last executing test programs: 34.554042977s ago: executing program 2 (id=1035): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r3) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r5) setsockopt$sock_attach_bpf(r6, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r7 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r7, 0x10f, 0x87, &(0x7f00000008c0), 0x43) write$cgroup_subtree(r7, &(0x7f0000000040)=ANY=[], 0xfdef) sendmsg$NFC_CMD_GET_TARGET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r4, 0x1}, 0x14}}, 0x0) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r3) r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r3) sendmsg$NBD_CMD_RECONFIGURE(r2, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYRES32=r1, @ANYRES8=r4, @ANYRESOCT=r4, @ANYRESDEC=r8, @ANYRESHEX=r9, @ANYRES32=r0, @ANYRES64=r0, @ANYRESOCT=r0, @ANYRESOCT=r2], 0x28}}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r10, 0x2, 0x6}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000000c0)={r10, 0x2, 0x6, @remote}, 0x10) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r13 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r12, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="010026bd7000fcdbdf250d0000000c000600030000000300000008000c000400000008000d000100000008000c00040000000800010002"], 0x70}, 0x1, 0x0, 0x0, 0x20001080}, 0x4000000) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r11, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f0000000140)={0x1c, r13, 0x200, 0x70bd27, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x40040d0) r14 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r14, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) 34.265180127s ago: executing program 2 (id=1038): socket$can_raw(0x1d, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07006706000020000000170200000ee60000bf050000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad35010000000000840400000000000014000000000000009500000000000000db13d5d8b741f2cdaabc83df03395287fd51a700ea6553f304000000815dcf00c3eebc52267b042d196bde7c382d21ff79a8583a7482c5994747e19325b1ee980cbd800d845dacbcf5ad8cdbc7abf9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b000100627269646765000014000280080004000000"], 0x44}}, 0x0) 32.945718711s ago: executing program 2 (id=1039): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) sendmsg$key(0xffffffffffffffff, &(0x7f00005f5000)={0x1000000, 0x0, 0x0}, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00006b3000/0x1000)=nil, 0x400000, 0x2, 0x2}) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x78, 0x16, 0x400, 0x0, 0x0, {}, [@typed={0x4}, @typed={0x5d, 0xa, 0x0, 0x0, @binary="67fa673b4b8d331bac6d7eaf24a5472ab38a49d86b61cdc0a7c6632782b6b7a431a174c9dce45b2c893f4eda36874011034e5fcdc97c39931997a1494c6dde87b4adafb0defb4be2e24ec955046cefd37348274357723a13ae"}]}, 0x78}}, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0xc0, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/rt_acct\x00') preadv(r3, &(0x7f0000000340)=[{&(0x7f00000002c0)=""/21, 0x15}], 0x1, 0x38, 0x0) sendmsg$inet(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x15) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000000000c105804135000000000000109022400010000000009040002010300000009210000640122f80409058103"], 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r6}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r7}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$inet_dccp(0x2, 0x6, 0x0) 27.536513724s ago: executing program 2 (id=1049): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x840000000002, 0x3, 0xc3) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="fb00000000000000a7"]) r6 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0) ioctl$I2C_SMBUS(r6, 0x720, &(0x7f0000000300)={0x1, 0x0, 0x3, &(0x7f0000000100)={0x0, "fd6d44512b7e1b0420ec2a3ba53b31dd77e7ffffff0300"}}) setsockopt$inet_int(r0, 0x0, 0x16, &(0x7f0000000000)=0x9, 0x4) r7 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r7, 0x50009404, &(0x7f0000000140)) creat(&(0x7f0000000040)='./file0\x00', 0x0) r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r8, &(0x7f0000006380)={0x2020}, 0x2020) 25.409522619s ago: executing program 2 (id=1053): pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000004c0)=0x5) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x7fffffc}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000580)={0x1, @pix_mp={0x0, 0x0, 0x30385056, 0x4, 0x0, [{}, {0x10001}, {0x0, 0x3}, {}, {0x0, 0x9}, {}, {0x0, 0xfffffffd}], 0x10, 0x0, 0x0, 0x0, 0x3}}) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000240)=0x1) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000380)={0x0, 0x1, 0x0, "eee98fa706178749cb4dfd93e33c9b6b7bd152f35ed734fc70157dcb4f1891e2"}) r5 = openat$incfs(r0, 0x0, 0x80100, 0xa9) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000a40)={'vxcan1\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="2000000010000110000100000475000000000000", @ANYRES32=r7, @ANYRESOCT], 0x20}}, 0x0) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="2000000010000104000000000000000000480000", @ANYRES32=r7, @ANYBLOB='\v'], 0x20}}, 0x0) pwrite64(r5, 0x0, 0x0, 0x8000000) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_DESTROY(r9, 0x0, 0x0) sendmsg$IPSET_CMD_PROTOCOL(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000000106010800"], 0x24}, 0x1, 0x0, 0x0, 0x24000041}, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000140)=0xfffffffffffffffe, 0xb, 0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) 23.469765531s ago: executing program 2 (id=1057): r0 = socket$inet(0x2, 0x2, 0x1) syslog(0x4, &(0x7f0000000180)=""/210, 0xd2) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000440)=0x200, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) unshare(0x22020400) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) mmap(&(0x7f000001a000/0x3000)=nil, 0x3000, 0xf, 0x11012, r3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000) connect$inet(r1, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000000900), 0x0, 0x0) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r5, 0x891b, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000240)='./file0/bus\x00', 0x0) acct(&(0x7f0000000100)='./file0/bus\x00') umount2(&(0x7f0000000280)='./file0\x00', 0x0) 15.882949786s ago: executing program 0 (id=1073): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x50}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)={0x2c, 0xd, 0xa, 0xe01, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, 0x2c}}, 0x0) 15.772658128s ago: executing program 0 (id=1074): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x4000010, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x401d031, 0xffffffffffffffff, 0x0) r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) getsockopt$sock_buf(r3, 0x1, 0xe, 0x0, &(0x7f0000000180)) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r4) sendmsg$NLBL_CALIPSO_C_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x1c, r5, 0x125, 0xfffffffc, 0x1020, {}, [@NLBL_CALIPSO_A_DOI={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x7f02100df1b156e5}, 0x4000000) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = socket$inet6(0xa, 0x800000000000002, 0x0) ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, 0x0) setsockopt$inet6_udp_int(r7, 0x11, 0x67, 0x0, 0x0) fcntl$notify(r3, 0x402, 0x80000008) connect$inet6(r7, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, 0x1c) connect$inet6(r7, 0x0, 0x0) sendmmsg$inet6(r7, 0x0, 0x0, 0x80440c1) r8 = syz_pidfd_open(r6, 0x0) process_madvise(r8, 0x0, 0x0, 0x19, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 14.800905972s ago: executing program 1 (id=1077): openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) io_setup(0x2, &(0x7f0000000180)) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r5, r4, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) 13.12719344s ago: executing program 0 (id=1078): syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000340)=ANY=[@ANYBLOB="640121020001ac1414bb7f7fdd9b"], 0x1c) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) socket$inet6(0xa, 0x1, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) capset(0x0, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) r6 = socket$nl_route(0x10, 0x3, 0x0) arch_prctl$ARCH_REQ_XCOMP_PERM(0x1023, 0x12) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x80, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_tunnel_key={0x68, 0x1, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @empty=0x1000000}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x4008800}, 0x0) syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="04040a"], 0xd) openat$snapshot(0xffffff9c, &(0x7f0000000880), 0x20840, 0x0) 9.677298915s ago: executing program 0 (id=1083): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x48801) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x3c, 0x3e9, 0x400, 0x70bd28, 0x25dfdbfd, {0x40, 0x1, 0x2, r0, 0x819, 0x7, 0x80000001, 0x4, 0x0, 0x1, 0xffffb14e}, [""]}, 0x3c}, 0x1, 0x0, 0x0, 0x40010}, 0x20048811) r3 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = getpid() syz_pidfd_open(r5, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r3}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) 9.205716959s ago: executing program 1 (id=1085): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') unlinkat(r0, &(0x7f0000000000)='./file1\x00', 0x0) open(&(0x7f00000005c0)='./bus\x00', 0x66842, 0x0) (fail_nth: 2) 8.789797124s ago: executing program 1 (id=1086): write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b40)={0x18, 0x10, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYBLOB="da2261875f58323cf5704ca92bdcc7e39a892ad9ce2e9482b397d74faa777043c79850203e844203a9e2442046a6d5429a7a66ed82d754"], &(0x7f0000000080)='syzkaller\x00', 0x8, 0xac, &(0x7f0000000140)=""/172, 0x41000, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) r0 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0) kcmp(r0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000740)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x13f}}, 0x20) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote}, r4}}, 0x48) close(r3) bpf$MAP_CREATE(0x0, 0x0, 0x50) epoll_create1(0x0) syz_open_dev$usbmon(&(0x7f0000000440), 0x0, 0x0) syz_io_uring_setup(0xa7f, &(0x7f0000000000)={0x0, 0xd47d, 0x80, 0x0, 0x14}, &(0x7f0000000640), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f00000002c0)=0x0, &(0x7f0000000280)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) 8.787755308s ago: executing program 3 (id=1087): syz_init_net_socket$rose(0xb, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f0000000300), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4) ioctl$SIOCAX25CTLCON(r1, 0x89e9, &(0x7f0000000000)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @bcast, 0x0, 0x0, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x3a) ioctl$SIOCAX25ADDUID(r2, 0x89e7, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) getpeername$ax25(r2, 0xfffffffffffffffd, &(0x7f0000000080)) setresgid(0xee00, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r3) sendmsg$NLBL_MGMT_C_ADDDEF(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x3c, r4, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast2}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_FAMILY={0x6}]}, 0x3c}}, 0x0) 8.273289644s ago: executing program 32 (id=1057): r0 = socket$inet(0x2, 0x2, 0x1) syslog(0x4, &(0x7f0000000180)=""/210, 0xd2) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000440)=0x200, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) unshare(0x22020400) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) mmap(&(0x7f000001a000/0x3000)=nil, 0x3000, 0xf, 0x11012, r3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000) connect$inet(r1, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000000900), 0x0, 0x0) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r5, 0x891b, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000240)='./file0/bus\x00', 0x0) acct(&(0x7f0000000100)='./file0/bus\x00') umount2(&(0x7f0000000280)='./file0\x00', 0x0) 7.475879781s ago: executing program 3 (id=1090): socket$nl_route(0x10, 0x3, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f00000002c0)={0x18, 0x0, r1, r2, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r3, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x4, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2, 0x0, 0x88000}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 7.08618959s ago: executing program 3 (id=1091): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x4000010, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x401d031, 0xffffffffffffffff, 0x0) r3 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) getsockopt$sock_buf(r3, 0x1, 0xe, 0x0, &(0x7f0000000180)) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r4) sendmsg$NLBL_CALIPSO_C_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x1c, r5, 0x125, 0xfffffffc, 0x1020, {}, [@NLBL_CALIPSO_A_DOI={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x7f02100df1b156e5}, 0x4000000) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = socket$inet6(0xa, 0x800000000000002, 0x0) ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, 0x0) setsockopt$inet6_udp_int(r7, 0x11, 0x67, 0x0, 0x0) fcntl$notify(r3, 0x402, 0x80000008) connect$inet6(r7, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, 0x1c) connect$inet6(r7, 0x0, 0x0) sendmmsg$inet6(r7, 0x0, 0x0, 0x80440c1) syz_pidfd_open(r6, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x50}}, 0x0) 6.876928305s ago: executing program 0 (id=1092): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000f2d07c40501d89601dd0000000010902120001000000"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYRES16=0x0], 0x0, 0x2f, 0x0, 0x0, 0x3, 0x0, @void, @value}, 0x28) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000000400)={0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000300)={0x34, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) futex(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_SEQ_PANIC(0xffffffffffffffff, 0x5100) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) 5.891485897s ago: executing program 3 (id=1093): syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000340)=ANY=[@ANYBLOB="640121020001ac1414bb7f7fdd9b"], 0x1c) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) socket$inet6(0xa, 0x1, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) capset(0x0, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) r6 = socket$nl_route(0x10, 0x3, 0x0) arch_prctl$ARCH_REQ_XCOMP_PERM(0x1023, 0x12) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x80, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_tunnel_key={0x68, 0x1, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @empty=0x1000000}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x4008800}, 0x0) syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="04040a"], 0xd) openat$snapshot(0xffffff9c, &(0x7f0000000880), 0x20840, 0x0) 5.61906514s ago: executing program 1 (id=1095): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000300)={0x0, 0x1000, 0xfffffffa, 0x4, 0xc, 0x8, 0x2, 0xfffffc00, {0x0, @in={{0x2, 0x4e23, @multicast1}}, 0x6, 0xa, 0x2, 0x10001, 0x4}}, &(0x7f0000000180)=0xb0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000040a0ed35548f3392e63c25086875a6e5a62e8c514b31f53ddc117c64520080a4e1829f50421b6d239e96023881c216dc512fc8a8606a7253ac4723120cdf7fbabd15249d96ff83c7217dd2e8bfe7d4f664e1f1cd622d2f7ea65d574aeb72edbaa5a30152075103902a811f6d75816a6eb08988402de2ec135ec15b16460940f4b5d828875fee6ce13a5a9eda5bde3ed1f9dc0106f1137e0b2bc1283cc79075d0ad289bbe198cf00a078513bc07ff30d8781efd10283b8599f915bb35e722f0bc777eedb6b526279e3db24efdc036fe3fd2aa52320ccb7017c622b0a5cbbaa088cb89c67faa5d16b89e41256764492c0bbbe808035aa99fc7f4b930ea6461a63ecb78fb8ebf0ab0f5454dcd87d287f4a085523a2d7ce5d417187700000000000000", @ANYRES16], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prctl$PR_SET_IO_FLUSHER(0x53564d41, 0x1) openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, 0x0, 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) syz_init_net_socket$ax25(0x3, 0x5, 0xc4) socket$inet6_sctp(0xa, 0x801, 0x84) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 3.666289551s ago: executing program 1 (id=1096): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001f80)=ANY=[@ANYBLOB="b702000026f90000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000002b000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f17e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b534dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b6fbce3f897226c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a0806000000020000000000000048f941b13d924bcf334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c063f7130856f756436303767d2e24f29e5dad9796edb697a6ea1182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570d338f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a411f450f173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75ee905000000d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef660200a99b5c0c20b378065fac4ef9ac2d00000060e5d3f1749feaecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80146, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000240)={0xf0003, 0x0, [0x680, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x2b]}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) (fail_nth: 2) 3.260424917s ago: executing program 4 (id=1098): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x10d, &(0x7f00000000c0)={0x0, 0x40000, 0x0, 0xfffffffc, 0x358}, &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r6 