last executing test programs: 5.867826126s ago: executing program 2 (id=2297): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$vsock_stream(0x28, 0x1, 0x0) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fddbdf254400000008000300", @ANYRES32=r3, @ANYBLOB="3400238006001b0001000000050025000f00000005000e0002000000050005"], 0x50}, 0x1, 0x0, 0x0, 0x20048080}, 0x0) 5.857187748s ago: executing program 3 (id=2298): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xb, &(0x7f0000000300)=0x8, 0x4) syz_emit_ethernet(0x46, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r0) sendmsg$IEEE802154_SET_MACPARAMS(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x28, r2, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x8bb}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x44800) 5.807416514s ago: executing program 2 (id=2299): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r0 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000040)) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$netlink(0x10, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b07"], 0xec) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000100001005d790000000000000500000a60000000060a0b0400000000000000000200000234000480300001800b00010074617267657400002000028008000240000000010800030002b511120c0001004e465155455545000900010073797a30000000000900020073797a32000000001400000011000100"], 0x88}}, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/diskstats\x00', 0x0, 0x0) read$char_usb(r4, &(0x7f0000002840)=""/4103, 0x1007) 5.794363431s ago: executing program 3 (id=2300): socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000027c0)={0x2, 0x3, 0x0, 0x2, 0x10, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, '['}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1}}]}, 0x80}, 0x1, 0x7}, 0x0) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$alg(r3, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf03f7d9c0fd0826786ffcfb99e55c1272594d5be5c7f1de9562bbf652", 0x1f}, {&(0x7f0000008c80)="9d", 0x7fffefe1}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r4, 0xb674d9c01fa7caf, 0x70bd2d, 0x25dfdbfc, {}, [@DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xf, 0xa9, @name2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24004084}, 0x800) 4.770162095s ago: executing program 2 (id=2302): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a"], 0x50}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)={0x20, 0xd, 0xa, 0xe01, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)=ANY=[@ANYBLOB="0500005da4eaa918f17988776bd1e12d45dd7adf399861117e6b9d470da80159663dcb048d469078afcd8de8fb86c5b33b41b8245f1914109a6439adfb47db9509a4681d2546fe56f08051fbffffffec000000000000007f6ee759c65abe6144470471e400e03e6f45cc961ef61141938e40666fd61500000000000072c09e42fe6d7f5fa974e7a4d78114dee686cda88a5e28ef19dad84508231ce8ff578b61ae90c5f5e253353dac3c04c0ab1b7731ccea", @ANYRES16=r2, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0xd4209235c937efa7}, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000a00)={0x1b8, r2, 0x100, 0x78bd2a, 0x25dfdbf6, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x816}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1000}}]}, 0x1b8}}, 0x240048d5) bind$bt_sco(r1, &(0x7f0000000000)={0x1f, @none}, 0x8) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x200, 0x800, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x4, 0x5}, {0x7, 0x6}, {0x5, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x24008884) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r7, 0x5, &(0x7f00000005c0)='fd', 0x0, r6) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) close_range(r8, 0xffffffffffffffff, 0x0) 3.912932752s ago: executing program 4 (id=2306): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a"], 0x50}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)={0x20, 0xd, 0xa, 0xe01, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)=ANY=[@ANYBLOB="0500005da4eaa918f17988776bd1e12d45dd7adf399861117e6b9d470da80159663dcb048d469078afcd8de8fb86c5b33b41b8245f1914109a6439adfb47db9509a4681d2546fe56f08051fbffffffec000000000000007f6ee759c65abe6144470471e400e03e6f45cc961ef61141938e40666fd61500000000000072c09e42fe6d7f5fa974e7a4d78114dee686cda88a5e28ef19dad84508231ce8ff578b61ae90c5f5e253353dac3c04c0ab1b7731ccea", @ANYRES16=r2, @ANYBLOB="01082abd7000000000002a000000080058000000000008000300020000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x44}, 0x1, 0x0, 0x0, 0xd4209235c937efa7}, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, 0x0, 0x240048d5) bind$bt_sco(r1, &(0x7f0000000000)={0x1f, @none}, 0x8) pipe(&(0x7f0000000480)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x200, 0x800, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x4, 0x5}, {0x7, 0x6}, {0x5, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x24008884) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) pipe(0x0) r5 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r5, 0x5, &(0x7f00000005c0)='fd', 0x0, 0xffffffffffffffff) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r6, 0xffffffffffffffff, 0x0) 3.857091632s ago: executing program 1 (id=2307): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000cf8bed20d90f250040290000000109021200010000000009040000"], 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = creat(0x0, 0x8) read$FUSE(r3, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r5 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x2f126000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)=ANY=[@ANYBLOB="203301"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_FUNCS(r7, 0x705, &(0x7f0000000140)=0xfffffffffffffffa) sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x24, 0x7, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0xd}]}, 0x24}}, 0x0) 3.50498418s ago: executing program 3 (id=2308): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='sys_exit\x00'}, 0x18) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c00000016"], 0xfc}}, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r0, 0x40304580, &(0x7f0000000b40)={0x56, 0x0, 0x8, {0x80c, 0x1}, {0x45, 0x400}, @rumble={0xdd, 0x8}}) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) ioctl$EVIOCGKEY(r0, 0x80404518, 0x0) uname(&(0x7f0000000580)=""/31) 3.503764274s ago: executing program 2 (id=2309): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$vsock_stream(0x28, 0x1, 0x0) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fddbdf254400000008000300", @ANYRES32=r3, @ANYBLOB="3400238006001b0001000000050025000f00000005000e0002000000050005"], 0x50}, 0x1, 0x0, 0x0, 0x20048080}, 0x0) 3.424482943s ago: executing program 4 (id=2310): r0 = socket$inet(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @rand_addr=0xfffffc15}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000340)={[0x2, 0x9, 0x4fb, 0x0, 0x10000, 0x0, 0x4002004c8, 0x8, 0x1, 0xc, 0x0, 0x2000005, 0x9, 0x9, 0x81, 0x48000], 0xeeee8000, 0x2113c0}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_GET_REGS(r6, 0x8090ae81, 0x0) 3.423189172s ago: executing program 3 (id=2311): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x75, 0x1c, 0x1, 0x10, 0xfe6, 0x9800, 0xd19a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x29, 0x2, 0x2, 0xb4, 0x8c, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0) socket$packet(0x11, 0x3, 0x300) syz_usb_control_io$printer(r1, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) prctl$PR_MCE_KILL(0x29, 0x1, 0x2) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_SET(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000ac0)={0x58, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0xfffffffffffffe4e}}, {@nsim={{}, {0x0, 0x2, {'netdevsim', 0x0}}}, {}, {0x0, 0x83, 0x1}}, {@nsim={{}, {0x0, 0x2, {'netdevsim', 0x0}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x48859}, 0x4054) syz_usb_connect$hid(0x1, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r4, 0x0) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x52, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local, {[@cipso={0x86, 0x16, 0x3, [{0x5, 0x5, "c0cc2e"}, {0x6, 0x4, ',D'}, {0x0, 0x7, "c7317730c5"}]}, @ra={0x94, 0x4, 0x1}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f00000023c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0xfd, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0xc2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x6, 0x5}]}}}}}}}, 0x0) sendmsg$sock(r0, &(0x7f00000002c0)={&(0x7f0000000100)=@pppoe={0x18, 0x0, {0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 'syzkaller0\x00'}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="17e10c555a35bd5a0173d31e44632b3086fcf8be32ba437c317ae34e2f3ebca2a228d061b3bdf794a2ca9a069f5a1afdae97f04534c1047dd4271b635d4f9824540dc78b9d44b6552acc64be07af16c0e6f437aefbbd1f9bdf5e159d2642d2c9cc60aad12c82d920bd754f6dcd22099ab3d3e2278ecbe3e2e4fd17f713e573b5641dc6d9f67dc6c816dc4dcfb27eebfd0002e37ccaeb3a", 0x97}], 0x1, &(0x7f0000000240)=[@mark={{0x14, 0x1, 0x24, 0xffffffff}}, @timestamping={{0x14, 0x1, 0x25, 0xa}}, @mark={{0x14, 0x1, 0x24, 0x1}}], 0x48}, 0x40) 3.365037326s ago: executing program 2 (id=2313): setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x8991, &(0x7f0000000000)={'veth0_virt_wifi\x00', @ifru_names='veth0_macvtap\x00'}) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x24, r3, 0x1, 0x0, 0x0, {}, [@GTPA_VERSION={0x8}, @GTPA_LINK={0x8}]}, 0x24}}, 0x0) r4 = socket(0x7, 0x6, 0x7ff) read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020, 0x0, 0x0, 0x0}, 0x2020) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@upperdir={'upperdir', 0x3d, './file1'}}], [{@pcr={'pcr', 0x3d, 0x2c}}, {@smackfsroot}, {@fowner_eq={'fowner', 0x3d, r5}}]}) quotactl_fd$Q_GETQUOTA(r4, 0xffffffff80000701, r5, &(0x7f0000000140)) syz_usb_control_io$uac1(r1, 0x0, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r4) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000380)={&(0x7f0000000700)={0x5d4, r6, 0x8, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x2, 0x74}}}}, [@NL80211_ATTR_TID_CONFIG={0x268, 0x11d, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x4}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x2}]}, {0x230, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x3c, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x38, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xe39d, 0x3, 0x5, 0x9, 0x0, 0x9, 0x8614, 0x3]}}]}]}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x3d}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x4f}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x1b0, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xa, 0x1, [0xb, 0xb, 0x4, 0x30, 0x2, 0x1]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x49, 0x2, [{0x3, 0x5}, {0x7, 0xa}, {0x2, 0x4}, {0x6, 0x3}, {0x3, 0x6}, {0x6, 0x9}, {0x1, 0x3}, {0x1}, {0x4, 0xa}, {0x6, 0x7}, {}, {0x1, 0x2}, {0x1, 0x4}, {0x1, 0x9}, {0x6, 0x4}, {0x5, 0x6}, {0x4, 0x1}, {0x1, 0x7}, {0x0, 0x4}, {0x7, 0x3}, {0x2, 0x1}, {0x3, 0x5}, {0x3, 0x1}, {0x1}, {0x4}, {0x5}, {0x2, 0x3}, {0x3, 0x1}, {0x5, 0x8}, {0x3, 0x3}, {0x1, 0x4}, {0x1, 0x7}, {0x1, 0x5}, {0x0, 0x8}, {0x3, 0x6}, {0x5, 0x1}, {0x4, 0x2}, {0x7, 0x6}, {0x5, 0x1}, {0x0, 0x5}, {}, {0x3, 0x1}, {0x7, 0xa}, {0x2, 0x8}, {0x1, 0xa}, {0x3, 0x1}, {0x7, 0xa}, {0x5, 0x3}, {0x4, 0x7}, {0x6, 0x9}, {0x2, 0x1}, {0x0, 0x4}, {0x3, 0x5}, {0x2, 0x7}, {0x2, 0x2}, {0x4}, {0x4, 0x1}, {0x2, 0x4}, {0x1, 0xa}, {0x4, 0x7}, {0x2, 0xa}, {0x0, 0x7}, {0x2, 0x8}, {0x5, 0x8}, {0x1, 0xa}, {0x0, 0x9}, {0x1, 0x7}, {0x1, 0x3}, {0x6, 0x1}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0xc9cec0107d0432e0, 0x3, 0x1, 0x5, 0x6c, 0x5, 0x60, 0xb, 0x60, 0x24]}, @NL80211_TXRATE_GI={0x5, 0x4, 0xd56a5efc0f8eb2c9}]}, @NL80211_BAND_60GHZ={0x2c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x5, 0x2, 0xc73, 0x7, 0x7ff, 0x4e2, 0x3]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x2, 0x4, 0xfeee, 0x3d, 0x4, 0x2, 0x7]}}]}, @NL80211_BAND_6GHZ={0x14, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0xe0, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0xf6, 0x0, 0x3, 0x9, 0xfffb, 0x4, 0x9]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x3f, 0x2, [{0x0, 0x2}, {0x2, 0x4}, {0x1, 0x5}, {0x1, 0x1}, {0x2, 0x2}, {0x6, 0x9}, {0x0, 0x1}, {0x3, 0x9}, {0x6, 0x8}, {0x5, 0x8}, {0x0, 0x5}, {0x6, 0x9}, {0x2, 0x6}, {0x4, 0x7}, {0x6, 0x1}, {0x6, 0x5}, {0x2, 0x8}, {0x2, 0x3}, {0x2, 0x3}, {0x2, 0x4}, {0x6, 0x4}, {0x4, 0x1e}, {0x6, 0xa}, {0x3, 0x7}, {0x7, 0x2}, {0x1, 0x9}, {0x7, 0x5}, {0x6, 0x6}, {0x5, 0xa}, {0x6, 0x5}, {0x6, 0x6}, {0x3, 0x8}, {0x1, 0xa}, {0x3, 0x4}, {0x6, 0xa}, {0x0, 0x2}, {0x1, 0x7}, {0x6, 0x1}, {0x7, 0x4}, {0x7, 0x1}, {0x0, 0x6}, {0x7}, {0x3, 0x9}, {0x4, 0x5}, {0x5, 0x5}, {0x6, 0x1}, {0x5, 0x6}, {0x0, 0x9}, {0x4}, {0x5, 0x4}, {0x5, 0x1}, {0x7}, {0x3}, {0x1, 0x6}, {0x3}, {0x2, 0x3}, {0x5, 0x2}, {0x6, 0x8}, {0x5, 0x5}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0xe2, 0xff, 0x7fff, 0x9, 0xb, 0x3]}}, @NL80211_TXRATE_HT={0x36, 0x2, [{0x3, 0x6}, {0x4, 0x8}, {0x0, 0x3}, {0x4, 0x4}, {0x4, 0x5}, {0x4, 0xa}, {0x5, 0x5}, {0x6, 0x6}, {0x2, 0x2}, {0x2, 0x8}, {0x7, 0x6}, {0x3, 0x7}, {0x0, 0xa}, {0x3, 0x2}, {0x0, 0x2}, {0x3, 0x5}, {0x6, 0x3}, {0x1, 0x9}, {0x4, 0xa}, {0x0, 0x4}, {0x2, 0x9}, {0x0, 0x7}, {0x4, 0x8}, {0x5, 0x4}, {0x6, 0x4}, {0x2, 0x9}, {0x2, 0x7}, {0x5, 0x7}, {0x1, 0x4}, {0x1, 0x4}, {0x1, 0x1}, {0x1}, {0x0, 0x8}, {0x6, 0x8}, {0x6, 0x9}, {0x7, 0x6}, {0x4, 0x3}, {0x6, 0x4}, {0x0, 0x7}, {0x5, 0x5}, {0x5, 0x4}, {0x4, 0x6}, {}, {0x7, 0x9}, {0x6, 0x7}, {0x0, 0x5}, {0x3, 0x3}, {0x4, 0x6}, {0x7, 0x1}, {0x6, 0x9}]}, @NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x12, 0x2, 0x12, 0x1b, 0x48, 0xc, 0x48, 0x1b, 0xb, 0x12, 0x5, 0x7a, 0x1, 0x6, 0x1b, 0x7, 0x8, 0x12, 0x1b, 0x48, 0x5, 0x7]}]}]}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}, @NL80211_ATTR_TID_CONFIG={0x4}, @NL80211_ATTR_TID_CONFIG={0x340, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}, {0x330, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd8}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x10}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x2e4, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x9c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0xd, 0x4, 0x8, 0x3c2, 0x4, 0xfffe, 0xd06c]}}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x0, 0x1}, {0x7, 0x8}, {0x7, 0x1}, {0x2, 0x4}, {0x7, 0x2}, {0x7, 0x8}, {0x5, 0x8}, {0x4, 0x1}, {0x6, 0x8}, {0x6, 0x7}, {0x5, 0x6}, {0x6}, {0x2, 0x3}, {0x0, 0x5}, {0x0, 0x5}, {0x0, 0x4}, {0x3, 0x5}, {0x2, 0x6}, {0x4, 0x2}, {0x4, 0x3}, {0x2, 0x8}, {0x3, 0x7}, {0x4, 0x3}, {0x7, 0x6}, {0x2}, {0x0, 0xa}, {0x1}, {0x1, 0x3}, {0x2, 0x5}, {0x6, 0x6}, {0x4, 0x2}, {0x3, 0x9}, {0x1, 0x1}, {0x0, 0xa}, {0x7, 0x2}, {0x7, 0x4}, {0x5}, {0x5, 0x3}, {0x1, 0x2}, {0x1, 0x6}, {0x7, 0x7}, {0x1, 0x8}, {0x0, 0x9}, {0x5}, {0x5}, {0x3, 0x8}, {0x5, 0x1}, {0x0, 0x9}, {0x5, 0x9}, {0x7, 0x6}, {0x0, 0x4}, {0x3, 0x9}, {0x3, 0x1}, {0x3, 0x3}, {0x5, 0x9}, {0x0, 0x9}, {0x7, 0x3}, {0x0, 0x5}, {0x2, 0x5}, {0x4, 0x1}, {0x1, 0xa}, {0x1}, {0x6, 0x2}, {0x2, 0x9}, {0x2, 0x9}, {0x7, 0x4}, {0x2, 0x8}, {0x4}, {0x4}, {0x1}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x4}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x30, 0x4, 0x30, 0x30, 0x1, 0x36, 0x16, 0x4, 0x3, 0x5, 0x12, 0xc, 0x48, 0x24, 0x18, 0x9, 0x4, 0x1, 0x16, 0x60, 0x12, 0x8cdc7af5d5f0cb1c, 0x9, 0x2, 0x4, 0x4]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_2GHZ={0x84, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x904, 0x5, 0x5, 0xc, 0x7, 0x8, 0x5, 0x89d0]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x1f, 0x401, 0xd, 0x90, 0x2, 0x4, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xcdda, 0x8001, 0x645b, 0x8, 0x64c, 0xd, 0xc6de, 0x65e1]}}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x30, 0x3, 0x60, 0x30, 0x16, 0x3, 0x48, 0x9, 0x6, 0x60, 0x1, 0x6, 0x4, 0x34, 0x48, 0xc, 0x9, 0x18, 0x48, 0x12, 0x6c, 0x6c, 0xc, 0x6c, 0xc, 0x48, 0x2, 0xc]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x4, 0x6, 0x0, 0x8, 0x6, 0x5, 0xfff]}}]}, @NL80211_BAND_5GHZ={0x30, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xe, 0x1, [0x4, 0x30, 0x2, 0x3f, 0x30, 0x3, 0xe7d16d46d670679a, 0x4, 0x0, 0xb]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x28d, 0x5, 0x1ff, 0x7fff, 0x1ff, 0x8cf, 0x9, 0x23ce]}}]}, @NL80211_BAND_5GHZ={0x48, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x18, 0x1, [0x1b, 0x36, 0x48, 0x2, 0x6c, 0x1b, 0x0, 0x18, 0x2, 0x1d, 0x18, 0x6, 0xc, 0x24, 0x1, 0x12, 0x1b, 0x3, 0x18, 0x1]}, @NL80211_TXRATE_LEGACY={0x24, 0x1, [0xc, 0x71, 0xb, 0x4, 0x5, 0x24, 0x2, 0xb, 0x4, 0x24, 0x2, 0x7f, 0x12, 0x3, 0x9, 0x12, 0x0, 0x36, 0x9, 0x30, 0xc, 0x6c, 0x2, 0x18, 0x16, 0x6c, 0x9, 0x18, 0x16, 0xc, 0x18, 0x36]}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_2GHZ={0x30, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x101, 0xa21, 0xb1e, 0x5, 0x101, 0x5, 0x8000, 0x1000]}}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_2GHZ={0x30, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x7, 0x7, 0x9, 0x3, 0x7ff, 0x2bc, 0x8]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x30, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6ef3, 0x101, 0x2, 0x653a, 0x8001, 0x7ff, 0x3, 0x4]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_60GHZ={0x64, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x18]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x17, 0x2, [{0x4, 0x3}, {0x7, 0x8}, {0x2, 0x6}, {0x1, 0x1}, {0x4, 0x1}, {0x4, 0x6}, {0x0, 0x3}, {0x5, 0x6}, {0x3, 0x9}, {0x4, 0x8}, {0x6, 0x8}, {0x2, 0xb}, {0x6, 0x3}, {0x0, 0x7}, {0x2, 0xa}, {}, {0x0, 0x7}, {0x0, 0xa}, {0x2, 0x6}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x7ff, 0x7, 0x8, 0x9, 0x9, 0xf, 0x7]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8001, 0x1000, 0xffff, 0x4, 0x8000, 0xff00, 0x70cc, 0x800]}}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_5GHZ={0x48, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x3, 0x48, 0x60, 0x24, 0xc, 0x1, 0x6c, 0x372f26f33fd307b7, 0xc, 0x12, 0x0]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xa, 0x3270, 0x9, 0x100, 0x7f, 0x8, 0x5, 0x9]}}]}]}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}]}]}, 0x5d4}, 0x1, 0x0, 0x0, 0x40400c5}, 0x8004041) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000540)={0x34, &(0x7f00000006c0)=ANY=[@ANYBLOB="00060f00000064b1"], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000300)=ANY=[@ANYBLOB="0003130400001769a8050000003aa4ff0f0000000000001937"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.441598091s ago: executing program 4 (id=2316): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x38, 0x3, 0x8, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8906}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88e5}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_CLOSED={0x8, 0x1, 0x1, 0x0, 0xffffff00}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}]}, 0x38}, 0x1, 0x0, 0x0, 0x40800}, 0x20000000) 2.369469344s ago: executing program 0 (id=2317): io_setup(0x3ff, &(0x7f0000000500)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{}, &(0x7f00000001c0), &(0x7f0000000300)=r0}, 0x20) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000003d40), 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a050600000000000000000100000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001405000d404600000014000000110001"], 0x6c}}, 