last executing test programs: 5m40.771947175s ago: executing program 1 (id=1522): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x7a22, 0xc000, 0x7, 0x337}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='9', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x94, 0x7fff0000}]}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xe) close_range(r1, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x22e, &(0x7f0000019140)={0x0, 0x8ffd, 0x89, 0x0, 0x10}, 0x0, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10) 5m39.499593681s ago: executing program 1 (id=1528): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f0000292f17cee19d0001000000000000000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4852f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdec75dca3772be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1c6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde71a19d1a2982492abaa96665372831210e00d2bfea3bf97ff8836d000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000100), 0x237}, 0x48) socket$nl_route(0x10, 0x3, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000000100)={{0x0, 0x7, 0x81, 0x6, 0x7, 0x45, 0xffffffffffffff01, 0x9, 0x5, 0x25, 0xbf, 0x0, 0x8, 0x7ff, 0x9}}) syz_io_uring_setup(0x18d7, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe0}, {0xfff1, 0xffff}, {0x4, 0x7}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000005000)=@deltfilter={0x2c, 0x2d, 0x1, 0x78bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x8}, {0xfff2, 0xffff}, {0x0, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0x1}]}, 0x2c}}, 0x20044800) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) ioctl$SIOCGETLINKNAME(0xffffffffffffffff, 0x89e0, &(0x7f0000000380)={0x2, 0x3}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0xfff3}}}, 0x24}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f00, 0xf, 0x2f, &(0x7f00000007c0)="9f44948721919580684010a49e66", 0x0, 0x7ff, 0x0, 0xb1, 0xfffffd85, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) 5m37.133196644s ago: executing program 1 (id=1534): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0xf5ff, &(0x7f0000000000)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x9}, @NFTA_EXTHDR_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xe4}}, 0x0) 5m36.880272449s ago: executing program 1 (id=1535): r0 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x100) ioctl$CEC_ADAP_G_PHYS_ADDR(r0, 0x80026101, &(0x7f0000000140)) 5m36.612271224s ago: executing program 1 (id=1537): bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e000000040000000400000002"], 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc421591dc57bedb8, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @jmp={0x5, 0x1, 0xa, 0x83724cb7c9f3b0ae, 0x5, 0x8}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r0, 0x2000012, 0xe, 0xffffffffffffff79, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 5m36.322835142s ago: executing program 1 (id=1539): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0) fchdir(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x2, 0x0) memfd_create(0x0, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x1, &(0x7f0000000140)={0x9, 0x8}, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x23, 0x4, 0x7fffffffefff) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r2, &(0x7f0000032680)=""/102393, 0xffffffe5) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r4 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x2c, 0x800000000004, @tid=r4}, &(0x7f0000000040)) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r6 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4c20, 0x0, 0x4, 0x0, 0x2}, {0x0, 0x80000800, 0x3, 0x0, 0x0, 0xf42, 0x5}, {0x0, 0x0, 0x0, 0x5}, 0x801, 0x0, 0x1, 0x0, 0x5, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x4, 0x33}, 0xa, @in=@empty, 0x3507, 0x5, 0x0, 0x4, 0x0, 0x10000000, 0xfffffffd}}, 0xe8) connect$inet6(r6, &(0x7f0000000040)={0xa, 0x0, 0x6, @ipv4={'\x00', '\xff\xff', @remote}, 0x200000}, 0x1c) close(r3) ioctl$FIGETBSZ(r1, 0x2, &(0x7f00000000c0)) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r7, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5}, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) r8 = memfd_create(&(0x7f0000000bc0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc00x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)=@newqdisc={0x28, 0x29, 0x4ee4e6a52ff56541, 0x4001, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x10, 0x1}, {}, {0xa, 0x3}}, [@TCA_STAB={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40098}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, '\x00', r3, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe3e, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4400000010000104fcfffffffddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000020001280000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r5], 0x44}, 0x1, 0x0, 0x0, 0x24000891}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000002240)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000015c0)=ANY=[@ANYRES32=r8, @ANYRES32=r9, @ANYBLOB="05"], 0x10) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x679, 0x100}, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)=r7}, 0x20) sendmsg$inet(r6, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) ioctl$sock_ifreq(r0, 0x8931, &(0x7f0000000100)={'bond0\x00', @ifru_data=0x0}) 21.435893065s ago: executing program 4 (id=2367): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)=@newqdisc={0x28, 0x29, 0x4ee4e6a52ff56541, 0x4001, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x10, 0x1}, {}, {0xa, 0x3}}, [@TCA_STAB={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x40098}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, '\x00', r3, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe3e, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000002240)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000015c0)=ANY=[@ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="05"], 0x10) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x679, 0x100}, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r6}, &(0x7f00000006c0), &(0x7f0000000700)=r5}, 0x20) sendmsg$inet(r4, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0xa4ff}, 0x3) ioctl$sock_ifreq(r0, 0x8931, &(0x7f0000000100)={'bond0\x00', @ifru_data=0x0}) 17.791206662s ago: executing program 4 (id=2380): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x5}, 0x2) r1 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xd) io_setup(0x6, &(0x7f0000000240)=0x0) io_submit(r2, 0x3, &(0x7f0000000980)=[&(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x2, r1, 0x0, 0x0, 0x80}, 0x0, 0x0]) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r1, r3, 0x0, 0x2000fb) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0xe8381, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000040)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000}) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) openat$sysfs(0xffffffffffffff9c, 0x0, 0xa0042, 0x0) write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvmmsg(r8, &(0x7f0000002800)=[{{0x0, 0x0, &(0x7f0000002200)=[{&(0x7f0000002100)=""/212, 0xd4}], 0x1}, 0xa}], 0x1, 0x0, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000000)=ANY=[@ANYBLOB="f538aaaaaa230180c20000000800450000b00000000000119078000000f2fb2fbd0560d13a20009c907801000000040000007b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424dbcfd56f1375461caaa2f19935e6996c7096ffeeb03000000000000649a3bfbc1f39cb307b3472eb9cdb042d2643fcbb2c5a57df67d544af6dafe0900"], 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x40}, 0x94) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xb68, 0xffffffffffffff9d, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 15.576324639s ago: executing program 3 (id=2387): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000002c0)="b8001800000f23d00f21f8353000000e0f23f83e0fae8d001000000fd8e866baf80cb84a8cce8cef66bafc0cec26640f23dbc7442400b30d45d5c744240204000000c7442406000000000f011c2466baf80cb8dc759680fadecedecefc0c66b8134266ef66ba4300ec0f0f49e4b70fbaa70a0000000d", 0x76}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0, 0x9}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41, 0x3}}, 0x10) 15.291819412s ago: executing program 4 (id=2388): socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xd0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS64(0xffffffffffffffff, 0x80605414, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) gettid() sigaltstack(&(0x7f0000001040)={0x0}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="3800000018000100000000000000000002000000fc04000900090000060015000200000014001680100008800c000380"], 0x38}}, 0x2000a080) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000001540)=ANY=[@ANYBLOB="58010000100013070000000000000000fc020000000000000000000000000001fe8000000000000000000000000000aa00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141417000000000000000000000000000004d533000000e000000100000000000000000000000003000000d1a7bf740000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000220000000000000000000000000000000200000002000000000000005c001400636d616328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000003509fe8fd57fd44aa5074c50be700e530c001c00936400decd"], 0x158}}, 0x0) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) 14.993127217s ago: executing program 4 (id=2389): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0) syz_usb_disconnect(r2) r3 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_disconnect(r2) syz_usb_disconnect(r3) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r3) munmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000) sendmsg$NFT_BATCH(r1, 0x0, 0x0) sendmsg$NFT_BATCH(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000440)=ANY=[], 0x0) r4 = syz_open_dev$I2C(&(0x7f00000000c0), 0x1, 0x2603) ioctl$I2C_RDWR(r4, 0x707, &(0x7f0000000040)={&(0x7f0000001180)=[{0x3, 0x200, 0x15, &(0x7f0000000180)="befd1f0bbc4a3b9619e4838d5282ccccc2b9001fa3"}], 0x1}) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0) r6 = socket(0x1f, 0x80000, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000040), &(0x7f00000000c0)=0xc) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffff9, {0x0, 0x0, 0x0, r7, {0x8, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_NAT={0x8, 0xb, 0x1}]}}]}, 0x3c}}, 0x24040000) sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x48, 0x2c, 0xf3f, 0x70fd2c, 0x25dfdbbd, {0x0, 0x0, 0x0, r7, {0xc}, {0xfff4, 0x1}, {0x7, 0x300}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0x1}, @TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x66e}]}, 0x48}, 0x1, 0x0, 0x0, 0x20045080}, 0x140c0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r9, {0xa, 0xffe0}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xf, 0x3, 0x0, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) socket(0x2, 0x80805, 0x0) 14.780973914s ago: executing program 3 (id=2390): prctl$PR_GET_KEEPCAPS(0x7) r0 = landlock_create_ruleset(&(0x7f00000000c0)={0x0, 0x3, 0x2}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, &(0x7f0000000100)) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1f, 0x5, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000007d00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) landlock_restrict_self(r0, 0x0) landlock_create_ruleset(&(0x7f0000000040)={0x14985, 0x3, 0x3}, 0x18, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007c, 0x0) r6 = dup3(r4, r5, 0x0) ioctl$LOOP_SET_FD(r6, 0x9201, 0xffffffffffffffff) bind$unix(r3, &(0x7f0000003000)=@file={0x1, './file0\x00'}, 0x6e) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x1) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) splice(r7, 0x0, r9, 0x0, 0x6, 0xc) syz_emit_ethernet(0x11, &(0x7f0000000480)=ANY=[@ANYBLOB="dd82bd76a4a4aaaaaaaaaaaa8864fcfe25"], 0x0) landlock_restrict_self(r8, 0x5) connect$unix(r2, &(0x7f00000002c0)=@file={0x1, './file0\x00'}, 0x6e) 13.681306973s ago: executing program 3 (id=2395): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="97eb01001800000000000000500000005000000002000000090000000000000e03000000010000000a0000000000000203000000000000000500000d0000fa8c99dc0000010000000000000000000000000000000000000009000000000000000100000003"], 0x0, 0x6a, 0x0, 0x0, 0x80000001}, 0x28) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0800000000000000bc926b1a41841b6c26e30000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1d, 0x1c, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000218110000", @ANYRES8=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000080008500000017000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0xe, 0x0, &(0x7f00000002c0)="b8000005000000005baf2312bbc2", 0x0, 0x12000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) symlink(&(0x7f0000000280)='.\x02\x00', &(0x7f00000002c0)='.\x02\x00') socket$pppl2tp(0x18, 0x1, 0x1) ioctl$XFS_IOC_ATTRLIST_BY_HANDLE(0xffffffffffffffff, 0x4058587a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x108) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x1, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6d71b000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x4000087, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1a, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2600}, 0x94) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000075c0)={@local, @initdev={0xfe, 0x88, '\x00', 0x8, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, 0xd432, 0x40, 0x409, 0x0, 0xa, 0x1}) unshare(0x62020600) r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0) fsmount(r5, 0x0, 0x17f) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ptrace(0x11, r2) 13.267833217s ago: executing program 4 (id=2396): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0) r2 = socket(0x3, 0x80000, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003140)=ANY=[@ANYRESDEC=r0, @ANYRES32=r0, @ANYBLOB="08001a"], 0x18c0}, 0x1, 0x0, 0x0, 0x20}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r3) sendmsg$DEVLINK_CMD_SB_GET(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00022abd7000fddbdf657464657673696d0000000f0002006e657464657673696d30000008000b0008000000080001007063690011000200303030303a30303a31302e300000000008000b000200"/90], 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x4000090) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="5c000000000101040000000000000000020000002400018014000180080001000000000008000200060000010c0002800500010088000000240002800c00028005000100000000001400018008000100e000000208000200ac1e0001"], 0x5c}}, 0x0) syz_usb_connect$printer(0x5, 0x0, 0x0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newtaction={0x70, 0x30, 0x10, 0x70bd26, 0x25dfdbfe, {}, [{0x5c, 0x1, [@m_ctinfo={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x9, 0x2, 0x10000000}}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x3}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0xa2f}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x4000800) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xfffffffffffffea8, &(0x7f0000000000)=ANY=[]) pipe(&(0x7f0000000600)) close_range(r2, 0xffffffffffffffff, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) recvmsg(r7, &(0x7f0000001680)={0x0, 0x0, 0x0}, 0x0) r8 = socket$pppl2tp(0x18, 0x1, 0x1) r9 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r8, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r9, {0x2, 0x4e23, @loopback}, 0x42, 0xfffffffe, 0x2}}, 0x2e) bind$inet6(r9, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x4c, &(0x7f0000000080)=ANY=[@ANYBLOB="a70b49c5294faaaaaaaaaa4386dd080000000000000000000000000000000000000000000000fe8000000000000000000000000000aa00000e2200169078020300000000000000000000ffff"], 0x0) recvmmsg(r7, &(0x7f00000075c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/17, 0x11}, {&(0x7f00000002c0)=""/94, 0x5e}, {&(0x7f0000000340)=""/36, 0x24}, {&(0x7f0000000380)=""/18, 0x12}], 0x4}, 0x3}], 0x1, 0x45833af92e4b39ff, 0x0) io_setup(0x3ff, &(0x7f0000000500)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r10 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r10, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) 10.528109154s ago: executing program 5 (id=2403): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000100)={0x10, 0xc, {0x54, 0x8000, 0xc, {0x1ff, 0x5}, {0x10, 0x3}, @cond=[{0x4, 0x0, 0xd5, 0x31, 0x9, 0xf001}, {0x90, 0x1, 0xf3, 0x230e, 0x3, 0x2c05}]}, {0x53, 0x1, 0x0, {0x2, 0x400}, {0x8000, 0xfffe}, @period={0x58, 0x2, 0x9, 0x3, 0x6cd, {0x9, 0x80, 0x40, 0x3efa}, 0x6, &(0x7f00000001c0)=[0x5, 0x2, 0x0, 0x35, 0x7, 0x9]}}}) ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x56) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x0, 0xffffffffffffffff}}, './file0\x00'}) socket$nl_route(0x10, 0x3, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@my=0x0}) socket$inet(0x2, 0x3, 0x6) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000440), 0x0) futex(0x0, 0x8a, 0xfffffffe, 0x0, 0x0, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xb, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x28383, 0x0) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x2200, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x1a5}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000180)={&(0x7f0000000000)=""/59, 0x332000, 0x800, 0x0, 0x5}, 0x1c) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$inet_tcp(0x2, 0x1, 0x0) 9.926924543s ago: executing program 5 (id=2405): prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) syz_open_procfs(0x0, &(0x7f0000000040)='mounts\x00') r3 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x1, 0x0) fchdir(r4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/protocols\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)=0x0) ioctl$F2FS_IOC_RESIZE_FS(0xffffffffffffffff, 0x4008f510, &(0x7f0000000200)=0x100000001) dup3(r5, r5, 0x80000) connect$nfc_llcp(r5, &(0x7f00000000c0)={0x27, r6, 0xffffffffffffffff, 0x3, 0x5, 0x8, "eb70f01f87dad92ba0797253145ead4d4e8a92451c2565cce90fd96b279a0f3b9d8c69670e57cfa31d56a667b7732eac67807ac52916f152aeebf7df0d2edd", 0xd}, 0x60) 8.837178643s ago: executing program 5 (id=2408): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005d40)=[{{&(0x7f0000000080)=@sco={0x1f, @fixed}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/63, 0x3f}, {&(0x7f0000000180)=""/226, 0xe2}, {&(0x7f00000002c0)=""/22, 0x16}, {&(0x7f0000000300)=""/142, 0x8e}], 0x4, &(0x7f0000000400)=""/155, 0x9b}, 0x3}, {{&(0x7f00000004c0)=@isdn, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000540)=""/251, 0xfb}, {&(0x7f0000000640)=""/34, 0x22}, {&(0x7f0000000680)=""/1, 0x1}, {&(0x7f00000006c0)=""/13, 0xd}, {&(0x7f0000000700)=""/24, 0x18}, {&(0x7f0000000780)=""/44, 0x2c}, {&(0x7f00000007c0)=""/235, 0xeb}], 0x7}, 0x5}, {{0x0, 0x0, &(0x7f0000001440)=[{&(0x7f00000012c0)=""/50, 0x32}, {&(0x7f0000001400)=""/5, 0x5}], 0x2, &(0x7f0000001480)=""/4096, 0x1000}, 0x7}, {{&(0x7f0000002480)=@qipcrtr, 0x80, &(0x7f0000003700)=[{&(0x7f0000002500)=""/4096, 0x1000}, {&(0x7f0000003500)=""/205, 0xcd}, {&(0x7f0000003600)=""/218, 0xda}], 0x3, &(0x7f0000003740)=""/122, 0x7a}, 0x1ff}, {{&(0x7f00000037c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000004b40)=[{&(0x7f0000003840)=""/101, 0x65}, {&(0x7f00000038c0)=""/47, 0x2f}, {&(0x7f0000003900)=""/174, 0xae}, {&(0x7f00000039c0)=""/221, 0xdd}, {&(0x7f0000003ac0)=""/76, 0x4c}, {&(0x7f0000006140)=""/4109, 0x100d}], 0x6}, 0xe09}, {{&(0x7f0000004bc0)=@ethernet, 0x80, 0x0, 0x0, &(0x7f0000005d00)=""/46, 0x2e}, 0x80}], 0x6, 0x60, &(0x7f0000005f40)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001080), 0x8000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=@can_delroute={0x24, 0x19, 0x20, 0x78bd27, 0x25dfdbfd, {0x1d, 0x1, 0x6}, [@CGW_CS_XOR={0x8, 0x5, {0x0, 0x0, 0xfffffffffffffffd, 0x1}}, @CGW_LIM_HOPS={0x5, 0xd, 0xc0}]}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r4 = fsopen(&(0x7f0000000040)='sockfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = landlock_create_ruleset(&(0x7f00000000c0)={0x5949}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000080)={0x1008, r5}, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x60, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x40}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xe0004000}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 8.169576712s ago: executing program 5 (id=2410): socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) bind$inet(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1], 0x14}, 0x1, 0x0, 0x0, 0x4c811}, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000001f00), r3) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r5) mount(0x0, &(0x7f00000010c0)='.