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x1) ioctl$VIDIOC_QUERY_DV_TIMINGS(r7, 0x80845663, &(0x7f00000002c0)={0x0, @reserved}) fchdir(r7) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}]}) syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r3, 0x3f70, 0x0, 0x0, 0x0, 0x0) 2.592225039s ago: executing program 3 (id=1099): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20044800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xffffffff}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6", 0x10) r3 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000002600)=ANY=[], 0x117c}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000000) recvmsg$unix(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000008c0)=""/26, 0x117c}], 0x1}, 0x40000120) 2.275801976s ago: executing program 4 (id=1100): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @multicast2}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_FAMILY={0x6}]}, 0x3c}}, 0x0) 2.230913073s ago: executing program 0 (id=1101): syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000340)=ANY=[@ANYBLOB="640121020001ac1414bb7f7fdd9b"], 0x1c) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) capset(0x0, 0x0) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) r6 = socket$nl_route(0x10, 0x3, 0x0) arch_prctl$ARCH_REQ_XCOMP_PERM(0x1023, 0x12) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x80, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_tunnel_key={0x68, 0x1, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @empty=0x1000000}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x4008800}, 0x0) syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="04040a"], 0xd) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) openat$snapshot(0xffffff9c, &(0x7f0000000880), 0x20840, 0x0) 2.09862578s ago: executing program 1 (id=1102): socket$can_raw(0x1d, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07006706000020000000170200000ee60000bf050000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad35010000000000840400000000000014000000000000009500000000000000db13d5d8b741f2cdaabc83df03395287fd51a700ea6553f304000000815dcf00c3eebc52267b042d196bde7c382d21ff79a8583a7482c5994747e19325b1ee980cbd800d845dacbcf5ad8cdbc7abf9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010062726964676500001400"], 0x44}}, 0x0) 2.097953927s ago: executing program 4 (id=1103): socket$inet_tcp(0x2, 0x1, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0xc17a) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[@ANYBLOB='/'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.888365963s ago: executing program 4 (id=1104): r0 = socket$inet6(0xa, 0x3, 0x87) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_BLANKSCREEN(r4, 0x5609, &(0x7f0000000000)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x108) r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r6, 0xc008551b, &(0x7f0000000040)=ANY=[]) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000000)={{{@in=@local, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xffff, 0x3}}, {{@in=@loopback, 0x0, 0x6c}, 0xa, @in=@loopback}}, 0xe8) r7 = socket$inet6(0xa, 0x2, 0x3a) sendmmsg$inet6(r7, &(0x7f0000003ac0)=[{{&(0x7f00000000c0)={0xa, 0x4e22, 0x0, @loopback, 0x1}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000940)="ffcc481c7f1c9e89", 0x8}], 0x1}}], 0x2, 0x0) 227.727082ms ago: executing program 4 (id=1105): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = socket$pptp(0x18, 0x1, 0x2) getpeername(r0, 0x0, &(0x7f0000000080)) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mknodat(r1, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') linkat(r1, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0) open$dir(&(0x7f00000001c0)='./file1\x00', 0x8000, 0x100) unlink(&(0x7f0000000180)='./file1\x00') unlink(&(0x7f0000000000)='./file0\x00') mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000240)='./file0\x00') mkdir(&(0x7f0000000000)='./control\x00', 0x0) open$dir(&(0x7f00000002c0)='./control/file0\x00', 0x80040, 0x0) r2 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000100)='./control\x00', 0x0) getdents64(r2, &(0x7f0000fc4fbe)=""/80, 0x50) unlink(&(0x7f00000001c0)='./control/file0\x00') unlinkat(r2, &(0x7f0000000140)='./control\x00', 0x200) rmdir(&(0x7f0000000040)='./control\x00') 60.635096ms ago: executing program 3 (id=1106): r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000500)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="340000001400b5952cbc7000ffdbdf250a0080c8", @ANYRES32=r2, @ANYBLOB="140002000000000000000000000000000000000108000900ffffffff56d83ab5db34ba330dc0e355920b1e6dd740e281d71bb5cfa5388ea6d011a3e09770f30d18ceea32f06f8cfa438e60e82713a0dec04eea65d690866cf444d3fe6110c2ccc9816286bf209ed051d3e405b8184081402ac62415ecebcd45bd221b38a8b5fc796201addad4b9fc35e4247deefbe92efab79214aab508f84c71ed985c6f92972ee5deafeedae2a3c8"], 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x40040) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000a40)=ANY=[], 0x240}, 0x1, 0x0, 0x0, 0x8800}, 0x8044) 0s ago: executing program 4 (id=1107): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) io_uring_setup(0x10000669, &(0x7f0000000140)={0x0, 0x10, 0x20, 0x0, 0x31b}) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_io_uring_setup(0x10c, &(0x7f0000000380)={0x0, 0x5885, 0x10}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, 0x0, 0x0) sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8800}, 0x48040) r7 = socket$inet_udp(0x2, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) setsockopt$inet_int(r7, 0x0, 0x30, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) kernel console output (not intermixed with test programs): found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 201.079731][ T5883] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.272721][ T7687] syzkaller0: entered allmulticast mode [ 201.295709][ T7687] syzkaller0 (unregistering): left allmulticast mode [ 201.430885][ T5883] usb 1-1: config 0 descriptor?? [ 202.517837][ T5883] usbhid 1-1:0.0: can't add hid device: -71 [ 202.524296][ T5883] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 202.827165][ T5883] usb 1-1: USB disconnect, device number 15 [ 204.059759][ T7705] netlink: 8 bytes leftover after parsing attributes in process `syz.1.472'. [ 205.037700][ T7706] netlink: 'syz.0.473': attribute type 13 has an invalid length. [ 205.338487][ T7712] loop6: detected capacity change from 0 to 524287999 [ 205.352686][ T29] audit: type=1400 audit(1732624189.608:428): avc: denied { append } for pid=7711 comm="syz.4.477" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 205.432590][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 205.441952][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 206.462645][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 206.471909][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 207.813618][ T7723] netlink: 'syz.3.475': attribute type 13 has an invalid length. [ 207.831109][ T7725] netlink: 'syz.1.478': attribute type 13 has an invalid length. [ 207.914357][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 207.923605][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 208.836683][ T7734] program syz.0.480 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 209.001504][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 209.010762][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.030001][ T7738] fuse: Bad value for 'fd' [ 209.122576][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 209.132050][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.206625][ T7731] tipc: Started in network mode [ 209.213675][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 209.222876][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.250839][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 209.260069][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.277324][ T7712] ldm_validate_partition_table(): Disk read failed. [ 209.287174][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 209.291467][ T7731] tipc: Node identity 9e5e7654fdb9, cluster identity 4711 [ 209.296364][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.319537][ T7731] tipc: Enabled bearer , priority 0 [ 209.329025][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 209.338206][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.338969][ T7737] syzkaller0: MTU too low for tipc bearer [ 209.357745][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 209.367000][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.381900][ T7712] Dev loop6: unable to read RDB block 0 [ 209.395372][ T7712] loop6: unable to read partition table [ 209.413064][ T7712] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 209.422237][ T7737] tipc: Disabling bearer [ 209.439642][ T5210] ldm_validate_partition_table(): Disk read failed. [ 209.447146][ T5210] Dev loop6: unable to read RDB block 0 [ 209.459193][ T5210] loop6: unable to read partition table [ 209.779545][ T7746] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 209.939112][ T7746] SELinux: failed to load policy [ 210.834398][ T7753] vlan2: entered allmulticast mode [ 210.844334][ T7753] bond0: entered allmulticast mode [ 210.868332][ T7753] bond_slave_0: entered allmulticast mode [ 210.889903][ T7753] bond_slave_1: entered allmulticast mode [ 210.923403][ T7753] bond0: left allmulticast mode [ 210.936694][ T7753] bond_slave_0: left allmulticast mode [ 210.953690][ T7753] bond_slave_1: left allmulticast mode [ 211.080454][ T29] audit: type=1400 audit(1732624195.348:429): avc: denied { setopt } for pid=7741 comm="syz.4.482" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 212.032974][ T7763] netlink: 'syz.2.486': attribute type 13 has an invalid length. [ 212.623404][ T7768] netlink: 'syz.3.489': attribute type 4 has an invalid length. [ 212.656621][ T29] audit: type=1800 audit(1732624196.928:430): pid=7768 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.489" name="/" dev="9p" ino=2 res=0 errno=0 [ 212.677991][ T7768] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=7768 comm=syz.3.489 [ 213.983249][ T7782] netlink: 'syz.3.491': attribute type 13 has an invalid length. [ 215.304839][ T7788] No control pipe specified [ 215.462144][ T29] audit: type=1400 audit(1732624199.738:431): avc: denied { write } for pid=7791 comm="syz.1.494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 215.486412][ T29] audit: type=1400 audit(1732624199.758:432): avc: denied { map } for pid=7791 comm="syz.1.494" path="socket:[15235]" dev="sockfs" ino=15235 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 215.958317][ T7800] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 215.968390][ T7800] SELinux: failed to load policy [ 219.483186][ T29] audit: type=1400 audit(1732624203.738:433): avc: denied { bind } for pid=7803 comm="syz.1.500" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 219.949992][ T29] audit: type=1400 audit(1732624203.738:434): avc: denied { listen } for pid=7803 comm="syz.1.500" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 220.005089][ T29] audit: type=1400 audit(1732624203.738:435): avc: denied { accept } for pid=7803 comm="syz.1.500" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 220.796889][ T7841] netlink: 12 bytes leftover after parsing attributes in process `syz.2.503'. [ 220.818662][ T7837] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 220.850933][ T7837] SELinux: failed to load policy [ 220.883091][ T7844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.505'. [ 222.757584][ T7866] FAULT_INJECTION: forcing a failure. [ 222.757584][ T7866] name failslab, interval 1, probability 0, space 0, times 0 [ 222.837677][ T7866] CPU: 0 UID: 0 PID: 7866 Comm: syz.0.510 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 222.847954][ T7866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 222.858359][ T7866] Call Trace: [ 222.861640][ T7866] [ 222.864573][ T7866] dump_stack_lvl+0x16c/0x1f0 [ 222.869265][ T7866] should_fail_ex+0x497/0x5b0 [ 222.873956][ T7866] ? fs_reclaim_acquire+0xae/0x150 [ 222.879077][ T7866] should_failslab+0xc2/0x120 [ 222.883771][ T7866] __kmalloc_noprof+0xcb/0x510 [ 222.888549][ T7866] ? d_absolute_path+0x137/0x1b0 [ 222.893503][ T7866] ? rcu_is_watching+0x12/0xc0 [ 222.898293][ T7866] tomoyo_encode2+0x100/0x3e0 [ 222.902988][ T7866] tomoyo_encode+0x29/0x50 [ 222.907415][ T7866] tomoyo_realpath_from_path+0x19d/0x720 [ 222.913066][ T7866] tomoyo_path_number_perm+0x248/0x590 [ 222.918527][ T7866] ? tomoyo_path_number_perm+0x235/0x590 [ 222.924154][ T7866] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 222.930172][ T7866] ? __pfx_lock_release+0x10/0x10 [ 222.935206][ T7866] ? trace_lock_acquire+0x146/0x1e0 [ 222.940422][ T7866] ? lock_acquire+0x2f/0xb0 [ 222.944934][ T7866] ? __fget_files+0x40/0x3a0 [ 222.949540][ T7866] ? __fget_files+0x206/0x3a0 [ 222.954230][ T7866] security_file_ioctl+0x9b/0x240 [ 222.959265][ T7866] __x64_sys_ioctl+0xb7/0x200 [ 222.963958][ T7866] do_syscall_64+0xcd/0x250 [ 222.968479][ T7866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.974384][ T7866] RIP: 0033:0x7f2492f7e819 [ 222.978808][ T7866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.998425][ T7866] RSP: 002b:00007f2490df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 223.006849][ T7866] RAX: ffffffffffffffda RBX: 00007f2493135fa0 RCX: 00007f2492f7e819 [ 223.014827][ T7866] RDX: 0000000020000200 RSI: 00000000400454ca RDI: 0000000000000003 [ 223.022802][ T7866] RBP: 00007f2490df6090 R08: 0000000000000000 R09: 0000000000000000 [ 223.030778][ T7866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.038758][ T7866] R13: 0000000000000000 R14: 00007f2493135fa0 R15: 00007ffcf3ec51d8 [ 223.046753][ T7866] [ 223.341214][ T7878] netlink: 'syz.3.509': attribute type 13 has an invalid length. [ 223.461035][ T7866] ERROR: Out of memory at tomoyo_realpath_from_path. [ 227.337253][ T7916] netlink: 8 bytes leftover after parsing attributes in process `syz.0.520'. [ 227.890761][ T5884] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 228.058332][ T5884] usb 3-1: Using ep0 maxpacket: 32 [ 228.072907][ T5884] usb 3-1: config index 0 descriptor too short (expected 32410, got 154) [ 228.086856][ T5884] usb 3-1: config 1 has too many interfaces: 39, using maximum allowed: 32 [ 228.110884][ T5884] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 228.140230][ T5884] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 39 [ 228.157103][ T5884] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 228.168657][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.181269][ T5884] usb 3-1: Product: syz [ 228.185452][ T5884] usb 3-1: Manufacturer: syz [ 228.190067][ T5884] usb 3-1: SerialNumber: syz [ 228.251089][ T5883] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 228.265528][ T7927] netlink: 12 bytes leftover after parsing attributes in process `syz.4.524'. [ 228.471284][ T5884] usb 3-1: Audio class v2/v3 interfaces need an interface association [ 228.521080][ T5883] usb 1-1: Using ep0 maxpacket: 8 [ 228.533083][ T5883] usb 1-1: config 0 has an invalid interface number: 123 but max is 0 [ 228.541555][ T5883] usb 1-1: config 0 has no interface number 0 [ 228.547763][ T5883] usb 1-1: config 0 interface 123 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 228.592557][ T7930] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 228.602168][ T7930] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 228.672618][ T7931] netlink: 244 bytes leftover after parsing attributes in process `syz.1.526'. [ 228.813397][ T5883] usb 1-1: config 0 interface 123 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 228.988130][ T5884] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 229.004850][ T5883] usb 1-1: New USB device found, idVendor=0499, idProduct=5004, bcdDevice=48.66 [ 229.039184][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.054873][ T5884] usb 3-1: USB disconnect, device number 14 [ 229.066207][ T5980] udevd[5980]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 229.066690][ T5883] usb 1-1: Product: syz [ 229.170240][ T5883] usb 1-1: Manufacturer: syz [ 229.176155][ T5883] usb 1-1: SerialNumber: syz [ 229.191383][ T5883] usb 1-1: config 0 descriptor?? [ 229.208908][ T5883] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 229.495098][ T5883] snd-usb-audio 1-1:0.123: probe with driver snd-usb-audio failed with error -2 [ 230.248684][ T5883] usb 1-1: USB disconnect, device number 16 [ 230.296224][ T5980] udevd[5980]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.123/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 230.318180][ T29] audit: type=1400 audit(1732624214.588:436): avc: denied { read append } for pid=7942 comm="syz.3.529" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 230.342571][ C1] vkms_vblank_simulate: vblank timer overrun [ 230.358471][ T7943] fuse: Unknown parameter 'g' [ 231.010790][ T29] audit: type=1400 audit(1732624214.588:437): avc: denied { open } for pid=7942 comm="syz.3.529" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 232.531325][ T5883] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 232.570058][ T29] audit: type=1400 audit(1732624216.798:438): avc: denied { mount } for pid=7966 comm="syz.4.536" name="/" dev="hugetlbfs" ino=16648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 232.600594][ T8] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 232.644454][ T5149] Bluetooth: hci5: sending frame failed (-49) [ 232.652894][ T5840] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 232.680667][ T5883] usb 4-1: