last executing test programs: 6m2.503892831s ago: executing program 4 (id=7466): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r4 = socket(0x10, 0x803, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'xfrm0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newqdisc={0xd0, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x5}, {0x5, 0xffe0}}, [@TCA_STAB={0xac, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7, 0x7, 0x4, 0x705, 0x0, 0x740b, 0x9, 0x3}}, {0xa, 0x2, [0x9, 0x0, 0x9]}}, {{0x1c, 0x1, {0x7e, 0x4, 0x7ff, 0x1, 0x0, 0x0, 0xfffffffc, 0x9}}, {0x16, 0x2, [0x9, 0x5, 0x8, 0x101, 0xfff, 0x65, 0xd3, 0x6, 0x3]}}, {{0x1c, 0x1, {0xfb, 0x9, 0x749, 0x1000, 0x1, 0x1, 0x0, 0x2}}, {0x8, 0x2, [0x8, 0x7]}}, {{0x1c, 0x1, {0x3, 0x2, 0x8, 0x8, 0x1, 0x401, 0xffffff80, 0x4}}, {0xc, 0x2, [0xf35, 0x7fff, 0x9, 0x5]}}]}]}, 0xd0}}, 0x0) write$dsp(0xffffffffffffffff, &(0x7f0000000180)="a008873da5820c60488d7def25715f9e30f2164a7d5fb4efb3c0761e22fb2facac2573e46a1d5e1d3b8e15dddce930e0473f33645a1fcd48c74a447d083e12f3f54dc80b2fcef72d75b0", 0x4a) socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@getchain={0x34, 0x66, 0x8, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {0x5, 0x6}, {0xfff2, 0xd}, {0xffe0, 0xd}}, [{0x8}, {0x8, 0xb, 0x7}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x60c4841) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r8, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r9}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 5m59.480409556s ago: executing program 4 (id=7472): syz_open_dev$vbi(&(0x7f0000000040), 0x1, 0x2) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd) syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000300)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000001f00)) sendmmsg(r2, &(0x7f0000009140)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000005280)="b8", 0x1}], 0x1}}], 0x34000, 0x0) 5m54.799381979s ago: executing program 4 (id=7488): r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x20000) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x18) setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f0000000180)={'filter\x00', 0x0, 0x0, 0x0, [0xc6bf, 0x3ff, 0x4, 0x6, 0x5], 0x4, &(0x7f0000000140)=[{}, {}, {}], 0x0, [{}, {}, {}, {}]}, 0xb8) io_setup(0x23, &(0x7f0000000280)=0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) io_submit(r3, 0x2, &(0x7f0000000580)=[&(0x7f0000000500)={0x0, 0x0, 0x0, 0x3, 0xfff8, r1, &(0x7f00000007c0)="8257f40f1c763c3d7884a1b2f38e5b031559afe08b6997b3b036d66ad9953d26d1c5baf8a225e523451ff9f4d52d61886efb222f2637769c66c1d4567596b3f6d01f5d1adc77245f0596bdfcd723a89d1fddec5757354f7201d0abbe588bdd56841a4770f36c9c47e3d2e81c8fcd45851c", 0x71, 0x6, 0x0, 0x3, r2}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x2, r2, 0x0, 0x0, 0xbe3, 0x0, 0x1}]) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) writev(r4, 0x0, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r8 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) mmap$KVM_VCPU(&(0x7f0000ffd000/0x1000)=nil, r8, 0x0, 0x10010, r5, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r7, 0xc048aeca, &(0x7f0000000080)) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) ioctl$int_out(r0, 0x0, &(0x7f00000000c0)) 5m53.21404502s ago: executing program 4 (id=7493): openat$sndseq(0xffffffffffffff9c, 0x0, 0x100) mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x1be) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x8001, 0x0) chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x1802, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xa9) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x2000084, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) r2 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback, 0x1}, 0x1c) sendto$inet6(r2, &(0x7f0000000100)="800037e9220ca1ce", 0x8, 0x0, &(0x7f0000000140)={0xa, 0x4e24, 0x6, @mcast2, 0xf}, 0x1c) chdir(&(0x7f00000001c0)='./bus\x00') newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x2000) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18) getdents64(r3, &(0x7f0000000100)=""/118, 0x76) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pivot_root(&(0x7f0000000100)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00') 5m51.541689916s ago: executing program 4 (id=7501): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000380)={0x6c, 0x0, 0x1, 0x301, 0x0, 0x1a14, {0x2, 0x0, 0x1}, [@CTA_HELP={0xc, 0x5, 0x0, 0x1, {0xfffffffffffffeb1, 0x1, 'RAS\x00'}}, @CTA_FILTER={0x0, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x0, 0x1, 0x100}, @CTA_FILTER_ORIG_FLAGS={0x0, 0x1, 0x20}, @CTA_FILTER_ORIG_FLAGS={0x0, 0x1, 0x88}, @CTA_FILTER_ORIG_FLAGS={0x0, 0x1, 0x41}, @CTA_FILTER_ORIG_FLAGS={0x0, 0x1, 0x4}, @CTA_FILTER_REPLY_FLAGS={0x0, 0x2, 0x400}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x6c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x38, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) r3 = dup(r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES8=r2, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280050019"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r5 = add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000200)="bf", 0x1, 0xfffffffffffffffb) keyctl$describe(0x6, r5, &(0x7f0000001540)=""/18, 0x12) r6 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil) sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r9, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r10}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0) 5m50.675774284s ago: executing program 4 (id=7507): shmget$private(0x0, 0x8000, 0x10, &(0x7f0000ff5000/0x8000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet_icmp_raw(0x2, 0x3, 0x1) close_range(r3, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="5c020000", @ANYRES16=r5, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d784308000500000000000c02088074000080200004000a00000000000007fe800000000000000000000000000000000000001500040002000000ac1e0101000000000000000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff08000300020000000800030000000000060005000000000094010080200004000a004e21ffffffff0000000000000000000000000000000101000000240002002767b524f45e9dfaf001c414581741c92349c3b6661d9864680582bd184ef1a62801098024010080400001000a00000014000200000000000000000000000000000000010500030003000000060001000a00000014000200fe8000000000000000000000000000bb05000300030000000600010002000000080002000a01010205000300000000000600010002000000080002007f0000010500030000000000060001000200000008000200ac1414aa0500030003000000060001000a00000014000200fe80000000000000000000000000000e05000300010000000600010002000000080002000000000005000300ff000000060001000a0000001400020000000000000000000000ffffffffffff0500030001000000060001000200000008000200ac1414aa0500030001000000060001000200000008000200ac1414bb050003000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080007000000000008000100", @ANYRES32=r4], 0x25c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)=0x2) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xe) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x200000000000000) 5m49.464197339s ago: executing program 32 (id=7507): shmget$private(0x0, 0x8000, 0x10, &(0x7f0000ff5000/0x8000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet_icmp_raw(0x2, 0x3, 0x1) close_range(r3, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="5c020000", @ANYRES16=r5, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d784308000500000000000c02088074000080200004000a00000000000007fe800000000000000000000000000000000000001500040002000000ac1e0101000000000000000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff08000300020000000800030000000000060005000000000094010080200004000a004e21ffffffff0000000000000000000000000000000101000000240002002767b524f45e9dfaf001c414581741c92349c3b6661d9864680582bd184ef1a62801098024010080400001000a00000014000200000000000000000000000000000000010500030003000000060001000a00000014000200fe8000000000000000000000000000bb05000300030000000600010002000000080002000a01010205000300000000000600010002000000080002007f0000010500030000000000060001000200000008000200ac1414aa0500030003000000060001000a00000014000200fe80000000000000000000000000000e05000300010000000600010002000000080002000000000005000300ff000000060001000a0000001400020000000000000000000000ffffffffffff0500030001000000060001000200000008000200ac1414aa0500030001000000060001000200000008000200ac1414bb050003000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080007000000000008000100", @ANYRES32=r4], 0x25c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)=0x2) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xe) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x200000000000000) 4m39.319268992s ago: executing program 1 (id=7732): ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/mem_sleep', 0x101a02, 0x0) copy_file_range(r2, &(0x7f0000000000)=0x8, r2, 0x0, 0x4, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, &(0x7f0000000200)={0x1, 0x4, [0xc30, 0xab, 0xd87, 0xe99]}) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x4886) syz_usb_control_io$hid(r1, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x22, 0xf, {[@global=@item_012={0x2, 0x1, 0x9, "9053"}, @local=@item_012={0x2, 0x2, 0x4, '\x00 '}, @main=@item_012={0x2, 0x0, 0xa, "e1e5"}, @main=@item_012={0x0, 0x0, 0x8}, @main=@item_4={0x3, 0x0, 0xb, "af45cee1"}]}}, 0x0}, 0x0) ioctl$HIDIOCSREPORT(0xffffffffffffffff, 0x400c4808, &(0x7f0000000080)={0x1, 0x100, 0x20a6}) sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)={0x68, 0x0, 0x1, 0x270bd25, 0x25dfdbff, {{}, {0x0, 0x4107}, {0x4c, 0x18, {0x401, @media='ib\x00'}}}}, 0x68}, 0x1, 0x0, 0x0, 0x4090}, 0x20000000) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f0000000680)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x68, 0x0, 0x100, 0x70bd2b, 0x25dfdbfc, {{}, {}, {0x4c, 0x18, {0x9, @media='ib\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20048050}, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b0000000500000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xd, 0x14, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r7, 0x0, 0x1}, 0x18) migrate_pages(0x0, 0x8, &(0x7f0000000040)=0x1, &(0x7f0000000100)=0x2) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', 0x0}) r9 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r4, r8, 0x25, 0x0, @void}, 0x10) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000001100010025bd7000ffdbdf2500000000", @ANYRES32=r8], 0x20}}, 0x0) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r9, r4, 0x4, r4}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r11, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0) 4m36.713005078s ago: executing program 2 (id=7742): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a000000850000007b00000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001f40)={r2, r1, 0x25, 0x0, @val=@netkit={@void, @value=r2}}, 0x1c) syz_emit_ethernet(0xe73, &(0x7f0000001180)=ANY=[], 0x0) (fail_nth: 2) 4m35.763832903s ago: executing program 2 (id=7744): chdir(&(0x7f0000000280)='./file0\x00') socket$nl_generic(0x10, 0x3, 0x10) r0 = mq_open(&(0x7f00000000c0)='&\x00', 0x40, 0x104, 0x0) mq_notify(r0, &(0x7f0000000000)={0x110c230000, 0x3, 0x2, @thr={&(0x7f0000000180)="7f478cb9e218d705680900db098d3bfb1ecd3ee116d586ce35d2dc707da1575865dc839d160c36293b3ccbeb55bbe779b5f35ace93cee64d29d5dde73ee5c220910e1dbf02a5a7591fe6a5ec39f3135eb9f1df4d0509ea9424c564aa8ae88cc7d54ff29df2259ef7f2f4be975e0b306a87835da1257af0711b845c4d7090eb26d67c2bb2742054bad74276ea1a8a9df4c678cdf66697adf88b6abcb0ad047fd0a1363a2298a4281b469976d3a1d8fcaf46ca8e14678f40fbcc942a9549b7b4c7ed272caeba2fdd65120004eb2ae0cf0d918e38", &(0x7f0000000100)="26216ffef5180211e6f8d89db5efb27664e164ac4c0d3b616dedb050f24ac0f8ba6deb59ebbabc7a45eaccde8445935798088ce4b198bd5531844ee80c68f7ad798479e03aa1d5d160cc023aa7d494409c3cf7d3f47cc75a69cc3b4310c2"}}) close(0x3) r1 = eventfd(0x0) read$eventfd(r1, &(0x7f0000000000), 0x8) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f0000001f80)={{0xa, 0x4e23, 0x21, @mcast1}, {0xa, 0x4e21, 0x7, @empty, 0x200003}, 0xffffffffffffffff, {[0x0, 0x0, 0x0, 0x7fff, 0x1, 0x4]}}, 0x5c) r7 = dup(r3) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r3, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) read$FUSE(r7, &(0x7f0000000bc0)={0x2020}, 0x2020) r8 = dup(r3) setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) shutdown(r3, 0x1) close_range(r2, 0xffffffffffffffff, 0x0) mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103) 4m35.082280944s ago: executing program 1 (id=7745): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000680)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRES32, @ANYBLOB=' '], 0x38}}, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x2, 0x80, 0x1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x2, 0x8b45, 0x0, 0x6, 0x6, 0x0, 0x200000], 0xeeee0000, 0x28340}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04000418"], 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20040068}, 0x0) 4m33.751976472s ago: executing program 1 (id=7749): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0x1d11, 0x5e) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000200)="de05b6d5d684a2eaf8625875221db8510bc33904c399e8c53ac987a6f38d", 0x1e}], 0x1) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) (fail_nth: 2) 4m33.628507936s ago: executing program 2 (id=7751): r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x1, 0x2) write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd) syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000300)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000001f00)) sendmmsg(r3, &(0x7f0000009140)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000005280)="b8", 0x1}], 0x1}}], 0x34000, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f00000000c0)={0xf020000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @value=0x2}}) 4m33.443236685s ago: executing program 1 (id=7752): openat$sndseq(0xffffffffffffff9c, 0x0, 0x100) mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x1be) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x8001, 0x0) chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x1802, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xa9) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x2000084, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) chdir(&(0x7f00000001c0)='./bus\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pivot_root(&(0x7f0000000100)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00') 4m33.19598505s ago: executing program 1 (id=7753): syz_open_dev$hiddev(&(0x7f0000000280), 0x6, 0xa0300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b0700fc670000e4a17c", 0xb}], 0x1}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4m32.332322553s ago: executing program 1 (id=7759): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000680)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRES32, @ANYBLOB=' '], 0x38}}, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x2, 0x80, 0x1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x2, 0x8b45, 0x0, 0x6, 0x6, 0x0, 0x200000], 0xeeee0000, 0x28340}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04000418"], 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20040068}, 0x0) 4m31.751837242s ago: executing program 33 (id=7759): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000680)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRES32, @ANYBLOB=' '], 0x38}}, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x2, 0x80, 0x1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x2, 0x8b45, 0x0, 0x6, 0x6, 0x0, 0x200000], 0xeeee0000, 0x28340}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04000418"], 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xf}, {0xffff, 0xffff}, {0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20040068}, 0x0) 4m30.447905375s ago: executing program 2 (id=7764): openat$sndseq(0xffffffffffffff9c, 0x0, 0x100) mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x1be) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x8001, 0x0) chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x1802, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0xa9) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) chdir(&(0x7f00000001c0)='./bus\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pivot_root(&(0x7f0000000100)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00') 4m30.158433084s ago: executing program 2 (id=7766): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = creat(&(0x7f0000000200)='./file0\x00', 0x100) close(r1) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r3 = dup(r2) sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000dc0), 0x6df8}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) close(0xffffffffffffffff) prlimit64(0x0, 0x7, &(0x7f00000000c0)={0x5, 0x8}, 0x0) syz_open_dev$loop(&(0x7f0000000440), 0x7, 0x0) socket$kcm(0x21, 0x2, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x50) 4m29.587655059s ago: executing program 2 (id=7768): openat$fb0(0xffffffffffffff9c, &(0x7f0000002a00), 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x3}, 0x94) r0 = socket$netlink(0x10, 0x3, 0x0) syz_clone3(0x0, 0x0) getrlimit(0x0, &(0x7f0000000200)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f0000001b40)={'bond0\x00', {0x2, 0x4e20, @empty}}) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) writev(r2, &(0x7f0000000080)=[{0x0}], 0x1) close(r2) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1461d, 0xef}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ES={0x5, 0xa, 0x9}]}}}]}, 0x3c}}, 0x4000) 4m29.172946209s ago: executing program 34 (id=7768): openat$fb0(0xffffffffffffff9c, &(0x7f0000002a00), 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x3}, 0x94) r0 = socket$netlink(0x10, 0x3, 0x0) syz_clone3(0x0, 0x0) getrlimit(0x0, &(0x7f0000000200)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f0000001b40)={'bond0\x00', {0x2, 0x4e20, @empty}}) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xcac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) writev(r2, &(0x7f0000000080)=[{0x0}], 0x1) close(r2) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1461d, 0xef}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ES={0x5, 0xa, 0x9}]}}}]}, 0x3c}}, 0x4000) 4m15.080499885s ago: executing program 7 (id=7769): syz_emit_ethernet(0x36, &(0x7f0000000080)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x7, 0x4, 0x4}]}}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0xfe}}}}}}}, 0x0) syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042406024424"], 0x0) socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x1a, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) syz_fuse_handle_req(r3, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65be667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, 0x0) io_setup(0x202, &(0x7f0000000200)) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000080)={0x18, 0x0, {0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x43}, 'team0\x00'}}, 0x1e) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df}) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) read(r5, &(0x7f0000000840)=""/40, 0x28) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r6, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x0, 0x55a}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r7, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, 0x0) getpid() syz_usb_connect(0x4, 0x41, &(0x7f0000000140)=ANY=[@ANYBLOB="12010002407fe3ffd8048200c0ef0102030109022f0001090600000004f48000c8748f02052406000105240001010d240f0107000000020012f00c06241a400020fcfaf77b78c0"], 0x0) 4m11.80011979s ago: executing program 7 (id=7832): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x850}, 0x0) 4m11.553933071s ago: executing program 7 (id=7835): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0xfffffd9d) r4 = socket(0x1e, 0x4, 0x0) connect$tipc(r4, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) sendfile(r4, r3, 0x0, 0x8010002b) 4m7.164115474s ago: executing program 7 (id=7863): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'syztnl0\x00', 0x0, 0x4, 0x6, 0x2, 0x4, 0x31, @mcast2, @mcast1, 0x7, 0x10, 0xe03, 0x1}}) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000280)={0x2, 0x1, 0x0, 0x2}) socket$can_bcm(0x1d, 0x2, 0x2) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) madvise(&(0x7f000037b000/0x2000)=nil, 0x2000, 0x12) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000100b060a5000000000000109022400010000500009040002010300000009210000000122f80409058103"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000340)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(r5, 