\x00', &(0x7f0000000000)='proc\x00', 0x80, 0x0) r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_open_procfs(r6, &(0x7f00000001c0)='task\x00') fchdir(r7) wait4(r6, 0x0, 0x2, 0x0) getpgid(r6) r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r8, &(0x7f0000000f80)=""/4096, 0x1000) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r3, &(0x7f0000001fc0)={0x0, 0x0, &(0x7f0000001f80)={&(0x7f0000001f40)={0x1c, r4, 0x1, 0x70bd2d, 0x25dfdbff}, 0x1c}, 0x1, 0x0, 0x0, 0x81}, 0x20008000) 6.940376064s ago: executing program 5 (id=2411): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x1, {0x6, 0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x0, {0x40, 0x0, 0xb, 0xfffc, 0x0, 0x1, 0x0, 0xffffffff, 0x120, 0x2000, 0xa8, 0x0, 0x0, 0x501, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000580)={{{@in6=@initdev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private1}, 0x0, @in6=@remote}}, &(0x7f0000000680)=0xe8) mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200), 0x4, &(0x7f00000006c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}, {@max_read={'max_read', 0x3d, 0x80}}], [{@euid_gt={'euid>', 0xee01}}, {@euid_eq={'euid', 0x3d, r1}}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}]}}) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000540)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r3 = getpid() bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840)={r5}, 0xc) sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="340000003e0007012bbd700000000000017c00000c00fc8008000500", @ANYRES32=r8, @ANYBLOB="0c0001802e000600", @ANYRES32=0x0, @ANYBLOB="08001bab69c7521d83b666a77d6f3938e0e0f6148caf1642b8d8fa0dcbf2f66032b9"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040) r9 = fanotify_init(0x0, 0x0) writev(r9, &(0x7f0000000040)=[{&(0x7f0000000080)='9', 0x1}, {0x0}], 0x2) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') lchown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 6.880311696s ago: executing program 0 (id=2412): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000400)={0x400, 0x7, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x80, 0x0, 0x10, 0x70bd25, 0x25dfdbfb, {{}, {@void, @void, @val={0xc, 0x99, {0x7, 0x7a}}}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x9}, @NL80211_ATTR_VENDOR_DATA={0x2e, 0xc5, "7c6c97824e0be7b88c8df62c974569cd33ed6c969bc266e7482a8cdf0cab3ebc4e09366b3f26b6373828"}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x8}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x5}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x5}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000010}, 0x20000000) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x8, 0x9, 0x1}) 6.689989105s ago: executing program 0 (id=2413): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158"], 0x10b8}, 0x8000) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[], 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000"], 0x48) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000100)='./file0\x00', 0x0, 0x8}, 0x18) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r2}, 0x4) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000640)={r1, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000cbb60000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000008000000bf0920000000000035090100000000009500000000000000bf080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000020000b7050000080000001c00000000000000bf98000000"], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94) 6.430732366s ago: executing program 0 (id=2414): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f0000292f17cee19d0001000000000000000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4852f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdec75dca3772be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1c6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde71a19d1a2982492abaa96665372831210e00d2bfea3bf97ff8836d000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000100), 0x237}, 0x48) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, &(0x7f0000000100)={{0x0, 0x7, 0x81, 0x6, 0x7, 0x45, 0xffffffffffffff01, 0x9, 0x5, 0x25, 0xbf, 0x0, 0x8, 0x7ff, 0x9}}) syz_io_uring_setup(0x18d7, 0x0, 0x0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000005000)=@deltfilter={0x24, 0x2d, 0x1, 0x78bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x8}, {0xfff2, 0xffff}, {0x0, 0xf}}}, 0x24}}, 0x20044800) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffff) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) ioctl$SIOCGETLINKNAME(r1, 0x89e0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xfff3}}}, 0x24}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f00, 0xf, 0x2f, &(0x7f00000007c0)="9f44948721919580684010a49e66", 0x0, 0x7ff, 0x0, 0xb1, 0xfffffd85, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) 5.666146989s ago: executing program 2 (id=2417): mq_getsetattr(0xffffffffffffffff, &(0x7f0000000400)={0x5, 0x400000000000004, 0x5, 0xb}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) r0 = getpid() sched_setaffinity(r0, 0x30, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x6) sched_setscheduler(r0, 0xae07929d9fd0b7a3, &(0x7f00000000c0)=0x7) r1 = getpid() socket$kcm(0xa, 0x5, 0x0) r2 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r2, 0x0, 0x0) r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f0000000140)=ANY=[@ANYBLOB='+rdma'], 0xe) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x4) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@tracing={0x0, 0x5}}, 0x20) r7 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r7, 0xaf01, 0x0) 5.310885638s ago: executing program 3 (id=2418): openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3, 0x31, 0xffffffffffffffff, 0x30b45000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder1\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=@newtaction={0xcc, 0x30, 0x51b, 0x0, 0x0, {}, [{0xb8, 0x1, [@m_skbmod={0x60, 0x1, 0x0, 0x0, {{0xb}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_SMAC={0xa, 0x4, @multicast}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_skbmod={0x54, 0x2, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x1, 0x4, 0x10000000, 0x0, 0x6}, 0x6}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0xcc}}, 0x0) 4.423889698s ago: executing program 2 (id=2419): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r2, &(0x7f0000000000), 0xe) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000400)={0x1f, 0xffff}, 0xe) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) r6 = socket(0x10, 0x3, 0xfffffffc) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100340200000c0002001f0000001e00000008000500", @ANYRES32=r5], 0x50}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRES32=0x0, @ANYRESOCT=r1, @ANYRES32], 0x50}}, 0x2) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'hsr0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r7}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) removexattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)=@known='system.posix_acl_default\x00') r8 = getpid() r9 = syz_pidfd_open(r8, 0x0) setns(r9, 0x24020000) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000040)='.\x00', 0x2) close_range(r0, 0xffffffffffffffff, 0x0) r10 = syz_open_procfs(r8, &(0x7f0000000300)='fdinfo/3\x00') getdents64(r10, &(0x7f0000002f40)=""/4098, 0x1002) 4.123518007s ago: executing program 0 (id=2420): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x242, 0x100) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) truncate(&(0x7f0000000940)='./file1\x00', 0xb) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0) ioctl$XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f0000000100)={0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x40000, &(0x7f0000000040)={@align=0xffffffff, {0x8, 0x8a6e, 0x8, 0x7}}, 0xff, &(0x7f0000000080), &(0x7f00000000c0)=0xc562}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000040)={0x1c, r3, 0xb97534d5fe970ccf, 0x0, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24040040}, 0x0) sendmsg$NL80211_CMD_RADAR_DETECT(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x38, r3, 0x10, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x4469ec7, 0x1d}}}}, [@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x300}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x7) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f0000000280)={0x0, 0x3f00, 0x0}) mmap(&(0x7f0000651000/0x1000)=nil, 0x1000, 0x1000002, 0x31, 0xffffffffffffffff, 0xffffe000) 3.821777421s ago: executing program 3 (id=2421): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x80102, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000640)=0x40000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0) syz_emit_ethernet(0x3b6, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, '\x00'/12}, {0x19, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x18, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "f5000000000000000007000200000000000000000000f3ff0009000000000000000015ca83740000000300"/55}, {0x0, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000180)="f7790066baa00066b86b42460f22c7d466ba420000b8e20066ef0f29902cbb0000c4e2b1ba8c88d90000006666f6440f386b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x4b}], 0x0, 0x58, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x38, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r4, 0x29, 0x44, &(0x7f0000000280)={'ipvs\x00'}, &(0x7f00000002c0)=0x1e) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet_sctp(0x2, 0x1, 0x84) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETSW(r7, 0x5403, &(0x7f0000000100)={0x68e7, 0x89, 0x7fffffff, 0x0, 0x14, "1b10b9ad000000aacd86279300"}) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r6, 0x84, 0x12, &(0x7f0000000000), &(0x7f0000000040)=0x4) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x0) r8 = syz_open_dev$sg(&(0x7f0000000200), 0xff, 0x101080) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)) ioctl$SG_SCSI_RESET(r8, 0x2284, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newnexthop={0x38, 0x68, 0x1, 0x3, 0x80000000, {0x0, 0x0, 0x7}, [@NHA_GROUP={0x1c, 0x2, [{0x1, 0x3}, {0x1, 0x3}, {0x2, 0x9}]}, @NHA_FDB={0x4}]}, 0x38}}, 0x4000) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x600, 0x0) 3.683535586s ago: executing program 0 (id=2422): pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x28, 0x40, 0x1, 0x7fffc, 0x4, {0x1}, [@nested={0x8, 0xcb, 0x0, 0x1, [@nested={0x4, 0x8}]}, @nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x10, 0x0, 0x1, [@nested={0x4, 0x8}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="540000001c000103000000000000000007000000", @ANYRES32=r7, @ANYBLOB="4000a6080a000200ff"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x4000087, 0x2, 0x0) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) read$FUSE(r8, &(0x7f0000003d00)={0x2020}, 0x2020) connect$inet(r1, &(0x7f00000001c0)={0x2, 0x200, @local}, 0x10) sendto$inet(r1, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0xfea8, 0xa) 3.240778323s ago: executing program 2 (id=2423): socket$igmp6(0xa, 0x3, 0x2) set_mempolicy(0x4005, &(0x7f00000000c0)=0x4, 0x7) syz_open_dev$tty1(0xc, 0x4, 0x2) landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)=0x1000) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00004b2000/0x400000)=nil) 2.192696012s ago: executing program 5 (id=2424): syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x4, 0x2) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x74, &(0x7f0000000500)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x62, 0x2, 0x1, 0x7f, 0x10, 0x56, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "ddd924b8e8ce"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x44b5, 0x6, 0x8, 0x2}, {0x6, 0x24, 0x1a, 0x100, 0x1}}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x7f, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0x40, 0x9, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x6, 0x5, 0x7}}}}}}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x200, 0x4, 0x9, 0x9, 0x20, 0x5}, 0x26, &(0x7f00000004c0)={0x5, 0xf, 0x26, 0x3, [@ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x7, 0xa2, 0xa84}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "c029dea22d95ccb863f037ddc862e778"}]}, 0x5, [{0x15, &(0x7f00000001c0)=ANY=[@ANYBLOB="15034a308cab1c67453b05"]}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x409}}, {0x3c, &(0x7f0000000240)=ANY=[@ANYBLOB="3c03364422032834bcd350ad7adb4c2cc0227e68e061b4bc095f85984ac944fbf305a4cbd6474abcaa072782616917f1b69895d315ede05402ef0d1c6ac76842e8c49b40437052b87365853797860d1e83471897c5448770da8236ea264d26db86f5559306b5fbc3348da56227a999589ffbc67c0a020000004dcb58d8d5"]}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x44a}}, {0xcb, &(0x7f0000000340)=ANY=[@ANYBLOB="cb0302b02107f34655264f2fcfb82adae1b05581cbf11d7cd3af2b8a2c0b0300000000000000bb4666c3a5ec04c0e9af27b82e56fa87e7c357aee766267a3e5f1688e1d94c1d4f13a5cd333bb6743cf3f95f1ffd27241cfb7ee771cf4b1f83deabbf55ef7a3329537612afd95bbadd08da18c33669b7cbb8ff5dcafa0376b14a7647cd9983d9aebefaa7b463965a3dcb0cdf7c7ae162bcbe05134e3d8343246aea2d05bc6ff4dbecc9311b3c2bdf901d86061f5dc49e94ed586382cfebe64109dd254a34cc2068610b2ef1"]}]}) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) connect(r0, &(0x7f0000000100)=@phonet={0x23, 0x1, 0x0, 0x39}, 0x80) syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') syz_emit_ethernet(0x4c8, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaa000000000000080045bc04ba00544a7d784951002000e39ea6714259e202000000119078000000000000000000004e2004a6907802010001800000002b47019676fb912bfb3979bb82d94c42da0498ad601e4b92fe2c62ba4d6bdd44d280dada5a5650e1edaecb4fd923a6ded85d084df9d5e7bffddda34d04e5cdb51ef2fe8703b3988bb47989823d53b49308c5d2977c173d08535eaf56e740391766d74589e9806165ef3d4085755bbaa162e74e4dc541aa6004761f6a43e20556918bb04da9070b3cc89472820459902b3342031e1571d32a8b78f2da2a8e73e26af9389dced48cdcaf0a714363789e4acd9373813e2729986552c1cdbeabd3a03d7684ead62926c387b1552066f9751c9f0fa935afda36cf2fb30bba0cb8007f3bd1fea86ef3b7f8434e250f2a09e6a3b569c8c0519adc93f8b909470f39920551618ecfe04ff0cc4b1ed29eee56dcd976a79181e4d3218b51150ce595c25371293ec4d05e4aa411ef3b190554c6a2e06ee6374d80a3c511603a8a20b75f8075d0d83d31b86be7d2d785e6d60c07b515fe04bd55e20bcfe799a3e66c93744c52d0d34880ab42354859d5d1a9d0d65b52a0819b19c2d7f7a285d401825bf40ccc355b1aecb100c3f86c71607b00c59c7a8c0d8ae35a0a0e20f189568cb1a386c9d799f2c5ba6cce4e6ae0dce69f7391a4f4b011b27ad89ecaca95b90be9e517d39fa47ab5d08fd75233c1b0b604c169ebdc29efe713e9ecd551fc383be78cc5afccee1d8bb067e64054734b61c99f1055748b335ea261b9a6ccd1b3362a0c9d26c74bcda8e4d1efca7f614a61b8dfa2508a39f78901cf7ab2f15409f1da06432db0b50f00e16a77ceece0e315fc63c46cd418a1d259ba713bc5a26a49bdc202cf04e02149cf29c1f617f0898321ecf9d395f349e276480b42147d4dc1af6491e05cff9a33517437cb21125f6945e0b727576880a89ef6d53375bb901e14ae1a2dd27a5bf67012b8e4515023dba602d2e5293da914c199c0c0d610bf6461cd7bba6c8b948e96f395c39a7a0b93df65368f8eaa306fdcf87522ac1a36c427d98af77c3a3afa33dc3e8e070a1a2f66a4877abbeef23ff67befdcc9532cf3990918fb778d7799ee1f26b469c37f3c9578b8f8f2d00d32fc839171b9474e76f03d827a4eac2802322f3d68b03d1516aec9566bba3acc0bcf0d6a551c412f080d8c7fe0c60e23cdb328920263477470ea4f23e23d5aebbfda173aa781f89bf0cdfce2003ed3c010c511b3b489eab29453a365b839cca172e3abbcbab0203899bdb4f14a3423c2293166145760e61c3c188c3e0888ee817f0772ff89e02df8f42b9951e1661b39def34308c46e8ec1e4e5b68e88140ac7dc993523191fdb71db3a2677a3bd666e6180a96c9846bce6cb6c16e379bf29e1769a66da2f6781e79f082cb80662d72adbb21240cef87dc3079a822b2a791753fcd12a7ec362088d76237370bcd5d5daa440ba735b4e29cf2cb93583a5080270d1a3fd40183dc04f30e01c428f92e595c89fcbd1fc52962eedea82e2772b5f5fa3dad0f908fe6a48fffcc69df60f34ef9d9ba7609d16cdf733ca77785c0ab6f536b79ffde4ff9b835bfcaffef0d15ae69c26c0588f1acd5a648fde52568c713163717eb77f863d20dda0f1ca2c0306748544d3763c1cfa82f1785f047c842cadc4f8ac1906ab6ad8f6425bb9efbe97ee62ea7e"], 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x9}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x6}], 0x1c) sendmmsg$inet6(r1, &(0x7f0000000480)=[{{&(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000300)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000009c0)=ANY=[], 0x1000f) 2.188444168s ago: executing program 2 (id=2425): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0x13, &(0x7f0000000000)=0x100, 0x4) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xffff}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x60}}, 0x0) 1.987681905s ago: executing program 2 (id=2426): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r2 = socket(0x23, 0x2, 0x10000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'gretap0\x00', 0x0}) ioctl$sock_SIOCINQ(r4, 0x541b, &(0x7f0000000400)) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0xfffffffc, {0x60, 0x0, 0x0, r5, {0x0, 0xe}, {0xffff, 0xffff}, {0x8, 0xc}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}]}}]}, 0x3c}}, 0x4000000) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000000)="6516a6f42afdd68e6c980c3148dee2f81bd53fd7989dac258c77de4dc96dd70509", &(0x7f0000000180)=@tcp6=r2, 0x4}, 0x20) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x4, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x4, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x400, 0x4, 0x2}, {0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="d80000001b0001000000000000000000ac1414aa000000000000000000000000fc01000000000000000000000000000000000000000000000000008001000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000c0008"], 0xd8}}, 0x8814) r7 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000300), 0x40040, 0x0) write$uinput_user_dev(r7, &(0x7f0000000a00)={'syz1\x00', {0x3, 0x1, 0x3, 0xfff}, 0xd, [0x0, 0x9, 0x40, 0x6, 0x9, 0x4, 0x9, 0x9, 0x2, 0x7, 0x200, 0x5, 0x3b, 0x1, 0x8, 0x6, 0x1ff, 0xb1bc, 0x4, 0x5, 0xe, 0x3, 0x8, 0xfffffffc, 0x3f3adb76, 0x2, 0x9, 0xfffffffd, 0x4, 0x9, 0x3, 0x4b, 0x9, 0x3ff, 0x8, 0x1, 0x3b1, 0x9, 0x5, 0x9, 0xa245, 0x4, 0x4, 0x5, 0x1, 0x8, 0xd40, 0x1, 0x4, 0x0, 0xa, 0x5dc, 0x100, 0x8, 0x80000001, 0x9, 0x8, 0x5, 0x1, 0x400, 0x2, 0x5, 0xabc5, 0x10], [0x401, 0x8d3c, 0x5d14, 0x3, 0xcda6, 0x38f, 0x1, 0x3b, 0x5, 0x1, 0x9, 0xb1, 0x4, 0x5, 0x81, 0x20000, 0x8, 0x3, 0x5, 0x7, 0x40, 0x8001, 0x400, 0xfffff801, 0xfffffffd, 0xe, 0x7, 0x0, 0x4, 0xbe60, 0x10000, 0x9, 0x1, 0x1, 0xffffffff, 0x8, 0x7, 0xffffff0d, 0x4, 0x9, 0x4, 0x8, 0x921, 0x1, 0x7, 0x5, 0x10, 0x2, 0x2c5, 0x1, 0xe, 0x7, 0x5, 0x2, 0x10000, 0x0, 0x10000, 0x0, 0x8, 0xfff, 0xf, 0x92, 0x100, 0x78f8], [0x949f, 0xe, 0x7fffffff, 0x101, 0x1, 0x0, 0x101, 0xc, 0xc0d3, 0x3, 0xb969442, 0x400, 0xd, 0x2dd, 0x2, 0x3, 0x0, 0x60de2ba1, 0x80, 0x0, 0x9, 0xfffffff7, 0xd, 0x2, 0x3, 0xca75, 0x0, 0xa469, 0x5, 0x5, 0x5, 0x1, 0x3, 0x80000001, 0x1800, 0x200, 0x8, 0x5, 0x1, 0x8, 0x7, 0x8, 0x11a, 0xffff, 0x10001, 0x7, 0x401, 0x7, 0x3, 0x4, 0x8, 0x200, 0x7fff, 0x6, 0x6, 0x1, 0x99e214c, 0x5, 0x8, 0x2, 0xf, 0x3, 0xffffffff, 0x101], [0xa67, 0x800000, 0x6, 0x5, 0x7ff, 0x4, 0x80000000, 0x7, 0xfff, 0x9, 0x0, 0x3, 0x80, 0x9, 0xffffffff, 0x100, 0x100, 0xeeb, 0x7fffffff, 0x2, 0x9, 0x7, 0x2, 0x9, 0x4, 0x100, 0x9, 0x8, 0x0, 0x2, 0x4, 0xe, 0x0, 0x6, 0x3, 0x1400, 0x8, 0x80000000, 0x0, 0x1, 0x8000, 0x8, 0x6, 0x2, 0x3, 0x9957, 0x1000, 0x0, 0xffffff7f, 0x3, 0x3, 0x6, 0x5, 0x401, 0x9, 0xed, 0x1, 0x4, 0x8, 0xe, 0x9, 0x5, 0x4]}, 0x45c) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff00000085000000a800000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x36, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), r10) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x40, r11, 0x1, 0x70bd28, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x23}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x24008004}, 0x40000) r12 = syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x0, 0x80a02) ioctl$FE_SET_PROPERTY(r12, 0x40106f52, &(0x7f00000001c0)={0x29, &(0x7f0000000100)=[{0x2e, '\x00', @data=0x3, 0x717}]}) sendmsg$NBD_CMD_CONNECT(r9, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001380)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="0100ffffffff0000000001000000100007800c00018008", @ANYRES32, @ANYBLOB="080001000c0002"], 0x38}}, 0x20000000) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000340)={r8}, 0xc) 1.626889219s ago: executing program 2 (id=2427): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7fffffffffffffff, 0x87}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x1) syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, 0x0}, 0x58) rseq(&(0x7f0000000680), 0x20, 0x0, 0x0) unshare(0x8000000) r3 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r3, 0x7b1, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) socket$pppoe(0x18, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x300, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) openat$vnet(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000000)={0x31, 0x4, 0xffffffffffffffff, 0x6, 0x8e335, 0x9}) r4 = fsopen(&(0x7f0000000080)='gadgetfs\x00', 0x0) r5 = fsmount(r4, 0x1, 0x0) fchdir(r5) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 134.0467ms ago: executing program 0 (id=2428): clock_settime(0x0, &(0x7f0000000240)={0x77359400}) clock_adjtime(0x0, &(0x7f0000000000)={0x7, 0xb, 0x380000, 0x8, 0xffffffffffdffff9, 0xfffffffffffffff7, 0x9, 0xfffffffffffffffe, 0xae, 0x6, 0x7, 0x4, 0xfffffffffffff04d, 0x20000ffff, 0x80000000, 0xbb2, 0xffffffffffffffff, 0x4000000006, 0xfffffffffffffffd, 0x100, 0x4, 0x2, 0x80005, 0x3, 0xc, 0xb}) 0s ago: executing program 3 (id=2429): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0x10000008ebc, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20940, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = socket(0x1, 0x5, 0x0) connect$netlink(r5, &(0x7f0000000080)=@proc={0x10, 0x0, 0x25dfdbfd, 0x4000}, 0xc) setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5}) kernel console output (not intermixed with test programs): 591.639856][ T5741] usb 6-1: Manufacturer: syz [ 591.659057][ T5741] usb 6-1: SerialNumber: syz [ 591.713760][T12886] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 