0x0) sendmsg$NFT_MSG_GETSET(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x14, 0xa, 0xa, 0x101}, 0x14}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 2.356333946s ago: executing program 4 (id=2318): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a32000000005c000000060a01040000000000000000010000327d000b400000000034000480300001800c0001006269747769888ea40d000280080003400000000208000140000000140800024000000012040004800900010073797a30000000001400000011000100020000000000a53983201400000700000a00"/213], 0xd0}}, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x5, 0x1, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000280)={0x3, 0x100, "77c638b05041a0115f44304807e55536b7fc5ae52727d800", 0x1ff, 0x5, 0x79, 0xdf4}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) syz_open_dev$MSR(&(0x7f0000000100), 0x8, 0x0) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r6 = dup(r5) mmap(&(0x7f0000962000/0x3000)=nil, 0x3000, 0xf, 0x13, r6, 0x3000) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x42, &(0x7f0000000380)='/proc.sys/net/p\x9aJ\xdc\xd6\'\xd9ipv4\x00\x00s/sync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd11=\x11\xc8\xdd\x15\xcc\xd2\xf1d\'%\x11c\x91l,'}, 0x30) ioctl$VIDIOC_G_SLICED_VBI_CAP(0xffffffffffffffff, 0xc0745645, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) syz_io_uring_setup(0xecb, &(0x7f0000000200)={0x0, 0xb6ea, 0x20, 0x0, 0x233, 0x0, r6}, 0x0, &(0x7f0000000300)) open_by_handle_at(r4, &(0x7f0000000240)=ANY=[], 0x10000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) select(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2}) 2.065220836s ago: executing program 0 (id=2319): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x13, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002200000085030000a000000095"], &(0x7f0000001300)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x94) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4607032005000000000000000002003e0000000000012a000038000000000000000f000000000020"], 0x31) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0xb, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000180)={0x10001, "029c6e5c846eccb800d2ae30e3f5c320998750190300", 0xffffffffffffffff}) syz_emit_ethernet(0x3b6, &(0x7f0000000940)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x500, 0x26000000, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0302"}, {0x0, 0x1, "000000050000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x0, "b8a3e100908f61640000000200000000000000000000000000008879e66485201a0015ca83747357a02745000400"/55}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r3, 0xffffffffffffffff}) poll(&(0x7f0000000040)=[{r4, 0x250}, {r2, 0x4050}], 0x2, 0xffffffb3) close_range(r1, 0xffffffffffffffff, 0x0) close(r0) write$rfkill(r0, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x1, 0x1}, 0x8) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x7de, 0x101, 0x0, 0x8, 0x0}) 1.903847543s ago: executing program 1 (id=2320): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, 0xf4}, 0x28) ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r1, 0x4068aea3, &(0x7f00000001c0)={0xc1, 0x0, 0x1}) r3 = socket$inet6(0xa, 0x80001, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x0, 0x10, 0x70bd28, 0x25dfdbfd, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @empty}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @empty}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20018000}, 0x20040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000f, 0x4008032, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x1) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f700000000000000000000000000000000000000000000000000000000000000060000000000"], 0x310) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e22, @local}, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f00000006c0)="0d18687da3e7f33a", 0x8}], 0x1}}], 0x1, 0x40091) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000ec0)=""/4100, 0xffffffffffffffee, 0x1, 0x0}, &(0x7f00000000c0)=0x40) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000a40)={0x8, {{0xa, 0x4e22, 0xe96, @empty, 0x6}}, 0x1, 0x7, [{{0xa, 0x4e21, 0x1, @mcast1, 0x4}}, {{0xa, 0x4e20, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x400}}, {{0xa, 0x4e23, 0x8000, @private1, 0x7fffffff}}, {{0xa, 0x4e23, 0x6, @empty, 0xfff}}, {{0xa, 0x4e22, 0xffff75bc, @dev={0xfe, 0x80, '\x00', 0xd}, 0x10001}}, {{0xa, 0x4e20, 0x11, @mcast2, 0x4}}, {{0xa, 0x4e21, 0x2b, @private1={0xfc, 0x1, '\x00', 0x1}, 0x6}}]}, 0x410) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40283) 1.416699562s ago: executing program 1 (id=2321): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newroute={0x30, 0x18, 0x1ef, 0x0, 0x25dfdbfc, {0xa, 0x0, 0x20, 0x0, 0x0, 0x4, 0x0, 0x8}, [@RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}]}, 0x30}, 0x1, 0x11}, 0x0) 1.309028198s ago: executing program 1 (id=2322): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x18) r1 = getpid() ioprio_get$pid(0x2, r1) prctl$PR_SET_THP_DISABLE(0x41, 0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xffffa000) 1.204032466s ago: executing program 1 (id=2323): write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) r0 = syz_clone(0x220000, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)="104256c89062ce460b7c044b3d5b0700c88f9e1018681390e470b289e19469bf64677198907a262ac530b2f52b61f71d1a24606306175ab0b0589e1957d9eac2bf2917a667a864cebf3eaa5b11e22e33a5995aebcfe9404c5735f386b3dbd6d657ba2297") prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r4, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r7], 0x54}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r10, @ANYBLOB="01"], 0x20}}, 0x0) r11 = socket(0x1, 0x803, 0x0) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)=@newlink={0x50, 0x10, 0xf11, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x104}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x20, 0x20}}}}}}, @IFLA_MASTER={0x8, 0xa, r12}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 1.148200591s ago: executing program 0 (id=2324): socket$kcm(0x29, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = fsopen(&(0x7f0000000140)='mqueue\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e22, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @in6={0xa, 0x4e22, 0x2, @local, 0x6}, @in6={0xa, 0x4e24, 0xe7dc, @private2, 0x7fff}], 0x54) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r2, 0x3b85, &(0x7f0000000440)={0x28, 0x7, r3, 0x0, &(0x7f0000000480)='L', 0x1, 0x3}) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r2, 0x3b87, &(0x7f0000000600)={0x18, 0x1, 0x0, 0x0, r3}) r4 = syz_open_dev$cec(&(0x7f0000002340), 0x0, 0x101441) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x60}, {0xffffffffffffffff, 0xd401}], 0x2, &(0x7f0000000440)={0x77359400}, &(0x7f0000000480)={[0x3ff]}, 0x37) ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000100)=0x22) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x80000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r7, 0x4004ae99, &(0x7f0000000140)=0x1) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = fsmount(r1, 0x0, 0x0) fchdir(r8) r9 = inotify_init1(0x80800) inotify_add_watch(r9, &(0x7f0000000080)='.\x00', 0x2000434) mq_open(&(0x7f00000004c0)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xednux\x02\xc7\x12\xec\xca7\xbc\x1fS\x1c\x05y\x91\xe5\x9aL\xa9u\b\x00\x00\x00\xa0pC\x19\x9b\vY\x186\xa4\xe7\x1eg{`\xfa\xf3n\x8fIj6f\xfb\x13-g\x19(a6\x18\xe24nz\x83w8\xff\xfb\x83\f\x9a\xda\xc5w\x8eo\x02\xa3\xc1\x83\x91\xc6\xfd\x8c\xc4s\x03\x16\xa4+\xce|^\x98K_0\x8a\xb0\xff~\x1e\xd92\xb4r\xd8\xe7', 0x40, 0x110, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) syz_emit_ethernet(0x86, &(0x7f0000000040)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x50, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "5b29ab", 0x0, 0x11, 0x0, @private1, @remote, [@dstopts={0x0, 0x0, '\x00', [@ra={0x5, 0x3a}]}], "fb36eeca6fad50b375a22a584d16ca55"}}}}}}}, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4) r10 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r10, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x177ffb498171ed1, 0x0) 1.070889451s ago: executing program 4 (id=2325): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xffffffffffffff6e, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r2, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r0], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r3, 0x0, 0x0, 0x44010, &(0x7f0000000040)={0x11, 0x8100, r2, 0x1, 0x7}, 0x14) 1.014790431s ago: executing program 0 (id=2326): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0xe0842) r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f00000001c0)={0x4000000, 0x2}) ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000040)={0x4000000}) r3 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240), 0x40401, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r4, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r1, 0xc01064c7, &(0x7f0000000100)={0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r5, 0xc00464c9, &(0x7f0000000140)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000a000000080000000200000f"], 0x0, 0x46, 0x0, 0x9}, 0x28) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x1a}, 0x20) ioctl$DRM_IOCTL_VERSION(r1, 0xc0406400, &(0x7f0000000380)={0x6, 0x10000a, 0xfffffffa, 0x67, &(0x7f0000000280)=""/103, 0x1e, &(0x7f0000000180)=""/30, 0x105, &(0x7f00000003c0)=""/261}) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r0, 0xc01864ba, &(0x7f0000000340)={0x8, 0x0, 0x0, 0xe0e0e0e0}) 965.500822ms ago: executing program 1 (id=2327): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x43) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20) sendmmsg$inet6(r0, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x56, 0x10) (fail_nth: 5) 963.36021ms ago: executing program 3 (id=2328): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x7ffc, 0x7}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r1, 0x0, 0x0}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_dev$admmidi(0x0, 0x2, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYRES32=0x0, @ANYBLOB="8b040400000000001c00128009000100626f6e64000000000c00028008000400ff00"], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x40000) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000008c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d48001280140001800c000100636f756e7465720004000280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008000001800b6fcf1a22796e736574000008000340000001"], 0xd4}, 0x1, 0x0, 0x0, 0x20040000}, 0x8000) 867.737447ms ago: executing program 0 (id=2329): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a"], 0x50}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)={0x20, 0xd, 0xa, 0xe01, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)=ANY=[@ANYBLOB="0500005da4eaa918f17988776bd1e12d45dd7adf399861117e6b9d470da80159663dcb048d469078afcd8de8fb86c5b33b41b8245f1914109a6439adfb47db9509a4681d2546fe56f08051fbffffffec000000000000007f6ee759c65abe6144470471e400e03e6f45cc961ef61141938e40666fd61500000000000072c09e42fe6d7f5fa974e7a4d78114dee686cda88a5e28ef19dad84508231ce8ff578b61ae90c5f5e253353dac3c04c0ab1b7731ccea", @ANYRES16=r2, @ANYBLOB="01082abd7000000000002a000000080058000000000008000300020000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x44}, 0x1, 0x0, 0x0, 0xd4209235c937efa7}, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000a00)={0x194, r2, 0x100, 0x78bd2a, 0x25dfdbf6, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x816}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1000}}]}, 0x194}}, 0x240048d5) bind$bt_sco(r1, &(0x7f0000000000)={0x1f, @none}, 0x8) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x200, 0x800, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x4, 0x5}, {0x7, 0x6}, {0x5, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x24008884) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0], 0x3}}, 0x0) write$binfmt_misc(r6, &(0x7f0000000000), 0xfffffecc) splice(r5, 0x0, 0xffffffffffffffff, 0x0, 0x4ffe6, 0x0) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000700)={r7, 0x0, {0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x9, 0x1, 0x18, "ff37b8ff4cc86ace6f6a6e940c7b7398c72e9897b16a635a6f2b1e9727d4ea0cbd15ad76d01025b74cb8c81b3460563cfbf2bcc94d5fa4502c24baea520d1142", "5c3caac1ca26e53ad4eb59a3049ff49da406121bb34fff15fde09a495d75c222cc7f1b3633f9e65b2cc7155effae89c876fe185f12a70bead7a72ecd3110672c", "2086def75336769ec9535f86598c4855799bbf4d80c7230f2de054a893072e67", [0x8]}}) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r9, 0x5, &(0x7f00000005c0)='fd', 0x0, r8) fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r10, 0xffffffffffffffff, 0x0) 818.804289ms ago: executing program 4 (id=2330): openat(0xffffffffffffff9c, 0x0, 0x0, 0xd1) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) write$vga_arbiter(r0, 0x0, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)) syz_io_uring_submit(0x0, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000400)={0x53, 0xfffffffffffffffd, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendfile(r1, r1, 0x0, 0x200000) r3 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0xe, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x1, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x40000000, 0x0, 0x8}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x0, 0x0, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff}}}}}]}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000200)='gid_map\x00') socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) shutdown(r4, 0x1) 97.46017ms ago: executing program 0 (id=2331): r0 = memfd_create(&(0x7f0000002840)='\x1aj~\x97\xc1\x00\x00\x00\xff\x00\x00\x00\x7f\xef_\xd3\xdc=f.z=\x80=8\x1f\x14\xa2&\xbam\v\xa9\f\xf5\x17t\xc9\x80\xf4\xa1\xeb\x907L\x7f \xe3\x19\xcb\xbf\xfc\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00h}\x00\x135V\xd9\xe0\xb0\x17\x01g\xff?\xc8\xfb3\x93\xbc\xcf\xf2\x95\xbeYd,\xb3\x17\xb0L\xe841(\"\xc2K\x11\x81\xef.m\xf7@\xb1\xf9\xee\xce\\\xd9\x03\nHNzF``\xa0\xc4}P\xb3\b\x0e\xcd\x86\'qb\x9a\xce\"\xfb\xd6\x91\'\x9b~\xcd\xfd\xaa\n\xea\x8dC\x9aQ\n\xce\"\x9cN\xed0\xf0\xc2x\x93h\xe8\\\x18\xd26\xe7\x8d4\x06\xf0\xe3M\xe5\x91\x0f\x85\x97gla\x06\xe1\xba\x1a\x1d \n\fr\xae\x12M\xcb6\xe0\x15\xd5d\x16\xc3\xdf\xa2\x04wB\xd0\x18\xa4\x17|\vH\xf5\xb0\xb5\xc7\x9f`Fz\xa3x\x99\xe17\xd2vAW\xe5\x18)9\xba\xa68A\xf8y\xe6\xac\xda\xc7u\xa9\x00{:\x01\xee,\a:\x06\xad{\x80\xfd\xc7\"\x95\x0f\xe3\x86\x19\xc3\xd2\xf7\x18\xf8\xed\x8b\"\xd8\x8f\xde`\xb0D\xfd\x84\xa3\xd7\xf3R\x8d\x88\xdaJ\xb0\xf8^\xd4>\xc7e\xab\x8f+\xda\x9b\xae\xf2\xca\xb9\xde\xb5\x8f\xdb\xba}\x7f\xf8\xe5i,m\b\xf0\xc7\xe9R\x9cY$\xcb\x00/!Z\xeb\x9bE\xf2\xb9\xcc\xf0\x9c\x02\xfc\x9c\x91q\xba|\x80n\x1f\xffG\xc3\x13\xe7v\xa7\x95md\x0f\xa5\x06\v^n\x84d5o\x02\xb3.\x8dc\x18\xe0\xc2\x9b\xe1D\x0fB] \xdfJGr\xdbc,\xef82%\x97\xe4;u\xa9\xe5\xef*n\xf613\x17\x80[\x90]\xef\xc1\x8e\rD\xd2\xe0\x8c\xf2\x00\x00\x00\x00\x00\x00\x00Gs\xab\x1e\xa13\x93\x8d\x04U\xf5\xb8Th9s3\xc9\xbf\xe5My$\x99.\xf0\xd5\xc8\xb1\xfc4\xe7\x83z\x11a\xb7\xebY\x1d\xcd\x81N\xed\xbd\xa5\xce\xa0f\xe5q2\xbc#w\xe4_\x8a-\xad\xc2/_\xe6\nE\xeb\x9c\x96\xf4`\xa2\x06\xe0^\xfb\x99\xbb}\xfb\x052_\x83*B\xf1\xf0\x95\xd2K\xd6\xe5\xb1\x1a\x02,\xbe\xf5\xd0\xd4\xa1A\xf3!\n\xc6b\xeb\x92\xea\xd8\xe1$\xbbUO\x1fS\x02\x9e\xa7|i:\xb1\xf60\xf6M\xe6,\x81=F\xa1\xca\x06\x0e\x14\x89/\xa7\"\x17-h9\x176\x9d\x04\x1el\xdcp\x89\x1b \x93f\x9a\x10\xd9\xa2Y\b\xfalA\xe1\x1bI\xb9\xf8\xa0\xb0\xc2\x04\xedO\n\vj&\xb5\x04\xc3{Yt\xf4rS^\x0e$\xe9\x05\xcd\x9b\x84\x14`\xed\x9e\xbbh\x81h\xf2\xe7\xe2DO\x1a\xe9\xc1\x1cu\xa5\xbd\x90\xbb\x03\xd5\x00\xf2\x83T\xe4\x0eF\x7f\x85\xb5\xe9CJ0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x200, 0x800, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x4, 0x5}, {0x7, 0x6}, {0x5, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x9}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x24008884) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r7, 0x5, &(0x7f00000005c0)='fd', 0x0, r6) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) close_range(r8, 0xffffffffffffffff, 0x0) 0s ago: executing program 3 (id=2333): syz_emit_ethernet(0x46, &(0x7f0000000200)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x1, 0x37, 0x3ff, 0x68, 0x26, 0x7, 0x84, 0x0, @multicast2, @local}, "7c2a0ee5964de6de"}}}}}, 0x0) r0 = syz_usbip_server_init(0x1) write$usbip_server(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000300"], 0x35) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x19, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061121c000000000095"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) kernel console output (not intermixed with test programs): 447.328283][ C1] vcan0: j1939_tp_txtimer: 0xffff888057815c00: tx aborted with unknown reason: -2 [ 447.341283][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888057817c00: 0x00000: (250) Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250) [ 447.361721][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888057815c00: 0x00000: (250) Any other reason (if a Connection Abort reason is identified that is not listed in the table use code 250) [ 448.898910][T11185] overlay: Unknown parameter 'smackfsroot' [ 448.984935][T11191] trusted_key: encrypted_key: insufficient parameters specified [ 450.354666][T11215] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3723099071 (7446198142 ns) > initial count (5129442290 ns). Using initial count to start timer. [ 451.103874][ T5935] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 451.117734][T11226] 8021q: VLANs not supported on ipvlan1 [ 451.396296][T11228] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 451.510931][ T5935] usb 4-1: config 0 has no interfaces? [ 451.519329][ T5935] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 451.528724][ T5935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.540244][ T30] audit: type=1400 audit(1752528489.909:677): avc: denied { map } for pid=11229 comm="syz.2.1535" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 451.572539][ T5935] usb 4-1: config 0 descriptor?? [ 451.577983][ T30] audit: type=1400 audit(1752528489.909:678): avc: denied { execute } for pid=11229 comm="syz.2.1535" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 451.811907][ T5894] usb 4-1: USB disconnect, device number 47 [ 452.298186][T11239] netlink: 'syz.0.1537': attribute type 1 has an invalid length. [ 452.316880][T11239] 8021q: adding VLAN 0 to HW filter on device bond3 [ 452.361745][T11239] bond3: (slave veth7): Enslaving as an active interface with a down link [ 452.437150][T11251] veth13: entered promiscuous mode [ 452.442421][T11251] veth13: entered allmulticast mode [ 452.453788][T11251] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1540'. [ 452.527942][T11252] xt_hashlimit: max too large, truncated to 1048576 [ 452.638662][T11254] 8021q: VLANs not supported on ipvlan1 [ 452.787891][T11257] overlay: ./file0 is not a directory [ 452.793559][ T30] audit: type=1400 audit(1752528491.169:679): avc: denied { mounton } for pid=11255 comm="syz.2.1543" path="/301/file0" dev="tmpfs" ino=1600 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 453.571604][ T5876] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 453.950593][ T5876] usb 3-1: Using ep0 maxpacket: 16 [ 454.100622][ T5876] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 454.346984][ T5876] usb 3-1: config 0 interface 0 has no altsetting 0 [ 454.389008][ T5876] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 454.432198][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.483226][ T5876] usb 3-1: config 0 descriptor?? [ 455.192087][T11294] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1555'. [ 455.201554][T11294] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1555'. [ 455.546869][ T5876] nzxt-smart2 0003:1E71:2009.0015: unknown main item tag 0x0 [ 455.603556][ T5876] nzxt-smart2 0003:1E71:2009.0015: unknown main item tag 0x0 [ 455.642031][ T5876] nzxt-smart2 0003:1E71:2009.0015: unknown main item tag 0x0 [ 455.649840][ T5876] nzxt-smart2 0003:1E71:2009.0015: unknown main item tag 0x0 [ 455.664146][ T5876] nzxt-smart2 0003:1E71:2009.0015: unknown main item tag 0x0 [ 455.881835][ T5876] nzxt-smart2 0003:1E71:2009.0015: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0 [ 455.955827][ C0] usb 3-1: input irq status -75 received [ 456.216101][ T5876] usb 3-1: USB disconnect, device number 32 [ 456.253896][T11310] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(137) [ 456.260607][T11310] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 456.269376][T11310] vhci_hcd vhci_hcd.0: Device attached [ 456.277696][T11310] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(139) [ 456.284402][T11310] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 456.293513][T11310] vhci_hcd vhci_hcd.0: Device attached [ 456.352098][T11314] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 456.433453][T11317] vhci_hcd: connection closed [ 456.433784][ T9616] vhci_hcd: stop threads [ 456.446829][T11315] vhci_hcd: connection closed [ 456.462546][ T9616] vhci_hcd: release socket [ 456.482469][ T9616] vhci_hcd: disconnect device [ 456.487698][ T9616] vhci_hcd: stop threads [ 456.500497][ T30] audit: type=1326 audit(1752528494.879:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2abd8e929 code=0x7ffc0000 [ 456.531937][ T5935] usb 39-1: new low-speed USB device number 3 using vhci_hcd [ 456.539420][ T9616] vhci_hcd: release socket [ 456.549573][ T9616] vhci_hcd: disconnect device [ 456.575754][ T30] audit: type=1326 audit(1752528494.879:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2abd8e929 code=0x7ffc0000 [ 456.634216][ T30] audit: type=1326 audit(1752528494.999:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fa2abd8e929 code=0x7ffc0000 [ 456.658225][ T30] audit: type=1326 audit(1752528494.999:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2abd8e929 code=0x7ffc0000 [ 456.683112][ T30] audit: type=1326 audit(1752528494.999:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2abd8e929 code=0x7ffc0000 [ 456.707752][ T30] audit: type=1326 audit(1752528495.009:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa2abd8e929 code=0x7ffc0000 [ 457.207813][ T30] audit: type=1326 audit(1752528495.009:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2abd8e929 code=0x7ffc0000 [ 457.234034][ T30] audit: type=1326 audit(1752528495.009:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2abd8e929 code=0x7ffc0000 [ 457.314039][ T30] audit: type=1326 audit(1752528495.009:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa2abd8e929 code=0x7ffc0000 [ 457.481970][ T30] audit: type=1326 audit(1752528495.009:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2abd8e929 code=0x7ffc0000 [ 457.636712][ C1] wlan1: beacon TX faster than countdown (channel/color switch) completion [ 458.390361][ T30] audit: type=1326 audit(1752528495.009:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11325 comm="syz.0.1562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2abd8e929 code=0x7ffc0000 [ 458.831324][ T5941] usb 4-1: new full-speed USB device number 48 using dummy_hcd [ 459.043017][T11368] trusted_key: encrypted_key: insufficient parameters specified [ 459.077791][ T7029] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 459.100048][ T5941] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 459.112804][ T5941] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 459.123283][ T5941] usb 4-1: config 0 has no interface number 0 [ 459.132635][ T5941] usb 4-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e [ 459.141790][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.149793][ T5941] usb 4-1: Product: syz [ 459.154040][ T5941] usb 4-1: Manufacturer: syz [ 459.158643][ T5941] usb 4-1: SerialNumber: syz [ 459.169470][ T5941] usb 4-1: config 0 descriptor?? [ 459.179496][ T5941] imon 4-1:0.2: unable to register, err -19 [ 459.253552][ T7029] usb 2-1: Using ep0 maxpacket: 8 [ 459.300032][ T7029] usb 2-1: config 0 has no interfaces? [ 459.307818][ T7029] usb 2-1: New USB device found, idVendor=0853, idProduct=0146, bcdDevice= 0.00 [ 459.316930][ T7029] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.327901][ T7029] usb 2-1: config 0 descriptor?? [ 459.477429][T11351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 459.823377][T11351] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 459.842459][ T7029] usb 4-1: USB disconnect, device number 48 [ 459.852224][ T5941] usb 2-1: USB disconnect, device number 45 [ 459.861839][T11348] [U]  [ 460.681224][ T7029] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 460.831651][ T7029] usb 2-1: Using ep0 maxpacket: 16 [ 460.838477][ T7029] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 460.847331][ T7029] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 460.857500][ T7029] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 460.868179][ T7029] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 460.877492][ T7029] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.885592][ T7029] usb 2-1: Product: syz [ 460.890251][ T7029] usb 2-1: Manufacturer: syz [ 460.895071][ T7029] usb 2-1: SerialNumber: syz [ 461.633306][ T7029] usb 2-1: 0:2 : does not exist [ 461.692473][ T5935] vhci_hcd: vhci_device speed not set [ 461.771269][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 461.771300][ T30] audit: type=1400 audit(1752528500.149:715): avc: denied { ioctl } for pid=11399 comm="syz.1.1589" path="socket:[31625]" dev="sockfs" ino=31625 ioctlcmd=0x4942 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 462.193477][T11423] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1598'. [ 462.202653][T11423] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1598'. [ 462.360173][T11434] lo speed is unknown, defaulting to 1000 [ 462.430794][T11403] netlink: 'syz.1.1589': attribute type 5 has an invalid length. [ 462.430798][T11438] netlink: 'syz.1.1589': attribute type 5 has an invalid length. [ 462.449387][ T5941] usb 2-1: USB disconnect, device number 46 [ 462.511453][ T5876] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 462.641320][ T5876] usb 4-1: device descriptor read/64, error -71 [ 462.891721][ T5876] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 463.032171][ T5876] usb 4-1: device descriptor read/64, error -71 [ 463.109309][T11449] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1606'. [ 463.214198][ T5876] usb usb4-port1: attempt power cycle [ 463.611296][ T5876] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 463.633826][ T5876] usb 4-1: device descriptor read/8, error -71 [ 463.871393][ T5876] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 463.972376][ T5876] usb 4-1: device descriptor read/8, error -71 [ 464.031284][ T5941] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 464.250447][ T5876] usb usb4-port1: unable to enumerate USB device [ 464.632138][ T5876] IPVS: starting estimator thread 0... [ 464.641201][ T5941] usb 2-1: Using ep0 maxpacket: 32 [ 464.648455][ T5941] usb 2-1: unable to get BOS descriptor or descriptor too short [ 464.657206][ T5941] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 464.666083][ T5941] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 464.676265][ T5941] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 464.688064][ T5941] usb 2-1: string descriptor 0 read error: -22 [ 464.695802][ T5941] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 464.706242][ T5941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.741942][T11472] IPVS: using max 44 ests per chain, 105600 per kthread [ 464.745513][ T5941] usb 2-1: 0:2 : does not exist [ 464.926700][ T7029] usb 2-1: USB disconnect, device number 47 [ 466.001233][ T5941] usb 4-1: new full-speed USB device number 53 using dummy_hcd [ 466.225721][ T5941] usb 4-1: not running at top speed; connect to a high speed hub [ 466.272874][ T5941] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 466.284355][ T5941] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 466.341692][ T5941] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 33, using maximum allowed: 30 [ 466.503936][ T5941] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 466.517632][T11501] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 466.517632][T11501] The task syz.2.1619 (11501) triggered the difference, watch for misbehavior. [ 466.691201][ T5941] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 466.730384][ T5941] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 466.739950][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.748151][ T5941] usb 4-1: Product: syz [ 466.753811][ T5941] usb 4-1: Manufacturer: syz [ 466.758852][ T5941] usb 4-1: SerialNumber: syz [ 466.855832][T11507] FAULT_INJECTION: forcing a failure. [ 466.855832][T11507] name failslab, interval 1, probability 0, space 0, times 0 [ 466.869127][T11507] CPU: 1 UID: 0 PID: 11507 Comm: syz.1.1623 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 466.869152][T11507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 466.869162][T11507] Call Trace: [ 466.869167][T11507] [ 466.869174][T11507] dump_stack_lvl+0x16c/0x1f0 [ 466.869203][T11507] should_fail_ex+0x512/0x640 [ 466.869224][T11507] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 466.869247][T11507] should_failslab+0xc2/0x120 [ 466.869271][T11507] __kmalloc_cache_noprof+0x6a/0x3e0 [ 466.869288][T11507] ? xdp_umem_create+0x4f/0x1270 [ 466.869311][T11507] xdp_umem_create+0x4f/0x1270 [ 466.869331][T11507] ? __pfx_sock_has_perm+0x10/0x10 [ 466.869356][T11507] xsk_setsockopt+0x5b2/0x840 [ 466.869374][T11507] ? __pfx_xsk_setsockopt+0x10/0x10 [ 466.869391][T11507] ? __lock_acquire+0x622/0x1c90 [ 466.869412][T11507] ? selinux_socket_setsockopt+0x6a/0x80 [ 466.869432][T11507] ? __pfx_xsk_setsockopt+0x10/0x10 [ 466.869450][T11507] do_sock_setsockopt+0x221/0x470 [ 466.869475][T11507] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 466.869516][T11507] __sys_setsockopt+0x1a0/0x230 [ 466.869542][T11507] __x64_sys_setsockopt+0xbd/0x160 [ 466.869560][T11507] ? do_syscall_64+0x91/0x4c0 [ 466.869582][T11507] ? lockdep_hardirqs_on+0x7c/0x110 [ 466.869604][T11507] do_syscall_64+0xcd/0x4c0 [ 466.869627][T11507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.869644][T11507] RIP: 0033:0x7f8c0458e929 [ 466.869658][T11507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 466.869672][T11507] RSP: 002b:00007f8c053a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 466.869688][T11507] RAX: ffffffffffffffda RBX: 00007f8c047b5fa0 RCX: 00007f8c0458e929 [ 466.869700][T11507] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 [ 466.869710][T11507] RBP: 00007f8c053a3090 R08: 0000000000000020 R09: 0000000000000000 [ 466.869720][T11507] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001 [ 466.869730][T11507] R13: 0000000000000000 R14: 00007f8c047b5fa0 R15: 00007fff8c2344c8 [ 466.869752][T11507] [ 467.078027][ C1] vkms_vblank_simulate: vblank timer overrun [ 467.115471][T11483] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1616'. [ 467.126085][T11484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 467.135797][T11483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 467.161968][T11484] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 467.170055][T11483] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 467.237907][ T5941] usb 4-1: 0:2 : does not exist [ 467.384270][T11513] 8021q: VLANs not supported on ipvlan1 [ 467.413797][ T5941] usb 4-1: USB disconnect, device number 53 [ 468.267460][ T5876] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 468.514704][ T5876] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 468.532091][ T5876] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 468.549680][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.560944][ T5876] usb 3-1: config 0 descriptor?? [ 468.618209][ T5876] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 468.657822][T11536] usb usb8: usbfs: process 11536 (syz.1.1631) did not claim interface 0 before use [ 469.627882][T11541] netlink: 'syz.3.1633': attribute type 1 has an invalid length. [ 469.986349][T11541] 8021q: adding VLAN 0 to HW filter on device bond2 [ 470.002470][ T5935] usb 3-1: USB disconnect, device number 33 [ 470.069041][T11545] veth5: entered promiscuous mode [ 470.570895][ T30] audit: type=1400 audit(1752528508.949:716): avc: denied { accept } for pid=11557 comm="syz.0.1639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 471.794047][T11585] 8021q: VLANs not supported on ipvlan1 [ 472.420983][ T5876] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 472.508170][T11595] trusted_key: encrypted_key: insufficient parameters specified [ 472.911271][ T5876] usb 3-1: Using ep0 maxpacket: 8 [ 472.918926][T11603] tipc: Enabling of bearer rejected, failed to enable media [ 472.948234][ T5876] usb 3-1: config 0 has no interfaces? [ 472.954383][ T5876] usb 3-1: New USB device found, idVendor=0853, idProduct=0146, bcdDevice= 0.00 [ 472.973335][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.003269][ T5876] usb 3-1: config 0 descriptor?? [ 473.023287][ T5985] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 473.367532][ T5985] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 473.412406][ T5985] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 473.417536][ T5935] usb 3-1: USB disconnect, device number 34 [ 473.428795][T11582] [U]  [ 473.432446][ T5985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.472722][ T5985] usb 2-1: config 0 descriptor?? [ 473.482678][ T5985] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 473.540548][T11617] trusted_key: encrypted_key: insufficient parameters specified [ 473.590404][T11619] 9pnet_fd: Insufficient options for proto=fd [ 473.602327][T11619] netlink: 'syz.4.1659': attribute type 4 has an invalid length. [ 473.992801][T11631] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1661'. [ 475.023142][ T5901] usb 2-1: USB disconnect, device number 48 [ 475.681654][T11657] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 475.905036][T11663] netlink: 'syz.2.1675': attribute type 1 has an invalid length. [ 476.558971][T11663] 8021q: adding VLAN 0 to HW filter on device bond7 [ 477.312518][ T30] audit: type=1400 audit(1752528515.639:717): avc: denied { unmount } for pid=5840 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 477.366510][T11663] veth9: entered promiscuous mode [ 477.376646][T11685] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1684'. [ 477.404981][T11663] bond7: (slave veth9): Enslaving as a backup interface with a down link [ 477.441385][ T7029] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 477.586334][T11702] veth0: entered promiscuous mode [ 477.596098][T11694] veth0: left promiscuous mode [ 477.600032][T11692] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1685'. [ 477.616569][ T7029] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 477.641301][ T7029] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 477.650213][ T7029] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 477.659548][ T7029] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.670408][ T7029] usb 2-1: config 0 descriptor?? [ 477.741257][ T5908] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 477.794195][T11708] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1685'. [ 477.805287][T11708] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1685'. [ 477.891341][ T5908] usb 3-1: Using ep0 maxpacket: 8 [ 477.927866][ T5908] usb 3-1: config 0 interface 0 altsetting 33 endpoint 0x81 has an invalid bInterval 126, changing to 10 [ 477.967845][ T5908] usb 3-1: config 0 interface 0 has no altsetting 0 [ 477.978274][ T7029] Bluetooth: Can't get state to change to load ram patch err [ 478.066574][ T5908] usb 3-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 478.080868][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.099682][ T5908] usb 3-1: config 0 descriptor?? [ 478.167392][ T7029] Bluetooth: Loading patch file failed [ 478.172928][ T7029] ath3k 2-1:0.0: probe with driver ath3k failed with error -71 [ 478.183202][ T7029] usb 2-1: USB disconnect, device number 49 [ 480.540214][ T30] audit: type=1326 audit(1752528518.919:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11740 comm="syz.4.1697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f620b18e929 code=0x7ffc0000 [ 480.579523][ T5908] usbhid 3-1:0.0: can't add hid device: -71 [ 480.588877][ T5908] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 480.725896][ T5908] usb 3-1: USB disconnect, device number 35 [ 480.739294][ T30] audit: type=1326 audit(1752528518.919:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11740 comm="syz.4.1697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f620b18e929 code=0x7ffc0000 [ 480.766391][ T30] audit: type=1326 audit(1752528518.919:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11740 comm="syz.4.1697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f620b18e929 code=0x7ffc0000 [ 480.964091][ T30] audit: type=1326 audit(1752528518.919:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11740 comm="syz.4.1697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f620b18d3df code=0x7ffc0000 [ 481.004873][ T30] audit: type=1326 audit(1752528518.919:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11740 comm="syz.4.1697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f620b18e929 code=0x7ffc0000 [ 481.095860][T11750] netlink: 'syz.2.1699': attribute type 1 has an invalid length. [ 481.106618][T11750] overlayfs: failed to resolve './file1': -2 [ 481.147443][ T30] audit: type=1400 audit(1752528519.529:723): avc: denied { accept } for pid=11752 comm="syz.2.1703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 481.430309][T11753] netlink: 'syz.2.1703': attribute type 1 has an invalid length. [ 481.439861][T11754] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 481.447264][T11762] trusted_key: encrypted_key: insufficient parameters specified [ 482.892444][ T5908] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 483.054900][ T5908] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 483.075892][ T5908] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 483.085975][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.100999][ T5908] usb 3-1: config 0 descriptor?? [ 483.112358][ T5908] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 484.116851][ T7029] usb 3-1: USB disconnect, device number 36 [ 484.554879][T11798] trusted_key: encrypted_key: insufficient parameters specified [ 485.035108][T11800] netlink: 'syz.2.1715': attribute type 1 has an invalid