0xff09, 0x0) fchownat(0xffffffffffffff9c, 0x0, 0x0, 0xffffffffffffffff, 0x100) 3m51.279862863s ago: executing program 35 (id=7863): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000a40)={'ip6tnl0\x00', &(0x7f00000009c0)={'syztnl0\x00', 0x0, 0x4, 0x6, 0x2, 0x4, 0x31, @mcast2, @mcast1, 0x7, 0x10, 0xe03, 0x1}}) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000280)={0x2, 0x1, 0x0, 0x2}) socket$can_bcm(0x1d, 0x2, 0x2) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) madvise(&(0x7f000037b000/0x2000)=nil, 0x2000, 0x12) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000100b060a5000000000000109022400010000500009040002010300000009210000000122f80409058103"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000340)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO(r5, 0xff09, 0x0) fchownat(0xffffffffffffff9c, 0x0, 0x0, 0xffffffffffffffff, 0x100) 19.50927872s ago: executing program 3 (id=8831): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000050000000200"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000540)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a3ff2", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x14}}}}}}}, 0x0) 19.316489939s ago: executing program 3 (id=8834): syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000700)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) unshare(0x64000600) 10.61588932s ago: executing program 3 (id=8868): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) msync(&(0x7f0000b25000/0x3000)=nil, 0x3000, 0x6) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)={0x3, 0x4, 0x4, 0xa, 0x0, r3, 0x20000, '\x00', 0x0, r2, 0x1, 0x3, 0x1}, 0x50) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=0xffffffffffffffff, 0x4) bpf$OBJ_GET_PROG(0x7, &(0x7f00000008c0)=@generic={0x0, 0x0, 0x10}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = syz_open_procfs(0x0, &(0x7f00000003c0)='gid_map\x00') pread64(r5, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) 10.588789431s ago: executing program 0 (id=8869): socket(0x10, 0x3, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) syz_usb_connect(0x5, 0x24, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0xf4, 0x8, 0x12, 0x40, 0x403, 0xa5ae, 0xd18d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x6, 0x0, 0xce, 0x16, 0x52, 0x5}}]}}]}}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000380)={'syz0\x00', {0xff, 0x6, 0x7fff, 0x8d5}, 0x24, [0x10000, 0xeba, 0x7, 0xe6a, 0x8, 0x1, 0x5, 0x7ff, 0x4, 0x7fffdfff, 0x2, 0xc, 0x8, 0x9, 0x9, 0xfffffff7, 0x7, 0x40000, 0xa, 0x23, 0x2, 0x0, 0x3ff, 0xfffffff4, 0x1, 0xda6, 0x3, 0xa7, 0x6, 0x2, 0x9, 0x76c9, 0x200, 0x3, 0x1, 0x1, 0x5, 0x9, 0x80000001, 0xb, 0x10, 0x80000000, 0x9, 0xb50, 0x0, 0x7, 0x3, 0x0, 0x7, 0xfffffffe, 0x5, 0x8, 0x24, 0x7fff, 0x8, 0xfffffffd, 0x200, 0x0, 0x0, 0x7f, 0x964e, 0x2d5, 0x6, 0x1], [0x66ac, 0xfffffff9, 0x4, 0x3, 0x6, 0x7, 0x13e, 0x9, 0x4, 0x2, 0x0, 0x7, 0x6, 0x8001, 0x9, 0x8, 0x2, 0x5, 0x40, 0x7ff, 0xafba, 0x2, 0x9, 0xc00, 0x89, 0x7ff, 0x0, 0x1, 0xfffffff7, 0x9, 0x9, 0x4d26, 0x10000, 0x8, 0x1, 0x7, 0xffffffff, 0x4, 0x4c, 0x7, 0x8, 0x5, 0xe66, 0x8, 0x2, 0x81, 0x4b, 0x20583c, 0x6, 0xb, 0x4, 0x9, 0x2, 0x8d1, 0x8fd, 0xfffffffa, 0xe0, 0x8e, 0x10001, 0x4, 0x401, 0xadd, 0x7f, 0x9], [0x8396, 0x7, 0xffff6a0b, 0x9, 0x8000, 0x1, 0x3, 0xe88, 0x3, 0x6, 0x0, 0x400, 0x1000, 0x9, 0x6e, 0x8000, 0x7, 0x3, 0x6, 0x5, 0x3, 0xc9, 0x2, 0x3, 0x10000, 0x2, 0x5, 0xc, 0x3ff, 0xb0f, 0x22, 0x3, 0x800, 0x8, 0x9, 0x3, 0x4, 0xf4, 0x4, 0xe, 0xfffffffc, 0x6, 0x2eb, 0x800, 0x1ff, 0x6, 0x87ff, 0x2, 0xbc0, 0xffffffff, 0x4, 0xffff, 0xd5d, 0xa0d787d, 0xffffff4e, 0x9, 0x4, 0x7, 0x3, 0x0, 0x1fc1, 0x9, 0x1, 0x3], [0x10000010, 0x5, 0x9, 0x2, 0xa5e, 0xfe, 0xff, 0x3, 0x80000000, 0x0, 0xe, 0x2, 0x4, 0x7, 0x7, 0x0, 0xfffffffd, 0xfffffff8, 0xdaa, 0x2004, 0x7, 0x103, 0xd, 0xcc, 0x6, 0x4000400, 0x1fffe0, 0xfffffffb, 0x40, 0x80000002, 0x4, 0xb, 0xfff, 0x40, 0x9, 0x0, 0x9, 0x1, 0x0, 0x7, 0x8ac1, 0x3, 0x5, 0x80000002, 0x80000002, 0xff, 0x6, 0x3, 0xfffff801, 0xffffffff, 0x7, 0xfffffff8, 0xd, 0x7, 0xd, 0x9, 0x6eaf, 0x0, 0x401, 0x5e02, 0x2, 0x3, 0x5, 0x400]}, 0x45c) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0}) dup3(r2, r1, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f00000005c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x25}, @ptr={0x70742a85, 0x0, &(0x7f0000000440)=""/220, 0xdc, 0xfffffffffffffffd, 0x29}, @fda={0x66646185, 0x5, 0x1, 0xc8}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 8.221376147s ago: executing program 0 (id=8875): ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x3, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0xc484, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x4, 0x400, 0x8002, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0xb61d, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x4, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x200000035, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0xfffffffffffffffe, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 7.805893079s ago: executing program 0 (id=8879): sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000d400128009000100766c61"], 0x110}}, 0x4000) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0x20bfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213}) r3 = socket$inet(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendmmsg$inet(r3, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x20004840) sendmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000500)}], 0x1}}], 0x1, 0x40801) pipe2(&(0x7f0000000080), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = dup(0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 7.452040162s ago: executing program 0 (id=8881): landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x9) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0x40086602, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) 7.393224332s ago: executing program 6 (id=8882): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_open_dev$usbfs(0x0, 0x204, 0x2) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r6 = getpid() r7 = syz_pidfd_open(r6, 0x0) r8 = pidfd_getfd(r7, r7, 0x0) setns(r8, 0x66020000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x4e, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x19}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) 6.891831509s ago: executing program 8 (id=8883): r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)=0x6) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff85000000040000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sched_setaffinity(0x0, 0x0, 0x0) truncate(&(0x7f0000000100)='./file1\x00', 0x10000) mmap(&(0x7f0000240000/0x4000)=nil, 0x4000, 0x4, 0x12, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000f40)={0x19980330}, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000380)={'gretap0\x00', 0x0, 0x8, 0x80, 0x7f, 0x1000, {{0x5, 0x4, 0x3, 0x4, 0x14, 0x65, 0x0, 0x8, 0x2d, 0x0, @local, @empty}}}}) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0}, &(0x7f0000cab000)=0xc) write$selinux_load(r0, &(0x7f00000000c0)=ANY=[@ANYRESDEC=r7, @ANYRESDEC=r6, @ANYRES8, @ANYRES32, @ANYRESHEX=r6], 0x44f0) 6.891546721s ago: executing program 0 (id=8884): ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600)) socket$netlink(0x10, 0x3, 0x0) socket(0x11, 0x800000003, 0x0) syz_open_dev$video(0x0, 0x7, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x11, 0x400009, 0x4, 0xa}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_netfilter(r2, 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f00000012c0), 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x118) r4 = open(&(0x7f0000000380)='./bus\x00', 0x0, 0x0) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_INODE(r3, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x4, 0x0, 0x9}}, 0x28) sendfile(r5, r4, 0x0, 0x4000000053d2) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) add_key$user(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0) r6 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r6, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4) sendto$inet6(r4, 0x0, 0x0, 0x20010090, &(0x7f0000000240)={0xa, 0x4e23, 0x8be6, @private0}, 0x1c) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x0, 0x0) utimensat(r7, 0x0, 0x0, 0x0) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0) 6.381105013s ago: executing program 5 (id=8885): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x8b}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x3c) socket$key(0xf, 0x3, 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x80) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x3e}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') read$FUSE(r4, &(0x7f0000001780)={0x2020}, 0x2020) 6.273430129s ago: executing program 6 (id=8886): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x1ffffffffffffdf4, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0xffffffff, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0) preadv2(r4, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1) 4.32166472s ago: executing program 8 (id=8887): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x2a, &(0x7f00000004c0)={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x65, 0x0, 0x0, 0x33, 0x0, @private, @broadcast}, {0x4e20, 0x0, 0x8}}}}}, 0x0) 4.2460546s ago: executing program 5 (id=8888): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0) ftruncate(r0, 0x8800000) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffbfffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000180), 0x6, r1}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r2}, 0x18) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) r4 = gettid() timer_create(0x0, &(0x7f0000001640)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff}) sendfile(r5, r0, 0x0, 0x578410eb) sendfile(r5, r0, 0x0, 0x100000000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) r7 = socket(0x1e, 0x2, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r7, 0x10f, 0x81, &(0x7f0000000480), 0x4) sendmsg$tipc(r7, &(0x7f0000000200)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x2, {0x1, 0x0, 0x2}}, 0x10, 0x0}, 0x4000001) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r6, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r8}, 0x10) setgid(0x0) prlimit64(0x0, 0xe, 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 4.228327917s ago: executing program 6 (id=8889): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 3.931953858s ago: executing program 8 (id=8890): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x6, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x200, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_genetlink_get_family_id$devlink(&(0x7f0000000380), 0xffffffffffffffff) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 3.789902035s ago: executing program 6 (id=8891): sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000d400128009000100766c61"], 0x110}}, 0x4000) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0x20bfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213}) r3 = socket$inet(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendmmsg$inet(r3, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x20004840) sendmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000500)}], 0x1}}], 0x1, 0x40801) pipe2(&(0x7f0000000080), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = dup(0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 3.666371321s ago: executing program 6 (id=8892): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="800000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008000740000000011c00108008000140000000000800024000000000"], 0x80}}, 0x0) 3.527830162s ago: executing program 3 (id=8893): r0 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r4 = fsmount(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={0xffffffffffffffff, r4, 0x1, 0x0, @void}, 0x10) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') read$FUSE(r5, &(0x7f0000000540)={0x2020}, 0x2020) 3.511312072s ago: executing program 8 (id=8894): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() timer_create(0x0, 0x0, &(0x7f0000000380)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) keyctl$set_reqkey_keyring(0xe, 0x4) request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000002480)={'syz', 0x3}, &(0x7f00000024c0)='\x00', 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="30000000010401628e5a0a000000000001006be60a000000"], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) write$cgroup_int(r4, &(0x7f0000000040)=0x1c9, 0x12) 3.31385416s ago: executing program 5 (id=8895): r0 = syz_open_dev$usbmon(&(0x7f0000001040), 0x1, 0x40900) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000010c0)={0x0, 0x0, 0x5}) 2.331903645s ago: executing program 3 (id=8896): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_open_dev$usbfs(0x0, 0x204, 0x2) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r6 = getpid() r7 = syz_pidfd_open(r6, 0x0) r8 = pidfd_getfd(r7, r7, 0x0) setns(r8, 0x66020000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x4e, 0xa, 0xa, 0x0, 0x0, 0x71, 0x10, 0x19}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) 2.002766266s ago: executing program 8 (id=8897): r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd2) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) close(r0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1) fcntl$setlease(r1, 0x400, 0x1) execve(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 1.960825707s ago: executing program 5 (id=8898): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x8b}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x3c) socket$key(0xf, 0x3, 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x80) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x3e}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') read$FUSE(r4, &(0x7f0000001780)={0x2020}, 0x2020) 1.157805934s ago: executing program 0 (id=8899): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) tgkill(r0, r0, 0x0) connect$netlink(0xffffffffffffffff, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[], 0x50) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) wait4(r3, 0x0, 0x1, 0x0) userfaultfd(0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c00000010004b0422000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000800150000000000050016"], 0x4c}, 0x1, 0x0, 0x0, 0x200400a0}, 0x0) 1.085218215s ago: executing program 6 (id=8900): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000fd"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x4010942a, &(0x7f0000000180)={0x1, 0x2}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x78, 0x24, 0x50b, 0x8, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x200, 0x5, 0x0, 0x0, 0xf407}, 0xfffffffb, 0x0, 0x0, 0x4, 0x7, 0x4, 0x40, 0x9, 0x0, 0x1ff, {0x0, 0x0, 0x0, 0x6}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0xd32}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000080)=0x25b6, 0x4) sendmmsg$inet(r4, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800) recvfrom(r4, &(0x7f0000000200)=""/131, 0xf92e58a67d38802c, 0x2101, 0x0, 0x0) syz_clone3(&(0x7f0000000380)={0x4862000, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0xffffffffffffffff], 0x1}, 0x58) 101.347307ms ago: executing program 3 (id=8901): getpid() bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$tipc(0x1e, 0x5, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x38, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) 100.543271ms ago: executing program 5 (id=8902): sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000d400128009000100766c61"], 0x110}}, 0x4000) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0x20bfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213}) r4 = socket$inet(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendmmsg$inet(r4, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x20004840) sendmmsg(r4, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000500)}], 0x1}}], 0x1, 0x40801) pipe2(&(0x7f0000000080), 0x0) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 59.041723ms ago: executing program 8 (id=8903): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x68000) fcntl$setstatus(r0, 0x4, 0x2000) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x427c2, 0x19e) write$binfmt_script(r1, &(0x7f0000000040), 0x4) sched_setscheduler(0x0, 0x1, 0x0) getpid() sched_setaffinity(0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r2, 0x40304580, &(0x7f0000000b40)={0x56, 0x0, 0x8, {0x80c, 0x1}, {0x45, 0x400}, @rumble={0xdc, 0x8}}) write$char_usb(r2, &(0x7f0000000040)="e2", 0x2250) 0s ago: executing program 5 (id=8904): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) kernel console output (not intermixed with test programs): gh-speed USB device number 65 using dummy_hcd [ 1684.701904][T30645] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1684.813113][T30645] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1684.837829][T30645] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1684.867147][T30645] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1684.878309][T30645] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1684.910900][T30645] usb 1-1: config 0 descriptor?? [ 1685.211889][T31242] netlink: 'syz.2.7713': attribute type 4 has an invalid length. [ 1685.219662][T31242] netlink: 17 bytes leftover after parsing attributes in process `syz.2.7713'. [ 1685.394442][T30645] plantronics 0003:047F:FFFF.0035: invalid report_count 21392 [ 1685.454400][T30645] plantronics 0003:047F:FFFF.0035: item 0 2 1 9 parsing failed [ 1685.520483][T30645] plantronics 0003:047F:FFFF.0035: parse failed [ 1685.575262][T30645] plantronics 0003:047F:FFFF.0035: probe with driver plantronics failed with error -22 [ 1685.631107][ T50] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 1685.641315][ T50] Bluetooth: hci5: Injecting HCI hardware error event [ 1685.657585][T17592] Bluetooth: hci5: hardware error 0x00 [ 1686.056145][T29340] usb 1-1: USB disconnect, device number 65 [ 1686.537644][T31266] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 1687.723028][T17592] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1687.900472][T31286] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7724'. [ 1690.459361][T31313] syz_tun: entered promiscuous mode [ 1690.469119][T31313] batadv_slave_0: entered promiscuous mode [ 1690.477888][T31313] debugfs: 'hsr1' already exists in 'hsr' [ 1690.483686][T31313] Cannot create hsr debugfs directory [ 1690.490242][T31313] hsr1: entered allmulticast mode [ 1690.501723][T31313] syz_tun: entered allmulticast mode [ 1690.507130][T31313] batadv_slave_0: entered allmulticast mode [ 1691.183049][T31321] FAULT_INJECTION: forcing a failure. [ 1691.183049][T31321] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1691.206513][T31321] CPU: 0 UID: 0 PID: 31321 Comm: syz.5.7734 Not tainted syzkaller #0 PREEMPT(full) [ 1691.206541][T31321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1691.206552][T31321] Call Trace: [ 1691.206558][T31321] [ 1691.206566][T31321] dump_stack_lvl+0x16c/0x1f0 [ 1691.206591][T31321] should_fail_ex+0x512/0x640 [ 1691.206617][T31321] strncpy_from_user+0x3b/0x2e0 [ 1691.206639][T31321] getname_flags.part.0+0x8f/0x550 [ 1691.206669][T31321] getname_flags+0x93/0xf0 [ 1691.206688][T31321] vfs_fstatat+0xe1/0xf0 [ 1691.206713][T31321] __do_sys_newfstatat+0x97/0x120 [ 1691.206738][T31321] ? __pfx___do_sys_newfstatat+0x10/0x10 [ 1691.206761][T31321] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1691.206800][T31321] ? __pfx_ksys_write+0x10/0x10 [ 1691.206827][T31321] do_syscall_64+0xcd/0x4c0 [ 1691.206852][T31321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1691.206870][T31321] RIP: 0033:0x7fe93fb8ebe9 [ 1691.206886][T31321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1691.206903][T31321] RSP: 002b:00007fe940994038 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 1691.206921][T31321] RAX: ffffffffffffffda RBX: 00007fe93fdc5fa0 RCX: 00007fe93fb8ebe9 [ 1691.206932][T31321] RDX: 0000200000000d40 RSI: 0000200000000d00 RDI: ffffffffffffff9c [ 1691.206943][T31321] RBP: 00007fe940994090 R08: 0000000000000000 R09: 0000000000000000 [ 1691.206954][T31321] R10: 0000000000006000 R11: 0000000000000246 R12: 0000000000000001 [ 1691.206964][T31321] R13: 00007fe93fdc6038 R14: 00007fe93fdc5fa0 R15: 00007ffc7598aeb8 [ 1691.206990][T31321] [ 1691.613577][T29340] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 