591.765873][ T30] audit: type=1400 audit(1781077430.336:1632): avc: denied { write } for pid=12871 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 591.935787][T12897] ipt_REJECT: TCP_RESET invalid for non-tcp [ 592.232223][T12886] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 592.255027][ T30] audit: type=1400 audit(1781077430.826:1633): avc: denied { write } for pid=12898 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 592.288412][T12886] CIFS: Unable to determine destination address [ 592.439997][ T5741] usb-storage 6-1:3.20: USB Mass Storage device detected [ 592.502983][ T5741] usb-storage 6-1:3.20: Quirks match for vid 04e6 pid 000b: 4 [ 592.566321][ T5741] scsi host1: usb-storage 6-1:3.20 [ 592.636089][ T5741] usb 6-1: USB disconnect, device number 5 [ 593.187548][T12918] netlink: 'syz.2.1839': attribute type 12 has an invalid length. [ 593.196641][T12918] netlink: 'syz.2.1839': attribute type 29 has an invalid length. [ 593.210206][T12918] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1839'. [ 593.220198][T12918] netlink: 'syz.2.1839': attribute type 1 has an invalid length. [ 593.263484][T12918] netlink: 'syz.2.1839': attribute type 2 has an invalid length. [ 593.358581][ T5741] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 593.523208][ T30] audit: type=1400 audit(1781077432.096:1634): avc: denied { write } for pid=12917 comm="syz.2.1839" path="socket:[35114]" dev="sockfs" ino=35114 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 593.568373][ T5741] usb 4-1: Using ep0 maxpacket: 8 [ 593.602280][ T5741] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 593.622874][ T5741] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.661494][ T5741] pvrusb2: Hardware description: Terratec Grabster AV400 [ 593.683913][ T5741] pvrusb2: ********** [ 593.696080][ T5741] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 593.729174][ T5741] pvrusb2: Important functionality might not be entirely working. [ 593.750071][ T5741] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 593.805159][ T5741] pvrusb2: ********** [ 593.861892][T12914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 593.889522][T12914] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 593.900711][T12929] 9pnet_fd: Insufficient options for proto=fd [ 593.962493][T12930] hsr0 speed is unknown, defaulting to 1000 [ 594.112631][T12914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 594.144909][T12914] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 594.597412][ T2363] pvrusb2: Invalid write control endpoint [ 594.610808][ T30] audit: type=1326 audit(1781077433.176:1635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12940 comm="syz.0.1847" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x0 [ 594.807324][ T2363] pvrusb2: Invalid write control endpoint [ 594.854143][ T5741] usb 4-1: USB disconnect, device number 51 [ 594.860972][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 594.881759][T12946] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 594.918201][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 594.957846][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 594.988610][ T2363] pvrusb2: Device being rendered inoperable [ 595.005658][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 595.259126][T12953] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1845'. [ 596.998594][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_i) [ 597.057964][ T2363] pvrusb2: Attached sub-driver cx25840 [ 597.064856][ T30] audit: type=1400 audit(1781077435.636:1636): avc: denied { ioctl } for pid=12956 comm="syz.3.1852" path="/dev/sg0" dev="devtmpfs" ino=816 ioctlcmd=0x2275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 597.105427][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 597.144351][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 597.346892][ T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 597.798380][ T24] usb 6-1: Using ep0 maxpacket: 16 [ 597.831405][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 597.891429][ T24] usb 6-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 597.939496][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.985596][ T24] usb 6-1: Product: syz [ 598.009772][ T24] usb 6-1: Manufacturer: syz [ 598.111873][ T24] usb 6-1: SerialNumber: syz [ 598.160192][ T24] usb 6-1: config 0 descriptor?? [ 598.257982][ T24] usb 6-1: can't set config #0, error -71 [ 598.373696][ T24] usb 6-1: USB disconnect, device number 6 [ 598.700193][T12983] virtiofs: Unknown parameter 'grpquota' [ 598.978366][ T804] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 599.095364][T12985] overlayfs: missing 'workdir' [ 599.139029][ T804] usb 1-1: Using ep0 maxpacket: 8 [ 599.157387][ T804] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 599.182631][ T804] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 599.203778][ T804] usb 1-1: config 0 has no interface number 0 [ 599.237537][ T804] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 599.269391][ T804] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 599.365827][ T804] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 599.415950][ T804] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 599.456991][ T804] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.504437][ T804] usb 1-1: config 0 descriptor?? [ 599.504764][T12988] overlayfs: missing 'workdir' [ 599.778669][ T30] audit: type=1400 audit(1781077438.346:1637): avc: denied { ioctl } for pid=12978 comm="syz.0.1857" path="socket:[35197]" dev="sockfs" ino=35197 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 599.826523][ T804] usb 1-1: USB disconnect, device number 57 [ 599.875843][T12992] syzkaller1: entered promiscuous mode [ 599.898751][T12992] syzkaller1: entered allmulticast mode [ 600.073882][T12996] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1861'. [ 601.160853][ T30] audit: type=1400 audit(1781077439.736:1638): avc: denied { append } for pid=13017 comm="syz.5.1870" name="loop9" dev="devtmpfs" ino=656 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 602.111043][T13018] loop9: detected capacity change from 0 to 4096 [ 602.564026][ T30] audit: type=1400 audit(1781077439.736:1639): avc: denied { append } for pid=13017 comm="syz.5.1870" name="usbmon5" dev="devtmpfs" ino=732 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 602.707390][T13015] hsr0 speed is unknown, defaulting to 1000 [ 603.497446][T13034] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1875'. [ 603.513757][T13034] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1875'. [ 603.544044][T13036] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 605.378651][ T5739] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 605.495467][T13051] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 605.541368][ T5739] usb 6-1: Using ep0 maxpacket: 16 [ 605.681166][ T5739] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.693947][ T5739] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.705027][ T5739] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 605.714950][ T5739] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.779313][ T5739] usb 6-1: config 0 descriptor?? [ 606.302696][ T5739] mcp2221 0003:04D8:00DD.0012: unknown main item tag 0x0 [ 606.354209][ T5739] mcp2221 0003:04D8:00DD.0012: unknown main item tag 0x0 [ 606.368011][ T5739] mcp2221 0003:04D8:00DD.0012: item fetching failed at offset 2/5 [ 606.389363][ T5739] mcp2221 0003:04D8:00DD.0012: can't parse reports [ 606.404833][ T5739] mcp2221 0003:04D8:00DD.0012: probe with driver mcp2221 failed with error -22 [ 606.426622][T13064] GUP no longer grows the stack in syz.4.1884 (13064): 200000004000-200000005000 (200000001000) [ 606.495588][T13064] CPU: 0 UID: 0 PID: 13064 Comm: syz.4.1884 Tainted: G L syzkaller #0 PREEMPT(full) [ 606.495609][T13064] Tainted: [L]=SOFTLOCKUP [ 606.495613][T13064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 606.495621][T13064] Call Trace: [ 606.495626][T13064] [ 606.495631][T13064] dump_stack_lvl+0x100/0x190 [ 606.495647][T13064] gup_vma_lookup.cold+0x83/0x96 [ 606.495664][T13064] __get_user_pages+0x241/0x32a0 [ 606.495683][T13064] ? down_read_killable+0x307/0x4b0 [ 606.495701][T13064] ? __pfx___get_user_pages+0x10/0x10 [ 606.495718][T13064] __gup_longterm_locked+0x87d/0x16f0 [ 606.495736][T13064] ? __pfx___gup_longterm_locked+0x10/0x10 [ 606.495751][T13064] ? lock_acquire+0x1b1/0x370 [ 606.495783][T13064] gup_fast_fallback+0x16dc/0x2790 [ 606.495811][T13064] ? __pfx_gup_fast_fallback+0x10/0x10 [ 606.495826][T13064] ? __lock_acquire+0x4a5/0x2630 [ 606.495843][T13064] get_user_pages_fast+0xa7/0xf0 [ 606.495857][T13064] ? __pfx_get_user_pages_fast+0x10/0x10 [ 606.495875][T13064] __iov_iter_get_pages_alloc+0x8f2/0x1f20 [ 606.495892][T13064] ? __mutex_lock+0x26d/0x1b10 [ 606.495907][T13064] ? pipe_lock+0x69/0x80 [ 606.495921][T13064] ? __pfx___iov_iter_get_pages_alloc+0x10/0x10 [ 606.495935][T13064] ? __pfx___mutex_lock+0x10/0x10 [ 606.495951][T13064] ? import_ubuf+0x1b6/0x220 [ 606.495967][T13064] iov_iter_get_pages2+0xa3/0x100 [ 606.495981][T13064] ? __pfx_iov_iter_get_pages2+0x10/0x10 [ 606.495995][T13064] ? wait_for_space+0x2ca/0x3b0 [ 606.496012][T13064] __do_sys_vmsplice+0x7dd/0x13c0 [ 606.496035][T13064] ? __pfx___do_sys_vmsplice+0x10/0x10 [ 606.496056][T13064] ? restore_sigcontext+0x4d3/0x6a0 [ 606.496092][T13064] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 606.496113][T13064] ? do_syscall_64+0x115/0x870 [ 606.496127][T13064] do_syscall_64+0x115/0x870 [ 606.496140][T13064] ? clear_bhb_loop+0x40/0x90 [ 606.496154][T13064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.496165][T13064] RIP: 0033:0x7f4c28f9ce59 [ 606.496176][T13064] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 606.496186][T13064] RSP: 002b:00007f4c29ed3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 606.496198][T13064] RAX: ffffffffffffffda RBX: 00007f4c29216090 RCX: 00007f4c28f9ce59 [ 606.496204][T13064] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000006 [ 606.496211][T13064] RBP: 00007f4c29032d6f R08: 0000000000000000 R09: 0000000000000000 [ 606.496217][T13064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.496223][T13064] R13: 00007f4c29216128 R14: 00007f4c29216090 R15: 00007fff09a757f8 [ 606.496237][T13064] [ 606.792114][T13061] hsr0 speed is unknown, defaulting to 1000 [ 606.808518][ T30] audit: type=1400 audit(1781077445.346:1640): avc: denied { getopt } for pid=13062 comm="syz.3.1877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 606.862642][T13070] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1886'. [ 606.938651][ T804] usb 6-1: USB disconnect, device number 7 [ 607.142687][T13077] 9p: Bad value for 'wfdno' [ 607.678946][ T804] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 607.756981][T13087] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1891'. [ 607.799927][T13087] 8021q: adding VLAN 0 to HW filter on device bond2 [ 607.848488][T12498] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 607.913322][ T804] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 607.971592][T13087] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13087 comm=syz.4.1891 [ 607.992438][ T804] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.054319][T13092] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 608.783434][ T804] usb 6-1: config 0 descriptor?? [ 608.817849][T12498] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 608.836001][T13087] macvlan1: entered promiscuous mode [ 608.847430][ T804] cp210x 6-1:0.0: cp210x converter detected [ 608.850868][T13087] macvlan1: entered allmulticast mode [ 608.860643][T12498] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 608.902473][T12498] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 608.942518][T12498] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.944502][T13087] bond2: entered promiscuous mode [ 608.978254][T12498] usb 4-1: Product: syz [ 608.984704][T13087] 8021q: adding VLAN 0 to HW filter on device macvlan1 [ 608.991656][T12498] usb 4-1: Manufacturer: syz [ 609.025408][T12498] usb 4-1: SerialNumber: syz [ 609.075771][T12498] cdc_mbim 4-1:1.0: skipping garbage [ 609.081551][T13087] bond2: left promiscuous mode [ 609.256236][T13081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 609.283050][T13085] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 609.300435][T13081] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 609.355674][ T804] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 609.356575][ T30] audit: type=1400 audit(1781077447.906:1641): avc: denied { create } for pid=13104 comm="syz.2.1895" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 609.370849][ T804] usb 6-1: cp210x converter now attached to ttyUSB0 [ 609.409983][T13103] 9pnet_fd: Insufficient options for proto=fd [ 609.642418][ T5739] usb 6-1: USB disconnect, device number 8 [ 609.661026][ T5739] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 609.702137][ T5739] cp210x 6-1:0.0: device disconnected [ 611.128794][T12498] cdc_mbim 4-1:1.0: bind() failure [ 611.624361][T12498] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 611.668352][T12498] cdc_ncm 4-1:1.1: bind() failure [ 611.727467][T12498] usb 4-1: USB disconnect, device number 52 [ 611.793529][T13121] bridge0: port 2(bridge_slave_1) entered disabled state [ 611.801957][T13121] bridge0: port 1(bridge_slave_0) entered disabled state [ 611.855108][T13127] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1899'. [ 613.111107][T13137] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1906'. [ 617.032841][T13153] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 618.442396][T13166] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1913'. [ 619.396053][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 619.408366][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 620.470800][T13171] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1913'. [ 620.565691][T13171] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1913'. [ 621.524168][T13182] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1919'. [ 622.790880][T13198] kvm: emulating exchange as write [ 623.066480][ T30] audit: type=1400 audit(1781077461.636:1642): avc: denied { listen } for pid=13204 comm="syz.2.1925" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 623.110240][ T30] audit: type=1400 audit(1781077461.636:1643): avc: denied { accept } for pid=13204 comm="syz.2.1925" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 624.948412][T12498] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 625.075129][T13214] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 625.148605][T12498] usb 6-1: Using ep0 maxpacket: 16 [ 625.164860][T12498] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 625.194841][T12498] usb 6-1: config 0 interface 0 has no altsetting 0 [ 625.219134][T12498] usb 6-1: New USB device found, idVendor=15c2, idProduct=0045, bcdDevice=1f.20 [ 625.239382][T12498] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.267228][T12498] usb 6-1: Product: syz [ 625.279214][T12498] usb 6-1: Manufacturer: syz [ 625.294353][T12498] usb 6-1: SerialNumber: syz [ 625.299194][ T804] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 625.351928][T12498] usb 6-1: config 0 descriptor?? [ 625.606347][ C1] imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 625.638921][T13226] x_tables: ip_tables: RATEEST.0 target: invalid size 32 (kernel) != (user) 0 [ 625.651730][T12498] input: iMON Panel, Knob and Mouse(15c2:0045) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input24 [ 625.754188][T12498] imon:send_packet: packet tx failed (-71) [ 625.838681][T13235] syzkaller1: entered promiscuous mode [ 625.844204][T13235] syzkaller1: entered allmulticast mode [ 625.884964][T13232] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1936'. [ 625.918080][T13232] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 625.923481][T12498] imon 6-1:0.0: panel buttons/knobs setup failed [ 626.095852][T12498] rc_core: IR keymap rc-imon-pad not found [ 626.127295][T12498] Registered IR keymap rc-empty [ 626.142773][T12498] imon 6-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 626.163944][T12498] imon 6-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 626.177517][T12498] imon:send_packet: packet tx failed (-71) [ 626.209340][T12498] imon 6-1:0.0: remote input dev register failed [ 626.216637][T12498] imon 6-1:0.0: imon_init_intf0: rc device setup failed [ 626.274812][ T30] audit: type=1400 audit(1781077464.846:1644): avc: denied { connect } for pid=13244 comm="syz.2.1938" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 626.298402][ T804] usb 4-1: new full-speed USB device number 54 using dummy_hcd [ 626.423425][T12498] imon 6-1:0.0: unable to initialize intf0, err 0 [ 626.452945][T13235] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1927'. [ 626.454368][T12498] imon:imon_probe: failed to initialize context! [ 626.486844][ T804] usb 4-1: device descriptor read/64, error -71 [ 626.493421][T12498] imon 6-1:0.0: unable to register, err -19 [ 626.542631][T12498] usb 6-1: USB disconnect, device number 9 [ 626.609297][ T804] usb usb4-port1: attempt power cycle [ 626.718390][T13252] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13252 comm=syz.2.1939 [ 626.898397][T12498] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 626.968366][ T804] usb 4-1: new full-speed USB device number 55 using dummy_hcd [ 627.022338][ T804] usb 4-1: device descriptor read/8, error -71 [ 627.064492][T13260] fuse: fd is not a fuse device [ 627.082559][T12498] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 627.111733][T12498] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid maxpacket 198, setting to 64 [ 627.148670][T12498] usb 6-1: config 0 interface 0 has no altsetting 0 [ 627.172982][T12498] usb 6-1: New USB device found, idVendor=15c2, idProduct=0045, bcdDevice=1f.20 [ 627.195591][T12498] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.229396][T12498] usb 6-1: Product: syz [ 627.248755][T12498] usb 6-1: Manufacturer: syz [ 627.265108][T12498] usb 6-1: SerialNumber: syz [ 627.405619][ T804] usb 4-1: new full-speed USB device number 56 using dummy_hcd [ 627.422430][T12498] usb 6-1: config 0 descriptor?? [ 627.434319][T13218] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 627.442221][ T804] usb 4-1: device descriptor read/8, error -71 [ 627.571777][ T804] usb usb4-port1: unable to enumerate USB device [ 627.693567][T13218] program syz.5.1930 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 627.748755][ C1] imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 627.799479][T12498] input: iMON Panel, Knob and Mouse(15c2:0045) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input26 [ 628.794128][T12498] imon:send_packet: packet tx failed (-71) [ 628.840001][T12498] imon 6-1:0.0: panel buttons/knobs setup failed [ 629.932712][T13287] fuse: Unknown parameter '' [ 630.039861][T12498] rc_core: IR keymap rc-imon-pad not found [ 630.054394][T12498] Registered IR keymap rc-empty [ 630.076346][T12498] imon 6-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 630.164401][T12498] imon 6-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 630.217929][T12498] imon:send_packet: packet tx failed (-71) [ 630.291027][T12498] imon 6-1:0.0: remote input dev register failed [ 630.328030][T12498] imon 6-1:0.0: imon_init_intf0: rc device setup failed [ 630.436512][T12498] imon 6-1:0.0: unable to initialize intf0, err 0 [ 630.471655][T12498] imon:imon_probe: failed to initialize context! [ 630.509745][T12498] imon 6-1:0.0: unable to register, err -19 [ 630.564713][T12498] usb 6-1: USB disconnect, device number 10 [ 630.768622][ T5741] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 630.928428][ T5741] usb 4-1: Using ep0 maxpacket: 16 [ 630.941928][ T5741] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 630.959389][ T5741] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 630.971653][ T5741] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 630.982438][ T5741] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 630.994878][ T5741] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 631.024307][ T5741] usb 4-1: config 1 interface 0 has no altsetting 0 [ 631.043650][ T5741] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 631.055216][ T5741] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 631.086759][ T5741] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 631.884219][T13308] syzkaller1: entered promiscuous mode [ 631.911465][T13308] syzkaller1: entered allmulticast mode [ 632.016517][T13308] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1952'. [ 632.077383][T13299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 632.089783][T13299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 632.622677][ T5741] ums-sddr09 4-1:1.0: probe with driver ums-sddr09 failed with error -22 [ 632.681019][ T5741] usb 4-1: USB disconnect, device number 57 [ 633.087441][T13322] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1957'. [ 633.098159][T13322] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1957'. [ 633.108827][T12498] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 633.279679][T12498] usb 1-1: Using ep0 maxpacket: 16 [ 633.291353][T12498] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 