length. [ 485.300906][T11800] 8021q: adding VLAN 0 to HW filter on device bond8 [ 485.375497][T11800] veth11: entered promiscuous mode [ 485.587770][T11800] bond8: (slave veth11): Enslaving as a backup interface with a down link [ 486.862035][ T5876] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 487.032238][ T5876] usb 2-1: Using ep0 maxpacket: 8 [ 487.034489][T11847] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11847 comm=syz.2.1729 [ 487.050552][ T30] audit: type=1400 audit(1752528525.419:724): avc: denied { accept } for pid=11846 comm="syz.2.1729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 487.061771][ T5876] usb 2-1: config 0 has no interfaces? [ 487.069927][ C1] vkms_vblank_simulate: vblank timer overrun [ 487.085552][ T5876] usb 2-1: New USB device found, idVendor=0853, idProduct=0146, bcdDevice= 0.00 [ 487.115707][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.154763][ T5876] usb 2-1: config 0 descriptor?? [ 487.307720][ T30] audit: type=1400 audit(1752528525.509:725): avc: denied { read } for pid=11846 comm="syz.2.1729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 487.361362][ T5985] usb 3-1: new full-speed USB device number 37 using dummy_hcd [ 487.429982][ T5876] usb 2-1: USB disconnect, device number 50 [ 487.443622][T11822] [U]  [ 487.592711][ T5985] usb 3-1: config 8 has an invalid interface number: 177 but max is 0 [ 487.611677][ T5985] usb 3-1: config 8 has no interface number 0 [ 487.627912][ T5985] usb 3-1: config 8 interface 177 altsetting 9 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 487.659986][ T5985] usb 3-1: config 8 interface 177 altsetting 9 endpoint 0x88 has invalid maxpacket 1023, setting to 64 [ 487.666025][T11837] overlayfs: statfs failed on './file0' [ 487.687099][ T5985] usb 3-1: config 8 interface 177 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0 [ 487.711239][ T5985] usb 3-1: config 8 interface 177 has no altsetting 0 [ 487.724367][ T5985] usb 3-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 487.744691][ T5985] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.766650][T11847] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 487.823464][ T5935] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 487.986947][T11847] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 487.994184][T11847] IPv6: NLM_F_CREATE should be set when creating new route [ 488.002196][T11847] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 488.012509][ T5985] usb 3-1: string descriptor 0 read error: -71 [ 488.019413][ T5985] ir_toy 3-1:8.177: required endpoints not found [ 488.041493][ T5985] usb 3-1: USB disconnect, device number 37 [ 488.041640][ T5935] usb 4-1: Using ep0 maxpacket: 32 [ 488.114376][ T5935] usb 4-1: unable to get BOS descriptor or descriptor too short [ 488.143675][ T5935] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 488.210297][ T5935] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 488.303970][ T5935] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 488.457184][ T5935] usb 4-1: string descriptor 0 read error: -22 [ 488.475161][ T5935] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 488.484752][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.516385][ T5935] usb 4-1: 0:2 : does not exist [ 489.431493][ T5901] usb 4-1: USB disconnect, device number 54 [ 489.474558][ T5985] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 489.631262][ T5985] usb 3-1: Using ep0 maxpacket: 32 [ 489.643222][ T5985] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.680199][ T5985] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.719048][ T5985] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 489.776958][ T5985] usb 3-1: New USB device found, idVendor=0b05, idProduct=1866, bcdDevice= 0.00 [ 489.818394][ T5985] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.873770][ T5985] usb 3-1: config 0 descriptor?? [ 490.484530][ T5985] asus 0003:0B05:1866.0016: unknown main item tag 0x7 [ 490.500992][T11885] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1744'. [ 490.523010][ T5985] asus 0003:0B05:1866.0016: hidraw0: USB HID v0.00 Device [HID 0b05:1866] on usb-dummy_hcd.2-1/input0 [ 490.551606][ T5985] asus 0003:0B05:1866.0016: Asus input not registered [ 490.569978][ T5985] asus 0003:0B05:1866.0016: probe with driver asus failed with error -12 [ 490.632370][T11890] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1745'. [ 490.816696][T11867] netlink: 'syz.2.1736': attribute type 12 has an invalid length. [ 491.524750][T11904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 492.882990][T11910] netlink: 'syz.0.1750': attribute type 29 has an invalid length. [ 492.921634][T11910] netlink: 'syz.0.1750': attribute type 29 has an invalid length. [ 492.949250][ T5985] usb 3-1: USB disconnect, device number 38 [ 493.201251][ T5908] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 493.237268][T11912] netlink: 'syz.2.1751': attribute type 2 has an invalid length. [ 493.281974][ T5876] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 493.322190][T11917] 8021q: VLANs not supported on ipvlan1 [ 493.363051][ T5908] usb 2-1: config 0 has an invalid interface number: 50 but max is 0 [ 493.374796][ T5908] usb 2-1: config 0 has no interface number 0 [ 493.382098][ T5908] usb 2-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 493.418279][ T5908] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 493.437875][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.450046][ T5876] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 493.472891][ T5908] usb 2-1: Product: syz [ 493.477247][ T5876] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 493.486478][ T5908] usb 2-1: Manufacturer: syz [ 493.494124][ T5908] usb 2-1: SerialNumber: syz [ 493.503116][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.517934][ T5908] usb 2-1: config 0 descriptor?? [ 493.570717][ T5908] yurex 2-1:0.50: USB YUREX device now attached to Yurex #0 [ 493.580513][ T5876] usb 4-1: config 0 descriptor?? [ 493.596269][ T5876] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 493.777449][ C0] yurex 2-1:0.50: yurex_interrupt - overflow with length 8, actual length is 8 [ 493.941385][T11923] tipc: Enabling of bearer rejected, failed to enable media [ 493.962934][T11925] FAULT_INJECTION: forcing a failure. [ 493.962934][T11925] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 493.998065][ T5876] usb 2-1: USB disconnect, device number 51 [ 494.084466][T11925] CPU: 1 UID: 0 PID: 11925 Comm: syz.2.1755 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 494.084494][T11925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 494.084505][T11925] Call Trace: [ 494.084510][T11925] [ 494.084516][T11925] dump_stack_lvl+0x16c/0x1f0 [ 494.084544][T11925] should_fail_ex+0x512/0x640 [ 494.084568][T11925] _copy_to_user+0x32/0xd0 [ 494.084595][T11925] simple_read_from_buffer+0xcb/0x170 [ 494.084619][T11925] proc_fail_nth_read+0x197/0x270 [ 494.084641][T11925] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 494.084662][T11925] ? rw_verify_area+0xcf/0x680 [ 494.084679][T11925] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 494.084695][T11925] vfs_read+0x1e1/0xc60 [ 494.084711][T11925] ? __pfx___mutex_lock+0x10/0x10 [ 494.084727][T11925] ? __pfx_vfs_read+0x10/0x10 [ 494.084744][T11925] ? __fget_files+0x20e/0x3c0 [ 494.084763][T11925] ksys_read+0x12a/0x250 [ 494.084777][T11925] ? __pfx_ksys_read+0x10/0x10 [ 494.084794][T11925] do_syscall_64+0xcd/0x4c0 [ 494.084812][T11925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.084823][T11925] RIP: 0033:0x7f141db8d33c [ 494.084833][T11925] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 494.084844][T11925] RSP: 002b:00007f141e93b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 494.084855][T11925] RAX: ffffffffffffffda RBX: 00007f141ddb5fa0 RCX: 00007f141db8d33c [ 494.084862][T11925] RDX: 000000000000000f RSI: 00007f141e93b0a0 RDI: 0000000000000004 [ 494.084868][T11925] RBP: 00007f141e93b090 R08: 0000000000000000 R09: 0000000000000010 [ 494.084874][T11925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 494.084880][T11925] R13: 0000000000000000 R14: 00007f141ddb5fa0 R15: 00007ffdd473f558 [ 494.084894][T11925] [ 494.270557][ C1] vkms_vblank_simulate: vblank timer overrun [ 494.377207][ C1] vkms_vblank_simulate: vblank timer overrun [ 494.518221][ T5876] yurex 2-1:0.50: USB YUREX #0 now disconnected [ 494.712336][ T5901] usb 4-1: USB disconnect, device number 55 [ 494.888024][T11944] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 494.900421][ T30] audit: type=1400 audit(1752528533.279:726): avc: denied { map } for pid=11943 comm="syz.2.1762" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 494.927401][ T30] audit: type=1400 audit(1752528533.279:727): avc: denied { execute } for pid=11943 comm="syz.2.1762" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 495.032057][T11949] program syz.2.1764 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 495.083116][T11950] program syz.2.1764 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 495.116821][T11950] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1764'. [ 495.204630][T11952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1765'. [ 495.297188][T11957] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1767'. [ 495.397364][T11963] tipc: Enabled bearer , priority 0 [ 495.409855][T11963] syzkaller0: entered promiscuous mode [ 495.426352][T11963] syzkaller0: entered allmulticast mode [ 495.466203][T11962] tipc: Resetting bearer [ 495.500096][T11962] tipc: Disabling bearer [ 495.774810][T11976] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1774'. [ 495.851529][ T5901] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 496.055154][ T30] audit: type=1400 audit(1752528534.439:728): avc: denied { write } for pid=11971 comm="syz.3.1773" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 496.056015][T11972] 9pnet_fd: Insufficient options for proto=fd [ 496.109035][T11972] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1773'. [ 496.119173][T11972] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1773'. [ 496.122472][T11979] SELinux: Context #! is not valid (left unmapped). [ 496.128101][T11972] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1773'. [ 496.152862][T11979] FAULT_INJECTION: forcing a failure. [ 496.152862][T11979] name failslab, interval 1, probability 0, space 0, times 0 [ 496.165651][T11979] CPU: 0 UID: 0 PID: 11979 Comm: syz.1.1775 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 496.165675][T11979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 496.165686][T11979] Call Trace: [ 496.165692][T11979] [ 496.165699][T11979] dump_stack_lvl+0x16c/0x1f0 [ 496.165729][T11979] should_fail_ex+0x512/0x640 [ 496.165752][T11979] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 496.165778][T11979] should_failslab+0xc2/0x120 [ 496.165804][T11979] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 496.165826][T11979] ? security_file_alloc+0x34/0x2b0 [ 496.165855][T11979] security_file_alloc+0x34/0x2b0 [ 496.165880][T11979] init_file+0x93/0x4c0 [ 496.165897][T11979] alloc_empty_file+0x73/0x1e0 [ 496.165915][T11979] path_openat+0xda/0x2cb0 [ 496.165936][T11979] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.165962][T11979] ? __pfx_path_openat+0x10/0x10 [ 496.165987][T11979] ? __lock_acquire+0xb8a/0x1c90 [ 496.166006][T11979] do_filp_open+0x20b/0x470 [ 496.166029][T11979] ? __pfx_do_filp_open+0x10/0x10 [ 496.166070][T11979] ? alloc_fd+0x471/0x7d0 [ 496.166100][T11979] do_sys_openat2+0x11b/0x1d0 [ 496.166117][T11979] ? __pfx_do_sys_openat2+0x10/0x10 [ 496.166137][T11979] ? __fget_files+0x20e/0x3c0 [ 496.166165][T11979] __x64_sys_openat+0x174/0x210 [ 496.166182][T11979] ? __pfx___x64_sys_openat+0x10/0x10 [ 496.166198][T11979] ? ksys_write+0x1ac/0x250 [ 496.166229][T11979] do_syscall_64+0xcd/0x4c0 [ 496.166263][T11979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.166280][T11979] RIP: 0033:0x7f8c0458e929 [ 496.166294][T11979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 496.166311][T11979] RSP: 002b:00007f8c053a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 496.166328][T11979] RAX: ffffffffffffffda RBX: 00007f8c047b5fa0 RCX: 00007f8c0458e929 [ 496.166339][T11979] RDX: 000000000000275a RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 496.166350][T11979] RBP: 00007f8c053a3090 R08: 0000000000000000 R09: 0000000000000000 [ 496.166360][T11979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 496.166370][T11979] R13: 0000000000000000 R14: 00007f8c047b5fa0 R15: 00007fff8c2344c8 [ 496.166394][T11979] [ 496.231320][ T5901] usb 3-1: Using ep0 maxpacket: 32 [ 496.453111][ T5901] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 496.465681][ T5901] usb 3-1: config 0 has no interface number 0 [ 496.474229][ T5901] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 496.491198][ T5901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.499214][ T5901] usb 3-1: Product: syz [ 496.539183][ T5901] usb 3-1: Manufacturer: syz [ 496.545795][ T5901] usb 3-1: SerialNumber: syz [ 496.547183][ T30] audit: type=1400 audit(1752528534.929:729): avc: denied { getopt } for pid=11987 comm="syz.0.1779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 496.562169][ T5901] usb 3-1: config 0 descriptor?? [ 496.576755][ T5901] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 496.720824][T11991] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1779'. [ 496.731201][ T5876] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 496.774313][ T5908] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 496.816500][ T5901] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 496.866005][ T5901] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 496.964335][ T5908] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 496.980472][ T5876] usb 4-1: config 0 has an invalid interface number: 95 but max is 0 [ 496.990102][ T5876] usb 4-1: config 0 has no interface number 0 [ 496.998852][ T5908] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 497.008046][ T5876] usb 4-1: config 0 interface 95 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 8 [ 497.021377][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.035987][ T5876] usb 4-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46 [ 497.050514][ T5908] usb 2-1: config 0 descriptor?? [ 497.059880][ T5908] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 497.069159][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.110046][ T5876] usb 4-1: Product: syz [ 497.114506][ T5876] usb 4-1: Manufacturer: syz [ 497.119262][ T5876] usb 4-1: SerialNumber: syz [ 497.126486][ T5876] usb 4-1: config 0 descriptor?? [ 497.133644][T11984] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 497.293277][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 497.308282][ T5935] usb 3-1: USB disconnect, device number 39 [ 497.554703][ T5935] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 497.814691][ T5935] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 497.904619][ T5935] quatech2 3-1:0.51: device disconnected [ 498.184474][ T5876] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 498.198248][ T5876] usb 4-1: MIDIStreaming interface descriptor not found [ 498.284482][ T5876] usb 4-1: USB disconnect, device number 56 [ 498.406616][ T5908] usb 2-1: USB disconnect, device number 52 [ 498.407565][T12009] tipc: Enabled bearer , priority 0 [ 498.424750][T12009] syzkaller0: entered promiscuous mode [ 498.430315][T12009] syzkaller0: entered allmulticast mode [ 498.509323][T12007] tipc: Resetting bearer [ 498.536160][T12007] tipc: Disabling bearer [ 498.606989][T12013] --map-set only usable from mangle table [ 499.438723][T12035] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1790'. [ 499.607623][ T30] audit: type=1400 audit(1752528537.969:730): avc: denied { read } for pid=12039 comm="syz.1.1792" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 500.789611][T12049] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1796'. [ 501.014738][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.910912][ T30] audit: type=1400 audit(1752528540.289:731): avc: denied { read } for pid=12072 comm="syz.1.1803" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 502.159071][T12075] netlink: 'syz.2.1804': attribute type 1 has an invalid length. [ 502.170947][ T30] audit: type=1400 audit(1752528540.549:732): avc: denied { execute } for pid=12084 comm="syz.4.1807" path="/dev/snd/midiC2D0" dev="devtmpfs" ino=1303 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 503.023198][T12075] 8021q: adding VLAN 0 to HW filter on device bond9 [ 503.110231][T12075] veth13: entered promiscuous mode [ 503.119335][T12075] bond9: (slave veth13): Enslaving as a backup interface with a down link [ 503.501556][T12097] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 503.754456][T12099] tipc: Enabling of bearer rejected, failed to enable media [ 504.469178][T12116] --map-set only usable from mangle table [ 505.714869][T12146] netlink: 'syz.2.1822': attribute type 1 has an invalid length. [ 505.819092][ T30] audit: type=1400 audit(1752528543.769:733): avc: denied { write } for pid=12135 comm="syz.2.1822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 505.946751][ T30] audit: type=1400 audit(1752528544.329:734): avc: denied { bind } for pid=12137 comm="syz.3.1823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 506.437648][T12157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 506.681084][T12159] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1827'. [ 506.720667][T12154] netlink: 'syz.0.1826': attribute type 1 has an invalid length. [ 506.989567][T12154] 8021q: adding VLAN 0 to HW filter on device bond4 [ 507.074381][T12154] veth9: entered promiscuous mode [ 507.141606][T12154] bond4: (slave veth9): Enslaving as a backup interface with a down link [ 507.146395][T12163] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1829'. [ 507.283511][T12166] 8021q: VLANs not supported on ipvlan1 [ 507.692861][T12171] lo speed is unknown, defaulting to 1000 [ 507.787992][ T5876] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 507.966013][T12178] FAULT_INJECTION: forcing a failure. [ 507.966013][T12178] name failslab, interval 1, probability 0, space 0, times 0 [ 508.000346][T12178] CPU: 0 UID: 0 PID: 12178 Comm: syz.2.1834 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 508.000373][T12178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 508.000382][T12178] Call Trace: [ 508.000388][T12178] [ 508.000395][T12178] dump_stack_lvl+0x16c/0x1f0 [ 508.000420][T12178] should_fail_ex+0x512/0x640 [ 508.000436][T12178] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 508.000457][T12178] should_failslab+0xc2/0x120 [ 508.000473][T12178] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 508.000488][T12178] ? __alloc_skb+0x2b2/0x380 [ 508.000505][T12178] __alloc_skb+0x2b2/0x380 [ 508.000518][T12178] ? __pfx___alloc_skb+0x10/0x10 [ 508.000534][T12178] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 508.000554][T12178] netlink_alloc_large_skb+0x69/0x130 [ 508.000566][T12178] netlink_sendmsg+0x6a1/0xdd0 [ 508.000578][T12178] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.000594][T12178] ____sys_sendmsg+0xa95/0xc70 [ 