1691.862611][T29340] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1691.874833][T29340] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1691.915029][T29340] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1691.929488][T29340] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1691.940007][T29340] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1691.956913][T29340] usb 2-1: config 0 descriptor?? [ 1692.667855][T29340] plantronics 0003:047F:FFFF.0036: invalid report_count 21392 [ 1692.676383][T29340] plantronics 0003:047F:FFFF.0036: item 0 2 1 9 parsing failed [ 1692.684946][T29340] plantronics 0003:047F:FFFF.0036: parse failed [ 1692.692330][T29340] plantronics 0003:047F:FFFF.0036: probe with driver plantronics failed with error -22 [ 1693.681509][T24048] usb 2-1: USB disconnect, device number 68 [ 1696.268201][T31381] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7750'. [ 1697.190878][T24295] syz_tun (unregistering): left promiscuous mode [ 1698.202329][T31407] tmpfs: Unknown parameter 'measure' [ 1698.815631][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1698.835035][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1698.844700][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1698.854341][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1698.862400][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1698.895699][T31409] lo speed is unknown, defaulting to 1000 [ 1698.922635][T31409] lo speed is unknown, defaulting to 1000 [ 1699.894950][T26536] syz_tun (unregistering): left promiscuous mode [ 1700.209086][T31409] chnl_net:caif_netlink_parms(): no params data found [ 1700.630009][T31409] bridge0: port 1(bridge_slave_0) entered blocking state [ 1700.651938][T31409] bridge0: port 1(bridge_slave_0) entered disabled state [ 1700.702508][T31409] bridge_slave_0: entered allmulticast mode [ 1700.710371][T31409] bridge_slave_0: entered promiscuous mode [ 1700.718960][T31409] bridge0: port 2(bridge_slave_1) entered blocking state [ 1700.726317][T31409] bridge0: port 2(bridge_slave_1) entered disabled state [ 1700.734100][T31409] bridge_slave_1: entered allmulticast mode [ 1700.741301][T31409] bridge_slave_1: entered promiscuous mode [ 1700.914047][T17592] Bluetooth: hci0: command tx timeout [ 1701.212515][T31409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1701.224544][T31409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1701.292479][T31409] team0: Port device team_slave_0 added [ 1701.322750][T31409] team0: Port device team_slave_1 added [ 1701.381764][T31409] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1701.388719][T31409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1701.414621][ C1] vkms_vblank_simulate: vblank timer overrun [ 1701.520190][T31409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1701.542421][T31409] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1701.557121][T31409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1701.583026][ C1] vkms_vblank_simulate: vblank timer overrun [ 1701.672783][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1701.682240][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1701.694345][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1701.735682][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1701.864193][T31409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1701.886410][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1702.026510][T31409] hsr_slave_0: entered promiscuous mode [ 1702.032976][T31409] hsr_slave_1: entered promiscuous mode [ 1702.044327][T31409] debugfs: 'hsr0' already exists in 'hsr' [ 1702.090402][T31409] Cannot create hsr debugfs directory [ 1702.494592][T31445] lo speed is unknown, defaulting to 1000 [ 1702.529955][T31445] lo speed is unknown, defaulting to 1000 [ 1702.892750][T31459] syzkaller0: entered promiscuous mode [ 1702.898430][T31459] syzkaller0: entered allmulticast mode [ 1702.988297][ T50] Bluetooth: hci0: command tx timeout [ 1703.943804][ T50] Bluetooth: hci2: command tx timeout [ 1704.484118][T31464] FAULT_INJECTION: forcing a failure. [ 1704.484118][T31464] name failslab, interval 1, probability 0, space 0, times 0 [ 1704.497079][T31464] CPU: 1 UID: 0 PID: 31464 Comm: syz.5.7775 Not tainted syzkaller #0 PREEMPT(full) [ 1704.497102][T31464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1704.497112][T31464] Call Trace: [ 1704.497117][T31464] [ 1704.497124][T31464] dump_stack_lvl+0x16c/0x1f0 [ 1704.497149][T31464] should_fail_ex+0x512/0x640 [ 1704.497169][T31464] ? fs_reclaim_acquire+0xae/0x150 [ 1704.497190][T31464] ? tomoyo_encode2+0x100/0x3e0 [ 1704.497210][T31464] should_failslab+0xc2/0x120 [ 1704.497228][T31464] __kmalloc_noprof+0xd2/0x510 [ 1704.497243][T31464] ? d_absolute_path+0x136/0x1a0 [ 1704.497269][T31464] tomoyo_encode2+0x100/0x3e0 [ 1704.497295][T31464] tomoyo_encode+0x29/0x50 [ 1704.497318][T31464] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1704.497349][T31464] tomoyo_path_number_perm+0x245/0x580 [ 1704.497376][T31464] ? tomoyo_path_number_perm+0x237/0x580 [ 1704.497400][T31464] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1704.497422][T31464] ? find_held_lock+0x2b/0x80 [ 1704.497464][T31464] ? find_held_lock+0x2b/0x80 [ 1704.497483][T31464] ? hook_file_ioctl_common+0x145/0x410 [ 1704.497506][T31464] ? __fget_files+0x20e/0x3c0 [ 1704.497529][T31464] security_file_ioctl+0x9b/0x240 [ 1704.497553][T31464] __x64_sys_ioctl+0xb7/0x210 [ 1704.497580][T31464] do_syscall_64+0xcd/0x4c0 [ 1704.497603][T31464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1704.497620][T31464] RIP: 0033:0x7fe93fb8ebe9 [ 1704.497633][T31464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1704.497649][T31464] RSP: 002b:00007fe940994038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1704.497664][T31464] RAX: ffffffffffffffda RBX: 00007fe93fdc5fa0 RCX: 00007fe93fb8ebe9 [ 1704.497675][T31464] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 1704.497684][T31464] RBP: 00007fe940994090 R08: 0000000000000000 R09: 0000000000000000 [ 1704.497694][T31464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1704.497703][T31464] R13: 00007fe93fdc6038 R14: 00007fe93fdc5fa0 R15: 00007ffc7598aeb8 [ 1704.497727][T31464] [ 1704.497746][T31464] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1705.070865][ T50] Bluetooth: hci0: command tx timeout [ 1705.315605][ T5913] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1706.022472][ T50] Bluetooth: hci2: command tx timeout [ 1706.196700][ T5913] usb 6-1: Using ep0 maxpacket: 32 [ 1706.216057][ T5913] usb 6-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 1706.226086][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1706.235211][ T5913] usb 6-1: Product: syz [ 1706.239375][ T5913] usb 6-1: Manufacturer: syz [ 1706.245210][ T5913] usb 6-1: SerialNumber: syz [ 1706.253868][ T5913] usb 6-1: config 0 descriptor?? [ 1706.263723][ T5913] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 1706.389619][T31409] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1706.416643][T31409] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1706.444748][T31409] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1706.498756][T31409] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1707.140526][ T50] Bluetooth: hci0: command tx timeout [ 1707.174833][ T5913] gspca_stk1135: reg_w 0x3 err -110 [ 1707.189549][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 1707.209118][ T5913] gspca_stk1135: Sensor write failed [ 1707.237402][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 1707.245326][ T5913] gspca_stk1135: Sensor write failed [ 1707.252864][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 1707.261943][ T5913] gspca_stk1135: Sensor read failed [ 1707.268599][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 1707.302597][ T5913] gspca_stk1135: Sensor read failed [ 1707.317113][ T5913] gspca_stk1135: Detected sensor type unknown (0x0) [ 1707.342042][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 1707.348404][ T5913] gspca_stk1135: Sensor read failed [ 1707.368886][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 1707.387305][ T5913] gspca_stk1135: Sensor read failed [ 1707.399680][T31409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1707.408248][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 1707.448788][ T5913] gspca_stk1135: Sensor write failed [ 1707.831876][ T5913] gspca_stk1135: serial bus timeout: status=0x00 [ 1707.838228][ T5913] gspca_stk1135: Sensor write failed [ 1707.845581][ T5913] stk1135 6-1:0.0: probe with driver stk1135 failed with error -110 [ 1707.868796][T31445] chnl_net:caif_netlink_parms(): no params data found [ 1707.868869][ T5913] usb 6-1: USB disconnect, device number 3 [ 1707.916207][T31409] 8021q: adding VLAN 0 to HW filter on device team0 [ 1707.948663][T28266] bridge0: port 1(bridge_slave_0) entered blocking state [ 1707.955922][T28266] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1708.012599][T28259] bridge0: port 2(bridge_slave_1) entered blocking state [ 1708.019723][T28259] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1708.068185][T31503] program syz.0.7779 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1708.137718][ T50] Bluetooth: hci2: command tx timeout [ 1708.406516][T31445] bridge0: port 1(bridge_slave_0) entered blocking state [ 1708.421248][ T5913] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 1708.438044][T31445] bridge0: port 1(bridge_slave_0) entered disabled state [ 1708.462490][T31445] bridge_slave_0: entered allmulticast mode [ 1708.472664][T31445] bridge_slave_0: entered promiscuous mode [ 1708.508452][T31445] bridge0: port 2(bridge_slave_1) entered blocking state [ 1708.517922][T31445] bridge0: port 2(bridge_slave_1) entered disabled state [ 1708.577773][T31445] bridge_slave_1: entered allmulticast mode [ 1708.607400][T31445] bridge_slave_1: entered promiscuous mode [ 1708.636029][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1708.677971][ T5913] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1708.691801][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1708.752202][ T5913] usb 1-1: Product: syz [ 1708.787931][ T5913] usb 1-1: Manufacturer: syz [ 1708.831237][T31445] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1708.874246][T31445] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1708.881748][ T5913] usb 1-1: SerialNumber: syz [ 1708.894875][ T5913] usb 1-1: config 0 descriptor?? [ 1708.936333][T31445] team0: Port device team_slave_0 added [ 1708.953420][T31445] team0: Port device team_slave_1 added [ 1709.026490][T31445] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1709.039349][T31445] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1709.073058][T31521] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1709.104429][T31445] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1709.139806][ T30] audit: type=1400 audit(1757289781.967:1233): avc: denied { unmount } for pid=30512 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 1709.162309][T31445] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1709.169236][T31445] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1709.262447][T31445] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1709.359208][T31445] hsr_slave_0: entered promiscuous mode [ 1709.376879][T31445] hsr_slave_1: entered promiscuous mode [ 1709.397606][T31445] debugfs: 'hsr0' already exists in 'hsr' [ 1709.406380][T31445] Cannot create hsr debugfs directory [ 1709.426540][T31409] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1710.180368][ T50] Bluetooth: hci2: command tx timeout [ 1710.209230][T31409] veth0_vlan: entered promiscuous mode [ 1710.533045][T31409] veth1_vlan: entered promiscuous mode [ 1710.542710][T31445] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1710.565599][T31445] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1710.765109][T31445] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1710.861474][T31445] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1710.936009][T31409] veth0_macvtap: entered promiscuous mode [ 1710.966869][T31409] veth1_macvtap: entered promiscuous mode [ 1711.409959][T24048] usb 1-1: USB disconnect, device number 66 [ 1711.434942][T31409] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1711.475565][T31409] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1711.518496][T28269] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1711.543790][T28259] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1711.559714][T28259] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1711.582155][T28266] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1711.606315][T31445] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1711.616226][T31556] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1711.663378][T31445] 8021q: adding VLAN 0 to HW filter on device team0 [ 1711.734209][T28259] bridge0: port 1(bridge_slave_0) entered blocking state [ 1711.741327][T28259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1711.799388][ T5999] bridge0: port 2(bridge_slave_1) entered blocking state [ 1711.806473][ T5999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1711.843209][ T5999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1711.861888][ T5999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1711.901688][T28259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1711.910623][T28259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1712.067117][T31571] netlink: 16 bytes leftover after parsing attributes in process `syz.6.7802'. [ 1712.124418][T31445] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1712.487392][T31445] veth0_vlan: entered promiscuous mode [ 1712.522206][T31445] veth1_vlan: entered promiscuous mode [ 1712.784443][T31445] veth0_macvtap: entered promiscuous mode [ 1712.805913][T31595] netlink: 84 bytes leftover after parsing attributes in process `syz.0.7806'. [ 1712.828081][T31445] veth1_macvtap: entered promiscuous mode [ 1713.013665][T31445] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1713.097469][T31445] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1713.184156][T28259] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1713.236937][T28259] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1713.312329][T28259] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1713.339398][T28259] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1713.665871][T28259] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1713.680288][T28259] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1713.847168][ T5999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1713.882449][ T5999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1715.851565][ T30] audit: type=1400 audit(1757289788.677:1234): avc: denied { lock } for pid=31623 comm="syz.5.7816" path="/dev/video1" dev="devtmpfs" ino=931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 1716.511813][ T5965] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1716.544239][T31663] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1716.682728][ T5965] usb 6-1: Using ep0 maxpacket: 16 [ 1716.691030][ T5965] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1716.709667][ T5965] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1716.723279][ T5965] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1716.730002][ T5965] usb 6-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 1716.743787][ T5965] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1716.758595][ T5965] usb 6-1: config 0 descriptor?? [ 1720.156891][ T5965] usbhid 6-1:0.0: can't add hid device: -71 [ 1720.178883][ T5965] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1720.324132][T31720] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1720.349412][ T5965] usb 6-1: USB disconnect, device number 4 [ 1721.117322][ T30] audit: type=1326 audit(1757289793.947:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31728 comm="syz.0.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1721.219048][ T30] audit: type=1326 audit(1757289793.977:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31728 comm="syz.0.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1721.252971][ T30] audit: type=1326 audit(1757289793.987:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31728 comm="syz.0.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1721.280880][ T30] audit: type=1326 audit(1757289793.987:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31728 comm="syz.0.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1721.345607][ T30] audit: type=1326 audit(1757289794.047:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31728 comm="syz.0.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1721.581699][ T30] audit: type=1326 audit(1757289794.047:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31728 comm="syz.0.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1721.605589][ T30] audit: type=1326 audit(1757289794.047:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31728 comm="syz.0.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1721.734624][ T30] audit: type=1326 audit(1757289794.077:1242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31728 comm="syz.0.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1721.830282][ T30] audit: type=1326 audit(1757289794.077:1243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31728 comm="syz.0.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1722.229754][ T30] audit: type=1326 audit(1757289794.077:1244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31728 comm="syz.0.