last executing test programs: 11m31.075726904s ago: executing program 2 (id=8): r0 = syz_usb_connect$uac2(0x5, 0x83, &(0x7f0000000880)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x582, 0x25, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x71, 0x3, 0x1, 0xf8, 0x10, 0x5, {0x8, 0xb, 0x2, 0x0, 0x1, 0x5, 0x20, 0x8}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0xfffd, 0xa, 0x11, 0x47}, [@source_unit={0x8, 0x24, 0xa, 0x0, 0x0, 0x5, 0x7f}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x2, 0x4, 0xd8, {0x8, 0x25, 0x1, 0x2, 0x30, 0xcc}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0xd, 0x7, 0x0, {0x8, 0x25, 0x1, 0x1, 0xf, 0x4, 0x10}}}}}}}}]}}, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000140)={0x40, 0x13, 0x1, "ff"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io$uac2(r0, 0x0, 0x0) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) (async) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async, rerun: 32) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000e"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async, rerun: 32) syz_usb_control_io$uac2(r0, 0x0, &(0x7f0000000b40)={0x44, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_connect$uac3(0x1, 0x97, &(0x7f0000000300)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x47f, 0xc010, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x85, 0x3, 0x1, 0x9, 0xa0, 0xd, {0x8, 0xb, 0x1, 0x1, 0x1, 0x21, 0x30, 0x8}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0xb, 0xa, 0x6e}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x8, 0x2, 0xa0, {0xa, 0x25, 0x25, 0x758, 0x81, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x0, 0x4, 0x3, 0x4, "", '*vi'}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x0, 0x40, 0x1, "ab4cc0"}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x1, 0x4, 0x6, {0xa, 0x25, 0x25, 0x80000001, 0x27, 0x8}}}}}}}}]}}, &(0x7f0000000500)={0xa, &(0x7f0000000440)={0xa, 0x6, 0x201, 0x9, 0x8, 0x7f, 0xff}, 0x1f, &(0x7f00000004c0)=ANY=[@ANYBLOB="050f1f000403100b0a15030000000a040c000a10030008005405010003100b"]}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket$inet_mptcp(0x2, 0x1, 0x106) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f00000001c0)=ANY=[@ANYBLOB="180300000000000000000000000000808510000006000000180000000000000000000000000200006600020000000000180000000000000000000000000000009500000000000000870300000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) (async) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async) syz_open_dev$sg(&(0x7f00000001c0), 0x508d48d4, 0x40902) (async) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) (async) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0xd0, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xa, 0x80000006, 0x400}, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x4c, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0xfffd}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x4c}}, 0x80e0) syz_usb_connect$uac1(0x2, 0xeb, &(0x7f0000000540)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x40, 0x582, 0x40, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd9, 0x3, 0x1, 0x4, 0x70, 0x40, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xf4b7, 0x3e}, [@processing_unit={0x9, 0x24, 0x7, 0x4, 0x4, 0xa, "80af"}, @feature_unit={0x9, 0x24, 0x6, 0x4, 0x3, 0x1, [0x8], 0xe}, @input_terminal={0xc, 0x24, 0x2, 0x1, 0x402, 0x3, 0xfb, 0x5a, 0x1, 0x3}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x402, 0x3, 0x20, 0x200, 0xd9, 0x4}, @mixer_unit={0xa, 0x24, 0x4, 0x5, 0xc, "8d63e56b0f"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x4d4a, 0x9, 0x7, "1eb2d9f66ef35b"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x1, 0x4, 0x7, 0xd, "77c4"}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x4, 0x4, 0xb, 0xc0}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x7, 0x8, 0x9, {0x7, 0x25, 0x1, 0x0, 0x4, 0xa}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x0, 0x8, 0x1006}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x4, 0x9, 0x1, 0x4, 0x1}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x40, 0x2c, 0x8, 0xb, 0x57}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x7, 0x5, 0x6, 0x99}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x3, 0xe, 0x4, {0x7, 0x25, 0x1, 0x0, 0x1, 0xf801}}}}}}}}]}}, &(0x7f0000000780)={0xa, &(0x7f0000000640)={0xa, 0x6, 0x110, 0x2, 0x5, 0x2, 0x20}, 0x8, &(0x7f0000000680)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x2, [{0x5c, &(0x7f00000006c0)=@string={0x5c, 0x3, "f7b944e64155a3c885c5cf04aa9c9d964f0f750674c990aa016b5946114908353782cf6b7579c2384526cecee436eae06e44947a04129696b8655d3dcc2e44282af876544efaba140ade2fa0bc09eb3d8779de9c851d038cc545"}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x411}}]}) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x58, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x30, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @empty}}, @IPSET_ATTR_IFACE={0x14}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f00000001c0)={0x6, @win={{0x7ff, 0x6, 0x9, 0x9}, 0x8, 0x1, 0x0, 0x4efa, 0x0, 0x2}}) 11m27.892664653s ago: executing program 2 (id=11): mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x64) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0xb, 0x9, 0x0, 0x1, 0xffffff7f}, {0x65}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x4, 0x1, 0x4, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffff}, {0x15}}], {{0x7, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$cgroup_subtree(r0, &(0x7f0000001040), 0x201, 0x0) rmdir(&(0x7f0000001180)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000005000000000000000000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0xf}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r2, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000680)={r3}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50) fstat(r0, &(0x7f0000001100)) 11m27.050389029s ago: executing program 2 (id=12): openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x94}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r5 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r5, 0x0, 0xd1, 0x0, 0x0) r6 = syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x800) unshare(0x28000600) r7 = openat$fuse(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) r8 = openat$cuse(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r7, 0x8004e500, &(0x7f0000000180)=r8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r6, 0xc0305720, &(0x7f0000000080)) connect$tipc(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r9 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r9, 0xc0286405, 0x0) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000340)=0x15) ioctl$TIOCSTI(r10, 0x5412, &(0x7f0000000000)=0x11) write$cgroup_int(r0, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 11m25.720572757s ago: executing program 2 (id=16): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_emit_ethernet(0x2a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000200)=0x800409, 0x4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000000)=0x7, 0x4) sendmmsg$inet(r2, &(0x7f0000002240)=[{{&(0x7f0000000040)={0x2, 0x4e1e, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @local}}}], 0x20}}], 0x1, 0x0) read$msr(r1, &(0x7f0000019c80)=""/102400, 0x19000) write(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) mkdir(&(0x7f0000000080)='./file1\x00', 0x8) mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x808, &(0x7f0000000340)='\x00\x00\x00\x00\x00\x00\x00\x00') chdir(&(0x7f00000000c0)='./file1\x00') capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x1, 0x3, 0x20000007}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{}, 0x0, &(0x7f0000000380)=r3}, 0x20) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$getregset(0x4205, r4, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) 11m24.152746595s ago: executing program 2 (id=18): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x19, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2000001}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r3, 0x8008af00, &(0x7f0000000140)) prctl$PR_SET_IO_FLUSHER(0x50, 0xfffffffffffffffd) setpgid(r0, r0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x800, 0x0, 0x2, 0x1}, 0x20) mount(&(0x7f00000003c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000380)='iso9660\x00', 0x800000, 0x0) add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc3}, &(0x7f0000000440)={0x0, "8527d2100090af54bfbca283be11c0de7af30e90937920fcba13d90af61beaa44d66a6535daf1bc35fb3af1e9197e31d26589d073c10184095fb00", 0x14}, 0x48, 0xffffffffffffffff) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10) listen(0xffffffffffffffff, 0x5) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) sendto$packet(r4, &(0x7f0000000600)="5f0efc3e1792a50972d2eb21bdff9ca4ac804c2847689e7fd3f3fe7bf05ddc63ff512d4074687760a5fbd1fc97777a6e55123f04cc8437b15f4b2c6f5027dcea15b6658d", 0xffffff3d, 0x0, 0x0, 0xffffffffffffff10) r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000240), 0x80000, 0x0) ioctl$IOCTL_START_ACCEL_DEV(r5, 0x40096102, &(0x7f0000000280)={{}, 0x7}) unshare(0x2c020400) 11m23.435792578s ago: executing program 2 (id=20): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newtclass={0x3c, 0x28, 0x200, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0xf, 0xc}, {0x6, 0xffff}, {0x5, 0x9a321fb02fab4898}}, [@TCA_RATE={0x6, 0x5, {0x4, 0x8}}, @tclass_kind_options=@c_mq={0x7}, @tclass_kind_options=@c_tbf={0x8}]}, 0x3c}}, 0x4c840) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c40)=@newtfilter={0x4c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x2, 0xfff3}, {0x0, 0xfff3}, {0xb, 0x10}}, [@filter_kind_options=@f_fw={{0x7}, {0x20, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x7, 0x6}}, @TCA_FW_INDEV={0x14, 0x3, 'veth1_to_hsr\x00'}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24041091}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r2) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x49, &(0x7f0000000000), 0x4) socket$inet6_udp(0xa, 0x2, 0x0) socket$packet(0x11, 0x2, 0x300) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000ff0000/0x3000)=nil) getpid() prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x400c804) r3 = io_uring_setup(0x1cf5, &(0x7f0000000040)={0x0, 0xc8a5, 0xc000, 0x2000008, 0x289}) pselect6(0x40, &(0x7f0000000380)={0xff, 0x0, 0x0, 0x8000000000008, 0x0, 0x0, 0x0, 0x1}, &(0x7f0000000000)={0x2100000001f, 0x0, 0x0, 0x3, 0x0, 0x401}, 0x0, 0x0, 0x0) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)) eventfd2(0x5, 0x800) sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 11m21.306602221s ago: executing program 32 (id=20): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newtclass={0x3c, 0x28, 0x200, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0xf, 0xc}, {0x6, 0xffff}, {0x5, 0x9a321fb02fab4898}}, [@TCA_RATE={0x6, 0x5, {0x4, 0x8}}, @tclass_kind_options=@c_mq={0x7}, @tclass_kind_options=@c_tbf={0x8}]}, 0x3c}}, 0x4c840) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c40)=@newtfilter={0x4c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x2, 0xfff3}, {0x0, 0xfff3}, {0xb, 0x10}}, [@filter_kind_options=@f_fw={{0x7}, {0x20, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x7, 0x6}}, @TCA_FW_INDEV={0x14, 0x3, 'veth1_to_hsr\x00'}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24041091}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r2) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x49, &(0x7f0000000000), 0x4) socket$inet6_udp(0xa, 0x2, 0x0) socket$packet(0x11, 0x2, 0x300) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000ff0000/0x3000)=nil) getpid() prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x400c804) r3 = io_uring_setup(0x1cf5, &(0x7f0000000040)={0x0, 0xc8a5, 0xc000, 0x2000008, 0x289}) pselect6(0x40, &(0x7f0000000380)={0xff, 0x0, 0x0, 0x8000000000008, 0x0, 0x0, 0x0, 0x1}, &(0x7f0000000000)={0x2100000001f, 0x0, 0x0, 0x3, 0x0, 0x401}, 0x0, 0x0, 0x0) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)) eventfd2(0x5, 0x800) sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 8m10.967745894s ago: executing program 5 (id=523): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=ANY=[@ANYBLOB="0001000016000100000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004e200000000000000000a00000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ac1414aa0000000000000000000000000000000033000000ac1414bb00000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000002000000000000000000000000000000001000000000000000000000000000000000000001000000000000000a00000000000000000000000500000005000000080023"], 0x100}, 0x1, 0x0, 0x0, 0x75177a811641fe69}, 0x0) 8m10.803231795s ago: executing program 5 (id=525): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r1) sendmsg$IEEE802154_SCAN_REQ(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, r2, 0x1, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000400}, 0x0) (fail_nth: 2) 8m10.32437248s ago: executing program 5 (id=527): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0xc8202) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0xffffffff, 0xea, 0x442, 0x0, 0x32, 0x0, 0xaa}, 0x9c) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&\x00'/12, @ANYRES32, @ANYBLOB="e8bd7deaccdc72e5eb56ccd00b700148072adc9b40d33e25441e1f23dc92ecdfe31c52d3622b2401451c035d99d9e1621d081345be2551b9ca83797292e23dbe9b5f0865eb9727871816a2b68c", @ANYRES64=0x0], 0x10) recvmsg$unix(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x33fe0}], 0x1}, 0x12) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000040)={0x6, "152a44e3112c0000f5a82d86c200000000000000000000000000000800"}) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r7 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000080), 0x8100, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r7, 0xc0184800, &(0x7f0000000100)={0x4, r6}) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x8, 0x4, 0x8b, 0xfffa}, 0x3b, [0x7ffe, 0xc95a, 0x1, 0xb, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x288, 0x9, 0x63, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x6, 0x4, 0x8, 0x4, 0x3c5b, 0x1, 0x3, 0x9, 0x1, 0x1f461e2c, 0x0, 0xe660, 0x4, 0x7, 0x101, 0x7fff, 0x1, 0x80000000, 0x242, 0x6, 0xe, 0xfffffffb, 0x71, 0xfffffff8, 0x7, 0x0, 0x0, 0xd, 0x80003d, 0x8f, 0x6, 0x10000006, 0xfffffc00, 0x5, 0x4, 0x8, 0x0, 0x20002, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x1, 0xffff, 0x134, 0x7ffe, 0x9, 0xfffffff3, 0x5, 0x45, 0x6, 0xd, 0x2bf, 0x6c9, 0x9, 0x6, 0x3, 0x0, 0x7, 0x5, 0x0, 0xe, 0xfa, 0x74, 0xea4, 0x0, 0x4, 0x5, 0x8000, 0x3, 0x400, 0x1, 0x6, 0x7, 0xff, 0x5, 0x5, 0x800, 0x0, 0x0, 0x2, 0x100002, 0xa, 0x4, 0x6, 0x8, 0x800, 0x6, 0x7, 0x8002, 0x1, 0xfe000000, 0xff7f, 0x2, 0x7f, 0x9, 0x2, 0xffffffff, 0x9, 0x1, 0x7, 0x80000003, 0x9, 0x48c93690, 0x42, 0x9], [0x400, 0x4, 0x0, 0x5, 0xfffffffe, 0xfffff76b, 0x8d2, 0x9, 0x5, 0x7fff, 0xfffffffc, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x83, 0x80000003, 0x200009, 0x100003e7, 0x9, 0x5, 0x3, 0x2, 0xf38, 0x7, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0xf, 0xd, 0x9b8, 0x8d8d, 0xa2, 0x7, 0x53cf697b, 0x4, 0xa, 0xac8, 0x7, 0x2, 0x3, 0x7ff, 0xfffffffc, 0x2, 0x4, 0xffff, 0x0, 0x1a, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x65], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0x20000ce7, 0x1ff, 0x2, 0xf58, 0x5, 0x0, 0x101, 0x10000, 0x6, 0x7ffe, 0x80000000, 0x200a620, 0x2, 0xc, 0x1, 0x4, 0x14c, 0x60a7, 0x80000e, 0x7, 0xffffffff, 0x80000004, 0x8, 0x8, 0x5, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x104, 0x9606, 0x7, 0x2, 0x4, 0x8006, 0x1, 0x0, 0x4, 0x8, 0x30b1d693, 0xa1f, 0x8, 0x7, 0x101, 0x6c1b, 0x9, 0x4, 0xb0b2748, 0x1, 0x1, 0x200, 0xffbf2441, 0xfff]}, 0x45c) close(0x4) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 8m9.233655869s ago: executing program 5 (id=532): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c65"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x70bd2b, 0x2, {0x7, r4}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x2, 0x2, {@in6_addr=@ipv4={'\x00', '\xff\xff', @remote}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x40080c0) 8m8.984098982s ago: executing program 5 (id=533): syz_io_uring_setup(0xf00, &(0x7f0000000400)={0x0, 0x5962, 0x10000, 0x0, 0x4e}, &(0x7f0000000100), &(0x7f0000000000), &(0x7f0000000080)) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) ioperm(0x5, 0x6, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x40001}, 0x20008000) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40008c0}, 0x8040) socket(0x2, 0x80805, 0x0) r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) read$FUSE(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000340)={{}, {0x1, 0x3}, [], {0x4, 0x4}}, 