Using ep0 maxpacket: 32 [ 232.694176][ T5883] usb 4-1: config 9 has an invalid interface number: 150 but max is 2 [ 232.750626][ T5883] usb 4-1: config 9 has an invalid interface number: 235 but max is 2 [ 232.760628][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 232.793088][ T8] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 232.822509][ T5883] usb 4-1: config 9 has an invalid interface number: 144 but max is 2 [ 232.831628][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.860332][ T5883] usb 4-1: config 9 has no interface number 0 [ 232.865775][ T29] audit: type=1400 audit(1732624217.128:439): avc: denied { unmount } for pid=5838 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 232.873358][ T8] usb 2-1: Product: syz [ 232.891443][ T5883] usb 4-1: config 9 has no interface number 1 [ 232.897286][ T7972] FAULT_INJECTION: forcing a failure. [ 232.897286][ T7972] name failslab, interval 1, probability 0, space 0, times 0 [ 232.897510][ T5883] usb 4-1: config 9 has no interface number 2 [ 232.916423][ T8] usb 2-1: Manufacturer: syz [ 232.921133][ T8] usb 2-1: SerialNumber: syz [ 232.926543][ T5883] usb 4-1: config 9 interface 150 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 232.937496][ T5883] usb 4-1: config 9 interface 150 altsetting 7 endpoint 0x3 has an invalid bInterval 85, changing to 7 [ 232.948597][ T5883] usb 4-1: config 9 interface 150 altsetting 7 endpoint 0xF has invalid maxpacket 512, setting to 64 [ 232.958514][ T7972] CPU: 1 UID: 0 PID: 7972 Comm: syz.0.538 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 232.959597][ T5883] usb 4-1: config 9 interface 150 altsetting 7 endpoint 0x7 has invalid maxpacket 447, setting to 64 [ 232.969649][ T7972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 232.969663][ T7972] Call Trace: [ 232.969670][ T7972] [ 232.969678][ T7972] dump_stack_lvl+0x16c/0x1f0 [ 232.969707][ T7972] should_fail_ex+0x497/0x5b0 [ 232.969734][ T7972] ? fs_reclaim_acquire+0xae/0x150 [ 232.980626][ T5883] usb 4-1: config 9 interface 150 altsetting 7 has a duplicate endpoint with address 0x8, skipping [ 232.990582][ T7972] should_failslab+0xc2/0x120 [ 232.990609][ T7972] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 232.993880][ T5883] usb 4-1: config 9 interface 144 altsetting 8 has a duplicate endpoint with address 0xF, skipping [ 232.996770][ T7972] ? __alloc_skb+0x2b1/0x380 [ 233.001489][ T5883] usb 4-1: config 9 interface 144 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 233.006061][ T7972] __alloc_skb+0x2b1/0x380 [ 233.011204][ T5883] usb 4-1: config 9 interface 144 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 233.021768][ T7972] ? __pfx___alloc_skb+0x10/0x10 [ 233.021800][ T7972] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 233.026459][ T5883] usb 4-1: config 9 interface 144 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 233.032229][ T7972] netlink_alloc_large_skb+0x69/0x130 [ 233.032257][ T7972] netlink_sendmsg+0x689/0xd70 [ 233.032286][ T7972] ? __pfx_netlink_sendmsg+0x10/0x10 [ 233.042986][ T5883] usb 4-1: config 9 interface 144 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 233.047483][ T7972] ____sys_sendmsg+0xaaf/0xc90 [ 233.058317][ T5883] usb 4-1: config 9 interface 144 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 233.062666][ T7972] ? copy_msghdr_from_user+0x10b/0x160 [ 233.062696][ T7972] ? __pfx_____sys_sendmsg+0x10/0x10 [ 233.073382][ T5883] usb 4-1: config 9 interface 150 has no altsetting 0 [ 233.078256][ T7972] ___sys_sendmsg+0x135/0x1e0 [ 233.084326][ T5883] usb 4-1: config 9 interface 235 has no altsetting 0 [ 233.094923][ T7972] ? __pfx____sys_sendmsg+0x10/0x10 [ 233.100284][ T5883] usb 4-1: config 9 interface 144 has no altsetting 0 [ 233.105030][ T7972] ? __pfx_lock_release+0x10/0x10 [ 233.105053][ T7972] ? trace_lock_acquire+0x146/0x1e0 [ 233.105088][ T7972] ? __fget_files+0x206/0x3a0 [ 233.192203][ T7972] __sys_sendmsg+0x16e/0x220 [ 233.196788][ T7972] ? __pfx___sys_sendmsg+0x10/0x10 [ 233.201900][ T7972] do_syscall_64+0xcd/0x250 [ 233.206400][ T7972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.212282][ T7972] RIP: 0033:0x7f2492f7e819 [ 233.216686][ T7972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.236296][ T7972] RSP: 002b:00007f2490df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 233.244702][ T7972] RAX: ffffffffffffffda RBX: 00007f2493135fa0 RCX: 00007f2492f7e819 [ 233.252664][ T7972] RDX: 0000000004040800 RSI: 0000000020000580 RDI: 0000000000000003 [ 233.260634][ T7972] RBP: 00007f2490df6090 R08: 0000000000000000 R09: 0000000000000000 [ 233.268594][ T7972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.276562][ T7972] R13: 0000000000000000 R14: 00007f2493135fa0 R15: 00007ffcf3ec51d8 [ 233.284548][ T7972] [ 233.287673][ C1] vkms_vblank_simulate: vblank timer overrun [ 233.297275][ T8] usb 2-1: config 0 descriptor?? [ 233.329045][ T7974] FAULT_INJECTION: forcing a failure. [ 233.329045][ T7974] name failslab, interval 1, probability 0, space 0, times 0 [ 233.351870][ T7974] CPU: 1 UID: 0 PID: 7974 Comm: syz.4.539 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 233.356460][ T5883] usb 4-1: Dual-Role OTG device on HNP port [ 233.362126][ T7974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 233.362140][ T7974] Call Trace: [ 233.362146][ T7974] [ 233.362155][ T7974] dump_stack_lvl+0x16c/0x1f0 [ 233.362185][ T7974] should_fail_ex+0x497/0x5b0 [ 233.378805][ T5883] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=11.99 [ 233.381356][ T7974] ? fs_reclaim_acquire+0xae/0x150 [ 233.381383][ T7974] should_failslab+0xc2/0x120 [ 233.381408][ T7974] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 233.381432][ T7974] ? __alloc_skb+0x2b1/0x380 [ 233.381464][ T7974] __alloc_skb+0x2b1/0x380 [ 233.381491][ T7974] ? __pfx___alloc_skb+0x10/0x10 [ 233.381519][ T7974] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 233.381549][ T7974] netlink_alloc_large_skb+0x69/0x130 [ 233.384519][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.389121][ T7974] netlink_sendmsg+0x689/0xd70 [ 233.389150][ T7974] ? __pfx_netlink_sendmsg+0x10/0x10 [ 233.389182][ T7974] ____sys_sendmsg+0xaaf/0xc90 [ 233.389203][ T7974] ? copy_msghdr_from_user+0x10b/0x160 [ 233.389228][ T7974] ? __pfx_____sys_sendmsg+0x10/0x10 [ 233.389260][ T7974] ___sys_sendmsg+0x135/0x1e0 [ 233.389280][ T7974] ? __pfx____sys_sendmsg+0x10/0x10 [ 233.389317][ T7974] ? __pfx_lock_release+0x10/0x10 [ 233.389336][ T7974] ? trace_lock_acquire+0x146/0x1e0 [ 233.389369][ T7974] ? __fget_files+0x206/0x3a0 [ 233.389396][ T7974] __sys_sendmsg+0x16e/0x220 [ 233.389414][ T7974] ? __pfx___sys_sendmsg+0x10/0x10 [ 233.389446][ T7974] do_syscall_64+0xcd/0x250 [ 233.394476][ T5883] usb 4-1: Product: 湳˰ã‰è»œâ¬ï§‰îì¶éˆ‡ê’¯â‘§â ‹à¨ªî’©áƒ¡æ¢‘閞䣊໫馣癕䓛ᰟê˜ïœ‹ë‘ŒëŠè¥¹á“ [ 233.403098][ T7974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.403126][ T7974] RIP: 0033:0x7fc9f1b7e819 [ 233.403143][ T7974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.403159][ T7974] RSP: 002b:00007fc9ef9f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 233.403178][ T7974] RAX: ffffffffffffffda RBX: 00007fc9f1d35fa0 RCX: 00007fc9f1b7e819 [ 233.403193][ T7974] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 233.403206][ T7974] RBP: 00007fc9ef9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 233.408306][ T5883] usb 4-1: Manufacturer: ﳿ [ 233.412928][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.412941][ T7974] R13: 0000000000000000 R14: 00007fc9f1d35fa0 R15: 00007ffe141e2f88 [ 233.412967][ T7974] [ 233.412984][ C1] vkms_vblank_simulate: vblank timer overrun [ 233.419228][ T29] audit: type=1400 audit(1732624217.688:440): avc: denied { write } for pid=5192 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 233.423480][ T5883] usb 4-1: SerialNumber:  [ 233.547879][ T7976] netlink: 24 bytes leftover after parsing attributes in process `syz.0.540'. [ 233.566153][ T29] audit: type=1400 audit(1732624217.688:441): avc: denied { remove_name } for pid=5192 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 233.696049][ T29] audit: type=1400 audit(1732624217.688:442): avc: denied { add_name } for pid=5192 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 233.725972][ T8] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 234.017746][ T29] audit: type=1400 audit(1732624218.278:443): avc: denied { create } for pid=7961 comm="syz.1.535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 234.033642][ T5883] usb 4-1: USB disconnect, device number 10 [ 234.132300][ T7983] netlink: 'syz.4.541': attribute type 13 has an invalid length. [ 234.652911][ T8] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 234.653722][ T7962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.679249][ T7962] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.710277][ T29] audit: type=1400 audit(1732624218.978:444): avc: denied { read } for pid=7981 comm="syz.2.542" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 234.825890][ T29] audit: type=1400 audit(1732624218.978:445): avc: denied { open } for pid=7981 comm="syz.2.542" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 235.799733][ T5884] usb 2-1: USB disconnect, device number 11 [ 236.473709][ T8011] netlink: 8 bytes leftover after parsing attributes in process `syz.3.548'. [ 237.115566][ T8023] netlink: 8 bytes leftover after parsing attributes in process `syz.0.550'. [ 237.894119][ T8036] netlink: 12 bytes leftover after parsing attributes in process `syz.1.547'. [ 238.692094][ T8041] netlink: 'syz.2.554': attribute type 4 has an invalid length. [ 238.808543][ T8044] netlink: 'syz.2.554': attribute type 8 has an invalid length. [ 238.836859][ T8044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.554'. [ 238.965783][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 238.965799][ T29] audit: type=1800 audit(1732624223.228:447): pid=8041 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.554" name="/" dev="9p" ino=2 res=0 errno=0 [ 239.376194][ T8050] netlink: 'syz.0.556': attribute type 13 has an invalid length. [ 239.941432][ T966] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 240.748651][ T5883] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 240.756815][ T966] usb 5-1: Using ep0 maxpacket: 8 [ 240.764549][ T966] usb 5-1: config index 0 descriptor too short (expected 6427, got 27) [ 240.778700][ T966] usb 5-1: config 0 has an invalid interface number: 21 but max is 0 [ 240.787108][ T966] usb 5-1: config 0 has no interface number 0 [ 240.793519][ T966] usb 5-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 240.805772][ T966] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 240.817169][ T966] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 240.829401][ T966] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 240.839335][ T966] usb 5-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0 [ 240.849961][ T966] usb 5-1: Product: syz [ 240.906137][ T966] usb 5-1: Manufacturer: syz [ 240.910967][ T5883] usb 3-1: Using ep0 maxpacket: 8 [ 240.919667][ T5883] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 240.941864][ T5883] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.957845][ T966] usb 5-1: config 0 descriptor?? [ 240.975103][ T5883] usb 3-1: config 0 descriptor?? [ 241.007139][ T8058] vivid-002: disconnect [ 241.037705][ T8058] netlink: 'syz.1.560': attribute type 1 has an invalid length. [ 241.046037][ T8058] netlink: 'syz.1.560': attribute type 2 has an invalid length. [ 241.603277][ T966] usb 5-1: USB disconnect, device number 10 [ 241.625872][ T5883] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 241.637081][ T5883] asix 3-1:0.0: probe with driver asix failed with error -32 [ 242.438792][ T8057] vivid-002: reconnect [ 243.440666][ T25] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 243.478069][ T8091] netlink: 'syz.0.564': attribute type 13 has an invalid length. [ 244.061119][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 244.069833][ T25] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 244.082289][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.098777][ T25] usb 2-1: Product: syz [ 244.107996][ T25] usb 2-1: Manufacturer: syz [ 244.117922][ T25] usb 2-1: SerialNumber: syz [ 244.129772][ T25] usb 2-1: config 0 descriptor?? [ 244.234695][ T5884] usb 3-1: USB disconnect, device number 15 [ 244.276653][ T8094] netlink: 12 bytes leftover after parsing attributes in process `syz.3.569'. [ 244.292540][ T8095] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 244.350249][ T25] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 244.378892][ T8095] SELinux: failed to load policy [ 244.582060][ T8097] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 244.648372][ T8097] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 244.676099][ T8097] bond0 (unregistering): Released all slaves [ 244.878267][ T8101] overlayfs: missing 'lowerdir' [ 245.356289][ T8081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 245.624874][ T8081] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 246.841926][ T25] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 246.928615][ T25] usb 2-1: USB disconnect, device number 12 [ 247.208180][ T8114] netlink: 'syz.3.575': attribute type 4 has an invalid length. [ 247.233806][ T8116] vivid-004: disconnect [ 247.300334][ T8117] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 247.310540][ T8117] SELinux: failed to load policy [ 248.087739][ T8116] netlink: 'syz.2.576': attribute type 1 has an invalid length. [ 248.210652][ T8119] netlink: 'syz.3.575': attribute type 8 has an invalid length. [ 248.421928][ T29] audit: type=1800 audit(1732624232.688:448): pid=8114 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.575" name="/" dev="9p" ino=2 res=0 errno=0 [ 248.569980][ T8119] netlink: 8 bytes leftover after parsing attributes in process `syz.3.575'. [ 248.634054][ T8116] netlink: 'syz.2.576': attribute type 2 has an invalid length. [ 249.888685][ T8144] netlink: 48 bytes leftover after parsing attributes in process `syz.4.581'. [ 249.990303][ T8146] program syz.0.582 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 250.727141][ T8144] 9pnet_fd: Insufficient options for proto=fd [ 250.767278][ T8118] vivid-004: reconnect [ 252.009052][ T8169] netlink: 12 bytes leftover after parsing attributes in process `syz.2.585'. [ 252.276685][ T8173] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 252.286958][ T8173] SELinux: failed to load policy [ 253.301276][ T8178] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 253.316108][ T8178] SELinux: failed to load policy [ 253.599501][ T29] audit: type=1400 audit(1732624237.868:449): avc: denied { name_bind } for pid=8179 comm="syz.0.591" src=32 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 253.638270][ T29] audit: type=1400 audit(1732624237.898:450): avc: denied { node_bind } for pid=8179 comm="syz.0.591" src=32 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 253.814309][ T8182] netlink: 8 bytes leftover after parsing attributes in process `syz.1.589'. [ 255.592479][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.742290][ T8186] FAULT_INJECTION: forcing a failure. [ 256.742290][ T8186] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 256.766222][ T8186] CPU: 1 UID: 0 PID: 8186 Comm: syz.2.592 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 256.776497][ T8186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 256.786550][ T8186] Call Trace: [ 256.789818][ T8186] [ 256.792745][ T8186] dump_stack_lvl+0x16c/0x1f0 [ 256.797422][ T8186] should_fail_ex+0x497/0x5b0 [ 256.802099][ T8186] _copy_from_user+0x2e/0xd0 [ 256.806686][ T8186] get_user_ifreq+0xf1/0x250 [ 256.811268][ T8186] sock_do_ioctl+0x16c/0x280 [ 256.815849][ T8186] ? __pfx_sock_do_ioctl+0x10/0x10 [ 256.820957][ T8186] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 256.827456][ T8186] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 256.833955][ T8186] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 256.840806][ T8186] sock_ioctl+0x228/0x6c0 [ 256.845129][ T8186] ? __pfx_sock_ioctl+0x10/0x10 [ 256.849979][ T8186] ? selinux_file_ioctl+0x180/0x270 [ 256.855169][ T8186] ? selinux_file_ioctl+0xb4/0x270 [ 256.860274][ T8186] ? __pfx_sock_ioctl+0x10/0x10 [ 256.865118][ T8186] __x64_sys_ioctl+0x190/0x200 [ 256.869876][ T8186] do_syscall_64+0xcd/0x250 [ 256.874373][ T8186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.880259][ T8186] RIP: 0033:0x7f4fb9b7e819 [ 256.884662][ T8186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.904258][ T8186] RSP: 002b:00007f4fba935038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 256.912660][ T8186] RAX: ffffffffffffffda RBX: 00007f4fb9d35fa0 RCX: 00007f4fb9b7e819 [ 256.920622][ T8186] RDX: 0000000020000100 RSI: 0000000000008914 RDI: 0000000000000006 [ 256.928581][ T8186] RBP: 00007f4fba935090 R08: 0000000000000000 R09: 0000000000000000 [ 256.936623][ T8186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.944582][ T8186] R13: 0000000000000000 R14: 00007f4fb9d35fa0 R15: 00007fffb13b1d58 [ 256.952552][ T8186] [ 257.165019][ T8194] vivid-008: disconnect [ 257.171587][ T8194] netlink: 'syz.4.595': attribute type 1 has an invalid length. [ 257.179250][ T8194] netlink: 'syz.4.595': attribute type 2 has an invalid length. [ 257.306868][ T25] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 257.895832][ T8197] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 257.912186][ T8197] audit: out of memory in audit_log_start [ 258.010168][ T8199] netlink: 'syz.2.597': attribute type 4 has an invalid length. [ 258.041561][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 