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1722.916864][T23710] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 1723.359203][T23710] usb 4-1: config 0 has an invalid interface number: 160 but max is 0 [ 1723.392832][T23710] usb 4-1: config 0 has no interface number 0 [ 1723.451025][T23710] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=9e.4e [ 1723.461875][T23710] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1723.469857][T23710] usb 4-1: Product: syz [ 1723.475208][T23710] usb 4-1: Manufacturer: syz [ 1723.479798][T23710] usb 4-1: SerialNumber: syz [ 1723.498780][T23710] usb 4-1: config 0 descriptor?? [ 1723.504973][T24048] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 1723.543364][T23710] usb 4-1: Found UVC 0.00 device syz (05ac:8501) [ 1723.560037][T23710] usb 4-1: No valid video chain found. [ 1723.680332][T24048] usb 8-1: Using ep0 maxpacket: 16 [ 1723.696320][T24048] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1723.734697][T24048] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1723.754684][T23710] usb 4-1: USB disconnect, device number 68 [ 1723.787534][T31765] tipc: Started in network mode [ 1723.794338][T24048] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1723.794346][T31765] tipc: Node identity , cluster identity 4711 [ 1723.794376][T24048] usb 8-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 1723.807461][T31765] tipc: Failed to obtain node identity [ 1723.829411][T31765] tipc: Enabling of bearer rejected, failed to enable media [ 1723.973100][T24048] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1723.984128][T24048] usb 8-1: config 0 descriptor?? [ 1724.384617][T31778] netlink: 76 bytes leftover after parsing attributes in process `syz.3.7869'. [ 1724.409038][T31778] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7869'. [ 1724.459285][T31778] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7869'. [ 1724.560951][T31778] team0: No ports can be present during mode change [ 1735.840489][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1735.880294][T24048] usbhid 8-1:0.0: can't add hid device: -32 [ 1737.013560][T24048] usbhid 8-1:0.0: probe with driver usbhid failed with error -32 [ 1739.191399][T31813] netlink: 'syz.3.7880': attribute type 10 has an invalid length. [ 1739.262527][T17592] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1739.276913][T17592] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1739.290709][T31813] netlink: 'syz.3.7880': attribute type 10 has an invalid length. [ 1739.292222][T17592] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1739.316726][T17592] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1739.326650][T17592] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1739.418758][T31814] lo speed is unknown, defaulting to 1000 [ 1739.608732][T31823] program syz.5.7881 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1739.691416][T31814] lo speed is unknown, defaulting to 1000 [ 1740.142288][T24048] usb 8-1: USB disconnect, device number 2 [ 1740.277176][T28259] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1740.492874][T31814] chnl_net:caif_netlink_parms(): no params data found [ 1740.705463][T28259] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1741.382835][T17592] Bluetooth: hci4: command tx timeout [ 1741.507029][T28259] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1741.673961][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 1741.673977][ T30] audit: type=1400 audit(1757289814.507:1250): avc: denied { map } for pid=31841 comm="syz.6.7886" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 1741.716674][T28259] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1741.768861][T31814] bridge0: port 1(bridge_slave_0) entered blocking state [ 1741.803580][T31814] bridge0: port 1(bridge_slave_0) entered disabled state [ 1741.820449][T31814] bridge_slave_0: entered allmulticast mode [ 1741.883050][T31814] bridge_slave_0: entered promiscuous mode [ 1741.908279][T31814] bridge0: port 2(bridge_slave_1) entered blocking state [ 1741.921899][T31814] bridge0: port 2(bridge_slave_1) entered disabled state [ 1741.929205][T31814] bridge_slave_1: entered allmulticast mode [ 1741.942800][T31814] bridge_slave_1: entered promiscuous mode [ 1742.082200][T31814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1742.407976][T31814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1742.851957][ T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1742.990916][T31814] team0: Port device team_slave_0 added [ 1743.023214][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1743.035769][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1743.077659][T31814] team0: Port device team_slave_1 added [ 1743.112265][ T10] usb 6-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 1743.201960][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1743.226240][T31814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1743.237116][T31814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1743.400125][T31814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1743.445948][ T10] usb 6-1: config 0 descriptor?? [ 1743.462047][T17592] Bluetooth: hci4: command tx timeout [ 1743.678487][T31814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1743.747012][T31814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1743.871248][ T30] audit: type=1326 audit(1757289816.687:1251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31871 comm="syz.6.7896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1743.894681][ C0] vkms_vblank_simulate: vblank timer overrun [ 1744.010857][T31814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1744.128201][ T30] audit: type=1326 audit(1757289816.687:1252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31871 comm="syz.6.7896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1744.185992][ T30] audit: type=1326 audit(1757289816.847:1253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31871 comm="syz.6.7896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1744.209479][ C0] vkms_vblank_simulate: vblank timer overrun [ 1744.268623][ T30] audit: type=1326 audit(1757289816.847:1254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31871 comm="syz.6.7896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1744.298444][ T30] audit: type=1326 audit(1757289816.847:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31871 comm="syz.6.7896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1744.380920][T28259] bridge_slave_1: left allmulticast mode [ 1744.425109][T28259] bridge_slave_1: left promiscuous mode [ 1744.444423][T28259] bridge0: port 2(bridge_slave_1) entered disabled state [ 1744.466623][T28259] bridge_slave_0: left allmulticast mode [ 1744.473799][T28259] bridge_slave_0: left promiscuous mode [ 1744.525888][T28259] bridge0: port 1(bridge_slave_0) entered disabled state [ 1745.231388][T29340] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 1745.339927][T28259] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1745.354024][T28259] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1745.365598][T28259] bond0 (unregistering): Released all slaves [ 1745.387599][T29340] usb 4-1: Using ep0 maxpacket: 8 [ 1745.395326][T29340] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1745.406044][T29340] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1745.409427][T31814] hsr_slave_0: entered promiscuous mode [ 1745.416869][T29340] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1745.438314][T29340] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1745.453119][T29340] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1745.455936][T31814] hsr_slave_1: entered promiscuous mode [ 1745.464661][T29340] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1745.474446][T31814] debugfs: 'hsr0' already exists in 'hsr' [ 1745.495942][T31814] Cannot create hsr debugfs directory [ 1745.541749][ T50] Bluetooth: hci4: command tx timeout [ 1745.692116][T29340] usb 4-1: usb_control_msg returned -32 [ 1745.702454][T29340] usbtmc 4-1:16.0: can't read capabilities [ 1745.727785][T29340] usb 4-1: USB disconnect, device number 69 [ 1746.334655][ T10] usbhid 6-1:0.0: can't add hid device: -71 [ 1746.348049][ T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1746.458568][ T10] usb 6-1: USB disconnect, device number 5 [ 1747.217768][T31917] overlayfs: failed to resolve './file1': -2 [ 1747.317382][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 1747.340454][T31814] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1747.409878][T31814] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1747.466407][T28259] hsr_slave_0: left promiscuous mode [ 1747.487360][T28259] hsr_slave_1: left promiscuous mode [ 1747.495241][T28259] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1747.504391][T28259] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1747.514075][T28259] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1747.523206][T28259] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1747.557512][T28259] veth1_macvtap: left promiscuous mode [ 1747.564316][T28259] veth0_macvtap: left promiscuous mode [ 1747.569958][T28259] veth1_vlan: left promiscuous mode [ 1747.577028][T28259] veth0_vlan: left promiscuous mode [ 1747.624634][T17592] Bluetooth: hci4: command tx timeout [ 1747.987134][T31935] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7916'. [ 1748.478713][T31937] netlink: 'syz.6.7915': attribute type 2 has an invalid length. [ 1748.985321][T28259] team0 (unregistering): Port device team_slave_1 removed [ 1749.057773][T28259] team0 (unregistering): Port device team_slave_0 removed [ 1749.423477][T31814] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1749.435322][T31814] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1749.465123][T31937] : entered promiscuous mode [ 1749.745380][ T30] audit: type=1326 audit(1757289822.577:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31952 comm="syz.0.7919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1749.772894][ T30] audit: type=1326 audit(1757289822.577:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31952 comm="syz.0.7919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1749.802602][ T30] audit: type=1326 audit(1757289822.637:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31952 comm="syz.0.7919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1749.943819][ T30] audit: type=1326 audit(1757289822.637:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31952 comm="syz.0.7919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1749.964550][T31959] overlayfs: failed to resolve './file1': -2 [ 1750.003574][T31814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1750.042582][ T30] audit: type=1326 audit(1757289822.637:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31952 comm="syz.0.7919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=155 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1750.078644][T31814] 8021q: adding VLAN 0 to HW filter on device team0 [ 1750.116125][T28255] bridge0: port 1(bridge_slave_0) entered blocking state [ 1750.123337][T28255] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1750.142567][ T30] audit: type=1326 audit(1757289822.637:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31952 comm="syz.0.7919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1750.214958][T28255] bridge0: port 2(bridge_slave_1) entered blocking state [ 1750.222078][T28255] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1750.238412][ T30] audit: type=1326 audit(1757289822.637:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31952 comm="syz.0.7919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1750.288756][T31971] netlink: 14 bytes leftover after parsing attributes in process `syz.3.7929'. [ 1750.307166][ T30] audit: type=1326 audit(1757289822.667:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31952 comm="syz.0.7919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1750.332399][ T30] audit: type=1326 audit(1757289822.667:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31952 comm="syz.0.7919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1750.677260][ T30] audit: type=1400 audit(1757289823.447:1265): avc: denied { map } for pid=31973 comm="syz.0.7930" path="/dev/full" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:null_device_t tclass=chr_file permissive=1 [ 1751.417274][T24331] usb 7-1: new full-speed USB device number 2 using dummy_hcd [ 1751.454299][T31971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1751.474986][T31971] bond0 (unregistering): Released all slaves [ 1751.634215][T24331] usb 7-1: too many configurations: 221, using maximum allowed: 8 [ 1751.693624][T24331] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1751.747847][T24331] usb 7-1: config 0 has no interface number 0 [ 1751.787436][T24331] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1751.827211][T24331] usb 7-1: config 0 has no interface number 0 [ 1751.858073][T24331] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1751.876288][T24331] usb 7-1: config 0 has no interface number 0 [ 1751.907449][T24331] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1751.930126][T24331] usb 7-1: config 0 has no interface number 0 [ 1751.962717][T24331] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1751.986685][T24331] usb 7-1: config 0 has no interface number 0 [ 1752.007959][T24331] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1752.040179][T24331] usb 7-1: config 0 has no interface number 0 [ 1752.064570][T24331] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1752.094508][T24331] usb 7-1: config 0 has no interface number 0 [ 1752.139733][T24331] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1752.220367][T24331] usb 7-1: config 0 has no interface number 0 [ 1752.238135][T24331] usb 7-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1752.250618][T24331] usb 7-1: New USB device strings: Mfr=23, Product=20, SerialNumber=31 [ 1752.259736][T24331] usb 7-1: Product: syz [ 1752.264808][T24331] usb 7-1: Manufacturer: syz [ 1752.268848][T31814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1752.269798][T24331] usb 7-1: SerialNumber: syz [ 1752.272056][T24331] usb 7-1: config 0 descriptor?? [ 1752.336203][T24331] usb 7-1: selecting invalid altsetting 1 [ 1752.431325][T24331] dvb_ttusb_budget: ttusb_init_controller: error [ 1752.515486][T24331] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1752.739787][T24331] DVB: Unable to find symbol cx22700_attach() [ 1752.857591][T24331] DVB: Unable to find symbol tda10046_attach() [ 1752.872241][T24331] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1752.916317][T24331] usb 7-1: USB disconnect, device number 2 [ 1752.975141][T31814] veth0_vlan: entered promiscuous mode [ 1753.015125][T31814] veth1_vlan: entered promiscuous mode [ 1753.128641][T31814] veth0_macvtap: entered promiscuous mode [ 1753.158798][T31814] veth1_macvtap: entered promiscuous mode [ 1753.218476][T31814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1753.392570][T31814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1753.432439][T32037] netlink: 36 bytes leftover after parsing attributes in process `syz.6.7942'. [ 1753.965261][T28255] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1754.187473][T28255] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1754.205471][T28255] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1754.327396][T28255] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1754.517143][T28255] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1754.577120][T28255] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1754.657593][T28255] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1754.673104][T28255] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1754.702128][ T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1755.182175][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 1755.192666][ T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1755.202940][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1755.213101][ T10] usb 6-1: Product: syz [ 1755.217460][ T10] usb 6-1: Manufacturer: syz [ 1755.229198][ T10] usb 6-1: SerialNumber: syz [ 1755.420400][T32065] netlink: 1284 bytes leftover after parsing attributes in process `syz.8.7951'. [ 1755.579996][ T10] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1755.766668][ T10] usb 6-1: USB disconnect, device number 6 [ 1755.775908][ T10] usblp0: removed [ 1757.476437][T32086] netlink: 12 bytes leftover after parsing attributes in process `syz.8.7958'. [ 1757.613588][T32092] vlan3: entered allmulticast mode [ 1757.618721][T32092] veth1: entered allmulticast mode [ 1757.825180][T32104] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7962'. [ 1757.836918][T32104] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7962'. [ 1760.091952][ T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1760.119276][T32132] overlayfs: failed to resolve './file0': -2 [ 1760.308420][ T10] usb 6-1: config 0 has no interfaces? [ 1760.349056][ T10] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1760.373522][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1760.753640][ T10] usb 6-1: Product: syz [ 1760.808921][ T10] usb 6-1: Manufacturer: syz [ 1760.831762][ T10] usb 6-1: SerialNumber: syz [ 1760.865951][ T10] usb 6-1: config 0 descriptor?? [ 1761.123189][T32124] fuse: Unknown parameter 'use00000000000000000000' [ 1762.255541][T32167] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 1763.029684][T32184] lo speed is unknown, defaulting to 1000 [ 1763.036727][T32184] lo speed is unknown, defaulting to 1000 [ 1763.054212][T32188] netlink: 'syz.8.7993': attribute type 10 has an invalid length. [ 1763.166920][T32188] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1763.176624][ T5913] usb 6-1: USB disconnect, device number 7 [ 1764.057206][T32205] netlink: 16 bytes leftover after parsing attributes in process `syz.8.7997'. [ 1764.192305][T32205] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1766.555879][T32228] tipc: Started in network mode [ 1766.563530][T32228] tipc: Node identity be923dfa7e6d, cluster identity 4711 [ 1766.573680][T32228] tipc: Enabled bearer , priority 0 [ 1766.671292][T32225] syzkaller0: entered promiscuous mode [ 1766.676756][T32225] syzkaller0: entered allmulticast mode [ 1766.789975][T32231] netlink: 'syz.0.8005': attribute type 10 has an invalid length. [ 1766.857685][T32231] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1766.986697][T32225] tipc: Resetting bearer [ 1767.007048][T32224] tipc: Resetting bearer [ 1767.128245][T32224] tipc: Disabling bearer [ 1767.135882][T32244] netlink: 1284 bytes leftover after parsing attributes in process `syz.8.8007'. [ 1767.385208][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1767.385225][ T30] audit: type=1326 audit(1757289840.217:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32249 comm="syz.6.8012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1767.511983][ T30] audit: type=1326 audit(1757289840.257:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32249 comm="syz.6.8012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1767.990655][ T30] audit: type=1326 audit(1757289840.337:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32249 comm="syz.6.8012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1768.020007][ T30] audit: type=1326 audit(1757289840.337:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32249 comm="syz.6.8012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1768.331829][ T10] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 1768.357366][T32262] lo speed is unknown, defaulting to 1000 [ 1768.491466][T32262] lo speed is unknown, defaulting to 1000 [ 1768.501598][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 1768.533707][ T10] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1768.558118][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1768.603341][ T10] usb 7-1: Product: syz [ 1768.609106][ T10] usb 7-1: Manufacturer: syz [ 1768.639397][ T10] usb 7-1: SerialNumber: syz [ 1768.909561][ T10] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1769.108154][ T5965] usb 7-1: USB disconnect, device number 3 [ 1769.115261][ T5965] usblp0: removed [ 1769.780885][ T10] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 1770.051434][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1770.085735][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1770.137962][T32283] netlink: 220 bytes leftover after parsing attributes in process `syz.6.8020'. [ 1770.224904][ T10] usb 1-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 1770.414338][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1770.505253][ T10] usb 1-1: config 0 descriptor?? [ 1771.714002][T32300] lo speed is unknown, defaulting to 1000 [ 1771.727779][T32300] lo speed is unknown, defaulting to 1000 [ 1772.403459][T32308] netlink: 1284 bytes leftover after parsing attributes in process `syz.5.8027'. [ 1772.832212][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 1772.832297][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1772.974104][ T10] usb 1-1: USB disconnect, device number 67 [ 1773.738746][ T30] audit: type=1400 audit(1757289846.567:1272): avc: denied { relabelfrom } for pid=32330 comm="syz.6.8037" name="" dev="pipefs" ino=129300 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 1773.762552][ T5913] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 1773.942798][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1773.957402][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1774.169073][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1774.227128][ T5913] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1774.259023][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1774.287336][ T5913] usb 1-1: config 0 descriptor?? [ 1774.753839][T32347] netlink: 'syz.8.8043': attribute type 13 has an invalid length. [ 1774.773622][ T5913] plantronics 0003:047F:FFFF.0037: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1774.947003][T23710] usb 1-1: USB disconnect, device number 68 [ 1775.233033][T32347] bridge0: port 2(bridge_slave_1) entered disabled state [ 1775.240621][T32347] bridge0: port 1(bridge_slave_0) entered disabled state [ 1775.669452][T32347] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1775.686586][T32347] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1775.907346][T32372] netlink: 1284 bytes leftover after parsing attributes in process `syz.0.8050'. [ 1777.003879][T27016] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1777.020311][T27016] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1777.029185][T27016] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1777.097140][T27016] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1777.386406][T32399] netlink: 40 bytes leftover after parsing attributes in process `syz.3.8056'. [ 1779.031950][T32418] netlink: 'syz.6.8068': attribute type 10 has an invalid length. [ 1779.119287][T32418] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1781.613024][T32451] netlink: 1284 bytes leftover after parsing attributes in process `syz.8.8073'. [ 1784.424035][T32491] CIFS mount error: No usable UNC path provided in device string! [ 1784.424035][T32491] [ 1784.434129][T32491] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1785.820589][T32521] netlink: 20 bytes leftover after parsing attributes in process `syz.8.8100'. [ 1787.971965][T17592] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 