0x24, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000180)={0x8, {"bd2af2adfb5b061c3ca5dae01a134486c194089195a326cff7bf41d5486235b0604a0d1bcaa1d4c9cf948b7da2ba910eadba18e098f2782dec4aaed64e07696a1f388d897cea87ef8fde32a7b91c76a2334aeffa19ab9e7a870245585d624a4d0ac2fd315a05a8fe7988ad70d72f1d40e1c050bd113ed1f7517f6e8555ad7ce65f8dc986194a72c5c4cbbf7bb37865a73a159e5b950de92c0e5b4ef4c9fda68a19991f2490925979ac04da692e39e73d025299e57ee7ef7a117427de7245a04884f71bf5759890eef09d562e8444de3316e5ab99903057fbf1ecbd7ba093cb3cdf25f8ad6092ce24dad55c63fd5b589b8c1cdd04651be0229404986ade51c29af05a53d764ad854a11f9a2fbc3bb1f21fa282af73cae0607de434cfd9a4899a979f70c807044239aac67cbafaecca42dc1553612c220ede0cae19d30f15d2513ad1f96aaaf51054d5b9b0ba1b55762d65d6f1a61a4f7a4a738b0a037f017e6a24db2ac63f5f5b114b5899df2ad132432c75fde2438efe6b7af8f9c15ef0186ea703b3b3225a2f27f50e6b3031d2ca8e416cf64ca442b5700a2aae18a873b7fbae430f1625fc16a99c0a0e5dd38cc0bb5964349c8fe7f9b1f5e37d6e91fd6c476a46aba077e1b0569e71d52e763f13936a9f3857b866e22ecab499f4185badc8620599b5ab2e2f5232286ef72f8eda0287f0cb3c9e41a1cca48b44f2deb5237852bf9831ee8dca86c5e62a12b5a81e526dfc176646f203b116e118c040bbfd1a89cfa0430a8dd9ea7c120c7091991f866f9814adf5df7ce76278b3b4a2a91829df21c609021dcb35a83f0dbe786fff33b2bb0384938204ac7b43f78ac4806fa2000501d15bdaa14e14c1391bb4b359da837564442061bc5a9d3f75ee655e2c3857dd57aa8c50cb8b54b3b0c3fd0811033a4881bd4249dd0decaffbd010a8796c71da358e1b5cb1be7ded4529aa7feddb304d32a0b0efd3cf29b06f9433f821a16779374a4cea67e14a80ca7ad183d17a537f428cc454f1357e956a2a794dfd899c4737a9ec5f934e7b86bc552b9ea62179bbeb531689b0e047f707ab9709e77bac19e31445b3d93c8ce221e7d66d29039d7c4de0106d856b9e086401371fbca691dfab7ebfcff0f2cafc4401049e9f2e88e47949560ffd88f937e9b689ce4cdd78cf12faa712c1ba94c83ef39a5822d0ebad020c5ac01ff485e1c5aba394999e3957f889df6be6a5cc0573a3c686728f5492a4759c4c3b2f32499102b04e5de169f43d6b5872ab671109fa60db3f90f85dab3e73dc9b3ec8396e96bfe9df695be533a33cb2529eb2c79d6a172596d5df4373705fdd85a7253977f0c43b18da12b65b1361f00bf11f27b39f8a65664b4e27555b8ac93b45e2ea3452297af9f2788e072274e6f37cf643e9c5ac0d43dc4ee69293dbeca1df9d69199f54d8e39a546478c2114f2d235cfa5644db3867c530dfd0b6730c4f75cf200a40c3d542a4935a492cc5d1d0b413ed6326da405ab31745da2753d5a1fecbb754e05c6cb256f134229a247775623fa1683f093553d0d4de43fbb13c58df7645e9bb1da8bdd0758083dee09a2556d5daaff47b43b1e6f78a50be3f7bd32d0d86e4d5b45fb3a10c4f04e5aef36626a7313eca229bcfc4bd798e92334ac56a1ddfd4cead19f359701a23a4309197c0d707371d0f2fe9031c06e8c836ceb70f1a06bf182e979538d5d44544dc2a7ec3bbf66293b57784e35d882a9f43d3bc568e5e9da1f4e891ae931b7effe7eb94c6aa969b084f218c0d3cb11fc474beb3f169963fb9d64486b05e191c20af38ae504d8aae3349d4c6cecaa1971982f112fc4d0d59ea88d35a092cba171af35d7430c05fea852257a6cd08029cd5e12ac31622a9579d90283dd44f6e7d7413b368e06a4263ba1bfb12d3c0ad1f75a0ae2865aa26a913c6132cdf7cfec168417515956c5867c1917ad1c17df1de73ff4e1f90f4ee4eb13b8b006888d735df7e0f7cd5e7f9daf5da42fed239e0c84e3bbef0ef2fef1ae543f0e8ad4d7c9c8939461c8ffed61ed859053cc4451d2c300f00b18c56b8dce2b093c9774c740f6297a2b56cdb2f7a62deb51a249d6888cae11855ae0605877543f3c5665d41c585e7b68f137798590e8d347989fc4e49f2cc731a6cf0192d5af22e8ad7e260644c76d75d76b8f70056ef7d2a55f3c1896bfe34dfc399c58b626e52aed98515b509198ee23214009ce45fef2ea830820591d43ea3571af4a203f01c4a2f5b1f3501bcd4a7c95a1c7ef3aae4047ccae2025960b583064983d1c892ff956738497f20b4ddd17550007b844c3dd86daf4db5446490fae4b566a93ba6e42f651bb71e9445d002337e581528f1964e17ae52fe99a5100e388d4cea37528ca9e0165c8afcb5a1212090881e242a97d1bd7b91785dc5922582c5d8912c7106d5b254c8fc0cca2457976706bd4836728ab101ad224eee7adfc2f3bff52eb282661663924e37ce574f0cdf34cfba0113c882efebd3f8c0bd109cf35c56f618809de9a41ff28a946443e16437363c8adb31a6eedb289b1b2dd6677d780f2efe74a6003a491655967d088bc9fc5930e9f3460c51afb4f8ecd5e57090b1b291cce18db1b3bf71fd8d78f54dedb60cf1258c1976d06ad3a9c070d6016f99c6554821945295d702a1820f05c080e7c71b9d59be5018df62f221d7da2e82a9faf4679646f517c658a891d8c1bb349ffbcb835db12767a89cffcf18e634ecd5f5b5413f7a8d862bd7125d1e00788af106f63275607a9d25c23b9aee06db57499be43757774ebc3cf9c9d2db2781db3daa32a752c843a4233ceb5ae9b54c75b5b7f8d336eb0388477ca05e5b40b7cccea5cf71b16490073be089e6bf467eebfa1a03bae9c115ff8c751d4edd3d0f731224affb5554d306c04ff19b45f09a9a4129f6d044527e1afe4dc04dc09aa186e7daede408994378b303f77dec1b0e815171ad34bf69a34e27259cbf6be96d08e9b03fd6367b8a000da24e6097d5f5671b00ff1fb053fbe734a74a711df78ef86fe0a5c2728788142f42f0e661d2af960c5a357e4c234375ddd88c810419fe3f2f8e4ad3864e77772d683ce7452fdcbfd693ebe7dd7d0c369cba59c466d230415bd9a09945bc356f887537c7d01449fc6cb999f5c7eca8b40c5687197c6366dbc2ddd8120fb5169c61716e5acdbfdcf884694116c6b7d40ab2c782bb6d2d33a49adeb98f115e996686e121c05c93de04a706085c1b917afc9228a62b17efd6f70a1e44ab8ca73ca777da3aaf646002e8144ea5b6c107a9abf2dd1a15f2dd67a1578950795b05642b4d4d2c3b1d838e617c169d704a2f0cd5c6fac24eccf8ea33511b72c0fd32499f221ff649d008ecb96fdfd8b064201f99f29836b2b4894a3c9d579bda416742d70fdfc27857856507079edf2a7872b1c12a74d97deeedac9bef4d3428c44884e32ad6b5527684aaafe1b14b3c6147f226f91ae5a5ec931d82bcc7c96801445d671a368ada9a6831ca07b121c22da8421c7239f746dda0a531c38856f3b427f578170e885ee39ae600c6b7357e5904ccece51a13471c78e46ce45ffcaec7ee1f8ca7b2869b91921a09aa402ff909aed4b54d993e3fc0d51ecf1bad387dbc863ea0beddc39431e3372092ee559c12db5379a131ad15c6f64b408246e5f88f14bbdce8de3803db3f531d69406c87546e8daba7ed9b878bd5405d174b884ee4ea3638c640e181853be4d45d54c66c820331c6044f5ed386df7bfede1fdb2e153726efe9f4238ca34f238b568427d02ccf724114c01d8303090c5cd1f572e7b3bbeb74c521f2c588ed7efe0d9c71e3826796ac08c786213bd39d9460218781a7eb480fd9477b8d8bd1fa3893bbd789cc0d3b921e64b7a8c2296091babd739459b5bc615f631059197d36b18bf8f6a316f79dc350a39f8c68e1ca059f119abbbcc08bea4521f16876e928cb00d037ca1bd424bc46f176fd6dd1d365e34ad975a53f1e6d2a85610e540ad18b88a593005a554a4b0735e73ff798cf09fe7af065413967b4fb0f8c6ac593fecfb9c36daca0631f7ea46b9995210ee3edfc12cf8de5fdc5149cc9bde82b59d9f7531fa7a3e06fd6c8616c7bf9616c32eef292005313bebaa9a03eeec33389c7903d73d6ac35bed319bd040a166a1af07b14b70d72e590eabf8e310b3b16916a88636f65bd06b091a26f9760cfbe7320d019805d7f25dbf6b8cc0f11562a288cfd6448d1eba1b7854aa81ffa2006c61e97802f8628e11ed43b71d0dd0f2e2720782089d7ec170b76e6e628d10f46b61925fec011baebabdac89a15f606011381bbc6ea4e0c03bef784f53ad7ddfb847bd582ca38491e793b4ef2d1dc11659f9beb17051d071df74b80a721cc4ebf093c9503dfa957284fdd61498f94dadadda985c123f9596a1e165ccf0e4698e3ba00d32fa672359acfffb7212af72b373b188e3e1c0bc93ccaa312bdcb097ecd4a18f5949b9d543a1f10859634f0addca88cd5dd483e232e77285bdb5d44b5b97eca49d7236c55b0f19bcbf7f507e555bd2859bb814e61e1634c92ad19c8870066ee71d3fbbe4aa74cf957e34118e60ba3477e24dffcdf7257a20af81ad29835a6176b1d4f76f722d8a76f3edb9cad7f2a51652ba80fb2e8535fe90b8f63e0083a84026d93719ba7f2804c08e8ee69ecc5b426b270b3a4227257e380203731d9aea7f1dd5e6bf5e75bced0cc70b853bff5cd1f916a4404464a0b49a3aa7aae4ac63146a89aa966bcda589af3c77ad5cbf5bac88dfa72b04eb6132e04e91c0dbca4e348a76befa629f6086b7ec066bd820c7501b367608e09cf8c46b8a828650d1aa0fbd91781b1084b37cd981ed96d899ec5919b379bf7b9745a27cb8d64e8469ba27b40cdad8f5c863c236b67b81a49a84e741d34d01cc8c0603027818a38e439ab146c8b0f245fb687d95c6b01e3e0da6e41917baf9eba7e056ac45f4a7a424e824a103533008e3cf14239e6de1621fd3654eee3ebaca605f2547348e206b86fa5662c292ae543d312de1a06ba7a7162c2e771c350785c49a4ffe379b89cdd1d95cdb70fefd970293b13e2a176615a669c1c3abf4a1dad6c9666e0c6a0cf29ce8d4d4f278335131a857d2a70a9a8d56b4e51d08086b07233b14ec3d4c6c19be51bb988afb56e6c298ead33faef2d113e50ba22f567e365117b0d96469e62420de207dbfba07f07350e7f1894b98e049905c800f61eafa853dbdeef546d9866c623c971448ec44786d5a3b760584fc5f021739f4a27179d72e30b21b2009bc45a8b6e2a8f7a6aecb887816b2ebcb173fcc7e93078543beef2c935a465d9cf2df9d002dd3edfd9bdcb03ab9fc50d2722df146f924e586187b688dc9f8e9c9794fc371d885b399c9e31c1fa597b2e47c3e0b950e76a8b0c588065cff7e29dcae16fe4a6e3201df7b545918840fc6fb430248bcaada3ef62212224333ec549ac0771d1b96ba1a67cf654dbd5328d642fe97b33b8f55eea6b9872f3810c8e60a1d3597dabf5421c3eb2f27fca37a23eb397400bde3a3c53e7e0b40d1edd7b2cc8cbc9302e088eeb4f3f23f2477e4eaa5e581f1d73621fffe6c9028ea2199332f45435efae52ba5ccb7a00fecfa66a3a298e118eb1c3f3f4dd7a5aa4ea9cc36e04e4b938d8df8ee0411d95de51cb987f82a8495c3ec58b1d743a68ff30298383b9dc14f8a0f0c2395c8716c051448dc3535de39b6b3a7926895e17e2df2904bd53b2d54a653d3fcdb4f7b3d9f43457a8e63fd37044525868026cfe71f97", 0x1000}}, 0x1006) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000) syz_clone(0x2000, 0x0, 0xff36, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) 8m6.064004442s ago: executing program 5 (id=540): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffffffffffde0, &(0x7f00000001c0)=""/99}]}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x57) syz_emit_ethernet(0x66, &(0x7f0000000280)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x30, 0x0, 0x0, @ipv4, @local, {[@routing={0x29}], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d5"}}}}}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000180)={'pimreg0\x00', &(0x7f0000000100)=@ethtool_gfeatures}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') read$qrtrtun(r1, &(0x7f00000004c0)=""/57, 0x39) setsockopt$MRT_DONE(r1, 0x0, 0xc9, 0x0, 0x0) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f0000000240)) r2 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000140)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=@framed={{0xdb, 0xa, 0xa, 0xfe00, 0x9c, 0x71, 0x10, 0x1d}}, 0x0, 0xb, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x2a) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) 7m50.785086601s ago: executing program 33 (id=540): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffffffffffde0, &(0x7f00000001c0)=""/99}]}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x57) syz_emit_ethernet(0x66, &(0x7f0000000280)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x30, 0x0, 0x0, @ipv4, @local, {[@routing={0x29}], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d5"}}}}}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000180)={'pimreg0\x00', &(0x7f0000000100)=@ethtool_gfeatures}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') read$qrtrtun(r1, &(0x7f00000004c0)=""/57, 0x39) setsockopt$MRT_DONE(r1, 0x0, 0xc9, 0x0, 0x0) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f0000000240)) r2 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000140)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=@framed={{0xdb, 0xa, 0xa, 0xfe00, 0x9c, 0x71, 0x10, 0x1d}}, 0x0, 0xb, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x2a) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) 7.44540023s ago: executing program 4 (id=1966): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000180)=0x200000) 6.970332227s ago: executing program 4 (id=1969): rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000002000000000000000000000085000000bc00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, r2, 0x25, 0x0, @val=@iter={0x0}}, 0x20) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x68) 6.754161541s ago: executing program 4 (id=1972): openat2$dir(0xffffff9c, 0x0, &(0x7f0000000100)={0x202, 0x31, 0x4a}, 0x18) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x6c0, 0x0, 0x2e8, 0x420, 0x2e8, 0x420, 0x61c, 0x61c, 0x61c, 0x61c, 0x61c, 0x6, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, [0x0, 0xddd531f94ea801e4], [0xffffff00, 0x1fffffffe, 0xff000000, 0xffffffff], 'batadv_slave_1\x00', 'ip6tnl0\x00', {}, {}, 0x2f, 0x89, 0x6, 0x12}, 0x0, 0x100, 0x228, 0x0, {}, [@common=@srh={{0x30}, {0xc39ea1956fb20123, 0x10, 0xfa, 0x17, 0x7, 0x448c}}, @common=@inet=@length={{0x28}, {0x7, 0xb0, 0x81}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x4, 'system_u:object_r:dhcp_state_t:s0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@mcast2, @empty, [0x765f654019590581, 0x0, 0xff000000], [0x0, 0x0, 0x0, 0xff], 'veth0_to_team\x00', 'syzkaller0\x00', {}, {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x4}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@rand_addr=0x64010101, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x38}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xa}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x3, 0x0, @ipv4=@empty, 0x4e22}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x720) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff, 0x6, 0x0, @void}, 0x10) fcntl$setlease(r0, 0x400, 0x2) getresuid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200)) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = dup(r1) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="30000000100001000000000000000071ff9aee24", @ANYRES32=0x0, @ANYBLOB="0000000000000000080004000006000008001b"], 0x30}}, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2a}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r5, &(0x7f0000000300)={0x7, 0x1b, 0x2}, 0x7) splice(r4, 0x0, r1, 0x0, 0x317e, 0x4) write$tun(r2, &(0x7f0000000840)=ANY=[], 0x11b0) 6.378367696s ago: executing program 4 (id=1976): socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r0, 0x0) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000fe4000/0x11000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004084) r1 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 5.598407768s ago: executing program 4 (id=1983): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000007c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x3, [@const={0x0, 0x0, 0x0, 0x9, 0x3}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @fwd={0x1}]}, {0x0, [0x61]}}, 0x0, 0x43}, 0x28) 5.364520603s ago: executing program 4 (id=1985): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, &(0x7f0000002b40)={0x0, 0x989680}) 4.703881381s ago: executing program 3 (id=1991): r0 = syz_clone(0x21000200, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) rt_tgsigqueueinfo(r0, r0, 0x8, &(0x7f0000000480)={0x2b, 0x0, 0xfffffffb}) 4.659148028s ago: executing program 0 (id=1993): r0 = syz_open_procfs(0x0, &(0x7f0000000b40)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) r1 = syz_clone(0x5004000, 0x0, 0x4b, 0x0, 0x0, 0x0) r2 = syz_open_procfs(r1, &(0x7f0000000000)='map_files\x00') poll(0x0, 0x0, 0xfffffc01) getdents64(r2, 0x0, 0x0) 4.52057584s ago: executing program 3 (id=1995): mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000002100)='cgroup2\x00', 0x4858, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x1d7) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x40, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) 4.302080504s ago: executing program 3 (id=1998): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x9) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x4000, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa845942824251d7d17b5191584bcd4fbe40a23424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "642c72f67d5441f6e8da020400"}}}}}}}, 0x0) recvmmsg(r1, &(0x7f0000006000)=[{{0x0, 0x0, 0x0}, 0x7fffffff}], 0x1, 0x102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80, &(0x7f0000000080)={0xa, 0x4e21, 0x10, @private2, 0xfffffffb}, 0x1c) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x1}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 4.157071513s ago: executing program 6 (id=2001): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, 0xffffffffffffffff, &(0x7f0000000040)=0x4) r1 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'ip6gretap0\x00'}) setsockopt$packet_int(r1, 0x107, 0xf, 0x0, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f00000000c0)=0x33, 0x8) listen(r2, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r4 = accept4(r2, 0x0, 0x0, 0x0) sendto(r4, &(0x7f0000000000), 0xfeb5, 0x0, 0x0, 0x0) recvfrom(r3, &(0x7f00000001c0)=""/62, 0xfeb5, 0x10120, 0x0, 0x0) 3.903724206s ago: executing program 1 (id=2003): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0xc0010002, 0x20000, 0x80ffffff}]}) 3.857053887s ago: executing program 1 (id=2004): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000740)="440f20c03505000020440f22c0fb01c966bad104ed00000f23c00f21f866b846008ed00f23f80f01cbb8010000000f01c146a7b9670900000f3236660fc6b8730f0000c9b98f020000b8b9000000ba000000000f30460f01c8", 0x59}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, 0x0}], 0x1, 0x42, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000001c0)={"5fbcdbfb555ab7b6da2c492fe4db90aeaf8e5347c79716e75fe060d73e9de531ef8085f88b3a09f05bf084c593b4dab8756600000000077eebf9940a0b60f02d333a2c2aa407522edaabb8cfccecb9d7e0cfd915c17f32bc1ac7e430af977b671ede8605c7c72a5d1397639fd21bf848190fbdbfaeb7e166205def53caa18404ba077c2b5713acbc3d125aea78dfd962dd250511376c3a3b5732114cc92d27be04c7c146cedcc9081a8435f9c67a0c5174df503a84dc11d1d98a2473fbd39de5d9c56ffa28098914b4d47ea99e8134deb75f944afd0df95136c08e057e4d839936c0755318e58ae63dd46f7009df574d263f87508d7e496efb29de0496d4018e8d6c6f7d016752a1d10bb1df8b406bb488dbb43ffd11eb1eb9b36d57cee3b9e4e2e72e97a8059bb8e8120bf04b1d0b929692cc3e5508293bb205beba29259f18213a602dde8a8a19dd2a16b26476ca4f24e86b84ee76d86aacc862c59e154e6bec6ec6e86eb3d9dd50c4ecf6de82c2419674da3b885ac6abaea4765d256727d8560fb55d0bee0c11b1e8a05d4b932254673e8f67abfca2f184a23839164b15e021bff742605fbeb628ab93803e90954074762487b0afc90eec0e31e75dda865693dd655a190f16dbdf7ce7693d27aaf31758d97e25ab40fc44dbc911639d99b592dd0c660b820a46b8374f7e8030031c39768fb9361164f5dad133cf0d5d66c617d3d62b1f0b80e9f88ffc872df05fb5822601dfe4b39179ace0a4f6808b39bad72a80a9a9bd579d0f9a104191ef6e708083218053d3daf8211dff0a87568b7c734ab79b26cf2a65d66b00f2c2f0d3ffd5fc35b58795406446275afb8df4247add7730331b045d384b0c9fa06284463eec7167512277a435ced48980aab83b37a85b7a33ce8fd8b2a543af82bd15955b12833a59645e1de6bd6ab86c4a046a0323415351e6ddb9bcb869d2e7d092b234bfa8c5be098abcd24d8b4a659b36d8af4f3136d23f9115ea6bdc62fb89e2de415e0f08bd6ec5cc53ee3a666049168a88191c6911ea5fe7972f5627923e8b5b9e7c5323da43d48b25caee3016f88c8178fb8ab1149547e33d7fff442fa3ab42408c87cdfe35a82034bd77399a0861ce16141670ffecde05c7393ae522430425707a4c7d988f34a494727e0b1920e93c95af07d3affe9d41bb82d59ff2149705bb782c9d85e53320268fb57096c6c47e616c457a371dda361170f706e53bf9a9ac5692b72d44072217ecb8646e841b6929251a080f56be308c47dac5d59db54bd1ca7499cf3bf7cb8bb763fed9a75d2eb69573b118e3ee78fb11d41c1ce314538fec8fc542c7bf4865841a2e71fc1efd9fa385903372e3670d96398128e75d786f242a6dbf2c053dc48ee2398763b1ba3550136c14ac7ad77d3c8e97b2f36b6af200"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.742761001s ago: executing program 1 (id=2005): r0 = syz_open_dev$I2C(&(0x7f0000000200), 0x3, 0xbe33a52407040f0c) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000001440)={&(0x7f00000014c0)=[{0x9, 0x10, 0x110, &(0x7f0000001900)="8ebb2a9cddd819d4edb5054fe962df4b17ccddbd5e01000000000000802af7ac41740cfc96d51327d35776cab3bde2a1f017c2bacbe3764a42b57f5c2b8f6b75738c5d0a82710a4d810960ed1cb5557d49cf7fe28adb13a65040b2a1f84949672c99aa593315f698eaa46cd17ff97487e9bcc672f63e4625a5af9ab47a90fdef5739aba2724f8bd68ec0135067fc8c31f8194f7f1f43ed6d66144c0df0d05a7b611562bcbfd2ac6ae3a972a6e07c16000000002d73d65b708e29000000000000000005ac8704c3ab89d947000000000000000000000000e05a459e8ee35327d3f3a4c7d9e1e47f2f396e907ff08572129845302df2cdc72be761ea05880b4e6f28a448addfbb26183178e6c04559f93f"}, {0x5, 0x0, 0xeb, &(0x7f0000001600)="77ca707ca611ce4c8cc54758b39354f07248a11308b0a32fc1b621cd6a5fe894125d5426d84e9411417e552c2aa4e56d9a84394cb52f295a6f82a4240c46e10042ab6893b76cac29cf12e0416bb77f366e1ede49175ae57611560be8fcec3aceedcb76ad9b9c307a677d670d828cf13525782732de7f1039d185ebe7e374376fe9593560b0f7d96ff2f6806b472eda8dc899bd07bee241214097218be13f03bf2dfd02ad5fc4c2a5e6794a167c86a6200eed370c1c90f31d55f27ca46348885bcc530fdbf2ede07ca50b7be85665818d06f66a4503b9dfcab7b0847f1869cf5f7231ae300ea2633b30f4c9"}, {0x7, 0x1010, 0x40, &(0x7f0000001480)="0156e72606943fbdfe3b16ec80e2f4ad7543329bdd62b5ad7637391dc78029c4c66b90dbbd6e8e8b1f859156a8182e0bc926cd3a448f6292a070d87834868fe1"}], 0x26}) 3.604624708s ago: executing program 0 (id=2006): r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000480)="1c0000001a009b8a140000003b00000000000000fffffffffffffff4", 0x1c) 3.604398264s ago: executing program 1 (id=2007): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) connect$inet(0xffffffffffffffff, &(0x7f0000000400)={0x10, 0x2}, 0x10) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r2 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x1539, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) 3.51810286s ago: executing program 0 (id=2008): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) openat$cgroup_ro(r2, 0x0, 0x275a, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0xe, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.248549522s ago: executing program 3 (id=2009): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000180)=ANY=[], 0x8) connect$inet6(r0, &(0x7f00000004c0)={0xa, 0xfffe, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)="82", 0x1}, {&(0x7f0000000180)='K', 0x1}], 0x2}}], 0x1, 0x4400c800) sendto$inet6(r0, &(0x7f00000000c0)="cfc850defd27f31e2d20223673feacf3b5421387e6f3", 0x16, 0x3b00, 0x0, 0x0) 3.120006187s ago: executing program 0 (id=2010): socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x6, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x24}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES8=r1], 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x20) 3.116785787s ago: executing program 3 (id=2011): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000003c0)={r0, &(0x7f0000000340), 0x0}, 0x20) 3.002383397s ago: executing program 6 (id=2012): r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x8, 0x2, 0x1}, 0x8) sendto$x25(r1, 0x0, 0x0, 0x48080, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r3, &(0x7f0000002480)=""/4101, 0x1005) 2.924426714s ago: executing program 0 (id=2013): syz_emit_vhci(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) unlinkat(0xffffffffffffff9c, 0x0, 0x200) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, r0) setpgid(0x0, r0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0) getpid() setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) 2.924000756s ago: executing program 3 (id=2014): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x6}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xc, 0x4, 0x4, 0x10000, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2}, 0x50) 1.852652716s ago: executing program 0 (id=2015): syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1a, 0x41c}}}, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0) openat$binderfs_ctrl(0xffffff9c, &(0x7f0000002800)='./binderfs/binder-control\x00', 0x0, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) pwritev2(r2, &(0x7f0000000700)=[{&(0x7f0000003600)}], 0x1, 0x8800000, 0x0, 0x4) 1.823663184s ago: executing program 6 (id=2016): r0 = openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @private=0xa010101}, 0x10) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x20000, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$RTC_AIE_OFF(r2, 0x40187013) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x400) ioctl$SG_IO(r3, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffe, 0x58, 0xcd, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000240)="238d7acf0800", 0x0, 0x0, 0x1b, 0x0, 0x0}) r4 = fsmount(0xffffffffffffffff, 0x1, 0x100) r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r4, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600}}, 0x20) bpf$LINK_DETACH(0x22, &(0x7f00000000c0)=r5, 0x4) bpf$LINK_DETACH(0x22, &(0x7f0000000200)=r5, 0x4) pwritev(r0, &(0x7f0000000bc0)=[{&(0x7f0000000040)="729109000000c537d1726430af4c91a8347ab2", 0x13}], 0x1, 0x20000e, 0x1fa) 1.600680645s ago: executing program 6 (id=2017): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, &(0x7f0000000180)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) getsockopt$bt_hci(r0, 0x84, 0x1, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006) 1.400556282s ago: executing program 6 (id=2018): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000540)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) 1.400109875s ago: executing program 1 (id=2019): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, r1, &(0x7f0000000280)={0xffffffffffffffff, r2, 0x4}) 20.748448ms ago: executing program 6 (id=2020): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, 0x0, 0x8, 0x0) get_mempolicy(0x0, 0x0, 0x8, &(0x7f000050f000/0x3000)=nil, 0x2) kcmp(r0, r0, 0x3, r1, r2) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000680), r3) sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r3, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={0x0}, 0x1, 0x0, 0x0, 0x20008804}, 0x0) socket(0x10, 0x3, 0x0) r4 = socket$igmp(0x2, 0x3, 0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) 0s ago: executing program 1 (id=2021): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000000203010400000000ebfc18de82244708090002000000000901000000080003400000000a0800010001"], 0x30}, 0x1, 0x0, 0x0, 0x40045}, 0x90) kernel console output (not intermixed with test programs): 28364][ T29] audit: type=1400 audit(1780557831.165:1242): avc: denied { append } for pid=11275 comm="syz.1.1367" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 576.751593][ T1712] usb 5-1: Product: syz [ 576.757466][ T1712] usb 5-1: Manufacturer: syz [ 576.762977][ T5762] usb 1-1: USB disconnect, device number 35 [ 576.781164][ T1712] usb 5-1: SerialNumber: syz [ 576.834548][ T1712] usb 5-1: config 0 descriptor?? [ 576.853178][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.860467][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 577.187081][ T1712] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 577.294714][ T35] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.318057][T11285] loop9: detected capacity change from 0 to 7 [ 577.333069][ T35] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.353648][ T35] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.366225][ T35] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 577.422256][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 577.705070][ C1] IPv6: veth0_to_bridge: IPv6 duplicate address fe80::a8aa:aaff:feaa:aa1b used by aa:aa:aa:aa:aa:1b detected! [ 577.927549][T11285] Dev loop9: unable to read RDB block 7 [ 577.935352][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 578.053132][T11285] loop9: unable to read partition table [ 578.087373][T11285] loop9: partition table beyond EOD, truncated [ 578.110729][T11285] loop_reread_partitions: partition scan of loop9 (úù) failed (rc=-5) [ 578.315591][ T1712] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 578.363812][ T1712] usb 5-1: USB disconnect, device number 23 [ 578.559931][ T29] audit: type=1400 audit(1780557832.807:1243): avc: denied { execute } for pid=11300 comm="syz.4.1373" path="/dev/sequencer" dev="devtmpfs" ino=1286 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 578.901006][ T29] audit: type=1400 audit(1780557833.195:1244): avc: denied { bind } for pid=11308 comm="syz.3.1368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 579.433607][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 581.683073][ T29] audit: type=1400 audit(1780557835.760:1245): avc: denied { bind } for pid=11325 comm="syz.1.1380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 582.265600][T11336] openvswitch: netlink: Unexpected mask (mask=240040, allowed=10048) [ 582.527641][T11339] lo speed is unknown, defaulting to 1000 [ 582.686269][ T29] audit: type=1400 audit(1780557836.673:1246): avc: denied { read write } for pid=11342 comm="syz.4.1387" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 582.726203][ T5721] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 583.602130][ T29] audit: type=1400 audit(1780557836.673:1247): avc: denied { open } for pid=11342 comm="syz.4.1387" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 583.854609][T11351] syz_tun: entered allmulticast mode [ 583.858244][ T5721] hid-generic 0000:0000:0000.000C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 584.126502][T11360] evm: overlay not supported [ 584.565613][ T5721] usb 4-1: new full-speed USB device number 43 using dummy_hcd [ 584.835637][ T5721] usb 4-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 584.948415][ T5721] usb 4-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 585.088750][ T5721] usb 4-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 585.204316][ T5721] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 585.250002][ T5721] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 585.290184][ T5721] usb 4-1: SerialNumber: syz [ 586.064182][ T5721] rndis_host 4-1:253.0: RNDIS init failed, -71 [ 586.084466][ T5721] rndis_host 4-1:253.0: probe with driver rndis_host failed with error -71 [ 586.138462][ T5721] usb 4-1: USB disconnect, device number 43 [ 586.448170][ T29] audit: type=1400 audit(1780557840.152:1248): avc: denied { mount } for pid=11380 comm="syz.0.1398" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 586.688527][ T29] audit: type=1400 audit(1780557840.383:1249): avc: denied { append } for pid=11383 comm="syz.0.1399" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 587.264849][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1399'. [ 587.486527][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1399'. [ 587.526693][T11393] lo speed is unknown, defaulting to 1000 [ 587.577176][ T5620] Bluetooth: hci5: command 0x1003 tx timeout [ 587.590297][ T4933] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 587.655428][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1399'. [ 587.790122][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1399'. [ 588.162337][ T5721] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 588.173362][ T991] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 588.325162][ T5721] usb 4-1: Using ep0 maxpacket: 32 [ 588.343063][ T5721] usb 4-1: config 0 has an invalid interface number: 146 but max is 0 [ 588.356096][ T5721] usb 4-1: config 0 has no interface number 0 [ 588.368590][ T5721] usb 4-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 588.385609][ T5721] usb 4-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 588.397517][ T5721] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 588.409609][ T5721] usb 4-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 588.420547][ T5721] usb 4-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 588.432975][ T5721] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 588.443373][ T991] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 588.472668][ T5721] usb 4-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 588.490867][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1399'. [ 588.530906][ T5721] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 26159, setting to 1024 [ 588.546249][ T991] usb 7-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 588.572048][ T5721] usb 4-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 588.589730][ T991] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.646738][ T991] usb 7-1: Product: syz [ 588.661103][ T5721] usb 4-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 588.679575][ T991] usb 7-1: Manufacturer: syz [ 588.701174][ T991] usb 7-1: SerialNumber: syz [ 588.725909][ T5762] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 588.815835][ T5721] usb 4-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 588.928136][ T5721] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.973554][ T991] usb 7-1: config 0 descriptor?? [ 589.041833][ T5721] usb 4-1: Product: syz [ 589.117086][ T5721] usb 4-1: Manufacturer: syz [ 589.200218][ T5721] usb 4-1: SerialNumber: syz [ 589.310679][ T991] ims_pcu 7-1:0.0: Missing CDC union descriptor [ 589.413150][ T991] ims_pcu 7-1:0.0: probe with driver ims_pcu failed with error -22 [ 589.488309][ T5721] usb 4-1: config 0 descriptor?? [ 589.591446][T11397] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 589.697213][T11397] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 589.705236][ T991] usb 7-1: USB disconnect, device number 13 [ 589.728033][ T5721] usb 4-1: will this work? Response EP is not usually 3 [ 589.759406][ T5721] usb 4-1: will this work? Image data EP is not usually 2 [ 589.776094][ T5721] scsi host1: microtekX6 [ 589.802847][ T4983] Dev loop9: unable to read RDB block 7 [ 589.817684][ T4983] loop9: unable to read partition table [ 589.819131][ T29] audit: type=1400 audit(1780557843.261:1250): avc: denied { mounton } for pid=11405 comm="syz.1.1406" path="/file0" dev="ramfs" ino=41492 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 589.824184][ T4983] loop9: partition table beyond EOD, truncated [ 589.910529][ T5762] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 589.953486][ T5762] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 589.972027][T11406] 9p: Bad value for 'wfdno' [ 590.008541][ T5762] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 590.077480][ T5762] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 590.092005][ T5762] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.355620][ T5762] usb 5-1: config 0 descriptor?? [ 590.457567][ T10] usb 4-1: USB disconnect, device number 44 [ 591.667897][ T5762] plantronics 0003:047F:FFFF.000D: reserved main item tag 0xd [ 592.727517][ T5762] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 592.798255][ T29] audit: type=1400 audit(1780557845.983:1251): avc: denied { listen } for pid=11425 comm="syz.3.1410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 593.163854][ T991] usb 5-1: USB disconnect, device number 24 [ 593.174044][T11423] gtp0: entered allmulticast mode [ 593.331969][ T5762] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 593.958917][ T5762] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 593.989682][T11442] lo speed is unknown, defaulting to 1000 [ 594.037637][ T5762] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 62463, setting to 1024 [ 594.077807][ T5762] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 594.141399][ T5762] usb 7-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 594.211179][ T5762] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.219257][ T5762] usb 7-1: Product: syz [ 594.225470][ T5762] usb 7-1: Manufacturer: syz [ 594.230220][ T5762] usb 7-1: SerialNumber: syz [ 594.245013][ T5762] usb 7-1: config 0 descriptor?? [ 594.264389][T11427] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 594.328536][T11427] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 595.947524][ T5762] dm9601 7-1:0.0: probe with driver dm9601 failed with error -71 [ 596.426535][ T5762] usb 7-1: USB disconnect, device number 14 [ 596.456805][ T5850] udevd[5850]: setting mode of /dev/bus/usb/007/014 to 020664 failed: No such file or directory [ 596.545675][ T5850] udevd[5850]: setting owner of /dev/bus/usb/007/014 to uid=0, gid=0 failed: No such file or directory [ 597.973265][ T29] audit: type=1400 audit(1780557850.671:1252): avc: denied { firmware_load } for pid=11475 comm="syz.3.1423" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 598.133882][T11464] input: syz0 as /devices/virtual/input/input28 [ 598.275814][ T29] audit: type=1400 audit(1780557851.031:1253): avc: denied { execute_no_trans } for pid=11480 comm="syz.1.1424" path="/285/file1" dev="tmpfs" ino=1517 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 598.673507][T11479] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.1422'. [ 599.547542][T11496] lo speed is unknown, defaulting to 1000 [ 602.580271][T11395] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 602.588431][ T5634] Bluetooth: hci5: command 0x1003 tx timeout [ 602.771226][T11522] 9p: Bad value for 'wfdno' [ 602.846892][ T29] audit: type=1326 audit(1780557855.284:1254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11523 comm="syz.3.1437" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=39 compat=0 ip=0x7ff7d3196bd7 code=0x0 [ 603.065092][ T5762] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 603.075558][ T1712] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 603.248555][ T1712] usb 5-1: Using ep0 maxpacket: 8 [ 603.677905][ T5762] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 603.686895][ T1712] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 1536, setting to 64 [ 603.698250][ T5762] usb 1-1: config 0 has no interface number 0 [ 603.704791][ T5762] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.715784][ T1712] usb 5-1: config 1 interface 0 altsetting 2 endpoint 0x2 has invalid maxpacket 5847, setting to 64 [ 603.726937][ T5762] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 603.736985][ T1712] usb 5-1: config 1 interface 0 has no altsetting 0 [ 603.758719][ T5762] usb 1-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18 [ 603.772313][ T1712] usb 5-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 603.785474][ T1712] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.793727][ T5762] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.803218][ T1712] usb 5-1: Product: syz [ 603.808265][ T1712] usb 5-1: Manufacturer: syz [ 603.813558][ T5762] usb 1-1: config 0 descriptor?? [ 603.823711][ T1712] usb 5-1: SerialNumber: syz [ 603.858739][ T1712] snd_usb_toneport 5-1:1.0: Line 6 TonePort UX2 found [ 604.291318][ T5762] input: HID 04d9:a055 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:04D9:A055.000E/input/input29 [ 604.350963][ T1712] snd_usb_toneport 5-1:1.0: Line 6 TonePort UX2 now disconnected [ 604.384570][ T1712] snd_usb_toneport 5-1:1.0: probe with driver snd_usb_toneport failed with error -22 [ 604.672785][ T86] usb 5-1: USB disconnect, device number 25 [ 604.976512][ T5762] holtek_kbd 0003:04D9:A055.000E: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.0-1/input1 [ 605.046430][ T5762] usb 1-1: USB disconnect, device number 36 [ 605.114921][T11553] fido_id[11553]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 606.452984][ T29] audit: type=1400 audit(1780557858.615:1255): avc: denied { read } for pid=11564 comm="syz.4.1448" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 606.477858][T11565] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1448'. [ 606.497648][ T29] audit: type=1400 audit(1780557858.615:1256): avc: denied { open } for pid=11564 comm="syz.4.1448" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 606.584343][ T29] audit: type=1400 audit(1780557858.634:1257): avc: denied { ioctl } for pid=11564 comm="syz.4.1448" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 607.523336][ T29] audit: type=1400 audit(1780557859.519:1258): avc: denied { create } for pid=11579 comm="syz.1.1453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 607.970370][ T29] audit: type=1400 audit(1780557859.529:1259): avc: denied { write } for pid=11579 comm="syz.1.1453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 608.729905][T11395] Bluetooth: hci4: unexpected event for opcode 0x040d [ 608.802619][ T29] audit: type=1400 audit(1780557860.783:1260): avc: denied { setattr } for pid=11601 comm="syz.6.1458" name="sockstat6" dev="proc" ino=4026533763 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 608.894217][ T29] audit: type=1400 audit(1780557860.793:1261): avc: denied { ioctl } for pid=11601 comm="syz.6.1458" path="socket:[41977]" dev="sockfs" ino=41977 ioctlcmd=0x941f scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 608.977272][ T29] audit: type=1400 audit(1780557860.940:1262): avc: denied { read } for pid=11601 comm="syz.6.1458" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 608.992836][T11395] Bluetooth: hci5: command 0x1003 tx timeout [ 609.001822][ T5634] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 613.089267][ T29] audit: type=1400 audit(1780557864.650:1263): avc: denied { bind } for pid=11635 comm="syz.3.1470" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 613.643497][ T29] audit: type=1400 audit(1780557864.650:1264): avc: denied { name_bind } for pid=11635 comm="syz.3.1470" src=28196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 613.748205][ T29] audit: type=1400 audit(1780557864.650:1265): avc: denied { node_bind } for pid=11635 comm="syz.3.1470" src=28196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 613.841723][ T29] audit: type=1400 audit(1780557864.650:1266): avc: denied { setopt } for pid=11635 comm="syz.3.1470" lport=28196 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 613.998533][T11645] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 614.008941][T11645] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 614.017703][T11645] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 615.729204][ T5762] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 615.963585][ T29] audit: type=1400 audit(1780557867.381:1267): avc: denied { read } for pid=11655 comm="syz.4.1474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 616.011208][ T5762] usb 1-1: unable to get BOS descriptor or descriptor too short [ 