last executing test programs: 7.957063756s ago: executing program 2 (id=557): socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x40, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x4}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x88}}, 0x20050800) getsockopt$sock_cred(r0, 0x1, 0x3b, 0x0, &(0x7f0000000080)=0x3000000) (async) syz_usb_connect(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYRESOCT=r0, @ANYRESDEC, @ANYBLOB="ad65f1fcce8728f9f4b2047fedae7b88982c2050a6ab4d168e05762d8cd7955013410c1c4ae5cdeaa7eb707b3d3be8c30285c70f51af334afee6ec51f27a8190a23f3831ae286e7633ee4e1e018a3871efe22a9d4d45897c5676de"], 0x0) (async) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200004}) (async) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) (async) write(r2, &(0x7f0000000140)="24000000010006", 0x7) (async) r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r3, 0xc0305602, &(0x7f00000000c0)={0x0, 0xb526, 0x2005}) 4.972878862s ago: executing program 0 (id=577): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020}, 0x2020) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x6, 0x0) sendmsg$SMC_PNETID_GET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=ANY=[@ANYBLOB="500000001000370400"/20, @ANYRES32=r4, @ANYBLOB="83040500010000003000128008000100677265002400028008000700ac14140005000a000000000005000800000000000500130001"], 0x50}}, 0x0) accept4(r0, 0x0, &(0x7f0000000080), 0x80800) sendmmsg$inet(r1, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty}}}], 0x20}}], 0x1, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10) 4.842995237s ago: executing program 2 (id=578): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x80811501, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000380)=@urb_type_control={0x2, {0xf}, 0x9, 0x1, &(0x7f0000000100)={0x0, 0x14, 0x1, 0x2}, 0x8, 0x9, 0x1, 0x0, 0x0, 0x400, &(0x7f0000001bc0)="95de57b4a50a48270cb74230df60daa314bd45c05616a747f632ef6fd3851bca14c8da291028d719df448034f6316139de2492019550e4e56ccc70b25ab3f4b287763a6db1f8cbbcc03286a4a9f198e330bc13ea67358983af4f41bb46a5234f9c23ecf2225923b9b19f6876ae5cbaa57a1945702b39ef0ab3bdb59892f970fb5ae9652a85c51682aaf9a4fa05f34fbc8838f76d85a5e41813d5903bb9fdca6fed410b9a0c22fb6e1239aeb396e7c0c7119107c9971c85864f2c985c70081b01c177aec2cb57ea0efb9fe59706e417a4f98ad59c5cc846312bdc94643dde5128aec5d4a771e4ebaa8c9fb3dd4bccdb8337a44b81a22b44b5a92767be78781a09fa7c97f3ece1a1987ae1ec3f6591a865572d090df85436dda8297c63490fc7d3fa6d0646be16f5979a8d07e36f78470a9c1a650813cfba1314c044268bed17fb306a8b80b9bd7d8417536bad1fc88cdbe1b4eaad854f9d13738874cb4dd60b8980c55bdbc8dea6bc1c8628d30e8eb671bfe4f4c7f8481c708eb946f34654d669b77d7e0fb5b6f713886db1666c39d0780b51366f9a5eb92a504e97022fdbb1056bda48e3c521855e0995bdddee8868a29ee9b9d2af42892e4b293dbe162cdf9262ee802ac1fbffbbb737a03f440e20c0cc1c4be0378824767a70e01b2260de37b5feceeb33cca09ccdc795b4f0f7e4a76ea0814220517571c8183289868faa15f526e08ea98bf61ebf8198c42fca45e5f8f3b0034dbb49c13bb524980e11f24b6702363e1dda74298a3ebeb8f55abae467ba1b165e673871d8814f1867f742c7311e7112a276c766c2bb643898d51455c8cd36744e22b939688fb8ce76aacbb5b8542c28792047c686b1f270269dee0cf5fc592a58ca3a990d05f0cf61fbb40fed3d25a78eb48d4a7f1460999c64dff9200b1960ec58ee46bee867651b795dd6f340f4c7bfe1c17ec5af184fa534ae4a51048312d804c58adcdb2bd2fc3bcdb4a0eb1bd1d259aca85fab63b106b2786dd03338b5097aaa3246d0a54d0ace6f1e6ae50f721d676fac6b549017e5b4715d024eb2ba67d2e9793b8e641bbf87aa76ccc8704657bba6fcf077aa2e12464a57de09cc4acc075da7b67c5b37c94561214d2a7d26b6ebd53c9f9206630b9f051ea3fc97468368a93c628dfb4a110dda0013cf7a8a5de40783f27bad93cd101faa85a9968b1b9cf35e59af9c06d013b601942e5ededaa54fc24761e3eeab1fd347190263f4fb748e4d0d45c7e707c02af5ef6474a034f5e4a0a221d4aae276bcf935792a3ca3be1f19ca38d1dd1eb4b84aa63fd3a63bcd0cd8f4443705798e02d2a14017005140a61d5a8d8ebe0bc1bad61d6093398398e9ba52d42448428bf414a8e640f23a8ad72ab714625bc48e2029d33d6c082e14cbe1a1e12f5e785a1d062199c1c0788842b79031751675ee4a2f3bf1d71a5d05bca24bead0ee490bb1e835e2f550d9baaa2627b172a9e9ca7eea962317ec0b9824a887ed047fad43b5413d708b5b5d6beaa427d35fa700d8679ad394f47cedf1092b7f82de70bcda250c899a5f249f520be7119c06a4b28c92b76eb474dc711490a362a76ae6c80cc9da9aa340512a41a88600643b5718365d92000e5d1dd8632ea9646bac482253f6aea39e3f21036d66bd21f2393ca2253ded17a78bccb36a24e2d42e7169b2330a8018dcb322c8f5077568ac12aeb04444bb26cd68912098062dce4cfeb55cfacdafd2768aeb03be32f6c043a38544f79ae251cd8ecfa7c8d4573e17aefebfa3884035ed9e59611c5b89ca09464bd8d6311046156180a239070767a8811a4a24399b33be04b01f2390987e77bccc2917bf51d450b4c8aa85620ad28b62795c62374e1ecfd82067b6cb6b792d3b0e4d1d6220264ce2a8c3cd1855f8b8eb455c713669e9854e5b4ed76b44b9e49e9df86650f1d5fae1b6e0464ffb5fbcca19eafde370c03bff40e4cebc471fbdde342b2a2d160517caf63c007e481807c847f71d55018f9755e08681a090365fb6be55fd540a7e1d299c060af05938ce86074dc1cfc296ae33a769a6c97e917135417d68349fae76bb8dc818b74ed64b9bbdcd838c5dbd8ac26405aee613729633057587f0bd144717bee1e85ed41795ed86fb00f0d05c7c09318ec6e19e9010f5ccb277ee2e7f0993d9266df54fcd010fc0d9daa8d3505e15b2c049566195f6678ddb05fa56fcc7f7884808dee36ca2c0ff581e2b67381543ee5281b046afa903a371a39172916253891a1f34e627077c8c0a8b8bd8063532976d4ca88bb4696a2383bae80d5a310585a8876dcf6033a7a1715bc1a0ac610a79b72f8ad2e8a9a94f85d4cb4a280ad908764434233c8c78e16b6b869173286226a5a51b78afc81f5eb82895831343d28fad1f1314d072987b0adda4dd42c9ee11f202f53f723893df793e770b8ba4bcfa4a2c25fc57fe4e4643ce42eec8e6cf709eb8b212a3b3f32b168c6c1ba79ac834574a7f1edf56596c35935c53691a2b48a67fc651d190ab39ed0877e748bd9cb3a8b5cd0179a7ffbcf8060b332b5ccf2ee25dfcdfb0bf051e95cfa1b9ef354bc67625ae93abc487a9b5cdcd86b2fb467aff9e26102804f7f2007d34c6e4eab627d9ef32cd32a6ca90bdc1f729e4392390bc617693f4638a9b7b6a991b68af94390ded51088819856c43d52f5f71bfd0f1a2f82eec57fc0069fb23d68894f440d3953f02104bc2171ab706496cf890c0a473f0716f328aa9da0192b7683a36f67b7c9e5e06bd0b3a56c8a1aee4df621a3dd46603b1b2c8d9e96ddfd88593230f3e0d52bec0585d3577503a7a764b6f7378416ae9043082287c5c49e60de504e64db9b7c07b599ad1482ca524c1fb2e1c68c48daa35dd3554ad76b3b085f06f251ca1de4e4c581e527bfc84b6aa8fb26466313a260243f710345ba67dc7c1f374877cb9a9979d7d43917b5359631df5e431dae8bce298204b7866c914e44594e4a44f173314972404e7c35df93ef872b098c569ff279ae51eb8be3dca8b030ba619e08a638653cd3e336ecbc8aece29f8ea9ba2e3b995631f7fc33f9c26e7bac8afd40f9befebaf1a2bd133391977e676f0eeb474e837533fa325429121732ec35812bf99fc239cf5cd5ebc7ac4c36c3c7b23040c2d67f1b2dbc723634e91406c94f403f0d69a5b71296e42ab234004ae7cb5bb2424753cc51df1e412a3812478e9bc758e2691a86493e7e2da5936472b8cf3d42f6f4379f88971c1283804cebdc988d7a27aa875b05e8b1b91f24edf81171f971ec085ecfecbba738f424f4bacae9256367e01913d53039e9445ad9064133f2fcb4c4b91a8591ee86e01fde6293b7c59079b38f28d810bc31d7eff71dc8a23156805a4435df2f03a4442fc9525594d926b79ce9aa116bfca71f6e8d2398977dc6a134558ecd4020f84b8e41af06f1049358e7d1d0dd44d91c54f212d35c74dfb20c3f3e2a21ba906fa1d032e0e50df2082a78f02e3fc651d6c755a97be7fba89538d60ae377037f7d8e37458a54969750d9447ec5ef5b0f683d40e61320f8c23ef48d29ac56d4c45cb3f1780d844bcb7cc6fe68c577d243b510b3341c9ebd92de5c1b13b8366269e4b15902cc2a82a51dbed7b7dcfc12b20a6089a1f0b91308b895442815e1e3d63a025155d1d8f69dd58771dbb634f0535eadbb2c2c3ee197c5b6601290e9a9de9ab7a4a93de1dca00aa25e61cd9d5ff42a96a2f1a4eeec9268fe4d08ca00435bc480dee248d7e697162c123f6be5977a7e5d4f560fc57937495af70decffdbc3c9133ea5d59b6422073079088ea68285b72a2aec84bca57cc2bceafc895749d62760ae305d284de810fb7e8f8ca6578a244f390b4c6d3b9df471d8cadbba13a2fa9708001b09e0a1d0fa65b9fe1a53c00a6a70c6d4341eb4c2ea3f8666c21344d1d6a8fd610071f2812daf7edc696a1855e42268e71c6f930a004c225307dbfb55cc439f79adcab722a095da608e122a1630f81cca8e6ac367f42de2e5997e48e6f374807b30095216223b0b4aacd60e986e029c4dad24b8e02cdb3e3d8553318d86b002aac8064a7a3ec0f65bdf57c7743e1c1751fd1f2fa70ee9edfa64b97287bae39ede4d6c56ca1375a81eb2b1fc6af97ed703cac168732e8ad22c179cd07e9341fa20f8faecaf39741ae32d39b51813ec44e7099e50e6cbf9939e20850975d7088d704c7235e6764c03d49a137bbe0757bc090f69a4786b3fa45eabba0bde54189b60e1466255816b72ec47a6cab259142b98a277b743054ff4774e3b4c1b98ac1fddc538b20dbabc0053ab9b3fa9c3f98c49e5e0240eb06bd99096f9c9ba3627034de51e77cd72f07a522959a2c2bb65bf8765465ff008bb7951640d9fa84d7672716115cbacac72f3d24098d67637d997b174023846935be7522f7122b289e610209968a17fee9590a60fc9084230cadca1686ae4968542792cbe494c88cd30e841e4a23cde8ec6b6ea0d26b3d3015cd447f14624fc0e4b9b89f298fbfebc5f50affa58a6efe50a31171c7aeb7e29bf7e390280b0930f4c04f48cfbc47cbcbd2a26c3b99903353dc720ee14bfa028c8ad7c6ceeeb34338f161417e5d80c9ce99093ff968fd08aaaab99f62628592daa1850ea188fbd4c8f5872b81b6fdde10ee9c70cd48ef7cc1dce9af9c3f276367530cc7341fb6ee8a745679d81c290480446a497ce011f8d3fe88fe8112e18f3417360798302e9964ddc2475cc4439cabb80c97817174a65b2a993a52407fa19144aa68025d8a5dc22d9c5e5957abd2f354aa823768365f6022840bc37d716d4f2cd2c902c62a1cc00f898720b2ed495c0347a6c2f9d853c6fb3074ee85f7d70ea0b66bca80a210c71ac4058561da74791d81451435c57271996486ff1216a01589cfdd4a348d3bb1347c67a5e08623e2c6a363f4cfaff540597e45c54700298d41f2735e360a7ed23382bea509c6a83b7a6eae6d3a90ea9db9dc8c60440c17b63ed5b655809ae5b6cc6c326c694bbab17cb014bc6b7b931576285ac7d3383ca25e5e3655dcb5ae15fbbef200339c97ec3f58d4eb93871bafc7bdf7b094fc9f8041d560e3c466c5f319e9439e3ff82218eb254a6ebd88455193a23cb307ead5df65423412f5a2c8a5a29e7cef13f90a628e20fdf32338361dc768551253f4ea6ab8f2088477543c1cf92cf4a85e21d3de830b23b07e9e5a2366311f224ddda4a4557a9c0cc1f9630b5b11704ee909ce3e35b7c7c7844a693f043fce93edc5580ef434c169989efa30e6bb5c992b3bb5011792666762327695bc9478f8290393d0addc29123e38031dd32562d98dd4d337125f3c962b1ef6ea40d35429e239dc7680f98210dafb74a45658051c2030d10dc13e7b41c37eeb88c83e33e0244be7b1950dd920c59c705365bff7170e9f030f44ca9ad0e610098a88099f3dfa352922c40527c39ed6bf0c10083b54305dcb388980cec9e0cd116facb84ba524d1d2c49ef9c6d36992503ad8be23f3b1e6fac37cd5107c017264a58f523bbc177761bbddcad2aa843f17372d5e6f56541daa12c3aa734040713c58742fd5016fe9966f283ba5f8ae0789ee56ea158ba353df180338e5ae8de366e9895cb1ecfb0e8067548ea49664b1ce8b9b13e89db92452e10c97db6399253ebfb8acb8766b299ff7fe1db5f27eda0a988ae2d4e1952d927ff3851f43b52be573609618539e22ea92fefe4d4814e7d164e274ed7e2abc393ce610ae4659b60457b2f9f7c50db8d54d6c0d09dc581833c0"}) clock_gettime(0x9, &(0x7f0000000280)) sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x40, r0, 0x2586ad4018a3b31b, 0xfffffffc, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}]}, 0x40}}, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x9, 0x700000000000000) 4.410033939s ago: executing program 1 (id=583): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r3 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r3, 0x0, 0x10, 0x0, &(0x7f0000000600)="61df712bc884fef053a7a9a26e9b7227", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r4}, 0x10) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8) r7 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x6a, 0xa, 0xff00}, [@call={0xc}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)={@ifindex, r7, 0x11, 0x0, 0x0, @void, @value=r6}, 0x20) 4.333565783s ago: executing program 3 (id=585): bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) r0 = socket$kcm(0x2, 0x1, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0x84, &(0x7f0000000000), 0x90) (fail_nth: 2) 4.315358817s ago: executing program 1 (id=586): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x530, 0x0, 0x0, 0x1a8, 0x3d8, 0x1a8, 0x4c0, 0x4c0, 0x4c0, 0x4c0, 0x4c0, 0x6, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x20}}}, {{@uncond, 0x0, 0xe8, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@osf={{0x50}, {'syz1\x00'}}]}, @TTL={0x28}}, {{@uncond, 0x0, 0xe0, 0x120, 0x0, {}, [@common=@set={{0x40}}, @common=@ah={{0x30}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@remote}}}, {{@ip={@multicast1, @private, 0x0, 0x0, 'pim6reg0\x00', 'erspan0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00'}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'nr0\x00'}, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00'}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x590) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) set_mempolicy(0x0, &(0x7f0000000080)=0x3e, 0x9cb) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r2, 0x40081271, &(0x7f0000001080)) openat$misdntimer(0xffffffffffffff9c, &(0x7f00000006c0), 0x208080, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000680)={r2, &(0x7f00000005c0)="cac8f9cc54f0565035c10232f7305dc145494d1a6acfa18b69080916516fb945fe8ac09e7e34101980def8886c6818af3131e35522e2dddc7b0bda84b4cb3866039b3289ac7b42f57e1d147cff1b0e53c518cccf14459bcda08c"}, 0x20) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}, 0x1, 0x0, 0x0, 0x4}, 0x0) 4.193086467s ago: executing program 1 (id=587): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) socket$netlink(0x10, 0x3, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r5}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) (fail_nth: 2) 4.013186599s ago: executing program 3 (id=588): r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0200bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000100), &(0x7f00000001c0)=@tcp, 0x900}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000011c0)={r1, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) write$cgroup_int(r1, &(0x7f0000000080)=0x5, 0x12) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) read$msr(0xffffffffffffffff, 0x0, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) (async) close(r0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0200bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f0000000100), &(0x7f00000001c0)=@tcp, 0x900}, 0x20) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000011c0)={r1, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (async) write$cgroup_int(r1, &(0x7f0000000080)=0x5, 0x12) (async) 3.689712704s ago: executing program 0 (id=589): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000080000000e"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000ecff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, 0x0, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) recvmmsg(r1, &(0x7f0000006100), 0x0, 0xf0ff, 0x0) r6 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) setreuid(0xee00, 0xee00) keyctl$setperm(0x5, r6, 0x10080000) ioprio_set$pid(0x1, 0x0, 0x4000) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r7, 0x40045532, &(0x7f0000000040)) r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r9 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x6, 0x9ccf1bb10fad8ed2) socket$inet_udplite(0x2, 0x2, 0x88) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r9, 0xc0884113, 0x0) 3.689284751s ago: executing program 1 (id=590): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) socket$netlink(0x10, 0x3, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x25, 0x3, 0x29, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r5}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 3.688863776s ago: executing program 3 (id=591): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000004a0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7020000000000088500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x6, 0xd8, 0x80000001, 0x41b6, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x8, 0x0, 0xd, @void, @value, @void, @value}, 0x50) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, &(0x7f0000001fc0)=""/184, 0x20002078) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x9, '\x00', 0x0, r2, 0x3, 0x0, 0x5, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000004a0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7020000000000088500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x6, 0xd8, 0x80000001, 0x41b6, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x8, 0x0, 0xd, @void, @value, @void, @value}, 0x50) (async) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) (async) getdents(r2, &(0x7f0000001fc0)=""/184, 0x20002078) (async) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x9, '\x00', 0x0, r2, 0x3, 0x0, 0x5, 0x0, @void, @value, @void, @value}, 0x50) (async) 3.609115799s ago: executing program 2 (id=592): socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a", 0x23}], 0x1}, 0x0) 3.573366908s ago: executing program 3 (id=593): io_setup(0x3f, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x3eae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) rt_tgsigqueueinfo(0x0, 0x0, 0x24, 0x0) add_key(&(0x7f0000000000)='pkcs7_test\x00', 0x0, &(0x7f0000000080)="3097", 0x2, 0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="0f000000040000000800000001"], 0x37) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r2], 0x20) close(0x3) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)={[{@redirect_dir_follow}]}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 3.437648388s ago: executing program 1 (id=594): syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000031c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x5, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {}, {0x6, 0x6}}, [@filter_kind_options=@f_u32={{0x8}, {0x14, 0x2, [@TCA_U32_FLAGS={0x8, 0xb, 0x2}, @TCA_U32_HASH={0x8, 0x2, 0x6}]}}]}, 0x40}}, 0x4000) write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000080)="c74424005f480000c7442402dd0f0000c7442406000000000f0114242636640f01c2c461cde326f36dc4a2290dba00000000b93f080000b849520000ba000000000f3066baf80cb81861b780ef66bafc0cb800000000ef440f0767400fc71e66400f381539", 0x65}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)={{0x0, 0x0, 0x80}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b9f802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963cd14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f0d9ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d579531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a785d820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37dfd149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f2729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab21842da1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a99b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f8f4ed0b27cedd1c5e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="660f388084000072baf80c66b860b4498c66efbafc0c66b80e00000066ef64f30fc7b000100f850100f30fc7b1030066b9800000c00f326635000400000f30d2bc0a000f23c80f21f86635040040000f23f8b8f4008ee0", 0x57}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.433899641s ago: executing program 2 (id=595): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x10, 0x0, &(0x7f0000000000)) 2.834820086s ago: executing program 2 (id=596): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r3 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r3, 0x0, 0x10, 0x0, &(0x7f0000000600)="61df712bc884fef053a7a9a26e9b7227", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r4}, 0x10) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8) r7 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x6a, 0xa, 0xff00}, [@call={0xc}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)={@ifindex, r7, 0x11, 0x0, 0x0, @void, @value=r6}, 0x20) 2.687883038s ago: executing program 0 (id=597): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioprio_set$uid(0x3, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv2(r1, 0x0, 0x0, 0x0, 0x0, 0xf) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) syz_open_dev$cec(0x0, 0x0, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r2, 0x11, 0xa, &(0x7f00000001c0)=0x2, 0x4) ioctl$KDSETMODE(0xffffffffffffffff, 0x5608, 0x1) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000440)="5c00000012006bab9e3fe3d86e17aa31070000007ea60864160af365da8fb21a38001d008fbd983247f07251ca60bc2482949a3651f60a84c9f4d458a325d4938037e7c45978d3886434af37c00100d0bdd7fcf50e080998", 0x58}], 0x1, 0x0, 0x0, 0x1f000008}, 0x4040850) 2.687594533s ago: executing program 4 (id=598): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = syz_io_uring_setup(0x237, &(0x7f0000000240)={0x0, 0x8101, 0x0, 0x0, 0x24f}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f00000001c0)={&(0x7f0000001000)={[{0x0, 0x0, 0x1}]}, 0x1, 0x1}, 0x1) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f00000002c0)={0xfffffffe, {{0xa, 0x4e20, 0x5, @private2, 0x8}}}, 0x88) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x80, 0x3, 0x0, 0x9276, 0x0, 0x0, {0x1}}) io_uring_enter(r2, 0x47bc, 0x3bf6, 0x7, 0x0, 0x0) 2.665028602s ago: executing program 1 (id=599): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000008080)={0x0, 0x0, &(0x7f0000001240)=[{0x0, 0x2198}, {0x0}], 0x2}, 0x0) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)}, 0x0) recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1}}], 0x4000210, 0x2, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80800) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r4, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r3, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r5, r6, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r3, 