1789.166824][T32553] netlink: 'syz.0.8111': attribute type 4 has an invalid length. [ 1789.197337][T32553] netlink: 17 bytes leftover after parsing attributes in process `syz.0.8111'. [ 1790.075306][T32560] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8113'. [ 1790.215263][T17592] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 1791.432261][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1791.525768][T32594] netlink: 4 bytes leftover after parsing attributes in process `syz.8.8126'. [ 1793.118835][T32623] syzkaller0: entered promiscuous mode [ 1793.147079][T32623] syzkaller0: entered allmulticast mode [ 1793.439102][T32636] netlink: 'syz.5.8139': attribute type 10 has an invalid length. [ 1796.788159][ T30] audit: type=1400 audit(1757289869.615:1273): avc: denied { unmount } for pid=23991 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 1796.847420][T32662] netlink: 84 bytes leftover after parsing attributes in process `syz.0.8147'. [ 1797.383657][T32636] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1797.403776][T32643] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1798.314498][T32670] overlayfs: failed to clone lowerpath [ 1798.410334][T32671] overlayfs: failed to clone upperpath [ 1801.561063][T32704] netlink: 8 bytes leftover after parsing attributes in process `syz.8.8156'. [ 1802.089059][T32711] Unsupported ieee802154 address type: 0 [ 1802.139785][T32715] netlink: 104 bytes leftover after parsing attributes in process `syz.0.8161'. [ 1802.870456][T32735] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8167'. [ 1803.460339][T24331] usb 1-1: new full-speed USB device number 69 using dummy_hcd [ 1803.467981][T30645] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 1803.610176][T24331] usb 1-1: device descriptor read/64, error -71 [ 1803.650370][T30645] usb 4-1: Using ep0 maxpacket: 32 [ 1803.670734][T30645] usb 4-1: config 2 has an invalid interface number: 146 but max is 0 [ 1803.803629][T30645] usb 4-1: config 2 has no interface number 0 [ 1803.810354][T30645] usb 4-1: New USB device found, idVendor=1b3d, idProduct=01cf, bcdDevice=6e.21 [ 1803.819389][T30645] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1803.940340][T24331] usb 1-1: new full-speed USB device number 70 using dummy_hcd [ 1804.430947][T30645] usb 4-1: string descriptor 0 read error: -71 [ 1804.443113][T30645] ftdi_sio 4-1:2.146: FTDI USB Serial Device converter detected [ 1804.460983][T30645] ftdi_sio ttyUSB0: unknown device type: 0x6e21 [ 1804.478949][T30645] usb 4-1: USB disconnect, device number 70 [ 1804.563354][T30645] ftdi_sio 4-1:2.146: device disconnected [ 1804.620414][T24331] usb 1-1: device descriptor read/64, error -71 [ 1804.703809][ T30] audit: type=1326 audit(1757289877.539:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32753 comm="syz.8.8176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1804.751906][ T30] audit: type=1326 audit(1757289877.559:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32753 comm="syz.8.8176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1804.777422][ T30] audit: type=1326 audit(1757289877.559:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32753 comm="syz.8.8176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1804.825465][T24331] usb usb1-port1: attempt power cycle [ 1804.875295][T17592] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 1805.190416][T24331] usb 1-1: new full-speed USB device number 71 using dummy_hcd [ 1805.311007][T24331] usb 1-1: device descriptor read/8, error -71 [ 1805.742987][ T301] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=301 comm=syz.5.8182 [ 1805.816446][T24331] usb 1-1: new full-speed USB device number 72 using dummy_hcd [ 1806.082109][T24331] usb 1-1: device not accepting address 72, error -71 [ 1806.190131][T24331] usb usb1-port1: unable to enumerate USB device [ 1806.774234][ T302] lo speed is unknown, defaulting to 1000 [ 1806.783056][ T302] lo speed is unknown, defaulting to 1000 [ 1807.020256][T17592] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 1808.003348][ T30] audit: type=1400 audit(1757289880.619:1277): avc: denied { map } for pid=321 comm="syz.0.8187" path="socket:[130412]" dev="sockfs" ino=130412 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 1808.646643][ T30] audit: type=1400 audit(1757289880.619:1278): avc: denied { read accept } for pid=321 comm="syz.0.8187" path="socket:[130412]" dev="sockfs" ino=130412 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 1809.149778][ T342] tipc: Started in network mode [ 1809.212914][ T342] tipc: Node identity 4acfc78a7366, cluster identity 4711 [ 1809.242538][ T342] tipc: Enabled bearer , priority 0 [ 1809.252913][ T342] syzkaller0: entered promiscuous mode [ 1809.258392][ T342] syzkaller0: entered allmulticast mode [ 1809.302656][ T342] tipc: Resetting bearer [ 1809.324279][ T341] tipc: Resetting bearer [ 1809.407995][ T341] tipc: Disabling bearer [ 1810.530989][ T30] audit: type=1326 audit(1757289883.349:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=358 comm="syz.3.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1810.688750][ T30] audit: type=1326 audit(1757289883.359:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=358 comm="syz.3.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1810.800203][T17592] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11 [ 1810.843869][ T30] audit: type=1326 audit(1757289883.359:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=358 comm="syz.3.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1810.988339][ T30] audit: type=1326 audit(1757289883.359:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=358 comm="syz.3.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1811.088938][ T30] audit: type=1326 audit(1757289883.459:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=358 comm="syz.3.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1811.117566][ T30] audit: type=1326 audit(1757289883.459:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=358 comm="syz.3.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1811.155651][ T30] audit: type=1326 audit(1757289883.459:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=361 comm="syz.3.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f938c5c14a5 code=0x7ffc0000 [ 1811.184456][ T30] audit: type=1326 audit(1757289883.619:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=361 comm="syz.3.8197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1814.086815][ T408] netlink: 48 bytes leftover after parsing attributes in process `syz.0.8213'. [ 1814.264170][ T409] 9pnet_virtio: no channels available for device ./file0 [ 1814.407742][T17592] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 1814.566670][ T420] hub 2-0:1.0: USB hub found [ 1814.572665][ T420] hub 2-0:1.0: 1 port detected [ 1814.703541][ T30] audit: type=1326 audit(1757289887.539:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=416 comm="syz.0.8217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7fc00000 [ 1814.903335][ T30] audit: type=1326 audit(1757289887.539:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=416 comm="syz.0.8217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7fc00000 [ 1815.578189][ T429] lo speed is unknown, defaulting to 1000 [ 1815.590298][ T429] lo speed is unknown, defaulting to 1000 [ 1817.829522][ T448] fuse: Bad value for 'user_id' [ 1817.857414][ T448] fuse: Bad value for 'user_id' [ 1817.863802][ T30] kauditd_printk_skb: 278 callbacks suppressed [ 1817.863818][ T30] audit: type=1400 audit(1757289890.679:1567): avc: denied { shutdown } for pid=444 comm="syz.5.8226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 1818.172028][ T10] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 1818.337563][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 1818.377971][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1818.404227][ T10] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1818.436394][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1818.476808][ T10] usb 4-1: Product: syz [ 1818.527101][ T10] usb 4-1: Manufacturer: syz [ 1818.537828][ T466] netlink: 'syz.8.8233': attribute type 10 has an invalid length. [ 1818.541753][ T10] usb 4-1: SerialNumber: syz [ 1818.564894][ T10] usb 4-1: config 0 descriptor?? [ 1819.188719][ T10] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1819.198462][ T10] usb 4-1: Detected FT232R [ 1819.503692][ T10] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 1819.764385][ T10] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1820.058603][ T448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1820.108850][ T448] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1820.172594][ T5965] usb 4-1: USB disconnect, device number 71 [ 1820.208029][ T5965] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1820.259054][ T5965] ftdi_sio 4-1:0.0: device disconnected [ 1820.395536][ T494] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=494 comm=syz.8.8240 [ 1820.723731][ T498] netlink: 'syz.0.8244': attribute type 10 has an invalid length. [ 1822.774956][ T528] bridge0: port 2(bridge_slave_1) entered disabled state [ 1822.968094][ T530] netlink: 'syz.3.8257': attribute type 10 has an invalid length. [ 1823.104510][ T30] audit: type=1326 audit(1757289895.939:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=531 comm="syz.8.8258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1823.218534][ T30] audit: type=1326 audit(1757289895.969:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=531 comm="syz.8.8258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1823.322002][ T30] audit: type=1326 audit(1757289895.979:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=531 comm="syz.8.8258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1823.380527][ T30] audit: type=1326 audit(1757289895.979:1571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=531 comm="syz.8.8258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1823.403969][ T30] audit: type=1326 audit(1757289895.979:1572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=531 comm="syz.8.8258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1823.427395][ T30] audit: type=1326 audit(1757289895.979:1573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=531 comm="syz.8.8258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1823.450823][ T30] audit: type=1326 audit(1757289895.979:1574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=531 comm="syz.8.8258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1823.502896][ T30] audit: type=1326 audit(1757289895.979:1575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=531 comm="syz.8.8258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1823.535036][ T30] audit: type=1326 audit(1757289895.979:1576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=531 comm="syz.8.8258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1823.608477][ T30] audit: type=1326 audit(1757289895.979:1577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=531 comm="syz.8.8258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1823.675908][ T547] sch_fq: defrate 4294967295 ignored. [ 1823.787993][ T548] tipc: Enabled bearer , priority 0 [ 1823.795474][ T548] syzkaller0: entered promiscuous mode [ 1823.801031][ T548] syzkaller0: entered allmulticast mode [ 1823.810554][ T548] tipc: Resetting bearer [ 1823.822427][ T544] tipc: Resetting bearer [ 1823.845245][ T544] tipc: Disabling bearer [ 1823.860294][ T538] netlink: 188 bytes leftover after parsing attributes in process `syz.3.8261'. [ 1824.170463][T17592] Bluetooth: hci0: command 0x0406 tx timeout [ 1825.029495][ T571] lo speed is unknown, defaulting to 1000 [ 1825.040574][ T571] lo speed is unknown, defaulting to 1000 [ 1829.938467][ T625] netlink: 'syz.8.8286': attribute type 1 has an invalid length. [ 1829.963828][ T50] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 1829.996575][ T625] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1830.216844][ T628] bond1: (slave veth3): Enslaving as an active interface with a down link [ 1831.056224][ T625] vlan2: entered allmulticast mode [ 1831.063212][ T625] veth1: entered allmulticast mode [ 1831.450192][ T30] kauditd_printk_skb: 45 callbacks suppressed [ 1831.450209][ T30] audit: type=1326 audit(1757289904.229:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=635 comm="syz.3.8290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1831.796295][ T30] audit: type=1326 audit(1757289904.229:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=635 comm="syz.3.8290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1831.826289][ T30] audit: type=1326 audit(1757289904.239:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=635 comm="syz.3.8290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1831.877476][ T30] audit: type=1326 audit(1757289904.239:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=635 comm="syz.3.8290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1831.949628][ T646] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1831.961649][ T30] audit: type=1326 audit(1757289904.239:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=635 comm="syz.3.8290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1831.997285][ T30] audit: type=1326 audit(1757289904.239:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=635 comm="syz.3.8290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1832.022711][ T30] audit: type=1326 audit(1757289904.239:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=635 comm="syz.3.8290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1832.054646][ T30] audit: type=1326 audit(1757289904.239:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=635 comm="syz.3.8290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1832.084759][ T30] audit: type=1326 audit(1757289904.249:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=635 comm="syz.3.8290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1832.119438][ T30] audit: type=1326 audit(1757289904.249:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=635 comm="syz.3.8290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1833.345067][ T658] netlink: 'syz.3.8297': attribute type 10 has an invalid length. [ 1833.387724][T28263] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1833.600227][T17592] Bluetooth: hci4: command 0x0405 tx timeout [ 1834.035260][T28263] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1834.927614][T28263] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1834.984469][ T685] netlink: 24 bytes leftover after parsing attributes in process `syz.8.8304'. [ 1834.993645][ T684] 9pnet_fd: p9_fd_create_unix (684): problem connecting socket: ./file0: -2 [ 1835.106246][T28263] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1835.163220][ T688] tipc: Enabled bearer , priority 0 [ 1835.193298][ T687] syzkaller0: entered promiscuous mode [ 1835.207497][ T687] syzkaller0: entered allmulticast mode [ 1835.254824][ T687] tipc: Resetting bearer [ 1835.278717][ T686] tipc: Resetting bearer [ 1835.336409][ T686] tipc: Disabling bearer [ 1835.558734][ T698] netlink: 20 bytes leftover after parsing attributes in process `syz.8.8308'. [ 1836.218992][T28263] bridge_slave_1: left allmulticast mode [ 1836.234494][T28263] bridge_slave_1: left promiscuous mode [ 1836.266146][T28263] bridge0: port 2(bridge_slave_1) entered disabled state [ 1836.289515][T28263] bridge_slave_0: left allmulticast mode [ 1836.318973][T28263] bridge_slave_0: left promiscuous mode [ 1836.335191][T28263] bridge0: port 1(bridge_slave_0) entered disabled state [ 1836.401710][ T50] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 1837.241528][ T721] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8316'. [ 1838.565935][ T739] netlink: 'syz.5.8323': attribute type 10 has an invalid length. [ 1838.674557][ T50] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 1839.897860][T28263] smc: removing net device bond0 with user defined pnetid SYZ2 [ 1839.930403][T28263] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1839.953255][T28263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1839.970587][T28263] bond0 (unregistering): Released all slaves [ 1840.484391][T28263] bond1 (unregistering): Released all slaves [ 1840.618069][T28263] : left promiscuous mode [ 1840.732645][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 1840.732657][ T30] audit: type=1400 audit(1757289913.549:1646): avc: denied { setattr } for pid=761 comm="syz.0.8331" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 1840.970563][T28263] tipc: Left network mode [ 1841.549267][ T777] kvm: kvm [773]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80000000800 [ 1841.610260][ T777] kvm: kvm [773]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x80000000000 [ 1841.973895][ T800] netlink: 'syz.3.8344': attribute type 10 has an invalid length. [ 1842.133199][ T10] usb 1-1: new full-speed USB device number 73 using dummy_hcd [ 1842.168398][T28263] batadv_slave_0: left promiscuous mode [ 1842.201445][T28263] hsr_slave_0: left promiscuous mode [ 1842.212523][T28263] hsr_slave_1: left promiscuous mode [ 1842.225854][T28263] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1842.253997][T28263] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1842.279031][T28263] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1842.286642][T28263] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1842.291964][ T10] usb 1-1: no configurations [ 1842.298434][ T10] usb 1-1: can't read configurations, error -22 [ 1842.326139][T28263] veth1_macvtap: left promiscuous mode [ 1842.332657][T28263] veth0_macvtap: left promiscuous mode [ 1842.338341][T28263] veth1_vlan: left promiscuous mode [ 1842.344555][T28263] veth0_vlan: left promiscuous mode [ 1842.431286][ T10] usb 1-1: new full-speed USB device number 74 using dummy_hcd [ 1842.439186][T28263] pim6reg (unregistering): left allmulticast mode [ 1842.520123][T30645] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 1842.585150][ T10] usb 1-1: no configurations [ 1842.599941][ T10] usb 1-1: can't read configurations, error -22 [ 1842.624022][ T10] usb usb1-port1: attempt power cycle [ 1842.700472][T30645] usb 4-1: Using ep0 maxpacket: 16 [ 1842.720750][T30645] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1842.728745][T30645] usb 4-1: config 0 has no interface number 0 [ 1842.750676][T30645] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1842.770076][T30645] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1842.790356][T30645] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 1842.799390][T30645] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1842.847578][T30645] usb 4-1: config 0 descriptor?? [ 1842.982030][ T10] usb 1-1: new full-speed USB device number 75 using dummy_hcd [ 1843.002841][ T10] usb 1-1: no configurations [ 1843.007453][ T10] usb 1-1: can't read configurations, error -22 [ 1843.351604][ T10] usb 1-1: new full-speed USB device number 76 using dummy_hcd [ 1843.406114][ T10] usb 1-1: no configurations [ 1843.433748][ T10] usb 1-1: can't read configurations, error -22 [ 1843.474212][ T10] usb usb1-port1: unable to enumerate USB device [ 1844.318195][T28263] team0 (unregistering): Port device team_slave_1 removed [ 1844.428962][T28263] team0 (unregistering): Port device team_slave_0 removed [ 1844.829893][T30645] input: HID 28bd:0071 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:28BD:0071.0038/input/input47 [ 1844.912218][T30645] input: HID 28bd:0071 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:28BD:0071.0038/input/input48 [ 1844.970508][T30645] uclogic 0003:28BD:0071.0038: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.3-1/input1 [ 1845.039774][T29340] usb 4-1: USB disconnect, device number 72 [ 1845.189810][ T842] 9pnet_fd: Insufficient options for proto=fd [ 1845.371666][ T5913] usb 1-1: new full-speed USB device number 77 using dummy_hcd [ 1845.543485][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1845.574901][ T5913] usb 1-1: New USB device found, idVendor=0810, idProduct=0001, bcdDevice= 0.00 [ 1845.609570][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1845.637808][ T5913] usb 1-1: config 0 descriptor?? [ 1845.889012][ T859] 9pnet_fd: p9_fd_create_unix (859): problem connecting socket: ./file0: -2 [ 1846.783672][T24331] usb 4-1: new full-speed USB device number 73 using dummy_hcd [ 1846.817090][T28263] IPVS: stop unused estimator thread 0... [ 1846.944948][ T5913] pantherlord 0003:0810:0001.0039: item fetching