616.073867][ T5762] usb 1-1: config 1 interface 0 has no altsetting 0 [ 616.121830][ T5762] usb 1-1: string descriptor 0 read error: -22 [ 616.132831][ T5762] usb 1-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.40 [ 616.145924][ T5762] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 616.627076][T11665] pim6reg: entered allmulticast mode [ 616.742162][ T991] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 616.769234][T11665] team0: entered allmulticast mode [ 616.774660][T11665] team_slave_0: entered allmulticast mode [ 616.780570][T11665] team_slave_1: entered allmulticast mode [ 616.812335][T11665] team0: left allmulticast mode [ 616.817432][T11665] team_slave_0: left allmulticast mode [ 616.822948][T11665] team_slave_1: left allmulticast mode [ 616.829471][T11665] pim6reg: left allmulticast mode [ 616.910148][T11651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 616.926133][T11651] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 616.964595][T11651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 617.038740][T11651] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 617.109242][T11651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 617.127009][ T991] usb 7-1: Using ep0 maxpacket: 32 [ 617.155998][T11651] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 617.164060][ T991] usb 7-1: config 0 has an invalid interface number: 146 but max is 0 [ 617.561528][ T991] usb 7-1: config 0 has no interface number 0 [ 617.567816][ T991] usb 7-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 617.583427][ T991] usb 7-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 617.595613][ T991] usb 7-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 617.597241][T11669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1478'. [ 617.607291][ T991] usb 7-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 617.628739][ T991] usb 7-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 617.670686][ T991] usb 7-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 617.700899][ T991] usb 7-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 617.723309][T11669] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1478'. [ 617.733635][ T991] usb 7-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 26159, setting to 1024 [ 617.757200][ T991] usb 7-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 617.789238][ T991] usb 7-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 617.818386][ T991] usb 7-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 617.836145][ T991] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.855204][ T991] usb 7-1: Product: syz [ 617.866156][ T991] usb 7-1: Manufacturer: syz [ 617.877137][ T991] usb 7-1: SerialNumber: syz [ 617.889591][ T991] usb 7-1: config 0 descriptor?? [ 617.908171][ T5762] usbhid 1-1:1.0: can't add hid device: -71 [ 617.919631][T11662] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 617.929151][ T5762] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 617.955614][T11662] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 617.974785][ T991] usb 7-1: will this work? Response EP is not usually 3 [ 617.977047][ T5762] usb 1-1: USB disconnect, device number 37 [ 618.027070][ T991] usb 7-1: will this work? Image data EP is not usually 2 [ 618.059267][ T991] scsi host1: microtekX6 [ 618.198199][ T804] usb 7-1: USB disconnect, device number 15 [ 618.204706][ T2519] usb 7-1: error -19 submitting URB [ 618.343192][ T29] audit: type=1400 audit(1780557869.577:1268): avc: denied { bind } for pid=11676 comm="syz.4.1480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 618.467000][T11683] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 618.586092][T11677] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1480'. [ 618.597530][T11683] CIFS mount error: No usable UNC path provided in device string! [ 618.597530][T11683] [ 618.726468][T11683] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 618.767269][ T29] audit: type=1326 audit(1780557869.974:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11686 comm="syz.0.1482" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff2e9d9ce59 code=0x0 [ 618.822370][ T991] usb 4-1: new full-speed USB device number 45 using dummy_hcd [ 618.864452][ T29] audit: type=1326 audit(1780557870.020:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11686 comm="syz.0.1482" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff2e9d9ce59 code=0x0 [ 618.997042][ T991] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 619.015164][ T991] usb 4-1: config 0 has no interface number 0 [ 619.031563][ T991] usb 4-1: config 0 interface 8 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 619.062528][ T991] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 619.085043][ T991] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 619.106006][ T991] usb 4-1: Product: syz [ 619.115315][ T991] usb 4-1: SerialNumber: syz [ 619.144361][ T991] usb 4-1: config 0 descriptor?? [ 619.166058][ T991] usbhid 4-1:0.8: couldn't find an input interrupt endpoint [ 619.256088][ T804] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 619.402358][ T991] usb 4-1: USB disconnect, device number 45 [ 619.429268][ T804] usb 7-1: Using ep0 maxpacket: 16 [ 619.443187][ T804] usb 7-1: config 0 has an invalid interface number: 66 but max is 0 [ 619.466200][ T804] usb 7-1: config 0 has no interface number 0 [ 619.486220][ T804] usb 7-1: config 0 interface 66 has no altsetting 0 [ 619.512988][ T804] usb 7-1: New USB device found, idVendor=13d8, idProduct=0022, bcdDevice=eb.aa [ 619.533183][ T804] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 619.561270][ T804] usb 7-1: Product: syz [ 619.576065][ T804] usb 7-1: Manufacturer: syz [ 619.619498][T11699] FAULT_INJECTION: forcing a failure. [ 619.619498][T11699] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 619.632837][T11699] CPU: 0 UID: 0 PID: 11699 Comm: syz.4.1487 Tainted: G L syzkaller #0 PREEMPT(full) [ 619.632857][T11699] Tainted: [L]=SOFTLOCKUP [ 619.632861][T11699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 619.632868][T11699] Call Trace: [ 619.632872][T11699] [ 619.632877][T11699] dump_stack_lvl+0x100/0x190 [ 619.632896][T11699] should_fail_ex.cold+0x5/0xa [ 619.632910][T11699] ? prepare_alloc_pages+0x16d/0x5f0 [ 619.632926][T11699] should_fail_alloc_page+0xeb/0x140 [ 619.632939][T11699] prepare_alloc_pages+0x1f0/0x5f0 [ 619.632955][T11699] ? kernel_text_address+0x8d/0x100 [ 619.632972][T11699] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 619.632995][T11699] ? copy_splice_read+0x1a3/0xb90 [ 619.633010][T11699] ? stack_trace_save+0x8e/0xc0 [ 619.633022][T11699] ? __pfx_stack_trace_save+0x10/0x10 [ 619.633033][T11699] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 619.633053][T11699] ? copy_splice_read+0x1a3/0xb90 [ 619.633066][T11699] ? kasan_save_stack+0x3f/0x50 [ 619.633076][T11699] ? kasan_save_stack+0x30/0x50 [ 619.633086][T11699] ? kasan_save_track+0x14/0x30 [ 619.633096][T11699] ? __kasan_kmalloc+0xaa/0xb0 [ 619.633105][T11699] ? __kmalloc_noprof+0x301/0x850 [ 619.633121][T11699] ? copy_splice_read+0x1a3/0xb90 [ 619.633136][T11699] ? do_syscall_64+0x115/0x870 [ 619.633151][T11699] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.633171][T11699] alloc_pages_bulk_noprof+0x649/0x1360 [ 619.633194][T11699] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 619.633216][T11699] ? __kmalloc_noprof+0x320/0x850 [ 619.633235][T11699] copy_splice_read+0x1e1/0xb90 [ 619.633254][T11699] ? __pfx_copy_splice_read+0x10/0x10 [ 619.633270][T11699] ? look_up_lock_class+0x55/0x120 [ 619.633287][T11699] ? lockdep_init_map_type+0x5c/0x250 [ 619.633303][T11699] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 619.633318][T11699] ? __pfx_copy_splice_read+0x10/0x10 [ 619.633332][T11699] do_splice_read+0x285/0x370 [ 619.633349][T11699] splice_direct_to_actor+0x2a1/0xa30 [ 619.633365][T11699] ? __pfx_direct_splice_actor+0x10/0x10 [ 619.633383][T11699] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 619.633402][T11699] do_splice_direct+0x174/0x240 [ 619.633424][T11699] ? __pfx_do_splice_direct+0x10/0x10 [ 619.633439][T11699] ? avc_policy_seqno+0x9/0x20 [ 619.633456][T11699] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 619.633471][T11699] ? bpf_lsm_file_permission+0x9/0x10 [ 619.633488][T11699] ? security_file_permission+0x76/0x210 [ 619.633506][T11699] ? rw_verify_area+0xce/0x6d0 [ 619.633518][T11699] do_sendfile+0xadc/0xe20 [ 619.633533][T11699] ? __pfx_do_sendfile+0x10/0x10 [ 619.633549][T11699] ? __fget_files+0x21f/0x3d0 [ 619.633567][T11699] __x64_sys_sendfile64+0x1d8/0x220 [ 619.633581][T11699] ? ksys_write+0x1ac/0x250 [ 619.633593][T11699] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 619.633609][T11699] ? rcu_is_watching+0x12/0xc0 [ 619.633628][T11699] do_syscall_64+0x115/0x870 [ 619.633641][T11699] ? clear_bhb_loop+0x40/0x90 [ 619.633655][T11699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.633666][T11699] RIP: 0033:0x7f287f39ce59 [ 619.633677][T11699] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 619.633688][T11699] RSP: 002b:00007f288026e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 619.633700][T11699] RAX: ffffffffffffffda RBX: 00007f287f615fa0 RCX: 00007f287f39ce59 [ 619.633707][T11699] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000008 [ 619.633714][T11699] RBP: 00007f288026e090 R08: 0000000000000000 R09: 0000000000000000 [ 619.633720][T11699] R10: 0400000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 619.633727][T11699] R13: 00007f287f616038 R14: 00007f287f615fa0 R15: 00007ffee2c80e98 [ 619.633743][T11699] [ 620.007122][ T804] usb 7-1: SerialNumber: syz [ 620.015464][ T804] usb 7-1: config 0 descriptor?? [ 620.261686][T11689] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1483'. [ 620.373320][T11704] SELinux: security_context_str_to_sid (5ýÆÉ] ÖS9q#“ë) failed with errno=-22 [ 621.418845][T11713] can: request_module (can-proto-0) failed. [ 621.497539][ T804] usb 7-1: selecting invalid altsetting 3 [ 621.520791][ T804] comedi comedi5: could not set alternate setting 3 in high speed [ 621.545415][ T804] usbduxsigma 7-1:0.66: driver 'usbduxsigma' failed to auto-configure device. [ 621.617027][ T804] usbduxsigma 7-1:0.66: probe with driver usbduxsigma failed with error -22 [ 621.648078][ T804] usb 7-1: USB disconnect, device number 16 [ 623.265830][ T5762] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 623.443929][ T5762] usb 4-1: Using ep0 maxpacket: 32 [ 623.459714][ T5762] usb 4-1: config 0 has an invalid interface number: 146 but max is 0 [ 623.487316][ T5762] usb 4-1: config 0 has no interface number 0 [ 623.502938][ T5762] usb 4-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 623.531087][ T5762] usb 4-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 623.569274][ T5762] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 623.611325][ T5762] usb 4-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 623.649595][ T5762] usb 4-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 623.683717][ T5762] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 623.709275][ T5762] usb 4-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 623.740587][ T5762] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 26159, setting to 1024 [ 623.772034][ T5762] usb 4-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 623.809028][ T5762] usb 4-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 623.860511][ T5762] usb 4-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 623.885277][ T5762] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.904726][ T5762] usb 4-1: Product: syz [ 623.914646][ T5762] usb 4-1: Manufacturer: syz [ 623.937569][ T5762] usb 4-1: SerialNumber: syz [ 623.955665][ T5762] usb 4-1: config 0 descriptor?? [ 623.975654][T11723] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 623.995903][T11723] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 624.026350][ T5762] usb 4-1: will this work? Response EP is not usually 3 [ 624.050904][ T5762] usb 4-1: will this work? Image data EP is not usually 2 [ 624.075067][ T5762] scsi host1: microtekX6 [ 624.176651][ T804] usb 7-1: new full-speed USB device number 17 using dummy_hcd [ 624.263684][ T1712] usb 4-1: USB disconnect, device number 46 [ 624.372879][ T804] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 624.397492][ T804] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 624.412792][ T804] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 624.426508][ T804] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 624.461069][ T804] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 624.492245][ T804] usb 7-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 624.509267][ T804] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 624.536925][ T804] usb 7-1: Product: syz [ 624.541542][ T804] usb 7-1: Manufacturer: syz [ 624.551487][ T804] usb 7-1: SerialNumber: syz [ 624.570007][ T804] usb 7-1: config 0 descriptor?? [ 624.803863][ T804] radio-si470x 7-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 624.821445][ T804] radio-si470x 7-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 625.140631][ T991] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 625.858951][ T804] radio-si470x 7-1:0.0: si470x_get_report: usb_control_msg returned -110 [ 625.867856][ T804] radio-si470x 7-1:0.0: si470x_get_scratch: si470x_get_report returned -110 [ 625.876890][ T804] radio-si470x 7-1:0.0: probe with driver radio-si470x failed with error -5 [ 625.976797][ T991] usb 1-1: Using ep0 maxpacket: 32 [ 626.285193][ T991] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 626.298194][ T991] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 626.326573][ T991] usb 1-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 626.336823][ T991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 626.361407][ T5721] usb 7-1: USB disconnect, device number 17 [ 626.381449][ T991] usb 1-1: Product: syz [ 626.399936][ T991] usb 1-1: Manufacturer: syz [ 626.421531][ T991] usb 1-1: SerialNumber: syz [ 626.457774][ T991] usb 1-1: config 0 descriptor?? [ 626.926239][ T29] audit: type=1400 audit(1780557877.503:1271): avc: denied { ioctl } for pid=11755 comm="syz.4.1498" path="socket:[43416]" dev="sockfs" ino=43416 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 628.262047][ T804] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 628.500771][T11773] ksmbd: Unknown IPC event: 4, ignore. [ 628.712082][ T804] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 628.751275][ T804] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 628.793037][ T804] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 628.849487][ T804] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 628.894662][ T804] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.956533][ T804] usb 2-1: config 0 descriptor?? [ 629.950287][ T804] plantronics 0003:047F:FFFF.000F: reserved main item tag 0xd [ 630.232292][ T804] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 632.427066][T11794] fuse: Unknown parameter 'ÿÿÿÿÿÿÿÿ0x000000000000000d' [ 632.737877][ T1712] usb 1-1: USB disconnect, device number 38 [ 632.764881][ T804] usb 2-1: USB disconnect, device number 24 [ 633.265607][T11798] sch_fq: defrate 0 ignored. [ 634.450535][ T29] audit: type=1400 audit(1780557883.952:1272): avc: denied { create } for pid=11804 comm="syz.6.1518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 634.477542][ T29] audit: type=1400 audit(1780557884.414:1273): avc: denied { setopt } for pid=11804 comm="syz.6.1518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 634.529190][ T804] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 634.701309][ T804] usb 2-1: Using ep0 maxpacket: 16 [ 634.721059][ T804] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 634.830618][T11816] random: crng reseeded on system resumption [ 634.951895][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 634.990566][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 635.188986][ T29] audit: type=1400 audit(1780557884.792:1274): avc: denied { write } for pid=11806 comm="syz.0.1517" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 635.212622][ T804] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 635.223721][ T804] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 635.243302][ T29] audit: type=1400 audit(1780557884.792:1275): avc: denied { open } for pid=11806 comm="syz.0.1517" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 635.309040][ T804] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 635.371634][ T804] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 635.446091][ T804] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 635.556785][ T804] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 635.584955][ T804] usb 2-1: Manufacturer: syz [ 635.816461][T11827] lo speed is unknown, defaulting to 1000 [ 636.100712][T11829] cgroup: Name too long [ 636.137586][ T804] usb 2-1: config 0 descriptor?? [ 636.152410][ T1712] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 636.370422][ T1712] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 636.392383][ T1712] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 636.403160][ T1712] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 636.437745][ T1712] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.589941][ T1712] usb 1-1: config 0 descriptor?? [ 636.740644][T11837] ISOFS: Unable to identify CD-ROM format. [ 637.174062][ T804] rc_core: IR keymap rc-hauppauge not found [ 637.193777][ T804] Registered IR keymap rc-empty [ 637.203662][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 637.239851][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 637.292798][ T804] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 637.330003][ T804] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input31 [ 637.374213][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 637.463325][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 637.471078][ T1712] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0 [ 637.483746][ T1712] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0 [ 637.495038][ T1712] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0 [ 637.516934][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 637.529025][ T1712] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0 [ 637.544142][ T1712] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0 [ 637.565502][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 637.573574][ T1712] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0 [ 637.597571][ T1712] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0 [ 637.617055][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 637.644460][ T1712] cp2112 0003:10C4:EA90.0010: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 637.738798][T11847] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1526'. [ 637.854298][ T5721] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 638.170329][ T5721] usb 7-1: New USB device found, idVendor=0763, idProduct=0150, bcdDevice= 0.40 [ 638.195181][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 