0x3b8c, &(0x7f0000000300)={0x30, r7, 0x0, 0x0, 0x1000000, 0x0, 0x1000, 0x0}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) read(r2, &(0x7f0000000140)=""/235, 0xeb) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r8, 0x560d, &(0x7f00000001c0)={0x0, 0x0}) close(r2) r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r9, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) 2.56773349s ago: executing program 2 (id=600): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') syz_open_dev$tty1(0xc, 0x4, 0x3) syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0) sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x34, 0x1, 0x7, 0x801, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x3ff}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0xebe2c446cd54176c}, @NFACCT_NAME={0xc743b10af66075fc, 0x1, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x40) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="34020000", @ANYRES16=r2, @ANYBLOB="050000000000000000003f00000008000300", @ANYRES32=r3, @ANYBLOB="6c005e80080003000300000008000200a609000008000600c0dc00000800090005000000080007009801000020"], 0x234}}, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x700, 0x0, 0x54}, 0x9c) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r0}, 0x0, &(0x7f0000000200)=r6}, 0xfffffffffffffc3e) syz_usb_connect(0x1, 0x1b, &(0x7f0000000000)=ANY=[@ANYBLOB="05001001fd8d0e04004368010203e00f20ff"], 0x0) r7 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_IPV6_RTHDR(r7, 0x29, 0x39, &(0x7f0000002e40)=ANY=[@ANYBLOB="00020201"], 0x18) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r7, &(0x7f0000000040)="ab9bcfbd850ccbb3aad7ffc90f0aeb0af5dbce120d555f32e81d1d16df579c8b7c20aeda96fbd665", 0x28, 0x0, 0x0, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r8) 2.333038999s ago: executing program 0 (id=601): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000001500)={'veth0_to_bond\x00', 0x0}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0x38, r6, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x4}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}]}, 0x38}}, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r8 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x9, 0x8, 0x8, 0x90, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r8, 0x1, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='msdos\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) read$msr(r0, &(0x7f0000001680)=""/102400, 0x19000) openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r9, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r10) bpf$MAP_CREATE(0x0, 0x0, 0x48) 1.208503394s ago: executing program 4 (id=602): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$fb0(0xffffffffffffff9c, &(0x7f0000000980), 0x20c001, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_ext_remove_space_done\x00'}, 0x10) r2 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x20000010) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x48) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000440)) r4 = socket$kcm(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r4, 0x29, 0x14, &(0x7f0000000100), 0x120) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f0000000240)='}\x00') r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f0000001880)={'wg1\x00', 0x0}) r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000280)={0x40, r8, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r7}, @WGDEVICE_A_PRIVATE_KEY={0x24}]}, 0x40}}, 0x0) 1.111546594s ago: executing program 0 (id=603): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) (async) sendto$inet6(r0, 0x0, 0x0, 0x8081, &(0x7f0000000540)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x1f00, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0xffffffff}, 0x50) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 32) getpriority(0x0, 0x0) (rerun: 32) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async, rerun: 64) sched_setscheduler(0x0, 0x1, 0x0) (async, rerun: 64) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) (async) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) (async) r1 = syz_open_dev$MSR(0x0, 0x1, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) (async) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000780)='/proc/asound/seq/clients\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000001bc0)={0x2020}, 0x2020) r3 = socket(0x10, 0x3, 0x0) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x78, 0x24, 0xd0f, 0xfffffffe, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xca9, 0x0, 0x0, 0x10000000, 0x4f407}, 0x10000000, 0x0, 0x2, 0x1, 0x2, 0x0, 0x2, 0x11, 0x13, 0x1ff, {0x4, 0x0, 0xfffffffc, 0x3, 0x30000000}}}}]}, 0x78}}, 0x0) (async) sendmmsg$inet6(r0, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000340)='\x00', 0x1}], 0x1}}], 0x1, 0x400c404) (async) r6 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r6, 0x84, 0x6d, &(0x7f0000000440)={0x0, 0x8f, "3f92c97c635ae1f8b1a256cef437654c61332e24ec98ee0c30aa292b43ddc80f58d8b631b334bb9ec2e86bca6f2e3259e48e91703ae2c295281be0c3115692c99d1c6c96f3aa52c383361c7ab4f3282c7cae4791a0d8e4d606b934a08bf3bff2cf39372879a66c4a194a17f2b65d9ed7bd24d94742be709b0640bc715665276931fe32ee6272368c9926efb626bb14"}, &(0x7f0000000100)=0x97) (async) getsockopt$inet_sctp6_SCTP_CONTEXT(r6, 0x84, 0x11, &(0x7f0000000140)={0x0, 0xc}, &(0x7f00000001c0)=0x8) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_STATUS(r9, 0x84, 0xe, &(0x7f0000000580)={r7, 0x1, 0x2, 0x498d, 0x7ff, 0x7, 0xde26, 0x2, {r8, @in6={{0xa, 0x4e20, 0x0, @remote, 0xa}}, 0x4, 0x800, 0x2, 0xffffffff, 0xa}}, &(0x7f0000000200)=0xb0) (async, rerun: 64) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)={0x28, 0x5a, 0x1, 0x70bd28, 0x0, {}, [@typed={0x14, 0x5, 0x0, 0x0, @ipv6=@local}]}, 0x28}}, 0x0) (async, rerun: 64) sendto$inet6(r0, &(0x7f0000000000)="0f", 0xfdef, 0x0, 0x0, 0x0) (async) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000900)={'filter\x00', 0x7, 0x4, 0x438, 0x130, 0x130, 0x240, 0x350, 0x350, 0x350, 0x4, &(0x7f00000000c0), {[{{@uncond, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x400, 0x7, 0x42, 0x1, 0x0, "863b46c0fdf8cec57ad3c5b8aab0841366f7cc95ced7ba227eb3716f88ae124d7385cc1d619728f3227823cbc5808bb0692b6fdf8d9725620b9b8cfcb5fa1db7"}}}, {{@arp={@loopback, @remote, 0xff, 0x329b96c4661a702f, 0x7, 0xa, {@mac=@multicast, {[0xff, 0xff, 0xff, 0x0, 0x101, 0xff]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, {[0x0, 0xff]}}, 0x200, 0x4, 0x1, 0x200, 0x6, 0x6, 'dvmrp0\x00', 'pim6reg1\x00', {}, {0xff}, 0x0, 0x48}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @empty, @empty, 0x1, 0xffffffff}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @loopback, @remote, 0x8}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x488) 877.113347ms ago: executing program 3 (id=604): io_setup(0x3f, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x3eae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) rt_tgsigqueueinfo(0x0, 0x0, 0x24, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0xf0ffff, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 876.767111ms ago: executing program 0 (id=605): syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587", @ANYRES16], 0x0) ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(0xffffffffffffffff, 0xc0086c43, 0x100000000000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6(0xa, 0x80003, 0x6e) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x278, 0x280, 0x280, 0x278, 0x280, 0x388, 0x365, 0x350, 0x388, 0x333, 0x7fffffe, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x250, 0x278, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'syzkaller1\x00', {0x0, 0x40000000004, 0x0, 0x0, 0x0, 0x1ab618fe, 0x802}}}, @common=@inet=@hashlimit1={{0x58}, {'syzkaller1\x00', {0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0xa6}}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000500"/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mknod(&(0x7f0000000040)='./file0\x00', 0x2, 0x3) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r5}, 0x10) write(r3, &(0x7f0000000340)="23000000010007", 0x7) read$char_usb(r2, 0x0, 0x0) 420.914874ms ago: executing program 4 (id=606): syz_open_dev$I2C(0x0, 0x0, 0x101000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x10, 0x0, &(0x7f0000000000)) 349.846563ms ago: executing program 4 (id=607): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c00001f00010104000000000000000002000000240002801400018008000100e000000108000200e00000010c00028005000100000000001c001080000003400000000008000340000000000818024000000000080008"], 0x5c}}, 0x0) 156.028122ms ago: executing program 4 (id=608): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = openat2(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', &(0x7f0000000140)={0x80000, 0x2, 0x36}, 0x18) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000400)={0xd2, 0x2, 0x8, "f4b18cd65a75eede100cc8ed7679987c0da85982fb48d69727ce6bdfc8dc0cb312928c4f9076075d5b0ad777b3529934299932b8d15ffdad4443a255391739510f2ee148a7cf2c9c722f2a2e5df53f9628da521090e73f9d4155a89b1da763beacbdf11f40eb93bf6e08e12e358963dc54e08a956abe5117085e653d54b236f81a6993922fcd69ff3aec4693205d7b0a68f4f863e872ebe15747e2a7d0ac018eb2e7a3dc191329158a3cf4c17f0b46aec1bf00710a77d77f289958d0180524e44354503c60781eeff0c2b516b66c73b91957"}) r1 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) getdents(r1, &(0x7f0000001fc0)=""/184, 0x20002078) 154.586753ms ago: executing program 3 (id=609): syz_open_dev$MSR(&(0x7f00000003c0), 0xa0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a00000004000000ff0f00000700000000", @ANYRES32=0x0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="5b4c1be992c056458e351e668f9da8e1371f1a5789d1124aa35a2834446579516bd7737e5c4fa9c65627cf00650dfd49e9acade56bd7fc486a7868c3ef43415daaf7e66f0909b123643820aa38dac36f4d8b663866be2544ad51812973f80dcd39bde2be48e3b9c3061d11169025ce441b09da8bf943c05c8e4636a524572f7efe59fa2e9827feaff709d33ec87a41a239573c67878ef77be42ea3031b0cb848183b2f044a73d548a23e80d3d00bb15c2a04971f50b127da5df2763d32f72f8de70c64019ff41a2365f025e5dc923d55d41e50", @ANYRES8=r0], 0x0, 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$6lowpan_control(r1, &(0x7f0000000280)='connect aa:aa:aa:aa:aa:10 1', 0x1b) r2 = timerfd_create(0x0, 0x0) timerfd_settime(r2, 0x3, &(0x7f00000000c0)={{0x0, 0x989680}, {0x77359400}}, 0x0) r3 = timerfd_create(0x0, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000200)) timerfd_settime(r3, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0x32240c1b4d7d63dc, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setrlimit(0x5, &(0x7f0000000180)={0x7, 0x7}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000008000"/28], 0x48) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=r6, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000065c5c3b974ed17df000000000005000000bb0000000011000000ac461acd3391"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b9af8ff0000000026090200760000007b9af0ff00000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb50200000800000018280000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7050000080000001400000076000000bf9100000000000007080000000000008500000005000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @cgroup_skb=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) 0s ago: executing program 4 (id=610): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r3 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000440)={r3, 0x0, 0x10, 0x0, &(0x7f0000000600)="61df712bc884fef053a7a9a26e9b7227", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r4}, 0x10) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8) r7 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x6a, 0xa, 0xff00}, [@call={0xc}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)={@ifindex, r7, 0x11, 0x0, 0x0, @void, @value=r6}, 0x20) kernel console output (not intermixed with test programs): [ 105.050356][ T5903] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 105.087346][ T5903] usb 5-1: string descriptor 0 read error: -22 [ 105.100111][ T5903] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 105.112779][ T6414] netlink: 12 bytes leftover after parsing attributes in process `syz.1.131'. [ 105.200828][ T29] audit: type=1400 audit(1738453988.018:343): avc: denied { write } for pid=6413 comm="syz.0.133" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 105.224477][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.247655][ T5903] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 105.255406][ T29] audit: type=1400 audit(1738453988.088:344): avc: denied { create } for pid=6413 comm="syz.0.133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 105.295845][ T29] audit: type=1400 audit(1738453988.088:345): avc: denied { ioctl } for pid=6413 comm="syz.0.133" path="socket:[9030]" dev="sockfs" ino=9030 ioctlcmd=0x4948 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 105.351180][ T29] audit: type=1400 audit(1738453988.088:346): avc: denied { create } for pid=6413 comm="syz.0.133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 105.371087][ T29] audit: type=1400 audit(1738453988.088:347): avc: denied { bind } for pid=6413 comm="syz.0.133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 105.925902][ T29] audit: type=1400 audit(1738453988.468:348): avc: denied { create } for pid=6417 comm="syz.3.132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 106.254368][ T6431] netlink: 8 bytes leftover after parsing attributes in process `syz.0.136'. [ 106.551747][ T46] usb 5-1: USB disconnect, device number 4 [ 106.762441][ T6433] delete_channel: no stack [ 106.828350][ T6437] netlink: 8 bytes leftover after parsing attributes in process `syz.1.138'. [ 106.842848][ T6438] netlink: 'syz.2.139': attribute type 2 has an invalid length. [ 106.852216][ T5869] IPVS: starting estimator thread 0... [ 106.870477][ T6437] netlink: 44 bytes leftover after parsing attributes in process `syz.1.138'. [ 107.083138][ T6441] block nbd0: shutting down sockets [ 107.110520][ T6439] IPVS: using max 26 ests per chain, 62400 per kthread [ 107.280505][ T46] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 107.343216][ T6449] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6684 sclass=netlink_route_socket pid=6449 comm=syz.1.141 [ 107.446466][ T46] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 107.457599][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 64 [ 107.560702][ T46] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 107.666085][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 107.933478][ T46] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 107.959017][ T46] usb 5-1: unable to read config index 1 descriptor/start: -71 [ 107.971001][ T46] usb 5-1: can't read configurations, error -71 [ 108.983810][ T6460] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 109.542447][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 109.542488][ T29] audit: type=1400 audit(1738453992.468:360): avc: denied { setopt } for pid=6473 comm="syz.4.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 109.904252][ T29] audit: type=1400 audit(1738453992.488:361): avc: denied { read } for pid=6473 comm="syz.4.150" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 110.018602][ T29] audit: type=1400 audit(1738453992.488:362): avc: denied { open } for pid=6473 comm="syz.4.150" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 110.152750][ T29] audit: type=1400 audit(1738453992.488:363): avc: denied { ioctl } for pid=6473 comm="syz.4.150" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9377 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 110.570354][ T29] audit: type=1400 audit(1738453992.488:364): avc: denied { setopt } for pid=6473 comm="syz.4.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 110.676131][ T6481] netlink: 8 bytes leftover after parsing attributes in process `syz.4.152'. [ 110.717944][ T6481] netlink: 44 bytes leftover after parsing attributes in process `syz.4.152'. [ 111.706541][ T29] audit: type=1400 audit(1738453993.838:365): avc: denied { connect } for pid=6469 comm="syz.1.149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 111.740367][ T29] audit: type=1400 audit(1738453993.968:366): avc: denied { shutdown } for pid=6469 comm="syz.1.149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 111.918260][ T29] audit: type=1400 audit(1738453993.968:367): avc: denied { create } for pid=6469 comm="syz.1.149" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 112.042406][ T29] audit: type=1400 audit(1738453993.978:368): avc: denied { ioctl } for pid=6469 comm="syz.1.149" path="socket:[10072]" dev="sockfs" ino=10072 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 112.151002][ T29] audit: type=1400 audit(1738453993.978:369): avc: denied { connect } for pid=6484 comm="syz.3.153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 112.319701][ T6496] netlink: 16 bytes leftover after parsing attributes in process `syz.4.156'. [ 112.406411][ T6502] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6684 sclass=netlink_route_socket pid=6502 comm=syz.0.155 [ 113.260541][ T5868] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 113.838785][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 114.130480][ T5868] usb 5-1: Using ep0 maxpacket: 16 [ 114.167318][ T5868] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 114.255913][ T5868] usb 5-1: can't read configurations, error -61 [ 114.493825][ T5868] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 114.523591][ T6520] netlink: 'syz.3.162': attribute type 1 has an invalid length. [ 114.543084][ T6520] netlink: 'syz.3.162': attribute type 4 has an invalid length. [ 114.575207][ T6520] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.162'. [ 115.792702][ T5868] usb 5-1: Using ep0 maxpacket: 16 [ 115.806908][ T6494] ALSA: mixer_oss: invalid OSS volume '' [ 115.824109][ T5868] usb 5-1: device descriptor read/all, error -71 [ 115.850614][ T5868] usb usb5-port1: attempt power cycle [ 115.897456][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 115.897468][ T29] audit: type=1400 audit(1738453998.818:379): avc: denied { open } for pid=6537 comm="syz.0.167" path="/dev/ptyq5" dev="devtmpfs" ino=124 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 115.950355][ T6539] netlink: 8 bytes leftover after parsing attributes in process `syz.1.166'. [ 116.000108][ T29] audit: type=1400 audit(1738453998.858:380): avc: denied { ioctl } for pid=6537 comm="syz.0.167" path="/dev/ptyq5" dev="devtmpfs" ino=124 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 116.028510][ T6539] netlink: 44 bytes leftover after parsing attributes in process `syz.1.166'. [ 116.768608][ T6555] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6684 sclass=netlink_route_socket pid=6555 comm=syz.3.170 [ 116.783509][ T5902] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 117.640613][ T5902] usb 2-1: Using ep0 maxpacket: 16 [ 117.803039][ T5902] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 117.813195][ T5902] usb 2-1: config 0 has no interface number 0 [ 117.819315][ T5902] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 117.878178][ T5902] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 117.908624][ T5902] usb 2-1: config 0 interface 41 has no altsetting 0 [ 117.982168][ T5902] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 118.009844][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.019164][ T5902] usb 2-1: Product: syz [ 118.028878][ T5902] usb 2-1: Manufacturer: syz [ 118.035072][ T5902] usb 2-1: SerialNumber: syz [ 118.040131][ T5902] usb 2-1: config 0 descriptor?? [ 118.045343][ T6550] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 118.065851][ T6550] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 118.087229][ T6559] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 118.094051][ T6542] syz.4.168: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 118.149895][ T6559] netlink: 'syz.0.173': attribute type 3 has an invalid length. [ 118.163102][ T6542] CPU: 0 UID: 0 PID: 6542 Comm: syz.4.168 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 118.163124][ T6542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 118.163132][ T6542] Call Trace: [ 118.163136][ T6542] [ 118.163144][ T6542] dump_stack_lvl+0x16c/0x1f0 [ 118.163160][ T6542] warn_alloc+0x24d/0x3a0 [ 118.163173][ T6542] ? __pfx_warn_alloc+0x10/0x10 [ 118.163188][ T6542] ? __get_vm_area_node+0x1b0/0x2f0 [ 118.163204][ T6542] ? __get_vm_area_node+0x1dc/0x2f0 [ 118.163221][ T6542] __vmalloc_node_range_noprof+0x1102/0x1530 [ 118.163241][ T6542] ? xt_alloc_entry_offsets+0x3a/0x60 [ 118.163256][ T6542] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 118.163272][ T6542] ? rcu_is_watching+0x12/0xc0 [ 118.163283][ T6542] ? trace_kmalloc+0x2d/0xd0 [ 118.163296][ T6542] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 118.163308][ T6542] ? xt_alloc_entry_offsets+0x3a/0x60 [ 118.163319][ T6542] __kvmalloc_node_noprof+0x14f/0x1a0 [ 118.163335][ T6542] ? xt_alloc_entry_offsets+0x3a/0x60 [ 118.163347][ T6542] xt_alloc_entry_offsets+0x3a/0x60 [ 118.163357][ T6542] translate_table+0x22e/0x17b0 [ 118.163372][ T6542] ? _copy_from_user+0x59/0xd0 [ 118.163390][ T6542] ? __pfx_translate_table+0x10/0x10 [ 118.163400][ T6542] ? __might_fault+0xe3/0x190 [ 118.163415][ T6542] do_ip6t_set_ctl+0x926/0xbf0 [ 118.163427][ T6542] ? __mutex_lock+0x347/0xb10 [ 118.163438][ T6542] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 118.163449][ T6542] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 118.163462][ T6542] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 118.163479][ T6542] ? nf_sockopt_find.constprop.0+0x221/0x290 [ 118.163492][ T6542] nf_setsockopt+0x8a/0xf0 [ 118.163504][ T6542] ipv6_setsockopt+0x135/0x170 [ 118.163515][ T6542] tcp_setsockopt+0xa4/0x100 [ 118.163530][ T6542] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 118.163546][ T6542] do_sock_setsockopt+0x222/0x480 [ 118.163560][ T6542] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 118.163574][ T6542] ? lock_acquire+0x2f/0xb0 [ 118.163595][ T6542] __sys_setsockopt+0x1a0/0x230 [ 118.163608][ T6542] __x64_sys_setsockopt+0xbd/0x160 [ 118.163619][ T6542] ? do_syscall_64+0x91/0x250 [ 118.163629][ T6542] ? lockdep_hardirqs_on+0x7c/0x110 [ 118.163645][ T6542] do_syscall_64+0xcd/0x250 [ 118.163655][ T6542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.163669][ T6542] RIP: 0033:0x7ff18b58cda9 [ 118.163678][ T6542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.163688][ T6542] RSP: 002b:00007ff18c3e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 118.163698][ T6542] RAX: ffffffffffffffda RBX: 00007ff18b7a5fa0 RCX: 00007ff18b58cda9 [ 118.163704][ T6542] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000008 [ 118.163710][ T6542] RBP: 00007ff18b60e2a0 R08: 0000000000000368 R09: 0000000000000000 [ 118.163716][ T6542] R10: 0000000020000380 R11: 0000000000000246 R12: 0000000000000000 [ 118.163722][ T6542] R13: 0000000000000000 R14: 00007ff18b7a5fa0 R15: 00007ffe9541f398 [ 118.163735][ T6542] [ 118.163751][ T6542] Mem-Info: [ 118.172402][ T6559] netlink: 'syz.0.173': attribute type 1 has an invalid length. [ 118.239626][ T6542] active_anon:9207 inactive_anon:0 isolated_anon:0 [ 118.239626][ T6542] active_file:15131 inactive_file:38626 isolated_file:0 [ 118.239626][ T6542] unevictable:768 dirty:27 writeback:0 [ 118.239626][ T6542] slab_reclaimable:11005 slab_unreclaimable:99719 [ 118.239626][ T6542] mapped:31401 shmem:5093 pagetables:981 [ 118.239626][ T6542] sec_pagetables:0 bounce:0 [ 118.239626][ T6542] kernel_misc_reclaimable:0 [ 118.239626][ T6542] free:1301073 free_pcp:3776 free_cma:0 [ 118.249530][ T29] audit: type=1400 audit(1738454001.168:381): avc: denied { write } for pid=5175 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 118.320338][ T6559] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.173'. [ 118.335186][ T6563] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 118.356788][ T6542] Node 0 active_anon:37228kB inactive_anon:0kB active_file:60524kB inactive_file:154432kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126104kB dirty:108kB writeback:0kB shmem:19136kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11116kB pagetables:3824kB sec_pagetables:0kB all_unreclaimable? no [ 118.390346][ T29] audit: type=1400 audit(1738454001.168:382): avc: denied { remove_name } for pid=5175 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 118.411568][ T6550] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 118.449210][ T29] audit: type=1400 audit(1738454001.168:383): avc: denied { rename } for pid=5175 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 118.646143][ T6542] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 118.698838][ T6550] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 118.835855][ T29] audit: type=1400 audit(1738454001.168:384): avc: denied { add_name } for pid=5175 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 118.858834][ T29] audit: type=1400 audit(1738454001.168:385): avc: denied { unlink } for pid=5175 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 118.881458][ T6542] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 118.958785][ T6542] lowmem_reserve[]: 0 2487 2487 0 0 [ 118.975113][ T6542] Node 0 DMA32 free:1282996kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:51988kB inactive_anon:0kB active_file:60524kB inactive_file:154348kB unevictable:1536kB writepending:264kB present:3129332kB managed:2547472kB mlocked:0kB bounce:0kB free_pcp:1300kB local_pcp:444kB free_cma:0kB [ 119.005398][ C0] vkms_vblank_simulate: vblank timer overrun [ 119.005402][ T29] audit: type=1400 audit(1738454001.168:386): avc: denied { create } for pid=5175 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 119.032369][ C0] vkms_vblank_simulate: vblank timer overrun [ 120.014911][ T29] audit: type=1326 audit(1738454002.308:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6568 comm="syz.2.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0ad38cda9 code=0x7ffc0000 [ 120.038153][ C0] vkms_vblank_simulate: vblank timer overrun [ 120.383923][ T6542] lowmem_reserve[]: 0 0 0 0 0 [ 120.388745][ T29] audit: type=1326 audit(1738454002.308:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6568 comm="syz.2.178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0ad38cda9 code=0x7ffc0000 [ 120.412129][ T6542] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:100kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 120.462052][ T5902] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 120.628627][ T6542] lowmem_reserve[]: 0 0 0 0 0 [ 120.648706][ T6542] Node 1 Normal free:3893392kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:12004kB local_pcp:0kB free_cma:0kB [ 120.733344][ T6542] lowmem_reserve[]: 0 0 0 0 0 [ 120.748338][ T6542] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 120.770672][ T6542] Node 0 DMA32: 2*4kB (UM) 9*8kB (UME) 4*16kB (UME) 43*32kB (UME) 203*64kB (UME) 7*128kB (UME) 6*256kB (UM) 2*512kB (ME) 2*1024kB (ME) 3*2048kB (ME) 286*4096kB (UM) = 1197616kB [ 120.830440][ T6542] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 120.890039][ T6542] Node 1 Normal: 62*4kB (UME) 39*8kB (UME) 26*16kB (UME) 186*32kB (UME) 108*64kB (UME) 27*128kB (UME) 11*256kB (UME) 9*512kB (UE) 6*1024kB (UME) 4*2048kB (UME) 941*4096kB (M) = 3893392kB [ 120.915827][ T6542] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 120.927316][ T6542] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 120.943078][ T6542] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 120.954917][ T6542] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 120.968124][ T6542] 76593 total pagecache pages [ 120.975017][ T6542] 0 pages in swap cache [ 120.979271][ T6542] Free swap = 124680kB [ 120.989394][ T6542] Total swap = 124996kB [ 120.995832][ T6542] 2097051 pages RAM [ 120.999740][ T6542] 0 pages HighMem/MovableOnly [ 121.007286][ T6542] 428525 pages reserved [ 121.012661][ T6542] 0 pages cma reserved [ 122.157944][ T5902] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 122.186800][ T5902] CoreChips 2-1:0.41 (unnamed net_device) (uninitialized): Failed to power up PHY: -71 [ 122.611510][ T5902] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71 [ 122.653070][ T6586] Cannot find set identified by id 0 to match [ 122.681583][ T5902] usb 2-1: USB disconnect, device number 5 [ 122.739450][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 122.739463][ T29] audit: type=1400 audit(1738454005.648:413): avc: denied { listen } for pid=6585 comm="syz.0.182" laddr=172.20.20.170 lport=52832 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 122.768101][ C0] vkms_vblank_simulate: vblank timer overrun [ 122.945338][ T6594] tmpfs: Unknown parameter 'quota;eT^+O [ 122.945338][ T6594] m "vײ:!v@5-~k8%:EOeD'~9vw:~ŗF9v #ٺɺjNE' [ 123.025698][ T6597] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6684 sclass=netlink_route_socket pid=6597 comm=syz.1.184 [ 123.680326][ T29] audit: type=1400 audit(1738454006.048:414): avc: denied { setopt } for pid=6585 comm="syz.0.182" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 124.133094][ T6609] capability: warning: `syz.3.186' uses deprecated v2 capabilities in a way that may be insecure [ 124.167351][ T29] audit: type=1400 audit(1738454007.068:415): avc: denied { mounton } for pid=6605 comm="syz.0.185" path="/34/file0" dev="tmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 124.261791][ T29] audit: type=1400 audit(1738454007.158:416): avc: denied { read } for pid=6608 comm="syz.3.186" name="sg0" dev="devtmpfs" ino=726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 124.370404][ T29] audit: type=1400 audit(1738454007.248:417): avc: denied { write } for pid=6608 comm="syz.3.186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 124.391483][ T6609] xt_hashlimit: max too large, truncated to 1048576 [ 124.410064][ T29] audit: type=1400 audit(1738454007.258:418): avc: denied { read } for pid=6608 comm="syz.3.186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 124.703195][ T6617] veth1_macvtap: left promiscuous mode [ 124.708840][ T6617] macsec0: entered promiscuous mode [ 124.940740][ T6612] macsec0: entered allmulticast mode [ 125.237648][ T6621] syz.2.189 uses obsolete (PF_INET,SOCK_PACKET) [ 125.390214][ T29] audit: type=1400 audit(1738454008.308:419): avc: denied { write } for pid=6623 comm="syz.4.190" name="sg0" dev="devtmpfs" ino=726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 125.518307][ T29] audit: type=1400 audit(1738454008.438:420): avc: denied { accept } for pid=6627 comm="syz.1.192" lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 125.617574][ T29] audit: type=1400 audit(1738454008.438:421): avc: denied { read } for pid=6627 comm="syz.1.192" laddr=127.0.0.1 lport=39826 faddr=127.0.0.1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 125.677752][ T29] audit: type=1400 audit(1738454008.468:422): avc: denied { bind } for pid=6623 comm="syz.4.190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 126.570593][ T5869] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 126.771538][ T5869] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 126.791197][ T6658] netlink: 'syz.2.199': attribute type 2 has an invalid length. [ 126.924669][ T5869] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 126.977093][ T5869] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 127.024795][ T5869] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 127.034335][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.050432][ T5869] usb 4-1: Product: syz [ 127.066514][ T5869] usb 4-1: Manufacturer: syz [ 127.081119][ T5869] usb 4-1: SerialNumber: syz [ 127.142110][ T5869] usb 4-1: config 0 descriptor?? [ 127.150392][ T46] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 127.179623][ T5869] streamzap 4-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?! [ 127.442501][ T5868] usb 4-1: USB disconnect, device number 4 [ 127.562521][ T46] usb 2-1: unable to get BOS descriptor or descriptor too short [ 127.585823][ T46] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 127.675737][ T46] usb 2-1: can't read configurations, error -71 [ 127.778376][ T6667] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 127.810218][ T6667] overlayfs: overlapping lowerdir path [ 128.242841][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 128.242857][ T29] audit: type=1400 audit(1738454011.168:428): avc: denied { read } for pid=6676 comm="syz.3.204" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 128.361657][ T29] audit: type=1400 audit(1738454011.168:429): avc: denied { open } for pid=6676 comm="syz.3.204" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 128.448487][ T6683] netlink: 96 bytes leftover after parsing attributes in process `syz.4.207'. [ 128.478994][ T29] audit: type=1400 audit(1738454011.168:430): avc: denied { ioctl } for pid=6676 comm="syz.3.204" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 128.507013][ T6683] netlink: 32 bytes leftover after parsing attributes in process `syz.4.207'. [ 128.800422][ T5903] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 128.800760][ T46] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 128.985332][ T5903] usb 4-1: too many endpoints for config 1 interface 0 altsetting 253: 68, using maximum allowed: 30 [ 128.999480][ T29] audit: type=1400 audit(1738454011.798:431): avc: denied { create } for pid=6687 comm="syz.2.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 129.123598][ T5903] usb 4-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 68 [ 129.471147][ T5903] usb 4-1: config 1 interface 0 has no altsetting 0 [ 129.506974][ T5903] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 129.532312][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.550988][ T46] usb 2-1: Using ep0 maxpacket: 8 [ 129.551453][ T5903] usb 4-1: Product: syz [ 129.560258][ T5903] usb 4-1: Manufacturer: syz [ 129.568713][ T5903] usb 4-1: SerialNumber: syz [ 129.569149][ T46] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 129.610367][ T46] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 129.639824][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.679963][ T46] usb 2-1: config 0 descriptor?? [ 129.693120][ T46] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 129.952396][ T6704] Cannot find add_set index 0 as target [ 130.116763][ T29] audit: type=1400 audit(1738454013.038:432): avc: denied { read } for pid=6705 comm="syz.2.214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 130.200431][ T5869] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 130.210879][ T5903] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 130.240127][ T29] audit: type=1800 audit(1738454013.158:433): pid=6706 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.214" name="file1" dev="tmpfs" ino=282 res=0 errno=0 [ 130.380666][ T5869] usb 5-1: Using ep0 maxpacket: 16 [ 130.387222][ T5869] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 130.397633][ T5869] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 130.435338][ T5869] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 130.475264][ T5869] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 130.505817][ T5869] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 130.540396][ T5869] usb 5-1: config 1 interface 0 has no altsetting 0 [ 130.580677][ T5869] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 130.589757][ T5869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.626691][ T29] audit: type=1400 audit(1738454013.548:434): avc: denied { write } for pid=6679 comm="syz.1.206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 130.717742][ T5869] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 130.736280][ T6712] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 130.740210][ T46] gspca_vc032x: reg_w err -71 [ 130.761134][ T46] vc032x 2-1:0.0: probe with driver vc032x failed with error -71 [ 130.771323][ T29] audit: type=1400 audit(1738454013.688:435): avc: denied { read write } for pid=6684 comm="syz.3.208" name="lp0" dev="devtmpfs" ino=2804 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 130.783832][ T8] usb 4-1: USB disconnect, device number 5 [ 130.840822][ T46] usb 2-1: USB disconnect, device number 7 [ 130.851391][ T29] audit: type=1400 audit(1738454013.688:436): avc: denied { open } for pid=6684 comm="syz.3.208" path="/dev/usb/lp0" dev="devtmpfs" ino=2804 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 130.875387][ T29] audit: type=1400 audit(1738454013.768:437): avc: denied { read } for pid=6684 comm="syz.3.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 131.040500][ T5869] ums-sddr09 5-1:1.0: probe with driver ums-sddr09 failed with error -22 [ 131.624204][ T5869] usb 5-1: USB disconnect, device number 10 [ 131.653179][ T8] usblp0: removed [ 132.264224][ T6720] netlink: 'syz.3.218': attribute type 2 has an invalid length. [ 132.750970][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.757425][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.475924][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 133.475939][ T29] audit: type=1400 audit(1738454016.398:439): avc: denied { accept } for pid=6741 comm="syz.3.224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 133.550485][ T29] audit: type=1400 audit(1738454016.408:440): avc: denied { listen } for pid=6741 comm="syz.3.224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 133.705730][ T6749] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 133.724521][ T6748] netlink: 'syz.3.227': attribute type 10 has an invalid length. [ 133.765657][ T29] audit: type=1400 audit(1738454016.688:441): avc: denied { ioctl } for pid=6744 comm="syz.0.226" path="socket:[11727]" dev="sockfs" ino=11727 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 133.871337][ T6748] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.899927][ T6748] bond0: (slave team0): Enslaving as an active interface with an up link [ 134.140487][ T29] audit: type=1400 audit(1738454017.058:442): avc: denied { mount } for pid=6753 comm="syz.0.229" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 134.416818][ T29] audit: type=1400 audit(1738454017.248:443): avc: denied { ioctl } for pid=6755 comm="syz.1.228" path="socket:[10835]" dev="sockfs" ino=10835 ioctlcmd=0xf515 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 135.457714][ T6765] Cannot find set identified by id 0 to match [ 136.601679][ T6772] netlink: 'syz.3.234': attribute type 2 has an invalid length. [ 136.891151][ T29] audit: type=1400 audit(1738454019.818:444): avc: denied { read } for pid=6773 comm="syz.1.233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 137.337390][ T29] audit: type=1400 audit(1738454020.258:445): avc: denied { unmount } for pid=5829 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 137.569991][ T6791] nfs4: Unknown parameter '00000000000000000000003' [ 137.586148][ T6792] nfs4: Unknown parameter '00000000000000000000003' [ 137.741734][ T6795] netlink: 8 bytes leftover after parsing attributes in process `syz.0.239'. [ 138.873541][ T6800] netlink: 44 bytes leftover after parsing attributes in process `syz.2.242'. [ 138.892102][ T6802] Zero length message leads to an empty skb [ 139.016944][ T6806] fuse: Bad value for 'user_id' [ 139.038679][ T6806] fuse: Bad value for 'user_id' [ 140.857174][ T6813] x_tables: ip6_tables: DNAT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 141.444064][ T6826] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 141.642390][ T29] audit: type=1400 audit(1738454024.548:446): avc: denied { write } for pid=6816 comm="syz.2.246" path="socket:[11937]" dev="sockfs" ino=11937 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 142.173424][ T6832] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(13) [ 142.180367][ T6832] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 142.190715][ T6832] vhci_hcd vhci_hcd.0: Device attached [ 142.197819][ T6834] vhci_hcd vhci_hcd.0: failed to lookup sock [ 142.198020][ T6833] vhci_hcd: connection closed [ 142.209663][ T29] audit: type=1400 audit(1738454024.548:447): avc: denied { nlmsg_write } for pid=6816 comm="syz.2.246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 142.224788][ T78] vhci_hcd: stop threads [ 142.290832][ T78] vhci_hcd: release socket [ 142.300432][ T78] vhci_hcd: disconnect device [ 142.494167][ T5925] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 142.683049][ T5925] usb 2-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00 [ 142.700806][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.792465][ T5925] usb 2-1: config 0 descriptor?? [ 143.294946][ T5925] stadia 0003:18D1:9400.0002: hidraw0: USB HID v0.07 Device [HID 18d1:9400] on usb-dummy_hcd.1-1/input0 [ 143.317715][ T5925] stadia 0003:18D1:9400.0002: no inputs found [ 143.360333][ T5925] stadia 0003:18D1:9400.0002: force feedback init failed [ 143.370362][ T5902] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 143.478405][ T5925] usb 2-1: USB disconnect, device number 8 [ 143.673485][ T5902] usb 3-1: Using ep0 maxpacket: 32 [ 143.808671][ T5902] usb 3-1: config 0 has an invalid interface number: 12 but max is 0 [ 144.030029][ T5902] usb 3-1: config 0 has no interface number 0 [ 144.047117][ T5902] usb 3-1: config 0 interface 12 has no altsetting 0 [ 144.086725][ T5902] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 144.104754][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.148770][ T5902] usb 3-1: Product: syz [ 144.153293][ T5902] usb 3-1: Manufacturer: syz [ 144.157897][ T5902] usb 3-1: SerialNumber: syz [ 144.182074][ T5902] usb 3-1: config 0 descriptor?? [ 145.712071][ T6870] xt_CT: You must specify a L4 protocol and not use inversions on it [ 145.722556][ T29] audit: type=1400 audit(1738454028.648:448): avc: denied { ioctl } for pid=6863 comm="syz.4.259" path="socket:[10963]" dev="sockfs" ino=10963 ioctlcmd=0x7453 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 146.244354][ T6850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.310616][ T6850] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.402601][ T5902] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 146.441278][ T5902] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71 [ 146.448599][ T5902] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 146.478160][ T5902] f81534 3-1:0.12: probe with driver f81534 failed with error -71 [ 146.650766][ T5902] usb 3-1: USB disconnect, device number 9 [ 146.808122][ T6882] netlink: 'syz.1.267': attribute type 29 has an invalid length. [ 147.061069][ T5902] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 147.135444][ T5868] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 147.210497][ T5902] usb 5-1: Using ep0 maxpacket: 16 [ 147.227154][ T5902] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 147.238360][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.267405][ T5902] usb 5-1: Product: syz [ 147.280445][ T5902] usb 5-1: Manufacturer: syz [ 147.290608][ T5902] usb 5-1: SerialNumber: syz [ 147.320581][ T5902] usb 5-1: config 0 descriptor?? [ 147.386190][ T29] audit: type=1400 audit(1738454030.308:449): avc: denied { connect } for pid=6891 comm="syz.3.