508.000605][T12178] ? copy_msghdr_from_user+0x10a/0x160 [ 508.000621][T12178] ? __pfx_____sys_sendmsg+0x10/0x10 [ 508.000638][T12178] ___sys_sendmsg+0x134/0x1d0 [ 508.000654][T12178] ? __pfx____sys_sendmsg+0x10/0x10 [ 508.000667][T12178] ? __lock_acquire+0x622/0x1c90 [ 508.000695][T12178] __sys_sendmsg+0x16d/0x220 [ 508.000710][T12178] ? __pfx___sys_sendmsg+0x10/0x10 [ 508.000733][T12178] do_syscall_64+0xcd/0x4c0 [ 508.000750][T12178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.000761][T12178] RIP: 0033:0x7f141db8e929 [ 508.000771][T12178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.000782][T12178] RSP: 002b:00007f141e93b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 508.000793][T12178] RAX: ffffffffffffffda RBX: 00007f141ddb5fa0 RCX: 00007f141db8e929 [ 508.000799][T12178] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005 [ 508.000806][T12178] RBP: 00007f141e93b090 R08: 0000000000000000 R09: 0000000000000000 [ 508.000812][T12178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 508.000818][T12178] R13: 0000000000000000 R14: 00007f141ddb5fa0 R15: 00007ffdd473f558 [ 508.000831][T12178] [ 508.253593][ T5876] usb 4-1: Using ep0 maxpacket: 8 [ 508.313654][ T5876] usb 4-1: config 0 has no interfaces? [ 508.319123][ T5876] usb 4-1: New USB device found, idVendor=0853, idProduct=0146, bcdDevice= 0.00 [ 508.328185][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.337522][ T5876] usb 4-1: config 0 descriptor?? [ 508.657827][ T5901] usb 4-1: USB disconnect, device number 57 [ 508.670945][T12164] [U]  [ 509.319445][T12209] trusted_key: encrypted_key: insufficient parameters specified [ 510.223624][T12236] netlink: 'syz.3.1852': attribute type 39 has an invalid length. [ 511.648687][T12255] netlink: 'syz.3.1858': attribute type 1 has an invalid length. [ 511.977088][T12263] 8021q: adding VLAN 0 to HW filter on device bond3 [ 512.232862][T12274] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 512.640516][T12255] veth7: entered promiscuous mode [ 512.663510][T12255] bond3: (slave veth7): Enslaving as a backup interface with a down link [ 512.889676][ T30] audit: type=1400 audit(1752528551.269:735): avc: denied { setopt } for pid=12270 comm="syz.0.1863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 512.923249][T12285] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1866'. [ 513.801616][ T30] audit: type=1400 audit(1752528552.179:736): avc: denied { create } for pid=12300 comm="syz.1.1871" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1 [ 514.308923][T12312] FAULT_INJECTION: forcing a failure. [ 514.308923][T12312] name failslab, interval 1, probability 0, space 0, times 0 [ 514.322322][T12312] CPU: 0 UID: 0 PID: 12312 Comm: syz.1.1875 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 514.322347][T12312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 514.322357][T12312] Call Trace: [ 514.322363][T12312] [ 514.322370][T12312] dump_stack_lvl+0x16c/0x1f0 [ 514.322400][T12312] should_fail_ex+0x512/0x640 [ 514.322425][T12312] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 514.322449][T12312] should_failslab+0xc2/0x120 [ 514.322475][T12312] __kmalloc_cache_noprof+0x6a/0x3e0 [ 514.322496][T12312] ? rtnl_newlink+0x11b/0x2000 [ 514.322526][T12312] ? __pfx_rtnl_newlink+0x10/0x10 [ 514.322549][T12312] rtnl_newlink+0x11b/0x2000 [ 514.322576][T12312] ? __schedule+0x1181/0x5de0 [ 514.322603][T12312] ? __pfx_rtnl_newlink+0x10/0x10 [ 514.322644][T12312] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 514.322668][T12312] ? rcu_is_watching+0x12/0xc0 [ 514.322688][T12312] ? irqentry_exit+0x3b/0x90 [ 514.322703][T12312] ? lockdep_hardirqs_on+0x7c/0x110 [ 514.322720][T12312] ? __pfx_rtnl_newlink+0x10/0x10 [ 514.322738][T12312] ? __pfx_rtnl_newlink+0x10/0x10 [ 514.322754][T12312] rtnetlink_rcv_msg+0x95b/0xe90 [ 514.322772][T12312] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 514.322790][T12312] ? __pfx___schedule+0x10/0x10 [ 514.322803][T12312] ? lockdep_hardirqs_on+0x7c/0x110 [ 514.322820][T12312] netlink_rcv_skb+0x158/0x420 [ 514.322831][T12312] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 514.322848][T12312] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 514.322864][T12312] ? __pfx_rtnetlink_rcv+0x10/0x10 [ 514.322878][T12312] ? netlink_unicast+0x563/0x850 [ 514.322891][T12312] netlink_unicast+0x58a/0x850 [ 514.322903][T12312] ? __pfx_netlink_unicast+0x10/0x10 [ 514.322918][T12312] netlink_sendmsg+0x8d1/0xdd0 [ 514.322930][T12312] ? __pfx_netlink_sendmsg+0x10/0x10 [ 514.322943][T12312] ? __pfx___sanitizer_cov_trace_pc+0x10/0x10 [ 514.322959][T12312] ____sys_sendmsg+0xa95/0xc70 [ 514.322971][T12312] ? copy_msghdr_from_user+0x10a/0x160 [ 514.322986][T12312] ? __pfx_____sys_sendmsg+0x10/0x10 [ 514.322998][T12312] ? sched_clock_cpu+0x6c/0x530 [ 514.323019][T12312] ___sys_sendmsg+0x134/0x1d0 [ 514.323035][T12312] ? __pfx____sys_sendmsg+0x10/0x10 [ 514.323049][T12312] ? __lock_acquire+0x622/0x1c90 [ 514.323071][T12312] ? warn_bogus_irq_restore+0x20/0x30 [ 514.323090][T12312] __sys_sendmsg+0x16d/0x220 [ 514.323105][T12312] ? __pfx___sys_sendmsg+0x10/0x10 [ 514.323119][T12312] ? rcu_is_watching+0x12/0xc0 [ 514.323143][T12312] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 514.323159][T12312] do_syscall_64+0xcd/0x4c0 [ 514.323175][T12312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.323186][T12312] RIP: 0033:0x7f8c0458e929 [ 514.323196][T12312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 514.323207][T12312] RSP: 002b:00007f8c05382038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 514.323218][T12312] RAX: ffffffffffffffda RBX: 00007f8c047b6080 RCX: 00007f8c0458e929 [ 514.323225][T12312] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000005 [ 514.323232][T12312] RBP: 00007f8c05382090 R08: 0000000000000000 R09: 0000000000000000 [ 514.323238][T12312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 514.323244][T12312] R13: 0000000000000000 R14: 00007f8c047b6080 R15: 00007fff8c2344c8 [ 514.323257][T12312] [ 514.883398][T12314] sctp: [Deprecated]: syz.4.1876 (pid 12314) Use of int in max_burst socket option. [ 514.883398][T12314] Use struct sctp_assoc_value instead [ 515.271675][ T5985] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 515.348350][ T30] audit: type=1400 audit(1752528553.729:737): avc: denied { associate } for pid=12339 comm="syz.4.1886" name="cgroup" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 515.463479][ T5985] usb 3-1: config index 0 descriptor too short (expected 7442, got 18) [ 515.485362][ T5985] usb 3-1: config 53 has too many interfaces: 53, using maximum allowed: 32 [ 515.578623][T12351] PKCS7: Unknown OID: [4] 0.38.107.217331280.32(bad) [ 515.584014][ T30] audit: type=1400 audit(1752528553.959:738): avc: denied { write } for pid=12341 comm="syz.1.1887" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 515.605899][ T5985] usb 3-1: config 53 has an invalid descriptor of length 217, skipping remainder of the config [ 515.616549][T12351] PKCS7: Only support pkcs7_signedData type [ 515.627401][T12349] netlink: 'syz.4.1889': attribute type 11 has an invalid length. [ 515.631486][ T5985] usb 3-1: config 53 has 0 interfaces, different from the descriptor's value: 53 [ 515.654190][ T5985] usb 3-1: New USB device found, idVendor=1934, idProduct=0706, bcdDevice=e2.9e [ 515.663590][ T5985] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.672940][ T5985] usb 3-1: Product: syz [ 515.677293][ T5985] usb 3-1: Manufacturer: syz [ 515.682305][ T5985] usb 3-1: SerialNumber: syz [ 515.687231][T12354] netlink: 'syz.0.1891': attribute type 1 has an invalid length. [ 515.719616][T12354] 8021q: adding VLAN 0 to HW filter on device bond5 [ 515.740703][T12354] veth11: entered promiscuous mode [ 515.750683][T12354] bond5: (slave veth11): Enslaving as a backup interface with a down link [ 516.455184][ T5985] usb 3-1: USB disconnect, device number 40 [ 516.866640][T12382] netfs: Couldn't get user pages (rc=-14) [ 516.988622][T12390] tipc: Enabling of bearer rejected, media not registered [ 517.032265][ T5876] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 517.292540][ T5876] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 517.306888][ T5876] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid maxpacket 50660, setting to 1024 [ 517.345689][ T5876] usb 4-1: config 0 interface 0 has no altsetting 0 [ 517.506570][ T5876] usb 4-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 517.515809][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.526106][ T5876] usb 4-1: config 0 descriptor?? [ 518.251917][T12400] lo speed is unknown, defaulting to 1000 [ 518.285269][ T5876] nintendo 0003:057E:200E.0017: unknown main item tag 0x0 [ 518.299591][ T5876] nintendo 0003:057E:200E.0017: unknown main item tag 0x0 [ 518.311228][ T5876] nintendo 0003:057E:200E.0017: item fetching failed at offset 2/5 [ 518.339994][ T5876] nintendo 0003:057E:200E.0017: HID parse failed [ 518.356384][ T5876] nintendo 0003:057E:200E.0017: probe - fail = -22 [ 518.369875][ T5876] nintendo 0003:057E:200E.0017: probe with driver nintendo failed with error -22 [ 518.394978][T12409] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1906'. [ 518.463086][T12409] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 518.470353][T12409] IPv6: NLM_F_CREATE should be set when creating new route [ 518.477660][T12409] IPv6: NLM_F_CREATE should be set when creating new route [ 518.507097][T12400] input: syz0 as /devices/virtual/input/input22 [ 518.549899][ T5901] usb 4-1: USB disconnect, device number 58 [ 519.359105][ T30] audit: type=1400 audit(1752528557.739:739): avc: denied { listen } for pid=12427 comm="syz.1.1912" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 519.936824][T12436] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 520.870541][T12454] x_tables: duplicate underflow at hook 1 [ 520.895287][ T30] audit: type=1400 audit(1752528559.279:740): avc: denied { read } for pid=12453 comm="syz.3.1920" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 521.032610][T12462] trusted_key: encrypted_key: insufficient parameters specified [ 521.064534][ T30] audit: type=1400 audit(1752528559.439:741): avc: denied { listen } for pid=12451 comm="syz.4.1918" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 521.292191][ T30] audit: type=1400 audit(1752528559.439:742): avc: denied { accept } for pid=12451 comm="syz.4.1918" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 521.544787][T12471] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1925'. [ 521.676740][T12477] openvswitch: netlink: Port -1 exceeds max allowable 65535 [ 521.678029][ T30] audit: type=1400 audit(1752528560.059:743): avc: denied { append } for pid=12474 comm="syz.3.1926" name="usbmon5" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 521.707503][ C1] vkms_vblank_simulate: vblank timer overrun [ 522.320033][ T30] audit: type=1326 audit(1752528560.699:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbda252ab19 code=0x7ffc0000 [ 522.441178][ T30] audit: type=1326 audit(1752528560.699:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbda252ab19 code=0x7ffc0000 [ 522.513891][ T30] audit: type=1326 audit(1752528560.699:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbda252ab19 code=0x7ffc0000 [ 522.648943][ T30] audit: type=1326 audit(1752528560.699:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbda252ab19 code=0x7ffc0000 [ 522.672260][ C1] vkms_vblank_simulate: vblank timer overrun [ 522.715700][ T30] audit: type=1326 audit(1752528560.699:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbda252ab19 code=0x7ffc0000 [ 522.739034][ C1] vkms_vblank_simulate: vblank timer overrun [ 523.556649][T12508] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 524.363778][ T30] kauditd_printk_skb: 832 callbacks suppressed [ 524.363794][ T30] audit: type=1326 audit(1752528562.749:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbda252ab19 code=0x7ffc0000 [ 524.417636][ T30] audit: type=1326 audit(1752528562.749:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbda258e929 code=0x7ffc0000 [ 524.449486][ T30] audit: type=1326 audit(1752528562.779:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbda252ab19 code=0x7ffc0000 [ 524.497402][ T30] audit: type=1326 audit(1752528562.779:1584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbda258e929 code=0x7ffc0000 [ 524.531537][ T30] audit: type=1326 audit(1752528562.779:1585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbda258e929 code=0x7ffc0000 [ 524.559136][ T30] audit: type=1326 audit(1752528562.779:1586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbda258e929 code=0x7ffc0000 [ 524.590308][ T30] audit: type=1326 audit(1752528562.779:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbda252ab19 code=0x7ffc0000 [ 524.620348][ T30] audit: type=1326 audit(1752528562.779:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbda258e929 code=0x7ffc0000 [ 524.710890][ T30] audit: type=1326 audit(1752528562.779:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbda252ab19 code=0x7ffc0000 [ 524.734878][ T30] audit: type=1326 audit(1752528562.779:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12474 comm="syz.3.1926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbda252ab19 code=0x7ffc0000 [ 524.959748][T12532] overlay: Unknown parameter '/' [ 525.027838][T12531] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1948'. [ 525.036822][T12531] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1948'. [ 525.045761][T12531] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1948'. [ 525.055275][T12531] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1948'. [ 525.064227][T12531] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1948'. [ 525.193165][T12536] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1949'. [ 525.202154][ T5908] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 525.301818][T12540] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1949'. [ 525.448949][T12540] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1949'. [ 525.529594][ T5908] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 525.565125][ T5908] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 525.580766][ T5908] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 525.590696][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.591852][T12544] 8021q: VLANs not supported on ipvlan1 [ 525.687155][ T5908] usb 2-1: config 0 descriptor?? [ 526.193380][T12528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 526.287993][T12528] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 526.334820][ T5908] hid-led 0003:27B8:01ED.0018: probe with driver hid-led failed with error -71 [ 526.360628][ T5908] usb 2-1: USB disconnect, device number 53 [ 526.462837][T12564] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1957'. [ 526.473359][T12564] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1957'. [ 526.681265][ T5876] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 526.856720][T12574] fuse: Bad value for 'fd' [ 527.210590][ T5876] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 527.224631][ T5876] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 527.238445][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.248850][ T5876] usb 4-1: config 0 descriptor?? [ 527.265665][ T5876] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 528.338190][ T5901] usb 4-1: USB disconnect, device number 59 [ 528.768159][ T5935] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 529.031184][ T5935] usb 2-1: Using ep0 maxpacket: 32 [ 529.380781][ T5935] usb 2-1: config 0 has an invalid descriptor of length 78, skipping remainder of the config [ 529.395510][ T5935] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 529.420594][ T5935] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 529.434983][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.452234][ T5935] usb 2-1: Product: syz [ 529.463776][ T5935] usb 2-1: Manufacturer: syz [ 529.473736][ T5935] usb 2-1: SerialNumber: syz [ 529.483223][ T5935] usb 2-1: config 0 descriptor?? [ 530.520253][ T30] kauditd_printk_skb: 61 callbacks suppressed [ 530.520271][ T30] audit: type=1400 audit(1752528568.899:1652): avc: denied { mount } for pid=12631 comm="syz.0.1979" name="/" dev="rpc_pipefs" ino=37878 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 530.659887][T12635] 8021q: VLANs not supported on ipvlan1 [ 530.987831][ T5935] usb 2-1: USB disconnect, device number 54 [ 531.287211][T12653] 8021q: VLANs not supported on sit0 [ 531.441232][ T5876] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 531.642238][ T5876] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 531.667080][ T5876] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 531.728667][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.918478][ T5876] usb 2-1: config 0 descriptor?? [ 531.937644][ T5876] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 532.951758][T12676] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1993'. [ 533.044155][ T5887] usb 2-1: USB disconnect, device number 55 [ 533.071147][ T30] audit: type=1400 audit(1752528571.439:1653): avc: denied { nlmsg_read } for pid=12675 comm="syz.0.1993" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 533.591466][ T5887] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 533.752917][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 533.766103][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 533.786132][ T5887] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 533.795853][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.806381][ T5887] usb 3-1: config 0 descriptor?? [ 534.021192][ T5876] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 534.049412][T12702] overlayfs: failed to clone upperpath [ 534.080963][T12701] bridge0: port 1(bridge_slave_0) entered disabled state [ 534.089549][T12701] bridge0: port 2(bridge_slave_1) entered disabled state [ 534.172586][ T5876] usb 4-1: config 0 has an invalid interface number: 18 but max is 0 [ 534.182812][ T5876] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 534.193151][ T5876] usb 4-1: config 0 has no interface number 0 [ 534.199306][ T5876] usb 4-1: config 0 interface 18 altsetting 144 has 0 endpoint descriptors, different from the interface descriptor's value: 14 [ 534.212716][ T5876] usb 4-1: config 0 interface 18 has no altsetting 0 [ 534.219479][ T5876] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 534.228825][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.238609][ T5876] usb 4-1: config 0 descriptor?? [ 534.465076][T12692] netlink: 'syz.3.2000': attribute type 9 has an invalid length. [ 534.489630][ T5876] usb 4-1: string descriptor 0 read error: -71 [ 534.504531][ T5876] usb 4-1: USB disconnect, device number 60 [ 534.845996][ T5887] uclogic 0003:256C:006D.0019: failed retrieving Huion firmware version: -71 [ 534.869810][ T5887] uclogic 0003:256C:006D.0019: failed probing parameters: -71 [ 534.884560][ T5887] uclogic 0003:256C:006D.0019: probe with driver uclogic failed with error -71 [ 534.900555][T12712] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 534.909379][ T5887] usb 3-1: USB disconnect, device number 41 [ 534.971501][T12713] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2007'. [ 535.133371][ T30] audit: type=1400 audit(1752528573.519:1654): avc: denied { map } for pid=12717 comm="syz.3.2009" path="/dev/bus/usb/007/001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 535.151451][T12719] xt_CT: You must specify a L4 protocol and not use inversions on it [ 535.199853][ T30] audit: type=1400 audit(1752528573.519:1655): avc: denied { execute } for pid=12717 comm="syz.3.2009" path="/dev/bus/usb/007/001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 536.016581][T12734] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 538.474748][ T5901] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 539.017573][ T30] audit: type=1400 audit(1752528577.399:1656): avc: denied { execute } for pid=12750 comm="syz.1.2020" path="/selinux/status" dev="selinuxfs" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=file permissive=1 [ 539.061248][ T5901] usb 3-1: Using ep0 maxpacket: 8 [ 539.067472][ T5901] usb 3-1: config 5 has an invalid interface number: 52 but max is 1 [ 539.076186][ T5901] usb 3-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config [ 539.097370][ T5901] usb 3-1: config 5 has 1 interface, different from the descriptor's value: 2 [ 539.109400][ T5901] usb 3-1: config 5 has no interface number 0 [ 539.116711][ T30] audit: type=1400 audit(1752528577.399:1657): avc: denied { map } for pid=12750 comm="syz.1.2020" path="/dev/cec1" dev="devtmpfs" ino=950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 539.139563][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.149885][ T5901] usb 3-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=e2.5c [ 539.161055][ T5901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 539.172517][ T5901] usb 3-1: Product: syz [ 539.176665][ T5901] usb 3-1: Manufacturer: syz [ 539.181846][ T5901] usb 3-1: SerialNumber: syz [ 539.392129][T12738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 539.414913][T12738] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 539.736203][ T5901] cytherm 3-1:5.52: Cypress thermometer device now attached [ 539.898378][ T5901] usb 3-1: USB disconnect, device number 42 [ 539.925402][ T5901] cytherm 3-1:5.52: Cypress thermometer now disconnected [ 541.462555][T12795] netlink: 'syz.1.2033': attribute type 4 has an invalid length. [ 541.515580][T12798] 8021q: VLANs not supported on ipvlan1 [ 541.553767][T12800] vivid-007: ================= START STATUS ================= [ 541.563050][T12800] vivid-007: Enable Output Cropping: true [ 541.568890][T12800] vivid-007: Enable Output Composing: true [ 541.574736][T12800] vivid-007: Enable Output Scaler: true [ 541.580269][T12800] vivid-007: Tx RGB Quantization Range: Automatic [ 541.586700][T12800] vivid-007: Transmit Mode: HDMI [ 541.591673][T12800] vivid-007: Hotplug Present: 0x00000000 [ 541.597287][T12800] vivid-007: RxSense Present: 0x00000000 [ 541.602928][T12800] vivid-007: EDID Present: 0x00000000 [ 541.608288][T12800] vivid-007: ================== END STATUS ================== [ 541.629451][ T30] audit: type=1400 audit(1752528579.939:1658): avc: denied { listen } for pid=12799 comm="syz.1.2037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 542.327426][T12817] netlink: 'syz.1.2038': attribute type 12 has an invalid length. [ 542.509600][T12819] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2043'. [ 542.574435][T12819] wireguard0: entered promiscuous mode [ 542.590014][T12819] wireguard0: entered allmulticast mode [ 542.623943][T12796] syzkaller1: entered promiscuous mode [ 542.671150][T12796] syzkaller1: entered allmulticast mode [ 543.375995][T12832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2046'. [ 544.117452][ T30] audit: type=1400 audit(1752528582.489:1659): avc: denied { name_bind } for pid=12848 comm="syz.0.2054" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 545.688856][T12872] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 545.701400][T12872] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 546.330030][ T30] audit: type=1326 audit(1752528584.709:1660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12892 comm="syz.0.2069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2abd8e929 code=0x7fc00000 [ 546.528510][ T30] audit: type=1400 audit(1752528584.739:1661): avc: denied { relabelfrom } for pid=12893 comm="syz.4.2067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 546.531655][T12895] FAULT_INJECTION: forcing a failure. [ 546.531655][T12895] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 546.663622][T12895] CPU: 0 UID: 0 PID: 12895 Comm: syz.4.2067 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 546.663652][T12895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 546.663663][T12895] Call Trace: [ 546.663669][T12895] [ 546.663676][T12895] dump_stack_lvl+0x16c/0x1f0 [ 546.663708][T12895] should_fail_ex+0x512/0x640 [ 546.663736][T12895] _copy_from_user+0x2e/0xd0 [ 546.663761][T12895] copy_msghdr_from_user+0x98/0x160 [ 546.663786][T12895] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 546.663822][T12895] ___sys_sendmsg+0xfe/0x1d0 [ 546.663848][T12895] ? __pfx____sys_sendmsg+0x10/0x10 [ 546.663870][T12895] ? __lock_acquire+0x622/0x1c90 [ 546.663923][T12895] __sys_sendmsg+0x16d/0x220 [ 546.663948][T12895] ? __pfx___sys_sendmsg+0x10/0x10 [ 546.663989][T12895] do_syscall_64+0xcd/0x4c0 [ 546.664016][T12895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.664040][T12895] RIP: 0033:0x7f620b18e929 [ 546.664057][T12895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.664074][T12895] RSP: 002b:00007f620c05b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 546.664092][T12895] RAX: ffffffffffffffda RBX: 00007f620b3b5fa0 RCX: 00007f620b18e929 [ 546.664103][T12895] RDX: 000000002000c004 RSI: 00002000000012c0 RDI: 0000000000000007 [ 546.664115][T12895] RBP: 00007f620c05b090 R08: 0000000000000000 R09: 0000000000000000 [ 546.664125][T12895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 546.664136][T12895] R13: 0000000000000000 R14: 00007f620b3b5fa0 R15: 00007ffec6fea3e8 [ 546.664160][T12895] [ 546.854279][ T30] audit: type=1400 audit(1752528584.749:1662): avc: denied { relabelto } for pid=12893 comm="syz.4.2067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 547.850940][T12917] netlink: 'syz.3.2074': attribute type 1 has an invalid length. [ 548.239022][T12912] 8021q: adding VLAN 0 to HW filter on device bond4 [ 548.311444][T12912] veth9: entered promiscuous mode [ 548.325238][T12912] bond4: (slave veth9): Enslaving as a backup interface with a down link [ 548.367458][T12926] netlink: 'syz.1.2077': attribute type 12 has an invalid length. [ 548.493504][T12934] tipc: Enabling of bearer rejected, failed to enable media [ 548.509749][T12936] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 548.561187][T12936] audit: out of memory in audit_log_start [ 548.691191][ T5908] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 548.858115][ T5908] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 548.866591][ T5908] usb 2-1: config 0 has no interface number 0 [ 548.878561][ T5908] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 548.889536][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.897368][T12949] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2084'. [ 548.910920][T12943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2083'. [ 548.920019][T12943] netlink: 'syz.3.2083': attribute type 9 has an invalid length. [ 548.933419][T12943] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode [ 548.947846][T12943] macvlan3: entered allmulticast mode [ 548.966005][T12943] mac80211_hwsim hwsim7 wlan0: entered allmulticast mode [ 549.054527][ T5908] usb 2-1: Product: syz [ 549.093918][ T5908] usb 2-1: Manufacturer: syz [ 549.114381][ T5908] usb 2-1: SerialNumber: syz [ 549.133757][ T5908] usb 2-1: config 0 descriptor?? [ 549.309095][ T30] audit: type=1400 audit(1752528587.659:1663): avc: denied { shutdown } for pid=12956 comm="syz.4.2086" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 549.390906][ T5908] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 549.411736][ T30] audit: type=1400 audit(1752528587.769:1664): avc: denied { create } for pid=12956 comm="syz.4.2086" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 549.435034][ T5908] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 549.468264][ T30] audit: type=1400 audit(1752528587.789:1665): avc: denied { setopt } for pid=12956 comm="syz.4.2086" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 549.498602][ T5908] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 549.521265][ T5908] usb 2-1: media controller created [ 549.638072][ T5908] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 549.765960][T12960] xt_CT: No such helper "pptp" [ 549.859584][T12967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 549.920182][T12967] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 549.973953][ T5894] usb 2-1: USB disconnect, device number 56 [ 550.126123][ T30] audit: type=1400 audit(2000000000.290:1666): avc: denied { unmount } for pid=5842 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 550.162121][ T30] audit: type=1400 audit(2000000000.320:1667): avc: denied { read write } for pid=5842 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 550.221879][ T30] audit: type=1400 audit(2000000000.320:1668): avc: denied { create } for pid=12972 comm="syz.2.2090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 550.247034][ T30] audit: type=1400 audit(2000000000.320:1669): avc: denied { bind } for pid=12972 comm="syz.2.2090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 550.273077][ T30] audit: type=1400 audit(2000000000.330:1670): avc: denied { open } for pid=5842 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 550.304048][ T30] audit: type=1400 audit(2000000000.330:1671): avc: denied { ioctl } for pid=5842 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 550.357600][ T30] audit: type=1400 audit(2000000000.330:1672): avc: denied { connect } for pid=12972 comm="syz.2.2090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 550.758271][T12982] netdevsim netdevsim0: Direct firmware load for @ failed with error -2 [ 550.786002][T12982] netdevsim netdevsim0: Falling back to sysfs fallback for: @ [ 551.119953][T12984] [U]  [ 551.145379][T12990] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2095'. [ 551.482163][T13002] trusted_key: encrypted_key: insufficient parameters specified [ 552.511756][ T5901] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 552.681224][ T5901] usb 4-1: Using ep0 maxpacket: 16 [ 552.718122][ T5901] usb 4-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=4f.75 [ 552.741696][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.756808][ T5901] usb 4-1: Product: syz [ 552.761420][ T5901] usb 4-1: Manufacturer: syz [ 552.766031][ T5901] usb 4-1: SerialNumber: syz [ 552.775502][ T5901] usb 4-1: config 0 descriptor?? [ 552.782958][ T5901] usb 4-1: bad CDC descriptors [ 552.848062][T13028] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2109'. [ 553.016612][ T5908] usb 4-1: USB disconnect, device number 61 [ 553.070344][T13034] veth0_vlan: entered allmulticast mode [ 553.078338][T13034] tipc: Resetting bearer [ 554.762352][ T30] kauditd_printk_skb: 84 callbacks suppressed [ 554.762367][ T30] audit: type=1400 audit(2000000004.930:1757): avc: denied { map } for pid=13052 comm="syz.2.2117" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=40983 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 554.810608][T13053] evm: overlay not supported [ 554.845191][ T30] audit: type=1400 audit(2000000004.970:1758): avc: denied { read write } for pid=13052 comm="syz.2.2117" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=40983 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 554.939685][ T30] audit: type=1400 audit(2000000005.100:1759): avc: denied { write } for pid=13065 comm="syz.1.2121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 555.139600][T13072] netlink: 'syz.3.2123': attribute type 5 has an invalid length. [ 555.168525][T13072] netlink: 'syz.3.2123': attribute type 7 has an invalid length. [ 555.345986][T13079] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=55 sclass=netlink_route_socket pid=13079 comm=syz.1.2124 [ 555.363439][T13072] : entered promiscuous mode [ 555.433992][ T30] audit: type=1400 audit(2000000005.590:1760): avc: denied { write } for pid=13067 comm="syz.2.2122" name="radio0" dev="devtmpfs" ino=955 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 555.457702][ T30] audit: type=1400 audit(2000000005.590:1761): avc: denied { ioctl } for pid=13067 comm="syz.2.2122" path="/dev/radio0" dev="devtmpfs" ino=955 ioctlcmd=0x5652 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 555.493911][ T30] audit: type=1400 audit(2000000005.660:1762): avc: denied { create } for pid=13067 comm="syz.2.2122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 555.574126][ T30] audit: type=1400 audit(2000000005.660:1763): avc: denied { setopt } for pid=13067 comm="syz.2.2122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 555.611163][ T5985] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 555.651426][ T5908] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 555.851737][ T5908] usb 4-1: Using ep0 maxpacket: 32 [ 555.867575][ T5985] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 555.905454][ T5908] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 555.924017][ T30] audit: type=1400 audit(2000000006.090:1764): avc: denied { bind } for pid=13090 comm="syz.4.2128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 555.929549][ T5985] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.955935][ T5908] usb 4-1: config 0 has no interface number 0 [ 555.962179][ T5908] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 555.979135][ T5908] usb 4-1: config 0 interface 85 has no altsetting 0 [ 555.985947][ T5985] usb 2-1: Product: syz [ 555.998034][ T5985] usb 2-1: Manufacturer: syz [ 556.011811][ T5985] usb 2-1: SerialNumber: syz [ 556.021349][ T30] audit: type=1400 audit(2000000006.090:1765): avc: denied { name_bind } for pid=13090 comm="syz.4.2128" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 556.052089][ T30] audit: type=1400 audit(2000000006.090:1766): avc: denied { node_bind } for pid=13090 comm="syz.4.2128" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 556.074500][ T5985] usb 2-1: config 0 descriptor?? [ 556.093878][ T5908] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 556.107578][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.135617][ T5985] ch341 2-1:0.0: ch341-uart converter detected [ 556.144964][ T5908] usb 4-1: Product: syz [ 556.149200][ T5908] usb 4-1: Manufacturer: syz [ 556.154020][ T5908] usb 4-1: SerialNumber: syz [ 556.192294][ T5908] usb 4-1: config 0 descriptor?? [ 556.280618][T13096] netlink: 'syz.4.2129': attribute type 1 has an invalid length. [ 556.369126][T13099] bond4: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 556.404738][ T5908] appletouch 4-1:0.85: Failed to read mode from device. [ 556.418744][ T5908] appletouch 4-1:0.85: probe with driver appletouch failed with error -5 [ 556.467326][ T1107] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 556.490363][T13096] 8021q: adding VLAN 0 to HW filter on device bond4 [ 556.595243][ T49] bond4: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 556.619705][T13096] veth9: entered promiscuous mode [ 556.644944][ T5908] usb 4-1: USB disconnect, device number 62 [ 556.684141][T13096] bond4: (slave veth9): Enslaving as a backup interface with a down link [ 556.971818][ T5876] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 557.212614][T13115] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 557.521245][ T5985] usb 2-1: ch341-uart converter now attached to ttyUSB0 [ 557.657702][ T5876] usb 3-1: Using ep0 maxpacket: 8 [ 557.669811][ T5876] usb 3-1: unable to get BOS descriptor or descriptor too short [ 557.685894][ T5876] usb 3-1: string descriptor 0 read error: -22 [ 557.692382][ T5876] usb 3-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=82.fe [ 557.701806][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 557.759502][ T5985] usb 2-1: USB disconnect, device number 57 [ 557.767300][ T5985] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0 [ 557.783613][ T5985] ch341 2-1:0.0: device disconnected [ 557.924763][ T5876] asix 3-1:7.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 558.528210][ T5876] asix 3-1:7.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 558.542828][ T5876] asix 3-1:7.