638.229686][ T5721] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.234413][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 638.246980][ T5721] usb 7-1: Product: syz [ 638.257198][ T5721] usb 7-1: Manufacturer: syz [ 638.266547][ T5721] usb 7-1: SerialNumber: syz [ 638.279358][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 638.298333][ T1712] cp2112 0003:10C4:EA90.0010: error requesting version [ 638.322240][ T1712] cp2112 0003:10C4:EA90.0010: probe with driver cp2112 failed with error -5 [ 638.335828][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 638.387457][ T804] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 638.431859][ T804] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 638.451351][ T804] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 638.478582][ T804] usb 2-1: USB disconnect, device number 25 [ 638.639147][ T5721] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 638.661718][ T5721] usb 7-1: MIDIStreaming interface descriptor not found [ 638.746021][ T5721] usb 7-1: USB disconnect, device number 18 [ 638.773665][ T29] audit: type=1400 audit(1780557888.428:1276): avc: denied { getopt } for pid=11850 comm="syz.3.1528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 638.858733][ T5865] udevd[5865]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 638.996038][T11857] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1530'. [ 639.279267][T11857] hsr_slave_1 (unregistering): left promiscuous mode [ 639.371366][ T86] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 639.412477][T11867] loop4: detected capacity change from 0 to 2640 [ 639.429991][ T5850] buffer_io_error: 10 callbacks suppressed [ 639.430008][ T5850] Buffer I/O error on dev loop4, logical block 0, async page read [ 639.446938][ T5721] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 639.447132][T11867] Buffer I/O error on dev loop4, logical block 0, async page read [ 639.474721][ T5850] Buffer I/O error on dev loop4, logical block 0, async page read [ 639.483851][ T5850] Buffer I/O error on dev loop4, logical block 0, async page read [ 639.569691][T11867] support for cryptoloop has been removed. Use dm-crypt instead. [ 639.587916][ T86] usb 4-1: Using ep0 maxpacket: 32 [ 639.591234][ T5850] Buffer I/O error on dev loop4, logical block 0, async page read [ 639.617477][ T86] usb 4-1: config 1 has an invalid interface number: 70 but max is 0 [ 639.618887][ T5850] Buffer I/O error on dev loop4, logical block 0, async page read [ 639.656125][ T86] usb 4-1: config 1 has no interface number 0 [ 639.667863][ T5721] usb 2-1: Using ep0 maxpacket: 16 [ 639.681729][ T5721] usb 2-1: config 0 has an invalid interface number: 246 but max is 0 [ 639.696293][ T86] usb 4-1: New USB device found, idVendor=0bfd, idProduct=010d, bcdDevice=7e.f9 [ 639.709168][ T5721] usb 2-1: config 0 has no interface number 0 [ 639.724997][ T86] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.741617][ T5721] usb 2-1: config 0 interface 246 altsetting 255 endpoint 0xB has invalid maxpacket 1023, setting to 64 [ 639.767504][ T86] usb 4-1: Product: syz [ 639.882962][ T5721] usb 2-1: config 0 interface 246 has no altsetting 0 [ 639.891994][ T86] usb 4-1: Manufacturer: syz [ 640.503524][ T86] usb 4-1: SerialNumber: syz [ 640.885209][ T5721] usb 2-1: New USB device found, idVendor=0424, idProduct=cf30, bcdDevice=35.27 [ 640.944604][ T804] usb 1-1: USB disconnect, device number 39 [ 640.990455][ T5721] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.031615][ T5721] usb 2-1: Product: syz [ 641.056611][ T5721] usb 2-1: Manufacturer: syz [ 641.082248][ T5721] usb 2-1: SerialNumber: syz [ 641.126470][ T5721] usb 2-1: config 0 descriptor?? [ 641.215826][ T86] kvaser_usb 4-1:1.70: error -ENODEV: Cannot get usb endpoint(s) [ 641.251042][T11876] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1535'. [ 641.286376][ T86] usb 4-1: USB disconnect, device number 47 [ 641.324746][T11880] ubi16: attaching mtd0 [ 641.545833][T11857] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1530'. [ 641.577961][T11880] ubi16: scanning is finished [ 641.599840][T11857] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1530'. [ 641.632017][T11880] ubi16: empty MTD device detected [ 641.723757][T11876] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1535'. [ 641.734770][ T5721] usb 2-1: USB disconnect, device number 26 [ 641.903901][T11888] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1538'. [ 641.926550][T11888] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1538'. [ 642.202746][T11895] FAULT_INJECTION: forcing a failure. [ 642.202746][T11895] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 642.346424][T11895] CPU: 0 UID: 0 PID: 11895 Comm: syz.4.1540 Tainted: G L syzkaller #0 PREEMPT(full) [ 642.346458][T11895] Tainted: [L]=SOFTLOCKUP [ 642.346466][T11895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 642.346478][T11895] Call Trace: [ 642.346485][T11895] [ 642.346492][T11895] dump_stack_lvl+0x100/0x190 [ 642.346525][T11895] should_fail_ex.cold+0x5/0xa [ 642.346555][T11895] _copy_from_user+0x2e/0xd0 [ 642.346582][T11895] video_usercopy+0xe74/0x1700 [ 642.346612][T11895] ? __pfx___video_do_ioctl+0x10/0x10 [ 642.346640][T11895] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 642.346674][T11895] ? __pfx_video_usercopy+0x10/0x10 [ 642.346722][T11895] v4l2_ioctl+0x1bd/0x250 [ 642.346749][T11895] ? __pfx_v4l2_ioctl+0x10/0x10 [ 642.346778][T11895] __x64_sys_ioctl+0x18e/0x210 [ 642.346803][T11895] do_syscall_64+0x115/0x870 [ 642.346828][T11895] ? clear_bhb_loop+0x40/0x90 [ 642.346855][T11895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.346876][T11895] RIP: 0033:0x7f287f39ce59 [ 642.346894][T11895] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 642.346913][T11895] RSP: 002b:00007f288026e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 642.346934][T11895] RAX: ffffffffffffffda RBX: 00007f287f615fa0 RCX: 00007f287f39ce59 [ 642.346953][T11895] RDX: 0000200000000300 RSI: 00000000c100565c RDI: 0000000000000003 [ 642.346966][T11895] RBP: 00007f288026e090 R08: 0000000000000000 R09: 0000000000000000 [ 642.346978][T11895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 642.346990][T11895] R13: 00007f287f616038 R14: 00007f287f615fa0 R15: 00007ffee2c80e98 [ 642.347021][T11895] [ 642.630722][ T29] audit: type=1400 audit(1780557891.984:1277): avc: denied { block_suspend } for pid=11898 comm="syz.6.1534" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 642.659393][ T29] audit: type=1400 audit(1780557891.993:1278): avc: denied { mount } for pid=11898 comm="syz.6.1534" name="/" dev="autofs" ino=44334 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 643.442818][T11880] ubi16: attached mtd0 (name "mtdram test device", size 0 MiB) [ 643.500820][T11880] ubi16: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 643.547934][T11880] ubi16: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 643.588743][T11880] ubi16: VID header offset: 64 (aligned 64), data offset: 128 [ 644.204213][T11880] ubi16: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 644.298833][T11880] ubi16: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 644.389873][ T29] audit: type=1400 audit(1780557893.617:1279): avc: denied { unmount } for pid=8305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 644.420467][T11880] ubi16: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3011236871 [ 644.546656][T11880] ubi16: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 644.585832][T11913] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 644.740747][T11908] ubi16: background thread "ubi_bgt16d" started, PID 11908 [ 646.045123][ T63] Bluetooth: hci5: Frame reassembly failed (-84) [ 646.258641][ T29] audit: type=1400 audit(1780557895.343:1280): avc: denied { nosuid_transition } for pid=11935 comm="syz.1.1552" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1 [ 646.298448][ T29] audit: type=1400 audit(1780557895.343:1281): avc: denied { transition } for pid=11935 comm="syz.1.1552" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 646.395842][T11934] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1550'. [ 646.444659][T11944] nvme_fabrics: unknown parameter or missing value 'öÍÈx·ýG§06M„ÕLí 1ùæÞÙ\sëôEíGb' in ctrl creation request [ 646.477732][ T29] audit: type=1400 audit(1780557895.343:1282): avc: denied { entrypoint } for pid=11935 comm="syz.1.1552" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=170 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 646.513620][ T29] audit: type=1400 audit(1780557895.343:1283): avc: denied { share } for pid=11935 comm="syz.1.1552" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 646.543574][ T29] audit: type=1400 audit(1780557895.343:1284): avc: denied { noatsecure } for pid=11935 comm="syz.1.1552" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1 [ 646.583211][ T29] audit: type=1400 audit(1780557895.417:1285): avc: denied { bind } for pid=11919 comm="syz.0.1550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 646.837126][T11950] ubi: mtd0 is already attached to ubi16 [ 646.982873][ T29] audit: type=1326 audit(1780557895.546:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11942 comm="syz.3.1554" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff7d319ce59 code=0x0 [ 647.448841][T11960] 9p: Bad value for 'wfdno' [ 647.564154][ T804] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 647.596600][ T86] usb 7-1: new low-speed USB device number 19 using dummy_hcd [ 647.715791][ T991] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 647.726606][ T804] usb 1-1: Using ep0 maxpacket: 16 [ 647.761121][ T86] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 647.780770][ T86] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 647.793187][ T86] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 647.824273][ T86] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 647.838613][ T86] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 647.869609][T11956] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 647.888951][ T86] hub 7-1:1.0: bad descriptor, ignoring hub [ 647.904562][ T86] hub 7-1:1.0: probe with driver hub failed with error -5 [ 647.917907][ T991] usb 4-1: config 1 interface 0 altsetting 13 endpoint 0x2 has an invalid bInterval 32, changing to 9 [ 647.943877][ T991] usb 4-1: config 1 interface 0 has no altsetting 0 [ 647.952025][ T86] cdc_wdm 7-1:1.0: skipping garbage [ 647.957367][ T86] cdc_wdm 7-1:1.0: skipping garbage [ 647.972022][ T991] usb 4-1: string descriptor 0 read error: -22 [ 647.986817][ T991] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 648.000730][ T86] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 648.016153][ T991] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 648.019920][ T804] usb 1-1: unable to get BOS descriptor or descriptor too short [ 648.027909][ T86] cdc_wdm 7-1:1.0: Unknown control protocol [ 648.045576][ T804] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 648.063918][ T804] usb 1-1: can't read configurations, error -71 [ 648.214057][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 648.220980][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 648.227817][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 648.234437][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 648.241052][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 648.247654][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 648.254205][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 648.260824][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 648.267813][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 648.269048][T11395] Bluetooth: hci5: command 0x1003 tx timeout [ 648.274421][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 648.274813][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 648.274831][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 648.275020][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 648.275034][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 648.275220][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 648.275234][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 648.275419][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 648.275433][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 648.275618][ C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71 [ 648.275632][ C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes [ 648.286997][ T5634] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 648.416869][T11956] bridge_slave_0: left allmulticast mode [ 648.458015][T11956] bridge_slave_0: left promiscuous mode [ 648.476790][T11956] bridge0: port 1(bridge_slave_0) entered disabled state [ 648.540816][T11956] bridge_slave_1: left allmulticast mode [ 648.546543][T11956] bridge_slave_1: left promiscuous mode [ 648.553179][T11956] bridge0: port 2(bridge_slave_1) entered disabled state [ 648.583387][ T991] keytouch 0003:0926:3333.0011: fixing up Keytouch IEC report descriptor [ 648.640380][ T991] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/0003:0926:3333.0011/input/input32 [ 648.714310][T11956] bond0: (slave bond_slave_0): Releasing backup interface [ 648.916132][T11956] bond0: (slave bond_slave_1): Releasing backup interface [ 649.004415][T11956] team_slave_0: left allmulticast mode [ 649.093288][T11956] team0: Port device team_slave_0 removed [ 649.200062][T11956] team_slave_1: left allmulticast mode [ 649.350936][T11956] team0: Port device team_slave_1 removed [ 649.409955][T11956] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 649.458645][T11956] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 649.513592][ T991] keytouch 0003:0926:3333.0011: input,hidraw0: USB HID v0.05 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 649.594346][T11956] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 649.663682][T11956] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 649.723784][ T991] usb 4-1: USB disconnect, device number 48 [ 649.723887][T11967] team0: Mode changed to "activebackup" [ 649.868237][T11985] fido_id[11985]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 649.901005][T11983] lo speed is unknown, defaulting to 1000 [ 650.553989][ T29] audit: type=1400 audit(1780557899.301:1287): avc: denied { setopt } for pid=11994 comm="syz.4.1565" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 650.643935][ T991] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 650.841636][ T991] usb 4-1: unable to get BOS descriptor or descriptor too short [ 650.868995][ T991] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7 [ 650.897241][ T991] usb 4-1: New USB device found, idVendor=0582, idProduct=004c, bcdDevice= 0.40 [ 650.906966][T12000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 650.927641][ T991] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.945897][T12000] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 650.955245][ T991] usb 4-1: Product: syz [ 650.973896][ T991] usb 4-1: Manufacturer: syz [ 650.993904][ T991] usb 4-1: SerialNumber: syz [ 651.002875][ T5721] usb 7-1: USB disconnect, device number 19 [ 651.118889][ T804] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 651.266304][ T991] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 651.454450][T12006] : entered promiscuous mode [ 652.356945][ T804] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 652.527494][ T991] usb 4-1: parse_audio_format_rates_v2v3(): unable to retrieve sample rate range (clock 0) [ 652.723241][ T804] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 652.751598][ T804] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 652.815162][ T804] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 652.874566][ T804] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 652.905214][ T804] usb 5-1: Product: syz [ 652.929027][ T804] usb 5-1: Manufacturer: syz [ 652.947739][ T804] usb 5-1: SerialNumber: syz [ 652.962316][ T991] usb 4-1: USB disconnect, device number 49 [ 652.973780][ T804] usb 5-1: config 0 descriptor?? [ 652.987636][T11999] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 653.000294][T11999] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 653.103227][ T804] usb 5-1: ucan: probing device on interface #0 [ 653.203372][ T5850] udevd[5850]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 653.281962][ T804] usb 5-1: ucan: could not read protocol version, ret=-71 [ 653.308584][ T804] usb 5-1: ucan: probe failed; try to update the device firmware [ 653.378434][ T804] usb 5-1: USB disconnect, device number 26 [ 653.711985][T12026] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 653.721280][T12026] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 653.729688][T12026] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 654.803133][T12043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1578'. [ 656.734415][ T29] audit: type=1400 audit(1780557905.013:1288): avc: denied { bind } for pid=12069 comm="syz.6.1586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 656.809151][ T29] audit: type=1400 audit(1780557905.013:1289): avc: denied { write } for pid=12069 comm="syz.6.1586" name="ppp" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 656.903725][T12073] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 657.221172][T12076] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.1588'. [ 657.632693][T11395] Bluetooth: hci5: command 0x1003 tx timeout [ 657.644748][ T5634] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 657.785976][T12086] sg_write: data in/out 17181660/42 bytes for SCSI command 0x13-- guessing data in; [ 657.785976][T12086] program syz.3.1591 not setting count and/or reply_len properly [ 657.807198][T12084] netdevsim netdevsim6: loading /lib/firmware/. failed with error -22 [ 657.817294][T12084] netdevsim netdevsim6: Direct firmware load for . failed with error -22 [ 657.825894][T12084] netdevsim netdevsim6: Falling back to sysfs fallback for: . [ 657.898563][T12089] netlink: 'syz.4.1592': attribute type 3 has an invalid length. [ 658.167493][T12095] FAULT_INJECTION: forcing a failure. [ 658.167493][T12095] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 658.181414][T12095] CPU: 1 UID: 0 PID: 12095 Comm: syz.4.1593 Tainted: G L syzkaller #0 PREEMPT(full) [ 658.181448][T12095] Tainted: [L]=SOFTLOCKUP [ 658.181454][T12095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 658.181466][T12095] Call Trace: [ 658.181473][T12095] [ 658.181481][T12095] dump_stack_lvl+0x100/0x190 [ 658.181513][T12095] should_fail_ex.cold+0x5/0xa [ 658.181537][T12095] ? prepare_alloc_pages+0x16d/0x5f0 [ 658.181566][T12095] should_fail_alloc_page+0xeb/0x140 [ 658.181590][T12095] prepare_alloc_pages+0x1f0/0x5f0 [ 658.181619][T12095] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 658.181672][T12095] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 658.181724][T12095] ? __lock_acquire+0x4a5/0x2630 [ 658.181752][T12095] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 658.181780][T12095] ? policy_nodemask+0xed/0x4f0 [ 658.181807][T12095] alloc_pages_mpol+0x1fb/0x540 [ 658.181833][T12095] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 