failed at offset 5/7 [ 1846.970924][T24331] usb 4-1: too many configurations: 221, using maximum allowed: 8 [ 1846.987902][ T5913] pantherlord 0003:0810:0001.0039: parse failed [ 1846.997975][T24331] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1847.026599][T24331] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1847.045795][ T5913] pantherlord 0003:0810:0001.0039: probe with driver pantherlord failed with error -22 [ 1847.050940][T24331] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1847.125235][T24331] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1847.182266][T30645] usb 1-1: USB disconnect, device number 77 [ 1847.223718][T24331] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1847.246252][T24331] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1847.306741][T24331] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1847.327041][T24331] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1847.346997][T24331] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1847.367129][T24331] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1847.387283][T24331] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1847.410067][T24331] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1847.430660][T24331] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1847.445242][T24331] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1847.448727][ T874] tipc: Started in network mode [ 1847.462343][ T874] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 1847.466260][T24331] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1847.474775][ T874] tipc: Enabled bearer , priority 10 [ 1847.493643][T24331] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1847.515950][T24331] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1847.525295][T24331] usb 4-1: New USB device strings: Mfr=23, Product=20, SerialNumber=31 [ 1847.536894][T24331] usb 4-1: Product: syz [ 1847.545507][T24331] usb 4-1: Manufacturer: syz [ 1847.555441][T24331] usb 4-1: SerialNumber: syz [ 1847.569302][ T876] netlink: 96 bytes leftover after parsing attributes in process `syz.5.8375'. [ 1847.578828][T24331] usb 4-1: config 0 descriptor?? [ 1847.757409][ T879] netlink: 104 bytes leftover after parsing attributes in process `syz.6.8376'. [ 1847.848465][T29340] usb 4-1: USB disconnect, device number 73 [ 1849.037205][T29340] tipc: Node number set to 4269801488 [ 1849.411511][ T917] netlink: 'syz.0.8387': attribute type 10 has an invalid length. [ 1850.434943][ T927] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 1851.084905][ T917] bond0: (slave dummy0): Releasing backup interface [ 1851.108753][ T917] team0: Port device dummy0 added [ 1851.131366][ T932] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1851.175705][ T941] netlink: 'syz.8.8388': attribute type 1 has an invalid length. [ 1851.325055][ T941] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1851.735124][ T955] tipc: Started in network mode [ 1851.741844][ T955] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 1851.752320][ T955] tipc: Enabling of bearer rejected, failed to enable media [ 1852.754491][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1853.901939][ T983] netlink: 'syz.0.8400': attribute type 10 has an invalid length. [ 1857.528376][ T30] audit: type=1326 audit(1757289930.359:1647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1034 comm="syz.5.8416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1857.600672][ T30] audit: type=1326 audit(1757289930.359:1648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1034 comm="syz.5.8416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1857.660176][ T30] audit: type=1326 audit(1757289930.389:1649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1034 comm="syz.5.8416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1857.740312][ T30] audit: type=1326 audit(1757289930.389:1650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1034 comm="syz.5.8416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1857.940459][ T30] audit: type=1326 audit(1757289930.389:1651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1034 comm="syz.5.8416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1860.712108][ T1096] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1863.405806][ T8228] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1863.666333][ T8228] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1863.865546][ T8228] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1864.173747][ T8228] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1864.484428][ T30] audit: type=1326 audit(1757289937.319:1652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1162 comm="syz.3.8452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1864.539453][ T1166] tipc: Enabling of bearer rejected, failed to enable media [ 1864.595933][ T30] audit: type=1326 audit(1757289937.319:1653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1162 comm="syz.3.8452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1864.696888][ T30] audit: type=1326 audit(1757289937.319:1654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1162 comm="syz.3.8452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1864.870332][ T30] audit: type=1326 audit(1757289937.319:1655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1162 comm="syz.3.8452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1864.942056][ T30] audit: type=1326 audit(1757289937.319:1656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1162 comm="syz.3.8452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1865.065743][ T50] Bluetooth: hci4: command 0x0405 tx timeout [ 1865.650957][ T1182] netlink: 76 bytes leftover after parsing attributes in process `syz.3.8459'. [ 1865.986928][ T8228] bond0 (unregistering): Released all slaves [ 1866.001013][ T1174] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 1866.011239][ T1174] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 1866.023231][ T1174] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1866.023249][ T30] audit: type=1400 audit(1757289938.859:1657): avc: denied { firmware_load } for pid=1169 comm="syz.8.8456" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 1866.408081][ T30] audit: type=1326 audit(1757289939.239:1658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1193 comm="syz.8.8464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1866.505728][ T30] audit: type=1326 audit(1757289939.239:1659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1193 comm="syz.8.8464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1866.761754][ T1207] netlink: 'syz.8.8469': attribute type 10 has an invalid length. [ 1866.781193][ T30] audit: type=1326 audit(1757289939.279:1660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1193 comm="syz.8.8464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1866.827523][ T1207] bond0: (slave dummy0): Releasing backup interface [ 1866.835276][ T30] audit: type=1326 audit(1757289939.279:1661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1193 comm="syz.8.8464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x7ffc0000 [ 1867.001515][ T1214] SELinux: Context system_u:object_r:audisp_exec_t:s0 is not valid (left unmapped). [ 1867.230752][ T1218] syz.3.8471: attempt to access beyond end of device [ 1867.230752][ T1218] ram201: rw=2048, sector=521328, nr_sectors = 8 limit=8192 [ 1867.817537][ T1207] team0: Port device dummy0 added [ 1868.512185][ T1240] tipc: New replicast peer: 255.255.255.255 [ 1868.518778][ T1240] tipc: Enabled bearer , priority 10 [ 1868.705410][ T1244] netlink: 64 bytes leftover after parsing attributes in process `syz.8.8479'. [ 1869.162745][ T1258] netlink: 104 bytes leftover after parsing attributes in process `syz.0.8484'. [ 1869.370990][ T1260] netlink: 'syz.0.8485': attribute type 10 has an invalid length. [ 1869.489421][ T8228] batadv_slave_0: left promiscuous mode [ 1869.582582][ T8228] hsr_slave_0: left promiscuous mode [ 1869.611824][ T8228] hsr_slave_1: left promiscuous mode [ 1869.634151][ T10] tipc: Node number set to 3237953018 [ 1869.718242][ T8228] veth1_macvtap: left promiscuous mode [ 1869.823695][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 1869.823712][ T30] audit: type=1326 audit(1757289942.649:1674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1269 comm="syz.0.8490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1869.872903][ T8228] veth0_macvtap: left allmulticast mode [ 1869.879356][ T8228] veth0_macvtap: left promiscuous mode [ 1869.890303][ T8228] veth1_vlan: left promiscuous mode [ 1869.895608][ T8228] veth0_vlan: left promiscuous mode [ 1870.035388][ T1274] netlink: 44 bytes leftover after parsing attributes in process `syz.8.8488'. [ 1870.044489][ T1274] netlink: 4 bytes leftover after parsing attributes in process `syz.8.8488'. [ 1870.565622][ T30] audit: type=1326 audit(1757289942.659:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1269 comm="syz.0.8490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1870.596258][ T30] audit: type=1326 audit(1757289942.689:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1269 comm="syz.0.8490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1870.667766][ T30] audit: type=1326 audit(1757289942.689:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1269 comm="syz.0.8490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1870.691525][ T30] audit: type=1326 audit(1757289942.689:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1269 comm="syz.0.8490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1870.715236][ T30] audit: type=1326 audit(1757289942.739:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1269 comm="syz.0.8490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1870.779514][ T30] audit: type=1326 audit(1757289942.756:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1269 comm="syz.0.8490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1870.826323][ T30] audit: type=1326 audit(1757289942.756:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1269 comm="syz.0.8490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f730c58ebe9 code=0x7ffc0000 [ 1870.928534][ T8228] pimreg3 (unregistering): left allmulticast mode [ 1871.207235][ T1293] netlink: 'syz.3.8497': attribute type 10 has an invalid length. [ 1872.009073][ T30] audit: type=1326 audit(1757289944.796:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1306 comm="syz.6.8501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1872.048086][ T30] audit: type=1326 audit(1757289944.806:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1306 comm="syz.6.8501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1872.206598][ T1311] overlayfs: overlapping lowerdir path [ 1873.257398][ T1292] kthread_run failed with err -4 [ 1874.191003][ T1329] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8507'. [ 1876.716477][ T1341] netlink: 'syz.3.8508': attribute type 12 has an invalid length. [ 1878.223794][ T1365] netlink: 'syz.5.8516': attribute type 10 has an invalid length. [ 1878.233782][ T1365] bond0: (slave dummy0): Releasing backup interface [ 1878.876760][ T1365] team0: Port device dummy0 added [ 1878.993768][ T8228] IPVS: stop unused estimator thread 0... [ 1879.280218][T24331] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 1879.374921][ T1385] overlayfs: failed to clone upperpath [ 1879.464533][T24331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1879.496934][T24331] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1879.530447][T24331] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 1879.592412][T24331] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1879.673412][T24331] usb 1-1: config 0 descriptor?? [ 1879.977733][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 1879.977749][ T30] audit: type=1326 audit(1757289952.816:1700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1397 comm="syz.5.8528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1880.083451][ T30] audit: type=1326 audit(1757289952.856:1701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1397 comm="syz.5.8528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1880.186275][ T30] audit: type=1326 audit(1757289952.866:1702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1397 comm="syz.5.8528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1880.259488][ T30] audit: type=1326 audit(1757289952.866:1703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1397 comm="syz.5.8528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1880.342189][T24331] usbhid 1-1:0.0: can't add hid device: -71 [ 1880.354293][T24331] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1880.364886][ T30] audit: type=1326 audit(1757289952.866:1704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1397 comm="syz.5.8528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1880.392542][T24331] usb 1-1: USB disconnect, device number 78 [ 1880.403455][ T30] audit: type=1326 audit(1757289952.866:1705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1397 comm="syz.5.8528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1880.433250][ T30] audit: type=1326 audit(1757289952.866:1706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1397 comm="syz.5.8528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1880.487253][ T30] audit: type=1326 audit(1757289952.866:1707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1397 comm="syz.5.8528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1880.582650][ T30] audit: type=1326 audit(1757289952.866:1708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1397 comm="syz.5.8528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1880.668083][ T30] audit: type=1326 audit(1757289952.866:1709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1397 comm="syz.5.8528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1883.265660][ T1424] SELinux: ebitmap: truncated map [ 1883.306559][ T1429] netlink: 56 bytes leftover after parsing attributes in process `syz.0.8538'. [ 1883.309472][ T1424] SELinux: failed to load policy [ 1885.954925][ T30] kauditd_printk_skb: 84 callbacks suppressed [ 1885.954942][ T30] audit: type=1326 audit(1757289958.796:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.3.8546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1885.994706][ T30] audit: type=1326 audit(1757289958.796:1795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.3.8546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1886.021559][ T30] audit: type=1326 audit(1757289958.836:1796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.3.8546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1886.081798][ T30] audit: type=1326 audit(1757289958.836:1797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.3.8546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1886.115392][ T30] audit: type=1326 audit(1757289958.836:1798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.3.8546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1886.166800][ T30] audit: type=1326 audit(1757289958.866:1799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.3.8546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1886.192635][ T30] audit: type=1326 audit(1757289958.896:1800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.3.8546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1886.234236][ T30] audit: type=1326 audit(1757289958.896:1801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.3.8546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1886.259106][ T30] audit: type=1326 audit(1757289958.906:1802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.3.8546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1886.283822][ T30] audit: type=1326 audit(1757289958.906:1803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.3.8546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1888.114780][ T1468] overlayfs: failed to clone upperpath [ 1889.730275][T24048] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 1889.920335][T24048] usb 4-1: Using ep0 maxpacket: 16 [ 1889.933523][T24048] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 1889.946458][T24048] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1889.960069][T24048] usb 4-1: config 0 has no interface number 0 [ 1889.968579][T24048] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 1889.980629][T24048] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1889.989576][T24048] usb 4-1: Product: syz [ 1889.993884][T24048] usb 4-1: Manufacturer: syz [ 1889.998994][T24048] usb 4-1: SerialNumber: syz [ 1890.080867][T24048] usb 4-1: config 0 descriptor?? [ 1890.088776][T24048] usb 4-1: Found UVC 0.00 device syz (046d:08f3) [ 1890.095693][T24048] usb 4-1: No valid video chain found. [ 1890.296413][T24048] usb 4-1: USB disconnect, device number 74 [ 1890.297507][ T1490] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8561'. [ 1890.463363][ T1465] bridge_slave_1: left allmulticast mode [ 1890.469042][ T1465] bridge_slave_1: left promiscuous mode [ 1890.474943][ T1465] bridge0: port 2(bridge_slave_1) entered disabled state [ 1890.489857][ T1465] bridge_slave_0: left allmulticast mode [ 1890.495674][ T1465] bridge_slave_0: left promiscuous mode [ 1890.501611][ T1465] bridge0: port 1(bridge_slave_0) entered disabled state [ 1890.633192][ T1490] syz_tun (unregistering): left promiscuous mode [ 1890.774932][ T1505] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1891.074635][ T1516] overlayfs: overlapping lowerdir path [ 1891.551322][ T1522] overlayfs: failed to clone lowerpath [ 1893.177156][ T1550] netlink: 104 bytes leftover after parsing attributes in process `syz.6.8580'. [ 1893.471257][ T1558] syz.0.8579: attempt to access beyond end of device [ 1893.471257][ T1558] ram201: rw=2048, sector=521328, nr_sectors = 8 limit=8192 [ 1896.251422][ T1593] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1897.429412][ T1617] netlink: 'syz.8.8601': attribute type 10 has an invalid length. [ 1897.594659][T17592] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 1897.745530][ T1630] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1898.826421][ T1650] netlink: 'syz.3.8614': attribute type 10 has an invalid length. [ 1899.104666][ T1665] lo speed is unknown, defaulting to 1000 [ 1899.133497][ T1665] lo speed is unknown, defaulting to 1000 [ 1899.380521][ T1669] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8620'. [ 1900.172210][ T1672] netlink: 64 bytes leftover after parsing attributes in process `syz.6.8618'. [ 1902.618930][ T1698] lo speed is unknown, defaulting to 1000 [ 1902.646198][ T1698] lo speed is unknown, defaulting to 1000 [ 1902.655677][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 1902.655690][ T30] audit: type=1400 audit(1757289975.496:1834): avc: denied { write } for pid=1702 comm="syz.3.8630" name="001" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 1902.689029][T27016] Bluetooth: hci2: Frame reassembly failed (-84) [ 1902.933501][ T1708] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1902.965673][ T30] audit: type=1326 audit(1757289975.806:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1709 comm="syz.0.8633" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f730c585ba7 code=0x0 [ 1903.300381][ T1718] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1904.328431][ T1728] syz.8.8638: attempt to access beyond end of device [ 1904.328431][ T1728] ram201: rw=2048, sector=521328, nr_sectors = 8 limit=8192 [ 1904.751319][ T50] Bluetooth: hci2: command 0x1003 tx timeout [ 1904.757783][T17592] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1904.936460][ T1734] netlink: 152 bytes leftover after parsing attributes in process `syz.6.8640'. [ 1906.064668][ T1752] 9p: Unknown access argument 18446744073709551615: -34 [ 1906.276408][T30645] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 1907.099681][T30645] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1907.141342][T30645] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1907.196499][T30645] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1907.266221][T30645] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1907.303442][T30645] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1907.478525][T30645] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1907.497756][T30645] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1907.505859][T30645] usb 4-1: Product: syz [ 1907.510616][T30645] usb 4-1: Manufacturer: syz [ 1907.515410][T30645] usb 4-1: SerialNumber: syz [ 1908.551013][ T1790] netlink: 