633.326030][T12498] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 633.358974][T12498] usb 1-1: New USB device found, idVendor=05ac, idProduct=027c, bcdDevice= 0.00 [ 633.371000][T12498] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.408183][T12498] usb 1-1: config 0 descriptor?? [ 633.459195][T13329] SELinux: policydb table sizes (8,3) do not match mine (8,7) [ 633.487423][T13329] SELinux: failed to load policy [ 633.624946][T12498] apple 0003:05AC:027C.0013: unknown main item tag 0x3 [ 633.651931][T12498] apple 0003:05AC:027C.0013: unknown main item tag 0x4 [ 633.675207][T12498] apple 0003:05AC:027C.0013: reserved main item tag 0xd [ 633.702605][T12498] apple 0003:05AC:027C.0013: hidraw0: USB HID v0.81 Device [HID 05ac:027c] on usb-dummy_hcd.0-1/input0 [ 633.824833][T12498] usb 1-1: USB disconnect, device number 58 [ 633.886379][T13336] fido_id[13336]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 634.336803][T13348] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1963'. [ 634.434440][T13348] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1963'. [ 634.806346][T13356] io-wq is not configured for unbound workers [ 637.509195][ T5739] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 637.645028][T13389] hsr0 speed is unknown, defaulting to 1000 [ 637.698865][ T5739] usb 1-1: Using ep0 maxpacket: 16 [ 637.714452][ T5739] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 637.739268][ T5739] usb 1-1: config 0 interface 0 has no altsetting 0 [ 637.762338][ T5739] usb 1-1: New USB device found, idVendor=15c2, idProduct=0045, bcdDevice=1f.20 [ 637.774686][ T5739] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.796744][ T5739] usb 1-1: Product: syz [ 637.817053][ T5739] usb 1-1: Manufacturer: syz [ 637.835024][ T5739] usb 1-1: SerialNumber: syz [ 637.862771][ T5739] usb 1-1: config 0 descriptor?? [ 638.157208][T13396] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1976'. [ 638.166178][T13396] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1976'. [ 638.225647][ T5739] input: iMON Panel, Knob and Mouse(15c2:0045) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input28 [ 638.330658][ C0] imon 1-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 639.198375][ T5739] imon:send_packet: packet tx failed (-71) [ 639.228406][ T5739] imon 1-1:0.0: panel buttons/knobs setup failed [ 639.232608][T13379] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1972'. [ 639.408742][ T5739] rc_core: IR keymap rc-imon-pad not found [ 639.415142][ T5739] Registered IR keymap rc-empty [ 639.438692][ T5739] imon 1-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 639.500012][ T5739] imon 1-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 639.531724][ T5739] imon:send_packet: packet tx failed (-71) [ 639.583761][ T5739] imon 1-1:0.0: remote input dev register failed [ 639.622202][ T5739] imon 1-1:0.0: imon_init_intf0: rc device setup failed [ 639.689447][T13407] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1980'. [ 639.699109][ T5739] imon 1-1:0.0: unable to initialize intf0, err 0 [ 639.721981][ T5739] imon:imon_probe: failed to initialize context! [ 639.746960][ T5739] imon 1-1:0.0: unable to register, err -19 [ 639.784249][ T5739] usb 1-1: USB disconnect, device number 59 [ 639.868898][ T30] audit: type=1400 audit(1781077478.436:1645): avc: denied { ioctl } for pid=13409 comm="syz.3.1981" path="/dev/ptyqa" dev="devtmpfs" ino=129 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 640.150367][ T5739] usb 1-1: new full-speed USB device number 60 using dummy_hcd [ 640.213493][T13415] xt_hashlimit: size too large, truncated to 1048576 [ 640.220330][T13416] xt_hashlimit: size too large, truncated to 1048576 [ 640.976903][T13431] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1988'. [ 640.995683][T13431] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1988'. [ 641.008798][ T5739] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 641.179902][ T5739] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 641.202920][ T5739] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 641.244342][ T5739] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 641.266058][ T5739] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.275340][ T5739] usb 1-1: Product: syz [ 641.282766][ T5739] usb 1-1: Manufacturer: syz [ 641.288187][ T5739] usb 1-1: SerialNumber: syz [ 641.311471][T13440] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 641.418900][T12515] kernel write not supported for file [eventfd] (pid: 12515 comm: kworker/0:13) [ 641.445828][ T5739] cdc_mbim 1-1:1.0: skipping garbage [ 641.710832][T13425] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 641.785433][T13449] FAULT_INJECTION: forcing a failure. [ 641.785433][T13449] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 642.550800][T13449] CPU: 1 UID: 0 PID: 13449 Comm: syz.3.1992 Tainted: G L syzkaller #0 PREEMPT(full) [ 642.550829][T13449] Tainted: [L]=SOFTLOCKUP [ 642.550836][T13449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 642.550845][T13449] Call Trace: [ 642.550851][T13449] [ 642.550857][T13449] dump_stack_lvl+0x100/0x190 [ 642.550883][T13449] should_fail_ex.cold+0x5/0xa [ 642.550908][T13449] _copy_from_user+0x2e/0xd0 [ 642.550929][T13449] copy_msghdr_from_user+0x9f/0x4f0 [ 642.550952][T13449] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 642.550984][T13449] ___sys_sendmsg+0x106/0x1e0 [ 642.551006][T13449] ? __pfx____sys_sendmsg+0x10/0x10 [ 642.551054][T13449] __sys_sendmsg+0x170/0x220 [ 642.551081][T13449] ? __pfx___sys_sendmsg+0x10/0x10 [ 642.551114][T13449] ? trace_irq_enable.constprop.0+0x31/0x160 [ 642.551140][T13449] ? rcu_is_watching+0x12/0xc0 [ 642.551168][T13449] do_syscall_64+0x115/0x870 [ 642.551189][T13449] ? clear_bhb_loop+0x40/0x90 [ 642.551214][T13449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.551232][T13449] RIP: 0033:0x7f77c3f9ce59 [ 642.551247][T13449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 642.551265][T13449] RSP: 002b:00007f77c4e83028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 642.551282][T13449] RAX: ffffffffffffffda RBX: 00007f77c4215fa0 RCX: 00007f77c3f9ce59 [ 642.551293][T13449] RDX: 0000000024008084 RSI: 0000200000000300 RDI: 0000000000000003 [ 642.551304][T13449] RBP: 00007f77c4e83090 R08: 0000000000000000 R09: 0000000000000000 [ 642.551315][T13449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 642.551325][T13449] R13: 00007f77c4216038 R14: 00007f77c4215fa0 R15: 00007ffe9a0b1e88 [ 642.551349][T13449] [ 642.758164][T13456] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1993'. [ 642.865413][T13459] openvswitch: netlink: IP tunnel dst address not specified [ 642.977545][T13463] 9p: Bad value for 'wfdno' [ 643.002449][T13425] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 643.011201][ T5739] cdc_mbim 1-1:1.0: setting tx_max = 16384 [ 643.019024][ T5739] cdc_mbim 1-1:1.0: cdc-wdm0: USB WDM device [ 643.056452][ T5739] wwan wwan0: port wwan0mbim0 attached [ 643.097707][ T5739] cdc_mbim 1-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 7e:83:fb:b5:d4:94 [ 643.168404][T12515] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 643.270170][T13465] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 643.348440][T12515] usb 4-1: Using ep0 maxpacket: 16 [ 643.473453][T12515] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 643.496356][T12515] usb 4-1: config 0 interface 0 has no altsetting 0 [ 643.512579][T12515] usb 4-1: New USB device found, idVendor=15c2, idProduct=0045, bcdDevice=1f.20 [ 643.525410][T12515] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.536814][T13469] overlayfs: failed to resolve './file0': -2 [ 643.548956][T12515] usb 4-1: Product: syz [ 643.564747][T12515] usb 4-1: Manufacturer: syz [ 643.711562][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 643.718250][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 643.725035][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 643.731695][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 643.738518][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 643.745173][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 643.751900][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 643.758550][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 643.765312][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 643.771967][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 643.779374][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 643.786029][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 643.792796][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 643.794634][T13473] netlink: 'syz.4.1999': attribute type 11 has an invalid length. [ 643.799471][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 643.800603][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 643.820650][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 643.828642][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 643.835303][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 643.842077][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 643.848741][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 643.856226][T12515] usb 4-1: SerialNumber: syz [ 643.885713][T12515] usb 4-1: config 0 descriptor?? [ 644.011935][T13465] overlayfs: failed to clone upperpath [ 644.137476][ C0] imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 644.153166][T12515] input: iMON Panel, Knob and Mouse(15c2:0045) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input30 [ 644.302670][T12515] imon:send_packet: packet tx failed (-71) [ 644.338702][T12515] imon 4-1:0.0: panel buttons/knobs setup failed [ 644.410962][ T5739] usb 1-1: USB disconnect, device number 61 [ 645.262430][ T5739] cdc_mbim 1-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM [ 645.278336][T12515] rc_core: IR keymap rc-imon-pad not found [ 645.290753][T12515] Registered IR keymap rc-empty [ 645.297274][T12515] imon 4-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 645.311695][T12515] imon 4-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 645.324672][T12515] imon:send_packet: packet tx failed (-71) [ 645.348490][T12515] imon 4-1:0.0: remote input dev register failed [ 645.356343][T12515] imon 4-1:0.0: imon_init_intf0: rc device setup failed [ 645.514297][T12515] imon 4-1:0.0: unable to initialize intf0, err 0 [ 645.534379][T12515] imon:imon_probe: failed to initialize context! [ 645.551025][T12515] imon 4-1:0.0: unable to register, err -19 [ 645.585233][T12515] usb 4-1: USB disconnect, device number 58 [ 646.405539][ T30] audit: type=1400 audit(1781077484.976:1646): avc: denied { write } for pid=13470 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 646.635619][ T5739] wwan wwan0: port wwan0mbim0 disconnected [ 646.663443][T13514] syzkaller1: entered promiscuous mode [ 646.705133][T13514] syzkaller1: entered allmulticast mode [ 646.750114][T13518] netlink: 'syz.4.2006': attribute type 2 has an invalid length. [ 646.757887][T13518] netlink: 'syz.4.2006': attribute type 2 has an invalid length. [ 646.776734][T13518] netlink: 'syz.4.2006': attribute type 1 has an invalid length. [ 646.810539][T13518] bond3: entered promiscuous mode [ 646.815823][T13518] 8021q: adding VLAN 0 to HW filter on device bond3 [ 646.948400][T12492] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 647.128206][ T30] audit: type=1400 audit(1781077485.696:1647): avc: denied { write } for pid=13524 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 647.238827][T12492] usb 6-1: Using ep0 maxpacket: 16 [ 647.257875][T12492] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 647.291160][T12492] usb 6-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 647.313539][T12492] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.330389][T12492] usb 6-1: Product: syz [ 647.342838][T12492] usb 6-1: Manufacturer: syz [ 647.351564][T12492] usb 6-1: SerialNumber: syz [ 647.392026][T12492] usb 6-1: config 0 descriptor?? [ 647.425777][T12492] hub 6-1:0.0: bad descriptor, ignoring hub [ 647.442222][T12492] hub 6-1:0.0: probe with driver hub failed with error -5 [ 647.487943][T12492] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 648.013396][T12492] usb 6-1: USB disconnect, device number 11 [ 648.207602][T13545] tipc: Failed to remove unknown binding: 66,0,0/0:2473832880/2473832881 [ 648.397963][T13549] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 648.849558][T13560] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 649.648546][ T30] audit: type=1326 audit(1781077488.216:1648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13548 comm="syz.3.2014" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f77c3f9ce59 code=0x0 [ 649.817130][ T30] audit: type=1400 audit(1781077488.386:1649): avc: denied { write } for pid=13530 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 650.183806][T13576] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2022'. [ 650.205646][ T30] audit: type=1400 audit(1781077488.776:1650): avc: denied { write } for pid=13572 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 650.220120][T13576] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2022'. [ 650.627144][T13584] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 652.920849][T13607] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2027'. [ 654.852075][T13623] gfs2: error -5 reading superblock [ 655.621281][T13626] macvtap1: entered promiscuous mode [ 655.652743][T13626] macvtap1: entered allmulticast mode [ 655.681371][T13626] veth1_vlan: entered allmulticast mode [ 655.916912][T13625] macvtap2: entered promiscuous mode [ 655.955080][T13625] macvtap2: entered allmulticast mode [ 656.369994][T13635] o2cb: This node has not been configured. [ 656.377007][T13635] o2cb: Cluster check failed. Fix errors before retrying. [ 656.384252][T13635] (syz.4.2036,13635,1):user_dlm_register:674 ERROR: status = -22 [ 656.392001][T13635] (syz.4.2036,13635,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0" [ 656.415598][ T30] audit: type=1400 audit(1781077494.936:1651): avc: denied { write } for pid=13633 comm="syz.4.2036" name="/" dev="ocfs2_dlmfs" ino=37271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 656.523471][ T30] audit: type=1400 audit(1781077494.946:1652): avc: denied { add_name } for pid=13633 comm="syz.4.2036" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 656.602938][ T30] audit: type=1400 audit(1781077494.946:1653): avc: denied { create } for pid=13633 comm="syz.4.2036" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 656.670937][T13637] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2035'. [ 656.694605][ T30] audit: type=1400 audit(1781077494.946:1654): avc: denied { associate } for pid=13633 comm="syz.4.2036" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 656.750296][ T30] audit: type=1400 audit(1781077494.946:1655): avc: denied { map } for pid=13633 comm="syz.4.2036" path="socket:[37270]" dev="sockfs" ino=37270 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 658.859377][ T5741] usb 1-1: new high-speed USB device number 62 using dummy_hcd [ 659.102944][ T5741] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 659.196435][ T5741] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 659.277637][ T5741] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 659.324520][ T5741] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.347589][T13666] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 659.370127][ T5741] usb 1-1: Product: syz [ 659.393477][ T5741] usb 1-1: Manufacturer: syz [ 660.089158][T13666] overlayfs: failed to clone upperpath [ 660.345250][ T5741] usb 1-1: SerialNumber: syz [ 660.525013][ T5741] cdc_mbim 1-1:1.0: skipping garbage [ 661.037396][T13662] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 662.468694][T13662] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 662.494664][ T5741] cdc_mbim 1-1:1.0: setting tx_max = 16384 [ 662.504618][ T5741] cdc_mbim 1-1:1.0: cdc-wdm0: USB WDM device [ 662.517600][ T5741] wwan wwan0: port wwan0mbim0 attached [ 662.535591][ T5741] cdc_mbim 1-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, fe:79:dc:57:c8:46 [ 662.698435][ T804] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 662.787969][T13686] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2048'. [ 662.814415][ C0] wdm_int_callback: 2843 callbacks suppressed [ 662.814432][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 662.827154][ C0] wdm_int_callback: 2843 callbacks suppressed [ 662.827166][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 662.840569][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 662.847225][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 662.854035][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 662.860688][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 662.867373][T13686] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2048'. [ 662.867533][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 662.867544][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 662.876896][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 662.876911][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 662.883878][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 662.883889][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 662.890335][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 662.890347][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 662.897268][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 662.897280][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 662.904045][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 662.904067][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 662.911386][ C0] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 662.911406][ C0] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 663.018550][ T804] usb 4-1: Using ep0 maxpacket: 32 [ 663.045093][ T5741] usb 1-1: USB disconnect, device number 62 [ 663.051655][ T5741] cdc_mbim 1-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM [ 663.083383][ T804] usb 4-1: config 4 has an invalid interface number: 169 but max is 0 [ 663.129653][ T804] usb 4-1: config 4 contains an unexpected descriptor of type 0x2, skipping [ 663.179072][ T804] usb 4-1: config 4 has no interface number 0 [ 663.210782][ T804] usb 4-1: config 4 interface 169 altsetting 6 endpoint 0xE has invalid wMaxPacketSize 0 [ 663.281015][ T5741] wwan wwan0: port wwan0mbim0 disconnected [ 663.320952][ T804] usb 4-1: config 4 interface 169 altsetting 6 bulk endpoint 0xE has invalid maxpacket 0 [ 663.352769][ T804] usb 4-1: config 4 interface 169 altsetting 6 endpoint 0xD has an invalid bInterval 33, changing to 9 [ 663.398702][ T804] usb 4-1: config 4 interface 169 altsetting 6 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 663.468127][ T804] usb 4-1: config 4 interface 169 altsetting 6 has an endpoint descriptor with address 0xBC, changing to 0x8C [ 663.529775][ T804] usb 4-1: config 4 interface 169 altsetting 6 has a duplicate endpoint with address 0x8C, skipping [ 663.593656][ T804] usb 4-1: config 4 interface 169 altsetting 6 has a duplicate endpoint with address 0x2, skipping [ 663.673489][ T804] usb 4-1: config 4 interface 169 altsetting 6 has 9 endpoint descriptors, different from the interface descriptor's value: 8 [ 663.739676][ T804] usb 4-1: config 4 interface 169 has no altsetting 0 [ 663.788845][ T804] usb 4-1: New USB device found, idVendor=0b57, idProduct=e6d7, bcdDevice=32.78 [ 663.847236][ T804] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.154085][ T804] usb 4-1: Product: syz [ 664.178765][ T804] usb 4-1: Manufacturer: syz [ 664.199187][ T30] audit: type=1400 audit(1781077502.756:1656): avc: denied { write } for pid=13690 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 664.281829][ T804] usb 4-1: SerialNumber: syz [ 664.415162][T13713] PKCS8: Unsupported PKCS#8 version [ 664.531153][ T804] usbhid 4-1:4.169: couldn't find an input interrupt endpoint [ 664.621495][ T804] usb 4-1: USB disconnect, device number 60 [ 664.873023][ T30] audit: type=1400 audit(1781077503.446:1657): avc: denied { listen } for pid=13714 comm="syz.3.2051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 664.958062][T13719] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 664.972905][ T30] audit: type=1400 audit(1781077503.526:1658): avc: denied { accept } for pid=13714 comm="syz.3.2051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 665.043359][ T30] audit: type=1400 audit(1781077503.546:1659): avc: denied { write } for pid=13716 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 667.758649][T12515] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 668.200038][T13727] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 668.394791][ T30] audit: type=1400 audit(1781077506.956:1660): avc: denied { write } for pid=13724 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 670.771470][ T30] audit: type=1400 audit(1781077509.346:1661): avc: denied { write } for pid=13744 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 671.068382][T13753] netlink: 'syz.4.2059': attribute type 1 has an invalid length. [ 671.177536][T13755] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2059'. [ 671.338494][T13753] 8021q: adding VLAN 0 to HW filter on device bond4 [ 671.417342][T13756] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode [ 671.474324][T13761] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2055'. [ 671.539564][T13761] netlink: 292 bytes leftover after parsing attributes in process `syz.5.2055'. [ 671.551949][T13756] bond4: (slave wlan0): Enslaving as an active interface with a down link [ 671.815293][T13772] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 671.866394][T13753] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 671.922434][T13753] bond4: (slave batadv0): making interface the new active one [ 673.432324][T13774] 9p: Could not find request transport: fd0xffffffffffffffff [ 673.593852][T13753] batadv0: entered promiscuous mode [ 673.623051][T13753] bond4: (slave batadv0): Enslaving as an active interface with an up link [ 673.968324][T13785] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 675.267750][T13785] overlayfs: failed to clone upperpath [ 675.695448][T13795] hsr0 speed is unknown, defaulting to 1000 [ 675.835156][T13802] fuse: fd is not a fuse device [ 675.840679][ T5741] usb 1-1: new high-speed USB device number 63 using dummy_hcd [ 676.008991][ T5741] usb 1-1: Using ep0 maxpacket: 8 [ 676.025672][ T5741] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 676.248200][ T5741] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.289974][ T5741] pvrusb2: Hardware description: Terratec Grabster AV400 [ 676.322247][ T5741] pvrusb2: ********** [ 676.338934][ T5741] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 676.397108][ T5741] pvrusb2: Important functionality might not be entirely working. [ 676.493613][ T5741] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 676.530706][ T5741] pvrusb2: ********** [ 676.599787][T13797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 676.659592][T13797] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 676.904757][T13797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 676.924259][T13797] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 677.088426][T12492] usb 4-1: new full-speed USB device number 62 using dummy_hcd [ 677.260329][T12492] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 677.312631][T12492] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 677.347266][T12492] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.379738][T12492] usb 4-1: Product: syz [ 677.405210][T12492] usb 4-1: Manufacturer: syz [ 677.418802][T12492] usb 4-1: SerialNumber: syz [ 677.465968][T12492] usb 4-1: config 0 descriptor?? [ 677.620086][ T2363] pvrusb2: Invalid write control endpoint [ 677.824716][ T2363] pvrusb2: Invalid write control endpoint [ 677.897697][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 677.916637][T12492] keyspan 4-1:0.0: Keyspan 1 port adapter converter detected [ 677.928428][T12492] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 82 [ 677.958605][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 677.985978][T12492] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81 [ 678.006093][T12492] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1 [ 678.011452][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 678.021263][T12492] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2 [ 678.065840][T12492] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 678.092711][ T2363] pvrusb2: Device being rendered inoperable [ 678.101625][T13820] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 678.112499][T12492] usb 4-1: USB disconnect, device number 62 [ 678.126431][T13797] pvrusb2: Attempted to execute control transfer when device not ok [ 678.168651][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 678.197664][T12492] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 678.203124][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_i) [ 679.427420][T12492] keyspan 4-1:0.0: device disconnected [ 679.450146][T12498] usb 1-1: USB disconnect, device number 63 [ 679.554421][ T2363] pvrusb2: Attached sub-driver cx25840 [ 679.597112][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 679.657845][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 679.722011][ T30] audit: type=1400 audit(1781077518.286:1662): avc: denied { cmd } for pid=13825 comm="syz.3.2072" path="/dev/ublk-control" dev="devtmpfs" ino=697 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=io_uring permissive=1 [ 680.200273][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 680.207297][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 680.309105][T12498] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 680.611652][T12498] usb 1-1: Using ep0 maxpacket: 16 [ 680.654182][T12498] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 680.712013][T12498] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 680.765933][T12498] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 680.822683][T12498] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 680.871820][T12498] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 680.924000][T12498] usb 1-1: config 1 interface 0 has no altsetting 0 [ 680.953179][T12498] usb 1-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 681.004303][T12498] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.127287][T12498] ums-sddr09 1-1:1.0: USB Mass Storage device detected [ 681.508905][T12492] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 681.713608][T12492] usb 4-1: Using ep0 maxpacket: 8 [ 681.737636][T12492] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 681.764962][T12492] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 681.785121][T12492] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.826409][T12492] usb 4-1: config 0 descriptor?? [ 682.095708][T12492] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 682.983728][T12492] usb 4-1: USB disconnect, device number 63 [ 683.054341][T13846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 683.086167][T13846] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 683.198399][ T804] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 683.244802][T13854] xt_cluster: you have exceeded the maximum number of cluster nodes (524288 > 32) [ 683.274061][T13855] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2077'. [ 683.309050][T13854] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2077'. [ 683.378428][ T804] usb 6-1: Using ep0 maxpacket: 32 [ 683.405457][ T804] usb 6-1: config 4 has an invalid interface number: 169 but max is 0 [ 683.442685][ T804] usb 6-1: config 4 contains an unexpected descriptor of type 0x2, skipping [ 683.473356][T13858] bond5 (unregistering): Released all slaves [ 683.479876][ T804] usb 6-1: config 4 has no interface number 0 [ 683.487820][ T804] usb 6-1: config 4 interface 169 altsetting 6 endpoint 0xE has invalid wMaxPacketSize 0 [ 683.521921][T13855] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 683.550750][ T804] usb 6-1: config 4 interface 169 altsetting 6 bulk endpoint 0xE has invalid maxpacket 0 [ 683.619970][ T804] usb 6-1: config 4 interface 169 altsetting 6 endpoint 0xD has an invalid bInterval 33, changing to 9 [ 683.660311][ T804] usb 6-1: config 4 interface 169 altsetting 6 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 683.702654][T12498] ums-sddr09 1-1:1.0: probe with driver ums-sddr09 failed with error -22 [ 683.711392][ T804] usb 6-1: config 4 interface 169 altsetting 6 has an endpoint descriptor with address 0xBC, changing to 0x8C [ 683.743248][ T804] usb 6-1: config 4 interface 169 altsetting 6 has a duplicate endpoint with address 0x8C, skipping [ 683.758083][T12498] usb 1-1: USB disconnect, device number 64 [ 683.775422][ T804] usb 6-1: config 4 interface 169 altsetting 6 has a duplicate endpoint with address 0x2, skipping [ 683.851364][ T804] usb 6-1: config 4 interface 169 altsetting 6 has 9 endpoint descriptors, different from the interface descriptor's value: 8 [ 683.875009][ T804] usb 6-1: config 4 interface 169 has no altsetting 0 [ 683.881207][T13869] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 683.909000][ T804] usb 6-1: New USB device found, idVendor=0b57, idProduct=e6d7, bcdDevice=32.78 [ 683.918346][ T5796] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 683.937229][ T804] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 683.946141][ T804] usb 6-1: Product: syz [ 683.953718][ T804] usb 6-1: Manufacturer: syz [ 683.961971][ T804] usb 6-1: SerialNumber: syz [ 684.619343][T13869] overlayfs: failed to clone upperpath [ 685.418376][ T5796] usb 4-1: Using ep0 maxpacket: 16 [ 685.425863][ T5796] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 685.436311][ T5796] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 685.446724][ T5796] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 685.457122][ T5796] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 685.536360][ T5796] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 685.581942][ T5796] usb 4-1: config 1 interface 0 has no altsetting 0 [ 685.604818][ T5796] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 685.619775][T13875] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 685.628577][ T5796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.299146][T13875] overlayfs: failed to clone upperpath [ 687.182599][T12490] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 687.245439][ T804] usbhid 6-1:4.169: couldn't find an input interrupt endpoint [ 687.253469][ T5796] usb 4-1: can't set config #1, error -71 [ 687.294208][ T5796] usb 4-1: USB disconnect, device number 64 [ 687.335739][ T804] usb 6-1: USB disconnect, device number 12 [ 687.348821][T12490] usb 1-1: Using ep0 maxpacket: 8 [ 687.366255][T13880] FAULT_INJECTION: forcing a failure. [ 687.366255][T13880] name failslab, interval 1, probability 0, space 0, times 0 [ 687.385063][T12490] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 687.394992][T12490] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.411185][T13880] CPU: 0 UID: 0 PID: 13880 Comm: syz.5.2086 Tainted: G L syzkaller #0 PREEMPT(full) [ 687.411208][T13880] Tainted: [L]=SOFTLOCKUP [ 687.411212][T13880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 687.411219][T13880] Call Trace: [ 687.411224][T13880] [ 687.411229][T13880] dump_stack_lvl+0x100/0x190 [ 687.411246][T13880] should_fail_ex.cold+0x5/0xa [ 687.411261][T13880] should_failslab+0xc2/0x120 [ 687.411274][T13880] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 687.411292][T13880] ? alloc_empty_file+0x5b/0x1c0 [ 687.411309][T13880] ? __pfx_stack_trace_save+0x10/0x10 [ 687.411323][T13880] alloc_empty_file+0x5b/0x1c0 [ 687.411340][T13880] path_openat+0xe8/0x31a0 [ 687.411354][T13880] ? kasan_save_stack+0x3f/0x50 [ 687.411364][T13880] ? kasan_save_stack+0x30/0x50 [ 687.411374][T13880] ? kasan_save_track+0x14/0x30 [ 687.411383][T13880] ? __kasan_slab_alloc+0x89/0x90 [ 687.411394][T13880] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 687.411411][T13880] ? do_getname+0x35/0x390 [ 687.411427][T13880] ? do_sys_openat2+0xc5/0x1e0 [ 687.411442][T13880] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.411456][T13880] ? __pfx_path_openat+0x10/0x10 [ 687.411479][T13880] do_file_open+0x20e/0x430 [ 687.411495][T13880] ? __pfx_do_file_open+0x10/0x10 [ 687.411510][T13880] ? irqentry_exit+0x24d/0x970 [ 687.411534][T13880] ? alloc_fd+0x476/0x790 [ 687.411550][T13880] ? do_getname+0x191/0x390 [ 687.411568][T13880] do_sys_openat2+0x10d/0x1e0 [ 687.411585][T13880] ? __pfx_do_sys_openat2+0x10/0x10 [ 687.411601][T13880] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 687.411619][T13880] ? __fget_files+0x21f/0x3d0 [ 687.411635][T13880] __x64_sys_openat+0x12d/0x210 [ 687.411653][T13880] ? __pfx___x64_sys_openat+0x10/0x10 [ 687.411669][T13880] ? ksys_write+0x1ac/0x250 [ 687.411683][T13880] ? rcu_is_watching+0x12/0xc0 [ 687.411702][T13880] do_syscall_64+0x115/0x870 [ 687.411716][T13880] ? clear_bhb_loop+0x40/0x90 [ 687.411729][T13880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.411741][T13880] RIP: 0033:0x7fd0fb35d68e [ 687.411752][T13880] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 687.411768][T13880] RSP: 002b:00007fd0fc2c2b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 687.411785][T13880] RAX: ffffffffffffffda RBX: 00007fd0fc2c36c0 RCX: 00007fd0fb35d68e [ 687.411793][T13880] RDX: 0000000000000002 RSI: 00007fd0fc2c2c00 RDI: ffffffffffffff9c [ 687.411800][T13880] RBP: 00007fd0fc2c3090 R08: 0000000000000000 R09: 0000000000000000 [ 687.411807][T13880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 687.411813][T13880] R13: 00007fd0fb616038 R14: 00007fd0fb615fa0 R15: 00007ffc51318388 [ 687.411828][T13880] [ 687.922905][T12490] pvrusb2: Hardware description: Terratec Grabster AV400 [ 687.930465][T12490] pvrusb2: ********** [ 687.934608][T12490] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 687.945675][T12490] pvrusb2: Important functionality might not be entirely working. [ 687.954659][T12490] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 687.966780][T12490] pvrusb2: ********** [ 688.151638][T13873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 688.189049][T13873] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 688.263830][T13888] hsr0 speed is unknown, defaulting to 1000 [ 688.430044][T13873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 688.467369][T13873] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 689.214430][ T2363] pvrusb2: Invalid write control endpoint [ 689.318494][T13906] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 690.020619][T13873] pvrusb2: Invalid write control endpoint [ 690.086127][ T2363] pvrusb2: Invalid write control endpoint [ 690.112041][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 690.122398][ T804] usb 1-1: USB disconnect, device number 65 [ 690.147590][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 690.166870][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 690.203139][ T2363] pvrusb2: Device being rendered inoperable [ 690.219978][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 690.237486][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_i) [ 691.312823][ T2363] pvrusb2: Attached sub-driver cx25840 [ 691.332166][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 691.403539][T13912] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2093'. [ 691.417186][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 691.605091][T13924] FAULT_INJECTION: forcing a failure. [ 691.605091][T13924] name failslab, interval 1, probability 0, space 0, times 0 [ 691.672191][T13924] CPU: 0 UID: 0 PID: 13924 Comm: syz.0.2096 Tainted: G L syzkaller #0 PREEMPT(full) [ 691.672218][T13924] Tainted: [L]=SOFTLOCKUP [ 691.672225][T13924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 691.672234][T13924] Call Trace: [ 691.672240][T13924] [ 691.672246][T13924] dump_stack_lvl+0x100/0x190 [ 691.672271][T13924] should_fail_ex.cold+0x5/0xa [ 691.672296][T13924] should_failslab+0xc2/0x120 [ 691.672315][T13924] __kmalloc_cache_noprof+0x7a/0x6f0 [ 691.672337][T13924] ? fscontext_alloc_log+0x4a/0x1b0 [ 691.672359][T13924] fscontext_alloc_log+0x4a/0x1b0 [ 691.672378][T13924] __x64_sys_fsopen+0x159/0x220 [ 691.672396][T13924] do_syscall_64+0x115/0x870 [ 691.672418][T13924] ? clear_bhb_loop+0x40/0x90 [ 691.672437][T13924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 691.672453][T13924] RIP: 0033:0x7f533c39ce59 [ 691.672467][T13924] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 691.672482][T13924] RSP: 002b:00007f533d18d028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 691.672499][T13924] RAX: ffffffffffffffda RBX: 00007f533c615fa0 RCX: 00007f533c39ce59 [ 691.672509][T13924] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000280 [ 691.672519][T13924] RBP: 00007f533d18d090 R08: 0000000000000000 R09: 0000000000000000 [ 691.672528][T13924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 691.672538][T13924] R13: 00007f533c616038 R14: 00007f533c615fa0 R15: 00007ffef2ca1bb8 [ 691.672561][T13924] [ 691.871369][T13927] netlink: 'syz.4.2097': attribute type 1 has an invalid length. [ 691.948218][T13924] PKCS8: Unsupported PKCS#8 version [ 692.761899][T13927] 8021q: adding VLAN 0 to HW filter on device bond5 [ 692.895508][T13932] bond5: (slave geneve2): making interface the new active one [ 692.943954][T13932] bond5: (slave geneve2): Enslaving as an active interface with an up link [ 693.278649][T10875] batadv0: left promiscuous mode [ 693.869924][T10876] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x2 [ 693.882920][T13946] QAT: Device 225 not found [ 694.048344][T12497] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 694.074993][ T30] audit: type=1400 audit(1781077532.646:1663): avc: denied { map } for pid=13959 comm="syz.2.2108" path="socket:[38490]" dev="sockfs" ino=38490 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 694.262991][ T30] audit: type=1400 audit(1781077532.766:1664): avc: denied { mount } for pid=13959 comm="syz.2.2108" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 694.381746][T12497] usb 4-1: Using ep0 maxpacket: 8 [ 694.402912][T12497] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 694.454640][T12497] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 694.532320][T12497] pvrusb2: Hardware description: Terratec Grabster AV400 [ 694.569358][T12497] pvrusb2: ********** [ 694.585192][T12497] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 694.642376][T12497] pvrusb2: Important functionality might not be entirely working. [ 694.694402][T12497] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 694.727715][T13956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 694.745900][T12497] pvrusb2: ********** [ 694.783967][T13956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 694.840210][T13964] netlink: 'syz.4.2109': attribute type 1 has an invalid length. [ 695.034039][T13956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 695.077721][T13956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 695.110560][T13967] hsr0 speed is unknown, defaulting to 1000 [ 695.421600][T13977] FAULT_INJECTION: forcing a failure. [ 695.421600][T13977] name failslab, interval 1, probability 0, space 0, times 0 [ 695.435840][T13977] CPU: 0 UID: 0 PID: 13977 Comm: syz.5.2110 Tainted: G L syzkaller #0 PREEMPT(full) [ 695.435868][T13977] Tainted: [L]=SOFTLOCKUP [ 695.435875][T13977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 695.435885][T13977] Call Trace: [ 695.435892][T13977] [ 695.435899][T13977] dump_stack_lvl+0x100/0x190 [ 695.435925][T13977] should_fail_ex.cold+0x5/0xa [ 695.435950][T13977] ? tomoyo_encode2+0xfb/0x3c0 [ 695.435975][T13977] should_failslab+0xc2/0x120 [ 695.435995][T13977] __kmalloc_noprof+0xe0/0x850 [ 695.436027][T13977] tomoyo_encode2+0xfb/0x3c0 [ 695.436053][T13977] ? tomoyo_realpath_from_path+0x438/0x690 [ 695.436083][T13977] tomoyo_encode+0x29/0x50 [ 695.436108][T13977] tomoyo_realpath_from_path+0x18c/0x690 [ 695.436140][T13977] tomoyo_path_number_perm+0x23c/0x580 [ 695.436162][T13977] ? tomoyo_path_number_perm+0x22e/0x580 [ 695.436187][T13977] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 695.436235][T13977] ? find_held_lock+0x2b/0x80 [ 695.436251][T13977] ? __fget_files+0x215/0x3d0 [ 695.436272][T13977] ? hook_file_ioctl_common+0x149/0x410 [ 695.436290][T13977] ? __fget_files+0x215/0x3d0 [ 695.436317][T13977] ? __fget_files+0x21f/0x3d0 [ 695.436342][T13977] security_file_ioctl+0xd3/0x230 [ 695.436369][T13977] __x64_sys_ioctl+0xb7/0x210 [ 695.436389][T13977] do_syscall_64+0x115/0x870 [ 695.436411][T13977] ? clear_bhb_loop+0x40/0x90 [ 695.436434][T13977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.436451][T13977] RIP: 0033:0x7fd0fb39ce59 [ 695.436471][T13977] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 695.436488][T13977] RSP: 002b:00007fd0fc281028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.436505][T13977] RAX: ffffffffffffffda RBX: 00007fd0fb616180 RCX: 00007fd0fb39ce59 [ 695.436517][T13977] RDX: 0000200000000040 RSI: 00000000c0040d07 RDI: 0000000000000009 [ 695.436527][T13977] RBP: 00007fd0fc281090 R08: 0000000000000000 R09: 0000000000000000 [ 695.436538][T13977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 695.436548][T13977] R13: 00007fd0fb616218 R14: 00007fd0fb616180 R15: 00007ffc51318388 [ 695.436573][T13977] [ 695.436742][T13977] ERROR: Out of memory at tomoyo_realpath_from_path. [ 695.679546][T13975] erofs (device nullb0): cannot find valid erofs superblock [ 696.523120][ T2363] pvrusb2: Invalid write control endpoint [ 696.694208][T13984] netlink: 'syz.2.2114': attribute type 13 has an invalid length. [ 696.706252][T13970] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 696.744536][T13956] pvrusb2: Invalid write control endpoint [ 696.771302][T13984] netlink: 'syz.2.2114': attribute type 17 has an invalid length. [ 696.831437][ T2363] pvrusb2: Invalid write control endpoint [ 696.873423][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 696.883084][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 696.890621][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 696.917688][ T2363] pvrusb2: Device being rendered inoperable [ 696.920725][ T30] audit: type=1400 audit(1781077535.456:1665): avc: denied { call } for pid=13981 comm="syz.5.2112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 697.006015][T12497] usb 4-1: USB disconnect, device number 65 [ 697.118378][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 697.170735][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_i) [ 