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 558.738123][ T5876] asix 3-1:7.0 eth1: register 'asix' at usb-dummy_hcd.2-1, ASIX AX88178 USB 2.0 Ethernet, b2:9f:a4:52:84:9d [ 558.953804][ T5876] usb 3-1: USB disconnect, device number 43 [ 558.969281][ T5876] asix 3-1:7.0 eth1: unregister 'asix' usb-dummy_hcd.2-1, ASIX AX88178 USB 2.0 Ethernet [ 559.055812][T13135] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2142'. [ 559.064880][T13135] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2142'. [ 559.408238][T13138] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2143'. [ 559.418366][T13138] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2143'. [ 559.719296][T13140] FAULT_INJECTION: forcing a failure. [ 559.719296][T13140] name failslab, interval 1, probability 0, space 0, times 0 [ 559.734385][T13140] CPU: 1 UID: 0 PID: 13140 Comm: syz.2.2144 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 559.734413][T13140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 559.734423][T13140] Call Trace: [ 559.734429][T13140] [ 559.734436][T13140] dump_stack_lvl+0x16c/0x1f0 [ 559.734466][T13140] should_fail_ex+0x512/0x640 [ 559.734490][T13140] ? fs_reclaim_acquire+0xae/0x150 [ 559.734510][T13140] ? tomoyo_encode2+0x100/0x3e0 [ 559.734532][T13140] should_failslab+0xc2/0x120 [ 559.734557][T13140] __kmalloc_noprof+0xd2/0x510 [ 559.734578][T13140] ? d_absolute_path+0x136/0x1a0 [ 559.734599][T13140] tomoyo_encode2+0x100/0x3e0 [ 559.734623][T13140] tomoyo_encode+0x29/0x50 [ 559.734645][T13140] tomoyo_realpath_from_path+0x18f/0x6e0 [ 559.734674][T13140] tomoyo_path_number_perm+0x245/0x580 [ 559.734693][T13140] ? tomoyo_path_number_perm+0x237/0x580 [ 559.734715][T13140] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 559.734736][T13140] ? find_held_lock+0x2b/0x80 [ 559.734787][T13140] ? find_held_lock+0x2b/0x80 [ 559.734809][T13140] ? hook_file_ioctl_common+0x145/0x410 [ 559.734833][T13140] ? __fget_files+0x20e/0x3c0 [ 559.734860][T13140] security_file_ioctl+0x9b/0x240 [ 559.734884][T13140] __x64_sys_ioctl+0xb7/0x210 [ 559.734905][T13140] do_syscall_64+0xcd/0x4c0 [ 559.734932][T13140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.734950][T13140] RIP: 0033:0x7f141db8e929 [ 559.734964][T13140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 559.734982][T13140] RSP: 002b:00007f141e93b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 559.735000][T13140] RAX: ffffffffffffffda RBX: 00007f141ddb5fa0 RCX: 00007f141db8e929 [ 559.735012][T13140] RDX: 0000200000000180 RSI: 00000000c0189374 RDI: 0000000000000003 [ 559.735023][T13140] RBP: 00007f141e93b090 R08: 0000000000000000 R09: 0000000000000000 [ 559.735033][T13140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 559.735043][T13140] R13: 0000000000000000 R14: 00007f141ddb5fa0 R15: 00007ffdd473f558 [ 559.735066][T13140] [ 559.735084][T13140] ERROR: Out of memory at tomoyo_realpath_from_path. [ 560.866476][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 560.866514][ T30] audit: type=1400 audit(2000000266.517:1785): avc: denied { mount } for pid=13145 comm="syz.2.2148" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 560.894683][ C1] vkms_vblank_simulate: vblank timer overrun [ 561.246063][ T30] audit: type=1400 audit(2000000267.407:1786): avc: denied { unmount } for pid=5830 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 561.771518][T13162] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2151'. [ 561.795353][ T30] audit: type=1400 audit(2000000267.957:1787): avc: denied { read write } for pid=13160 comm="syz.3.2151" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 561.882997][ T30] audit: type=1400 audit(2000000267.957:1788): avc: denied { open } for pid=13160 comm="syz.3.2151" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 562.491562][ T30] audit: type=1400 audit(2000000268.327:1789): avc: denied { create } for pid=13163 comm="syz.4.2153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 562.518574][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.647445][ T30] audit: type=1400 audit(2000000268.327:1790): avc: denied { create } for pid=13163 comm="syz.4.2153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 562.672255][ T30] audit: type=1400 audit(2000000268.337:1791): avc: denied { write } for pid=13163 comm="syz.4.2153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 562.727545][ T30] audit: type=1400 audit(2000000268.337:1792): avc: denied { connect } for pid=13163 comm="syz.4.2153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 562.818135][ T30] audit: type=1400 audit(2000000268.337:1793): avc: denied { read } for pid=13163 comm="syz.4.2153" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 562.872825][ T30] audit: type=1400 audit(2000000268.337:1794): avc: denied { open } for pid=13163 comm="syz.4.2153" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 563.079196][T13186] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2159'. [ 563.806134][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2163'. [ 564.191232][ T5894] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 564.298517][T13209] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 564.381148][ T5894] usb 2-1: Using ep0 maxpacket: 16 [ 564.400790][ T5894] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.00 [ 564.411003][ T5894] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.691328][ T5894] usb 2-1: config 0 descriptor?? [ 565.249873][ T5894] usbhid 2-1:0.0: can't add hid device: -71 [ 565.256224][ T5894] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 565.268361][ T5894] usb 2-1: USB disconnect, device number 58 [ 565.573133][T13223] 8021q: VLANs not supported on ipvlan1 [ 565.977138][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 565.977153][ T30] audit: type=1400 audit(2000000272.137:1807): avc: denied { create } for pid=13219 comm="syz.1.2169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 566.135085][T13228] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2172'. [ 566.136966][T13233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2174'. [ 566.144117][ T30] audit: type=1400 audit(2000000272.297:1808): avc: denied { bind } for pid=13227 comm="syz.3.2172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 566.203769][T13224] usb usb8: usbfs: process 13224 (syz.1.2169) did not claim interface 0 before use [ 566.238951][ T30] audit: type=1326 audit(2000000272.327:1809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13234 comm="syz.0.2175" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa2abd8e929 code=0x0 [ 566.733858][ T30] audit: type=1400 audit(2000000272.737:1810): avc: denied { bind } for pid=13244 comm="syz.3.2177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 566.816183][T13250] FAULT_INJECTION: forcing a failure. [ 566.816183][T13250] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 566.829936][ T30] audit: type=1400 audit(2000000272.817:1811): avc: denied { mount } for pid=13244 comm="syz.3.2177" name="/" dev="autofs" ino=41399 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 566.874526][T13250] CPU: 1 UID: 0 PID: 13250 Comm: syz.4.2179 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 566.874553][T13250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 566.874562][T13250] Call Trace: [ 566.874568][T13250] [ 566.874574][T13250] dump_stack_lvl+0x16c/0x1f0 [ 566.874601][T13250] should_fail_ex+0x512/0x640 [ 566.874625][T13250] _copy_from_user+0x2e/0xd0 [ 566.874648][T13250] iommufd_fops_ioctl+0x2e7/0x4e0 [ 566.874671][T13250] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 566.874695][T13250] ? ioctl_has_perm.constprop.0.isra.0+0x2e/0x540 [ 566.874724][T13250] ? selinux_file_ioctl+0x180/0x270 [ 566.874745][T13250] ? selinux_file_ioctl+0xb4/0x270 [ 566.874769][T13250] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 566.874793][T13250] __x64_sys_ioctl+0x18e/0x210 [ 566.874815][T13250] do_syscall_64+0xcd/0x4c0 [ 566.874841][T13250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.874858][T13250] RIP: 0033:0x7f620b18e929 [ 566.874872][T13250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.874888][T13250] RSP: 002b:00007f620c05b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 566.874911][T13250] RAX: ffffffffffffffda RBX: 00007f620b3b5fa0 RCX: 00007f620b18e929 [ 566.874921][T13250] RDX: 0000200000001040 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 566.874931][T13250] RBP: 00007f620c05b090 R08: 0000000000000000 R09: 0000000000000000 [ 566.874941][T13250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 566.874951][T13250] R13: 0000000000000000 R14: 00007f620b3b5fa0 R15: 00007ffec6fea3e8 [ 566.874972][T13250] [ 567.044184][ C1] vkms_vblank_simulate: vblank timer overrun [ 567.071273][ T30] audit: type=1400 audit(2000000273.227:1812): avc: denied { name_bind } for pid=13251 comm="syz.2.2178" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 567.093605][ T30] audit: type=1400 audit(2000000273.227:1813): avc: denied { node_bind } for pid=13251 comm="syz.2.2178" saddr=224.0.0.1 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 567.246498][ T30] audit: type=1400 audit(2000000273.397:1814): avc: denied { create } for pid=13254 comm="syz.2.2181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 567.300131][T13255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2181'. [ 567.343547][T13255] IPv6: Can't replace route, no match found [ 567.460274][ T30] audit: type=1400 audit(2000000273.617:1815): avc: denied { sys_module } for pid=13253 comm="syz.3.2180" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 567.563757][T13264] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 568.529662][ T30] audit: type=1400 audit(2000000274.677:1816): avc: denied { remount } for pid=13275 comm="syz.1.2187" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 568.966605][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2190'. [ 569.113835][T13299] can0: slcan on ptm0. [ 569.192069][T13298] can0 (unregistered): slcan off ptm0. [ 569.287640][T13304] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2197'. [ 569.325067][T13304] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2197'. [ 569.365138][T13304] netlink: 'syz.0.2197': attribute type 12 has an invalid length. [ 569.540735][T13317] FAULT_INJECTION: forcing a failure. [ 569.540735][T13317] name failslab, interval 1, probability 0, space 0, times 0 [ 569.561395][T13317] CPU: 1 UID: 0 PID: 13317 Comm: syz.3.2201 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 569.561421][T13317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 569.561431][T13317] Call Trace: [ 569.561438][T13317] [ 569.561444][T13317] dump_stack_lvl+0x16c/0x1f0 [ 569.561474][T13317] should_fail_ex+0x512/0x640 [ 569.561497][T13317] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 569.561524][T13317] should_failslab+0xc2/0x120 [ 569.561550][T13317] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 569.561572][T13317] ? __alloc_skb+0x2b2/0x380 [ 569.561596][T13317] __alloc_skb+0x2b2/0x380 [ 569.561616][T13317] ? __pfx___alloc_skb+0x10/0x10 [ 569.561639][T13317] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 569.561670][T13317] netlink_alloc_large_skb+0x69/0x130 [ 569.561689][T13317] netlink_sendmsg+0x6a1/0xdd0 [ 569.561712][T13317] ? __pfx_netlink_sendmsg+0x10/0x10 [ 569.561737][T13317] ____sys_sendmsg+0xa95/0xc70 [ 569.561755][T13317] ? copy_msghdr_from_user+0x10a/0x160 [ 569.561778][T13317] ? __pfx_____sys_sendmsg+0x10/0x10 [ 569.561808][T13317] ___sys_sendmsg+0x134/0x1d0 [ 569.561832][T13317] ? __pfx____sys_sendmsg+0x10/0x10 [ 569.561853][T13317] ? __lock_acquire+0x622/0x1c90 [ 569.561907][T13317] __sys_sendmsg+0x16d/0x220 [ 569.561931][T13317] ? __pfx___sys_sendmsg+0x10/0x10 [ 569.561969][T13317] do_syscall_64+0xcd/0x4c0 [ 569.561995][T13317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.562012][T13317] RIP: 0033:0x7fbda258e929 [ 569.562027][T13317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.562044][T13317] RSP: 002b:00007fbda3311038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 569.562062][T13317] RAX: ffffffffffffffda RBX: 00007fbda27b5fa0 RCX: 00007fbda258e929 [ 569.562073][T13317] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 569.562084][T13317] RBP: 00007fbda3311090 R08: 0000000000000000 R09: 0000000000000000 [ 569.562095][T13317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 569.562106][T13317] R13: 0000000000000000 R14: 00007fbda27b5fa0 R15: 00007ffdfc17d188 [ 569.562129][T13317] [ 570.056865][T13332] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2209'. [ 570.151159][ T5894] usb 4-1: new low-speed USB device number 63 using dummy_hcd [ 570.488273][T13342] lo speed is unknown, defaulting to 1000 [ 570.885355][ T5894] usb 4-1: string descriptor 0 read error: -22 [ 570.892990][ T5894] usb 4-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 570.902382][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.191048][T13347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 571.222529][ T5894] usb 4-1: config 0 descriptor?? [ 571.284465][ T5894] usbtest 4-1:0.0: FX2 device [ 571.294440][ T5894] usbtest 4-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 571.317308][T13349] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2212'. [ 571.369002][T13351] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2213'. [ 571.482586][T13357] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2216'. [ 571.521771][ T5908] usb 4-1: USB disconnect, device number 63 [ 571.580589][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 571.580604][ T30] audit: type=1400 audit(2000000277.737:1830): avc: denied { read } for pid=13361 comm="syz.0.2218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 572.645444][ T30] audit: type=1400 audit(2000000278.807:1831): avc: denied { read } for pid=13375 comm="syz.4.2224" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 573.015544][ T30] audit: type=1400 audit(2000000279.167:1832): avc: denied { write } for pid=13381 comm="syz.3.2226" name="tcp" dev="proc" ino=4026533454 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 573.041419][ T5876] usb 2-1: new full-speed USB device number 59 using dummy_hcd [ 573.096190][T13377] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 573.478109][ T5876] usb 2-1: config 5 has an invalid interface number: 123 but max is 0 [ 573.501433][ T30] audit: type=1400 audit(2000000279.637:1833): avc: denied { ioctl } for pid=13387 comm="syz.2.2227" path="socket:[42309]" dev="sockfs" ino=42309 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 573.804652][ T5876] usb 2-1: config 5 has no interface number 0 [ 573.810862][ T5876] usb 2-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 573.826511][ T5876] usb 2-1: config 5 interface 123 altsetting 7 endpoint 0x4 has invalid wMaxPacketSize 0 [ 573.837571][ T5876] usb 2-1: config 5 interface 123 has no altsetting 0 [ 573.853264][ T5876] usb 2-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7 [ 573.867143][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.876001][ T5876] usb 2-1: Product: syz [ 573.880166][ T5876] usb 2-1: Manufacturer: syz [ 573.888746][ T5876] usb 2-1: SerialNumber: syz [ 573.950390][T13389] syzkaller0: entered promiscuous mode [ 573.955992][T13389] syzkaller0: entered allmulticast mode [ 574.961173][ T30] audit: type=1400 audit(2000000280.477:1834): avc: denied { getopt } for pid=13374 comm="syz.1.2223" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 574.982215][ T5876] ni6501 2-1:5.123: driver 'ni6501' failed to auto-configure device. [ 575.158425][ T5876] usb 2-1: USB disconnect, device number 59 [ 575.265227][T13405] FAULT_INJECTION: forcing a failure. [ 575.265227][T13405] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 575.366890][T13405] CPU: 0 UID: 0 PID: 13405 Comm: syz.1.2231 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 575.366918][T13405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 575.366927][T13405] Call Trace: [ 575.366933][T13405] [ 575.366940][T13405] dump_stack_lvl+0x16c/0x1f0 [ 575.366970][T13405] should_fail_ex+0x512/0x640 [ 575.366996][T13405] _copy_to_user+0x32/0xd0 [ 575.367021][T13405] simple_read_from_buffer+0xcb/0x170 [ 575.367047][T13405] proc_fail_nth_read+0x197/0x270 [ 575.367070][T13405] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 575.367094][T13405] ? rw_verify_area+0xcf/0x680 [ 575.367113][T13405] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 575.367135][T13405] vfs_read+0x1e1/0xc60 [ 575.367160][T13405] ? __pfx___mutex_lock+0x10/0x10 [ 575.367185][T13405] ? __pfx_vfs_read+0x10/0x10 [ 575.367213][T13405] ? __fget_files+0x20e/0x3c0 [ 575.367240][T13405] ksys_read+0x12a/0x250 [ 575.367260][T13405] ? __pfx_ksys_read+0x10/0x10 [ 575.367286][T13405] do_syscall_64+0xcd/0x4c0 [ 575.367314][T13405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.367332][T13405] RIP: 0033:0x7f8c0458d33c [ 575.367348][T13405] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 575.367365][T13405] RSP: 002b:00007f8c053a3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 575.367384][T13405] RAX: ffffffffffffffda RBX: 00007f8c047b5fa0 RCX: 00007f8c0458d33c [ 575.367396][T13405] RDX: 000000000000000f RSI: 00007f8c053a30a0 RDI: 0000000000000004 [ 575.367407][T13405] RBP: 00007f8c053a3090 R08: 0000000000000000 R09: 0000000000000000 [ 575.367418][T13405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 575.367429][T13405] R13: 0000000000000000 R14: 00007f8c047b5fa0 R15: 00007fff8c2344c8 [ 575.367453][T13405] [ 575.670402][ T30] audit: type=1400 audit(2000000281.827:1835): avc: denied { write } for pid=13408 comm="syz.4.2234" name="mouse0" dev="devtmpfs" ino=989 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 575.696180][ T30] audit: type=1400 audit(2000000281.867:1836): avc: denied { open } for pid=13408 comm="syz.4.2234" path="/dev/input/mouse0" dev="devtmpfs" ino=989 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 575.846546][ T30] audit: type=1400 audit(2000000282.017:1837): avc: denied { sqpoll } for pid=13395 comm="syz.0.2229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 579.308603][ T30] audit: type=1400 audit(2000000285.467:1838): avc: denied { ioctl } for pid=13443 comm="syz.4.2244" path="socket:[42387]" dev="sockfs" ino=42387 ioctlcmd=0x6722 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 579.376566][ T30] audit: type=1400 audit(2000000285.517:1839): avc: denied { mounton } for pid=13439 comm="syz.0.2242" path="/544/file0" dev="tmpfs" ino=2855 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 579.484243][ T30] audit: type=1400 audit(2000000285.517:1840): avc: denied { watch } for pid=13439 comm="syz.0.2242" path="/544/file0" dev="tmpfs" ino=2855 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 579.571174][ T5901] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 579.739126][ T5901] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 579.776189][ T5901] usb 2-1: config 0 interface 0 has no altsetting 0 [ 579.845588][ T5901] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 579.874006][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.898144][ T5901] usb 2-1: Product: syz [ 579.918340][ T5901] usb 2-1: Manufacturer: syz [ 579.925901][ T5901] usb 2-1: SerialNumber: syz [ 579.937864][T13458] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2249'. [ 579.949790][ T5901] usb 2-1: config 0 descriptor?? [ 579.958970][ T5901] usb 2-1: selecting invalid altsetting 0 [ 580.251139][ T30] audit: type=1400 audit(2000000286.407:1841): avc: denied { read } for pid=13440 comm="syz.1.2243" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 580.353304][ T30] audit: type=1400 audit(2000000286.407:1842): avc: denied { open } for pid=13440 comm="syz.1.2243" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 580.406109][ T5901] usb 2-1: USB disconnect, device number 60 [ 580.446510][ T30] audit: type=1400 audit(2000000286.557:1843): avc: denied { ioctl } for pid=13440 comm="syz.1.2243" path="socket:[42433]" dev="sockfs" ino=42433 ioctlcmd=0x894b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 580.568189][ T30] audit: type=1400 audit(2000000286.567:1844): avc: denied { name_bind } for pid=13440 comm="syz.1.2243" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 580.638902][ T30] audit: type=1400 audit(2000000286.717:1845): avc: denied { create } for pid=13471 comm="syz.4.2255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 580.688670][ T30] audit: type=1400 audit(2000000286.717:1846): avc: denied { setopt } for pid=13471 comm="syz.4.2255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 580.751862][ T30] audit: type=1400 audit(2000000286.717:1847): avc: denied { write } for pid=13471 comm="syz.4.2255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 580.816096][T13480] batadv_slave_0: entered promiscuous mode [ 580.980738][T13489] afs: Unknown parameter '' [ 582.340090][T13507] pim6reg: entered allmulticast mode [ 582.420290][T13507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2268'. [ 582.448599][T13507] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2268'. [ 582.469716][T13491] lo speed is unknown, defaulting to 1000 [ 582.495294][T13507] netlink: 'syz.1.2268': attribute type 20 has an invalid length. [ 582.510211][T13496] lo speed is unknown, defaulting to 1000 [ 582.517498][T13507] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 582.527177][T13507] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 582.536288][T13507] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 582.545338][T13507] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 582.613670][T13507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2268'. [ 582.628041][T13507] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2268'. [ 582.637768][T13507] netlink: 'syz.1.2268': attribute type 20 has an invalid length. [ 582.658102][T13515] netlink: 'syz.3.2271': attribute type 6 has an invalid length. [ 582.735767][T13517] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=23 sclass=netlink_tcpdiag_socket pid=13517 