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 147.394606][ T5902] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 147.590394][ T5868] usb 2-1: Using ep0 maxpacket: 32 [ 147.720406][ T5868] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 147.989960][ T29] audit: type=1400 audit(1738454030.388:450): avc: denied { name_bind } for pid=6889 comm="syz.2.269" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 148.105554][ T5868] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 148.166286][ T5868] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 148.303999][ T29] audit: type=1400 audit(1738454031.148:451): avc: denied { mount } for pid=6883 comm="syz.4.266" name="/" dev="pstore" ino=3763 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 148.344246][ T5868] usb 2-1: config 1 has no interface number 0 [ 148.485394][ T5868] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 148.698061][ T5868] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 148.752238][ T5902] ssu100 5-1:0.0: probe with driver ssu100 failed with error -110 [ 148.797662][ T5868] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 148.843232][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.906456][ T5868] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 148.972843][ T29] audit: type=1400 audit(1738454031.878:452): avc: denied { nlmsg_read } for pid=6904 comm="syz.3.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 149.113060][ T6915] netlink: 8 bytes leftover after parsing attributes in process `syz.0.274'. [ 149.577649][ T29] audit: type=1400 audit(1738454032.498:453): avc: denied { read } for pid=6916 comm="syz.3.276" dev="sockfs" ino=11064 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 149.607846][ T5868] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 150.112213][ T5868] usb 5-1: USB disconnect, device number 11 [ 150.115134][ T29] audit: type=1400 audit(1738454033.038:454): avc: denied { unmount } for pid=5825 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 150.335856][ T6882] netlink: 20 bytes leftover after parsing attributes in process `syz.1.267'. [ 150.342751][ T25] usb 2-1: USB disconnect, device number 9 [ 150.343665][ T25] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 150.769631][ T5868] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 150.973126][ T6931] netlink: 20 bytes leftover after parsing attributes in process `syz.2.280'. [ 151.453694][ T46] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 151.501615][ T6930] tty tty24: ldisc open failed (-12), clearing slot 23 [ 151.617004][ T5868] usb 5-1: config index 0 descriptor too short (expected 1298, got 18) [ 151.651491][ T5868] usb 5-1: config 0 has an invalid interface number: 0 but max is -1 [ 151.659591][ T5868] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 151.722425][ T5868] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 151.750797][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.758865][ T5868] usb 5-1: Product: syz [ 151.763253][ T46] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 151.776028][ T46] usb 4-1: can't read configurations, error -61 [ 151.783840][ T5868] usb 5-1: Manufacturer: syz [ 151.788448][ T5868] usb 5-1: SerialNumber: syz [ 151.851170][ T5868] usb 5-1: config 0 descriptor?? [ 151.930584][ T46] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 152.085182][ T29] audit: type=1400 audit(1738454035.008:455): avc: denied { sys_module } for pid=6950 comm="syz.1.285" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 152.139966][ T46] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 152.150426][ T46] usb 4-1: can't read configurations, error -61 [ 152.234334][ T46] usb usb4-port1: attempt power cycle [ 152.663397][ T46] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 152.733099][ T46] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 152.751983][ T46] usb 4-1: can't read configurations, error -61 [ 152.896778][ T29] audit: type=1400 audit(1738454035.818:456): avc: denied { watch } for pid=6960 comm="syz.0.288" path=2F35342FE91F7189591E9233614B dev="tmpfs" ino=306 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 152.898538][ T6964] Process accounting resumed [ 152.925571][ T46] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 152.930566][ T5903] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 152.960919][ T6961] No source specified [ 152.973202][ T46] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 152.999986][ T46] usb 4-1: can't read configurations, error -61 [ 153.010012][ T46] usb usb4-port1: unable to enumerate USB device [ 153.101770][ T5903] usb 2-1: config 3 has an invalid interface number: 168 but max is 0 [ 153.109964][ T5903] usb 2-1: config 3 has no interface number 0 [ 153.125333][ T5903] usb 2-1: config 3 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 153.146303][ T5868] usb 5-1: Firmware version (0.0) predates our first public release. [ 153.150340][ T5903] usb 2-1: config 3 interface 168 altsetting 0 endpoint 0x81 has invalid maxpacket 30768, setting to 1024 [ 153.162827][ T5868] usb 5-1: Please update to version 0.2 or newer [ 153.193125][ T5903] usb 2-1: config 3 interface 168 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024 [ 153.217313][ T5903] usb 2-1: New USB device found, idVendor=06cd, idProduct=0135, bcdDevice=a8.a4 [ 153.262336][ T5903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.294526][ T6959] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 153.680936][ T6977] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 153.689540][ T6977] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 153.699873][ T29] audit: type=1400 audit(1738454036.588:457): avc: denied { read } for pid=6958 comm="syz.1.287" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 154.028614][ T5903] usb 2-1: string descriptor 0 read error: -71 [ 154.046062][ T5903] keyspan 2-1:3.168: Keyspan 2 port adapter converter detected [ 154.054267][ T5903] keyspan 2-1:3.168: found no endpoint descriptor for endpoint 1 [ 154.064008][ T5903] keyspan 2-1:3.168: found no endpoint descriptor for endpoint 84 [ 154.096980][ T5903] keyspan 2-1:3.168: found no endpoint descriptor for endpoint 2 [ 154.179946][ T5903] usb 2-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 154.474046][ T5903] keyspan 2-1:3.168: found no endpoint descriptor for endpoint 88 [ 154.484411][ T5903] keyspan 2-1:3.168: found no endpoint descriptor for endpoint 6 [ 154.493996][ T5903] usb 2-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 154.512843][ T46] usb 5-1: USB disconnect, device number 12 [ 154.600593][ T5903] usb 2-1: USB disconnect, device number 10 [ 154.659680][ T5903] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 154.923743][ T6990] ubi: mtd0 is already attached to ubi0 [ 155.463187][ T5903] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 155.474845][ T5903] keyspan 2-1:3.168: device disconnected [ 155.780902][ T5903] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 156.002732][ T5903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.108587][ T29] audit: type=1400 audit(1738454038.988:458): avc: denied { setopt } for pid=6994 comm="syz.2.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 156.601581][ T5903] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 156.620443][ T5903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.723750][ T46] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 156.729643][ T29] audit: type=1400 audit(1738454038.988:459): avc: denied { listen } for pid=6994 comm="syz.2.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 156.752365][ T5903] usb 2-1: config 0 descriptor?? [ 156.889457][ T29] audit: type=1400 audit(1738454039.808:460): avc: denied { getopt } for pid=6999 comm="syz.2.299" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 157.071625][ T46] usb 5-1: Using ep0 maxpacket: 16 [ 157.078475][ T46] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 157.131289][ T46] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 157.142447][ T46] usb 5-1: config 0 has no interface number 0 [ 157.148727][ T46] usb 5-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 157.188794][ T46] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 157.208863][ T5903] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor [ 157.226602][ T5903] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0003/input/input7 [ 157.230361][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.271676][ T46] usb 5-1: config 0 descriptor?? [ 157.319007][ T46] usbhid 5-1:0.1: couldn't find an input interrupt endpoint [ 157.359751][ T5903] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 157.384810][ T5869] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 157.421272][ T7006] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 157.445224][ T6988] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.453759][ T6988] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.482778][ T29] audit: type=1326 audit(1738454040.408:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7005 comm="syz.2.301" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0ad38cda9 code=0x0 [ 157.560566][ T5869] usb 4-1: Using ep0 maxpacket: 8 [ 157.581305][ T5869] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 157.629594][ T5869] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 157.652504][ T5869] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 157.697545][ T5869] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 157.712710][ T5869] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 157.757933][ T5869] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 157.788910][ T5869] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 157.835301][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.873786][ T5869] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22 [ 158.359984][ T29] audit: type=1400 audit(1738454041.278:462): avc: denied { append } for pid=7005 comm="syz.2.301" name="usbmon4" dev="devtmpfs" ino=732 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 158.538838][ T5902] usb 5-1: USB disconnect, device number 13 [ 158.547733][ T5869] usb 2-1: USB disconnect, device number 11 [ 158.640454][ T5925] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 158.690034][ T29] audit: type=1400 audit(1738454041.608:463): avc: denied { getopt } for pid=7026 comm="syz.1.303" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 158.807408][ T5925] usb 3-1: Using ep0 maxpacket: 32 [ 159.103546][ T7034] netlink: 32 bytes leftover after parsing attributes in process `syz.1.303'. [ 159.138489][ T7006] ax25_connect(): syz.2.301 uses autobind, please contact jreuter@yaina.de [ 159.151875][ T29] audit: type=1400 audit(1738454042.058:464): avc: denied { connect } for pid=7005 comm="syz.2.301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 159.280341][ T5869] IPVS: starting estimator thread 0... [ 159.311175][ T7037] netlink: 'syz.0.304': attribute type 2 has an invalid length. [ 159.390420][ T7042] IPVS: using max 25 ests per chain, 60000 per kthread [ 160.358949][ T5902] usb 4-1: USB disconnect, device number 10 [ 160.360336][ T29] audit: type=1400 audit(1738454042.858:465): avc: denied { remount } for pid=7039 comm="syz.4.305" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 162.716226][ T7073] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6684 sclass=netlink_route_socket pid=7073 comm=syz.3.310 [ 163.694071][ T7076] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 163.700153][ T5925] usb 3-1: unable to get BOS descriptor or descriptor too short [ 163.738011][ T5925] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 163.770256][ T5925] usb 3-1: can't read configurations, error -71 [ 164.140550][ T29] audit: type=1400 audit(1738454046.978:466): avc: denied { mount } for pid=7085 comm="syz.2.314" name="/" dev="9p" ino=1694025360095192279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 164.324760][ T29] audit: type=1400 audit(1738454047.248:467): avc: denied { unmount } for pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 164.397967][ T7107] netlink: 'syz.3.318': attribute type 2 has an invalid length. [ 164.424257][ T7108] : entered promiscuous mode [ 164.831513][ T5902] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 165.631037][ T5902] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 165.670358][ T5902] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.740522][ T5902] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 165.779779][ T5902] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 165.796311][ T5902] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.968632][ T5902] usb 1-1: config 0 descriptor?? [ 166.081591][ T7138] netlink: 'syz.1.322': attribute type 1 has an invalid length. [ 166.089313][ T7138] netlink: 'syz.1.322': attribute type 3 has an invalid length. [ 166.097110][ T7138] netlink: 224 bytes leftover after parsing attributes in process `syz.1.322'. [ 166.121322][ T7138] input: syz0 as /devices/virtual/input/input8 [ 166.589883][ T29] audit: type=1400 audit(1738454049.508:468): avc: denied { sqpoll } for pid=7106 comm="syz.0.317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 166.811497][ T46] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 167.138947][ T5902] kovaplus 0003:1E7D:2D50.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.0-1/input0 [ 167.181220][ T46] usb 3-1: device descriptor read/64, error -71 [ 167.291594][ T5902] usb 1-1: USB disconnect, device number 3 [ 167.521814][ T46] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 167.580890][ T29] audit: type=1400 audit(1738454050.498:469): avc: denied { read } for pid=7159 comm="syz.3.329" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 167.621715][ T29] audit: type=1400 audit(1738454050.498:470): avc: denied { open } for pid=7159 comm="syz.3.329" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 167.710446][ T46] usb 3-1: device descriptor read/64, error -71 [ 167.824240][ T46] usb usb3-port1: attempt power cycle [ 167.824730][ T29] audit: type=1400 audit(1738454050.748:471): avc: denied { create } for pid=7169 comm="syz.4.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 167.877514][ T29] audit: type=1400 audit(1738454050.778:472): avc: denied { setopt } for pid=7169 comm="syz.4.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 167.940864][ T7180] netlink: 'syz.4.333': attribute type 2 has an invalid length. [ 167.948841][ T29] audit: type=1400 audit(1738454050.858:473): avc: denied { write } for pid=7174 comm="syz.3.332" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 168.141197][ T5868] IPVS: starting estimator thread 0... [ 168.149594][ T7178] netlink: 8 bytes leftover after parsing attributes in process `syz.3.332'. [ 168.190914][ T5869] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 168.200472][ T46] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 168.220777][ T46] usb 3-1: device descriptor read/8, error -71 [ 168.230409][ T7181] IPVS: using max 34 ests per chain, 81600 per kthread [ 168.343443][ T5869] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 168.360536][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.388116][ T5869] usb 2-1: Product: syz [ 168.392450][ T5869] usb 2-1: Manufacturer: syz [ 168.405471][ T5869] usb 2-1: SerialNumber: syz [ 168.417498][ T5869] usb 2-1: config 0 descriptor?? [ 168.435126][ T5869] ch341 2-1:0.0: ch341-uart converter detected [ 168.460516][ T46] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 168.493478][ T46] usb 3-1: device descriptor read/8, error -71 [ 168.620809][ T46] usb usb3-port1: unable to enumerate USB device [ 169.067885][ T7213] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7213 comm=syz.3.335 [ 169.120623][ T7212] netlink: 4 bytes leftover after parsing attributes in process `syz.3.335'. [ 169.235036][ T7213] netlink: 4 bytes leftover after parsing attributes in process `syz.3.335'. [ 169.303622][ T7213] team1: entered promiscuous mode [ 169.309972][ T7213] 8021q: adding VLAN 0 to HW filter on device team1 [ 169.438336][ T29] audit: type=1400 audit(1738454052.348:474): avc: denied { unlink } for pid=7217 comm="syz.0.337" name="#1" dev="tmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 169.469874][ T5869] usb 2-1: failed to send control message: -71 [ 169.488450][ T5869] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 169.506583][ T5869] usb 2-1: USB disconnect, device number 12 [ 169.521381][ T29] audit: type=1400 audit(1738454052.388:475): avc: denied { mount } for pid=7217 comm="syz.0.337" name="/" dev="overlay" ino=358 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 169.553459][ T7218] evm: overlay not supported [ 169.560424][ T5869] ch341 2-1:0.0: device disconnected [ 169.967329][ T29] audit: type=1400 audit(1738454052.878:476): avc: denied { create } for pid=7224 comm="syz.2.340" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 170.035094][ T7231] gfs2: gfs2 mount does not exist [ 170.076566][ T29] audit: type=1400 audit(1738454052.998:477): avc: denied { bind } for pid=7230 comm="syz.3.342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 170.175980][ T29] audit: type=1400 audit(1738454053.028:478): avc: denied { listen } for pid=7230 comm="syz.3.342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 170.219376][ T29] audit: type=1400 audit(1738454053.028:479): avc: denied { accept } for pid=7230 comm="syz.3.342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 170.259369][ T29] audit: type=1400 audit(1738454053.028:480): avc: denied { read } for pid=7230 comm="syz.3.342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 170.370398][ T5903] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 170.521691][ T5903] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 170.538112][ T5903] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 170.567422][ T5903] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 170.654096][ T29] audit: type=1400 audit(1738454053.568:481): avc: denied { unlink } for pid=5820 comm="syz-executor" name="file0" dev="tmpfs" ino=413 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 170.704876][ T5903] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 170.725398][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.761098][ T5903] usb 4-1: Product: syz [ 170.765281][ T5903] usb 4-1: Manufacturer: syz [ 170.769876][ T5903] usb 4-1: SerialNumber: syz [ 171.260881][ T5903] adutux 4-1:168.0: interrupt endpoints not found [ 171.297146][ T5903] usb 4-1: USB disconnect, device number 11 [ 171.499055][ T29] audit: type=1400 audit(1738454054.398:482): avc: denied { connect } for pid=7230 comm="syz.3.342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 171.677895][ T29] audit: type=1400 audit(1738454054.598:483): avc: denied { read } for pid=7238 comm="syz.2.344" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 172.160172][ T7267] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6684 sclass=netlink_route_socket pid=7267 comm=syz.0.349 [ 173.080530][ T7277] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 173.113664][ T7277] CIFS mount error: No usable UNC path provided in device string! [ 173.113664][ T7277] [ 173.125010][ T7277] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 173.737541][ T7239] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 173.743793][ T7239] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 173.753617][ T7239] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 173.760546][ T7239] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 173.766461][ T7239] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 173.772898][ T7239] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 173.782066][ T7239] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 173.788351][ T7239] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 173.795252][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 173.802959][ T7239] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 173.810782][ T7239] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 173.816729][ T7239] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 173.824907][ T7239] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 174.121738][ T46] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 174.133977][ T7285] FAULT_INJECTION: forcing a failure. [ 174.133977][ T7285] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 174.164160][ T7285] CPU: 0 UID: 0 PID: 7285 Comm: syz.2.360 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 174.164184][ T7285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 174.164194][ T7285] Call Trace: [ 174.164200][ T7285] [ 174.164207][ T7285] dump_stack_lvl+0x16c/0x1f0 [ 174.164248][ T7285] should_fail_ex+0x50a/0x650 [ 174.164277][ T7285] _copy_to_user+0x32/0xd0 [ 174.164305][ T7285] simple_read_from_buffer+0xd0/0x160 [ 174.164333][ T7285] proc_fail_nth_read+0x198/0x270 [ 174.164357][ T7285] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 174.164384][ T7285] ? rw_verify_area+0xcf/0x680 [ 174.164407][ T7285] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 174.164431][ T7285] vfs_read+0x1df/0xbf0 [ 174.164455][ T7285] ? __fget_files+0x1fc/0x3a0 [ 174.164473][ T7285] ? __pfx___mutex_lock+0x10/0x10 [ 174.164492][ T7285] ? __pfx_vfs_read+0x10/0x10 [ 174.164525][ T7285] ? __fget_files+0x206/0x3a0 [ 174.164550][ T7285] ksys_read+0x12b/0x250 [ 174.164575][ T7285] ? __pfx_ksys_read+0x10/0x10 [ 174.164598][ T7285] ? syscall_user_dispatch+0x7a/0x130 [ 174.164633][ T7285] do_syscall_64+0xcd/0x250 [ 174.164654][ T7285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.164678][ T7285] RIP: 0033:0x7fb0ad38b7bc [ 174.164697][ T7285] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 174.164714][ T7285] RSP: 002b:00007fb0ae104030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 174.164731][ T7285] RAX: ffffffffffffffda RBX: 00007fb0ad5a5fa0 RCX: 00007fb0ad38b7bc [ 174.164743][ T7285] RDX: 000000000000000f RSI: 00007fb0ae1040a0 RDI: 0000000000000004 [ 174.164754][ T7285] RBP: 00007fb0ae104090 R08: 0000000000000000 R09: 0000000000000000 [ 174.164766][ T7285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.164777][ T7285] R13: 0000000000000000 R14: 00007fb0ad5a5fa0 R15: 00007fff09e4a3d8 [ 174.164803][ T7285] [ 174.520635][ T46] usb 2-1: Using ep0 maxpacket: 8 [ 174.540824][ T46] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03 [ 174.578540][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.723379][ T46] usb 2-1: Product: syz [ 174.728125][ T46] usb 2-1: Manufacturer: syz [ 174.766198][ T46] usb 2-1: SerialNumber: syz [ 174.899801][ T46] usb 2-1: config 0 descriptor?? [ 174.955505][ T46] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state. [ 174.998527][ T46] dvb-usb: bulk message failed: -22 (2/0) [ 175.010219][ T46] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 175.021171][ T7299] netlink: 88 bytes leftover after parsing attributes in process `syz.0.361'. [ 175.045776][ T46] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver) [ 175.077923][ T46] usb 2-1: media controller created [ 175.138407][ T46] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 175.181241][ T46] dvb-usb: bulk message failed: -22 (1/0) [ 175.230552][ T46] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' [ 175.285253][ T46] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input9 [ 175.325063][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 175.325076][ T29] audit: type=1400 audit(1738454058.248:485): avc: denied { ioctl } for pid=7304 comm="syz.1.367" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 176.281538][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 176.287751][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 176.293893][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 176.294470][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 176.311409][ T46] dvb-usb: schedule remote query interval to 50 msecs. [ 176.318356][ T46] dvb-usb: bulk message failed: -22 (2/0) [ 176.328399][ T29] audit: type=1400 audit(1738454059.208:486): avc: denied { accept } for pid=7300 comm="syz.2.366" lport=48472 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 176.352097][ T46] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected. [ 176.382195][ T29] audit: type=1400 audit(1738454059.208:487): avc: denied { write } for pid=7300 comm="syz.2.366" lport=48472 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 176.382345][ T5869] dvb-usb: bulk message failed: -22 (1/0) [ 176.405696][ T29] audit: type=1400 audit(1738454059.208:488): avc: denied { setopt } for pid=7300 comm="syz.2.366" lport=48472 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 176.514921][ T46] usb 2-1: USB disconnect, device number 13 [ 176.550312][ T5869] dvb-usb: error while querying for an remote control event. [ 176.690875][ T46] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected. [ 176.788734][ T7316] syz.2.369 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 177.093012][ T7323] process 'syz.0.370' launched './file1' with NULL argv: empty string added [ 177.205247][ T29] audit: type=1400 audit(1738454060.028:489): avc: denied { execute_no_trans } for pid=7318 comm="syz.0.370" path="/70/file1" dev="tmpfs" ino=402 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 177.420784][ T5869] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 178.346948][ T5835] Bluetooth: hci3: command 0x0c1a tx timeout [ 178.353035][ T55] Bluetooth: hci2: command 0x0c1a tx timeout [ 178.359060][ T55] Bluetooth: hci4: command 0x0405 tx timeout [ 178.365130][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 178.384235][ T5869] usb 1-1: Using ep0 maxpacket: 32 [ 178.392130][ T5869] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 178.400728][ T5869] usb 1-1: config 0 has no interface number 0 [ 178.407217][ T5869] usb 1-1: config 0 interface 12 has no altsetting 0 [ 178.494828][ T5869] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 178.504322][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.513997][ T5869] usb 1-1: Product: syz [ 178.518763][ T5869] usb 1-1: Manufacturer: syz [ 178.530363][ T5869] usb 1-1: SerialNumber: syz [ 178.536739][ T5869] usb 1-1: config 0 descriptor?? [ 178.869402][ T7331] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6684 sclass=netlink_route_socket pid=7331 comm=syz.4.372 [ 179.283927][ T7335] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 179.591918][ T7338] ubi: mtd0 is already attached to ubi0 [ 180.420573][ T5831] Bluetooth: hci4: command 0x0405 tx timeout [ 180.420654][ T55] Bluetooth: hci3: command 0x0c1a tx timeout [ 180.426807][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout [ 180.484150][ T5903] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 180.493150][ T5869] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 180.512995][ T5869] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 180.527716][ T5869] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 180.535430][ T5869] f81534 1-1:0.12: probe with driver f81534 failed with error -71 [ 180.555851][ T5869] usb 1-1: USB disconnect, device number 4 [ 180.702188][ T5903] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.738865][ T7345] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 180.840660][ T5870] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 180.841133][ T5903] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 180.957866][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.990638][ T5870] usb 5-1: Using ep0 maxpacket: 32 [ 181.008033][ T5870] usb 5-1: unable to get BOS descriptor or descriptor too short [ 181.028447][ T5870] usb 5-1: config 6 has an invalid interface number: 31 but max is 0 [ 181.072335][ T5870] usb 5-1: config 6 has no interface number 0 [ 181.102930][ T5903] usb 3-1: config 0 descriptor?? [ 181.106065][ T5870] usb 5-1: config 6 interface 31 has no altsetting 0 [ 181.122758][ T5870] usb 5-1: New USB device found, idVendor=0403, idProduct=fc82, bcdDevice= 5.c7 [ 181.138730][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.150349][ T5870] usb 5-1: Product: syz [ 181.156771][ T5870] usb 5-1: Manufacturer: syz [ 181.161904][ T5870] usb 5-1: SerialNumber: syz [ 181.900664][ T5903] keytouch 0003:0926:3333.0005: fixing up Keytouch IEC report descriptor [ 181.918946][ T5903] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0005/input/input10 [ 181.934187][ T7338] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.942801][ T7338] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.163167][ T5903] keytouch 0003:0926:3333.0005: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 183.089617][ T7362] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 183.248860][ T8] usb 3-1: USB disconnect, device number 16 [ 183.655808][ T7368] netlink: 'syz.3.383': attribute type 1 has an invalid length. [ 183.871093][ T7375] FAULT_INJECTION: forcing a failure. [ 183.871093][ T7375] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.884349][ T7375] CPU: 0 UID: 0 PID: 7375 Comm: syz.2.384 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 183.884371][ T7375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 183.884381][ T7375] Call Trace: [ 183.884386][ T7375] [ 183.884393][ T7375] dump_stack_lvl+0x16c/0x1f0 [ 183.884415][ T7375] should_fail_ex+0x50a/0x650 [ 183.884442][ T7375] _copy_from_user+0x2e/0xd0 [ 183.884468][ T7375] copy_mount_options+0x76/0x190 [ 183.884492][ T7375] __x64_sys_mount+0x1ad/0x310 [ 183.884511][ T7375] ? __pfx___x64_sys_mount+0x10/0x10 [ 183.884537][ T7375] do_syscall_64+0xcd/0x250 [ 183.884556][ T7375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.884577][ T7375] RIP: 0033:0x7fb0ad38cda9 [ 183.884591][ T7375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.884607][ T7375] RSP: 002b:00007fb0ab1f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 183.884624][ T7375] RAX: ffffffffffffffda RBX: 00007fb0ad5a6080 RCX: 00007fb0ad38cda9 [ 183.884636][ T7375] RDX: 0000000020000080 RSI: 0000000020000240 RDI: 0000000000000000 [ 183.884647][ T7375] RBP: 00007fb0ab1f6090 R08: 00000000200003c0 R09: 0000000000000000 [ 183.884658][ T7375] R10: 0000000003000090 R11: 0000000000000246 R12: 0000000000000001 [ 183.884669][ T7375] R13: 0000000000000000 R14: 00007fb0ad5a6080 R15: 00007fff09e4a3d8 [ 183.884693][ T7375] [ 184.026086][ C0] vkms_vblank_simulate: vblank timer overrun [ 184.116090][ T7375] SELinux: security_context_str_to_sid (user_u) failed with errno=-22 [ 184.171699][ T5870] ftdi_sio 5-1:6.31: FTDI USB Serial Device converter detected [ 184.350963][ T5870] ftdi_sio ttyUSB0: unknown device type: 0x5c7 [ 184.474162][ T5870] usb 5-1: USB disconnect, device number 14 [ 184.517897][ T5870] ftdi_sio 5-1:6.31: device disconnected [ 184.541313][ T29] audit: type=1400 audit(1738454067.458:490): avc: denied { block_suspend } for pid=7376 comm="syz.1.385" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 184.654547][ T7386] tmpfs: Bad value for 'mpol' [ 184.693371][ T7382] netlink: 252 bytes leftover after parsing attributes in process `syz.4.386'. [ 184.750040][ T7389] netlink: zone id is out of range [ 184.775435][ T7389] netlink: zone id is out of range [ 184.816412][ T7389] netlink: zone id is out of range [ 184.830370][ T7389] netlink: zone id is out of range [ 184.838563][ T29] audit: type=1400 audit(1738454067.758:491): avc: denied { setopt } for pid=7392 comm="syz.1.389" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 184.869734][ T7389] netlink: zone id is out of range [ 184.875013][ T7389] netlink: zone id is out of range [ 184.886107][ T7389] netlink: zone id is out of range [ 184.923097][ T7393] macvtap1: entered promiscuous mode [ 184.930174][ T7396] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6684 sclass=netlink_route_socket pid=7396 comm=syz.0.387 [ 184.943229][ T7393] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 184.950346][ T7393] macvtap1: entered allmulticast mode [ 184.955737][ T7393] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 184.963504][ T7389] netlink: zone id is out of range [ 184.964082][ T29] audit: type=1400 audit(1738454067.828:492): avc: denied { create } for pid=7392 comm="syz.1.389" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 184.974849][ T7389] netlink: zone id is out of range [ 184.999430][ T7393] mac80211_hwsim hwsim2 wlan0: left allmulticast mode [ 185.006529][ T7393] mac80211_hwsim hwsim2 wlan0: left promiscuous mode [ 185.047704][ T7389] netlink: zone id is out of range [ 185.373855][ T7415] set match dimension is over the limit! [ 185.400508][ T5870] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 185.517779][ T7423] netlink: 16215 bytes leftover after parsing attributes in process `syz.2.396'. [ 185.580936][ T5870] usb 5-1: Using ep0 maxpacket: 8 [ 185.593770][ T5870] usb 5-1: unable to get BOS descriptor or descriptor too short [ 185.603767][ T5870] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 185.614358][ T5870] usb 5-1: config 1 has no interface number 1 [ 185.621023][ T5870] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 185.636856][ T5870] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 185.647426][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.655784][ T5870] usb 5-1: Product: syz [ 185.660220][ T5870] usb 5-1: Manufacturer: syz [ 185.665078][ T5870] usb 5-1: SerialNumber: syz [ 185.770420][ T5903] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 185.884457][ T5870] usb 5-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 185.893737][ T5870] usb 5-1: 2:1 : sample bitwidth 76 in over sample bytes 1 [ 185.904587][ T5870] usb 5-1: 2:1: cannot set freq 3002116 to ep 0x82 [ 185.922133][ T5903] usb 3-1: config 0 has an invalid interface number: 107 but max is 0 [ 185.935216][ T5903] usb 3-1: config 0 has no interface number 0 [ 185.939069][ T5870] usb 5-1: USB disconnect, device number 15 [ 185.941656][ T5903] usb 3-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10 [ 185.965055][ T5903] usb 3-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 185.994498][ T5903] usb 3-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 186.017953][ T7326] udevd[7326]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 186.040760][ T5868] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 186.073644][ T5903] usb 3-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 186.083074][ T5903] usb 3-1: Product: syz [ 186.087277][ T5903] usb 3-1: Manufacturer: syz [ 186.092048][ T5903] usb 3-1: SerialNumber: syz [ 186.098440][ T5903] usb 3-1: config 0 descriptor?? [ 186.118391][ T5903] keyspan 3-1:0.107: Keyspan 4 port adapter converter detected [ 186.129081][ T5903] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 81 [ 186.197005][ T5868] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 186.212259][ T5868] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 186.250425][ T5868] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 186.283989][ T5903] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 1 [ 186.289182][ T5868] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 186.303816][ T5903] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 186.313829][ T5903] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 2 [ 186.313963][ T5868] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 186.336128][ T5903] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 186.346094][ T5903] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 4 [ 186.355615][ T5903] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 186.360533][ T5868] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 186.365375][ T5903] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 6 [ 186.382937][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 186.396597][ T5868] usb 4-1: Product: syz [ 186.401086][ T5868] usb 4-1: Manufacturer: syz [ 186.421005][ T5903] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 186.448380][ T5868] cdc_wdm 4-1:1.0: skipping garbage [ 186.460364][ T5868] cdc_wdm 4-1:1.0: skipping garbage [ 186.472454][ T5868] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 186.476770][ T5903] usb 3-1: USB disconnect, device number 17 [ 186.478437][ T5868] cdc_wdm 4-1:1.0: Unknown control protocol [ 186.520048][ T5903] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 186.535260][ T7442] program syz.0.398 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 186.711155][ T5903] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 186.724712][ T5903] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 186.738178][ T5903] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 186.749296][ T5903] keyspan 3-1:0.107: device disconnected [ 186.753079][ T29] audit: type=1400 audit(1738454069.668:493): avc: denied { append } for pid=7443 comm="syz.4.401" name="nbd4" dev="devtmpfs" ino=683 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 187.307948][ T7443] block nbd4: shutting down sockets [ 187.308374][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 187.513034][ T5870] usb 4-1: USB disconnect, device number 12 [ 188.119057][ T7462] sp0: Synchronizing with TNC [ 188.196350][ T7462] IPVS: ip_vs_edit_dest(): server weight less than zero [ 188.990409][ T8] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 189.194208][ T7481] netlink: 8 bytes leftover after parsing attributes in process `syz.0.408'. [ 189.282915][ T8] usb 5-1: device descriptor read/64, error -71 [ 189.350415][ T5903] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 189.563766][ T5903] usb 4-1: too many configurations: 156, using maximum allowed: 8 [ 189.590013][ T8] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 189.686682][ T5903] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 189.810523][ T5903] usb 4-1: can't read configurations, error -61 [ 189.830396][ T8] usb 5-1: device descriptor read/64, error -71 [ 189.950377][ T5903] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 189.968515][ T8] usb usb5-port1: attempt power cycle [ 190.027189][ T7456] afs: Unknown parameter '|nܩK2f' [ 190.121884][ T5903] usb 4-1: too many configurations: 156, using maximum allowed: 8 [ 190.141770][ T5903] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 190.159685][ T5903] usb 4-1: can't read configurations, error -61 [ 190.185711][ T5903] usb usb4-port1: attempt power cycle [ 190.310382][ T8] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 190.351389][ T8] usb 5-1: device descriptor read/8, error -71 [ 190.530451][ T5903] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 190.591449][ T5903] usb 4-1: too many configurations: 156, using maximum allowed: 8 [ 190.629970][ T5903] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 190.666145][ T5903] usb 4-1: can't read configurations, error -61 [ 190.831382][ T5903] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 190.894388][ T5903] usb 4-1: too many configurations: 156, using maximum allowed: 8 [ 190.955731][ T5903] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 190.985855][ T5903] usb 4-1: can't read configurations, error -61 [ 190.999170][ T7491] netlink: 'syz.2.414': attribute type 7 has an invalid length. [ 191.015829][ T5903] usb usb4-port1: unable to enumerate USB device [ 191.080349][ T8] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 191.159741][ T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 191.195035][ T8] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 191.247526][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 