697.192008][T13992] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2115'. [ 697.227611][ T2363] pvrusb2: Attached sub-driver cx25840 [ 697.296933][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 697.371470][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 697.872045][T14004] binder: 14003:14004 ioctl c0306201 2000000001c0 returned -14 [ 700.799941][T14023] tipc: Started in network mode [ 700.813388][T14023] tipc: Node identity a6727f966647, cluster identity 4711 [ 700.856206][T14023] tipc: Enabled bearer , priority 0 [ 700.885677][T14024] syzkaller0: entered promiscuous mode [ 700.918432][T14024] syzkaller0: entered allmulticast mode [ 701.192453][T14023] tipc: Resetting bearer [ 701.212044][T14022] tipc: Resetting bearer [ 701.280275][T14022] tipc: Disabling bearer [ 702.438195][T14042] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 703.440385][T14042] overlayfs: failed to clone upperpath [ 703.623863][T14051] netlink: 'syz.5.2131': attribute type 2 has an invalid length. [ 703.680104][ T30] audit: type=1400 audit(1781077542.256:1666): avc: denied { write } for pid=14044 comm="syz.0.2130" name="ptp0" dev="devtmpfs" ino=1266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 704.013204][T14058] FAULT_INJECTION: forcing a failure. [ 704.013204][T14058] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 704.184870][T14058] CPU: 1 UID: 0 PID: 14058 Comm: syz.3.2136 Tainted: G L syzkaller #0 PREEMPT(full) [ 704.184900][T14058] Tainted: [L]=SOFTLOCKUP [ 704.184907][T14058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 704.184916][T14058] Call Trace: [ 704.184922][T14058] [ 704.184929][T14058] dump_stack_lvl+0x100/0x190 [ 704.184954][T14058] should_fail_ex.cold+0x5/0xa [ 704.184978][T14058] _copy_to_user+0x32/0xd0 [ 704.185004][T14058] simple_read_from_buffer+0xcb/0x170 [ 704.185028][T14058] proc_fail_nth_read+0x1af/0x230 [ 704.185048][T14058] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 704.185068][T14058] ? rw_verify_area+0xce/0x6d0 [ 704.185084][T14058] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 704.185102][T14058] vfs_read+0x1e4/0xb30 [ 704.185124][T14058] ? __pfx_vfs_read+0x10/0x10 [ 704.185141][T14058] ? __fget_files+0x215/0x3d0 [ 704.185168][T14058] ? __fget_files+0x21f/0x3d0 [ 704.185195][T14058] ksys_read+0x12a/0x250 [ 704.185213][T14058] ? __pfx_ksys_read+0x10/0x10 [ 704.185233][T14058] ? rcu_is_watching+0x12/0xc0 [ 704.185260][T14058] do_syscall_64+0x115/0x870 [ 704.185282][T14058] ? clear_bhb_loop+0x40/0x90 [ 704.185303][T14058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 704.185320][T14058] RIP: 0033:0x7f77c3f5d68e [ 704.185335][T14058] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 704.185350][T14058] RSP: 002b:00007f77c4e82fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 704.185368][T14058] RAX: ffffffffffffffda RBX: 00007f77c4e836c0 RCX: 00007f77c3f5d68e [ 704.185378][T14058] RDX: 000000000000000f RSI: 00007f77c4e830a0 RDI: 0000000000000004 [ 704.185388][T14058] RBP: 00007f77c4e83090 R08: 0000000000000000 R09: 0000000000000000 [ 704.185398][T14058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 704.185408][T14058] R13: 00007f77c4216038 R14: 00007f77c4215fa0 R15: 00007ffe9a0b1e88 [ 704.185431][T14058] [ 706.002470][T14063] : entered promiscuous mode [ 706.036167][T14075] 9p: Bad value for 'rfdno' [ 708.617933][T14104] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2143'. [ 708.633327][T14104] hsr_slave_0: left promiscuous mode [ 708.661061][T14104] hsr_slave_1: left promiscuous mode [ 708.735162][T14107] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 709.874670][T14131] syz.0.2150 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 709.948849][ T5796] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 710.401450][ T5796] usb 4-1: Using ep0 maxpacket: 8 [ 710.409537][T14139] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 710.421748][ T30] audit: type=1400 audit(1781077548.996:1667): avc: denied { map } for pid=14127 comm="syz.0.2150" path="socket:[39562]" dev="sockfs" ino=39562 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 710.463996][ T5796] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 710.503302][ T5796] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 711.381920][T14139] overlayfs: failed to clone upperpath [ 711.500514][ T30] audit: type=1400 audit(1781077548.996:1668): avc: denied { read } for pid=14127 comm="syz.0.2150" path="socket:[39562]" dev="sockfs" ino=39562 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 711.532962][ T5796] pvrusb2: Hardware description: Terratec Grabster AV400 [ 711.553586][ T5796] pvrusb2: ********** [ 711.568182][ T5796] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 711.627972][ T5796] pvrusb2: Important functionality might not be entirely working. [ 711.687968][ T5796] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 711.731221][ T5796] pvrusb2: ********** [ 711.764222][T14125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 711.823130][T14125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 711.918941][T14144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2156'. [ 711.973088][T14144] hsr_slave_0: left promiscuous mode [ 712.020448][T14144] hsr_slave_1: left promiscuous mode [ 712.098011][T14125] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 712.141378][T14125] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 712.384957][T14148] SELinux: security_context_str_to_sid () failed with errno=-22 [ 712.884560][ T2363] pvrusb2: Invalid write control endpoint [ 713.053362][ T2363] pvrusb2: Invalid write control endpoint [ 713.075114][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 713.130162][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 713.162974][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 713.186109][ T2363] pvrusb2: Device being rendered inoperable [ 713.224850][T14125] pvrusb2: Attempted to execute control transfer when device not ok [ 713.280676][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 713.302324][ T24] usb 4-1: USB disconnect, device number 66 [ 713.336245][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_i) [ 713.374179][ T2363] pvrusb2: Attached sub-driver cx25840 [ 713.401249][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 713.439078][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 713.470799][T14166] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2155'. [ 713.520398][ T30] audit: type=1400 audit(1781077552.096:1669): avc: denied { read } for pid=14165 comm="syz.4.2155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 713.877977][T14176] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2162'. [ 714.987193][T14186] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 716.480726][T14228] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2177'. [ 717.246459][T14248] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2182'. [ 717.395963][T14242] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 717.482307][T14254] netlink: 136 bytes leftover after parsing attributes in process `syz.0.2185'. [ 717.696479][T14262] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 717.713933][T14260] hsr0 speed is unknown, defaulting to 1000 [ 718.236137][T14264] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2187'. [ 718.541095][T14275] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2190'. [ 720.705138][T14289] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 721.166671][T14295] overlayfs: failed to resolve './file1': -2 [ 721.395386][T14303] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2199'. [ 721.466310][ T30] audit: type=1400 audit(1781077560.036:1670): avc: denied { unmount } for pid=14297 comm="syz.4.2199" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 722.442999][T14316] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 723.079331][T14316] overlayfs: failed to clone upperpath [ 723.628050][T14323] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2205'. [ 726.084528][ T30] audit: type=1400 audit(1781077564.656:1671): avc: denied { create } for pid=14350 comm="syz.0.2206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 726.337345][ T30] audit: type=1326 audit(1781077564.906:1672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 726.445406][ T30] audit: type=1326 audit(1781077564.906:1673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 726.547749][ T30] audit: type=1326 audit(1781077564.906:1674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 726.655812][ T30] audit: type=1326 audit(1781077564.906:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 726.771284][ T30] audit: type=1326 audit(1781077564.936:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 726.892478][ T30] audit: type=1326 audit(1781077564.936:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 727.071082][ T30] audit: type=1326 audit(1781077564.936:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 727.182138][ T30] audit: type=1326 audit(1781077564.936:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 727.399592][ T30] audit: type=1326 audit(1781077564.936:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 727.512927][T14382] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 728.213341][ T30] audit: type=1326 audit(1781077564.936:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 728.484087][ T30] audit: type=1326 audit(1781077564.936:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 728.495271][T14387] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2226'. [ 728.710041][T14390] tc_dump_action: action bad kind [ 728.853826][ T30] audit: type=1326 audit(1781077564.946:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14355 comm="syz.0.2217" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 728.920125][T14387] hsr_slave_0: left promiscuous mode [ 729.005509][T14387] hsr_slave_1: left promiscuous mode [ 729.326501][T14400] fuse: Bad value for 'fd' [ 729.397746][T14402] 9p: Bad value for 'rfdno' [ 729.861217][T14411] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2236'. [ 729.892804][T14414] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2235'. [ 731.496863][T14434] nfs4: Unknown parameter 'proc/sys/net/ipv4/vs/secure_tcp' [ 731.896733][ T30] kauditd_printk_skb: 183 callbacks suppressed [ 731.896754][ T30] audit: type=1400 audit(1781077570.466:1867): avc: denied { execute } for pid=14431 comm="syz.5.2242" path="/dev/audio1" dev="devtmpfs" ino=1297 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 731.938561][T14439] kernel read not supported for file / 7âW)s!Qfsr)rO2:"T+͟v|ղDvc֠6xc: (pid: 14439 comm: syz.5.2242) [ 732.111954][ T30] audit: type=1800 audit(1781077570.546:1868): pid=14439 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.5.2242" name=20019C1437B3CFFCC3A25729AB7393A7C721518FF6ECA56673F58772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=41091 res=0 errno=0 [ 732.185925][T14438] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 732.259443][T14444] 9p: Bad value for 'rfdno' [ 732.485661][T14446] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2247'. [ 732.540659][T14446] hsr_slave_0: left promiscuous mode [ 732.608187][T14446] hsr_slave_1: left promiscuous mode [ 732.774253][ T5956] smbdirect: ib_dev[syz1] removed [ 733.192176][T14455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2250'. [ 733.540259][T14459] ALSA: seq fatal error: cannot create timer (-22) [ 735.295095][T14469] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 735.314128][T14471] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2255'. [ 737.023491][T14481] xt_hashlimit: size too large, truncated to 1048576 [ 737.185176][T14483] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2258'. [ 737.699098][T14483] 8021q: adding VLAN 0 to HW filter on device bond1 [ 738.233744][T14502] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 738.276313][T14501] syzkaller1: entered promiscuous mode [ 738.297855][T14501] syzkaller1: entered allmulticast mode [ 738.329816][T14495] 9p: Bad value for 'wfdno' [ 739.410725][T14518] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 740.529174][T14502] overlayfs: failed to clone upperpath [ 740.717172][T14524] nfs4: Unknown parameter 'proc/sys/net/ipv4/vs/secure_tcp' [ 741.288666][ T24] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 741.488625][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 741.510327][ T24] usb 6-1: config 0 has an invalid interface number: 187 but max is 0 [ 741.545986][ T24] usb 6-1: config 0 has no interface number 0 [ 741.566710][ T24] usb 6-1: config 0 interface 187 has no altsetting 0 [ 741.597322][ T24] usb 6-1: New USB device found, idVendor=c942, idProduct=2c0f, bcdDevice=47.09 [ 741.642029][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 741.651601][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 741.668373][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 741.737665][ T24] usb 6-1: config 0 descriptor?? [ 742.009367][ T24] usb 6-1: string descriptor 0 read error: -71 [ 742.056943][ T24] usb-storage 6-1:0.187: USB Mass Storage device detected [ 742.478948][ T24] usb 6-1: USB disconnect, device number 13 [ 743.873227][T14567] IPVS: Error connecting to the multicast addr [ 743.883748][ T30] audit: type=1400 audit(1781077582.436:1869): avc: denied { getopt } for pid=14562 comm="syz.5.2276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 745.688342][ T5741] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 746.028389][ T5741] usb 4-1: Using ep0 maxpacket: 8 [ 746.047974][ T5741] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 746.055975][ T5741] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 746.067773][ T5741] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 746.102740][ T5741] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 746.129436][T14579] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 746.138006][ T5741] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 149, changing to 11 [ 746.174876][ T5741] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 746.238675][ T5741] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 746.279035][ T5741] usb 4-1: config 168 interface 0 has no altsetting 0 [ 746.304667][ T5741] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 746.329835][ T5741] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 746.371308][ T5741] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 746.415346][ T5741] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 746.430521][T14584] xt_hashlimit: size too large, truncated to 1048576 [ 746.469612][ T5741] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 149, changing to 11 [ 746.474200][ T30] audit: type=1326 audit(1781077585.046:1870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14583 comm="syz.5.2282" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fb39ce59 code=0x7ffc0000 [ 746.626461][ T30] audit: type=1326 audit(1781077585.076:1871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14583 comm="syz.5.2282" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7fd0fb39ce59 code=0x7ffc0000 [ 746.790957][ T30] audit: type=1326 audit(1781077585.086:1872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14583 comm="syz.5.2282" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fb39ce59 code=0x7ffc0000 [ 746.841112][ T30] audit: type=1326 audit(1781077585.086:1873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14583 comm="syz.5.2282" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7fd0fb39ce59 code=0x7ffc0000 [ 746.870118][ T5741] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 746.882102][ T30] audit: type=1326 audit(1781077585.106:1874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14583 comm="syz.5.2282" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fb39ce59 code=0x7ffc0000 [ 746.882150][ T30] audit: type=1326 audit(1781077585.106:1875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14583 comm="syz.5.2282" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fb39ce59 code=0x7ffc0000 [ 746.882189][ T30] audit: type=1326 audit(1781077585.106:1876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14583 comm="syz.5.2282" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd0fb39ce59 code=0x7ffc0000 [ 746.882229][ T30] audit: type=1326 audit(1781077585.106:1877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14583 comm="syz.5.2282" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0fb39ce59 code=0x7ffc0000 [ 746.882274][ T30] audit: type=1326 audit(1781077585.116:1878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14583 comm="syz.5.2282" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fd0fb39ce59 code=0x7ffc0000 [ 747.780708][ T5741] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 747.795392][ T5741] usb 4-1: config 168 interface 0 has no altsetting 0 [ 747.851132][T14579] overlayfs: failed to clone upperpath [ 748.073554][ T5741] usb 4-1: unable to read config index 2 descriptor/start: -71 [ 748.103313][ T5741] usb 4-1: can't read configurations, error -71 [ 748.739137][ T5741] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 748.847247][T14600] netlink: 'syz.4.2287': attribute type 2 has an invalid length. [ 748.867131][T14600] netlink: 'syz.4.2287': attribute type 2 has an invalid length. [ 748.908378][ T5741] usb 4-1: Using ep0 maxpacket: 32 [ 748.928172][ T5741] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 748.951028][ T5741] usb 4-1: config 0 has no interface number 0 [ 748.974836][ T5741] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 749.008399][ T5741] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 749.052446][ T5741] usb 4-1: Product: syz [ 749.069798][ T5741] usb 4-1: Manufacturer: syz [ 749.089824][ T5741] usb 4-1: SerialNumber: syz [ 749.111378][ T5741] usb 4-1: config 0 descriptor?? [ 749.134941][ T5741] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 749.423816][T14604] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 749.437572][ T5741] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 750.172006][T14604] overlayfs: failed to clone upperpath [ 750.181786][ T5741] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 751.615032][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 751.637551][ T5741] usb 4-1: USB disconnect, device number 68 [ 751.753066][ T5741] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 751.802187][ T5741] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 751.836754][ T5741] quatech2 4-1:0.51: device disconnected [ 751.948537][T12497] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 752.148479][T12497] usb 6-1: Using ep0 maxpacket: 8 [ 752.173196][T12497] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 752.200940][T12497] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 752.262960][T12497] pvrusb2: Hardware description: Terratec Grabster AV400 [ 752.294240][T12497] pvrusb2: ********** [ 752.309844][ T5741] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 752.312157][T12497] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 752.373815][T12497] pvrusb2: Important functionality might not be entirely working. [ 752.407268][T12497] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 752.454005][T12497] pvrusb2: ********** [ 752.462816][T14617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 752.489321][ T5741] usb 4-1: Using ep0 maxpacket: 16 [ 752.501823][T14617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 752.516806][ T5741] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 752.562168][ T5741] usb 4-1: config 0 interface 0 has no altsetting 0 [ 752.637566][ T5741] usb 4-1: New USB device found, idVendor=15c2, idProduct=0045, bcdDevice=1f.20 [ 752.654185][ T5741] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 752.679700][ T5741] usb 4-1: Product: syz [ 752.690028][ T5741] usb 4-1: Manufacturer: syz [ 752.705302][ T5741] usb 4-1: SerialNumber: syz [ 752.726831][ T5741] usb 4-1: config 0 descriptor?? [ 752.730244][T14623] netlink: 'syz.2.2285': attribute type 1 has an invalid length. [ 752.769640][T14617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 752.817029][T14617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 753.078763][T14621] program syz.3.2294 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 753.144626][T14626] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2295'. [ 753.162386][ C0] imon 4-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 753.177248][ T5741] input: iMON Panel, Knob and Mouse(15c2:0045) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input34 [ 753.298931][ T5741] imon:send_packet: packet tx failed (-71) [ 753.333900][T14632] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2297'. [ 753.407121][ T5741] imon 4-1:0.0: panel buttons/knobs setup failed [ 753.510372][ T5741] rc_core: IR keymap rc-imon-pad not found [ 753.516195][ T5741] Registered IR keymap rc-empty [ 753.529508][ T5741] imon 4-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 753.541334][ T2363] pvrusb2: Invalid write control endpoint [ 753.550365][ T5741] imon 4-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 753.595709][ T2363] pvrusb2: Invalid write control endpoint [ 753.605894][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 753.622932][ T5741] imon:send_packet: packet tx failed (-71) [ 753.629909][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 