258.065937][ T8190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 258.098467][ T8190] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 258.145855][ T1031] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.179419][ T25] usb 4-1: unable to get BOS descriptor or descriptor too short [ 258.180841][ T8189] vivid-008: reconnect [ 258.215036][ T25] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 258.237257][ T25] usb 4-1: can't read configurations, error -71 [ 258.266551][ T8206] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=8206 comm=syz.2.597 [ 258.522402][ T8210] netlink: 36 bytes leftover after parsing attributes in process `syz.2.597'. [ 258.995307][ T29] audit: type=1800 audit(1732624243.268:451): pid=8199 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.597" name="/" dev="9p" ino=2 res=0 errno=0 [ 259.368391][ T29] audit: type=1400 audit(1732624243.638:452): avc: denied { module_request } for pid=8214 comm="syz.4.602" kmod="net-pf-10-proto-8-type-2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 259.453284][ T8223] Bluetooth: MGMT ver 1.23 [ 260.766847][ T8235] netlink: 8 bytes leftover after parsing attributes in process `syz.0.605'. [ 261.370528][ T8239] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 261.380604][ T8239] SELinux: failed to load policy [ 263.134119][ T8251] vivid-006: disconnect [ 263.139629][ T8251] netlink: 'syz.3.612': attribute type 1 has an invalid length. [ 263.157924][ T8251] netlink: 'syz.3.612': attribute type 2 has an invalid length. [ 263.297437][ T8261] FAULT_INJECTION: forcing a failure. [ 263.297437][ T8261] name failslab, interval 1, probability 0, space 0, times 0 [ 263.310380][ T8261] CPU: 1 UID: 0 PID: 8261 Comm: syz.4.614 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 263.320624][ T8261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 263.330683][ T8261] Call Trace: [ 263.333963][ T8261] [ 263.336892][ T8261] dump_stack_lvl+0x16c/0x1f0 [ 263.341590][ T8261] should_fail_ex+0x497/0x5b0 [ 263.346277][ T8261] ? fs_reclaim_acquire+0xae/0x150 [ 263.351399][ T8261] should_failslab+0xc2/0x120 [ 263.356083][ T8261] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 263.361812][ T8261] ? __d_alloc+0x31/0xaa0 [ 263.366150][ T8261] __d_alloc+0x31/0xaa0 [ 263.370315][ T8261] d_alloc+0x4a/0x1e0 [ 263.374306][ T8261] d_alloc_parallel+0xe9/0x12b0 [ 263.379173][ T8261] ? trace_lock_acquire+0x146/0x1e0 [ 263.384386][ T8261] ? __pfx_d_alloc_parallel+0x10/0x10 [ 263.389770][ T8261] ? lockdep_init_map_type+0x16d/0x7d0 [ 263.395232][ T8261] ? lock_acquire.part.0+0x11b/0x380 [ 263.400522][ T8261] ? lockdep_init_map_type+0x16d/0x7d0 [ 263.405996][ T8261] __lookup_slow+0x194/0x460 [ 263.410598][ T8261] ? __pfx___lookup_slow+0x10/0x10 [ 263.415722][ T8261] ? walk_component+0x342/0x5b0 [ 263.420595][ T8261] ? lookup_fast+0x155/0x540 [ 263.425198][ T8261] walk_component+0x350/0x5b0 [ 263.429888][ T8261] path_lookupat+0x17f/0x770 [ 263.434487][ T8261] filename_lookup+0x221/0x5f0 [ 263.439253][ T8261] ? __virt_addr_valid+0x2b4/0x590 [ 263.444374][ T8261] ? __pfx_filename_lookup+0x10/0x10 [ 263.449689][ T8261] ? getname_flags.part.0+0x1c5/0x550 [ 263.455076][ T8261] user_path_at+0x3a/0x60 [ 263.459407][ T8261] do_fchownat+0xfa/0x200 [ 263.463743][ T8261] ? __pfx_do_fchownat+0x10/0x10 [ 263.468684][ T8261] ? ksys_write+0x1ba/0x250 [ 263.473193][ T8261] ? __pfx_ksys_write+0x10/0x10 [ 263.478049][ T8261] __x64_sys_lchown+0x7e/0xc0 [ 263.482729][ T8261] ? lockdep_hardirqs_on+0x7c/0x110 [ 263.487936][ T8261] do_syscall_64+0xcd/0x250 [ 263.492449][ T8261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.498351][ T8261] RIP: 0033:0x7fc9f1b7e819 [ 263.502777][ T8261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.522405][ T8261] RSP: 002b:00007fc9ef9b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 263.530826][ T8261] RAX: ffffffffffffffda RBX: 00007fc9f1d36160 RCX: 00007fc9f1b7e819 [ 263.538796][ T8261] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 263.546767][ T8261] RBP: 00007fc9ef9b4090 R08: 0000000000000000 R09: 0000000000000000 [ 263.554738][ T8261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 263.562710][ T8261] R13: 0000000000000000 R14: 00007fc9f1d36160 R15: 00007ffe141e2f88 [ 263.570696][ T8261] [ 263.604273][ T8259] program syz.2.610 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 263.637062][ T8263] overlay: ./file0 is not a directory [ 263.730907][ T966] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 263.890928][ T966] usb 1-1: Using ep0 maxpacket: 32 [ 263.938803][ T966] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=e2.de [ 263.948094][ T966] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.970776][ T966] usb 1-1: Product: syz [ 263.974975][ T966] usb 1-1: Manufacturer: syz [ 264.547391][ T966] usb 1-1: SerialNumber: syz [ 264.557385][ T8250] vivid-006: reconnect [ 264.562724][ T966] usb 1-1: config 0 descriptor?? [ 264.572339][ T966] CoreChips 1-1:0.0: probe with driver CoreChips failed with error -22 [ 264.809667][ T8257] netlink: 216 bytes leftover after parsing attributes in process `syz.0.613'. [ 264.869930][ T8278] netlink: 4 bytes leftover after parsing attributes in process `syz.0.613'. [ 265.059182][ T8282] netlink: 8 bytes leftover after parsing attributes in process `syz.4.617'. [ 265.775305][ T8286] netlink: 8 bytes leftover after parsing attributes in process `syz.2.619'. [ 266.041156][ T966] usb 1-1: USB disconnect, device number 17 [ 266.210654][ T8288] netlink: 'syz.4.621': attribute type 4 has an invalid length. [ 266.849786][ T8292] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=8292 comm=syz.4.621 [ 266.943680][ T8288] netlink: 36 bytes leftover after parsing attributes in process `syz.4.621'. [ 267.569354][ T8273] netlink: 8 bytes leftover after parsing attributes in process `syz.1.620'. [ 267.906926][ T8307] QAT: Invalid ioctl 1074554389 [ 269.845030][ T966] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 270.650683][ T966] usb 5-1: Using ep0 maxpacket: 16 [ 270.733872][ T966] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 270.755786][ T966] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.772622][ T966] usb 5-1: config 0 interface 0 has no altsetting 0 [ 270.846891][ T8335] netlink: 'syz.2.631': attribute type 13 has an invalid length. [ 270.893729][ T1529] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 271.130706][ T1529] usb 2-1: Using ep0 maxpacket: 32 [ 271.146349][ T1529] usb 2-1: config index 0 descriptor too short (expected 32410, got 154) [ 271.254984][ T966] usb 5-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 271.265230][ T1529] usb 2-1: config 1 has too many interfaces: 39, using maximum allowed: 32 [ 271.265239][ T966] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.276005][ T966] usb 5-1: config 0 descriptor?? [ 271.299217][ T1529] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 271.309933][ T1529] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 39 [ 271.399194][ T966] usbhid 5-1:0.0: can't add hid device: -71 [ 271.405383][ T1529] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 271.421087][ T1529] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.425117][ T966] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 271.460210][ T1529] usb 2-1: Product: syz [ 271.485166][ T1529] usb 2-1: Manufacturer: syz [ 271.503024][ T966] usb 5-1: USB disconnect, device number 11 [ 271.509614][ T1529] usb 2-1: SerialNumber: syz [ 272.150416][ T1529] usb 2-1: Audio class v2/v3 interfaces need an interface association [ 272.201070][ T1529] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 272.367538][ T966] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 272.401300][ T1529] usb 2-1: USB disconnect, device number 13 [ 272.798702][ T5980] udevd[5980]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 273.133011][ T966] usb 5-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 273.146308][ T966] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.175866][ T966] usb 5-1: config 0 descriptor?? [ 274.516967][ T966] hackrf 5-1:0.0: Board ID: 00 [ 274.522315][ T966] hackrf 5-1:0.0: Firmware version: [ 274.530650][ T966] hackrf 5-1:0.0: Registered as swradio24 [ 274.536401][ T966] videodev: could not get a free minor [ 274.542168][ T966] hackrf 5-1:0.0: Failed to register as video device (-23) [ 274.687386][ T966] hackrf 5-1:0.0: probe with driver hackrf failed with error -23 [ 275.470561][ T966] usb 5-1: USB disconnect, device number 12 [ 275.688416][ T8375] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 275.702840][ T8375] FAULT_INJECTION: forcing a failure. [ 275.702840][ T8375] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 275.715992][ T8375] CPU: 0 UID: 0 PID: 8375 Comm: syz.0.643 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 275.726234][ T8375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 275.736285][ T8375] Call Trace: [ 275.739561][ T8375] [ 275.742490][ T8375] dump_stack_lvl+0x16c/0x1f0 [ 275.747175][ T8375] should_fail_ex+0x497/0x5b0 [ 275.751870][ T8375] _copy_from_user+0x2e/0xd0 [ 275.756480][ T8375] iommufd_fops_ioctl+0x302/0x4f0 [ 275.761510][ T8375] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 275.767053][ T8375] ? __pfx_lock_release+0x10/0x10 [ 275.772178][ T8375] ? selinux_file_ioctl+0x180/0x270 [ 275.777383][ T8375] ? selinux_file_ioctl+0xb4/0x270 [ 275.782500][ T8375] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 275.788051][ T8375] __x64_sys_ioctl+0x190/0x200 [ 275.792828][ T8375] do_syscall_64+0xcd/0x250 [ 275.797339][ T8375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.803243][ T8375] RIP: 0033:0x7f2492f7e819 [ 275.807656][ T8375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 275.827266][ T8375] RSP: 002b:00007f2490db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 275.835682][ T8375] RAX: ffffffffffffffda RBX: 00007f2493136160 RCX: 00007f2492f7e819 [ 275.843652][ T8375] RDX: 0000000020000080 RSI: 0000000000003b85 RDI: 0000000000000005 [ 275.851620][ T8375] RBP: 00007f2490db4090 R08: 0000000000000000 R09: 0000000000000000 [ 275.859588][ T8375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 275.867644][ T8375] R13: 0000000000000000 R14: 00007f2493136160 R15: 00007ffcf3ec51d8 [ 275.875649][ T8375] [ 277.246223][ T8381] IPVS: Scheduler module ip_vs_ not found [ 278.320806][ T5883] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 278.490712][ T5883] usb 1-1: Using ep0 maxpacket: 32 [ 278.528512][ T5883] usb 1-1: config index 0 descriptor too short (expected 32410, got 154) [ 278.625067][ T5883] usb 1-1: config 1 has too many interfaces: 39, using maximum allowed: 32 [ 278.649010][ T5883] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 278.664228][ T5883] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 39 [ 278.677503][ T5883] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 278.691640][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.699673][ T5883] usb 1-1: Product: syz [ 278.705619][ T5883] usb 1-1: Manufacturer: syz [ 278.710250][ T5883] usb 1-1: SerialNumber: syz [ 278.927135][ T5883] usb 1-1: Audio class v2/v3 interfaces need an interface association [ 278.949195][ T5883] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 278.969660][ T5883] usb 1-1: USB disconnect, device number 18 [ 278.978273][ T5980] udevd[5980]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 279.070799][ T966] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 279.159835][ T8405] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 279.169819][ T8405] SELinux: failed to load policy [ 279.480901][ T966] usb 2-1: Using ep0 maxpacket: 16 [ 279.497273][ T966] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.511221][ T966] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.522753][ T966] usb 2-1: config 0 interface 0 has no altsetting 0 [ 279.529438][ T966] usb 2-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 279.538873][ T966] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.554397][ T966] usb 2-1: config 0 descriptor?? [ 279.995807][ T966] hid (null): unknown global tag 0xe [ 280.010851][ T966] hid (null): invalid report_size 9273 [ 280.034154][ T966] input: HID 0458:5013 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5013.0009/input/input18 [ 280.250767][ T5884] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 280.462000][ T5884] usb 4-1: Using ep0 maxpacket: 32 [ 280.576142][ T5884] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 280.597014][ T5884] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 280.624895][ T5884] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 280.697109][ T5884] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 59391, setting to 1024 [ 280.718542][ T5884] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 280.746921][ T5884] usb 4-1: config 0 interface 0 has no altsetting 0 [ 280.779994][ T5884] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 280.789728][ T5884] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 280.817121][ T5884] usb 4-1: Product: syz [ 280.829302][ T966] input: HID 0458:5013 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5013.0009/input/input19 [ 280.955514][ T5884] usb 4-1: Manufacturer: syz [ 280.968505][ T966] kye 0003:0458:5013.0009: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.1-1/input0 [ 280.970558][ T5884] usb 4-1: SerialNumber: syz [ 280.991851][ T966] usb 2-1: USB disconnect, device number 14 [ 281.006978][ T8419] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 281.016565][ T8419] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 281.058226][ T8421] netlink: 244 bytes leftover after parsing attributes in process `syz.0.655'. [ 281.117948][ T5884] usb 4-1: config 0 descriptor?? [ 281.140136][ T8408] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 281.153630][ T5884] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 281.228174][ T5884] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 282.211870][ T8441] netlink: 48 bytes leftover after parsing attributes in process `syz.1.660'. [ 282.247452][ T8441] 9pnet_fd: Insufficient options for proto=fd [ 282.581983][ T29] audit: type=1400 audit(1732624266.848:453): avc: denied { append } for pid=8442 comm="syz.2.661" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 282.600858][ T8449] random: crng reseeded on system resumption [ 283.402188][ T5884] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 283.500059][ T1529] usb 4-1: USB disconnect, device number 13 [ 283.536210][ T1529] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 283.576014][ T5884] usb 5-1: Using ep0 maxpacket: 32 [ 283.582699][ T5884] usb 5-1: config index 0 descriptor too short (expected 32410, got 154) [ 283.602729][ T5884] usb 5-1: config 1 has too many interfaces: 39, using maximum allowed: 32 [ 283.611703][ T5884] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 283.621881][ T5884] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 39 [ 283.633406][ T5884] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 283.709885][ T8465] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 283.719869][ T8465] SELinux: failed to load policy [ 283.826090][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.867216][ T5884] usb 5-1: Product: syz [ 284.197158][ T5884] usb 5-1: Manufacturer: syz [ 284.298886][ T5884] usb 5-1: SerialNumber: syz [ 284.751814][ T5884] usb 5-1: Audio class v2/v3 interfaces need an interface association [ 284.825608][ T5884] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 284.873294][ T5884] usb 5-1: USB disconnect, device number 13 [ 286.130759][ T8481] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 286.140559][ T8481] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 286.184615][ T8482] netlink: 244 bytes leftover after parsing attributes in process `syz.1.669'. [ 286.643396][ T5980] udevd[5980]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 287.615023][ T8498] netlink: 'syz.2.670': attribute type 13 has an invalid length. [ 289.827444][ T8510] netlink: 12 bytes leftover after parsing attributes in process `syz.1.673'. [ 291.107324][ T8517] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 291.664292][ T8517] SELinux: failed to load policy [ 292.128144][ T29] audit: type=1400 audit(1732624276.188:454): avc: denied { write } for pid=8520 comm="syz.4.679" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 292.696012][ T8533] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 292.705720][ T8533] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 292.747145][ T8537] netlink: 244 bytes leftover after parsing attributes in process `syz.3.683'. [ 292.784669][ T8539] overlayfs: missing 'workdir' [ 294.479621][ T8553] netlink: 8 bytes leftover after parsing attributes in process `syz.4.687'. [ 295.130822][ T8555] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 295.140835][ T8555] SELinux: failed to load policy [ 296.427236][ T8566] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 296.437734][ T8566] SELinux: failed to load policy [ 297.838953][ T8577] netlink: 'syz.1.694': attribute type 4 has an invalid length. [ 298.025420][ T8582] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5123 sclass=netlink_route_socket pid=8582 comm=syz.1.694 [ 298.063194][ T29] audit: type=1800 audit(1732624282.338:455): pid=8577 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.694" name="/" dev="9p" ino=2 res=0 errno=0 [ 298.078831][ T8583] netlink: 36 bytes leftover after parsing attributes in process `syz.1.694'. [ 298.341674][ T8588] fuse: Unknown parameter 'groupid' [ 299.034786][ T8602] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 299.044901][ T8602] SELinux: failed to load policy [ 300.074069][ T8610] program syz.4.703 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 300.739303][ T8615] netlink: 56 bytes leftover after parsing attributes in process `syz.0.704'. [ 302.337161][ T8626] program syz.0.706 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 303.550306][ T8639] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 303.560284][ T8639] SELinux: failed to load policy [ 308.034486][ T8660] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 308.044905][ T8660] SELinux: failed to load policy [ 311.090104][ T8683] program syz.4.720 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 311.980681][ T5883] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 312.037344][ T8691] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 312.047473][ T8691] SELinux: failed to load policy [ 313.234817][ T5883] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 313.246003][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.277286][ T5883] usb 2-1: config 0 descriptor?? [ 313.314620][ T8699] FAULT_INJECTION: forcing a failure. [ 313.314620][ T8699] name failslab, interval 1, probability 0, space 0, times 0 [ 313.327437][ T8699] CPU: 1 UID: 0 PID: 8699 Comm: syz.0.725 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 313.337692][ T8699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 313.347762][ T8699] Call Trace: [ 313.351051][ T8699] [ 313.353981][ T8699] dump_stack_lvl+0x16c/0x1f0 [ 313.358660][ T8699] should_fail_ex+0x497/0x5b0 [ 313.363337][ T8699] ? fs_reclaim_acquire+0xae/0x150 [ 313.368436][ T8699] should_failslab+0xc2/0x120 [ 313.373103][ T8699] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 313.378467][ T8699] ? mpol_new+0x11b/0x2d0 [ 313.382793][ T8699] mpol_new+0x11b/0x2d0 [ 313.386938][ T8699] do_mbind+0x219/0xea0 [ 313.391097][ T8699] ? ww_mutex_trylock+0x7b3/0xba0 [ 313.396115][ T8699] ? __pfx_do_mbind+0x10/0x10 [ 313.400783][ T8699] ? __might_fault+0xe3/0x190 [ 313.405473][ T8699] ? __pfx_get_nodes+0x10/0x10 [ 313.410229][ T8699] ? __fget_files+0x206/0x3a0 [ 313.414895][ T8699] kernel_mbind+0x1e8/0x200 [ 313.419394][ T8699] ? __pfx_kernel_mbind+0x10/0x10 [ 313.424415][ T8699] do_syscall_64+0xcd/0x250 [ 313.428913][ T8699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.434795][ T8699] RIP: 0033:0x7f2492f7e819 [ 313.439198][ T8699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.458798][ T8699] RSP: 002b:00007f2490df6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 313.467198][ T8699] RAX: ffffffffffffffda RBX: 00007f2493135fa0 RCX: 00007f2492f7e819 [ 313.475158][ T8699] RDX: 0000000000008003 RSI: 0000000000600000 RDI: 0000000020000000 [ 313.483113][ T8699] RBP: 00007f2490df6090 R08: 000000000000000b R09: 0000000000000003 [ 313.491069][ T8699] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000001 [ 313.499025][ T8699] R13: 0000000000000000 R14: 00007f2493135fa0 R15: 00007ffcf3ec51d8 [ 313.506991][ T8699] [ 314.132500][ T8697] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 314.171047][ T8687] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.223573][ T8687] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.514966][ T25] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 314.564723][ T5883] ath6kl: Failed to submit usb control message: -71 [ 314.571824][ T5883] ath6kl: unable to send the bmi data to the device: -71 [ 314.582383][ T5883] ath6kl: Unable to send get target info: -71 [ 314.585584][ T29] audit: type=1400 audit(1732624298.828:456): avc: denied { map } for pid=8705 comm="syz.4.729" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 314.612295][ C1] vkms_vblank_simulate: vblank timer overrun [ 314.753537][ T8705] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 314.768952][ T5883] ath6kl: Failed to init ath6kl core: -71 [ 314.779634][ T5883] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 314.803311][ T8712] netlink: 140 bytes leftover after parsing attributes in process `syz.0.728'. [ 314.816670][ T5883] usb 2-1: USB disconnect, device number 15 [ 314.854267][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 314.858281][ T8712] netlink: 140 bytes leftover after parsing attributes in process `syz.0.728'. [ 314.861794][ T25] usb 4-1: config 150 has an invalid interface number: 204 but max is 1 [ 314.913854][ T25] usb 4-1: config 150 has an invalid descriptor of length 0, skipping remainder of the config [ 314.926593][ T25] usb 4-1: config 150 has 1 interface, different from the descriptor's value: 2 [ 314.935714][ T25] usb 4-1: config 150 has no interface number 0 [ 314.942034][ T25] usb 4-1: config 150 interface 204 has no altsetting 0 [ 314.951552][ T25] usb 4-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 314.961191][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.969196][ T25] usb 4-1: Product: syz [ 314.973774][ T25] usb 4-1: Manufacturer: syz [ 314.978783][ T25] usb 4-1: SerialNumber: syz [ 315.217472][ T8720] netlink: 'syz.2.731': attribute type 13 has an invalid length. [ 315.632743][ T8703] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 315.642776][ T8703] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 315.671495][ T25] usb 4-1: USB disconnect, device number 14 [ 316.145824][ T8728] VFS: could not find a valid V7 on nullb0. [ 316.153164][ T8728] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 316.447285][ T8732] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8732 comm=syz.3.734 [ 316.621549][ T8738] program syz.0.735 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 317.151388][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.495030][ T29] audit: type=1400 audit(1732624302.758:457): avc: denied { setopt } for pid=8755 comm="syz.0.740" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 318.562729][ T8762] 9pnet_fd: Insufficient options for proto=fd [ 318.880822][ T25] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 319.099039][ T8773] program syz.0.746 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 319.930377][ T25] usb 5-1: unable to get BOS descriptor or descriptor too short [ 319.958989][ T25] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 319.971304][ T25] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 319.980208][ T25] usb 5-1: config 1 has no interface number 0 [ 319.988281][ T25] usb 5-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 320.015431][ T25] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 320.027183][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.035724][ T25] usb 5-1: Product: syz [ 320.040456][ T25] usb 5-1: Manufacturer: syz [ 320.045994][ T25] usb 5-1: SerialNumber: syz [ 320.344554][ T25] usb 5-1: USB disconnect, device number 14 [ 321.059267][ T8794] program syz.3.751 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 321.981150][ T8804] netlink: 'syz.2.752': attribute type 13 has an invalid length. [ 322.972814][ T8805] vxcan1: entered promiscuous mode [ 322.985698][ T8805] vxcan1: left promiscuous mode [ 323.006700][ T8805] netlink: 16 bytes leftover after parsing attributes in process `syz.0.754'. [ 324.760937][ T29] audit: type=1400 audit(1732624308.748:458): avc: denied { listen } for pid=8811 comm="syz.3.758" lport=47539 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 325.430647][ T29] audit: type=1400 audit(1732624308.838:459): avc: denied { accept } for pid=8811 comm="syz.3.758" lport=47539 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 325.579222][ T8819] sctp: failed to load transform for md5: -2 [ 326.116160][ T8840] netlink: 'syz.0.760': attribute type 13 has an invalid length. [ 327.741413][ T5883] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 327.839794][ T29] audit: type=1400 audit(1732624312.108:460): avc: denied { setopt } for pid=8861 comm="syz.1.770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 327.906760][ T5883] usb 3-1: Using ep0 maxpacket: 8 [ 327.919244][ T5883] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 327.929428][ T5883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.938810][ T5883] usb 3-1: Product: syz [ 327.943289][ T5883] usb 3-1: Manufacturer: syz [ 327.947942][ T5883] usb 3-1: SerialNumber: syz [ 327.961374][ T5883] usb 3-1: config 0 descriptor?? [ 328.535952][ T5883] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 328.788323][ T5883] gspca_sonixj: reg_r err -32 [ 328.818708][ T5883] sonixj 3-1:0.0: probe with driver sonixj failed with error -32 [ 328.848157][ T29] audit: type=1400 audit(1732624313.118:461): avc: denied { execute } for pid=8861 comm="syz.1.770" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 329.043743][ T29] audit: type=1400 audit(1732624313.308:462): avc: denied { create } for pid=8861 comm="syz.1.770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 329.789230][ T29] audit: type=1400 audit(1732624313.338:463): avc: denied { ioctl } for pid=8861 comm="syz.1.770" path="socket:[19431]" dev="sockfs" ino=19431 ioctlcmd=0x891b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 329.816291][ T29] audit: type=1400 audit(1732624314.008:464): avc: denied { mount } for pid=8861 comm="syz.1.770" name="/" dev="ramfs" ino=19432 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 329.929171][ T8874] Process accounting resumed [ 329.943099][ T29] audit: type=1400 audit(1732624314.168:465): avc: denied { unmount } for pid=8861 comm="syz.1.770" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 330.222568][ T5884] usb 3-1: USB disconnect, device number 16 [ 330.448050][ T8889] netlink: 'syz.4.776': attribute type 4 has an invalid length. [ 331.041980][ T8891] netlink: 'syz.4.776': attribute type 8 has an invalid length. [ 331.060567][ T8891] netlink: 8 bytes leftover after parsing attributes in process `syz.4.776'. [ 331.133264][ T29] audit: type=1800 audit(1732624315.388:466): pid=8889 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.776" name="/" dev="9p" ino=2 res=0 errno=0 [ 331.210624][ T8895] vxcan1: entered promiscuous mode [ 332.610605][ T5883] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 332.740870][ T5883] usb 5-1: device descriptor read/64, error -71 [ 332.759346][ T8911] netlink: 12 bytes leftover after parsing attributes in process `syz.2.781'. [ 332.846157][ T8914] netlink: 12 bytes leftover after parsing attributes in process `syz.1.782'. [ 333.090573][ T5883] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 333.220858][ T5883] usb 5-1: device descriptor read/64, error -71 [ 333.345192][ T5883] usb usb5-port1: attempt power cycle [ 333.700715][ T5883] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 333.742356][ T5883] usb 5-1: device descriptor read/8, error -71 [ 334.149659][ T25] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 334.342558][ T25] usb 4-1: device descriptor read/64, error -71 [ 334.480788][ T5883] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 334.501618][ T5883] usb 5-1: device descriptor read/8, error -71 [ 335.502415][ T5883] usb usb5-port1: unable to enumerate USB device [ 335.505902][ T25] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 335.807285][ T25] usb 4-1: device descriptor read/64, error -71 [ 335.873725][ T8930] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 335.889545][ T8930] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 336.229662][ T8937] netlink: 'syz.4.790': attribute type 4 has an invalid length. [ 336.238382][ T8938] netlink: 244 bytes leftover after parsing attributes in process `syz.0.789'. [ 336.290777][ T25] usb usb4-port1: attempt power cycle [ 336.329085][ T8939] netlink: 'syz.4.790': attribute type 8 has an invalid length. [ 336.438689][ T8939] netlink: 8 bytes leftover after parsing attributes in process `syz.4.790'. [ 336.643696][ T29] audit: type=1800 audit(1732624320.868:467): pid=8937 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.790" name="/" dev="9p" ino=2 res=0 errno=0 [ 336.721044][ T25] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 337.722463][ T25] usb 4-1: device descriptor read/8, error -71 [ 338.118969][ T8959] netlink: 36 bytes leftover after parsing attributes in process `syz.1.797'. [ 339.251418][ T8962] netlink: 'syz.4.796': attribute type 13 has an invalid length. [ 340.446704][ T8977] netlink: 8 bytes leftover after parsing attributes in process `syz.2.801'. [ 340.473945][ T8978] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 340.557875][ T8978] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 340.569190][ T8979] netlink: 244 bytes leftover after parsing attributes in process `syz.3.802'. [ 340.720600][ T8] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 340.867195][ T8] usb 2-1: device descriptor read/64, error -71 [ 341.171129][ T8] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 341.624066][ T8] usb 2-1: device descriptor read/64, error -71 [ 341.712305][ T8993] netlink: 'syz.3.806': attribute type 21 has an invalid length. [ 341.720140][ T8993] netlink: 156 bytes leftover after parsing attributes in process `syz.3.806'. [ 341.740821][ T8] usb usb2-port1: attempt power cycle [ 341.856407][ T5884] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 342.001243][ T5884] usb 3-1: device descriptor read/64, error -71 [ 342.080675][ T8] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 342.104210][ T8] usb 2-1: device descriptor read/8, error -71 [ 342.250813][ T5884] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 342.320584][ T5883] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 342.350816][ T8] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 342.371309][ T8] usb 2-1: device descriptor read/8, error -71 [ 342.391065][ T5884] usb 3-1: device descriptor read/64, error -71 [ 342.472438][ T5883] usb 1-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 342.482021][ T8] usb usb2-port1: unable to enumerate USB device [ 342.488436][ T5883] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.499050][ T5883] usb 1-1: config 0 descriptor?? [ 342.573554][ T5884] usb usb3-port1: attempt power cycle [ 343.032830][ T5884] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 343.057904][ T5883] hackrf 1-1:0.0: Board ID: 00 [ 343.062869][ T5883] hackrf 1-1:0.0: Firmware version: [ 343.124775][ T5883] hackrf 1-1:0.0: Registered as swradio24 [ 343.132352][ T5884] usb 3-1: device descriptor read/8, error -71 [ 343.136088][ T5883] videodev: could not get a free minor [ 343.185890][ T5883] hackrf 1-1:0.0: Failed to register as video device (-23) [ 343.322695][ T5883] hackrf 1-1:0.0: probe with driver hackrf failed with error -23 [ 343.342010][ T5883] usb 1-1: USB disconnect, device number 19 [ 343.382893][ T29] audit: type=1400 audit(1732624327.658:468): avc: denied { write } for pid=9011 comm="syz.1.813" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 343.410966][ T5884] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 343.432575][ T5884] usb 3-1: device descriptor read/8, error -71 [ 343.625547][ T5884] usb usb3-port1: unable to enumerate USB device [ 345.699394][ T9023] netlink: 12 bytes leftover after parsing attributes in process `syz.4.817'. [ 345.724934][ T9023] tipc: Started in network mode [ 345.746031][ T9023] tipc: Node identity , cluster identity 4711 [ 345.983645][ T9036] netlink: 8 bytes leftover after parsing attributes in process `syz.3.816'. [ 346.026340][ T9042] 9pnet_fd: Insufficient options for proto=fd [ 346.042902][ T9031] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 346.411661][ T9046] netlink: 'syz.0.822': attribute type 13 has an invalid length. [ 346.872413][ T8] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 347.794813][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 347.812886][ T8] usb 5-1: config index 0 descriptor too short (expected 1307, got 27) [ 347.869939][ T8] usb 5-1: config 0 has an invalid interface number: 0 but max is -1 [ 347.870014][ T8] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 347.870147][ T8] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 347.870270][ T8] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 347.870345][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 347.870436][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 347.870566][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 348.336348][ T8] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 348.349491][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.372975][ T8] usb 5-1: Product: syz [ 348.377483][ T8] usb 5-1: Manufacturer: syz [ 348.393188][ T8] usb 5-1: SerialNumber: syz [ 348.406620][ T8] usb 5-1: config 0 descriptor?? [ 348.414028][ T9031] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 348.441852][ T8] hub 5-1:0.0: bad descriptor, ignoring hub [ 348.447867][ T8] hub 5-1:0.0: probe with driver hub failed with error -5 [ 348.460712][ T8] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input20 [ 348.601575][ T9053] VFS: could not find a valid V7 on nullb0. [ 348.610962][ T9053] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 349.112894][ T5883] usb 5-1: USB disconnect, device number 19 [ 350.330791][ T5883] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 350.387077][ T9081] program syz.0.830 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 351.152827][ T5883] usb 5-1: device descriptor read/64, error -71 [ 351.444543][ T5883] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 351.453665][ T9088] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 351.470384][ T9088] SELinux: failed to load policy [ 351.590762][ T5883] usb 5-1: device descriptor read/64, error -71 [ 351.702637][ T5883] usb usb5-port1: attempt power cycle [ 353.142562][ T9102] netlink: 'syz.4.835': attribute type 13 has an invalid length. [ 354.466785][ T29] audit: type=1400 audit(1732624338.568:469): avc: denied { write } for pid=9114 comm="syz.0.