658.181858][T12095] ? filemap_get_read_batch+0x3fc/0xab0 [ 658.181904][T12095] folio_alloc_noprof+0x22/0x250 [ 658.181933][T12095] filemap_alloc_folio_noprof.part.0+0x377/0x450 [ 658.181965][T12095] ? __pfx_filemap_alloc_folio_noprof.part.0+0x10/0x10 [ 658.181995][T12095] ? page_cache_sync_ra+0x1bb/0xb00 [ 658.182031][T12095] filemap_get_pages+0x898/0x2030 [ 658.182069][T12095] ? __lock_acquire+0x4a5/0x2630 [ 658.182099][T12095] ? __pfx_filemap_get_pages+0x10/0x10 [ 658.182138][T12095] ? __pfx___might_resched+0x10/0x10 [ 658.182174][T12095] filemap_read+0x3b5/0x10a0 [ 658.182207][T12095] ? find_held_lock+0x2b/0x80 [ 658.182239][T12095] ? __pfx_filemap_read+0x10/0x10 [ 658.182294][T12095] ? stack_depot_save_flags+0x27/0x9d0 [ 658.182336][T12095] generic_file_read_iter+0x344/0x450 [ 658.182367][T12095] ? ima_file_check+0xc3/0x110 [ 658.182394][T12095] ? security_file_post_open+0xc4/0x210 [ 658.182428][T12095] __kernel_read+0x397/0xac0 [ 658.182454][T12095] ? __pfx___kernel_read+0x10/0x10 [ 658.182501][T12095] integrity_kernel_read+0x7e/0xb0 [ 658.182529][T12095] ? __pfx_integrity_kernel_read+0x10/0x10 [ 658.182559][T12095] ? kasan_save_track+0x14/0x30 [ 658.182582][T12095] ima_calc_file_hash_tfm+0x25e/0x350 [ 658.182617][T12095] ? __pfx_ima_calc_file_hash_tfm+0x10/0x10 [ 658.182687][T12095] ? generic_fillattr+0x6c9/0x940 [ 658.182717][T12095] ? ima_alloc_tfm+0x21a/0x2e0 [ 658.182753][T12095] ima_calc_file_hash+0x1e3/0x380 [ 658.182787][T12095] ima_collect_measurement+0x94f/0xb30 [ 658.182817][T12095] ? __pfx_ima_collect_measurement+0x10/0x10 [ 658.182860][T12095] ? process_measurement+0x5ab/0x2350 [ 658.182896][T12095] ? is_bad_inode+0xd/0x40 [ 658.182919][T12095] ? xattr_resolve_name+0x27d/0x3f0 [ 658.182952][T12095] ? vfs_getxattr_alloc+0xec/0x350 [ 658.182987][T12095] ? ima_get_hash_algo+0x22d/0x400 [ 658.183015][T12095] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 658.183050][T12095] ? process_measurement+0xdfe/0x2350 [ 658.183080][T12095] process_measurement+0xdfe/0x2350 [ 658.183120][T12095] ? avc_has_perm_noaudit+0x11e/0x3b0 [ 658.183144][T12095] ? __pfx_process_measurement+0x10/0x10 [ 658.183187][T12095] ? avc_has_perm+0x135/0x1e0 [ 658.183211][T12095] ? __pfx_avc_has_perm+0x10/0x10 [ 658.183264][T12095] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 658.183300][T12095] ima_file_check+0xc3/0x110 [ 658.183332][T12095] ? __pfx_ima_file_check+0x10/0x10 [ 658.183373][T12095] security_file_post_open+0xc4/0x210 [ 658.183404][T12095] path_openat+0x1418/0x31a0 [ 658.183442][T12095] ? __pfx_path_openat+0x10/0x10 [ 658.183480][T12095] do_file_open+0x20e/0x430 [ 658.183510][T12095] ? __pfx_do_file_open+0x10/0x10 [ 658.183562][T12095] ? alloc_fd+0x476/0x790 [ 658.183593][T12095] ? do_getname+0x191/0x390 [ 658.183627][T12095] do_sys_openat2+0x10d/0x1e0 [ 658.183658][T12095] ? __pfx_do_sys_openat2+0x10/0x10 [ 658.183686][T12095] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 658.183722][T12095] ? __fget_files+0x21f/0x3d0 [ 658.183754][T12095] __x64_sys_openat+0x12d/0x210 [ 658.183785][T12095] ? __pfx___x64_sys_openat+0x10/0x10 [ 658.183814][T12095] ? ksys_write+0x1ac/0x250 [ 658.183842][T12095] ? rcu_is_watching+0x12/0xc0 [ 658.183881][T12095] do_syscall_64+0x115/0x870 [ 658.183907][T12095] ? clear_bhb_loop+0x40/0x90 [ 658.183934][T12095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.183955][T12095] RIP: 0033:0x7f287f39ce59 [ 658.183973][T12095] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 658.183993][T12095] RSP: 002b:00007f288024d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 658.184013][T12095] RAX: ffffffffffffffda RBX: 00007f287f616090 RCX: 00007f287f39ce59 [ 658.184054][T12095] RDX: 00000000000c8a02 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 658.184068][T12095] RBP: 00007f288024d090 R08: 0000000000000000 R09: 0000000000000000 [ 658.184081][T12095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 658.184093][T12095] R13: 00007f287f616128 R14: 00007f287f616090 R15: 00007ffee2c80e98 [ 658.184125][T12095] [ 658.685525][ T991] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 658.865952][ T29] audit: type=1800 audit(1780557906.969:1290): pid=12095 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.1593" name="bus" dev="ramfs" ino=44819 res=0 errno=0 [ 658.961387][ T991] usb 4-1: config 2 has an invalid interface number: 101 but max is 0 [ 658.973026][ T991] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 658.983340][ T991] usb 4-1: config 2 has no interface number 0 [ 658.990224][ T991] usb 4-1: config 2 interface 101 has no altsetting 0 [ 658.999470][ T991] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 659.008554][ T991] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.016633][ T991] usb 4-1: Product: syz [ 659.021390][ T991] usb 4-1: Manufacturer: syz [ 659.026615][ T991] usb 4-1: SerialNumber: syz [ 659.098997][T12103] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1594'. [ 661.284687][ T86] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 661.286610][ T804] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 661.448984][ T86] usb 7-1: config 0 has an invalid interface number: 50 but max is 0 [ 661.469531][ T86] usb 7-1: config 0 has no interface number 0 [ 661.488812][ T86] usb 7-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 661.501431][ T804] usb 5-1: Using ep0 maxpacket: 32 [ 661.530199][ T86] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 661.547486][ T804] usb 5-1: config 0 has an invalid interface number: 146 but max is 0 [ 661.567453][ T86] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 661.593211][ T804] usb 5-1: config 0 has no interface number 0 [ 661.614200][ T804] usb 5-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 661.638616][ T86] usb 7-1: Product: syz [ 661.650482][ T991] usb 4-1: USB disconnect, device number 50 [ 661.669320][ T86] usb 7-1: Manufacturer: syz [ 661.694244][ T86] usb 7-1: SerialNumber: syz [ 661.694544][ T804] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 661.760479][ T804] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 661.787241][ T86] usb 7-1: config 0 descriptor?? [ 661.813031][ T804] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 661.848540][ T804] usb 5-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 661.884011][ T804] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 661.914818][ T804] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 661.951882][ T86] yurex 7-1:0.50: USB YUREX device now attached to Yurex #0 [ 661.963764][T12128] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 661.972026][T12128] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 661.980516][T12128] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 661.988918][ T804] usb 5-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 26159, setting to 1024 [ 662.053691][ T804] usb 5-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 662.107961][ T804] usb 5-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 662.179272][ T804] usb 5-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 662.216862][ T804] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.241803][ T804] usb 5-1: Product: syz [ 662.255496][ T804] usb 5-1: Manufacturer: syz [ 662.269918][ T804] usb 5-1: SerialNumber: syz [ 662.291570][ T804] usb 5-1: config 0 descriptor?? [ 662.328769][T12115] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 662.375545][T12115] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 662.426194][ T804] usb 5-1: will this work? Response EP is not usually 3 [ 662.445999][ T804] usb 5-1: will this work? Image data EP is not usually 2 [ 662.482081][ T804] scsi host1: microtekX6 [ 662.690425][ C1] usb 7-1: yurex_control_callback - control failed: -71 [ 662.695263][ T804] usb 5-1: USB disconnect, device number 27 [ 662.710009][ T86] usb 7-1: USB disconnect, device number 20 [ 662.742447][ T86] yurex 7-1:0.50: USB YUREX #0 now disconnected [ 662.871651][T12141] Unsupported ieee802154 address type: 0 [ 662.879205][ T29] audit: type=1400 audit(1780557910.669:1291): avc: denied { bind } for pid=12140 comm="syz.3.1607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 662.977293][ T29] audit: type=1400 audit(1780557910.761:1292): avc: denied { relabelfrom } for pid=12137 comm="syz.0.1606" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 663.013679][T12145] xt_hashlimit: size too large, truncated to 1048576 [ 663.036471][ T29] audit: type=1400 audit(1780557910.789:1293): avc: denied { relabelto } for pid=12137 comm="syz.0.1606" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 663.953338][T12156] xt_hashlimit: size too large, truncated to 1048576 [ 664.711495][T12160] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1612'. [ 664.861295][T12160] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1612'. [ 665.227366][T12171] netlink: 'syz.3.1615': attribute type 1 has an invalid length. [ 665.389817][T12176] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1616'. [ 665.555443][ T86] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 665.988714][T12178] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 665.996969][T12178] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 666.005930][T12178] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 666.086030][ T86] usb 4-1: Using ep0 maxpacket: 8 [ 666.102689][ T86] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 666.179386][ T86] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 666.232848][ T86] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 666.272508][ T86] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 666.309854][ T86] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 666.359505][ T86] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 666.397456][ T86] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 666.458796][ T86] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22 [ 666.940573][T12189] lo speed is unknown, defaulting to 1000 [ 667.255931][T12171] tipc: Enabling of bearer rejected, failed to enable media [ 667.340460][T12171] syzkaller0: entered promiscuous mode [ 667.362693][T12171] syzkaller0: entered allmulticast mode [ 667.621609][T12171] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 667.693724][T12198] netlink: 'syz.1.1623': attribute type 21 has an invalid length. [ 667.724625][T12198] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1623'. [ 667.803868][T12201] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1621'. [ 667.883717][T12200] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1623'. [ 667.919283][ T1712] usb 4-1: USB disconnect, device number 51 [ 669.100569][ T86] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 669.608694][T12220] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 669.616914][T12220] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 669.625460][T12220] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 669.651502][ T86] usb 7-1: Using ep0 maxpacket: 8 [ 669.661242][ T86] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 669.673261][ T86] usb 7-1: config 179 has no interface number 0 [ 669.697370][ T86] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 670.014379][ T86] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 670.048784][ T86] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 670.081688][ T86] usb 7-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 670.109748][ T86] usb 7-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 670.141279][ T86] usb 7-1: config 179 interface 65 has no altsetting 0 [ 670.157941][ T86] usb 7-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 670.179112][ T86] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 670.299317][ T86] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input33 [ 670.368497][ T4968] input input33: unable to receive magic message: -110 [ 670.424863][ T4968] input input33: unable to receive magic message: -32 [ 670.494722][ T4968] input input33: unable to receive magic message: -32 [ 670.556640][ T4968] input input33: unable to receive magic message: -32 [ 670.621998][ T4968] input input33: unable to receive magic message: -32 [ 670.745581][T12224] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.1631' sets config #0 [ 670.991021][T12207] lo speed is unknown, defaulting to 1000 [ 671.114620][T12233] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1628'. [ 671.510598][ T1712] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 671.690509][ T1712] usb 4-1: Using ep0 maxpacket: 32 [ 671.707083][ T1712] usb 4-1: config 0 has an invalid interface number: 146 but max is 0 [ 671.740244][ T1712] usb 4-1: config 0 has no interface number 0 [ 671.763389][ T1712] usb 4-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 671.793098][ T1712] usb 4-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 671.839021][ T1712] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 671.917007][ T1712] usb 4-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 671.949096][ T1712] usb 4-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 671.974329][ T1712] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 672.006853][ T1712] usb 4-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 672.035224][ T1712] usb 4-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 26159, setting to 1024 [ 672.057826][ T1712] usb 4-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 672.088828][ T1712] usb 4-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 672.125582][ T1712] usb 4-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 672.159416][ T1712] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 672.197146][ T1712] usb 4-1: Product: syz [ 672.225131][ T1712] usb 4-1: Manufacturer: syz [ 672.257949][ T1712] usb 4-1: SerialNumber: syz [ 672.289871][ T1712] usb 4-1: config 0 descriptor?? [ 672.314411][T12228] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 672.348146][T12228] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 672.364327][ T1712] usb 4-1: will this work? Response EP is not usually 3 [ 672.379712][ T1712] usb 4-1: will this work? Image data EP is not usually 2 [ 672.410302][ T1712] scsi host1: microtekX6 [ 672.602769][ T1712] usb 4-1: USB disconnect, device number 52 [ 672.612627][ T29] audit: type=1400 audit(1780557919.647:1294): avc: denied { getopt } for pid=12247 comm="syz.4.1638" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 672.979325][T12254] FAULT_INJECTION: forcing a failure. [ 672.979325][T12254] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 673.598056][T12254] CPU: 1 UID: 0 PID: 12254 Comm: syz.6.1639 Tainted: G L syzkaller #0 PREEMPT(full) [ 673.598087][T12254] Tainted: [L]=SOFTLOCKUP [ 673.598092][T12254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 673.598102][T12254] Call Trace: [ 673.598108][T12254] [ 673.598115][T12254] dump_stack_lvl+0x100/0x190 [ 673.598140][T12254] should_fail_ex.cold+0x5/0xa [ 673.598166][T12254] _copy_from_user+0x2e/0xd0 [ 673.598188][T12254] video_usercopy+0xe74/0x1700 [ 673.598213][T12254] ? __pfx___video_do_ioctl+0x10/0x10 [ 673.598235][T12254] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 673.598270][T12254] ? __pfx_video_usercopy+0x10/0x10 [ 673.598308][T12254] v4l2_ioctl+0x1bd/0x250 [ 673.598330][T12254] ? __pfx_v4l2_ioctl+0x10/0x10 [ 673.598353][T12254] __x64_sys_ioctl+0x18e/0x210 [ 673.598373][T12254] do_syscall_64+0x115/0x870 [ 673.598395][T12254] ? clear_bhb_loop+0x40/0x90 [ 673.598416][T12254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 673.598433][T12254] RIP: 0033:0x7efdc3d9ce59 [ 673.598447][T12254] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 673.598463][T12254] RSP: 002b:00007efdc4bc4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 673.598480][T12254] RAX: ffffffffffffffda RBX: 00007efdc4015fa0 RCX: 00007efdc3d9ce59 [ 673.598491][T12254] RDX: 0000200000000080 RSI: 00000000c0405665 RDI: 0000000000000003 [ 673.598501][T12254] RBP: 00007efdc4bc4090 R08: 0000000000000000 R09: 0000000000000000 [ 673.598511][T12254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 673.598521][T12254] R13: 00007efdc4016038 R14: 00007efdc4015fa0 R15: 00007ffccdbd3de8 [ 673.598546][T12254] [ 674.090148][T12259] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 674.098457][T12259] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 674.106976][T12259] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 674.139871][T12260] sock: sock_timestamping_bind_phc: sock not bind to device [ 674.775957][T12271] ISOFS: Unable to identify CD-ROM format. [ 675.789333][T12284] fuse: fd is not a fuse device [ 676.421439][T12305] syz_tun: entered allmulticast mode [ 676.554173][T12305] bond0: entered promiscuous mode [ 676.643052][T12307] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 676.651309][T12307] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 676.659820][T12307] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 676.992888][ T1712] IPVS: starting estimator thread 0... [ 677.244815][T12316] IPVS: using max 38 ests per chain, 91200 per kthread [ 677.815724][T12323] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59399 sclass=netlink_route_socket pid=12323 comm=syz.4.1662 [ 677.861455][T12327] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59399 sclass=netlink_route_socket pid=12327 comm=syz.4.1662 [ 677.958028][T12328] lo: entered allmulticast mode [ 679.037174][T12340] vlan2: entered promiscuous mode [ 679.043580][T12340] bridge0: entered promiscuous mode [ 679.051859][T12340] bridge0: port 1(vlan2) entered blocking state [ 679.063358][T12340] bridge0: port 1(vlan2) entered disabled state [ 679.076221][T12340] vlan2: entered allmulticast mode [ 679.081506][T12340] bridge0: entered allmulticast mode [ 679.097007][T12340] vlan2: left allmulticast mode [ 679.105886][T12340] bridge0: left allmulticast mode [ 679.156652][T10414] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 679.359544][T10414] usb 1-1: Using ep0 maxpacket: 32 [ 679.396998][T10414] usb 1-1: config 0 has an invalid interface number: 146 but max is 0 [ 679.418638][T10414] usb 1-1: config 0 has no interface number 0 [ 679.430405][T10414] usb 1-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 679.442583][T12350] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 679.450843][T12350] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 679.459283][T12350] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 679.492477][T10414] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 679.531414][T10414] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 679.569620][T10414] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 679.620223][T10414] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 679.667416][T10414] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 679.705987][T10414] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 679.742075][T10414] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 679.780389][T10414] usb 1-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 679.809710][T10414] usb 1-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 