191.278932][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 191.323750][ T8] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 191.337780][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.362447][ T8] usb 5-1: Product: syz [ 191.369374][ T29] audit: type=1400 audit(1738454074.288:494): avc: denied { module_request } for pid=7490 comm="syz.2.414" kmod="crypto-cryptd(__ecb-serpent-avx2)" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 191.372743][ T8] usb 5-1: Manufacturer: syz [ 191.452834][ T8] usb 5-1: SerialNumber: syz [ 191.474945][ T8] usb 5-1: config 0 descriptor?? [ 191.500814][ T8] garmin_gps 5-1:0.0: Garmin GPS usb/tty converter detected [ 191.531337][ T8] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8 [ 191.554309][ T8] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8 [ 191.775299][ T8] usb 5-1: USB disconnect, device number 19 [ 191.792993][ T8] garmin_gps 5-1:0.0: device disconnected [ 192.719832][ T29] audit: type=1400 audit(1738454075.598:495): avc: denied { setopt } for pid=7514 comm="syz.2.416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 192.881763][ T5869] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 193.200345][ T5869] usb 4-1: Using ep0 maxpacket: 16 [ 193.206908][ T5869] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 193.232221][ T5869] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 193.235409][ T7523] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 193.259392][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.270316][ T5869] usb 4-1: Product: syz [ 193.274492][ T5869] usb 4-1: Manufacturer: syz [ 193.279086][ T5869] usb 4-1: SerialNumber: syz [ 193.302061][ T5869] usb 4-1: config 0 descriptor?? [ 193.309397][ T5869] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 193.341016][ T5869] usb 4-1: Detected FT232R [ 193.445237][ T29] audit: type=1400 audit(1738454076.358:496): avc: denied { read write } for pid=7527 comm="syz.1.421" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 193.475823][ T29] audit: type=1400 audit(1738454076.358:497): avc: denied { open } for pid=7527 comm="syz.1.421" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 193.534462][ T5869] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 193.561012][ T5869] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 193.580472][ T5869] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 193.589181][ T5869] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 193.608732][ T5869] usb 4-1: USB disconnect, device number 17 [ 193.632876][ T5869] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 193.651121][ T5903] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 193.655498][ T5869] ftdi_sio 4-1:0.0: device disconnected [ 193.810768][ T5903] usb 5-1: Using ep0 maxpacket: 16 [ 193.853151][ T7540] netlink: 8 bytes leftover after parsing attributes in process `syz.0.423'. [ 193.922141][ T5903] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 193.932576][ T5903] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 193.966444][ T5903] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 194.016205][ T5903] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 194.114550][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.194607][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.204742][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.238100][ T5903] usb 5-1: Product: syz [ 194.299031][ T5903] usb 5-1: Manufacturer: syz [ 194.354338][ T5903] usb 5-1: SerialNumber: syz [ 194.736536][ T7526] netlink: 'syz.4.420': attribute type 2 has an invalid length. [ 194.790415][ T5868] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 194.872298][ T7545] Unsupported ieee802154 address type: 0 [ 194.978204][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 195.040544][ T29] audit: type=1400 audit(1738454077.798:498): avc: denied { bind } for pid=7543 comm="syz.2.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 195.149956][ T5868] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 195.261231][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.285896][ T29] audit: type=1400 audit(1738454077.798:499): avc: denied { audit_read } for pid=7543 comm="syz.2.425" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 195.306821][ C1] vkms_vblank_simulate: vblank timer overrun [ 195.313989][ T7547] net_ratelimit: 18 callbacks suppressed [ 195.314003][ T7547] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 195.586473][ T5868] usb 2-1: config 0 descriptor?? [ 195.769178][ T5903] usb 5-1: 0:2 : does not exist [ 195.833293][ T5869] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 196.030473][ T5869] usb 4-1: Using ep0 maxpacket: 8 [ 196.056875][ T5868] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor [ 196.430505][ T5869] usb 4-1: unable to get BOS descriptor or descriptor too short [ 196.607489][ T5869] usb 4-1: New USB device found, idVendor=04e6, idProduct=0101, bcdDevice= 2.00 [ 196.625824][ T5868] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0006/input/input11 [ 196.690745][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.748959][ T5869] usb 4-1: Product: syz [ 196.760421][ T5869] usb 4-1: Manufacturer: syz [ 196.765920][ T5869] usb 4-1: SerialNumber: syz [ 196.876399][ T5869] usb 4-1: config 0 descriptor?? [ 196.942032][ T5869] usb-storage 4-1:0.0: USB Mass Storage device detected [ 197.022055][ T5868] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 197.087080][ T5868] usb 2-1: USB disconnect, device number 14 [ 197.099747][ T5903] usb 5-1: 1:0: failed to get current value for ch 0 (-22) [ 197.144970][ T7547] netlink: 8 bytes leftover after parsing attributes in process `syz.3.426'. [ 197.235339][ T5903] usb 5-1: USB disconnect, device number 20 [ 197.254597][ T7547] netlink: 4 bytes leftover after parsing attributes in process `syz.3.426'. [ 197.301250][ T7547] netlink: 32 bytes leftover after parsing attributes in process `syz.3.426'. [ 197.356264][ T5869] usb 4-1: USB disconnect, device number 18 [ 197.360663][ T5902] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 197.551592][ T5902] usb 3-1: Using ep0 maxpacket: 32 [ 197.959830][ T5908] udevd[5908]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 197.990593][ T5902] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 198.011467][ T5902] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 198.043137][ T5902] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 198.090405][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.105625][ T5902] usb 3-1: config 0 descriptor?? [ 198.118272][ T5902] hub 3-1:0.0: bad descriptor, ignoring hub [ 198.125893][ T5902] hub 3-1:0.0: probe with driver hub failed with error -5 [ 198.138696][ T5902] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 198.360438][ T5868] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 198.523461][ T5868] usb 1-1: Using ep0 maxpacket: 16 [ 198.547088][ T5868] usb 1-1: config 8 has an invalid interface number: 39 but max is 0 [ 198.565010][ T5868] usb 1-1: config 8 has no interface number 0 [ 198.602634][ T5868] usb 1-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F [ 198.624545][ T5868] usb 1-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 198.672571][ T5868] usb 1-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0 [ 198.750564][ T5868] usb 1-1: config 8 interface 39 has no altsetting 0 [ 198.771833][ T5868] usb 1-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 198.801605][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.841756][ T5868] usb 1-1: Product: syz [ 198.846171][ T5868] usb 1-1: Manufacturer: syz [ 198.851295][ T5868] usb 1-1: SerialNumber: syz [ 199.236542][ T7602] loop2: detected capacity change from 0 to 7 [ 199.246199][ T7602] Dev loop2: unable to read RDB block 7 [ 199.252449][ T7602] loop2: unable to read partition table [ 199.258273][ T7602] loop2: partition table beyond EOD, truncated [ 199.264529][ T7602] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 199.279504][ T7602] QAT: failed to copy from user cfg_data. [ 199.285546][ T5902] usb 5-1: new low-speed USB device number 21 using dummy_hcd [ 199.442784][ T5902] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 199.470385][ T5902] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 199.496576][ T5902] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 is Bulk; changing to Interrupt [ 199.510404][ T5902] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 199.520541][ T5902] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 is Bulk; changing to Interrupt [ 199.531140][ T5902] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 199.567788][ T5868] ipheth 1-1:8.39: ipheth_enable_ncm: usb_control_msg: 0 [ 199.893940][ T5902] usb 5-1: string descriptor 0 read error: -22 [ 199.906673][ T5902] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 199.926020][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.933356][ T5868] ipheth 1-1:8.39: Apple iPhone USB Ethernet device attached [ 199.986928][ T7610] 9p: Unknown Cache mode or invalid value y;%~ [ 200.171786][ T5902] cdc_ncm 5-1:1.0: bind() failure [ 200.240704][ T5902] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 200.331010][ T5902] cdc_ncm 5-1:1.1: bind() failure [ 200.415908][ T5902] usb 5-1: USB disconnect, device number 21 [ 200.424980][ T5868] usb 3-1: USB disconnect, device number 18 [ 201.068022][ T5487] ipheth 1-1:8.39: ipheth_rx_submit: usb_submit_urb: -90 [ 201.139758][ T7645] netlink: 8 bytes leftover after parsing attributes in process `syz.4.452'. [ 201.158509][ T29] audit: type=1400 audit(1738454084.058:500): avc: denied { nlmsg_read } for pid=7644 comm="syz.4.452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 201.318132][ T7647] netlink: 524 bytes leftover after parsing attributes in process `syz.2.453'. [ 201.940583][ T5869] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 202.176172][ T5869] usb 2-1: config 1 has an invalid descriptor of length 215, skipping remainder of the config [ 202.238099][ T5869] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 202.301046][ T5869] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 202.353057][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.475190][ T5869] usb 2-1: Product: syz [ 202.479383][ T5869] usb 2-1: Manufacturer: syz [ 202.532049][ T5869] usb 2-1: SerialNumber: syz [ 202.553923][ T5869] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 202.587350][ T5869] cdc_ncm 2-1:1.0: bind() failure [ 202.982380][ T5869] usb 1-1: USB disconnect, device number 5 [ 203.481661][ T5869] ipheth 1-1:8.39: Apple iPhone USB Ethernet now disconnected [ 203.944447][ T7682] Cannot find set identified by id 0 to match [ 204.027643][ T5869] usb 2-1: USB disconnect, device number 15 [ 204.088843][ T7665] Process accounting resumed [ 204.350365][ T5903] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 204.397203][ T7701] Bluetooth: MGMT ver 1.23 [ 204.532967][ T5903] usb 4-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a [ 204.561505][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.585626][ T5903] usb 4-1: config 0 descriptor?? [ 204.606501][ T5903] gspca_main: sn9c2028-2.14.0 probing 0c45:8001 [ 204.830526][ T5903] gspca_sn9c2028: read1 error -71 [ 204.847452][ T5903] gspca_sn9c2028: read1 error -71 [ 204.852785][ T5903] gspca_sn9c2028: read1 error -71 [ 204.857860][ T5903] sn9c2028 4-1:0.0: probe with driver sn9c2028 failed with error -71 [ 204.869944][ T5903] usb 4-1: USB disconnect, device number 19 [ 205.010403][ T7718] netlink: 8 bytes leftover after parsing attributes in process `syz.4.470'. [ 205.320617][ T29] audit: type=1400 audit(1738454088.238:501): avc: denied { map } for pid=7723 comm="syz.1.472" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 205.740417][ T29] audit: type=1400 audit(1738454088.238:502): avc: denied { execute } for pid=7723 comm="syz.1.472" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 205.808558][ T29] audit: type=1400 audit(1738454088.238:503): avc: denied { map } for pid=7723 comm="syz.1.472" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 205.869681][ T7735] netlink: 'syz.4.477': attribute type 32 has an invalid length. [ 205.877589][ T7735] netlink: 44 bytes leftover after parsing attributes in process `syz.4.477'. [ 205.904361][ T29] audit: type=1400 audit(1738454088.828:504): avc: denied { mount } for pid=7732 comm="syz.2.476" name="/" dev="hugetlbfs" ino=15830 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 205.971060][ T7739] netlink: 12 bytes leftover after parsing attributes in process `syz.3.479'. [ 206.118456][ T7739] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 206.473696][ T7752] xt_TPROXY: Can be used only with -p tcp or -p udp [ 206.790527][ T5869] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 206.937450][ T7761] netlink: 48 bytes leftover after parsing attributes in process `syz.4.485'. [ 207.237073][ T5869] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 207.251944][ T5869] usb 4-1: New USB device found, idVendor=28de, idProduct=1205, bcdDevice= 0.00 [ 207.300385][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.315759][ T5869] usb 4-1: config 0 descriptor?? [ 207.659776][ T7773] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7773 comm=syz.2.490 [ 207.705866][ T29] audit: type=1400 audit(1738454090.628:505): avc: denied { read } for pid=7772 comm="syz.2.490" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 207.733809][ T7757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.751182][ T7757] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.806291][ T5869] hid-steam 0003:28DE:1205.0007: : USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.3-1/input0 [ 207.994876][ T7757] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 208.040679][ T5869] hid-steam 0003:28DE:1205.0007: Steam Controller 'XXXXXXXXXX' connected [ 208.046603][ T29] audit: type=1400 audit(1738454090.968:506): avc: denied { accept } for pid=7756 comm="syz.3.484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 208.063020][ T5869] input: Steam Deck as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28DE:1205.0007/input/input12 [ 208.628136][ T29] audit: type=1400 audit(1738454091.348:507): avc: denied { create } for pid=7756 comm="syz.3.484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 208.688113][ T5869] input: Steam Deck Motion Sensors as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28DE:1205.0007/input/input13 [ 208.777982][ T5869] hid-steam 0003:28DE:1205.0008: hidraw0: USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.3-1/input0 [ 209.060462][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 209.160971][ T5869] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 209.250792][ T7559] usb 4-1: reset high-speed USB device number 20 using dummy_hcd [ 209.284644][ T7797] netlink: 20 bytes leftover after parsing attributes in process `syz.4.496'. [ 209.352207][ T5869] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 209.374843][ T5869] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 209.403967][ T5869] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 209.428642][ T5869] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.456583][ T7790] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 209.473776][ T5869] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 210.421715][ T5903] usb 2-1: USB disconnect, device number 16 [ 210.687309][ T7813] netlink: 'syz.2.502': attribute type 1 has an invalid length. [ 210.697650][ T7813] netlink: 176956 bytes leftover after parsing attributes in process `syz.2.502'. [ 211.636740][ T5903] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 211.655528][ T5868] usb 4-1: USB disconnect, device number 20 [ 211.840896][ T5903] usb 3-1: Using ep0 maxpacket: 8 [ 211.853535][ T5903] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 211.866513][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.869338][ T5868] hid-steam 0003:28DE:1205.0007: Steam Controller 'XXXXXXXXXX' disconnected [ 211.875130][ T5903] usb 3-1: Product: syz [ 211.888156][ T5903] usb 3-1: Manufacturer: syz [ 211.936824][ T5903] usb 3-1: SerialNumber: syz [ 212.120038][ T5903] usb 3-1: config 0 descriptor?? [ 212.339198][ T5903] gspca_main: sq930x-2.14.0 probing 2770:930c [ 212.582285][ T7832] netlink: 'syz.2.502': attribute type 1 has an invalid length. [ 212.622422][ T7832] netlink: 176956 bytes leftover after parsing attributes in process `syz.2.502'. [ 212.777767][ T5903] gspca_sq930x: reg_r 001f failed -71 [ 212.796086][ T5903] sq930x 3-1:0.0: probe with driver sq930x failed with error -71 [ 212.833040][ T5903] usb 3-1: USB disconnect, device number 19 [ 212.948780][ T29] audit: type=1400 audit(1738454095.868:508): avc: denied { create } for pid=7849 comm="syz.1.512" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 213.014764][ T5868] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 213.021963][ T29] audit: type=1400 audit(1738454095.868:509): avc: denied { write } for pid=7849 comm="syz.1.512" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 213.068959][ T29] audit: type=1400 audit(1738454095.868:510): avc: denied { nlmsg_read } for pid=7849 comm="syz.1.512" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 213.116362][ T7858] fuse: Unknown parameter '000000000000000000410x0000000000000006' [ 213.180596][ T5868] usb 4-1: Using ep0 maxpacket: 16 [ 213.204359][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.377028][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 213.437892][ T5868] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 213.487956][ T5868] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 213.545603][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.590559][ T5869] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 213.632471][ T5868] usb 4-1: config 0 descriptor?? [ 213.751597][ T5902] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 213.821106][ T5869] usb 3-1: Using ep0 maxpacket: 8 [ 213.832014][ T5869] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 213.847677][ T5869] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 213.945493][ T5902] usb 5-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 213.978365][ T5902] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.029837][ T5869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.062225][ T5869] usb 3-1: config 0 descriptor?? [ 214.079409][ T5902] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 214.158343][ T7869] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2563 sclass=netlink_route_socket pid=7869 comm=syz.3.505 [ 214.171074][ T7869] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2584 sclass=netlink_route_socket pid=7869 comm=syz.3.505 [ 214.592128][ T5902] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 214.602916][ T5902] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.606224][ T5869] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 214.622589][ T5902] usb 5-1: config 0 descriptor?? [ 214.638804][ T5902] usb-storage 5-1:0.0: USB Mass Storage device detected [ 214.668745][ T5902] usb-storage 5-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 214.747288][ T7873] xt_hashlimit: size too large, truncated to 1048576 [ 215.256569][ T29] audit: type=1400 audit(1738454098.168:511): avc: denied { read write } for pid=7881 comm="syz.0.519" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 215.450564][ T29] audit: type=1400 audit(1738454098.168:512): avc: denied { open } for pid=7881 comm="syz.0.519" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 215.665546][ T5868] usbhid 4-1:0.0: can't add hid device: -71 [ 215.675205][ T5868] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 215.693788][ T5868] usb 4-1: USB disconnect, device number 21 [ 216.151389][ T7861] orangefs_mount: mount request failed with -4 [ 216.157825][ T29] audit: type=1400 audit(1738454098.928:513): avc: denied { create } for pid=7854 comm="syz.4.513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 216.226235][ T29] audit: type=1400 audit(1738454099.148:514): avc: denied { mount } for pid=7854 comm="syz.4.513" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 216.250151][ T7559] usb 3-1: USB disconnect, device number 20 [ 216.508790][ T7901] netlink: 'syz.1.523': attribute type 1 has an invalid length. [ 216.511592][ T5868] usb 5-1: USB disconnect, device number 22 [ 216.516535][ T7901] netlink: 224 bytes leftover after parsing attributes in process `syz.1.523'. [ 216.876615][ T7559] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 217.053444][ T7559] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 217.066715][ T7559] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 217.077825][ T7559] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 217.091840][ T7559] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 217.100010][ T7559] usb 3-1: SerialNumber: syz [ 217.130390][ T5902] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 217.249653][ T29] audit: type=1400 audit(1738454100.168:515): avc: denied { unmount } for pid=5825 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 217.280528][ T5870] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 217.300460][ T5902] usb 2-1: Using ep0 maxpacket: 8 [ 217.318353][ T7559] usb 3-1: 0:2 : does not exist [ 217.343926][ T5902] usb 2-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=f0.21 [ 217.352109][ T7559] usb 3-1: USB disconnect, device number 21 [ 217.363266][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.380349][ T5902] usb 2-1: Product: syz [ 217.390326][ T5902] usb 2-1: Manufacturer: syz [ 217.397146][ T29] audit: type=1400 audit(1738454100.318:516): avc: denied { mounton } for pid=7910 comm="syz.4.528" path="/proc/296/task" dev="proc" ino=15147 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 217.412337][ T5902] usb 2-1: SerialNumber: syz [ 217.419565][ C1] vkms_vblank_simulate: vblank timer overrun [ 217.427372][ T29] audit: type=1400 audit(1738454100.328:517): avc: denied { relabelfrom } for pid=7910 comm="syz.4.528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 217.449985][ C1] vkms_vblank_simulate: vblank timer overrun [ 217.518291][ T5870] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 217.530130][ T5870] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 217.583642][ T5870] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 217.594722][ T5902] usb 2-1: config 0 descriptor?? [ 217.611335][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 217.613348][ T5902] pcwd_usb: The device isn't a Human Interface Device [ 217.630356][ T5870] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.817688][ T5870] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 218.102038][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 218.236132][ T5870] usb 4-1: Product: syz [ 218.244511][ T5870] usb 4-1: Manufacturer: syz [ 218.263541][ T5870] cdc_wdm 4-1:1.0: skipping garbage [ 218.269251][ T5870] cdc_wdm 4-1:1.0: skipping garbage [ 218.285807][ T5870] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 218.291572][ T7907] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 218.319519][ T7907] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 218.372042][ T5925] usb 2-1: USB disconnect, device number 17 [ 218.449925][ T7918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.531'. [ 218.483479][ T5870] usb 4-1: USB disconnect, device number 22 [ 218.692554][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 218.692569][ T29] audit: type=1400 audit(1738454101.618:519): avc: denied { ioctl } for pid=7920 comm="syz.4.532" path="socket:[15169]" dev="sockfs" ino=15169 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 219.006445][ T5925] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 219.182389][ T5925] usb 3-1: Using ep0 maxpacket: 32 [ 219.384476][ T5925] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 219.428332][ T5925] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 219.464324][ T5925] usb 3-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 219.515992][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.572826][ T5925] usb 3-1: Product: syz [ 219.577724][ T5925] usb 3-1: Manufacturer: syz [ 219.589136][ T5925] usb 3-1: SerialNumber: syz [ 219.736429][ T5925] usb 3-1: config 0 descriptor?? [ 219.747080][ T5925] usb 3-1: no audio or video endpoints found [ 219.968349][ T5925] usb 3-1: USB disconnect, device number 22 [ 219.986447][ T29] audit: type=1400 audit(1738454102.888:520): avc: denied { append } for pid=7929 comm="syz.2.536" name="card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 220.070360][ T7559] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 220.225353][ T7949] delete_channel: no stack [ 220.274100][ T7559] usb 4-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac [ 220.298488][ T7559] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.312518][ T7559] usb 4-1: Product: syz [ 220.316718][ T7559] usb 4-1: Manufacturer: syz [ 220.331255][ T7559] usb 4-1: SerialNumber: syz [ 220.353418][ T7559] usb 4-1: config 0 descriptor?? [ 220.376914][ T7559] usb 4-1: interface 1 not found [ 220.440775][ T5869] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 220.610423][ T5869] usb 5-1: Using ep0 maxpacket: 8 [ 220.618001][ T29] audit: type=1400 audit(1738454103.538:521): avc: denied { write } for pid=7967 comm="syz.0.550" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 220.645440][ T5869] usb 5-1: config 0 has an invalid interface number: 31 but max is 0 [ 220.655414][ T7940] netlink: 104 bytes leftover after parsing attributes in process `syz.3.540'. [ 220.767627][ T5869] usb 5-1: config 0 has an invalid descriptor of length 36, skipping remainder of the config [ 220.777891][ T5925] usb 4-1: USB disconnect, device number 23 [ 220.786891][ T5869] usb 5-1: config 0 has no interface number 0 [ 220.795509][ T5869] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 220.805276][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.813663][ T5869] usb 5-1: Product: syz [ 220.845182][ T5869] usb 5-1: Manufacturer: syz [ 220.943831][ T5869] usb 5-1: SerialNumber: syz [ 221.524619][ T5869] usb 5-1: config 0 descriptor?? [ 222.962215][ T5925] usb 5-1: USB disconnect, device number 23 [ 223.090469][ T29] audit: type=1400 audit(1738454106.008:522): avc: denied { read } for pid=7984 comm="syz.3.554" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 223.136089][ T29] audit: type=1400 audit(1738454106.038:523): avc: denied { ioctl } for pid=7984 comm="syz.3.554" path="socket:[16603]" dev="sockfs" ino=16603 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 223.197321][ T29] audit: type=1400 audit(1738454106.088:524): avc: denied { ioctl } for pid=7982 comm="syz.1.553" path="socket:[16611]" dev="sockfs" ino=16611 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 223.651009][ T5925] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 223.830380][ T5925] usb 3-1: device descriptor read/64, error -71 [ 224.372941][ T8021] netlink: 8 bytes leftover after parsing attributes in process `syz.0.563'. [ 224.933610][ T29] audit: type=1400 audit(1738454107.288:525): avc: denied { ioctl } for pid=8012 comm="syz.0.563" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 224.990352][ T5925] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 225.015382][ T29] audit: type=1400 audit(1738454107.938:526): avc: denied { ioctl } for pid=8026 comm="syz.1.569" path="socket:[16739]" dev="sockfs" ino=16739 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 225.580460][ T5869] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 225.761713][ T5869] usb 5-1: config 1 interface 0 has no altsetting 0 [ 225.774762][ T5869] usb 5-1: New USB device found, idVendor=1477, idProduct=100e, bcdDevice= 0.40 [ 225.797034][ T5869] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.819530][ T5869] usb 5-1: Product: 㰊 [ 225.828172][ T5869] usb 5-1: Manufacturer: ᄣ돪쾂䛥ߠ벹쭾ꎜᚿᮞꐰ敇䤇觐岡뎫Ⱙ烮ﱻ駤䴯䥛뎦㵚鴣魙ᬠ办Jꀠ魏튘Ꮀ큮◢䥼넅䤿颉쨨ꑭሽ۠貗녆㟦畜陚鐬翅杜긟᭎᪀⩵즐챌묽悽莩Ӿ尕蹠馗᝺ሌ盜ꘄ䚪氇毐픀퐄陰댉㒙୩䡊㧌᳀ִ [ 225.854343][ C1] vkms_vblank_simulate: vblank timer overrun [ 225.900082][ T5869] usb 5-1: SerialNumber: 䱩ሳ풤胿柳嗋渉㎄ծ彪䱎⬀댍ླྀ〥囵ḥ償ﻛ砐柫珛꫁긟荝퓢쓑ꔱ蔭䡯렫漺ힻ⏣钊ꍦ流녒豦ꡔﰭ㩫煊邯氜⬧ﱵΘƾﳲ鷢짆깣墵Ⅿᆶ很硛밀ᄡ阖枰ꥋ畁炫䀉睊戡鎢颬첱㎩Ὀ굃庒뜖맗蠁ֶꝿ菑䌟첔ꍻ픓煣ទ虨熺叺㉅뛐糝텪 [ 225.995355][ T29] audit: type=1400 audit(1738454108.368:527): avc: denied { mount } for pid=8037 comm="syz.3.574" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 226.017178][ T29] audit: type=1326 audit(1738454108.568:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8037 comm="syz.3.574" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe404f8cda9 code=0x0 [ 226.069154][ T5925] usb 3-1: device descriptor read/64, error -71 [ 226.275272][ T5925] usb usb3-port1: attempt power cycle [ 226.287877][ T8044] netlink: 'syz.1.575': attribute type 29 has an invalid length. [ 226.493992][ T29] audit: type=1400 audit(1738454109.398:529): avc: denied { ioctl } for pid=8055 comm="syz.1.579" path="socket:[17425]" dev="sockfs" ino=17425 ioctlcmd=0x940d scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 226.565918][ T29] audit: type=1400 audit(1738454109.488:530): avc: denied { unmount } for pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 226.909290][ T8074] netlink: 4 bytes leftover after parsing attributes in process `syz.1.586'. [ 226.911103][ T8075] FAULT_INJECTION: forcing a failure. [ 226.911103][ T8075] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 226.931628][ T8075] CPU: 0 UID: 0 PID: 8075 Comm: syz.3.585 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 226.931651][ T8075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 226.931661][ T8075] Call Trace: [ 226.931667][ T8075] [ 226.931673][ T8075] dump_stack_lvl+0x16c/0x1f0 [ 226.931696][ T8075] should_fail_ex+0x50a/0x650 [ 226.931728][ T8075] _copy_from_user+0x2e/0xd0 [ 226.931754][ T8075] sctp_setsockopt+0x2050/0xb810 [ 226.931776][ T8075] ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10 [ 226.931805][ T8075] ? __pfx_sctp_setsockopt+0x10/0x10 [ 226.931833][ T8075] ? selinux_socket_setsockopt+0x6a/0x80 [ 226.931853][ T8075] ? sock_common_setsockopt+0x2e/0xf0 [ 226.931879][ T8075] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 226.931904][ T8075] do_sock_setsockopt+0x222/0x480 [ 226.931928][ T8075] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 226.931953][ T8075] ? lock_acquire+0x2f/0xb0 [ 226.931991][ T8075] __sys_setsockopt+0x1a0/0x230 [ 226.932015][ T8075] __x64_sys_setsockopt+0xbd/0x160 [ 226.932034][ T8075] ? do_syscall_64+0x91/0x250 [ 226.932053][ T8075] ? lockdep_hardirqs_on+0x7c/0x110 [ 226.932080][ T8075] do_syscall_64+0xcd/0x250 [ 226.932099][ T8075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.932123][ T8075] RIP: 0033:0x7fe404f8cda9 [ 226.932138][ T8075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.932155][ T8075] RSP: 002b:00007fe405d86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 226.932172][ T8075] RAX: ffffffffffffffda RBX: 00007fe4051a5fa0 RCX: 00007fe404f8cda9 [ 226.932185][ T8075] RDX: 0000000000000084 RSI: 0000000000000084 RDI: 0000000000000003 [ 226.932195][ T8075] RBP: 00007fe405d86090 R08: 0000000000000090 R09: 0000000000000000 [ 226.932207][ T8075] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.932218][ T8075] R13: 0000000000000000 R14: 00007fe4051a5fa0 R15: 00007ffec41d22a8 [ 226.932242][ T8075] [ 227.154838][ T8077] FAULT_INJECTION: forcing a failure. [ 227.154838][ T8077] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.180851][ T8077] CPU: 1 UID: 0 PID: 8077 Comm: syz.1.587 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 227.180875][ T8077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 227.180885][ T8077] Call Trace: [ 227.180890][ T8077] [ 227.180897][ T8077] dump_stack_lvl+0x16c/0x1f0 [ 227.180923][ T8077] should_fail_ex+0x50a/0x650 [ 227.180951][ T8077] _copy_from_user+0x2e/0xd0 [ 227.180978][ T8077] move_addr_to_kernel+0x68/0x160 [ 227.181007][ T8077] __copy_msghdr+0x386/0x470 [ 227.181027][ T8077] copy_msghdr_from_user+0xc2/0x160 [ 227.181049][ T8077] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 227.181069][ T8077] ? __lock_acquire+0xcc5/0x3c40 [ 227.181107][ T8077] ___sys_sendmsg+0xff/0x1e0 [ 227.181130][ T8077] ? __pfx____sys_sendmsg+0x10/0x10 [ 227.181163][ T8077] ? trace_lock_acquire+0x14e/0x1f0 [ 227.181202][ T8077] __sys_sendmmsg+0x201/0x420 [ 227.181225][ T8077] ? __pfx___sys_sendmmsg+0x10/0x10 [ 227.181255][ T8077] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 227.181286][ T8077] ? fput+0x67/0x440 [ 227.181307][ T8077] ? ksys_write+0x1ba/0x250 [ 227.181332][ T8077] ? __pfx_ksys_write+0x10/0x10 [ 227.181361][ T8077] __x64_sys_sendmmsg+0x9c/0x100 [ 227.181382][ T8077] ? lockdep_hardirqs_on+0x7c/0x110 [ 227.181408][ T8077] do_syscall_64+0xcd/0x250 [ 227.181429][ T8077] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.181453][ T8077] RIP: 0033:0x7f903618cda9 [ 227.181468][ T8077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.181485][ T8077] RSP: 002b:00007f903703d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 227.181502][ T8077] RAX: ffffffffffffffda RBX: 00007f90363a5fa0 RCX: 00007f903618cda9 [ 227.181515][ T8077] RDX: 0000000000000001 RSI: 0000000020000440 RDI: 0000000000000009 [ 227.181526][ T8077] RBP: 00007f903703d090 R08: 0000000000000000 R09: 0000000000000000 [ 227.181537][ T8077] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.181548][ T8077] R13: 0000000000000000 R14: 00007f90363a5fa0 R15: 00007fffe9bc2d38 [ 227.181573][ T8077] [ 227.395187][ C1] vkms_vblank_simulate: vblank timer overrun [ 228.461887][ T5869] usbhid 5-1:1.0: can't add hid device: -71 [ 228.467890][ T5869] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 228.473681][ T8111] overlayfs: missing 'lowerdir' [ 228.490007][ T5869] usb 5-1: USB disconnect, device number 24 [ 228.884631][ T29] audit: type=1400 audit(1738454111.808:531): avc: denied { connect } for pid=8117 comm="syz.1.599" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 228.908523][ T8122] netlink: 428 bytes leftover after parsing attributes in process `syz.2.600'. [ 228.916580][ T29] audit: type=1400 audit(1738454111.808:532): avc: denied { bind } for pid=8117 comm="syz.1.599" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 229.043026][ T8122] netlink: 32 bytes leftover after parsing attributes in process `syz.2.600'. [ 229.358988][ T8128] FAT-fs (nullb0): bogus number of reserved sectors [ 229.365921][ T8128] FAT-fs (nullb0): Can't find a valid FAT filesystem [ 230.115967][ T29] audit: type=1400 audit(1738454111.808:533): avc: denied { write } for pid=8117 comm="syz.1.599" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 230.150025][ T8133] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 230.238863][ T29] audit: type=1400 audit(1738454111.808:534): avc: denied { read } for pid=8117 comm="syz.1.599" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 230.442142][ T5902] usb 3-1: new low-speed USB device number 26 using dummy_hcd [ 230.640512][ T5902] usb 3-1: device descriptor read/64, error -71 [ 230.720432][ T5869] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 230.870398][ T5869] usb 1-1: Using ep0 maxpacket: 32 [ 230.882149][ T5869] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 230.910401][ T5869] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 230.921891][ T5869] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 230.943634][ T5869] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 230.960419][ T5902] usb 3-1: new low-speed USB device number 27 using dummy_hcd [ 230.970567][ T5869] usb 1-1: config 0 interface 0 has no altsetting 0 [ 231.017916][ T5869] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 231.037894][ T5869] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 231.047359][ T5869] usb 1-1: Product: syz [ 231.051845][ T5869] usb 1-1: Manufacturer: syz [ 231.056448][ T5869] usb 1-1: SerialNumber: syz [ 231.081995][ T5869] usb 1-1: config 0 descriptor?? [ 231.089690][ T29] audit: type=1400 audit(1738454114.008:535): avc: denied { mount } for pid=8151 comm="syz.4.608" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 231.094593][ T5869] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 231.130813][ T5902] usb 3-1: device descriptor read/64, error -71 [ 231.143845][ T8152] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 231.150876][ T5869] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 231.188996][ T29] audit: type=1400 audit(1872671842.118:536): avc: denied { unmount } for pid=5825 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 336.210290][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 336.210317][ C1] rcu: 0-...!: (1 GPs behind) idle=6a4c/1/0x4000000000000000 softirq=26179/26180 fqs=3 [ 336.210933][ C1] rcu: (detected by 1, t=10503 jiffies, g=20769, q=270 ncpus=2) [ 336.210962][ C1] Sending NMI from CPU 1 to CPUs 0: [ 336.211003][ C0] NMI backtrace for cpu 0 [ 336.211015][ C0] CPU: 0 UID: 0 PID: 29 Comm: kauditd Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 336.211034][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 336.211045][ C0] RIP: 0010:__kasan_check_read+0x0/0x20 [ 336.211076][ C0] Code: c3 cc cc cc cc 48 83 c4 60 48 c7 c7 e0 a7 7f 8d 5b 5d 41 5c e9 11 61 7c ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 0c 24 89 f6 31 d2 e9 7f f0 ff ff 66 66 2e 0f 1f [ 336.211093][ C0] RSP: 0018:ffffc90000007b30 EFLAGS: 00000047 [ 336.211109][ C0] RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000020000 [ 336.211120][ C0] RDX: 1ffff11003bd15f4 RSI: 0000000000000008 RDI: ffffffff96eb8cc0 [ 336.211131][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 336.211142][ C0] R10: 000000000000000a R11: 0000000000000002 R12: 0000000000000002 [ 336.211152][ C0] R13: ffff88801de8a440 R14: 0000000000000021 R15: ffff88801de8af80 [ 336.211164][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 336.211181][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 336.211192][ C0] CR2: 0000000020376030 CR3: 000000005d81c000 CR4: 00000000003526f0 [ 336.211204][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 336.211214][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 336.211231][ C0] Call Trace: [ 336.211237][ C0] [ 336.211245][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 336.211274][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 336.211297][ C0] ? nmi_handle+0x1ac/0x5d0 [ 336.211322][ C0] ? __pfx___kasan_check_read+0x10/0x10 [ 336.211347][ C0] ? default_do_nmi+0x6a/0x160 [ 336.211370][ C0] ? exc_nmi+0x170/0x1e0 [ 336.211391][ C0] ? end_repeat_nmi+0xf/0x53 [ 336.211420][ C0] ? __pfx___kasan_check_read+0x10/0x10 [ 336.211446][ C0] ? __pfx___kasan_check_read+0x10/0x10 [ 336.211472][ C0] ? __pfx___kasan_check_read+0x10/0x10 [ 336.211497][ C0] [ 336.211503][ C0] [ 336.211508][ C0] hlock_class+0x4e/0x130 [ 336.211527][ C0] __lock_acquire+0x410/0x3c40 [ 336.211555][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 336.211578][ C0] ? lock_acquire.part.0+0x11b/0x380 [ 336.211604][ C0] lock_acquire.part.0+0x11b/0x380 [ 336.211628][ C0] ? advance_sched+0x679/0xc60 [ 336.211652][ C0] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 336.211677][ C0] ? rcu_is_watching+0x12/0xc0 [ 336.211695][ C0] ? trace_lock_acquire+0x14e/0x1f0 [ 336.211714][ C0] ? advance_sched+0x679/0xc60 [ 336.211737][ C0] ? lock_acquire+0x2f/0xb0 [ 336.211759][ C0] ? advance_sched+0x679/0xc60 [ 336.211782][ C0] advance_sched+0x67f/0xc60 [ 336.211804][ C0] ? advance_sched+0x679/0xc60 [ 336.211831][ C0] ? __pfx_advance_sched+0x10/0x10 [ 336.211853][ C0] __hrtimer_run_queues+0x20a/0xae0 [ 336.211873][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 336.211890][ C0] ? read_tsc+0x9/0x20 [ 336.211911][ C0] hrtimer_interrupt+0x392/0x8e0 [ 336.211933][ C0] __sysvec_apic_timer_interrupt+0x10f/0x400 [ 336.211961][ C0] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 336.211988][ C0] [ 336.211993][ C0] [ 336.211998][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 336.212023][ C0] RIP: 0010:console_flush_all+0x9a4/0xc60 [ 336.212042][ C0] Code: 00 e8 e0 d3 27 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 0e 1a 20 00 48 85 db 0f 85 55 01 00 00 e8 d0 1e 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 45 34 83 [ 336.212059][ C0] RSP: 0018:ffffc90000a579d0 EFLAGS: 00000293 [ 336.212073][ C0] RAX: ffffffff8eeaa158 RBX: 0000000000000000 RCX: ffffffff81998fc2 [ 336.212084][ C0] RDX: ffff88801de8a440 RSI: ffffffff81998fd0 RDI: 0000000000000007 [ 336.212095][ C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 336.212106][ C0] R10: 0000000000000000 R11: 0000000000000003 R12: ffffffff8eeaa158 [ 336.212116][ C0] R13: ffffffff8eeaa100 R14: ffffc90000a57a60 R15: dffffc0000000000 [ 336.212131][ C0] ? console_flush_all+0x992/0xc60 [ 336.212148][ C0] ? console_flush_all+0x9a0/0xc60 [ 336.212171][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 336.212192][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 336.212214][ C0] console_unlock+0xd9/0x210 [ 336.212235][ C0] ? __pfx_console_unlock+0x10/0x10 [ 336.212252][ C0] ? lock_acquire+0x2f/0xb0 [ 336.212275][ C0] ? _printk+0xc8/0x100 [ 336.212298][ C0] ? __down_trylock_console_sem+0xb0/0x140 [ 336.212324][ C0] vprintk_emit+0x424/0x6f0 [ 336.212342][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 336.212359][ C0] ? __pfx_lock_release+0x10/0x10 [ 336.212381][ C0] ? trace_lock_acquire+0x14e/0x1f0 [ 336.212403][ C0] ? __pfx_kauditd_send_multicast_skb+0x10/0x10 [ 