753.638200][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 753.649498][ T5741] imon 4-1:0.0: remote input dev register failed [ 753.656935][ T5741] imon 4-1:0.0: imon_init_intf0: rc device setup failed [ 753.944830][ T2363] pvrusb2: Device being rendered inoperable [ 753.953970][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 753.963988][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_i) [ 753.979723][ T2363] pvrusb2: Attached sub-driver cx25840 [ 753.985386][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 753.996793][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 754.052374][ T5741] imon 4-1:0.0: unable to initialize intf0, err 0 [ 754.066940][T12492] usb 6-1: USB disconnect, device number 14 [ 754.084321][ T5741] imon:imon_probe: failed to initialize context! [ 754.109482][ T5741] imon 4-1:0.0: unable to register, err -19 [ 754.165448][ T5741] usb 4-1: USB disconnect, device number 69 [ 756.864567][T14675] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 757.166784][T14679] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 757.649319][T14679] overlayfs: failed to clone upperpath [ 759.438158][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 759.438175][ T30] audit: type=1400 audit(1781077598.006:1885): avc: denied { write } for pid=14694 comm="syz.4.2315" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 759.509488][T14695] netlink: 3776 bytes leftover after parsing attributes in process `syz.4.2315'. [ 760.358718][ T5796] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 760.538583][ T5796] usb 6-1: Using ep0 maxpacket: 8 [ 760.561865][ T5796] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 760.599070][ T5796] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 760.641634][ T5796] pvrusb2: Hardware description: Terratec Grabster AV400 [ 760.664626][ T5796] pvrusb2: ********** [ 760.678102][ T5796] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 760.699118][ T5796] pvrusb2: Important functionality might not be entirely working. [ 760.810469][ T5796] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 760.856944][T14701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 760.869089][ T5796] pvrusb2: ********** [ 760.935630][T14701] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 761.159145][ T30] audit: type=1400 audit(1781077599.736:1886): avc: denied { create } for pid=14709 comm="syz.2.2319" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 761.188869][T14701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 761.228585][T14701] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 761.269876][ T30] audit: type=1400 audit(1781077599.756:1887): avc: denied { write } for pid=14709 comm="syz.2.2319" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 761.344512][ T30] audit: type=1400 audit(1781077599.776:1888): avc: denied { ioctl } for pid=14709 comm="syz.2.2319" path="socket:[41536]" dev="sockfs" ino=41536 ioctlcmd=0x5875 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 761.589828][T14720] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 762.399439][T14720] overlayfs: failed to clone upperpath [ 762.958949][ T2363] pvrusb2: Invalid write control endpoint [ 763.042476][ T2363] pvrusb2: Invalid write control endpoint [ 763.066007][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 763.101486][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 763.127997][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 763.150844][ T2363] pvrusb2: Device being rendered inoperable [ 763.165322][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 763.177325][ T30] audit: type=1400 audit(1781077601.746:1889): avc: denied { ioctl } for pid=14729 comm="syz.3.2326" path="socket:[40529]" dev="sockfs" ino=40529 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 763.185311][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_i) [ 763.259751][T14734] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2326'. [ 763.263603][ T2363] pvrusb2: Attached sub-driver cx25840 [ 763.320236][ T5796] usb 6-1: USB disconnect, device number 15 [ 763.326392][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 763.383885][T14736] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 763.394608][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 763.810874][T14743] netlink: 'syz.3.2329': attribute type 16 has an invalid length. [ 763.819299][T14743] netlink: 'syz.3.2329': attribute type 17 has an invalid length. [ 763.850759][T14743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 763.862654][T14743] 8021q: adding VLAN 0 to HW filter on device team0 [ 763.918057][T14743] veth1_vlan: left promiscuous mode [ 763.924223][T14743] veth0_vlan: left promiscuous mode [ 763.930371][T14743] veth0_vlan: entered promiscuous mode [ 763.942808][T14743] veth1_vlan: entered promiscuous mode [ 763.955995][T14743] veth1_macvtap: left promiscuous mode [ 763.962553][T14743] veth0_macvtap: left promiscuous mode [ 763.969277][T14743] veth0_macvtap: entered promiscuous mode [ 763.975998][T14743] veth1_macvtap: entered promiscuous mode [ 763.989657][T14743] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 763.997621][T14743] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 764.007160][T14743] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 764.016631][T14743] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 764.027476][T14743] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 764.039491][T14743] hsr1: Slave A (team0) is not up; please bring it up to get a fully working HSR network [ 764.049949][T14743] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 764.086465][T14743] 8021q: adding VLAN 0 to HW filter on device bond1 [ 764.113818][ T8460] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.121246][ T8460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 764.135480][ T8460] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.142896][ T8460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 764.792893][ T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.889883][ T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.899944][ T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 764.909609][ T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 765.139373][ T5796] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 765.378661][ T5796] usb 6-1: Using ep0 maxpacket: 32 [ 765.431557][ T5796] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 765.488802][ T5796] usb 6-1: config 0 has no interface number 0 [ 765.622705][ T5796] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 765.684942][ T5796] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.812877][ T5796] usb 6-1: Product: syz [ 765.951026][ T5796] usb 6-1: Manufacturer: syz [ 765.995053][ T5796] usb 6-1: SerialNumber: syz [ 766.082466][ T5796] usb 6-1: config 0 descriptor?? [ 766.122507][ T5796] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 767.488370][ T5739] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 767.541763][ T5796] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 767.640553][ T5739] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 767.641642][ T5796] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 767.856244][ T5739] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 767.874652][ T5739] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 767.903291][ T5739] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 767.911300][ T5739] usb 4-1: Product: syz [ 767.915458][ T5739] usb 4-1: Manufacturer: syz [ 767.920044][ T5739] usb 4-1: SerialNumber: syz [ 768.209988][T14769] netlink: 168 bytes leftover after parsing attributes in process `syz.5.2330'. [ 768.589336][ T5739] cdc_mbim 4-1:1.0: skipping garbage [ 768.658069][T14761] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 768.747396][T14780] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 770.040793][ C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 770.049117][T14780] overlayfs: failed to resolve './file1': -2 [ 770.051169][T12515] usb 6-1: USB disconnect, device number 16 [ 770.067349][ T5739] cdc_mbim 4-1:1.0: failed GET_NTB_PARAMETERS [ 770.075674][ T5739] cdc_mbim 4-1:1.0: bind() failure [ 770.482187][T12515] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 770.504291][ T5739] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 770.522711][ T5739] cdc_ncm 4-1:1.1: bind() failure [ 770.536631][T12515] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 770.551976][T12515] quatech2 6-1:0.51: device disconnected [ 770.560416][ T5739] usb 4-1: USB disconnect, device number 70 [ 771.538426][T12515] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 771.718907][T12515] usb 4-1: Using ep0 maxpacket: 8 [ 771.742101][T12515] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 771.774392][T12515] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 771.847204][T12515] pvrusb2: Hardware description: Terratec Grabster AV400 [ 771.868861][T12515] pvrusb2: ********** [ 771.887771][T12515] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 771.922118][T12515] pvrusb2: Important functionality might not be entirely working. [ 771.951111][T12515] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 771.985941][T12515] pvrusb2: ********** [ 772.043748][T14808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 772.082291][T14808] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 772.582009][T14813] xt_hashlimit: size too large, truncated to 1048576 [ 772.651361][ T30] audit: type=1326 audit(1781077611.226:1890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14812 comm="syz.2.2347" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635779ce59 code=0x7ffc0000 [ 772.769065][ T30] audit: type=1326 audit(1781077611.256:1891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14812 comm="syz.2.2347" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f635779ce59 code=0x7ffc0000 [ 772.888004][ T30] audit: type=1326 audit(1781077611.256:1892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14812 comm="syz.2.2347" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635779ce59 code=0x7ffc0000 [ 772.956495][ T30] audit: type=1326 audit(1781077611.266:1893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14812 comm="syz.2.2347" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f635779ce59 code=0x7ffc0000 [ 772.998084][ T2363] pvrusb2: Invalid write control endpoint [ 773.094263][ T30] audit: type=1326 audit(1781077611.266:1894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14812 comm="syz.2.2347" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635779ce59 code=0x7ffc0000 [ 773.136896][T14808] pvrusb2: Invalid write control endpoint [ 773.225466][T12515] usb 4-1: USB disconnect, device number 71 [ 773.294114][ T2363] pvrusb2: Invalid write control endpoint [ 773.327511][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 773.373032][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 773.389213][ T30] audit: type=1326 audit(1781077611.266:1895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14812 comm="syz.2.2347" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635779ce59 code=0x7ffc0000 [ 773.394722][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 773.579470][ T2363] pvrusb2: Device being rendered inoperable [ 773.609851][ T30] audit: type=1326 audit(1781077611.266:1896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14812 comm="syz.2.2347" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f635779ce59 code=0x7ffc0000 [ 773.614734][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 773.720143][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_i) [ 773.775624][ T30] audit: type=1326 audit(1781077611.266:1897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14812 comm="syz.2.2347" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635779ce59 code=0x7ffc0000 [ 773.779463][ T2363] pvrusb2: Attached sub-driver cx25840 [ 773.867539][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 774.295973][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 774.355661][ T30] audit: type=1326 audit(1781077611.266:1898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14812 comm="syz.2.2347" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635779ce59 code=0x7ffc0000 [ 775.002425][ T30] audit: type=1326 audit(1781077611.276:1899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14812 comm="syz.2.2347" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f635779ce59 code=0x7ffc0000 [ 775.128398][T12515] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 775.280279][T12515] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 775.295854][T12515] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 775.330742][T12515] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 775.340876][T12515] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 775.351071][T12515] usb 4-1: Product: syz [ 775.369939][T12515] usb 4-1: Manufacturer: syz [ 775.379142][T12515] usb 4-1: SerialNumber: syz [ 775.419743][T12515] cdc_mbim 4-1:1.0: skipping garbage [ 775.433375][T14850] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2357'. [ 775.678726][T14832] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 775.979511][T14866] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2359'. [ 776.296058][T14832] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 776.321199][T12515] cdc_mbim 4-1:1.0: setting tx_max = 16384 [ 776.355597][T12515] cdc_mbim 4-1:1.0: cdc-wdm0: USB WDM device [ 776.421893][T12515] wwan wwan0: port wwan0mbim0 attached [ 776.505603][T12515] cdc_mbim 4-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, a2:aa:8a:09:e4:18 [ 776.541792][T14832] binder: 14831:14832 ioctl c0306201 0 returned -14 [ 776.819203][T12515] usb 4-1: USB disconnect, device number 72 [ 777.590271][T12515] cdc_mbim 4-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM [ 777.739321][T12515] wwan wwan0: port wwan0mbim0 disconnected [ 778.035237][T14881] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2361'. [ 779.491771][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 779.491789][ T30] audit: type=1400 audit(1781077618.066:1906): avc: denied { write } for pid=14878 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 780.041262][T14921] xt_hashlimit: size too large, truncated to 1048576 [ 780.158383][ T30] audit: type=1326 audit(1781077618.726:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14920 comm="syz.0.2370" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 780.300294][ T30] audit: type=1326 audit(1781077618.736:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14920 comm="syz.0.2370" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 780.476036][ T30] audit: type=1326 audit(1781077618.736:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14920 comm="syz.0.2370" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 780.627875][ T30] audit: type=1326 audit(1781077618.736:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14920 comm="syz.0.2370" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 780.808673][ T30] audit: type=1326 audit(1781077618.736:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14920 comm="syz.0.2370" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 781.126304][ T30] audit: type=1326 audit(1781077618.736:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14920 comm="syz.0.2370" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 781.287063][ T30] audit: type=1326 audit(1781077618.736:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14920 comm="syz.0.2370" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 781.475901][ T30] audit: type=1326 audit(1781077618.736:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14920 comm="syz.0.2370" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 781.600982][ T30] audit: type=1326 audit(1781077618.736:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14920 comm="syz.0.2370" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c39ce59 code=0x7ffc0000 [ 782.559761][T14957] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2375'. [ 783.481936][T14976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2383'. [ 783.626331][T14982] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 784.479144][T14982] overlayfs: failed to clone upperpath [ 785.982876][ T30] kauditd_printk_skb: 45 callbacks suppressed [ 785.982917][ T30] audit: type=1400 audit(1781077624.556:1961): avc: denied { ioctl } for pid=14998 comm="syz.3.2390" path="/dev/usbmon0" dev="devtmpfs" ino=717 ioctlcmd=0x9201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 786.964326][T15014] IPVS: Error connecting to the multicast addr [ 791.033907][ T30] audit: type=1400 audit(1781077629.606:1962): avc: denied { connect } for pid=15053 comm="syz.5.2405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 791.301961][ T5627] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 791.317074][ T5627] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 791.326257][ T5627] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 791.341249][ T5627] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 791.348873][ T5627] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 791.535759][ T30] audit: type=1400 audit(1781077630.106:1963): avc: denied { connect } for pid=15062 comm="syz.2.2407" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 791.576717][ T30] audit: type=1400 audit(1781077630.136:1964): avc: denied { write } for pid=15062 comm="syz.2.2407" path="socket:[42197]" dev="sockfs" ino=42197 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 792.830167][T14078] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 793.459188][ T50] Bluetooth: hci6: command tx timeout [ 793.778937][T14078] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 793.821518][T15085] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 793.839484][T15081] xt_HMARK: proto mask must be zero with L3 mode [ 793.916563][T14078] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 794.093637][T14078] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 794.378572][T15095] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2414'. [ 795.479263][ T50] Bluetooth: hci6: command tx timeout [ 796.597615][T15120] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2419'. [ 796.689090][T15120] hsr_slave_0: left promiscuous mode [ 796.700688][ T30] audit: type=1800 audit(1781077635.266:1965): pid=15122 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.2420" name="file1" dev="tmpfs" ino=2260 res=0 errno=0 [ 796.832416][T15120] hsr_slave_1: left promiscuous mode [ 797.134887][T15059] bridge0: port 1(bridge_slave_0) entered blocking state [ 797.162473][T15059] bridge0: port 1(bridge_slave_0) entered disabled state [ 797.190450][T15059] bridge_slave_0: entered allmulticast mode [ 797.241441][T15059] bridge_slave_0: entered promiscuous mode [ 797.427717][T14078] vlan3: left allmulticast mode [ 797.447801][T14078] vlan3: left promiscuous mode [ 797.467374][T14078] bridge0: port 3(vlan3) entered disabled state [ 797.558650][ T50] Bluetooth: hci6: command tx timeout [ 797.586004][ T30] audit: type=1400 audit(1781077636.156:1966): avc: denied { write } for pid=15107 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 797.654737][T14078] bridge_slave_1: left allmulticast mode [ 797.674951][T14078] bridge_slave_1: left promiscuous mode [ 797.700616][T14078] bridge0: port 2(bridge_slave_1) entered disabled state [ 797.864374][T14078] bridge_slave_0: left allmulticast mode [ 797.891145][T14078] bridge_slave_0: left promiscuous mode [ 797.922343][T14078] bridge0: port 1(bridge_slave_0) entered disabled state [ 797.941800][ T30] audit: type=1400 audit(1781077636.516:1967): avc: denied { write } for pid=15143 comm="rm" name="hook-state" dev="tmpfs" ino=1777 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 798.083673][T14078] lo: left allmulticast mode [ 798.733352][T15152] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2426'. [ 798.738296][T12515] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 798.921280][T14078] bond5 (unregistering): (slave geneve2): Releasing active interface [ 798.969083][T12515] usb 6-1: Using ep0 maxpacket: 16 [ 798.985965][T12515] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 799.022818][T12515] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 799.059555][T12515] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 799.085570][T12515] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 799.116320][T12515] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 799.150262][T12515] usb 6-1: config 1 interface 0 has no altsetting 0 [ 799.172873][T12515] usb 6-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 799.211539][T12515] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 799.442862][T12515] ums-sddr09 6-1:1.0: USB Mass Storage device detected [ 799.506320][T14078] bond0 (unregistering): left promiscuous mode [ 799.524477][T14078] bond_slave_0: left promiscuous mode [ 799.542279][T14078] bond_slave_1: left promiscuous mode [ 799.560895][T14078] dummy0: left promiscuous mode [ 799.592123][T14078] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 799.610137][T14078] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 799.638833][ T50] Bluetooth: hci6: command tx timeout [ 799.660607][T14078] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 