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 354.550932][ T5884] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 354.613192][ T9117] binder: 9114:9117 ioctl 4020aed2 200000c0 returned -22 [ 355.160621][ T29] audit: type=1400 audit(1732624338.868:470): avc: denied { write } for pid=9114 comm="syz.0.839" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 355.244961][ T5884] usb 2-1: Using ep0 maxpacket: 8 [ 355.252385][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 355.274957][ T5884] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 355.335673][ T5884] usb 2-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 355.346210][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.359097][ T5884] usb 2-1: Product: syz [ 355.364536][ T5884] usb 2-1: Manufacturer: syz [ 355.369380][ T5884] usb 2-1: SerialNumber: syz [ 355.599403][ T5884] usb 2-1: config 0 descriptor?? [ 356.558854][ T8] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 357.430738][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 357.443174][ T8] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 357.576020][ T8] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 357.586065][ T8] usb 1-1: config 0 interface 0 has no altsetting 0 [ 357.593194][ T8] usb 1-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 357.602401][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.613821][ T5884] usb 2-1: USB disconnect, device number 20 [ 357.621526][ T8] usb 1-1: config 0 descriptor?? [ 357.690299][ T9136] 9pnet_fd: Insufficient options for proto=fd [ 358.360277][ T8] hid (null): unknown global tag 0xe [ 358.365670][ T8] hid (null): invalid report_size 9273 [ 358.376339][ T8] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.000A/input/input21 [ 358.453649][ T8] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.000A/input/input22 [ 359.831333][ T8] kye 0003:0458:5013.000A: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.0-1/input0 [ 359.847783][ T8] usb 1-1: USB disconnect, device number 20 [ 359.955446][ T8649] udevd[8649]: setting mode of /dev/bus/usb/001/020 to 020664 failed: No such file or directory [ 359.966405][ T8649] udevd[8649]: setting owner of /dev/bus/usb/001/020 to uid=0, gid=0 failed: No such file or directory [ 360.192591][ T29] audit: type=1400 audit(1732624344.468:471): avc: denied { mounton } for pid=9156 comm="syz.0.851" path="/proc/646/task" dev="proc" ino=21047 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 361.479349][ T9175] Process accounting resumed [ 361.953810][ T9177] Process accounting resumed [ 362.106784][ T9185] FAULT_INJECTION: forcing a failure. [ 362.106784][ T9185] name failslab, interval 1, probability 0, space 0, times 0 [ 362.245548][ T9185] CPU: 1 UID: 0 PID: 9185 Comm: syz.2.858 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 362.255825][ T9185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 362.265889][ T9185] Call Trace: [ 362.269167][ T9185] [ 362.272103][ T9185] dump_stack_lvl+0x16c/0x1f0 [ 362.276798][ T9185] should_fail_ex+0x497/0x5b0 [ 362.281496][ T9185] ? fs_reclaim_acquire+0xae/0x150 [ 362.286613][ T9185] should_failslab+0xc2/0x120 [ 362.291279][ T9185] __kmalloc_noprof+0xcb/0x510 [ 362.296042][ T9185] bpf_test_init.isra.0+0xa5/0x150 [ 362.301156][ T9185] bpf_prog_test_run_xdp+0x4f0/0x1580 [ 362.306511][ T9185] ? lock_acquire+0x2f/0xb0 [ 362.310997][ T9185] ? __fget_files+0x40/0x3a0 [ 362.315567][ T9185] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 362.321356][ T9185] ? __fget_files+0x206/0x3a0 [ 362.326016][ T9185] ? fput+0x67/0x440 [ 362.329892][ T9185] ? __bpf_prog_get+0xa0/0x290 [ 362.334638][ T9185] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 362.340424][ T9185] __sys_bpf+0xfc6/0x49c0 [ 362.344742][ T9185] ? __pfx_lock_release+0x10/0x10 [ 362.349761][ T9185] ? __pfx___sys_bpf+0x10/0x10 [ 362.354538][ T9185] ? vfs_write+0x306/0x1150 [ 362.359041][ T9185] ? __mutex_unlock_slowpath+0x164/0x690 [ 362.364684][ T9185] ? fput+0x67/0x440 [ 362.368573][ T9185] ? ksys_write+0x1ba/0x250 [ 362.373067][ T9185] ? __pfx_ksys_write+0x10/0x10 [ 362.377916][ T9185] __x64_sys_bpf+0x78/0xc0 [ 362.382326][ T9185] ? lockdep_hardirqs_on+0x7c/0x110 [ 362.387515][ T9185] do_syscall_64+0xcd/0x250 [ 362.392012][ T9185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.397895][ T9185] RIP: 0033:0x7f4fb9b7e819 [ 362.402298][ T9185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.421897][ T9185] RSP: 002b:00007f4fba935038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 362.430299][ T9185] RAX: ffffffffffffffda RBX: 00007f4fb9d35fa0 RCX: 00007f4fb9b7e819 [ 362.438258][ T9185] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 362.446217][ T9185] RBP: 00007f4fba935090 R08: 0000000000000000 R09: 0000000000000000 [ 362.454173][ T9185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 362.462131][ T9185] R13: 0000000000000000 R14: 00007f4fb9d35fa0 R15: 00007fffb13b1d58 [ 362.470098][ T9185] [ 362.483436][ T9187] netlink: 'syz.4.859': attribute type 13 has an invalid length. [ 362.545968][ T9198] netlink: 'syz.0.863': attribute type 4 has an invalid length. [ 363.230929][ T29] audit: type=1800 audit(1732624347.508:472): pid=9198 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.863" name="/" dev="9p" ino=2 res=0 errno=0 [ 363.548091][ T29] audit: type=1326 audit(1732624347.808:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9209 comm="syz.3.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3b537e819 code=0x7ffc0000 [ 363.685673][ T9212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.865'. [ 363.850883][ T29] audit: type=1326 audit(1732624347.808:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9209 comm="syz.3.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3b537e819 code=0x7ffc0000 [ 364.130578][ T29] audit: type=1326 audit(1732624347.808:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9209 comm="syz.3.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fe3b537e819 code=0x7ffc0000 [ 364.163405][ T29] audit: type=1326 audit(1732624347.808:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9209 comm="syz.3.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3b537e819 code=0x7ffc0000 [ 364.207563][ T29] audit: type=1326 audit(1732624347.808:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9209 comm="syz.3.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3b537e819 code=0x7ffc0000 [ 364.346735][ T29] audit: type=1326 audit(1732624347.808:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9209 comm="syz.3.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7fe3b537e819 code=0x7ffc0000 [ 364.370377][ T29] audit: type=1326 audit(1732624347.808:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9209 comm="syz.3.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3b537e819 code=0x7ffc0000 [ 364.393816][ T29] audit: type=1326 audit(1732624347.808:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9209 comm="syz.3.866" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3b537e819 code=0x7ffc0000 [ 365.672672][ T9231] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 365.691000][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 365.691014][ T29] audit: type=1400 audit(1732624349.898:485): avc: denied { accept } for pid=9226 comm="syz.4.870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 365.754996][ T9243] FAULT_INJECTION: forcing a failure. [ 365.754996][ T9243] name failslab, interval 1, probability 0, space 0, times 0 [ 365.802663][ T9243] CPU: 0 UID: 0 PID: 9243 Comm: syz.2.877 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 365.812942][ T9243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 365.823005][ T9243] Call Trace: [ 365.826294][ T9243] [ 365.829226][ T9243] dump_stack_lvl+0x16c/0x1f0 [ 365.833923][ T9243] should_fail_ex+0x497/0x5b0 [ 365.838614][ T9243] ? fs_reclaim_acquire+0xae/0x150 [ 365.843730][ T9243] should_failslab+0xc2/0x120 [ 365.848418][ T9243] __kmalloc_node_noprof+0xd1/0x510 [ 365.853629][ T9243] ? crypto_alloc_tfmmem.isra.0+0x38/0x110 [ 365.859451][ T9243] ? __pfx_crypto_alg_extsize+0x10/0x10 [ 365.865006][ T9243] crypto_alloc_tfmmem.isra.0+0x38/0x110 [ 365.870655][ T9243] crypto_create_tfm_node+0x83/0x320 [ 365.875954][ T9243] crypto_ahash_init_tfm+0x255/0x480 [ 365.881249][ T9243] crypto_create_tfm_node+0x100/0x320 [ 365.886636][ T9243] crypto_alloc_tfm_node+0x102/0x260 [ 365.891943][ T9243] ? __pfx_hash_bind+0x10/0x10 [ 365.896726][ T9243] alg_bind+0x264/0x510 [ 365.900894][ T9243] __sys_bind+0x213/0x260 [ 365.905237][ T9243] ? __pfx___sys_bind+0x10/0x10 [ 365.910093][ T9243] ? __fget_files+0x206/0x3a0 [ 365.914784][ T9243] ? __pfx_ksys_write+0x10/0x10 [ 365.919651][ T9243] __x64_sys_bind+0x72/0xb0 [ 365.924162][ T9243] ? lockdep_hardirqs_on+0x7c/0x110 [ 365.929377][ T9243] do_syscall_64+0xcd/0x250 [ 365.933898][ T9243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 365.939809][ T9243] RIP: 0033:0x7f4fb9b7e819 [ 365.944237][ T9243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 365.963855][ T9243] RSP: 002b:00007f4fba935038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 365.972278][ T9243] RAX: ffffffffffffffda RBX: 00007f4fb9d35fa0 RCX: 00007f4fb9b7e819 [ 365.980255][ T9243] RDX: 0000000000000058 RSI: 0000000020000000 RDI: 0000000000000003 [ 365.988226][ T9243] RBP: 00007f4fba935090 R08: 0000000000000000 R09: 0000000000000000 [ 365.996198][ T9243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 366.004168][ T9243] R13: 0000000000000000 R14: 00007f4fb9d35fa0 R15: 00007fffb13b1d58 [ 366.012180][ T9243] [ 367.110155][ T29] audit: type=1400 audit(1732624351.318:486): avc: denied { setopt } for pid=9256 comm="syz.2.879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 367.297664][ T29] audit: type=1400 audit(1732624351.408:487): avc: denied { bind } for pid=9256 comm="syz.2.879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 368.844866][ T9283] FAULT_INJECTION: forcing a failure. [ 368.844866][ T9283] name failslab, interval 1, probability 0, space 0, times 0 [ 368.857612][ T9283] CPU: 1 UID: 0 PID: 9283 Comm: syz.0.884 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 368.867853][ T9283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 368.877893][ T9283] Call Trace: [ 368.881159][ T9283] [ 368.884077][ T9283] dump_stack_lvl+0x16c/0x1f0 [ 368.888748][ T9283] should_fail_ex+0x497/0x5b0 [ 368.893418][ T9283] ? fs_reclaim_acquire+0xae/0x150 [ 368.898519][ T9283] should_failslab+0xc2/0x120 [ 368.903185][ T9283] __kmalloc_noprof+0xcb/0x510 [ 368.907938][ T9283] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 368.913565][ T9283] tomoyo_realpath_from_path+0xb9/0x720 [ 368.919102][ T9283] ? tomoyo_path_number_perm+0x235/0x590 [ 368.924721][ T9283] ? tomoyo_path_number_perm+0x235/0x590 [ 368.930343][ T9283] tomoyo_path_number_perm+0x248/0x590 [ 368.935787][ T9283] ? tomoyo_path_number_perm+0x235/0x590 [ 368.941409][ T9283] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 368.947402][ T9283] ? __pfx_lock_release+0x10/0x10 [ 368.952418][ T9283] ? trace_lock_acquire+0x146/0x1e0 [ 368.957610][ T9283] ? __pfx___schedule+0x10/0x10 [ 368.962465][ T9283] ? lock_acquire+0x2f/0xb0 [ 368.966963][ T9283] ? __fget_files+0x40/0x3a0 [ 368.971546][ T9283] ? __fget_files+0x206/0x3a0 [ 368.976217][ T9283] security_file_ioctl+0x9b/0x240 [ 368.981239][ T9283] __x64_sys_ioctl+0xb7/0x200 [ 368.985922][ T9283] do_syscall_64+0xcd/0x250 [ 368.990421][ T9283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.996310][ T9283] RIP: 0033:0x7f2492f7e41b [ 369.000723][ T9283] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 369.020323][ T9283] RSP: 002b:00007f2490db2490 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 369.028742][ T9283] RAX: ffffffffffffffda RBX: 00007f2490db2be0 RCX: 00007f2492f7e41b [ 369.036729][ T9283] RDX: 00007f2490db2aa0 RSI: 000000008138ae83 RDI: 0000000000000007 [ 369.044692][ T9283] RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000000000000 [ 369.052660][ T9283] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000018 [ 369.060621][ T9283] R13: 0000000020018000 R14: 0000000020000000 R15: 00000000fec00000 [ 369.068600][ T9283] [ 369.071685][ C1] vkms_vblank_simulate: vblank timer overrun [ 369.078135][ T9283] ERROR: Out of memory at tomoyo_realpath_from_path. [ 370.726546][ T9270] Process accounting resumed [ 371.780753][ T8] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 371.918762][ T9310] netlink: 244 bytes leftover after parsing attributes in process `syz.4.890'. [ 371.934474][ T9308] 9pnet_fd: Insufficient options for proto=fd [ 371.992429][ T9307] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 372.020975][ T9307] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 372.052266][ T8] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 372.092868][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 372.317172][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 372.499388][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 372.629987][ T8] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 372.639392][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.649663][ T8] usb 4-1: config 0 descriptor?? [ 375.484353][ T8] usbhid 4-1:0.0: can't add hid device: -71 [ 375.492232][ T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 375.507962][ T8] usb 4-1: USB disconnect, device number 19 [ 375.661866][ T29] audit: type=1400 audit(1732624359.918:488): avc: denied { write } for pid=9338 comm="syz.1.901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 375.966187][ T9348] VFS: could not find a valid V7 on nullb0. [ 375.973617][ T9348] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 376.309089][ T9360] netlink: 'syz.2.909': attribute type 33 has an invalid length. [ 377.665029][ T9372] vxcan1: left promiscuous mode [ 377.673735][ T9372] netlink: 16 bytes leftover after parsing attributes in process `syz.2.911'. [ 377.838160][ T9375] FAULT_INJECTION: forcing a failure. [ 377.838160][ T9375] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 377.867298][ T9375] CPU: 0 UID: 0 PID: 9375 Comm: syz.0.912 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 377.877568][ T9375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 377.887623][ T9375] Call Trace: [ 377.890902][ T9375] [ 377.893838][ T9375] dump_stack_lvl+0x16c/0x1f0 [ 377.898525][ T9375] should_fail_ex+0x497/0x5b0 [ 377.903219][ T9375] _copy_from_iter+0x2a1/0x1560 [ 377.908086][ T9375] ? __pfx__copy_from_iter+0x10/0x10 [ 377.913381][ T9375] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 377.919369][ T9375] ? tun_build_skb.constprop.0+0x1b8/0x1120 [ 377.925266][ T9375] ? __pfx_lock_release+0x10/0x10 [ 377.930298][ T9375] ? trace_lock_acquire+0x146/0x1e0 [ 377.935503][ T9375] ? __pfx_lock_release+0x10/0x10 [ 377.940541][ T9375] copy_page_from_iter+0xa5/0x120 [ 377.945589][ T9375] tun_build_skb.constprop.0+0x294/0x1120 [ 377.951406][ T9375] ? __pfx_tun_build_skb.constprop.0+0x10/0x10 [ 377.957573][ T9375] ? __pfx___lock_acquire+0x10/0x10 [ 377.962778][ T9375] ? register_lock_class+0xb1/0x1240 [ 377.968073][ T9375] ? __lock_acquire+0xcc5/0x3c40 [ 377.973020][ T9375] tun_get_user+0x870/0x3e40 [ 377.977623][ T9375] ? find_held_lock+0x2d/0x110 [ 377.982397][ T9375] ? __pfx_tun_get_user+0x10/0x10 [ 377.987434][ T9375] ? find_held_lock+0x2d/0x110 [ 377.992217][ T9375] ? __pfx_lock_release+0x10/0x10 [ 377.997259][ T9375] tun_chr_write_iter+0xdc/0x210 [ 378.002215][ T9375] vfs_write+0x5ae/0x1150 [ 378.006555][ T9375] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 378.012113][ T9375] ? __pfx_vfs_write+0x10/0x10 [ 378.016883][ T9375] ? __fget_files+0x40/0x3a0 [ 378.021491][ T9375] ksys_write+0x12b/0x250 [ 378.025823][ T9375] ? __pfx_ksys_write+0x10/0x10 [ 378.030682][ T9375] do_syscall_64+0xcd/0x250 [ 378.035195][ T9375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.041098][ T9375] RIP: 0033:0x7f2492f7d2ff [ 378.045514][ T9375] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 378.065132][ T9375] RSP: 002b:00007f2490dd5000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 378.073559][ T9375] RAX: ffffffffffffffda RBX: 00007f2493136080 RCX: 00007f2492f7d2ff [ 378.081533][ T9375] RDX: 000000000000004a RSI: 00000000200000c0 RDI: 00000000000000c8 [ 378.089510][ T9375] RBP: 00007f2490dd5090 R08: 0000000000000000 R09: 0000000000000000 [ 378.097490][ T9375] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001 [ 378.105463][ T9375] R13: 0000000000000001 R14: 00007f2493136080 R15: 00007ffcf3ec51d8 [ 378.113454][ T9375] [ 378.241980][ T9377] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 378.631897][ T9383] netlink: 'syz.3.910': attribute type 13 has an invalid length. [ 378.983473][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 381.034652][ T9405] Process accounting resumed [ 381.364981][ T9414] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 381.374904][ T9414] SELinux: failed to load policy [ 382.120344][ T9417] Process accounting resumed [ 382.735689][ T9423] loop7: detected capacity change from 0 to 16384 [ 382.743810][ T9429] netlink: 48 bytes leftover after parsing attributes in process `syz.4.926'. [ 382.767184][ T9429] 9pnet_fd: Insufficient options for proto=fd [ 382.810271][ T29] audit: type=1400 audit(1732624367.078:489): avc: denied { create } for pid=9421 comm="syz.1.924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 383.888257][ T9451] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 