comm=syz.2.2272 [ 583.839519][T13479] batadv_slave_0: left promiscuous mode [ 584.272107][T13546] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13546 comm=syz.0.2281 [ 584.656669][T13552] trusted_key: encrypted_key: insufficient parameters specified [ 584.746301][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 584.746313][ T30] audit: type=1400 audit(2000000290.907:1852): avc: denied { bind } for pid=13563 comm="syz.0.2286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 584.926101][ T30] audit: type=1400 audit(2000000291.087:1853): avc: denied { setopt } for pid=13569 comm="syz.4.2291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 585.064644][ T30] audit: type=1400 audit(2000000291.227:1854): avc: denied { read } for pid=13568 comm="syz.3.2292" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 585.343174][T13581] FAULT_INJECTION: forcing a failure. [ 585.343174][T13581] name failslab, interval 1, probability 0, space 0, times 0 [ 585.356291][T13581] CPU: 1 UID: 0 PID: 13581 Comm: syz.2.2290 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 585.356316][T13581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 585.356327][T13581] Call Trace: [ 585.356333][T13581] [ 585.356340][T13581] dump_stack_lvl+0x16c/0x1f0 [ 585.356370][T13581] should_fail_ex+0x512/0x640 [ 585.356393][T13581] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 585.356420][T13581] should_failslab+0xc2/0x120 [ 585.356445][T13581] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 585.356469][T13581] ? __alloc_skb+0x2b2/0x380 [ 585.356497][T13581] __alloc_skb+0x2b2/0x380 [ 585.356518][T13581] ? __pfx___alloc_skb+0x10/0x10 [ 585.356550][T13581] netlink_alloc_large_skb+0x69/0x130 [ 585.356570][T13581] netlink_sendmsg+0x6a1/0xdd0 [ 585.356598][T13581] ? __pfx_netlink_sendmsg+0x10/0x10 [ 585.356625][T13581] ____sys_sendmsg+0xa95/0xc70 [ 585.356644][T13581] ? copy_msghdr_from_user+0x10a/0x160 [ 585.356667][T13581] ? __pfx_____sys_sendmsg+0x10/0x10 [ 585.356689][T13581] ? __lock_acquire+0xb8a/0x1c90 [ 585.356713][T13581] ___sys_sendmsg+0x134/0x1d0 [ 585.356738][T13581] ? __pfx____sys_sendmsg+0x10/0x10 [ 585.356759][T13581] ? __lock_acquire+0x622/0x1c90 [ 585.356806][T13581] __sys_sendmsg+0x16d/0x220 [ 585.356830][T13581] ? __pfx___sys_sendmsg+0x10/0x10 [ 585.356869][T13581] do_syscall_64+0xcd/0x4c0 [ 585.356896][T13581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 585.356914][T13581] RIP: 0033:0x7f141db8e929 [ 585.356929][T13581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 585.356946][T13581] RSP: 002b:00007f141b9f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 585.356964][T13581] RAX: ffffffffffffffda RBX: 00007f141ddb6160 RCX: 00007f141db8e929 [ 585.356976][T13581] RDX: 0000000004040084 RSI: 0000200000000340 RDI: 0000000000000006 [ 585.356987][T13581] RBP: 00007f141b9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 585.356998][T13581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 585.357009][T13581] R13: 0000000000000000 R14: 00007f141ddb6160 R15: 00007ffdd473f558 [ 585.357032][T13581] [ 585.787181][ T30] audit: type=1400 audit(2000000291.257:1855): avc: denied { open } for pid=13568 comm="syz.3.2292" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 585.872593][ T30] audit: type=1400 audit(2000000291.297:1856): avc: denied { write } for pid=13569 comm="syz.4.2291" path="socket:[43279]" dev="sockfs" ino=43279 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 585.954528][ T30] audit: type=1400 audit(2000000292.117:1857): avc: denied { read append } for pid=13586 comm="syz.1.2294" name="usbmon5" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 586.031263][ T30] audit: type=1400 audit(2000000292.117:1858): avc: denied { open } for pid=13586 comm="syz.1.2294" path="/dev/usbmon5" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 586.057512][T13588] netlink: 'syz.0.2293': attribute type 2 has an invalid length. [ 586.105019][T13588] netlink: 'syz.0.2293': attribute type 1 has an invalid length. [ 586.195821][ T30] audit: type=1400 audit(2000000292.357:1859): avc: denied { create } for pid=13590 comm="syz.2.2295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 586.257857][ T30] audit: type=1400 audit(2000000292.357:1860): avc: denied { read } for pid=13590 comm="syz.2.2295" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 586.292693][ T30] audit: type=1400 audit(2000000292.357:1861): avc: denied { open } for pid=13590 comm="syz.2.2295" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 588.333312][T13624] netlink: 'syz.0.2303': attribute type 1 has an invalid length. [ 588.775227][T13634] veth13: entered promiscuous mode [ 588.981332][ T5894] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 589.511162][ T5894] usb 2-1: Using ep0 maxpacket: 32 [ 589.517447][ T5894] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 589.526496][ T5894] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.537484][ T5894] usb 2-1: config 0 descriptor?? [ 589.561719][ T5901] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 589.621284][ T5887] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 589.711428][ T5901] usb 4-1: Using ep0 maxpacket: 16 [ 589.722092][ T5901] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 589.730555][ T5901] usb 4-1: config 0 has no interface number 0 [ 589.739052][ T5901] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 589.756961][ T5894] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 589.767857][ T5894] usb 2-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 589.776975][ T5901] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 589.813168][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 589.813187][ T30] audit: type=1400 audit(2000000295.917:1865): avc: denied { read write } for pid=13636 comm="syz.1.2307" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 589.842390][ C1] vkms_vblank_simulate: vblank timer overrun [ 589.856813][ T5894] usb 2-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 589.877118][ T5901] usb 4-1: config 0 interface 41 has no altsetting 0 [ 589.894844][ T5887] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 589.914526][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.928948][ T5901] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 589.941905][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.950000][ T30] audit: type=1400 audit(2000000295.917:1866): avc: denied { open } for pid=13636 comm="syz.1.2307" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 589.973143][ C1] vkms_vblank_simulate: vblank timer overrun [ 589.980977][ T30] audit: type=1400 audit(2000000295.917:1867): avc: denied { map } for pid=13636 comm="syz.1.2307" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 589.982138][ T5887] usb 3-1: config 0 descriptor?? [ 590.008458][ T30] audit: type=1400 audit(2000000295.917:1868): avc: denied { execute } for pid=13636 comm="syz.1.2307" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 590.009060][ T5901] usb 4-1: Product: syz [ 590.048455][ T5887] cp210x 3-1:0.0: cp210x converter detected [ 590.055921][ T5901] usb 4-1: Manufacturer: syz [ 590.060708][ T5901] usb 4-1: SerialNumber: syz [ 590.070953][ T5901] usb 4-1: config 0 descriptor?? [ 590.078361][T13645] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 590.085709][T13645] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 590.169916][ T30] audit: type=1400 audit(2000000296.317:1869): avc: denied { append } for pid=13663 comm="syz.4.2318" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 590.410694][T13645] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 590.417978][T13645] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 590.475949][ T5887] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 590.636164][T13645] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2311'. [ 590.669992][ T5901] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): set LINK LED failed : -71 [ 590.680701][ T5901] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -71 [ 590.693661][ T5887] usb 3-1: cp210x converter now attached to ttyUSB0 [ 590.719422][ T5901] usb 4-1: USB disconnect, device number 64 [ 590.877144][T13680] IPv6: Can't replace route, no match found [ 590.944677][ T5985] usb 3-1: USB disconnect, device number 44 [ 590.961851][ T5985] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 590.986632][ T5985] cp210x 3-1:0.0: device disconnected [ 591.080300][T13684] netlink: 'syz.1.2323': attribute type 1 has an invalid length. [ 591.259010][T13684] veth17: entered promiscuous mode [ 591.301943][T13693] 8021q: VLANs not supported on gre0 [ 591.465788][ T30] audit: type=1400 audit(2000000297.627:1870): avc: denied { write } for pid=13701 comm="syz.4.2330" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 592.089608][ T30] audit: type=1400 audit(2000000297.647:1871): avc: denied { open } for pid=13701 comm="syz.4.2330" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 592.302616][ C1] ------------[ cut here ]------------ [ 592.308722][ C1] WARNING: CPU: 1 PID: 13713 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x684/0x830 [ 592.318342][ C1] Modules linked in: [ 592.322661][ C1] CPU: 1 UID: 0 PID: 13713 Comm: syz.0.2331 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 592.333022][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 592.343123][ C1] RIP: 0010:inet_sock_destruct+0x684/0x830 [ 592.348942][ C1] Code: 0f 0b 90 e9 12 fe ff ff e8 a9 99 b5 f7 90 0f 0b 90 e9 5e fe ff ff e8 9b 99 b5 f7 90 0f 0b 90 e9 94 fe ff ff e8 8d 99 b5 f7 90 <0f> 0b 90 e9 d3 fe ff ff e8 3f 73 1c f8 e9 d7 fc ff ff 4c 89 ff e8 [ 592.368612][ C1] RSP: 0018:ffffc90000a08d90 EFLAGS: 00010246 [ 592.374720][ C1] RAX: 0000000000000000 RBX: ffff88804286a880 RCX: ffffffff8a0657c7 [ 592.382714][ C1] RDX: ffff888084a2a440 RSI: ffffffff8a0658f3 RDI: 0000000000000005 [ 592.390706][ C1] RBP: 0000000000000fff R08: 0000000000000005 R09: 0000000000000000 [ 592.398708][ C1] R10: 0000000000000fff R11: 0000000000000001 R12: ffff88804286a880 [ 592.406718][ C1] R13: ffff88804286a910 R14: ffffc90000a08e90 R15: 0000000000000004 [ 592.414713][ C1] FS: 0000000000000000(0000) GS:ffff888124813000(0000) knlGS:0000000000000000 [ 592.423685][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 592.430273][ C1] CR2: 0000001b2fd1eff8 CR3: 0000000055943000 CR4: 00000000003526f0 [ 592.438274][ C1] Call Trace: [ 592.441580][ C1] [ 592.444424][ C1] ? inet6_cleanup_sock+0x117/0x210 [ 592.449637][ C1] ? __pfx_inet6_sock_destruct+0x10/0x10 [ 592.455296][ C1] __sk_destruct+0x81/0x980 [ 592.459827][ C1] ? rcu_core+0x797/0x14e0 [ 592.464269][ C1] rcu_core+0x79c/0x14e0 [ 592.468524][ C1] ? __pfx_rcu_core+0x10/0x10 [ 592.473233][ C1] ? run_timer_base+0x121/0x190 [ 592.478097][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 592.483324][ C1] handle_softirqs+0x219/0x8e0 [ 592.488099][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 592.493417][ C1] __irq_exit_rcu+0x109/0x170 [ 592.498102][ C1] irq_exit_rcu+0x9/0x30 [ 592.502369][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 592.508032][ C1] [ 592.510964][ C1] [ 592.513917][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 592.519907][ C1] RIP: 0010:lock_is_held_type+0x107/0x150 [ 592.525670][ C1] Code: 00 00 b8 ff ff ff ff 65 0f c1 05 6c c0 48 08 83 f8 01 75 2d 9c 58 f6 c4 02 75 43 48 f7 04 24 00 02 00 00 74 01 fb 48 83 c4 08 <44> 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d7 f1 02 00 45 31 ed eb [ 592.545326][ C1] RSP: 0018:ffffc9000473f708 EFLAGS: 00000282 [ 592.551419][ C1] RAX: 0000000000000046 RBX: ffff888084a2af58 RCX: 0000000000000001 [ 592.559385][ C1] RDX: 0000000000000000 RSI: ffffffff8de0d94d RDI: ffffffff8c158ee0 [ 592.567351][ C1] RBP: ffffffff8e5c4e00 R08: 0000000000000006 R09: 0000000000001000 [ 592.575320][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888084a2a440 [ 592.583291][ C1] R13: 0000000000000001 R14: 00000000ffffffff R15: 0000000000000001 [ 592.591268][ C1] lookup_page_ext+0x10d/0x1d0 [ 592.596029][ C1] page_table_check_clear+0x1e2/0x740 [ 592.601415][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 592.607305][ C1] __page_table_check_pte_clear+0xf1/0x100 [ 592.613104][ C1] ? __pfx___page_table_check_pte_clear+0x10/0x10 [ 592.619512][ C1] ? __tlb_remove_folio_pages_size.constprop.0+0x162/0x560 [ 592.626748][ C1] unmap_page_range+0x24bd/0x4350 [ 592.631788][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 592.637148][ C1] ? uprobe_munmap+0x20/0x5c0 [ 592.641839][ C1] unmap_single_vma.constprop.0+0x153/0x240 [ 592.647715][ C1] unmap_vmas+0x218/0x470 [ 592.652070][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 592.656985][ C1] ? mas_next_slot+0x12d3/0x21b0 [ 592.661991][ C1] exit_mmap+0x1b9/0xb90 [ 592.666262][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 592.671123][ C1] __mmput+0x12a/0x410 [ 592.675232][ C1] mmput+0x62/0x70 [ 592.678967][ C1] do_exit+0x7c4/0x2bd0 [ 592.683162][ C1] ? __pfx_do_exit+0x10/0x10 [ 592.687765][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 592.693190][ C1] do_group_exit+0xd3/0x2a0 [ 592.697709][ C1] __x64_sys_exit_group+0x3e/0x50 [ 592.702761][ C1] x64_sys_call+0x1530/0x1730 [ 592.707463][ C1] do_syscall_64+0xcd/0x4c0 [ 592.711983][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.717870][ C1] RIP: 0033:0x7fa2abd8e929 [ 592.722280][ C1] Code: Unable to access opcode bytes at 0x7fa2abd8e8ff. [ 592.729282][ C1] RSP: 002b:00007ffdec5d0b78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 592.737694][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa2abd8e929 [ 592.745676][ C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 592.753655][ C1] RBP: 00007ffdec5d0bdc R08: 00000005ec5d0c6f R09: 00000000000927c0 [ 592.761650][ C1] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000235 [ 592.769624][ C1] R13: 00000000000927c0 R14: 0000000000090643 R15: 00007ffdec5d0c30 [ 592.777638][ C1] [ 592.780662][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 592.787937][ C1] CPU: 1 UID: 0 PID: 13713 Comm: syz.0.2331 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) [ 592.798248][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 592.808286][ C1] Call Trace: [ 592.811547][ C1] [ 592.814377][ C1] dump_stack_lvl+0x3d/0x1f0 [ 592.818961][ C1] panic+0x71c/0x800 [ 592.822850][ C1] ? __pfx_panic+0x10/0x10 [ 592.827259][ C1] ? show_trace_log_lvl+0x29b/0x3e0 [ 592.832453][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 592.837592][ C1] ? inet_sock_destruct+0x684/0x830 [ 592.842798][ C1] check_panic_on_warn+0xab/0xb0 [ 592.847719][ C1] __warn+0xf6/0x3c0 [ 592.851602][ C1] ? inet_sock_destruct+0x684/0x830 [ 592.856785][ C1] report_bug+0x3c3/0x580 [ 592.861107][ C1] ? inet_sock_destruct+0x684/0x830 [ 592.866300][ C1] handle_bug+0x184/0x210 [ 592.870621][ C1] exc_invalid_op+0x17/0x50 [ 592.875107][ C1] asm_exc_invalid_op+0x1a/0x20 [ 592.879943][ C1] RIP: 0010:inet_sock_destruct+0x684/0x830 [ 592.885737][ C1] Code: 0f 0b 90 e9 12 fe ff ff e8 a9 99 b5 f7 90 0f 0b 90 e9 5e fe ff ff e8 9b 99 b5 f7 90 0f 0b 90 e9 94 fe ff ff e8 8d 99 b5 f7 90 <0f> 0b 90 e9 d3 fe ff ff e8 3f 73 1c f8 e9 d7 fc ff ff 4c 89 ff e8 [ 592.905327][ C1] RSP: 0018:ffffc90000a08d90 EFLAGS: 00010246 [ 592.911381][ C1] RAX: 0000000000000000 RBX: ffff88804286a880 RCX: ffffffff8a0657c7 [ 592.919334][ C1] RDX: ffff888084a2a440 RSI: ffffffff8a0658f3 RDI: 0000000000000005 [ 592.927290][ C1] RBP: 0000000000000fff R08: 0000000000000005 R09: 0000000000000000 [ 592.935246][ C1] R10: 0000000000000fff R11: 0000000000000001 R12: ffff88804286a880 [ 592.943200][ C1] R13: ffff88804286a910 R14: ffffc90000a08e90 R15: 0000000000000004 [ 592.951161][ C1] ? inet_sock_destruct+0x557/0x830 [ 592.956347][ C1] ? inet_sock_destruct+0x683/0x830 [ 592.961538][ C1] ? inet6_cleanup_sock+0x117/0x210 [ 592.966726][ C1] ? __pfx_inet6_sock_destruct+0x10/0x10 [ 592.972349][ C1] __sk_destruct+0x81/0x980 [ 592.976843][ C1] ? rcu_core+0x797/0x14e0 [ 592.981250][ C1] rcu_core+0x79c/0x14e0 [ 592.985484][ C1] ? __pfx_rcu_core+0x10/0x10 [ 592.990150][ C1] ? run_timer_base+0x121/0x190 [ 592.994993][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 593.000185][ C1] handle_softirqs+0x219/0x8e0 [ 593.004943][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 593.010218][ C1] __irq_exit_rcu+0x109/0x170 [ 593.014883][ C1] irq_exit_rcu+0x9/0x30 [ 593.019110][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 593.024731][ C1] [ 593.027648][ C1] [ 593.030564][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 593.036530][ C1] RIP: 0010:lock_is_held_type+0x107/0x150 [ 593.042239][ C1] Code: 00 00 b8 ff ff ff ff 65 0f c1 05 6c c0 48 08 83 f8 01 75 2d 9c 58 f6 c4 02 75 43 48 f7 04 24 00 02 00 00 74 01 fb 48 83 c4 08 <44> 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d7 f1 02 00 45 31 ed eb [ 593.061829][ C1] RSP: 0018:ffffc9000473f708 EFLAGS: 00000282 [ 593.067883][ C1] RAX: 0000000000000046 RBX: ffff888084a2af58 RCX: 0000000000000001 [ 593.075836][ C1] RDX: 0000000000000000 RSI: ffffffff8de0d94d RDI: ffffffff8c158ee0 [ 593.083791][ C1] RBP: ffffffff8e5c4e00 R08: 0000000000000006 R09: 0000000000001000 [ 593.091747][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888084a2a440 [ 593.099699][ C1] R13: 0000000000000001 R14: 00000000ffffffff R15: 0000000000000001 [ 593.107668][ C1] lookup_page_ext+0x10d/0x1d0 [ 593.112422][ C1] page_table_check_clear+0x1e2/0x740 [ 593.117781][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 593.123662][ C1] __page_table_check_pte_clear+0xf1/0x100 [ 593.129456][ C1] ? __pfx___page_table_check_pte_clear+0x10/0x10 [ 593.135858][ C1] ? __tlb_remove_folio_pages_size.constprop.0+0x162/0x560 [ 593.143047][ C1] unmap_page_range+0x24bd/0x4350 [ 593.148082][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 593.153449][ C1] ? uprobe_munmap+0x20/0x5c0 [ 593.158119][ C1] unmap_single_vma.constprop.0+0x153/0x240 [ 593.164004][ C1] unmap_vmas+0x218/0x470 [ 593.168325][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 593.173173][ C1] ? mas_next_slot+0x12d3/0x21b0 [ 593.178123][ C1] exit_mmap+0x1b9/0xb90 [ 593.182353][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 593.187124][ C1] __mmput+0x12a/0x410 [ 593.191183][ C1] mmput+0x62/0x70 [ 593.194890][ C1] do_exit+0x7c4/0x2bd0 [ 593.199040][ C1] ? __pfx_do_exit+0x10/0x10 [ 593.203620][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 593.208983][ C1] do_group_exit+0xd3/0x2a0 [ 593.214086][ C1] __x64_sys_exit_group+0x3e/0x50 [ 593.219099][ C1] x64_sys_call+0x1530/0x1730 [ 593.223759][ C1] do_syscall_64+0xcd/0x4c0 [ 593.228254][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.234130][ C1] RIP: 0033:0x7fa2abd8e929 [ 593.238526][ C1] Code: Unable to access opcode bytes at 0x7fa2abd8e8ff. [ 593.245521][ C1] RSP: 002b:00007ffdec5d0b78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 593.253920][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa2abd8e929 [ 593.262744][ C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 593.270703][ C1] RBP: 00007ffdec5d0bdc R08: 00000005ec5d0c6f R09: 00000000000927c0 [ 593.278748][ C1] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000235 [ 593.286721][ C1] R13: 00000000000927c0 R14: 0000000000090643 R15: 00007ffdec5d0c30 [ 593.294691][ C1] [ 593.298008][ C1] Kernel Offset: disabled [ 593.302312][ C1] Rebooting in 86400 seconds..