'syz.6.8658': attribute type 16 has an invalid length. [ 1908.613400][ T1790] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1908.710943][ T1793] overlayfs: failed to clone lowerpath [ 1908.810797][ T1794] overlayfs: failed to clone upperpath [ 1909.181669][T30645] cdc_ncm 4-1:1.0: bind() failure [ 1909.565618][T30645] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 1909.577299][T30645] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 1909.592126][T30645] usbtest 4-1:1.1: probe with driver usbtest failed with error -71 [ 1909.606829][T30645] usb 4-1: USB disconnect, device number 75 [ 1910.556357][ T1813] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=1813 comm=syz.3.8666 [ 1910.605040][ T1813] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=1813 comm=syz.3.8666 [ 1910.702740][ T1815] random: crng reseeded on system resumption [ 1912.095549][ T1834] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1914.263215][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1914.355861][ T1842] lo speed is unknown, defaulting to 1000 [ 1914.363057][ T1842] lo speed is unknown, defaulting to 1000 [ 1917.444661][ T1881] overlayfs: failed to clone lowerpath [ 1918.468669][ T30] audit: type=1326 audit(1757289992.302:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1910 comm="syz.6.8700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1918.509802][ T30] audit: type=1326 audit(1757289992.302:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1910 comm="syz.6.8700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1918.560534][ T30] audit: type=1326 audit(1757289992.302:1838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1910 comm="syz.6.8700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1918.592862][ T30] audit: type=1326 audit(1757289992.302:1839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1910 comm="syz.6.8700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1918.617302][ T30] audit: type=1326 audit(1757289992.302:1840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1910 comm="syz.6.8700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1918.642579][ T30] audit: type=1326 audit(1757289992.312:1841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1910 comm="syz.6.8700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=75 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1918.644665][ T1914] netlink: 'syz.5.8701': attribute type 12 has an invalid length. [ 1919.214310][ T30] audit: type=1326 audit(1757289992.312:1842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1910 comm="syz.6.8700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1919.239076][ T30] audit: type=1326 audit(1757289992.312:1843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1910 comm="syz.6.8700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1919.272258][ T30] audit: type=1326 audit(1757289992.312:1844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1910 comm="syz.6.8700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1919.316052][ T30] audit: type=1326 audit(1757289992.312:1845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1910 comm="syz.6.8700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45c2b8ebe9 code=0x7ffc0000 [ 1919.517785][ T1927] veth0: entered promiscuous mode [ 1919.537555][ T1927] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8707'. [ 1923.401021][ T1992] overlayfs: failed to clone lowerpath [ 1923.479703][ T1993] overlayfs: failed to clone upperpath [ 1923.976650][ T1996] veth0_vlan: entered allmulticast mode [ 1924.005682][ T1996] ªªªªªª: renamed from vlan0 [ 1924.011735][ T30] kauditd_printk_skb: 75 callbacks suppressed [ 1924.011749][ T30] audit: type=1326 audit(1757289997.812:1921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1995 comm="syz.5.8731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1924.126810][ T30] audit: type=1326 audit(1757289997.812:1922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1995 comm="syz.5.8731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1924.192151][ T30] audit: type=1326 audit(1757289997.812:1923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1995 comm="syz.5.8731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1924.283597][ T30] audit: type=1326 audit(1757289997.812:1924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1995 comm="syz.5.8731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1924.313156][ T30] audit: type=1326 audit(1757289997.812:1925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1995 comm="syz.5.8731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1924.340928][ T30] audit: type=1326 audit(1757289997.812:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1995 comm="syz.5.8731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1924.400263][ T30] audit: type=1326 audit(1757289997.812:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1995 comm="syz.5.8731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1924.435511][ T30] audit: type=1326 audit(1757289997.812:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1995 comm="syz.5.8731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1924.461438][ T30] audit: type=1326 audit(1757289997.812:1929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1995 comm="syz.5.8731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1924.486426][ T30] audit: type=1326 audit(1757289997.812:1930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1995 comm="syz.5.8731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe93fb8ebe9 code=0x7ffc0000 [ 1926.671298][ T2060] overlayfs: failed to clone lowerpath [ 1926.719880][ T2060] overlayfs: failed to clone upperpath [ 1929.153294][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 1929.153310][ T30] audit: type=1326 audit(1757290002.992:1940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2104 comm="syz.8.8768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x50000 [ 1929.316176][ T30] audit: type=1326 audit(1757290002.992:1941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2104 comm="syz.8.8768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x50000 [ 1929.553566][ T30] audit: type=1326 audit(1757290002.992:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2104 comm="syz.8.8768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x50000 [ 1929.976687][ T30] audit: type=1326 audit(1757290002.992:1943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2104 comm="syz.8.8768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x50000 [ 1930.029340][ T30] audit: type=1326 audit(1757290002.992:1944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2104 comm="syz.8.8768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x50000 [ 1930.068481][ T30] audit: type=1326 audit(1757290002.992:1945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2104 comm="syz.8.8768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x50000 [ 1930.107567][ T30] audit: type=1326 audit(1757290002.992:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2104 comm="syz.8.8768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x50000 [ 1930.139780][ T30] audit: type=1326 audit(1757290002.992:1947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2104 comm="syz.8.8768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x50000 [ 1930.168513][ T30] audit: type=1326 audit(1757290002.992:1948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2104 comm="syz.8.8768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x50000 [ 1930.209628][ T30] audit: type=1326 audit(1757290002.992:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2104 comm="syz.8.8768" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf9298ebe9 code=0x50000 [ 1931.439180][ T2128] netlink: 'syz.6.8772': attribute type 1 has an invalid length. [ 1934.430821][ T2172] lo speed is unknown, defaulting to 1000 [ 1934.448256][ T2172] lo speed is unknown, defaulting to 1000 [ 1935.862711][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 1935.863627][ T30] audit: type=1400 audit(1757290009.702:2007): avc: denied { connect } for pid=2176 comm="syz.0.8790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1938.923130][ T2204] netlink: 'syz.6.8797': attribute type 1 has an invalid length. [ 1939.834684][ T2215] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82 [ 1939.874744][ T2219] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8799'. [ 1939.901173][ T2219] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8799'. [ 1940.707925][ T2228] SELinux: policydb magic number 0x34343831 does not match expected magic number 0xf97cff8c [ 1940.718401][ T2228] SELinux: failed to load policy [ 1940.734612][ T30] audit: type=1400 audit(1757290014.462:2008): avc: denied { execute } for pid=2223 comm="syz.0.8803" path="/selinux/policy" dev="selinuxfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=file permissive=1 [ 1942.272837][ T30] audit: type=1400 audit(1757290016.102:2009): avc: denied { recv } for pid=5831 comm="syz-executor" saddr=10.128.0.169 src=30006 daddr=10.128.0.21 dest=49186 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 1942.322737][ T30] audit: type=1400 audit(1757290016.102:2010): avc: denied { read write } for pid=25424 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1942.349126][ T30] audit: type=1400 audit(1757290016.102:2011): avc: denied { open } for pid=25424 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1942.374173][ T30] audit: type=1400 audit(1757290016.102:2012): avc: denied { ioctl } for pid=25424 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1942.401312][ T30] audit: type=1400 audit(1757290016.162:2013): avc: denied { create } for pid=2231 comm="syz.3.8805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1942.691301][ T2204] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1942.957037][ T30] audit: type=1400 audit(1757290016.702:2014): avc: denied { execmem } for pid=2236 comm="syz.0.8806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 1943.039723][ T30] audit: type=1400 audit(1757290016.872:2015): avc: denied { create } for pid=2231 comm="syz.3.8805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1943.708824][ T30] audit: type=1400 audit(1757290016.872:2016): avc: denied { setopt } for pid=2231 comm="syz.3.8805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1943.749612][ T30] audit: type=1400 audit(1757290016.952:2017): avc: denied { prog_load } for pid=2236 comm="syz.0.8806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1943.800151][ T30] audit: type=1400 audit(1757290016.952:2018): avc: denied { bpf } for pid=2236 comm="syz.0.8806" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1943.962340][ T2253] lo speed is unknown, defaulting to 1000 [ 1943.968708][ T2253] lo speed is unknown, defaulting to 1000 [ 1945.936407][ T2273] I/O error, dev loop13, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1945.971736][ T2273] FAT-fs (loop13): unable to read boot sector [ 1946.227855][ T2280] netlink: 'syz.6.8818': attribute type 1 has an invalid length. [ 1946.274935][ T2280] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1946.401564][ T2280] vlan2: entered allmulticast mode [ 1946.423009][ T2280] veth1: entered allmulticast mode [ 1947.766345][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 1947.766356][ T30] audit: type=1400 audit(1757290021.602:2059): avc: denied { name_bind } for pid=2306 comm="syz.8.8826" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 1947.878861][ T30] audit: type=1400 audit(1757290021.702:2060): avc: denied { read write } for pid=2308 comm="syz.0.8827" name="vhost-vsock" dev="devtmpfs" ino=1275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 1947.922405][ T30] audit: type=1400 audit(1757290021.702:2061): avc: denied { open } for pid=2308 comm="syz.0.8827" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 1948.043218][ T30] audit: type=1400 audit(1757290021.722:2062): avc: denied { ioctl } for pid=2308 comm="syz.0.8827" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 1948.086706][ T2311] lo speed is unknown, defaulting to 1000 [ 1948.752510][ T2316] lo speed is unknown, defaulting to 1000 [ 1948.758976][ T2316] lo speed is unknown, defaulting to 1000 [ 1948.940611][ T2311] lo speed is unknown, defaulting to 1000 [ 1948.964662][ T30] audit: type=1400 audit(1757290021.992:2063): avc: denied { write } for pid=2313 comm="syz.3.8828" name="001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 1949.068896][ T30] audit: type=1400 audit(1757290022.702:2064): avc: denied { create } for pid=2308 comm="syz.0.8827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 1949.163015][ T30] audit: type=1400 audit(1757290022.852:2065): avc: denied { connect } for pid=2308 comm="syz.0.8827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 1950.010277][ T30] audit: type=1400 audit(1757290023.342:2066): avc: denied { write } for pid=2321 comm="syz.6.8829" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 1950.432871][ T2336] 9p: Unknown access argument 18446744073709551615: -34 [ 1950.627789][ T30] audit: type=1400 audit(1757290024.462:2067): avc: denied { remount } for pid=2345 comm="syz.5.8836" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1950.732877][ T30] audit: type=1400 audit(1757290024.522:2068): avc: denied { read } for pid=2328 comm="syz.8.8832" name="video7" dev="devtmpfs" ino=949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 1950.836558][ T2346] overlayfs: failed to clone lowerpath [ 1950.974573][ T2342] lo speed is unknown, defaulting to 1000 [ 1951.005779][ T2342] lo speed is unknown, defaulting to 1000 [ 1953.015427][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 1953.015444][ T30] audit: type=1400 audit(1757290026.852:2079): avc: denied { ioctl } for pid=2368 comm="syz.5.8844" path="socket:[139437]" dev="sockfs" ino=139437 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1954.230799][ T2391] overlayfs: failed to clone lowerpath [ 1954.237196][ T30] audit: type=1400 audit(1757290028.062:2080): avc: denied { mount } for pid=2379 comm="syz.5.8847" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 1954.641819][ T2395] syz.8.8851: attempt to access beyond end of device [ 1954.641819][ T2395] ram201: rw=2048, sector=521328, nr_sectors = 8 limit=8192 [ 1955.237964][ T30] audit: type=1400 audit(1757290029.072:2081): avc: denied { ioctl } for pid=2396 comm="syz.0.8850" path="socket:[139473]" dev="sockfs" ino=139473 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1955.278067][ T30] audit: type=1400 audit(1757290029.102:2082): avc: denied { setopt } for pid=2396 comm="syz.0.8850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1955.392355][ T30] audit: type=1400 audit(1757290029.212:2083): avc: denied { read } for pid=2399 comm="syz.8.8854" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1955.438396][ T30] audit: type=1400 audit(1757290029.212:2084): avc: denied { open } for pid=2399 comm="syz.8.8854" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1955.489833][ T30] audit: type=1400 audit(1757290029.212:2085): avc: denied { ioctl } for pid=2399 comm="syz.8.8854" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 1955.533058][ T30] audit: type=1400 audit(1757290029.242:2086): avc: denied { read } for pid=2407 comm="syz.0.8855" dev="nsfs" ino=4026532909 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1955.555719][ T30] audit: type=1400 audit(1757290029.242:2087): avc: denied { open } for pid=2407 comm="syz.0.8855" path="net:[4026532909]" dev="nsfs" ino=4026532909 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1955.581744][ T30] audit: type=1400 audit(1757290029.242:2088): avc: denied { create } for pid=2407 comm="syz.0.8855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1956.382341][ T2423] netlink: 12 bytes leftover after parsing attributes in process `syz.8.8858'. [ 1959.560516][ T2470] overlayfs: overlapping lowerdir path [ 1959.570293][ T5965] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 1959.721801][ T5965] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1959.728742][ T5965] usb 1-1: New USB device found, idVendor=0403, idProduct=a5ae, bcdDevice=d1.8d [ 1959.757333][ T5965] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1959.794264][ T5965] usb 1-1: config 0 descriptor?? [ 1960.389316][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 1960.389351][ T30] audit: type=1400 audit(1757290034.222:2094): avc: denied { read } for pid=2460 comm="syz.0.8869" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1960.420134][ T2476] binder: 2460:2476 ioctl c0306201 200000000080 returned -14 [ 1960.504704][ T30] audit: type=1400 audit(1757290034.222:2095): avc: denied { open } for pid=2460 comm="syz.0.8869" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1960.520059][ T5965] usb 1-1: string descriptor 0 read error: -71 [ 1960.538500][ T30] audit: type=1400 audit(1757290034.252:2096): avc: denied { ioctl } for pid=2460 comm="syz.0.8869" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1960.565631][ T30] audit: type=1400 audit(1757290034.252:2097): avc: denied { set_context_mgr } for pid=2460 comm="syz.0.8869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 1960.594663][ T5965] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 1960.622829][ T5965] ftdi_sio ttyUSB0: unknown device type: 0xd18d [ 1960.652285][ T5965] usb 1-1: USB disconnect, device number 79 [ 1960.659251][ T5965] ftdi_sio 1-1:0.0: device disconnected [ 1960.747511][ T30] audit: type=1400 audit(1757290034.332:2098): avc: denied { write } for pid=2460 comm="syz.0.8869" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1960.781481][ T30] audit: type=1400 audit(1757290034.332:2099): avc: denied { map } for pid=2460 comm="syz.0.8869" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1961.808158][ T2507] lo speed is unknown, defaulting to 1000 [ 1961.815354][ T2507] lo speed is unknown, defaulting to 1000 [ 1963.043256][ T2518] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 1963.048099][ T30] audit: type=1400 audit(1757290036.882:2100): avc: denied { firmware_load } for pid=2512 comm="syz.5.8880" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 1963.056836][ T2518] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 1963.093155][ T2518] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1963.284701][ T30] audit: type=1400 audit(1757290036.932:2101): avc: denied { firmware_load } for pid=2512 comm="syz.5.8880" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 1963.394898][ T2539] SELinux: policydb magic number 0x30303030 does not match expected magic number 0xf97cff8c [ 1963.406310][ T2539] SELinux: failed to load policy [ 1964.266699][ T30] audit: type=1400 audit(1757290037.232:2102): avc: denied { getopt } for pid=2527 comm="syz.8.8883" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1964.291199][ T30] audit: type=1400 audit(1757290037.232:2103): avc: denied { load_policy } for pid=2527 comm="syz.8.8883" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 1965.633721][ T30] audit: type=1400 audit(1757290039.462:2104): avc: denied { module_request } for pid=2546 comm="syz.6.8889" kmod="netdev-bridge0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 1965.738388][ T30] audit: type=1400 audit(1757290039.572:2105): avc: denied { sys_module } for pid=2546 comm="syz.6.8889" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 1967.320470][ T2577] netlink: 16 bytes leftover after parsing attributes in process `syz.8.8894'. [ 1967.331696][ T2577] syz.8.8894: attempt to access beyond end of device [ 1967.331696][ T2577] ram201: rw=2048, sector=521328, nr_sectors = 8 limit=8192 [ 1967.861876][ T30] audit: type=1400 audit(1757290041.692:2106): avc: denied { execute } for pid=2583 comm="syz.8.8897" name="file0" dev="tmpfs" ino=887 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1968.417759][ T2565] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8892'. [ 1968.576693][ T30] audit: type=1400 audit(1757290042.412:2107): avc: denied { execute_no_trans } for pid=2583 comm="syz.8.8897" path="/165/file0" dev="tmpfs" ino=887 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 1969.771209][ T30] audit: type=1400 audit(1757290043.602:2108): avc: denied { read } for pid=2608 comm="syz.8.8903" name="event2" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 1969.813748][ T2610] [ 1969.816092][ T2610] ===================================================== [ 1969.823010][ T2610] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1969.830455][ T2610] syzkaller #0 Not tainted [ 1969.834864][ T2610] ----------------------------------------------------- [ 1969.841781][ T2610] syz.8.8903/2610 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1969.849402][ T2610] ffff88807453a8a0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 1969.858094][ T2610] [ 1969.858094][ T2610] and this task is already holding: [ 1969.865433][ T2610] ffff88802941b028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 1969.875250][ T2610] which would create a new lock dependency: [ 1969.881115][ T2610] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1969.889188][ T2610] [ 1969.889188][ T2610] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1969.898611][ T2610] (&dev->event_lock#2){..