336.212425][ C0] _printk+0xc8/0x100 [ 336.212448][ C0] ? __pfx__printk+0x10/0x10 [ 336.212471][ C0] ? ___ratelimit+0x24c/0x570 [ 336.212497][ C0] ? __pfx____ratelimit+0x10/0x10 [ 336.212524][ C0] ? kauditd_hold_skb+0x1bc/0x250 [ 336.212546][ C0] kauditd_hold_skb+0x205/0x250 [ 336.212568][ C0] kauditd_send_queue+0x236/0x290 [ 336.212589][ C0] ? __pfx_kauditd_hold_skb+0x10/0x10 [ 336.212612][ C0] kauditd_thread+0x611/0xa60 [ 336.212633][ C0] ? __pfx_kauditd_thread+0x10/0x10 [ 336.212655][ C0] ? __pfx_autoremove_wake_function+0x10/0x10 [ 336.212679][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 336.212709][ C0] ? __kthread_parkme+0x148/0x220 [ 336.212726][ C0] ? __pfx_kauditd_thread+0x10/0x10 [ 336.212749][ C0] kthread+0x3af/0x750 [ 336.212770][ C0] ? __pfx_kthread+0x10/0x10 [ 336.212792][ C0] ? __pfx_kthread+0x10/0x10 [ 336.212812][ C0] ret_from_fork+0x45/0x80 [ 336.212834][ C0] ? __pfx_kthread+0x10/0x10 [ 336.212854][ C0] ret_from_fork_asm+0x1a/0x30 [ 336.212879][ C0] [ 336.213000][ C1] rcu: rcu_preempt kthread starved for 10490 jiffies! g20769 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 336.213024][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 336.213035][ C1] rcu: RCU grace-period kthread stack dump: [ 336.213042][ C1] task:rcu_preempt state:R running task stack:27552 pid:17 tgid:17 ppid:2 task_flags:0x208040 flags:0x00004000 [ 336.213109][ C1] Call Trace: [ 336.213116][ C1] [ 336.213129][ C1] __schedule+0xf43/0x5890 [ 336.213161][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 336.213202][ C1] ? __pfx___schedule+0x10/0x10 [ 336.213233][ C1] ? schedule+0x298/0x350 [ 336.213262][ C1] ? __pfx_lock_release+0x10/0x10 [ 336.213296][ C1] ? lock_acquire+0x2f/0xb0 [ 336.213322][ C1] ? schedule+0x1fd/0x350 [ 336.213355][ C1] schedule+0xe7/0x350 [ 336.213386][ C1] schedule_timeout+0x124/0x280 [ 336.213414][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 336.213443][ C1] ? __pfx_process_timeout+0x10/0x10 [ 336.213470][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 336.213502][ C1] ? prepare_to_swait_event+0xf3/0x470 [ 336.213536][ C1] rcu_gp_fqs_loop+0x1eb/0xb00 [ 336.213569][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 336.213599][ C1] ? rcu_gp_init+0xc82/0x1630 [ 336.213630][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 336.213666][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 336.213701][ C1] rcu_gp_kthread+0x271/0x380 [ 336.213732][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 336.213763][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 336.213797][ C1] ? __kthread_parkme+0x148/0x220 [ 336.213820][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 336.213851][ C1] kthread+0x3af/0x750 [ 336.213877][ C1] ? __pfx_kthread+0x10/0x10 [ 336.213907][ C1] ? __pfx_kthread+0x10/0x10 [ 336.213933][ C1] ret_from_fork+0x45/0x80 [ 336.213960][ C1] ? __pfx_kthread+0x10/0x10 [ 336.213990][ C1] ret_from_fork_asm+0x1a/0x30 [ 336.214026][ C1] [ 336.214034][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 336.214043][ C1] CPU: 1 UID: 0 PID: 4403 Comm: kworker/u8:8 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 336.214066][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 336.214079][ C1] Workqueue: events_unbound toggle_allocation_gate [ 336.214102][ C1] RIP: 0010:smp_call_function_many_cond+0x4c6/0x12c0 [ 336.214125][ C1] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 fc 4c 89 fd 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 fc 04 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 e8 0b 00 00 8b 43 08 31 [ 336.214145][ C1] RSP: 0018:ffffc9000ecef928 EFLAGS: 00000293 [ 336.214162][ C1] RAX: 0000000000000000 RBX: ffff8880b86469c0 RCX: ffffffff81ada9ca [ 336.214176][ C1] RDX: ffff888034cd2440 RSI: ffffffff81ada9a4 RDI: 0000000000000005 [ 336.214191][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 336.214203][ C1] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10170c8d39 [ 336.214217][ C1] R13: 0000000000000001 R14: ffff8880b873fe40 R15: ffff8880b86469c8 [ 336.214231][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 336.214250][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 336.214265][ C1] CR2: 000000110c35efc1 CR3: 000000000df80000 CR4: 00000000003526f0 [ 336.214279][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 336.214292][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 336.214306][ C1] Call Trace: [ 336.214313][ C1] [ 336.214321][ C1] ? rcu_check_gp_kthread_starvation+0x31b/0x450 [ 336.214345][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 336.214369][ C1] ? rcu_sched_clock_irq+0x247a/0x3310 [ 336.214399][ C1] ? timekeeping_advance+0x72e/0xa90 [ 336.214425][ C1] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 336.214450][ C1] ? __asan_memcpy+0x3c/0x60 [ 336.214489][ C1] ? rcu_is_watching+0x12/0xc0 [ 336.214515][ C1] ? update_process_times+0x178/0x2d0 [ 336.214547][ C1] ? __pfx_update_process_times+0x10/0x10 [ 336.214578][ C1] ? update_wall_time+0x1c/0x40 [ 336.214608][ C1] ? tick_nohz_handler+0x376/0x530 [ 336.214634][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 336.214655][ C1] ? __hrtimer_run_queues+0x5fb/0xae0 [ 336.214685][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 336.214705][ C1] ? read_tsc+0x9/0x20 [ 336.214735][ C1] ? hrtimer_interrupt+0x392/0x8e0 [ 336.214768][ C1] ? __sysvec_apic_timer_interrupt+0x10f/0x400 [ 336.214801][ C1] ? sysvec_apic_timer_interrupt+0x9f/0xc0 [ 336.214832][ C1] [ 336.214840][ C1] [ 336.214848][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 336.214885][ C1] ? smp_call_function_many_cond+0x4ea/0x12c0 [ 336.214906][ C1] ? smp_call_function_many_cond+0x4c4/0x12c0 [ 336.214928][ C1] ? smp_call_function_many_cond+0x4c6/0x12c0 [ 336.214952][ C1] ? smp_call_function_many_cond+0x4c4/0x12c0 [ 336.214990][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 336.215011][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 336.215034][ C1] text_poke_bp_batch+0x22b/0x760 [ 336.215060][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 336.215082][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 336.215105][ C1] ? text_poke_queue+0xef/0x180 [ 336.215134][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 336.215168][ C1] text_poke_finish+0x30/0x40 [ 336.215190][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 336.215216][ C1] jump_label_update+0x1d7/0x400 [ 336.215244][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 336.215271][ C1] static_key_enable+0x1a/0x20 [ 336.215295][ C1] toggle_allocation_gate+0xfc/0x260 [ 336.215317][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 336.215339][ C1] ? trace_lock_acquire+0x14e/0x1f0 [ 336.215363][ C1] ? process_one_work+0x921/0x1ba0 [ 336.215393][ C1] ? lock_acquire+0x2f/0xb0 [ 336.215419][ C1] ? process_one_work+0x921/0x1ba0 [ 336.215450][ C1] process_one_work+0x9c5/0x1ba0 [ 336.215486][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 336.215511][ C1] ? __pfx_process_one_work+0x10/0x10 [ 336.215547][ C1] ? assign_work+0x1a0/0x250 [ 336.215575][ C1] worker_thread+0x6c8/0xf00 [ 336.215613][ C1] ? __pfx_worker_thread+0x10/0x10 [ 336.215642][ C1] kthread+0x3af/0x750 [ 336.215667][ C1] ? __pfx_kthread+0x10/0x10 [ 336.215691][ C1] ? lock_acquire+0x2f/0xb0 [ 336.215723][ C1] ? __pfx_kthread+0x10/0x10 [ 336.215749][ C1] ret_from_fork+0x45/0x80 [ 336.215775][ C1] ? __pfx_kthread+0x10/0x10 [ 336.215800][ C1] ret_from_fork_asm+0x1a/0x30 [ 336.215836][ C1] [ 486.228028][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 246s! [kworker/u8:8:4403] [ 486.228055][ C1] Modules linked in: [ 486.228068][ C1] irq event stamp: 2953284 [ 486.228074][ C1] hardirqs last enabled at (2953283): [] irqentry_exit+0x3b/0x90 [ 486.228105][ C1] hardirqs last disabled at (2953284): [] sysvec_apic_timer_interrupt+0xe/0xc0 [ 486.228139][ C1] softirqs last enabled at (2953280): [] handle_softirqs+0x5bb/0x8f0 [ 486.228173][ C1] softirqs last disabled at (2953229): [] __irq_exit_rcu+0x109/0x170 [ 486.228217][ C1] CPU: 1 UID: 0 PID: 4403 Comm: kworker/u8:8 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 486.228240][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 486.228256][ C1] Workqueue: events_unbound toggle_allocation_gate [ 486.228280][ C1] RIP: 0010:write_comp_data+0x11/0x90 [ 486.228308][ C1] Code: cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 49 89 d2 49 89 f8 49 89 f1 65 48 8b 15 0f 31 4a 7e <65> 8b 05 10 31 4a 7e a9 00 01 ff 00 74 1d f6 c4 01 74 67 a9 00 00 [ 486.228328][ C1] RSP: 0018:ffffc9000ecef920 EFLAGS: 00000202 [ 486.228343][ C1] RAX: 0000000000000001 RBX: ffff8880b86469c0 RCX: ffffffff81ada9ca [ 486.228356][ C1] RDX: ffff888034cd2440 RSI: 0000000000000000 RDI: 0000000000000005 [ 486.228369][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 486.228380][ C1] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10170c8d39 [ 486.228393][ C1] R13: 0000000000000001 R14: ffff8880b873fe40 R15: ffff8880b86469c8 [ 486.228406][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 486.228424][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 486.228438][ C1] CR2: 000000110c35efc1 CR3: 000000000df80000 CR4: 00000000003526f0 [ 486.228451][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 486.228462][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 486.228474][ C1] Call Trace: [ 486.228481][ C1] [ 486.228497][ C1] ? watchdog_timer_fn+0x570/0x7d0 [ 486.228531][ C1] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 486.228560][ C1] ? __hrtimer_run_queues+0x5fb/0xae0 [ 486.228588][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 486.228607][ C1] ? read_tsc+0x9/0x20 [ 486.228637][ C1] ? hrtimer_interrupt+0x392/0x8e0 [ 486.228669][ C1] ? __sysvec_apic_timer_interrupt+0x10f/0x400 [ 486.228701][ C1] ? sysvec_apic_timer_interrupt+0x9f/0xc0 [ 486.228731][ C1] [ 486.228737][ C1] [ 486.228745][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 486.228785][ C1] ? smp_call_function_many_cond+0x4ea/0x12c0 [ 486.228809][ C1] ? write_comp_data+0x11/0x90 [ 486.228837][ C1] smp_call_function_many_cond+0x4ea/0x12c0 [ 486.228868][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 486.228887][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 486.228910][ C1] text_poke_bp_batch+0x22b/0x760 [ 486.228940][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 486.228961][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 486.228983][ C1] ? text_poke_queue+0xef/0x180 [ 486.229011][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 486.229044][ C1] text_poke_finish+0x30/0x40 [ 486.229065][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 486.229089][ C1] jump_label_update+0x1d7/0x400 [ 486.229116][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 486.229142][ C1] static_key_enable+0x1a/0x20 [ 486.229165][ C1] toggle_allocation_gate+0xfc/0x260 [ 486.229187][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 486.229207][ C1] ? trace_lock_acquire+0x14e/0x1f0 [ 486.229230][ C1] ? process_one_work+0x921/0x1ba0 [ 486.229258][ C1] ? lock_acquire+0x2f/0xb0 [ 486.229283][ C1] ? process_one_work+0x921/0x1ba0 [ 486.229313][ C1] process_one_work+0x9c5/0x1ba0 [ 486.229348][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 486.229372][ C1] ? __pfx_process_one_work+0x10/0x10 [ 486.229406][ C1] ? assign_work+0x1a0/0x250 [ 486.229434][ C1] worker_thread+0x6c8/0xf00 [ 486.229471][ C1] ? __pfx_worker_thread+0x10/0x10 [ 486.229499][ C1] kthread+0x3af/0x750 [ 486.229523][ C1] ? __pfx_kthread+0x10/0x10 [ 486.229546][ C1] ? lock_acquire+0x2f/0xb0 [ 486.229577][ C1] ? __pfx_kthread+0x10/0x10 [ 486.229601][ C1] ret_from_fork+0x45/0x80 [ 486.229626][ C1] ? __pfx_kthread+0x10/0x10 [ 486.229650][ C1] ret_from_fork_asm+0x1a/0x30 [ 486.229684][ C1] [ 486.229695][ C1] Sending NMI from CPU 1 to CPUs 0: [ 486.229727][ C0] NMI backtrace for cpu 0 [ 486.229735][ C0] CPU: 0 UID: 0 PID: 29 Comm: kauditd Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 486.229754][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 486.229764][ C0] RIP: 0010:__remove_hrtimer+0x36/0x290 [ 486.229792][ C0] Code: 41 54 55 48 89 f5 53 48 89 fb e8 c5 d6 12 00 48 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 2b 02 00 00 <48> 8d 7b 38 4c 8b 75 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 [ 486.229808][ C0] RSP: 0018:ffffc90000007df8 EFLAGS: 00000046 [ 486.229821][ C0] RAX: dffffc0000000000 RBX: ffff888061b36340 RCX: 0000000000000000 [ 486.229832][ C0] RDX: 1ffff110170c5910 RSI: ffffffff81a6d7db RDI: ffff888061b36340 [ 486.229844][ C0] RBP: ffff8880b862c880 R08: 0000000000000001 R09: 0000000000000000 [ 486.229855][ C0] R10: 0000000000000001 R11: 0000000000000003 R12: ffff888061b36340 [ 486.229866][ C0] R13: 0000000000000000 R14: ffff8880b862c680 R15: 0000000000000000 [ 486.229877][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 486.229893][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 486.229904][ C0] CR2: 0000000020376030 CR3: 000000005d81c000 CR4: 00000000003526f0 [ 486.229916][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 486.229926][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 486.229937][ C0] Call Trace: [ 486.229942][ C0] [ 486.229948][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 486.229994][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 486.230035][ C0] ? nmi_handle+0x1ac/0x5d0 [ 486.230082][ C0] ? __remove_hrtimer+0x36/0x290 [ 486.230131][ C0] ? default_do_nmi+0x6a/0x160 [ 486.230172][ C0] ? exc_nmi+0x170/0x1e0 [ 486.230211][ C0] ? end_repeat_nmi+0xf/0x53 [ 486.230263][ C0] ? __remove_hrtimer+0x1b/0x290 [ 486.230311][ C0] ? __remove_hrtimer+0x36/0x290 [ 486.230361][ C0] ? __remove_hrtimer+0x36/0x290 [ 486.230411][ C0] ? __remove_hrtimer+0x36/0x290 [ 486.230438][ C0] [ 486.230443][ C0] [ 486.230450][ C0] ? __pfx_advance_sched+0x10/0x10 [ 486.230473][ C0] __hrtimer_run_queues+0x50b/0xae0 [ 486.230503][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 486.230520][ C0] ? read_tsc+0x9/0x20 [ 486.230541][ C0] hrtimer_interrupt+0x392/0x8e0 [ 486.230564][ C0] __sysvec_apic_timer_interrupt+0x10f/0x400 [ 486.230591][ C0] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 486.230618][ C0] [ 486.230623][ C0] [ 486.230629][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 486.230655][ C0] RIP: 0010:console_flush_all+0x9a4/0xc60 [ 486.230674][ C0] Code: 00 e8 e0 d3 27 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 0e 1a 20 00 48 85 db 0f 85 55 01 00 00 e8 d0 1e 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 45 34 83 [ 486.230695][ C0] RSP: 0018:ffffc90000a579d0 EFLAGS: 00000293 [ 486.230708][ C0] RAX: ffffffff8eeaa158 RBX: 0000000000000000 RCX: ffffffff81998fc2 [ 486.230720][ C0] RDX: ffff88801de8a440 RSI: ffffffff81998fd0 RDI: 0000000000000007 [ 486.230731][ C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 486.230741][ C0] R10: 0000000000000000 R11: 0000000000000003 R12: ffffffff8eeaa158 [ 486.230752][ C0] R13: ffffffff8eeaa100 R14: ffffc90000a57a60 R15: dffffc0000000000 [ 486.230767][ C0] ? console_flush_all+0x992/0xc60 [ 486.230784][ C0] ? console_flush_all+0x9a0/0xc60 [ 486.230807][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 486.230828][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 486.230850][ C0] console_unlock+0xd9/0x210 [ 486.230867][ C0] ? __pfx_console_unlock+0x10/0x10 [ 486.230884][ C0] ? lock_acquire+0x2f/0xb0 [ 486.230907][ C0] ? _printk+0xc8/0x100 [ 486.230929][ C0] ? __down_trylock_console_sem+0xb0/0x140 [ 486.230956][ C0] vprintk_emit+0x424/0x6f0 [ 486.230974][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 486.230991][ C0] ? __pfx_lock_release+0x10/0x10 [ 486.231013][ C0] ? trace_lock_acquire+0x14e/0x1f0 [ 486.231035][ C0] ? __pfx_kauditd_send_multicast_skb+0x10/0x10 [ 486.231058][ C0] _printk+0xc8/0x100 [ 486.231081][ C0] ? __pfx__printk+0x10/0x10 [ 486.231104][ C0] ? ___ratelimit+0x24c/0x570 [ 486.231130][ C0] ? __pfx____ratelimit+0x10/0x10 [ 486.231157][ C0] ? kauditd_hold_skb+0x1bc/0x250 [ 486.231179][ C0] kauditd_hold_skb+0x205/0x250 [ 486.231201][ C0] kauditd_send_queue+0x236/0x290 [ 486.231222][ C0] ? __pfx_kauditd_hold_skb+0x10/0x10 [ 486.231244][ C0] kauditd_thread+0x611/0xa60 [ 486.231266][ C0] ? __pfx_kauditd_thread+0x10/0x10 [ 486.231289][ C0] ? __pfx_autoremove_wake_function+0x10/0x10 [ 486.231312][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 486.231339][ C0] ? __kthread_parkme+0x148/0x220 [ 486.231357][ C0] ? __pfx_kauditd_thread+0x10/0x10 [ 486.231378][ C0] kthread+0x3af/0x750 [ 486.231398][ C0] ? __pfx_kthread+0x10/0x10 [ 486.231421][ C0] ? __pfx_kthread+0x10/0x10 [ 486.231441][ C0] ret_from_fork+0x45/0x80 [ 486.231463][ C0] ? __pfx_kthread+0x10/0x10 [ 486.231482][ C0] ret_from_fork_asm+0x1a/0x30 [ 486.231507][ C0] [ 486.231724][ C1] Kernel panic - not syncing: softlockup: hung tasks [ 486.231737][ C1] CPU: 1 UID: 0 PID: 4403 Comm: kworker/u8:8 Tainted: G L 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 486.231765][ C1] Tainted: [L]=SOFTLOCKUP [ 486.231773][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 486.231786][ C1] Workqueue: events_unbound toggle_allocation_gate [ 486.231807][ C1] Call Trace: [ 486.231813][ C1] [ 486.231821][ C1] dump_stack_lvl+0x3d/0x1f0 [ 486.231844][ C1] panic+0x71d/0x800 [ 486.231866][ C1] ? __pfx_panic+0x10/0x10 [ 486.231887][ C1] ? __pfx__printk+0x10/0x10 [ 486.231919][ C1] ? irq_work_claim+0x76/0xa0 [ 486.231954][ C1] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 486.231981][ C1] ? irq_work_queue+0x2a/0x80 [ 486.232010][ C1] ? watchdog_timer_fn+0x5f2/0x7d0 [ 486.232040][ C1] ? watchdog_timer_fn+0x5e5/0x7d0 [ 486.232075][ C1] watchdog_timer_fn+0x603/0x7d0 [ 486.232109][ C1] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 486.232140][ C1] __hrtimer_run_queues+0x5fb/0xae0 [ 486.232168][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 486.232188][ C1] ? read_tsc+0x9/0x20 [ 486.232217][ C1] hrtimer_interrupt+0x392/0x8e0 [ 486.232250][ C1] __sysvec_apic_timer_interrupt+0x10f/0x400 [ 486.232283][ C1] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 486.232314][ C1] [ 486.232321][ C1] [ 486.232329][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 486.232358][ C1] RIP: 0010:write_comp_data+0x11/0x90 [ 486.232386][ C1] Code: cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 49 89 d2 49 89 f8 49 89 f1 65 48 8b 15 0f 31 4a 7e <65> 8b 05 10 31 4a 7e a9 00 01 ff 00 74 1d f6 c4 01 74 67 a9 00 00 [ 486.232405][ C1] RSP: 0018:ffffc9000ecef920 EFLAGS: 00000202 [ 486.232421][ C1] RAX: 0000000000000001 RBX: ffff8880b86469c0 RCX: ffffffff81ada9ca [ 486.232435][ C1] RDX: ffff888034cd2440 RSI: 0000000000000000 RDI: 0000000000000005 [ 486.232449][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 486.232461][ C1] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10170c8d39 [ 486.232474][ C1] R13: 0000000000000001 R14: ffff8880b873fe40 R15: ffff8880b86469c8 [ 486.232495][ C1] ? smp_call_function_many_cond+0x4ea/0x12c0 [ 486.232522][ C1] smp_call_function_many_cond+0x4ea/0x12c0 [ 486.232553][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 486.232573][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 486.232596][ C1] text_poke_bp_batch+0x22b/0x760 [ 486.232622][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 486.232643][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 486.232666][ C1] ? text_poke_queue+0xef/0x180 [ 486.232697][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 486.232730][ C1] text_poke_finish+0x30/0x40 [ 486.232751][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 486.232777][ C1] jump_label_update+0x1d7/0x400 [ 486.232804][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 486.232830][ C1] static_key_enable+0x1a/0x20 [ 486.232855][ C1] toggle_allocation_gate+0xfc/0x260 [ 486.232876][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 486.232897][ C1] ? trace_lock_acquire+0x14e/0x1f0 [ 486.232922][ C1] ? process_one_work+0x921/0x1ba0 [ 486.232953][ C1] ? lock_acquire+0x2f/0xb0 [ 486.232979][ C1] ? process_one_work+0x921/0x1ba0 [ 486.233010][ C1] process_one_work+0x9c5/0x1ba0 [ 486.233046][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 486.233069][ C1] ? __pfx_process_one_work+0x10/0x10 [ 486.233105][ C1] ? assign_work+0x1a0/0x250 [ 486.233133][ C1] worker_thread+0x6c8/0xf00 [ 486.233170][ C1] ? __pfx_worker_thread+0x10/0x10 [ 486.233198][ C1] kthread+0x3af/0x750 [ 486.233223][ C1] ? __pfx_kthread+0x10/0x10 [ 486.233247][ C1] ? lock_acquire+0x2f/0xb0 [ 486.233278][ C1] ? __pfx_kthread+0x10/0x10 [ 486.233303][ C1] ret_from_fork+0x45/0x80 [ 486.233329][ C1] ? __pfx_kthread+0x10/0x10 [ 486.233354][ C1] ret_from_fork_asm+0x1a/0x30 [ 486.233389][ C1] [ 487.324320][ C1] Shutting down cpus with NMI [ 487.324556][ C1] Kernel Offset: disabled