679.821029][T10414] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 679.840428][T10414] usb 1-1: Product: syz [ 679.849128][T10414] usb 1-1: Manufacturer: syz [ 679.858847][T10414] usb 1-1: SerialNumber: syz [ 679.910976][T10414] usb 1-1: config 0 descriptor?? [ 679.932540][T12364] bond0: entered promiscuous mode [ 679.942419][T12343] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 679.951984][T12364] bond_slave_0: entered promiscuous mode [ 679.963800][T10414] usb 1-1: can only deal with bulk endpoints; endpoint 1 is not bulk. [ 679.976607][T12364] bond_slave_1: entered promiscuous mode [ 679.984102][T10414] usb 1-1: couldn't find an output bulk endpoint. Bailing out. [ 680.009391][ T86] usb 7-1: USB disconnect, device number 21 [ 680.015437][ C1] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 680.080740][ T1712] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 680.259801][T10414] usb 1-1: USB disconnect, device number 42 [ 680.283227][ T1712] usb 4-1: Using ep0 maxpacket: 8 [ 680.326615][ T1712] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 680.371218][ T1712] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 680.427473][ T1712] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 680.956239][ T1712] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 680.972540][ T1712] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 680.981677][ T1712] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 681.157191][T12376] netlink: 'syz.1.1679': attribute type 1 has an invalid length. [ 681.248004][T12377] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1679'. [ 681.380937][ T1712] usb 4-1: GET_CAPABILITIES returned 0 [ 681.412795][ T1712] usbtmc 4-1:16.0: can't read capabilities [ 681.766428][T12385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 681.777396][T12385] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 682.054442][ T86] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 682.071506][ T29] audit: type=1400 audit(1780557928.385:1295): avc: denied { map } for pid=12383 comm="syz.0.1684" path="pipe:[45753]" dev="pipefs" ino=45753 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 682.128681][ T29] audit: type=1400 audit(1780557928.385:1296): avc: denied { execute } for pid=12383 comm="syz.0.1684" path="pipe:[45753]" dev="pipefs" ino=45753 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 682.286903][T12389] FAULT_INJECTION: forcing a failure. [ 682.286903][T12389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 682.346738][ T86] usb 5-1: unable to get BOS descriptor or descriptor too short [ 682.504631][ T86] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7 [ 682.651928][ T991] usb 4-1: USB disconnect, device number 53 [ 682.697199][ T86] usb 5-1: New USB device found, idVendor=0582, idProduct=004c, bcdDevice= 0.40 [ 682.815554][ T86] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.934667][ T86] usb 5-1: Product: syz [ 683.031625][ T86] usb 5-1: Manufacturer: syz [ 683.045975][T12389] CPU: 1 UID: 0 PID: 12389 Comm: syz.6.1683 Tainted: G L syzkaller #0 PREEMPT(full) [ 683.046006][T12389] Tainted: [L]=SOFTLOCKUP [ 683.046013][T12389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 683.046025][T12389] Call Trace: [ 683.046031][T12389] [ 683.046040][T12389] dump_stack_lvl+0x100/0x190 [ 683.046069][T12389] should_fail_ex.cold+0x5/0xa [ 683.046098][T12389] _copy_to_user+0x32/0xd0 [ 683.046127][T12389] simple_read_from_buffer+0xcb/0x170 [ 683.046156][T12389] proc_fail_nth_read+0x1af/0x230 [ 683.046180][T12389] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 683.046211][T12389] ? rw_verify_area+0xce/0x6d0 [ 683.046231][T12389] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 683.046254][T12389] vfs_read+0x1e4/0xb30 [ 683.046281][T12389] ? __pfx_vfs_read+0x10/0x10 [ 683.046303][T12389] ? __fget_files+0x215/0x3d0 [ 683.046336][T12389] ? __fget_files+0x21f/0x3d0 [ 683.046371][T12389] ksys_read+0x12a/0x250 [ 683.046393][T12389] ? __pfx_ksys_read+0x10/0x10 [ 683.046419][T12389] ? rcu_is_watching+0x12/0xc0 [ 683.046454][T12389] do_syscall_64+0x115/0x870 [ 683.046480][T12389] ? clear_bhb_loop+0x40/0x90 [ 683.046506][T12389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 683.046526][T12389] RIP: 0033:0x7efdc3d5d68e [ 683.046543][T12389] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 683.046562][T12389] RSP: 002b:00007efdc4ba2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 683.046582][T12389] RAX: ffffffffffffffda RBX: 00007efdc4ba36c0 RCX: 00007efdc3d5d68e [ 683.046595][T12389] RDX: 000000000000000f RSI: 00007efdc4ba30a0 RDI: 0000000000000004 [ 683.046607][T12389] RBP: 00007efdc4ba3090 R08: 0000000000000000 R09: 0000000000000000 [ 683.046619][T12389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 683.046631][T12389] R13: 00007efdc4016128 R14: 00007efdc4016090 R15: 00007ffccdbd3de8 [ 683.046662][T12389] [ 683.452336][ T86] usb 5-1: SerialNumber: syz [ 683.608263][T12397] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 683.617138][T12397] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 683.625875][T12397] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 683.726689][ T86] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 683.773124][ T86] usb 5-1: parse_audio_format_rates_v2v3(): unable to find clock source (clock -22) [ 683.982478][T12404] veth0_to_team: Caught tx_queue_len zero misconfig [ 684.212953][ T86] usb 5-1: failed to enable PITCH for EP 0x82 [ 685.254917][ T29] audit: type=1400 audit(1780557930.793:1297): avc: denied { setattr } for pid=12408 comm="syz.1.1691" name="" dev="pipefs" ino=5133 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 685.382683][ T86] usb 5-1: USB disconnect, device number 28 [ 685.419536][T12417] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1694'. [ 685.748990][ T5630] udevd[5630]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 685.791484][T12419] FAULT_INJECTION: forcing a failure. [ 685.791484][T12419] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 685.904082][T12419] CPU: 0 UID: 0 PID: 12419 Comm: syz.4.1696 Tainted: G L syzkaller #0 PREEMPT(full) [ 685.904114][T12419] Tainted: [L]=SOFTLOCKUP [ 685.904120][T12419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 685.904131][T12419] Call Trace: [ 685.904137][T12419] [ 685.904144][T12419] dump_stack_lvl+0x100/0x190 [ 685.904175][T12419] should_fail_ex.cold+0x5/0xa [ 685.904204][T12419] __kvm_read_guest_page+0x186/0x250 [ 685.904228][T12419] kvm_fetch_guest_virt+0x128/0x1a0 [ 685.904262][T12419] __do_insn_fetch_bytes+0x5ef/0x7c0 [ 685.904291][T12419] ? __pfx___do_insn_fetch_bytes+0x10/0x10 [ 685.904321][T12419] ? __lock_acquire+0x4a5/0x2630 [ 685.904351][T12419] x86_decode_insn+0x3ca/0x6d80 [ 685.904383][T12419] ? __pfx_x86_decode_insn+0x10/0x10 [ 685.904403][T12419] ? vmx_cache_reg+0x54f/0x7b0 [ 685.904427][T12419] ? init_decode_cache+0xd/0x2a0 [ 685.904445][T12419] ? init_emulate_ctxt+0x415/0x6d0 [ 685.904464][T12419] ? __pfx_init_emulate_ctxt+0x10/0x10 [ 685.904484][T12419] ? vmx_read_guest_seg_ar+0x87/0x1b0 [ 685.904511][T12419] ? vmx_get_segment+0x1d0/0x770 [ 685.904537][T12419] x86_emulate_instruction+0x1dcc/0x1f80 [ 685.904578][T12419] handle_ud+0x103/0x5a0 [ 685.904602][T12419] ? __pfx_handle_ud+0x10/0x10 [ 685.904630][T12419] ? rcu_is_watching+0x12/0xc0 [ 685.904658][T12419] ? __vmx_complete_interrupts+0x129/0x570 [ 685.904685][T12419] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 685.904712][T12419] handle_exception_nmi+0xd0c/0x1bb0 [ 685.904740][T12419] ? __pfx_handle_exception_nmi+0x10/0x10 [ 685.904764][T12419] vmx_handle_exit+0x84c/0x1f30 [ 685.904794][T12419] vcpu_run+0x34cf/0x5ca0 [ 685.904831][T12419] ? x86_emulate_instruction+0x27e/0x1f80 [ 685.904858][T12419] ? __pfx_vcpu_run+0x10/0x10 [ 685.904893][T12419] ? complete_emulated_mmio+0x102/0x710 [ 685.904927][T12419] ? kvm_arch_vcpu_ioctl_run+0x5b6/0x1890 [ 685.904952][T12419] kvm_arch_vcpu_ioctl_run+0x5b6/0x1890 [ 685.904988][T12419] kvm_vcpu_ioctl+0x730/0x1720 [ 685.905021][T12419] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 685.905044][T12419] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 685.905069][T12419] ? do_vfs_ioctl+0x226/0x13e0 [ 685.905092][T12419] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 685.905113][T12419] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 685.905154][T12419] ? __fget_files+0x215/0x3d0 [ 685.905178][T12419] ? hook_file_ioctl_common+0x149/0x410 [ 685.905207][T12419] ? selinux_file_ioctl+0x13b/0x290 [ 685.905233][T12419] ? selinux_file_ioctl+0xb6/0x290 [ 685.905262][T12419] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 685.905283][T12419] __x64_sys_ioctl+0x18e/0x210 [ 685.905307][T12419] do_syscall_64+0x115/0x870 [ 685.905332][T12419] ? clear_bhb_loop+0x40/0x90 [ 685.905357][T12419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.905378][T12419] RIP: 0033:0x7f287f39ce59 [ 685.905395][T12419] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 685.905415][T12419] RSP: 002b:00007f288026e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 685.905434][T12419] RAX: ffffffffffffffda RBX: 00007f287f615fa0 RCX: 00007f287f39ce59 [ 685.905448][T12419] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 685.905462][T12419] RBP: 00007f288026e090 R08: 0000000000000000 R09: 0000000000000000 [ 685.905473][T12419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 685.905485][T12419] R13: 00007f287f616038 R14: 00007f287f615fa0 R15: 00007ffee2c80e98 [ 685.905515][T12419] [ 686.488461][ T29] audit: type=1400 audit(1780557932.445:1298): avc: denied { setopt } for pid=12423 comm="syz.0.1695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 687.481751][ T29] audit: type=1400 audit(1780557933.386:1299): avc: denied { map } for pid=12430 comm="syz.6.1698" path="/dev/vbi7" dev="devtmpfs" ino=995 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 687.594466][ T29] audit: type=1400 audit(1780557933.386:1300): avc: denied { execute } for pid=12430 comm="syz.6.1698" path="/dev/vbi7" dev="devtmpfs" ino=995 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 687.626718][T12439] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 687.635114][T12439] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 687.643592][T12439] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 688.817924][T12450] lo speed is unknown, defaulting to 1000 [ 689.028147][T12457] 9p: Bad value for 'rfdno' [ 689.842218][ T86] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 690.046618][ T86] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 690.079160][ T86] usb 4-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 690.106011][ T86] usb 4-1: Product: syz [ 690.124357][ T86] usb 4-1: Manufacturer: syz [ 690.142685][ T86] usb 4-1: SerialNumber: syz [ 690.168690][ T86] usb 4-1: config 0 descriptor?? [ 690.198810][T12481] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 690.207174][T12481] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 690.215627][T12481] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 690.243487][ T86] ch341 4-1:0.0: ch341-uart converter detected [ 691.788902][ T86] usb 4-1: failed to send control message: -71 [ 691.806094][ T86] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 691.851363][ T86] usb 4-1: USB disconnect, device number 54 [ 691.881230][ T86] ch341 4-1:0.0: device disconnected [ 691.972478][T12494] dummy0: Caught tx_queue_len zero misconfig [ 692.355738][ T29] audit: type=1400 audit(1780557937.870:1301): avc: denied { ioctl } for pid=12513 comm="syz.0.1725" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 692.664198][ T5903] Bluetooth: hci5: Frame reassembly failed (-84) [ 692.894313][T12528] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 692.902553][T12528] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 692.911048][T12528] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 693.317156][ T29] audit: type=1400 audit(1780557938.691:1302): avc: denied { read } for pid=12525 comm="syz.3.1731" name="file0" dev="fuse" ino=9007199254741056 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 693.353442][T12533] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 693.365663][T12533] block device autoloading is deprecated and will be removed. [ 693.381493][ T29] audit: type=1400 audit(1780557938.701:1303): avc: denied { open } for pid=12525 comm="syz.3.1731" path="/384/file0/file0" dev="fuse" ino=9007199254741056 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 694.725012][ T29] audit: type=1400 audit(1780557940.057:1304): avc: denied { create } for pid=12564 comm="syz.1.1737" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 694.787916][ T29] audit: type=1400 audit(1780557940.085:1305): avc: denied { write } for pid=12564 comm="syz.1.1737" name="file0" dev="tmpfs" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 695.051390][ T5634] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 695.170255][ T29] audit: type=1400 audit(1780557940.094:1306): avc: denied { open } for pid=12564 comm="syz.1.1737" path="/348/file0" dev="tmpfs" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 695.211923][ T29] audit: type=1400 audit(1780557940.371:1307): avc: denied { ioctl } for pid=12564 comm="syz.1.1737" path="/348/file0" dev="tmpfs" ino=1867 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 695.270831][ T29] audit: type=1400 audit(1780557940.472:1308): avc: denied { unlink } for pid=5616 comm="syz-executor" name="file0" dev="tmpfs" ino=1867 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 695.468919][ T29] audit: type=1400 audit(1780557940.749:1309): avc: denied { name_connect } for pid=12577 comm="syz.1.1740" dest=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 695.493276][T12578] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12578 comm=syz.1.1740 [ 695.612872][T12574] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1739'. [ 695.801059][T12587] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 695.812189][T12587] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 695.821566][T12587] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 695.993623][T12588] ISOFS: Unable to identify CD-ROM format. [ 696.369763][ T29] audit: type=1400 audit(1780557941.579:1310): avc: denied { audit_read } for pid=12593 comm="syz.4.1745" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 696.449628][T12597] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 696.547012][ T29] audit: type=1400 audit(1780557941.745:1311): avc: denied { ioctl } for pid=12593 comm="syz.4.1745" path="socket:[46993]" dev="sockfs" ino=46993 ioctlcmd=0x8907 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 696.845583][T12605] netem: change failed [ 697.027598][ T804] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 697.211826][ T804] usb 4-1: Using ep0 maxpacket: 32 [ 697.226557][ T804] usb 4-1: config 76 has an invalid descriptor of length 0, skipping remainder of the config [ 697.274048][ T804] usb 4-1: New USB device found, idVendor=069a, idProduct=0001, bcdDevice=51.c5 [ 697.293321][ T804] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 697.309096][ T804] usb 4-1: Product: syz [ 697.318131][ T804] usb 4-1: Manufacturer: syz [ 697.328595][ T804] usb 4-1: SerialNumber: syz [ 697.359418][ T804] pwc: Askey VC010 type 1 USB webcam detected. [ 699.693513][T12646] /dev/nullb0: Can't open blockdev [ 700.663773][T12649] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 700.672656][T12649] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 700.681437][T12649] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 701.520304][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 701.537043][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 701.843444][T12653] lo: Caught tx_queue_len zero misconfig [ 702.821632][ T804] pwc: send_video_command error -32 [ 702.828571][ T804] pwc: Failed to set video mode CIF@30 fps; return code = -32 [ 702.838739][ T804] Philips webcam 4-1:76.0: probe with driver Philips webcam failed with error -32 [ 702.922864][T12666] SELinux: syz.4.1767 (12666) wrote to checkreqprot. This is no longer supported. [ 702.953815][T12669] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 703.435118][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 703.435135][ T29] audit: type=1400 audit(1780557948.094:1313): avc: denied { listen } for pid=12664 comm="syz.4.1767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 703.476088][ T29] audit: type=1400 audit(1780557948.094:1314): avc: denied { ioctl } for pid=12664 comm="syz.4.1767" path="socket:[48300]" dev="sockfs" ino=48300 ioctlcmd=0x6629 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 703.650156][T12604] kexec: Could not allocate control_code_buffer [ 703.729950][ T804] usb 4-1: USB disconnect, device number 55 [ 709.177802][T12701] lo speed is unknown, defaulting to 1000 [ 709.857313][T12708] netlink: 'syz.3.1775': attribute type 4 has an invalid length. [ 710.362862][T12709] wireguard0: entered promiscuous mode [ 710.371169][T12709] wireguard0: entered allmulticast mode [ 710.790177][T12723] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1779'. [ 712.241853][T12747] kAFS: unable to lookup cell 'ÿ' [ 712.400080][ T29] audit: type=1400 audit(1780557956.370:1315): avc: denied { listen } for pid=12756 comm="syz.3.1788" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 712.465567][T12746] 9p: Bad value for 'wfdno' [ 712.614679][T12750] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 712.708968][T12747] netlink: 'syz.4.1783': attribute type 10 has an invalid length. [ 712.776282][T12758] netlink: 'syz.4.1783': attribute type 10 has an invalid length. [ 714.878817][ T991] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 715.077008][ T991] usb 7-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 715.108966][ T991] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 715.146959][ T991] usb 7-1: Product: syz [ 715.165953][ T991] usb 7-1: Manufacturer: syz [ 715.180640][ T991] usb 7-1: SerialNumber: syz [ 715.204212][T12747] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 715.229354][ T991] usb 7-1: config 0 descriptor?? [ 715.298189][T12747] team0: Port device netdevsim1 added [ 715.601725][T12758] team0: Port device netdevsim1 removed [ 715.694785][T12758] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 717.190919][T12758] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 718.367144][ T29] audit: type=1400 audit(1780557961.823:1316): avc: denied { connect } for pid=12796 comm="syz.4.1803" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 718.488643][ T991] usb 7-1: f81604_write: reg: 105 data: f1 failed: -EPROTO [ 719.129606][ T29] audit: type=1400 audit(1780557961.870:1317): avc: denied { accept } for pid=12796 comm="syz.4.1803" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 719.287958][ T29] audit: type=1400 audit(1780557961.989:1318): avc: denied { read } for pid=12796 comm="syz.4.1803" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 719.553473][ T991] f81604 7-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 719.561483][ T991] f81604 7-1:0.0: probe with driver f81604 failed with error -71 [ 