-.}-{3:3} [ 1969.898636][ T2610] [ 1969.898636][ T2610] ... which became SOFTIRQ-irq-safe at: [ 1969.911484][ T2610] lock_acquire+0x179/0x350 [ 1969.916065][ T2610] _raw_spin_lock_irqsave+0x3a/0x60 [ 1969.921331][ T2610] input_inject_event+0x9f/0x3b0 [ 1969.926343][ T2610] led_set_brightness+0x217/0x290 [ 1969.931436][ T2610] led_trigger_event+0xda/0x270 [ 1969.936356][ T2610] kbd_bh+0x21b/0x300 [ 1969.940408][ T2610] tasklet_action_common+0x281/0x400 [ 1969.945771][ T2610] handle_softirqs+0x219/0x8e0 [ 1969.950604][ T2610] __irq_exit_rcu+0x109/0x170 [ 1969.955345][ T2610] irq_exit_rcu+0x9/0x30 [ 1969.959654][ T2610] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1969.965352][ T2610] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1969.971396][ T2610] _raw_spin_unlock_irqrestore+0x31/0x80 [ 1969.977118][ T2610] __wake_up+0x3f/0x60 [ 1969.981256][ T2610] vt_event_post+0x180/0x1e0 [ 1969.985920][ T2610] change_console+0x1ac/0x560 [ 1969.990662][ T2610] console_callback+0x1a1/0x4c0 [ 1969.995589][ T2610] process_one_work+0x9cc/0x1b70 [ 1970.000602][ T2610] worker_thread+0x6c8/0xf10 [ 1970.005268][ T2610] kthread+0x3c2/0x780 [ 1970.009403][ T2610] ret_from_fork+0x5d4/0x6f0 [ 1970.014057][ T2610] ret_from_fork_asm+0x1a/0x30 [ 1970.018890][ T2610] [ 1970.018890][ T2610] to a SOFTIRQ-irq-unsafe lock: [ 1970.025879][ T2610] (tasklist_lock){.+.+}-{3:3} [ 1970.025898][ T2610] [ 1970.025898][ T2610] ... which became SOFTIRQ-irq-unsafe at: [ 1970.038493][ T2610] ... [ 1970.038499][ T2610] lock_acquire+0x179/0x350 [ 1970.045633][ T2610] _raw_read_lock+0x5f/0x70 [ 1970.050206][ T2610] __do_wait+0x105/0x890 [ 1970.054535][ T2610] do_wait+0x21e/0x5a0 [ 1970.058665][ T2610] kernel_wait+0x9f/0x160 [ 1970.063057][ T2610] call_usermodehelper_exec_work+0xf1/0x170 [ 1970.069015][ T2610] process_one_work+0x9cc/0x1b70 [ 1970.074017][ T2610] worker_thread+0x6c8/0xf10 [ 1970.078671][ T2610] kthread+0x3c2/0x780 [ 1970.082802][ T2610] ret_from_fork+0x5d4/0x6f0 [ 1970.087455][ T2610] ret_from_fork_asm+0x1a/0x30 [ 1970.092284][ T2610] [ 1970.092284][ T2610] other info that might help us debug this: [ 1970.092284][ T2610] [ 1970.102485][ T2610] Chain exists of: [ 1970.102485][ T2610] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 1970.102485][ T2610] [ 1970.116021][ T2610] Possible interrupt unsafe locking scenario: [ 1970.116021][ T2610] [ 1970.124319][ T2610] CPU0 CPU1 [ 1970.129659][ T2610] ---- ---- [ 1970.135019][ T2610] lock(tasklist_lock); [ 1970.139238][ T2610] local_irq_disable(); [ 1970.145968][ T2610] lock(&dev->event_lock#2); [ 1970.153147][ T2610] lock(&client->buffer_lock); [ 1970.160499][ T2610] [ 1970.163931][ T2610] lock(&dev->event_lock#2); [ 1970.168763][ T2610] [ 1970.168763][ T2610] *** DEADLOCK *** [ 1970.168763][ T2610] [ 1970.176879][ T2610] 7 locks held by syz.8.8903/2610: [ 1970.181963][ T2610] #0: ffff88802b8db118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x206/0x750 [ 1970.191077][ T2610] #1: ffff88802b48b230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 1970.201154][ T2610] #2: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 1970.210791][ T2610] #3: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 1970.220343][ T2610] #4: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 1970.229474][ T2610] #5: ffff88802941b028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 1970.239715][ T2610] #6: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 1970.248751][ T2610] [ 1970.248751][ T2610] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1970.259136][ T2610] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1970.264771][ T2610] IN-SOFTIRQ-W at: [ 1970.268821][ T2610] lock_acquire+0x179/0x350 [ 1970.275139][ T2610] _raw_spin_lock_irqsave+0x3a/0x60 [ 1970.282144][ T2610] input_inject_event+0x9f/0x3b0 [ 1970.288894][ T2610] led_set_brightness+0x217/0x290 [ 1970.295728][ T2610] led_trigger_event+0xda/0x270 [ 1970.302379][ T2610] kbd_bh+0x21b/0x300 [ 1970.308167][ T2610] tasklet_action_common+0x281/0x400 [ 1970.315256][ T2610] handle_softirqs+0x219/0x8e0 [ 1970.321824][ T2610] __irq_exit_rcu+0x109/0x170 [ 1970.328306][ T2610] irq_exit_rcu+0x9/0x30 [ 1970.334351][ T2610] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1970.341793][ T2610] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1970.349586][ T2610] _raw_spin_unlock_irqrestore+0x31/0x80 [ 1970.357030][ T2610] __wake_up+0x3f/0x60 [ 1970.362913][ T2610] vt_event_post+0x180/0x1e0 [ 1970.369315][ T2610] change_console+0x1ac/0x560 [ 1970.375795][ T2610] console_callback+0x1a1/0x4c0 [ 1970.382454][ T2610] process_one_work+0x9cc/0x1b70 [ 1970.389194][ T2610] worker_thread+0x6c8/0xf10 [ 1970.395586][ T2610] kthread+0x3c2/0x780 [ 1970.401457][ T2610] ret_from_fork+0x5d4/0x6f0 [ 1970.407853][ T2610] ret_from_fork_asm+0x1a/0x30 [ 1970.414423][ T2610] INITIAL USE at: [ 1970.418381][ T2610] lock_acquire+0x179/0x350 [ 1970.424606][ T2610] _raw_spin_lock_irqsave+0x3a/0x60 [ 1970.431523][ T2610] input_inject_event+0x9f/0x3b0 [ 1970.438181][ T2610] led_set_brightness+0x217/0x290 [ 1970.444925][ T2610] kbd_led_trigger_activate+0xcb/0x110 [ 1970.452103][ T2610] led_trigger_set+0x59a/0xc50 [ 1970.458580][ T2610] led_trigger_set_default+0x1e0/0x2e0 [ 1970.465750][ T2610] led_classdev_register_ext+0x7b8/0xa10 [ 1970.473101][ T2610] input_leds_connect+0x552/0x8e0 [ 1970.479848][ T2610] input_attach_handler.isra.0+0x176/0x250 [ 1970.487376][ T2610] input_register_device+0xab9/0x1180 [ 1970.494469][ T2610] atkbd_connect+0x5f8/0xa40 [ 1970.500778][ T2610] serio_driver_probe+0x7c/0xd0 [ 1970.507357][ T2610] really_probe+0x241/0xa90 [ 1970.513577][ T2610] __driver_probe_device+0x1de/0x440 [ 1970.520581][ T2610] driver_probe_device+0x4c/0x1b0 [ 1970.527340][ T2610] __driver_attach+0x283/0x580 [ 1970.533818][ T2610] bus_for_each_dev+0x13e/0x1d0 [ 1970.540384][ T2610] serio_handle_event+0x335/0xc30 [ 1970.547136][ T2610] process_one_work+0x9cc/0x1b70 [ 1970.553789][ T2610] worker_thread+0x6c8/0xf10 [ 1970.560096][ T2610] kthread+0x3c2/0x780 [ 1970.565884][ T2610] ret_from_fork+0x5d4/0x6f0 [ 1970.572187][ T2610] ret_from_fork_asm+0x1a/0x30 [ 1970.578668][ T2610] } [ 1970.581231][ T2610] ... key at: [] __key.7+0x0/0x40 [ 1970.588413][ T2610] -> (&client->buffer_lock){....}-{3:3} { [ 1970.594121][ T2610] INITIAL USE at: [ 1970.597991][ T2610] lock_acquire+0x179/0x350 [ 1970.604040][ T2610] _raw_spin_lock+0x2e/0x40 [ 1970.610088][ T2610] evdev_pass_values+0x10e/0x9b0 [ 1970.616580][ T2610] evdev_events+0x1bb/0x390 [ 1970.622630][ T2610] input_pass_values+0x74e/0x880 [ 1970.629127][ T2610] input_handle_event+0xf00/0x14d0 [ 1970.635791][ T2610] input_inject_event+0x1e8/0x3b0 [ 1970.642363][ T2610] evdev_write+0x457/0x750 [ 1970.648316][ T2610] vfs_write+0x29d/0x11d0 [ 1970.654185][ T2610] ksys_write+0x1f8/0x250 [ 1970.660054][ T2610] do_syscall_64+0xcd/0x4c0 [ 1970.666107][ T2610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1970.673541][ T2610] } [ 1970.676016][ T2610] ... key at: [] __key.1+0x0/0x40 [ 1970.683108][ T2610] ... acquired at: [ 1970.686886][ T2610] _raw_spin_lock+0x2e/0x40 [ 1970.691539][ T2610] evdev_pass_values+0x10e/0x9b0 [ 1970.696634][ T2610] evdev_events+0x1bb/0x390 [ 1970.701292][ T2610] input_pass_values+0x74e/0x880 [ 1970.706386][ T2610] input_handle_event+0xf00/0x14d0 [ 1970.711653][ T2610] input_inject_event+0x1e8/0x3b0 [ 1970.716835][ T2610] evdev_write+0x457/0x750 [ 1970.721402][ T2610] vfs_write+0x29d/0x11d0 [ 1970.725882][ T2610] ksys_write+0x1f8/0x250 [ 1970.730364][ T2610] do_syscall_64+0xcd/0x4c0 [ 1970.735031][ T2610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1970.741073][ T2610] [ 1970.743373][ T2610] [ 1970.743373][ T2610] the dependencies between the lock to be acquired [ 1970.743380][ T2610] and SOFTIRQ-irq-unsafe lock: [ 1970.756850][ T2610] -> (tasklist_lock){.+.+}-{3:3} { [ 1970.762128][ T2610] HARDIRQ-ON-R at: [ 1970.766262][ T2610] lock_acquire+0x179/0x350 [ 1970.772753][ T2610] _raw_read_lock+0x5f/0x70 [ 1970.779231][ T2610] __do_wait+0x105/0x890 [ 1970.785453][ T2610] do_wait+0x21e/0x5a0 [ 1970.791495][ T2610] kernel_wait+0x9f/0x160 [ 1970.797797][ T2610] call_usermodehelper_exec_work+0xf1/0x170 [ 1970.805666][ T2610] process_one_work+0x9cc/0x1b70 [ 1970.812578][ T2610] worker_thread+0x6c8/0xf10 [ 1970.819145][ T2610] kthread+0x3c2/0x780 [ 1970.825189][ T2610] ret_from_fork+0x5d4/0x6f0 [ 1970.831752][ T2610] ret_from_fork_asm+0x1a/0x30 [ 1970.838491][ T2610] SOFTIRQ-ON-R at: [ 1970.842622][ T2610] lock_acquire+0x179/0x350 [ 1970.849108][ T2610] _raw_read_lock+0x5f/0x70 [ 1970.855587][ T2610] __do_wait+0x105/0x890 [ 1970.861811][ T2610] do_wait+0x21e/0x5a0 [ 1970.867853][ T2610] kernel_wait+0x9f/0x160 [ 1970.874154][ T2610] call_usermodehelper_exec_work+0xf1/0x170 [ 1970.882025][ T2610] process_one_work+0x9cc/0x1b70 [ 1970.888936][ T2610] worker_thread+0x6c8/0xf10 [ 1970.895500][ T2610] kthread+0x3c2/0x780 [ 1970.901541][ T2610] ret_from_fork+0x5d4/0x6f0 [ 1970.908104][ T2610] ret_from_fork_asm+0x1a/0x30 [ 1970.914847][ T2610] INITIAL USE at: [ 1970.918889][ T2610] lock_acquire+0x179/0x350 [ 1970.925284][ T2610] _raw_write_lock_irq+0x36/0x50 [ 1970.932114][ T2610] copy_process+0x4caf/0x7690 [ 1970.938681][ T2610] kernel_clone+0xfc/0x930 [ 1970.944986][ T2610] user_mode_thread+0xc7/0x110 [ 1970.951642][ T2610] rest_init+0x23/0x2b0 [ 1970.957689][ T2610] start_kernel+0x3ee/0x4d0 [ 1970.964083][ T2610] x86_64_start_reservations+0x18/0x30 [ 1970.971431][ T2610] x86_64_start_kernel+0x130/0x190 [ 1970.978429][ T2610] common_startup_64+0x13e/0x148 [ 1970.985257][ T2610] INITIAL READ USE at: [ 1970.989736][ T2610] lock_acquire+0x179/0x350 [ 1970.996567][ T2610] _raw_read_lock+0x5f/0x70 [ 1971.003395][ T2610] __do_wait+0x105/0x890 [ 1971.009966][ T2610] do_wait+0x21e/0x5a0 [ 1971.016353][ T2610] kernel_wait+0x9f/0x160 [ 1971.023003][ T2610] call_usermodehelper_exec_work+0xf1/0x170 [ 1971.031221][ T2610] process_one_work+0x9cc/0x1b70 [ 1971.038486][ T2610] worker_thread+0x6c8/0xf10 [ 1971.045412][ T2610] kthread+0x3c2/0x780 [ 1971.051811][ T2610] ret_from_fork+0x5d4/0x6f0 [ 1971.058728][ T2610] ret_from_fork_asm+0x1a/0x30 [ 1971.065817][ T2610] } [ 1971.068472][ T2610] ... key at: [] tasklist_lock+0x18/0x40 [ 1971.076353][ T2610] ... acquired at: [ 1971.080316][ T2610] _raw_read_lock+0x5f/0x70 [ 1971.085000][ T2610] send_sigurg+0xed/0xc80 [ 1971.089491][ T2610] sk_send_sigurg+0x76/0x360 [ 1971.094325][ T2610] tcp_urg+0x341/0xb80 [ 1971.098560][ T2610] tcp_rcv_established+0x87a/0x23f0 [ 1971.103932][ T2610] tcp_v4_do_rcv+0x5ca/0xa90 [ 1971.108684][ T2610] __release_sock+0x31b/0x400 [ 1971.113516][ T2610] release_sock+0x5a/0x220 [ 1971.118091][ T2610] tcp_sendmsg+0x38/0x50 [ 1971.122490][ T2610] inet6_sendmsg+0xb9/0x140 [ 1971.127161][ T2610] ____sys_sendmsg+0x705/0xc70 [ 1971.132085][ T2610] ___sys_sendmsg+0x134/0x1d0 [ 1971.136919][ T2610] __sys_sendmsg+0x16d/0x220 [ 1971.141663][ T2610] do_syscall_64+0xcd/0x4c0 [ 1971.146322][ T2610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1971.152366][ T2610] [ 1971.154667][ T2610] -> (&f_owner->lock){....}-{3:3} { [ 1971.159941][ T2610] INITIAL USE at: [ 1971.163899][ T2610] lock_acquire+0x179/0x350 [ 1971.170126][ T2610] _raw_write_lock_irq+0x36/0x50 [ 1971.176786][ T2610] __f_setown+0x61/0x3c0 [ 1971.182748][ T2610] f_setown+0x122/0x290 [ 1971.188620][ T2610] do_fcntl+0xfa6/0x15a0 [ 1971.194579][ T2610] __x64_sys_fcntl+0x163/0x200 [ 1971.201066][ T2610] do_syscall_64+0xcd/0x4c0 [ 1971.207286][ T2610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1971.214893][ T2610] INITIAL READ USE at: [ 1971.219285][ T2610] lock_acquire+0x179/0x350 [ 1971.225947][ T2610] _raw_read_lock_irqsave+0x74/0x90 [ 1971.233298][ T2610] send_sigurg+0x5f/0xc80 [ 1971.239782][ T2610] sk_send_sigurg+0x76/0x360 [ 1971.246522][ T2610] unix_stream_sendmsg+0xfa5/0x1340 [ 1971.253873][ T2610] ____sys_sendmsg+0xa98/0xc70 [ 1971.260795][ T2610] ___sys_sendmsg+0x134/0x1d0 [ 1971.267643][ T2610] __sys_sendmsg+0x16d/0x220 [ 1971.274390][ T2610] do_syscall_64+0xcd/0x4c0 [ 1971.281058][ T2610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1971.289107][ T2610] } [ 1971.291675][ T2610] ... key at: [] __key.1+0x0/0x40 [ 1971.299044][ T2610] ... acquired at: [ 1971.302922][ T2610] _raw_read_lock_irqsave+0x74/0x90 [ 1971.308283][ T2610] send_sigio+0x31/0x3e0 [ 1971.312682][ T2610] kill_fasync+0x214/0x510 [ 1971.317255][ T2610] sock_wake_async+0x132/0x160 [ 1971.322178][ T2610] unix_release_sock+0xc3a/0x1530 [ 1971.327360][ T2610] unix_release+0x91/0xf0 [ 1971.331846][ T2610] __sock_release+0xb0/0x270 [ 1971.336590][ T2610] sock_close+0x1c/0x30 [ 1971.340906][ T2610] __fput+0x3ff/0xb70 [ 1971.345050][ T2610] task_work_run+0x150/0x240 [ 1971.349794][ T2610] get_signal+0x1d1/0x26d0 [ 1971.354365][ T2610] arch_do_signal_or_restart+0x8f/0x7d0 [ 1971.360066][ T2610] exit_to_user_mode_loop+0x84/0x110 [ 1971.365509][ T2610] do_syscall_64+0x3f6/0x4c0 [ 1971.370255][ T2610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1971.376304][ T2610] [ 1971.378604][ T2610] -> (&new->fa_lock){....}-{3:3} { [ 1971.383706][ T2610] INITIAL USE at: [ 1971.387574][ T2610] lock_acquire+0x179/0x350 [ 1971.393627][ T2610] _raw_write_lock_irq+0x36/0x50 [ 1971.400110][ T2610] fasync_remove_entry+0xb2/0x1e0 [ 1971.406686][ T2610] fasync_helper+0xaf/0xd0 [ 1971.412648][ T2610] lease_modify+0x232/0x500 [ 1971.418687][ T2610] locks_remove_file+0x29e/0x5c0 [ 1971.425162][ T2610] __fput+0x351/0xb70 [ 1971.430692][ T2610] task_work_run+0x150/0x240 [ 1971.436830][ T2610] exit_to_user_mode_loop+0xeb/0x110 [ 1971.443661][ T2610] do_syscall_64+0x3f6/0x4c0 [ 1971.449794][ T2610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1971.457224][ T2610] INITIAL READ USE at: [ 1971.461527][ T2610] lock_acquire+0x179/0x350 [ 1971.468016][ T2610] _raw_read_lock_irqsave+0x74/0x90 [ 1971.475189][ T2610] kill_fasync+0x138/0x510 [ 1971.481587][ T2610] sock_wake_async+0x132/0x160 [ 1971.488330][ T2610] unix_release_sock+0xc3a/0x1530 [ 1971.495331][ T2610] unix_release+0x91/0xf0 [ 1971.501639][ T2610] __sock_release+0xb0/0x270 [ 1971.508207][ T2610] sock_close+0x1c/0x30 [ 1971.514340][ T2610] __fput+0x3ff/0xb70 [ 1971.520303][ T2610] task_work_run+0x150/0x240 [ 1971.526877][ T2610] get_signal+0x1d1/0x26d0 [ 1971.533271][ T2610] arch_do_signal_or_restart+0x8f/0x7d0 [ 1971.540796][ T2610] exit_to_user_mode_loop+0x84/0x110 [ 1971.548067][ T2610] do_syscall_64+0x3f6/0x4c0 [ 1971.554637][ T2610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1971.562504][ T2610] } [ 1971.564978][ T2610] ... key at: [] __key.0+0x0/0x40 [ 1971.572068][ T2610] ... acquired at: [ 1971.575847][ T2610] lock_acquire+0x179/0x350 [ 1971.580509][ T2610] _raw_read_lock_irqsave+0x74/0x90 [ 1971.585868][ T2610] kill_fasync+0x138/0x510 [ 1971.590443][ T2610] evdev_pass_values+0x619/0x9b0 [ 1971.595546][ T2610] evdev_events+0x1bb/0x390 [ 1971.600209][ T2610] input_pass_values+0x74e/0x880 [ 1971.605314][ T2610] input_handle_event+0xf00/0x14d0 [ 1971.610583][ T2610] input_inject_event+0x1e8/0x3b0 [ 1971.615763][ T2610] evdev_write+0x457/0x750 [ 1971.620328][ T2610] vfs_write+0x29d/0x11d0 [ 1971.624817][ T2610] ksys_write+0x1f8/0x250 [ 1971.629301][ T2610] do_syscall_64+0xcd/0x4c0 [ 1971.633958][ T2610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1971.640004][ T2610] [ 1971.642307][ T2610] [ 1971.642307][ T2610] stack backtrace: [ 1971.648170][ T2610] CPU: 1 UID: 0 PID: 2610 Comm: syz.8.8903 Not tainted syzkaller #0 PREEMPT(full) [ 1971.648187][ T2610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1971.648196][ T2610] Call Trace: [ 1971.648202][ T2610] [ 1971.648208][ T2610] dump_stack_lvl+0x116/0x1f0 [ 1971.648227][ T2610] check_irq_usage+0x7dc/0x920 [ 1971.648247][ T2610] ? tracing_record_taskinfo_sched_switch+0x54/0x400 [ 1971.648267][ T2610] ? check_path.constprop.0+0x24/0x50 [ 1971.648288][ T2610] ? __lock_acquire+0x12bc/0x1ce0 [ 1971.648307][ T2610] __lock_acquire+0x12bc/0x1ce0 [ 1971.648331][ T2610] lock_acquire+0x179/0x350 [ 1971.648351][ T2610] ? kill_fasync+0x138/0x510 [ 1971.648373][ T2610] _raw_read_lock_irqsave+0x74/0x90 [ 1971.648388][ T2610] ? kill_fasync+0x138/0x510 [ 1971.648406][ T2610] kill_fasync+0x138/0x510 [ 1971.648425][ T2610] evdev_pass_values+0x619/0x9b0 [ 1971.648450][ T2610] evdev_events+0x1bb/0x390 [ 1971.648470][ T2610] input_pass_values+0x74e/0x880 [ 1971.648493][ T2610] input_handle_event+0xf00/0x14d0 [ 1971.648513][ T2610] ? _copy_from_user+0x59/0xd0 [ 1971.648534][ T2610] input_inject_event+0x1e8/0x3b0 [ 1971.648556][ T2610] evdev_write+0x457/0x750 [ 1971.648570][ T2610] ? __pfx_evdev_write+0x10/0x10 [ 1971.648583][ T2610] ? bpf_lsm_file_permission+0x9/0x10 [ 1971.648601][ T2610] ? security_file_permission+0x71/0x210 [ 1971.648622][ T2610] ? rw_verify_area+0xcf/0x6c0 [ 1971.648642][ T2610] ? __pfx_evdev_write+0x10/0x10 [ 1971.648654][ T2610] vfs_write+0x29d/0x11d0 [ 1971.648670][ T2610] ? __pfx_vfs_write+0x10/0x10 [ 1971.648682][ T2610] ? find_held_lock+0x2b/0x80 [ 1971.648697][ T2610] ? __fget_files+0x204/0x3c0 [ 1971.648713][ T2610] ? __fget_files+0x20e/0x3c0 [ 1971.648729][ T2610] ksys_write+0x1f8/0x250 [ 1971.648742][ T2610] ? __pfx_ksys_write+0x10/0x10 [ 1971.648758][ T2610] do_syscall_64+0xcd/0x4c0 [ 1971.648777][ T2610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1971.648790][ T2610] RIP: 0033:0x7fbf9298ebe9 [ 1971.648802][ T2610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1971.648815][ T2610] RSP: 002b:00007fbf93744038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1971.648829][ T2610] RAX: ffffffffffffffda RBX: 00007fbf92bc5fa0 RCX: 00007fbf9298ebe9 [ 1971.648842][ T2610] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000007 [ 1971.648850][ T2610] RBP: 00007fbf92a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1971.648858][ T2610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1971.648866][ T2610] R13: 00007fbf92bc6038 R14: 00007fbf92bc5fa0 R15: 00007ffe61b9df38 [ 1971.648881][ T2610] [ 1971.655884][ T30] audit: type=1400 audit(1757290043.602:2109): avc: denied { open } for pid=2608 comm="syz.8.8903" path="/dev/input/event2" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 1971.951789][ T30] audit: type=1400 audit(1757290043.652:2110): avc: denied { write } for pid=2608 comm="syz.8.8903" name="event2" dev="devtmpfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 1971.951830][ T30] audit: type=1400 audit(1757290043.652:2111): avc: denied { ioctl } for pid=2608 comm="syz.8.8903" path="/dev/input/event2" dev="devtmpfs" ino=922 ioctlcmd=0x4580 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 1971.951863][ T30] audit: type=1326 audit(1757290045.572:2112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.3.8901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1971.951897][ T30] audit: type=1326 audit(1757290045.572:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.3.8901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1971.951940][ T30] audit: type=1326 audit(1757290045.572:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.3.8901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1971.951976][ T30] audit: type=1326 audit(1757290045.572:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.3.8901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1971.952015][ T30] audit: type=1326 audit(1757290045.572:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.3.8901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1971.952050][ T30] audit: type=1326 audit(1757290045.572:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.3.8901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1971.952085][ T30] audit: type=1326 audit(1757290045.572:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.3.8901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f938c58ebe9 code=0x7ffc0000 [ 1975.621897][ T1299] ieee802154 phy1 wpan1: encryption failed: -22