383.930721][ T9451] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 383.951088][ T5884] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 384.028817][ T9455] netlink: 244 bytes leftover after parsing attributes in process `syz.3.929'. [ 384.122538][ T5884] usb 1-1: Using ep0 maxpacket: 16 [ 384.133435][ T5884] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 384.202512][ T5884] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 384.220324][ T9459] vxcan1: entered promiscuous mode [ 384.227294][ T9460] vxcan1: left promiscuous mode [ 384.235267][ T9459] netlink: 16 bytes leftover after parsing attributes in process `syz.2.933'. [ 384.418568][ T5884] usb 1-1: config 0 interface 0 has no altsetting 0 [ 384.548784][ T5884] usb 1-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 384.682134][ T5884] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.693363][ T5884] usb 1-1: config 0 descriptor?? [ 385.004521][ T9468] program syz.1.935 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 385.644842][ T9469] netlink: 'syz.4.934': attribute type 13 has an invalid length. [ 385.680180][ T5884] hid (null): unknown global tag 0xe [ 385.686219][ T5884] hid (null): invalid report_size 9273 [ 386.224598][ T5884] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.000B/input/input23 [ 386.252333][ T5884] input: HID 0458:5013 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5013.000B/input/input24 [ 386.462498][ T5884] kye 0003:0458:5013.000B: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.0-1/input0 [ 386.489561][ T5884] usb 1-1: USB disconnect, device number 21 [ 386.525868][ T9476] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 386.536913][ T9476] SELinux: failed to load policy [ 387.076052][ T9479] netlink: 8 bytes leftover after parsing attributes in process `syz.1.937'. [ 387.574980][ T29] audit: type=1400 audit(1732624371.838:490): avc: denied { read } for pid=9481 comm="syz.3.939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 388.496739][ T9494] netlink: 8 bytes leftover after parsing attributes in process `syz.4.941'. [ 389.070597][ T5884] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 389.606099][ T9496] VFS: could not find a valid V7 on nullb0. [ 389.615344][ T9496] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 389.811294][ T5884] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 389.828864][ T5884] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.871280][ T5884] usb 4-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 389.904649][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.937761][ T5884] usb 4-1: config 0 descriptor?? [ 390.649670][ T29] audit: type=1400 audit(1732624374.918:491): avc: denied { map } for pid=9489 comm="syz.3.943" path="socket:[22722]" dev="sockfs" ino=22722 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 391.230711][ T5883] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 391.275834][ T5884] usbhid 4-1:0.0: can't add hid device: -71 [ 391.281879][ T5884] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 391.301434][ T5884] usb 4-1: USB disconnect, device number 20 [ 391.497657][ T5883] usb 5-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 391.510844][ T5883] usb 5-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 391.524875][ T5883] usb 5-1: Manufacturer: syz [ 391.753534][ T5883] usb 5-1: config 0 descriptor?? [ 391.791788][ T9512] Process accounting resumed [ 392.067973][ T9521] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 392.078175][ T9521] SELinux: failed to load policy [ 392.339849][ T9525] program syz.3.951 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 392.356283][ T9525] fuse: Bad value for 'fd' [ 392.781957][ T5883] gs_usb 5-1:0.0: Configuring for 1 interfaces [ 392.990328][ T5883] gs_usb 5-1:0.0: Disabling termination support for channel 0 (-EPIPE) [ 393.218174][ T1529] usb 5-1: USB disconnect, device number 23 [ 395.221975][ T9560] netlink: 16 bytes leftover after parsing attributes in process `syz.1.955'. [ 395.718694][ T9558] vxcan1: entered promiscuous mode [ 395.724533][ T9559] vxcan1: left promiscuous mode [ 397.647304][ T9579] netlink: 16 bytes leftover after parsing attributes in process `syz.1.958'. [ 398.116736][ T9580] 9pnet_fd: Insufficient options for proto=fd [ 398.884225][ T9571] vxcan1: entered promiscuous mode [ 398.890407][ T9578] vxcan1: left promiscuous mode [ 399.101386][ T5883] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 399.111999][ T9592] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 399.122139][ T9592] SELinux: failed to load policy [ 399.254480][ T9597] netlink: 20 bytes leftover after parsing attributes in process `syz.1.963'. [ 399.286984][ T29] audit: type=1326 audit(1732624383.558:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9591 comm="syz.1.963" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9a8a77e819 code=0x0 [ 399.420795][ T5883] usb 1-1: device descriptor read/64, error -71 [ 399.618543][ T9606] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 399.628329][ T9606] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 399.676631][ T9607] netlink: 244 bytes leftover after parsing attributes in process `syz.3.964'. [ 399.796631][ T5883] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 400.203998][ T5883] usb 1-1: device descriptor read/64, error -71 [ 400.310991][ T9613] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 400.321204][ T9613] SELinux: failed to load policy [ 400.730715][ T5883] usb usb1-port1: attempt power cycle [ 402.028319][ T5883] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 402.443693][ T5883] usb 1-1: device descriptor read/8, error -71 [ 402.515173][ T9629] tipc: Started in network mode [ 402.530661][ T9629] tipc: Node identity aaaaaaaaaa32, cluster identity 4711 [ 402.559467][ T9629] tipc: Enabled bearer , priority 10 [ 402.601664][ T9629] tipc: Resetting bearer [ 403.007951][ T9641] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 403.012444][ T9629] tipc: Disabling bearer [ 403.018114][ T9641] SELinux: failed to load policy [ 403.282255][ T29] audit: type=1400 audit(1732624387.558:493): avc: denied { read } for pid=9632 comm="syz.3.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 404.200848][ T9651] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 404.650659][ T9656] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 404.671352][ T9656] SELinux: failed to load policy [ 407.188485][ T1529] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 407.849189][ T9681] netlink: 12 bytes leftover after parsing attributes in process `syz.2.987'. [ 407.924494][ T1529] usb 4-1: no configurations [ 407.929340][ T1529] usb 4-1: can't read configurations, error -22 [ 408.100965][ T1529] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 408.182403][ T5884] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 408.321553][ T5884] usb 3-1: device descriptor read/64, error -71 [ 408.331141][ T1529] usb 4-1: no configurations [ 408.335846][ T1529] usb 4-1: can't read configurations, error -22 [ 408.349217][ T1529] usb usb4-port1: attempt power cycle [ 408.615023][ T5884] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 408.951251][ T1529] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 409.026301][ T5884] usb 3-1: device descriptor read/64, error -71 [ 409.114299][ T9695] netlink: 'syz.3.990': attribute type 13 has an invalid length. [ 409.561207][ T1529] usb 4-1: device not accepting address 23, error -71 [ 409.576755][ T5884] usb usb3-port1: attempt power cycle [ 409.577089][ T29] audit: type=1400 audit(1732624393.848:494): avc: denied { read } for pid=9694 comm="syz.1.991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 409.645998][ T9676] fuse: Bad value for 'fd' [ 410.055043][ T5884] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 410.120929][ T5884] usb 3-1: device descriptor read/8, error -71 [ 410.402360][ T5884] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 410.452139][ T5884] usb 3-1: device descriptor read/8, error -71 [ 410.459380][ T9707] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 410.571582][ T5884] usb usb3-port1: unable to enumerate USB device [ 411.226778][ T9717] program syz.2.997 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 411.247477][ T9717] fuse: Bad value for 'fd' [ 411.953735][ T9724] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1000'. [ 413.391809][ T9741] program syz.4.1002 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 413.415105][ T9741] fuse: Bad value for 'fd' [ 414.071210][ T9745] FAULT_INJECTION: forcing a failure. [ 414.071210][ T9745] name failslab, interval 1, probability 0, space 0, times 0 [ 414.099943][ T9745] CPU: 0 UID: 0 PID: 9745 Comm: syz.2.1006 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 414.110308][ T9745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 414.120371][ T9745] Call Trace: [ 414.123705][ T9745] [ 414.126639][ T9745] dump_stack_lvl+0x16c/0x1f0 [ 414.131336][ T9745] should_fail_ex+0x497/0x5b0 [ 414.136031][ T9745] ? fs_reclaim_acquire+0xae/0x150 [ 414.141158][ T9745] should_failslab+0xc2/0x120 [ 414.145844][ T9745] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 414.151227][ T9745] ? getname_flags.part.0+0x4c/0x550 [ 414.156532][ T9745] getname_flags.part.0+0x4c/0x550 [ 414.161665][ T9745] getname+0x8d/0xe0 [ 414.165564][ T9745] io_symlinkat_prep+0x188/0x340 [ 414.170515][ T9745] io_submit_sqes+0x853/0x25e0 [ 414.175311][ T9745] __do_sys_io_uring_enter+0xd2d/0x1530 [ 414.180879][ T9745] ? __fget_files+0x206/0x3a0 [ 414.185564][ T9745] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 414.191564][ T9745] ? fput+0x67/0x440 [ 414.195480][ T9745] ? ksys_write+0x1ba/0x250 [ 414.199992][ T9745] ? __pfx_ksys_write+0x10/0x10 [ 414.204871][ T9745] do_syscall_64+0xcd/0x250 [ 414.209446][ T9745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.215355][ T9745] RIP: 0033:0x7f4fb9b7e819 [ 414.219777][ T9745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.239395][ T9745] RSP: 002b:00007f4fba935038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 414.247817][ T9745] RAX: ffffffffffffffda RBX: 00007f4fb9d35fa0 RCX: 00007f4fb9b7e819 [ 414.255792][ T9745] RDX: 0000000000000004 RSI: 0000000000000054 RDI: 0000000000000003 [ 414.263799][ T9745] RBP: 00007f4fba935090 R08: 0000000000000000 R09: 0000000000000000 [ 414.272038][ T9745] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 414.280015][ T9745] R13: 0000000000000000 R14: 00007f4fb9d35fa0 R15: 00007fffb13b1d58 [ 414.288004][ T9745] [ 414.519096][ T9752] SELinux: policydb string SE does not match my string SE Linux [ 414.553753][ T9752] SELinux: failed to load policy [ 415.462553][ T9749] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 415.553299][ T9756] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1004'. [ 415.570577][ T9749] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 415.595851][ T9761] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1011'. [ 416.717418][ T9766] netlink: 'syz.4.1012': attribute type 13 has an invalid length. [ 417.833408][ T9781] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1015'. [ 420.971183][ T9803] SELinux: policydb magic number 0xff8c does not match expected magic number 0xf97cff8c [ 420.981084][ T9803] SELinux: failed to load policy [ 422.453928][ T9816] FAULT_INJECTION: forcing a failure. [ 422.453928][ T9816] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 422.517746][ T9816] CPU: 0 UID: 0 PID: 9816 Comm: syz.4.1025 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 422.528110][ T9816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 422.538173][ T9816] Call Trace: [ 422.541453][ T9816] [ 422.544386][ T9816] dump_stack_lvl+0x16c/0x1f0 [ 422.549073][ T9816] should_fail_ex+0x497/0x5b0 [ 422.553762][ T9816] _copy_to_user+0x32/0xd0 [ 422.558188][ T9816] simple_read_from_buffer+0xd0/0x160 [ 422.563577][ T9816] proc_fail_nth_read+0x198/0x270 [ 422.568620][ T9816] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 422.574176][ T9816] ? rw_verify_area+0x18d/0x700 [ 422.579049][ T9816] ? __sanitizer_cov_trace_pc+0x3b/0x70 [ 422.584608][ T9816] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 422.590171][ T9816] vfs_read+0x1df/0xbe0 [ 422.594345][ T9816] ? __pfx___mutex_lock+0x10/0x10 [ 422.599384][ T9816] ? __pfx_vfs_read+0x10/0x10 [ 422.604075][ T9816] ? rcu_is_watching+0x12/0xc0 [ 422.608847][ T9816] ? __rcu_read_unlock+0x2b4/0x580 [ 422.613946][ T9816] ? __fget_files+0x206/0x3a0 [ 422.618612][ T9816] ksys_read+0x12b/0x250 [ 422.622847][ T9816] ? __pfx_ksys_read+0x10/0x10 [ 422.627614][ T9816] do_syscall_64+0xcd/0x250 [ 422.632104][ T9816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.637979][ T9816] RIP: 0033:0x7fc9f1b7d25c [ 422.642375][ T9816] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 422.661964][ T9816] RSP: 002b:00007fc9ef9f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 422.670356][ T9816] RAX: ffffffffffffffda RBX: 00007fc9f1d35fa0 RCX: 00007fc9f1b7d25c [ 422.678309][ T9816] RDX: 000000000000000f RSI: 00007fc9ef9f60a0 RDI: 0000000000000003 [ 422.686271][ T9816] RBP: 00007fc9ef9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 422.694227][ T9816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.702182][ T9816] R13: 0000000000000000 R14: 00007fc9f1d35fa0 R15: 00007ffe141e2f88 [ 422.710141][ T9816] [ 423.818462][ T29] audit: type=1400 audit(1732624408.048:495): avc: denied { write } for pid=9825 comm="syz.3.1028" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 423.850931][ T29] audit: type=1400 audit(1732624408.048:496): avc: denied { ioctl } for pid=9825 comm="syz.3.1028" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 424.272141][ T9842] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1031'. [ 424.328999][ T9840] vxcan1: entered promiscuous mode [ 424.357460][ T9841] vxcan1: left promiscuous mode [ 425.310829][ T29] audit: type=1400 audit(1732624409.578:497): avc: denied { ioctl } for pid=9846 comm="syz.2.1034" path="socket:[23432]" dev="sockfs" ino=23432 ioctlcmd=0x89b0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 425.397641][ T9849] syzkaller0: entered allmulticast mode [ 425.416280][ T9849] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1035'. [ 425.469673][ T9849] syzkaller0 (unregistering): left allmulticast mode [ 425.534500][ T9856] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1032'. [ 425.568471][ T9855] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 425.631264][ T9855] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 425.650361][ T9860] netlink: 244 bytes leftover after parsing attributes in process `syz.4.1030'. [ 426.080077][ T9866] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1038'. [ 427.104218][ T29] audit: type=1400 audit(1732624411.378:498): avc: denied { write } for pid=9868 comm="syz.2.1039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 427.185115][ T9872] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1040'. [ 427.214769][ T29] audit: type=1326 audit(1732624411.488:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9870 comm="syz.1.1040" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9a8a77e819 code=0x0 [ 427.237548][ C1] vkms_vblank_simulate: vblank timer overrun [ 427.653666][ T29] audit: type=1400 audit(1732624411.868:500): avc: denied { mount } for pid=9873 comm="syz.0.1041" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 428.794551][ T8] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 429.129977][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 429.136558][ T8] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 429.148357][ T8] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 429.159108][ T8] usb 3-1: config 0 interface 0 has no altsetting 0 [ 429.176465][ T9883] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 429.251503][ T8] usb 3-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 429.286570][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.318969][ T8] usb 3-1: config 0 descriptor?? [ 431.930874][ T9896] netlink: 'syz.0.1045': attribute type 13 has an invalid length. [ 432.397858][ T8] usbhid 3-1:0.0: can't add hid device: -71 [ 432.404223][ T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 432.420646][ T8] usb 3-1: USB disconnect, device number 25 [ 432.510297][ T9907] xt_connbytes: Forcing CT accounting to be enabled [ 432.525712][ T9907] Cannot find del_set index 1 as target [ 432.789253][ T9913] program syz.2.1049 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 434.846314][ T9929] VFS: could not find a valid V7 on nullb0. [ 434.853680][ T9930] vxcan1: entered promiscuous mode [ 434.859000][ T9929] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 434.862451][ T9930] vxcan1: left promiscuous mode [ 434.926900][ T9930] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1053'. [ 437.259367][ T9949] vxcan1: entered promiscuous mode [ 437.331287][ T9950] vxcan1: left promiscuous mode [ 439.942362][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.404091][ T9977] netlink: 'syz.1.1061': attribute type 13 has an invalid length. [ 442.055360][ T9986] FAULT_INJECTION: forcing a failure. [ 442.055360][ T9986] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 442.096798][ T29] audit: type=1400 audit(1732624426.348:501): avc: denied { read write } for pid=5841 comm="syz-executor" name="loop0" dev="devtmpfs" ino=3052 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 442.204181][ T9986] CPU: 0 UID: 0 PID: 9986 Comm: syz.3.1066 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 442.214517][ T9986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 