799.732533][T14078] bond0 (unregistering): Released all slaves [ 799.773456][T14078] bond1 (unregistering): Released all slaves [ 799.810819][T14078] bond2 (unregistering): Released all slaves [ 799.867347][T14078] bond3 (unregistering): Released all slaves [ 799.926253][T14078] bond4 (unregistering): (slave wlan0): Releasing active interface [ 799.937113][T14078] batadv0: entered promiscuous mode [ 800.157144][T14078] bond4 (unregistering): (slave batadv0): Releasing active interface [ 800.185824][T14078] bond4 (unregistering): Released all slaves [ 800.272104][T14078] bond5 (unregistering): Released all slaves [ 800.355047][T15132] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2422'. [ 800.364552][T15132] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 800.441872][T15059] bridge0: port 2(bridge_slave_1) entered blocking state [ 800.490365][T15059] bridge0: port 2(bridge_slave_1) entered disabled state [ 800.540373][T15059] bridge_slave_1: entered allmulticast mode [ 800.603704][T15059] bridge_slave_1: entered promiscuous mode [ 905.658170][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 905.665138][ C1] rcu: 0-...!: (0 ticks this GP) idle=7d3c/1/0x4000000000000000 softirq=74826/74826 fqs=1 [ 905.676028][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5623/1:b..l P15104/1:b..l [ 905.685163][ C1] rcu: (detected by 1, t=10502 jiffies, g=84709, q=195 ncpus=2) [ 905.692867][ C1] Sending NMI from CPU 1 to CPUs 0: [ 905.692892][ C0] NMI backtrace for cpu 0 [ 905.692906][ C0] CPU: 0 UID: 0 PID: 15164 Comm: syz.0.2428 Tainted: G L syzkaller #0 PREEMPT(full) [ 905.692925][ C0] Tainted: [L]=SOFTLOCKUP [ 905.692930][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 905.692939][ C0] RIP: 0010:__lock_acquire+0x2b9/0x2630 [ 905.692960][ C0] Code: 00 0f b6 7e 21 44 31 cf 83 e7 60 74 e4 44 8d 48 01 65 8b 05 c1 6b 25 12 85 c0 0f 84 d5 04 00 00 8b 85 60 0b 00 00 85 c0 75 10 <44> 8b bd 78 0b 00 00 45 85 ff 0f 84 e6 0b 00 00 41 bf 03 00 00 00 [ 905.692972][ C0] RSP: 0018:ffffc90000007c80 EFLAGS: 00000046 [ 905.692984][ C0] RAX: 0000000000000000 RBX: ffff888032455610 RCX: 0000000000000000 [ 905.692993][ C0] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88803749a2c0 [ 905.693002][ C0] RBP: ffff888032454a80 R08: 0000000000000001 R09: 0000000000000000 [ 905.693011][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 905.693019][ C0] R13: 0000000000000c42 R14: 0000000000000000 R15: 0000000000000003 [ 905.693027][ C0] FS: 00007f533d18d6c0(0000) GS:ffff888124387000(0000) knlGS:0000000000000000 [ 905.693042][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 905.693051][ C0] CR2: 00007f533c44f156 CR3: 0000000059e61000 CR4: 00000000003526f0 [ 905.693060][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000001800 [ 905.693068][ C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 905.693077][ C0] Call Trace: [ 905.693083][ C0] [ 905.693091][ C0] ? do_raw_spin_lock+0x128/0x260 [ 905.693111][ C0] ? do_raw_spin_lock+0x128/0x260 [ 905.693129][ C0] lock_acquire+0x1b1/0x370 [ 905.693145][ C0] ? advance_sched+0xe5/0xd20 [ 905.693165][ C0] ? do_raw_spin_unlock+0x145/0x1e0 [ 905.693184][ C0] _raw_spin_lock+0x2e/0x40 [ 905.693200][ C0] ? advance_sched+0xe5/0xd20 [ 905.693216][ C0] advance_sched+0xe5/0xd20 [ 905.693234][ C0] ? find_held_lock+0x2b/0x80 [ 905.693247][ C0] ? __hrtimer_run_queues+0x383/0xa00 [ 905.693267][ C0] ? do_raw_spin_unlock+0x145/0x1e0 [ 905.693284][ C0] ? __pfx_advance_sched+0x10/0x10 [ 905.693301][ C0] __hrtimer_run_queues+0x470/0xa00 [ 905.693323][ C0] hrtimer_interrupt+0x3e5/0x940 [ 905.693347][ C0] __sysvec_apic_timer_interrupt+0x10b/0x460 [ 905.693366][ C0] sysvec_apic_timer_interrupt+0x9e/0xc0 [ 905.693383][ C0] [ 905.693393][ C0] [ 905.693398][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 905.693414][ C0] RIP: 0010:write_comp_data+0x2b/0x90 [ 905.693429][ C0] Code: 8b 05 b9 e5 00 12 49 89 f8 49 89 f1 49 89 d2 65 48 8b 3d 90 e5 00 12 a9 00 01 ff 00 74 1b f6 c4 01 74 07 a9 00 00 ff 00 74 05 00 12 84 09 8b 87 ec 16 00 00 85 c0 74 f1 8b 87 c8 16 00 00 83 [ 905.693440][ C0] RSP: 0018:ffffc9000359fc88 EFLAGS: 00000297 [ 905.693451][ C0] RAX: 0000000000000002 RBX: 0000000000000001 RCX: ffffffff81c6b8d5 [ 905.693459][ C0] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888032454a80 [ 905.693468][ C0] RBP: ffff8880b85284c0 R08: 0000000000000005 R09: 0000000000000000 [ 905.693476][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: fffffbfff21ae34a [ 905.693484][ C0] R13: 1ffff920006b3f9f R14: 0000000000000000 R15: 0000000000000000 [ 905.693495][ C0] ? cpus_read_unlock+0x35/0x150 [ 905.693515][ C0] cpus_read_unlock+0x35/0x150 [ 905.693532][ C0] clock_was_set+0x657/0x870 [ 905.693553][ C0] ? __pfx_clock_was_set+0x10/0x10 [ 905.693572][ C0] ? rcu_is_watching+0x12/0xc0 [ 905.693590][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 905.693607][ C0] do_settimeofday64+0x330/0x4d0 [ 905.693623][ C0] ? __pfx_do_settimeofday64+0x10/0x10 [ 905.693637][ C0] ? security_capable+0x80/0x260 [ 905.693652][ C0] ? hidraw_read+0x2f0/0xae0 [ 905.693671][ C0] ? capable+0xd3/0xf0 [ 905.693689][ C0] do_sys_settimeofday64+0x1dc/0x260 [ 905.693705][ C0] __x64_sys_clock_settime+0x1c1/0x2a0 [ 905.693725][ C0] ? __pfx___x64_sys_clock_settime+0x10/0x10 [ 905.693745][ C0] ? kcov_ioctl+0x16a/0x720 [ 905.693759][ C0] ? rcu_is_watching+0x12/0xc0 [ 905.693779][ C0] do_syscall_64+0x115/0x870 [ 905.693795][ C0] ? clear_bhb_loop+0x40/0x90 [ 905.693810][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 905.693824][ C0] RIP: 0033:0x7f533c39ce59 [ 905.693836][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 905.693847][ C0] RSP: 002b:00007f533d18d028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3 [ 905.693859][ C0] RAX: ffffffffffffffda RBX: 00007f533c615fa0 RCX: 00007f533c39ce59 [ 905.693868][ C0] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000 [ 905.693877][ C0] RBP: 00007f533c432d6f R08: 0000000000000000 R09: 0000000000000000 [ 905.693885][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 905.693894][ C0] R13: 00007f533c616038 R14: 00007f533c615fa0 R15: 00007ffef2ca1bb8 [ 905.693908][ C0] [ 905.694891][ C1] task:syz.5.2411 state:R running task stack:23688 pid:15104 tgid:15104 ppid:11836 task_flags:0x400640 flags:0x00080000 [ 906.190905][ C1] Call Trace: [ 906.194171][ C1] [ 906.197094][ C1] __schedule+0x1295/0x67a0 [ 906.201612][ C1] ? __pfx___schedule+0x10/0x10 [ 906.206458][ C1] ? mark_held_locks+0x40/0x70 [ 906.211215][ C1] preempt_schedule_irq+0x50/0x90 [ 906.216233][ C1] irqentry_exit+0x205/0x970 [ 906.220831][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 906.226797][ C1] RIP: 0010:lock_acquire+0x155/0x370 [ 906.232076][ C1] Code: 0d b4 c0 f2 0e 85 c9 0f 84 bd 00 00 00 65 8b 05 49 4a 25 12 85 c0 0f 85 ae 00 00 00 65 48 8b 05 c9 02 25 12 8b 90 8c 0b 00 00 <85> d2 0f 85 98 00 00 00 9c 8f 04 24 fa 48 c7 c7 56 0d 00 8e e8 52 [ 906.251670][ C1] RSP: 0018:ffffc9000780e308 EFLAGS: 00000246 [ 906.257725][ C1] RAX: ffff88807a24a540 RBX: 0000000000000000 RCX: 0000000000000001 [ 906.265682][ C1] RDX: 0000000000000000 RSI: ffffffff81b7cec1 RDI: fffffbfff1cfcaac [ 906.273638][ C1] RBP: ffffffff8e7e5560 R08: 0000000000000000 R09: 0000000000000000 [ 906.281594][ C1] R10: 0000000000000200 R11: 000000000001444f R12: 0000000000000002 [ 906.289550][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 906.297513][ C1] ? unwind_next_frame+0xd1/0x2090 [ 906.302622][ C1] ? lock_acquire+0x12a/0x370 [ 906.307296][ C1] ? unwind_next_frame+0x3be/0x2090 [ 906.312505][ C1] ? unwind_next_frame+0x3be/0x2090 [ 906.317714][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 906.323871][ C1] unwind_next_frame+0xd1/0x2090 [ 906.328814][ C1] ? unwind_next_frame+0xbd/0x2090 [ 906.333922][ C1] ? shmem_file_write_iter+0x10e/0x140 [ 906.339377][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 906.345521][ C1] arch_stack_walk+0x94/0xf0 [ 906.350111][ C1] ? shmem_file_write_iter+0x10e/0x140 [ 906.355564][ C1] stack_trace_save+0x8e/0xc0 [ 906.360230][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 906.365596][ C1] save_stack+0x162/0x1e0 [ 906.369935][ C1] ? __pfx_save_stack+0x10/0x10 [ 906.374775][ C1] ? post_alloc_hook+0xfd/0x120 [ 906.379625][ C1] ? get_page_from_freelist+0x11a6/0x3410 [ 906.385339][ C1] ? __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 906.391398][ C1] ? alloc_pages_mpol+0x1fb/0x540 [ 906.396412][ C1] ? folio_alloc_mpol_noprof+0x36/0x260 [ 906.401949][ C1] ? shmem_alloc_folio+0x135/0x160 [ 906.407051][ C1] ? shmem_alloc_and_add_folio+0x371/0xd40 [ 906.412851][ C1] ? shmem_get_folio_gfp+0x6ab/0x1900 [ 906.418215][ C1] ? shmem_write_begin+0x1a4/0x420 [ 906.423319][ C1] ? generic_perform_write+0x292/0xa40 [ 906.428767][ C1] ? shmem_file_write_iter+0x10e/0x140 [ 906.434219][ C1] ? __lock_acquire+0x4a5/0x2630 [ 906.439153][ C1] __set_page_owner+0x8c/0x540 [ 906.443911][ C1] ? __pfx___set_page_owner+0x10/0x10 [ 906.449278][ C1] ? bad_range+0x257/0x3f0 [ 906.453686][ C1] ? lockdep_hardirqs_on+0x78/0x100 [ 906.458878][ C1] ? get_page_from_freelist+0x1185/0x3410 [ 906.464598][ C1] post_alloc_hook+0xfd/0x120 [ 906.469271][ C1] get_page_from_freelist+0x11a6/0x3410 [ 906.474820][ C1] ? __pfx___might_resched+0x10/0x10 [ 906.480111][ C1] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 906.486003][ C1] ? rcu_is_watching+0x12/0xc0 [ 906.490764][ C1] ? __mod_memcg_lruvec_state+0x18c/0x5b0 [ 906.496478][ C1] ? find_held_lock+0x2b/0x80 [ 906.501144][ C1] ? rcu_read_unlock+0x17/0x60 [ 906.505899][ C1] ? rcu_read_unlock+0x17/0x60 [ 906.510657][ C1] ? __mod_zone_page_state+0xe2/0x190 [ 906.516023][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 906.522345][ C1] ? lru_gen_add_folio+0x20f/0x13d0 [ 906.527548][ C1] ? folios_put_refs+0x716/0xa90 [ 906.532483][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 906.537768][ C1] ? find_held_lock+0x2b/0x80 [ 906.542429][ C1] ? folio_batch_move_lru+0x32b/0x7d0 [ 906.547795][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 906.553677][ C1] ? policy_nodemask+0xed/0x4f0 [ 906.558520][ C1] alloc_pages_mpol+0x1fb/0x540 [ 906.563362][ C1] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 906.568722][ C1] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 906.574611][ C1] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 906.580503][ C1] folio_alloc_mpol_noprof+0x36/0x260 [ 906.585869][ C1] shmem_alloc_folio+0x135/0x160 [ 906.590801][ C1] shmem_alloc_and_add_folio+0x371/0xd40 [ 906.596437][ C1] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 906.602588][ C1] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 906.608568][ C1] shmem_get_folio_gfp+0x6ab/0x1900 [ 906.613768][ C1] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 906.619403][ C1] shmem_write_begin+0x1a4/0x420 [ 906.624338][ C1] ? __pfx_shmem_write_begin+0x10/0x10 [ 906.629797][ C1] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 906.636635][ C1] ? lockdep_hardirqs_on+0x78/0x100 [ 906.641832][ C1] generic_perform_write+0x292/0xa40 [ 906.647117][ C1] ? __pfx_generic_perform_write+0x10/0x10 [ 906.652924][ C1] ? file_update_time_flags+0x373/0x500 [ 906.658468][ C1] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 906.664261][ C1] shmem_file_write_iter+0x10e/0x140 [ 906.669539][ C1] __kernel_write_iter+0x2ac/0x920 [ 906.674644][ C1] ? __pfx___kernel_write_iter+0x10/0x10 [ 906.680268][ C1] ? __up_read+0x2c1/0x6e0 [ 906.684679][ C1] ? dump_user_range+0x65e/0xad0 [ 906.689610][ C1] dump_user_range+0x3f9/0xad0 [ 906.694369][ C1] ? __pfx_dump_user_range+0x10/0x10 [ 906.699650][ C1] ? __pfx_writenote+0x10/0x10 [ 906.704411][ C1] elf_core_dump+0x2d5f/0x3d10 [ 906.709178][ C1] ? __pfx_elf_core_dump+0x10/0x10 [ 906.714277][ C1] ? kasan_save_stack+0x3f/0x50 [ 906.719113][ C1] ? kasan_save_stack+0x30/0x50 [ 906.723949][ C1] ? __kasan_kmalloc+0xaa/0xb0 [ 906.728697][ C1] ? __kvmalloc_node_noprof+0x360/0xa00 [ 906.734238][ C1] ? vfs_coredump+0x22db/0x5770 [ 906.739077][ C1] ? asm_exc_page_fault+0x26/0x30 [ 906.744093][ C1] ? 0xffffffffff600000 [ 906.748275][ C1] ? vfs_coredump+0x2980/0x5770 [ 906.753110][ C1] vfs_coredump+0x2980/0x5770 [ 906.757791][ C1] ? __pfx_vfs_coredump+0x10/0x10 [ 906.762805][ C1] ? __lock_acquire+0x4a5/0x2630 [ 906.767743][ C1] ? lock_acquire+0x1b1/0x370 [ 906.772420][ C1] ? is_bpf_text_address+0x8a/0x1a0 [ 906.777610][ C1] ? bpf_ksym_find+0x128/0x1c0 [ 906.782377][ C1] ? __kernel_text_address+0xd/0x30 [ 906.787569][ C1] ? unwind_get_return_address+0x59/0xa0 [ 906.793196][ C1] ? arch_stack_walk+0xa6/0xf0 [ 906.797961][ C1] ? __sigqueue_free+0xbe/0x2a0 [ 906.802804][ C1] ? stack_trace_save+0x8e/0xc0 [ 906.807643][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 906.813004][ C1] ? stack_depot_save_flags+0x27/0x9d0 [ 906.818457][ C1] ? __lock_acquire+0x4a5/0x2630 [ 906.823424][ C1] ? proc_coredump_connector+0x2d3/0x4f0 [ 906.829046][ C1] ? __pfx_proc_coredump_connector+0x10/0x10 [ 906.835021][ C1] ? rcu_is_watching+0x12/0xc0 [ 906.839786][ C1] get_signal+0x2162/0x2210 [ 906.844292][ C1] ? __pfx_get_signal+0x10/0x10 [ 906.849145][ C1] arch_do_signal_or_restart+0x91/0x7e0 [ 906.854689][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 906.860849][ C1] ? rcu_is_watching+0x12/0xc0 [ 906.865610][ C1] irqentry_exit+0x39e/0x970 [ 906.870199][ C1] asm_exc_page_fault+0x26/0x30 [ 906.875040][ C1] RIP: 0033:0x7fd0fb39ce61 [ 906.879440][ C1] RSP: 002b:fffffffffffffe70 EFLAGS: 00010217 [ 906.885494][ C1] RAX: 0000000000000000 RBX: 00007fd0fb616090 RCX: 00007fd0fb39ce59 [ 906.893453][ C1] RDX: 0000000000000000 RSI: fffffffffffffe70 RDI: 0000000000008000 [ 906.901409][ C1] RBP: 00007fd0fb432d6f R08: 0000000000000000 R09: 0000000000000000 [ 906.909365][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 906.917321][ C1] R13: 00007fd0fb616128 R14: 00007fd0fb616090 R15: 00007ffc51318388 [ 906.925293][ C1] [ 906.928301][ C1] task:syz-executor state:R running task stack:22328 pid:5623 tgid:5623 ppid:5611 task_flags:0x400140 flags:0x00080000 [ 906.941776][ C1] Call Trace: [ 906.945040][ C1] [ 906.947960][ C1] __schedule+0x1295/0x67a0 [ 906.952474][ C1] ? __pfx___schedule+0x10/0x10 [ 906.957315][ C1] ? find_held_lock+0x2b/0x80 [ 906.961979][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 906.967348][ C1] preempt_schedule_common+0x42/0xc0 [ 906.972633][ C1] preempt_schedule_thunk+0x16/0x30 [ 906.977840][ C1] _raw_spin_unlock+0x3e/0x50 [ 906.982506][ C1] copy_page_range+0x1c1f/0x5b20 [ 906.987466][ C1] ? mas_wr_store_entry+0xa1/0x1e80 [ 906.992665][ C1] ? __pfx_copy_page_range+0x10/0x10 [ 906.997955][ C1] ? __pfx___might_resched+0x10/0x10 [ 907.003243][ C1] ? up_write+0x28c/0x4f0 [ 907.007582][ C1] dup_mmap+0xd44/0x21b0 [ 907.011829][ C1] ? __pfx_dup_mmap+0x10/0x10 [ 907.016503][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 907.022307][ C1] ? __lock_acquire+0x4a5/0x2630 [ 907.027241][ C1] ? find_held_lock+0x2b/0x80 [ 907.031924][ C1] ? __percpu_counter_init_many+0x2bc/0x3b0 [ 907.037845][ C1] copy_process+0x6c78/0x7ed0 [ 907.042547][ C1] ? __pfx_copy_process+0x10/0x10 [ 907.047569][ C1] ? do_raw_spin_lock+0x128/0x260 [ 907.052615][ C1] kernel_clone+0x176/0x9e0 [ 907.057118][ C1] ? __pfx_kernel_clone+0x10/0x10 [ 907.062137][ C1] ? __lock_acquire+0x4a5/0x2630 [ 907.067077][ C1] ? find_held_lock+0x2b/0x80 [ 907.071742][ C1] ? __might_fault+0xc5/0x140 [ 907.076421][ C1] __do_sys_clone+0xd9/0x120 [ 907.081008][ C1] ? __pfx___do_sys_clone+0x10/0x10 [ 907.086219][ C1] ? rcu_is_watching+0x12/0xc0 [ 907.090983][ C1] do_syscall_64+0x115/0x870 [ 907.095582][ C1] ? clear_bhb_loop+0x40/0x90 [ 907.100271][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 907.106156][ C1] RIP: 0033:0x7f77c3fc58d2 [ 907.110558][ C1] RSP: 002b:00007ffe9a0b20a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 907.118958][ C1] RAX: ffffffffffffffda RBX: 00007ffe9a0b20a0 RCX: 00007f77c3fc58d2 [ 907.126925][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 907.134886][ C1] RBP: 00007ffe9a0b222c R08: 0000000000000000 R09: 0000000000000001 [ 907.142847][ C1] R10: 00005555833ba7d0 R11: 0000000000000246 R12: 0000000000000001 [ 907.150805][ C1] R13: 00005555833cda10 R14: 00000000000c2c26 R15: 00007ffe9a0b2280 [ 907.158779][ C1] [ 907.161789][ C1] rcu: rcu_preempt kthread starved for 10500 jiffies! g84709 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 907.172968][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 907.182924][ C1] rcu: RCU grace-period kthread stack dump: [ 907.188797][ C1] task:rcu_preempt state:R running task stack:27848 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 907.202275][ C1] Call Trace: [ 907.205542][ C1] [ 907.208464][ C1] __schedule+0x1295/0x67a0 [ 907.212974][ C1] ? __pfx___schedule+0x10/0x10 [ 907.217814][ C1] ? find_held_lock+0x2b/0x80 [ 907.222478][ C1] ? schedule+0x2bf/0x390 [ 907.226802][ C1] schedule+0xdd/0x390 [ 907.230864][ C1] schedule_timeout+0x127/0x280 [ 907.235724][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 907.241089][ C1] ? __pfx_process_timeout+0x10/0x10 [ 907.246367][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 907.252168][ C1] ? prepare_to_swait_event+0xdf/0x4a0 [ 907.257625][ C1] rcu_gp_fqs_loop+0x1a9/0x900 [ 907.262382][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 907.267670][ C1] ? prepare_to_swait_event+0xae/0x4a0 [ 907.273143][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 907.278114][ C1] ? __pfx_rcu_gp_cleanup+0x10/0x10 [ 907.283311][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 907.289121][ C1] rcu_gp_kthread+0x179/0x230 [ 907.293797][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 907.298985][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 907.304788][ C1] ? __kthread_parkme+0x18c/0x230 [ 907.309814][ C1] ? kthread+0x13a/0x450 [ 907.314045][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 907.319233][ C1] kthread+0x370/0x450 [ 907.323293][ C1] ? __pfx_kthread+0x10/0x10 [ 907.327879][ C1] ret_from_fork+0x72b/0xd50 [ 907.332463][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 907.337567][ C1] ? __switch_to+0x800/0x1100 [ 907.342243][ C1] ? __pfx_kthread+0x10/0x10 [ 907.346825][ C1] ret_from_fork_asm+0x1a/0x30 [ 907.351597][ C1] [ 907.354605][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 907.360916][ C1] CPU: 1 UID: 0 PID: 5956 Comm: kworker/u8:13 Tainted: G L syzkaller #0 PREEMPT(full) [ 907.372011][ C1] Tainted: [L]=SOFTLOCKUP [ 907.376323][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 907.386368][ C1] Workqueue: events_unbound toggle_allocation_gate [ 907.392865][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 [ 907.398925][ C1] Code: 96 7e 5c 00 48 89 df 5b e9 5d 0f 62 00 be 03 00 00 00 5b e9 52 b0 f0 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 65 8b 05 a5 de 00 12 48 8b 34 24 65 48 8b 15 81 de 00 [ 907.418520][ C1] RSP: 0018:ffffc90004bef868 EFLAGS: 00000202 [ 907.424581][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81fc2dfd [ 907.432539][ C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff88802e7e2540 [ 907.440496][ C1] RBP: ffff8880b8443560 R08: 0000000000000005 R09: 0000000000000000 [ 907.448453][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003 [ 907.456409][ C1] R13: ffffed10170886ad R14: 0000000000000001 R15: ffff8880b853c800 [ 907.464366][ C1] FS: 0000000000000000(0000) GS:ffff888124487000(0000) knlGS:0000000000000000 [ 907.473283][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 907.479859][ C1] CR2: 0000200000aed000 CR3: 000000000e596000 CR4: 00000000003526f0 [ 907.487821][ C1] Call Trace: [ 907.491091][ C1] [ 907.494009][ C1] smp_call_function_many_cond+0x587/0x1700 [ 907.499899][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 907.504927][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 907.511246][ C1] ? __pfx_text_poke_memcpy+0x10/0x10 [ 907.516616][ C1] ? __pfx___text_poke+0x10/0x10 [ 907.521548][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 907.526566][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 907.531672][ C1] ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190 [ 907.538161][ C1] smp_text_poke_batch_finish+0x337/0xc60 [ 907.543887][ C1] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 907.550131][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 907.556360][ C1] ? find_held_lock+0x2b/0x80 [ 907.561030][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 907.567014][ C1] jump_label_update+0x37a/0x550 [ 907.571944][ C1] static_key_enable_cpuslocked+0x1bc/0x270 [ 907.577834][ C1] static_key_enable+0x1a/0x20 [ 907.582593][ C1] toggle_allocation_gate+0xfe/0x2d0 [ 907.587869][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 907.593758][ C1] ? rcu_is_watching+0x12/0xc0 [ 907.598524][ C1] process_one_work+0xa0e/0x1980 [ 907.603466][ C1] ? __pfx_process_one_work+0x10/0x10 [ 907.608837][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 907.614720][ C1] worker_thread+0x5ef/0xe50 [ 907.619343][ C1] ? kthread+0x13a/0x450 [ 907.623575][ C1] ? __pfx_worker_thread+0x10/0x10 [ 907.628679][ C1] kthread+0x370/0x450 [ 907.632739][ C1] ? __pfx_kthread+0x10/0x10 [ 907.637325][ C1] ret_from_fork+0x72b/0xd50 [ 907.641909][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 907.647011][ C1] ? rcu_is_watching+0x12/0xc0 [ 907.651770][ C1] ? __switch_to+0x800/0x1100 [ 907.656447][ C1] ? __pfx_kthread+0x10/0x10 [ 907.661030][ C1] ret_from_fork_asm+0x1a/0x30 [ 907.665800][ C1]