ? nsim_dev_trap_report_work+0x2a4/0xc90 [ 604.555222][ C0] ? nsim_dev_trap_report_work+0x2a4/0xc90 [ 604.555239][ C0] ? kernel_text_address+0xc/0x100 [ 604.555252][ C0] ? kernel_text_address+0xc/0x100 [ 604.555264][ C0] ? kernel_text_address+0xc/0x100 [ 604.555276][ C0] [ 604.555280][ C0] [ 604.555285][ C0] ? nsim_dev_trap_report_work+0x2a4/0xc90 [ 604.555302][ C0] __kernel_text_address+0xd/0x40 [ 604.555314][ C0] unwind_get_return_address+0x59/0xa0 [ 604.555328][ C0] arch_stack_walk+0xa7/0x100 [ 604.555344][ C0] ? nsim_dev_trap_report_work+0x2a4/0xc90 [ 604.555363][ C0] stack_trace_save+0x95/0xd0 [ 604.555377][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 604.555391][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 604.555411][ C0] ? __pfx_mark_lock+0x10/0x10 [ 604.555424][ C0] kasan_save_stack+0x33/0x60 [ 604.555437][ C0] ? kasan_save_stack+0x33/0x60 [ 604.555449][ C0] ? kasan_save_track+0x14/0x30 [ 604.555462][ C0] ? __kasan_kmalloc+0xaa/0xb0 [ 604.555474][ C0] ? __kmalloc_node_track_caller_noprof+0x20f/0x430 [ 604.555491][ C0] ? kmalloc_reserve+0xef/0x2c0 [ 604.555512][ C0] ? __alloc_skb+0x164/0x380 [ 604.555536][ C0] kasan_save_track+0x14/0x30 [ 604.555548][ C0] __kasan_kmalloc+0xaa/0xb0 [ 604.555562][ C0] __kmalloc_node_track_caller_noprof+0x20f/0x430 [ 604.555577][ C0] ? __alloc_skb+0x164/0x380 [ 604.555591][ C0] kmalloc_reserve+0xef/0x2c0 [ 604.555607][ C0] __alloc_skb+0x164/0x380 [ 604.555619][ C0] ? __pfx___alloc_skb+0x10/0x10 [ 604.555631][ C0] ? do_raw_spin_lock+0x12d/0x2c0 [ 604.555645][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 604.555659][ C0] ? lock_acquire+0x2f/0xb0 [ 604.555670][ C0] ? nsim_dev_trap_report_work+0x1c5/0xc90 [ 604.555690][ C0] nsim_dev_trap_report_work+0x2a4/0xc90 [ 604.555711][ C0] process_one_work+0x9c5/0x1ba0 [ 604.555727][ C0] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 604.555739][ C0] ? __pfx_process_one_work+0x10/0x10 [ 604.555754][ C0] ? assign_work+0x1a0/0x250 [ 604.555773][ C0] worker_thread+0x6c8/0xf00 [ 604.555787][ C0] ? __kthread_parkme+0x148/0x220 [ 604.555802][ C0] ? __pfx_worker_thread+0x10/0x10 [ 604.555814][ C0] kthread+0x2c1/0x3a0 [ 604.555828][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 604.555844][ C0] ? __pfx_kthread+0x10/0x10 [ 604.555859][ C0] ret_from_fork+0x45/0x80 [ 604.555870][ C0] ? __pfx_kthread+0x10/0x10 [ 604.555884][ C0] ret_from_fork_asm+0x1a/0x30 [ 604.555905][ C0] [ 604.557139][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 604.976667][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc6-syzkaller-00169-g906bd684e4b1 #0 [ 604.987138][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 604.997166][ T30] Call Trace: [ 605.000419][ T30] [ 605.003333][ T30] dump_stack_lvl+0x3d/0x1f0 [ 605.007926][ T30] panic+0x71d/0x800 [ 605.011824][ T30] ? __pfx_panic+0x10/0x10 [ 605.016245][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 605.021619][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 605.027578][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 605.032936][ T30] ? watchdog+0xd76/0x1240 [ 605.037328][ T30] ? watchdog+0xd69/0x1240 [ 605.041727][ T30] watchdog+0xd87/0x1240 [ 605.045946][ T30] ? __pfx_watchdog+0x10/0x10 [ 605.050593][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 605.055783][ T30] ? __kthread_parkme+0x148/0x220 [ 605.060807][ T30] ? __pfx_watchdog+0x10/0x10 [ 605.065479][ T30] kthread+0x2c1/0x3a0 [ 605.069552][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 605.074727][ T30] ? __pfx_kthread+0x10/0x10 [ 605.079296][ T30] ret_from_fork+0x45/0x80 [ 605.083685][ T30] ? __pfx_kthread+0x10/0x10 [ 605.088259][ T30] ret_from_fork_asm+0x1a/0x30 [ 605.093004][ T30] [ 605.096200][ T30] Kernel Offset: disabled [ 605.100512][ T30] Rebooting in 86400 seconds..