442.224548][ T9986] Call Trace: [ 442.227802][ T9986] [ 442.230720][ T9986] dump_stack_lvl+0x16c/0x1f0 [ 442.235381][ T9986] should_fail_ex+0x497/0x5b0 [ 442.240040][ T9986] strncpy_from_user+0x3b/0x2d0 [ 442.244873][ T9986] getname_flags.part.0+0x8f/0x550 [ 442.249965][ T9986] getname+0x8d/0xe0 [ 442.253840][ T9986] do_sys_openat2+0x104/0x1e0 [ 442.258496][ T9986] ? __pfx_do_sys_openat2+0x10/0x10 [ 442.263678][ T9986] ? __fget_files+0x206/0x3a0 [ 442.268332][ T9986] __x64_sys_openat+0x175/0x210 [ 442.273163][ T9986] ? __pfx___x64_sys_openat+0x10/0x10 [ 442.278512][ T9986] ? syscall_user_dispatch+0x7a/0x130 [ 442.283869][ T9986] do_syscall_64+0xcd/0x250 [ 442.288353][ T9986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.294226][ T9986] RIP: 0033:0x7fe3b537d1b0 [ 442.298621][ T9986] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8f 02 00 8b 44 [ 442.318291][ T9986] RSP: 002b:00007fe3b6237b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 442.326707][ T9986] RAX: ffffffffffffffda RBX: 0000000000127081 RCX: 00007fe3b537d1b0 [ 442.334672][ T9986] RDX: 0000000000127081 RSI: 00007fe3b6237c10 RDI: 00000000ffffff9c [ 442.342641][ T9986] RBP: 00007fe3b6237c10 R08: 0000000000000000 R09: 002367732f766564 [ 442.350589][ T9986] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 442.358622][ T9986] R13: 0000000000000000 R14: 00007fe3b5535fa0 R15: 00007ffd08739198 [ 442.366580][ T9986] [ 442.488886][ T29] audit: type=1400 audit(1732624426.348:502): avc: denied { open } for pid=5841 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=3052 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 442.880795][ T29] audit: type=1400 audit(1732624426.348:503): avc: denied { ioctl } for pid=5841 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=3052 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 443.783695][ T9995] VFS: could not find a valid V7 on nullb0. [ 443.790789][ T9995] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 443.910359][T10001] bridge0: entered promiscuous mode [ 443.917382][T10001] macsec1: entered promiscuous mode [ 444.033368][T10001] bridge0: left promiscuous mode [ 448.035623][T10035] netlink: 'syz.0.1078': attribute type 13 has an invalid length. [ 450.011896][ T29] audit: type=1400 audit(1732624434.218:504): avc: denied { map } for pid=10050 comm="syz.4.1081" path="/proc/720/pagemap" dev="proc" ino=25879 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 450.229061][ T29] audit: type=1400 audit(1732624434.218:505): avc: denied { execute } for pid=10050 comm="syz.4.1081" path="/proc/720/pagemap" dev="proc" ino=25879 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 450.484657][T10056] VFS: could not find a valid V7 on nullb0. [ 450.491970][T10056] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 450.755741][T10065] FAULT_INJECTION: forcing a failure. [ 450.755741][T10065] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 450.782861][T10065] CPU: 0 UID: 0 PID: 10065 Comm: syz.1.1085 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 450.793307][T10065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 450.803367][T10065] Call Trace: [ 450.806648][T10065] [ 450.809580][T10065] dump_stack_lvl+0x16c/0x1f0 [ 450.814263][T10065] should_fail_ex+0x497/0x5b0 [ 450.818929][T10065] strncpy_from_user+0x3b/0x2d0 [ 450.823763][T10065] getname_flags.part.0+0x8f/0x550 [ 450.828860][T10065] getname+0x8d/0xe0 [ 450.832731][T10065] do_sys_openat2+0x104/0x1e0 [ 450.837387][T10065] ? __pfx_do_sys_openat2+0x10/0x10 [ 450.842564][T10065] ? __fget_files+0x206/0x3a0 [ 450.847218][T10065] __x64_sys_open+0x154/0x1e0 [ 450.851872][T10065] ? __pfx___x64_sys_open+0x10/0x10 [ 450.857057][T10065] do_syscall_64+0xcd/0x250 [ 450.861542][T10065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.867416][T10065] RIP: 0033:0x7f9a8a77e819 [ 450.871807][T10065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.891391][T10065] RSP: 002b:00007f9a8b647038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 450.899781][T10065] RAX: ffffffffffffffda RBX: 00007f9a8a935fa0 RCX: 00007f9a8a77e819 [ 450.907729][T10065] RDX: 0000000000000000 RSI: 0000000000066842 RDI: 00000000200005c0 [ 450.915673][T10065] RBP: 00007f9a8b647090 R08: 0000000000000000 R09: 0000000000000000 [ 450.923617][T10065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 450.931562][T10065] R13: 0000000000000000 R14: 00007f9a8a935fa0 R15: 00007ffd7c45e218 [ 450.939515][T10065] [ 451.766995][T10076] syz.3.1087 uses old SIOCAX25GETINFO [ 451.820862][ T29] audit: type=1400 audit(1732624436.038:506): avc: denied { ioctl } for pid=10072 comm="syz.3.1087" path="socket:[25928]" dev="sockfs" ino=25928 ioctlcmd=0x89e9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 452.166112][ T9947] Process accounting resumed [ 452.517769][ T5149] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 452.522211][T10083] netlink: 'syz.4.1089': attribute type 4 has an invalid length. [ 452.533624][T10082] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 452.555234][T10082] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 452.584707][T10082] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 452.595381][T10082] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 452.606117][T10082] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 452.676853][ T5840] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 452.685733][ T5840] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 452.697928][ T5840] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 452.708174][ T5840] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 452.747534][ T5840] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 452.755298][ T5840] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 452.772689][ T29] audit: type=1400 audit(1732624437.048:507): avc: denied { mounton } for pid=10077 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 452.869308][T10083] netlink: 'syz.4.1089': attribute type 8 has an invalid length. [ 452.900614][T10083] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1089'. [ 454.052383][T10077] chnl_net:caif_netlink_parms(): no params data found [ 454.100823][ T5883] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 454.239443][T10077] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.258415][T10077] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.288330][ T5883] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 454.302831][T10077] bridge_slave_0: entered allmulticast mode [ 454.309673][T10077] bridge_slave_0: entered promiscuous mode [ 454.318358][ T5883] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 454.318531][T10077] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.327586][ T5883] usb 1-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 454.327613][ T5883] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.352408][T10077] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.360406][T10077] bridge_slave_1: entered allmulticast mode [ 454.373465][T10077] bridge_slave_1: entered promiscuous mode [ 454.859609][T10109] netlink: 'syz.3.1093': attribute type 13 has an invalid length. [ 454.879138][ T5840] Bluetooth: hci5: command tx timeout [ 454.900587][ T5883] usb 1-1: config 0 descriptor?? [ 454.931629][T10114] warning: `syz.4.1094' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 455.830084][T10077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 455.843251][T10077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 455.897852][T10077] team0: Port device team_slave_0 added [ 455.907468][T10077] team0: Port device team_slave_1 added [ 455.926508][T10077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 455.933829][T10077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 455.960735][T10077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 455.973424][T10077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 455.980422][T10077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 456.007137][T10077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 456.042636][T10077] hsr_slave_0: entered promiscuous mode [ 456.048698][T10077] hsr_slave_1: entered promiscuous mode [ 456.054916][T10077] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 456.063540][T10077] Cannot create hsr debugfs directory [ 456.181800][T10077] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 456.198868][T10077] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 456.211870][T10077] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 456.226998][T10077] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 456.484669][T10077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 456.537742][T10077] 8021q: adding VLAN 0 to HW filter on device team0 [ 456.557593][ T2905] bridge0: port 1(bridge_slave_0) entered blocking state [ 456.564702][ T2905] bridge0: port 1(bridge_slave_0) entered forwarding state [ 456.597586][ T2905] bridge0: port 2(bridge_slave_1) entered blocking state [ 456.604718][ T2905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 456.827304][T10135] overlay: filesystem on ./bus is read-only [ 456.845093][T10136] mmap: syz.1.1096 (10136) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 456.860649][ T29] audit: type=1400 audit(1732624441.098:508): avc: denied { mounton } for pid=10128 comm="syz.4.1098" path="/bus" dev="sysfs" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 457.032246][T10110] Bluetooth: hci5: Opcode 0x0c1a failed: -110 [ 457.100835][T10110] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 457.112132][ T5840] Bluetooth: hci5: command 0x040f tx timeout [ 457.182204][T10110] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 457.675653][ T5883] usb 1-1: USB disconnect, device number 26 [ 457.789311][T10077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 458.480809][T10160] netlink: 'syz.0.1101': attribute type 13 has an invalid length. [ 459.650537][ T5840] Bluetooth: hci5: command 0x040f tx timeout [ 459.661813][T10160] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 459.767023][T10077] veth0_vlan: entered promiscuous mode [ 459.788819][T10077] veth1_vlan: entered promiscuous mode [ 459.800318][ T29] audit: type=1400 audit(1732624444.068:509): avc: denied { link } for pid=10166 comm="syz.4.1105" name="#25" dev="tmpfs" ino=1193 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 459.860844][T10077] veth0_macvtap: entered promiscuous mode [ 459.873120][ T29] audit: type=1400 audit(1732624444.078:510): avc: denied { rename } for pid=10166 comm="syz.4.1105" name="#26" dev="tmpfs" ino=1193 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 459.896807][T10077] veth1_macvtap: entered promiscuous mode [ 459.939870][T10077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 459.989330][T10077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.999827][T10077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 460.010997][T10077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.021549][T10077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 460.032573][T10077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.043620][T10077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 460.055309][T10077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.065355][T10077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 460.076856][T10077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.103319][T10077] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 460.135710][T10171] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 460.148498][T10171] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 460.156913][T10171] CPU: 0 UID: 0 PID: 10171 Comm: syz.3.1106 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 [ 460.167340][T10171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 460.177386][T10171] RIP: 0010:__lock_acquire+0xe4/0x3c40 [ 460.182848][T10171] Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d ca 98 f5 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 07 7f 93 0f 84 [ 460.202450][T10171] RSP: 0018:ffffc9000f16f268 EFLAGS: 00010006 [ 460.208509][T10171] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 460.216472][T10171] RDX: 0000000000000006 RSI: 1ffff92001e2de5f RDI: 0000000000000030 [ 460.224435][T10171] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 460.232397][T10171] R10: ffffffff90608e17 R11: 0000000000000001 R12: 0000000000000030 [ 460.240357][T10171] R13: ffff88802d5c0000 R14: 0000000000000000 R15: 0000000000000000 [ 460.248320][T10171] FS: 00007fe3b62176c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 460.257244][T10171] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 460.263821][T10171] CR2: 00007f7434448595 CR3: 00000000130a6000 CR4: 00000000003526f0 [ 460.271783][T10171] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 460.279745][T10171] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 460.287709][T10171] Call Trace: [ 460.290979][T10171] [ 460.293900][T10171] ? die_addr+0x3b/0xa0 [ 460.298053][T10171] ? exc_general_protection+0x155/0x230 [ 460.303601][T10171] ? asm_exc_general_protection+0x26/0x30 [ 460.309321][T10171] ? __lock_acquire+0xe4/0x3c40 [ 460.314174][T10171] ? find_held_lock+0x2d/0x110 [ 460.318936][T10171] ? __pfx___lock_acquire+0x10/0x10 [ 460.324126][T10171] ? addrconf_get_prefix_route+0x5d8/0x980 [ 460.329930][T10171] ? __pfx_lock_release+0x10/0x10 [ 460.334951][T10171] lock_acquire.part.0+0x11b/0x380 [ 460.340055][T10171] ? modify_prefix_route+0x30b/0x8b0 [ 460.345337][T10171] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 460.350963][T10171] ? rcu_is_watching+0x12/0xc0 [ 460.355723][T10171] ? trace_lock_acquire+0x146/0x1e0 [ 460.360916][T10171] ? modify_prefix_route+0x30b/0x8b0 [ 460.366199][T10171] ? lock_acquire+0x2f/0xb0 [ 460.370692][T10171] ? modify_prefix_route+0x30b/0x8b0 [ 460.375972][T10171] _raw_spin_lock_bh+0x33/0x40 [ 460.380727][T10171] ? modify_prefix_route+0x30b/0x8b0 [ 460.386007][T10171] modify_prefix_route+0x30b/0x8b0 [ 460.391139][T10171] inet6_rtm_newaddr+0x12c7/0x1ab0 [ 460.396242][T10171] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 460.401688][T10171] ? __mutex_lock+0x1cc/0xa60 [ 460.406357][T10171] ? __pfx_cred_has_capability.isra.0+0x10/0x10 [ 460.412601][T10171] ? __pfx___mutex_lock+0x10/0x10 [ 460.417625][T10171] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 460.423077][T10171] rtnetlink_rcv_msg+0x3c7/0xea0 [ 460.428012][T10171] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 460.433476][T10171] netlink_rcv_skb+0x16b/0x440 [ 460.438237][T10171] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 460.443692][T10171] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 460.448977][T10171] ? netlink_deliver_tap+0x1ae/0xd30 [ 460.454258][T10171] netlink_unicast+0x53c/0x7f0 [ 460.459017][T10171] ? __pfx_netlink_unicast+0x10/0x10 [ 460.464299][T10171] netlink_sendmsg+0x8b8/0xd70 [ 460.469059][T10171] ? __pfx_netlink_sendmsg+0x10/0x10 [ 460.474370][T10171] ____sys_sendmsg+0xaaf/0xc90 [ 460.479129][T10171] ? copy_msghdr_from_user+0x10b/0x160 [ 460.484591][T10171] ? __pfx_____sys_sendmsg+0x10/0x10 [ 460.489881][T10171] ___sys_sendmsg+0x135/0x1e0 [ 460.494547][T10171] ? __pfx____sys_sendmsg+0x10/0x10 [ 460.499764][T10171] ? __pfx_lock_release+0x10/0x10 [ 460.504779][T10171] ? trace_lock_acquire+0x146/0x1e0 [ 460.509978][T10171] ? __fget_files+0x206/0x3a0 [ 460.514656][T10171] __sys_sendmsg+0x16e/0x220 [ 460.519235][T10171] ? __pfx___sys_sendmsg+0x10/0x10 [ 460.524340][T10171] ? do_user_addr_fault+0x83d/0x13f0 [ 460.529619][T10171] do_syscall_64+0xcd/0x250 [ 460.534122][T10171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.540009][T10171] RIP: 0033:0x7fe3b537e819 [ 460.544415][T10171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 460.564011][T10171] RSP: 002b:00007fe3b6217038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 460.572415][T10171] RAX: ffffffffffffffda RBX: 00007fe3b5536080 RCX: 00007fe3b537e819 [ 460.580374][T10171] RDX: 0000000000008044 RSI: 0000000020000840 RDI: 0000000000000003 [ 460.588426][T10171] RBP: 00007fe3b53f175e R08: 0000000000000000 R09: 0000000000000000 [ 460.596384][T10171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 460.604344][T10171] R13: 0000000000000001 R14: 00007fe3b5536080 R15: 00007ffd08739198 [ 460.612310][T10171] [ 460.615316][T10171] Modules linked in: [ 460.619212][T10171] ---[ end trace 0000000000000000 ]--- [ 460.624655][T10171] RIP: 0010:__lock_acquire+0xe4/0x3c40 [ 460.630111][T10171] Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d ca 98 f5 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 07 7f 93 0f 84 [ 460.649711][T10171] RSP: 0018:ffffc9000f16f268 EFLAGS: 00010006 [ 460.655768][T10171] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 460.663728][T10171] RDX: 0000000000000006 RSI: 1ffff92001e2de5f RDI: 0000000000000030 [ 460.671688][T10171] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 460.679651][T10171] R10: ffffffff90608e17 R11: 0000000000000001 R12: 0000000000000030 [ 460.687611][T10171] R13: ffff88802d5c0000 R14: 0000000000000000 R15: 0000000000000000 [ 460.695575][T10171] FS: 00007fe3b62176c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 460.704497][T10171] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 460.711070][T10171] CR2: 00007f7434448595 CR3: 00000000130a6000 CR4: 00000000003526f0 [ 460.719032][T10171] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 460.726991][T10171] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 460.734953][T10171] Kernel panic - not syncing: Fatal exception in interrupt [ 460.742328][T10171] Kernel Offset: disabled [ 460.746629][T10171] Rebooting in 86400 seconds..