719.577783][ T991] usb 7-1: USB disconnect, device number 22 [ 720.286129][ T991] usb 7-1: new full-speed USB device number 23 using dummy_hcd [ 720.677136][ T991] usb 7-1: config 0 has an invalid interface number: 8 but max is 0 [ 720.745462][ T991] usb 7-1: config 0 has no interface number 0 [ 720.839723][ T991] usb 7-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 720.951031][ T991] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 721.017955][ T991] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 721.098634][T12834] IPVS: set_ctl: invalid protocol: 41 255.255.255.255:20002 [ 721.161397][ T29] audit: type=1400 audit(1780557964.453:1319): avc: denied { ioctl } for pid=12830 comm="syz.4.1812" path="socket:[48829]" dev="sockfs" ino=48829 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 721.277850][ T991] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 721.298660][ T991] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 721.336144][ T991] usb 7-1: Product: syz [ 721.362452][ T991] usb 7-1: SerialNumber: syz [ 721.366372][T12838] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1815'. [ 721.465417][ T991] usb 7-1: config 0 descriptor?? [ 721.618641][T11395] Bluetooth: hci4: command 0x0406 tx timeout [ 721.649976][ T991] cm109 7-1:0.8: invalid payload size 0, expected 4 [ 722.613904][ T991] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input34 [ 723.274575][ C1] cm109_urb_ctl_callback: 3 callbacks suppressed [ 723.274597][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 723.288601][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 723.297374][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 723.305159][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 723.314362][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 723.322432][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 723.330114][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 723.337316][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 723.344463][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 723.354006][ C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 723.367178][ T991] usb 7-1: USB disconnect, device number 23 [ 723.373136][ C1] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 723.401518][ T991] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 723.864244][T12860] netlink: 'syz.6.1820': attribute type 1 has an invalid length. [ 725.417674][ T29] audit: type=1400 audit(1780557968.375:1320): avc: denied { create } for pid=12847 comm="syz.6.1820" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 725.439573][T12867] fuse: Unknown parameter '' [ 725.465078][ T29] audit: type=1400 audit(1780557968.402:1321): avc: denied { mounton } for pid=12847 comm="syz.6.1820" path="/229/file0" dev="tmpfs" ino=1225 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 725.518875][ T29] audit: type=1400 audit(1780557968.448:1322): avc: denied { mount } for pid=12869 comm="syz.1.1823" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 725.815275][T12860] 8021q: adding VLAN 0 to HW filter on device bond2 [ 726.461034][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 726.593985][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 726.774715][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 727.068602][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 727.553486][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 727.593269][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 727.725132][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 727.744855][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 727.907352][T12892] netlink: 'syz.0.1827': attribute type 1 has an invalid length. [ 728.237581][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 728.280553][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 728.321840][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 728.462496][T12898] kAFS: unable to lookup cell 'ÿ' [ 728.463651][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 729.076916][T12899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 729.085807][T12899] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 729.112362][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 729.163342][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 729.200577][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 729.234837][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 729.273519][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 729.346192][ T5762] usb 5-1: new full-speed USB device number 29 using dummy_hcd [ 729.347169][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 729.395006][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 729.457614][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 729.503619][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 729.609845][T12882] 9pnet_fd: p9_fd_create_tcp (12882): problem connecting socket to 127.0.0.1 [ 729.787791][ T29] audit: type=1400 audit(1780557972.407:1323): avc: denied { remount } for pid=12903 comm="syz.0.1832" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 729.967420][T12911] netlink: 15995 bytes leftover after parsing attributes in process `syz.1.1834'. [ 729.976769][ T29] audit: type=1400 audit(1780557972.582:1324): avc: denied { execute } for pid=12910 comm="syz.1.1834" name="cgroup" dev="tmpfs" ino=1980 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=lnk_file permissive=1 [ 730.499372][T12917] lo speed is unknown, defaulting to 1000 [ 731.686927][T11395] Bluetooth: hci5: command 0x1003 tx timeout [ 731.687456][ T5634] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 733.155722][T12946] kAFS: unable to lookup cell 'ÿ' [ 734.923879][T12959] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1843'. [ 735.270756][T12961] binder: 12960:12961 unknown command 0 [ 735.312682][T12961] binder: 12960:12961 ioctl c0306201 2000000003c0 returned -22 [ 735.493083][T12966] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 735.543798][ T29] audit: type=1400 audit(1780557977.722:1325): avc: denied { accept } for pid=12964 comm="syz.6.1847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 735.650324][T12968] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1850'. [ 735.816642][T12976] sch_fq: defrate 0 ignored. [ 735.963657][T12981] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 735.971920][T12981] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 735.980411][T12981] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 737.254484][T13002] lo speed is unknown, defaulting to 1000 [ 737.623360][T13007] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1858'. [ 737.674662][ T29] audit: type=1400 audit(1780557979.687:1326): avc: denied { getopt } for pid=13006 comm="syz.1.1858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 737.674999][T13007] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=13007 comm=syz.1.1858 [ 738.416912][T13026] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13026 comm=syz.1.1864 [ 738.931234][ T29] audit: type=1400 audit(1780557980.831:1327): avc: denied { name_bind } for pid=13020 comm="syz.0.1863" src=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 739.303617][T13031] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 739.311840][T13031] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 739.320301][T13031] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 740.106816][T13044] No such timeout policy "syz0" [ 742.054446][ T29] audit: type=1400 audit(1780557983.728:1328): avc: denied { read } for pid=13056 comm="syz.6.1874" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 742.095961][ T29] audit: type=1400 audit(1780557983.728:1329): avc: denied { write } for pid=13056 comm="syz.6.1874" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 742.120256][ T29] audit: type=1400 audit(1780557983.728:1330): avc: denied { open } for pid=13056 comm="syz.6.1874" path="/242/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 742.638201][ T29] audit: type=1400 audit(1780557984.263:1331): avc: denied { ioctl } for pid=13071 comm="syz.4.1877" path="/dev/usbmon5" dev="devtmpfs" ino=732 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 744.906216][T13107] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 744.916296][T13107] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 744.924965][T13107] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 745.162941][ T5762] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 745.428804][ T5762] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 747.345578][ T5762] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 748.572429][ T5762] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 748.585648][ T5762] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 748.595043][ T5762] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 748.607042][ T5762] usb 4-1: config 0 descriptor?? [ 748.658627][ T5762] usb 4-1: can't set config #0, error -71 [ 748.667246][ T5762] usb 4-1: USB disconnect, device number 56 [ 751.025687][T13149] syzkaller0: entered promiscuous mode [ 751.042582][T13149] syzkaller0: entered allmulticast mode [ 752.544004][ T29] audit: type=1400 audit(1780557993.407:1332): avc: denied { setopt } for pid=13158 comm="syz.1.1898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 752.809547][ T5762] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 753.221888][T13169] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1901'. [ 753.865645][ T5762] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 753.884171][ T5762] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 753.903037][ T5762] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 753.916499][ T5762] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 753.925574][ T5762] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 753.943007][ T5762] usb 5-1: config 0 descriptor?? [ 753.960898][T13183] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1906'. [ 754.078855][ T29] audit: type=1400 audit(1780557994.828:1333): avc: denied { view } for pid=13186 comm="syz.3.1909" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 754.398853][ T5762] plantronics 0003:047F:FFFF.0012: reserved main item tag 0xd [ 754.430391][ T5762] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 756.143007][ T86] usb 5-1: reset high-speed USB device number 30 using dummy_hcd [ 756.355850][ T29] audit: type=1400 audit(1780557996.932:1334): avc: denied { mount } for pid=13216 comm="syz.3.1921" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 757.160982][ T29] audit: type=1400 audit(1780557997.670:1335): avc: denied { unmount } for pid=5614 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 758.177792][T10414] usb 5-1: USB disconnect, device number 30 [ 758.508531][ T29] audit: type=1326 audit(1780557998.916:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13286 comm="syz.3.1943" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7d319ce59 code=0x7ffc0000 [ 758.584279][ T29] audit: type=1326 audit(1780557998.916:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13286 comm="syz.3.1943" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7d319ce59 code=0x7ffc0000 [ 758.634431][ T29] audit: type=1326 audit(1780557998.953:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13286 comm="syz.3.1943" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7d319ce59 code=0x7ffc0000 [ 758.712038][ T29] audit: type=1326 audit(1780557998.953:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13286 comm="syz.3.1943" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7d319ce59 code=0x7ffc0000 [ 758.765704][ T29] audit: type=1326 audit(1780557998.953:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13286 comm="syz.3.1943" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7ff7d319ce59 code=0x7ffc0000 [ 758.838670][ T29] audit: type=1326 audit(1780557998.953:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13286 comm="syz.3.1943" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7d319ce59 code=0x7ffc0000 [ 758.921140][ T29] audit: type=1326 audit(1780557998.953:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13286 comm="syz.3.1943" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7d319ce59 code=0x7ffc0000 [ 759.007393][ T29] audit: type=1326 audit(1780557998.953:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13286 comm="syz.3.1943" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7ff7d319ce59 code=0x7ffc0000 [ 759.049073][ T29] audit: type=1326 audit(1780557998.953:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13286 comm="syz.3.1943" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff7d319ce59 code=0x7ffc0000 [ 759.371163][T13328] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1956'. [ 759.416695][T13328] 8021q: adding VLAN 0 to HW filter on device bond3 [ 759.483305][T13327] can0: slcan on ttyS3. [ 759.529530][ T29] audit: type=1326 audit(1780557999.848:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13336 comm="syz.1.1960" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1f6b9ce59 code=0x7ffc0000 [ 759.574225][T13328] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 759.581686][T13328] macvlan2: entered allmulticast mode [ 759.606385][T13328] bond3: entered allmulticast mode [ 759.633879][T13328] team0: Port device macvlan2 added [ 759.829434][T13326] can0 (unregistered): slcan off ttyS3. [ 759.845143][T13351] fuse: fd is not a fuse device [ 760.803029][ T86] lo speed is unknown, defaulting to 1000 [ 760.862640][T13395] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1974'. [ 762.110238][T13436] netlink: 'syz.1.1986': attribute type 13 has an invalid length. [ 762.241802][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 762.563607][T13448] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1989'. [ 762.694272][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 763.281564][T13482] sctp: [Deprecated]: syz.6.2001 (pid 13482) Use of int in max_burst socket option. [ 763.281564][T13482] Use struct sctp_assoc_value instead [ 764.527812][ T29] kauditd_printk_skb: 247 callbacks suppressed [ 764.527835][ T29] audit: type=1400 audit(1780558004.461:1593): avc: denied { mount } for pid=13510 comm="syz.6.2012" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 764.575096][T13513] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 764.692908][ T29] audit: type=1400 audit(1780558004.498:1594): avc: denied { mounton } for pid=13510 comm="syz.6.2012" path="/266/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 765.520355][ T29] audit: type=1400 audit(1780558005.384:1595): avc: denied { unmount } for pid=8305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 765.649286][ T29] audit: type=1400 audit(1780558005.504:1596): avc: denied { append } for pid=13522 comm="syz.6.2016" name="sg0" dev="devtmpfs" ino=816 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 765.901686][ T5762] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 767.322905][ T5762] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 767.342207][ T5762] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 767.373706][ T5762] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 767.417758][ T5762] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 767.443893][ T5762] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 767.466199][ T5762] usb 1-1: config 0 descriptor?? [ 768.301480][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 768.307899][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 768.315251][ T1313] ------------[ cut here ]------------ [ 768.323470][ T1313] !skb_transport_header_was_set(skb) [ 768.323492][ T1313] WARNING: ./include/linux/skbuff.h:3244 at lowpan_xmit+0xe84/0x1150, CPU#1: aoe_tx0/1313 [ 768.338767][ T1313] Modules linked in: [ 768.345370][ T1313] CPU: 1 UID: 0 PID: 1313 Comm: aoe_tx0 Tainted: G L syzkaller #0 PREEMPT(full) [ 768.356047][ T1313] Tainted: [L]=SOFTLOCKUP [ 768.360377][ T1313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 768.370499][ T1313] RIP: 0010:lowpan_xmit+0xe84/0x1150 [ 768.375848][ T1313] Code: 00 00 48 8b 8d a8 fe ff ff 0f b7 85 74 fe ff ff 4c 89 ff 48 01 81 40 02 00 00 e8 77 12 17 fe e9 7c fc ff ff e8 3d f5 c5 f6 90 <0f> 0b 90 e9 a8 f6 ff ff e8 2f f5 c5 f6 90 0f 0b 90 e9 af f5 ff ff [ 768.395537][ T1313] RSP: 0018:ffffc90005cd78a0 EFLAGS: 00010293 [ 768.401619][ T1313] RAX: 0000000000000000 RBX: ffffc90005cd7930 RCX: ffffffff8b42b1c6 [ 768.409648][ T1313] RDX: ffff88802a2ca540 RSI: ffffffff8b42bb23 RDI: ffff88802a2ca540 [ 768.417658][ T1313] RBP: ffffc90005cd7a40 R08: 0000000000000003 R09: 000000000000ffff [ 768.425639][ T1313] R10: 000000000000ffff R11: 0000000000000000 R12: ffff8880207db5b6 [ 768.433662][ T1313] R13: ffffc90005cd7940 R14: ffff888029778e50 R15: ffff8880207db500 [ 768.441691][ T1313] FS: 0000000000000000(0000) GS:ffff888124483000(0000) knlGS:0000000000000000 [ 768.450671][ T1313] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 768.457266][ T1313] CR2: 00007fb1f6b86480 CR3: 000000000e596000 CR4: 00000000003526f0 [ 768.465318][ T1313] Call Trace: [ 768.468607][ T1313] [ 768.471584][ T1313] ? __pfx_lowpan_xmit+0x10/0x10 [ 768.476544][ T1313] ? skb_network_protocol+0x2ce/0x3d0 [ 768.481976][ T1313] ? lockdep_unlock+0x5a/0xc0 [ 768.486686][ T1313] ? dev_hard_start_xmit+0x128/0x7a0 [ 768.492033][ T1313] dev_hard_start_xmit+0x128/0x7a0 [ 768.497173][ T1313] __dev_queue_xmit+0x1baa/0x4950 [ 768.502232][ T1313] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 768.508199][ T1313] ? __pfx___dev_queue_xmit+0x10/0x10 [ 768.513642][ T1313] ? __lock_acquire+0x4a5/0x2630 [ 768.518602][ T1313] ? ref_tracker_free+0x37e/0x6c0 [ 768.523700][ T1313] ? do_raw_spin_lock+0x128/0x260 [ 768.528787][ T1313] ? rcu_is_watching+0x12/0xc0 [ 768.533562][ T1313] ? __pfx_tx+0x10/0x10 [ 768.537751][ T1313] tx+0xc4/0x130 [ 768.541290][ T1313] kthread+0x1d8/0x3c0 [ 768.545362][ T1313] ? __kthread_parkme+0xbb/0x230 [ 768.550347][ T1313] ? __pfx_kthread+0x10/0x10 [ 768.554926][ T1313] ? rcu_is_watching+0x12/0xc0 [ 768.559725][ T1313] ? __pfx_default_wake_function+0x10/0x10 [ 768.565528][ T1313] ? __kthread_parkme+0x18c/0x230 [ 768.570589][ T1313] ? kthread+0x13a/0x450 [ 768.574819][ T1313] ? __pfx_kthread+0x10/0x10 [ 768.579420][ T1313] kthread+0x370/0x450 [ 768.583502][ T1313] ? __pfx_kthread+0x10/0x10 [ 768.588107][ T1313] ret_from_fork+0x72b/0xd50 [ 768.592720][ T1313] ? __pfx_ret_from_fork+0x10/0x10 [ 768.597845][ T1313] ? __switch_to+0x800/0x1100 [ 768.602575][ T1313] ? __pfx_kthread+0x10/0x10 [ 768.607168][ T1313] ret_from_fork_asm+0x1a/0x30 [ 768.612011][ T1313] [ 768.615023][ T1313] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 768.622296][ T1313] CPU: 1 UID: 0 PID: 1313 Comm: aoe_tx0 Tainted: G L syzkaller #0 PREEMPT(full) [ 768.632884][ T1313] Tainted: [L]=SOFTLOCKUP [ 768.637205][ T1313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 768.647260][ T1313] Call Trace: [ 768.650534][ T1313] [ 768.653451][ T1313] dump_stack_lvl+0x100/0x190 [ 768.658123][ T1313] vpanic+0x552/0x970 [ 768.662091][ T1313] ? __pfx_vpanic+0x10/0x10 [ 768.666589][ T1313] panic+0xd1/0xe0 [ 768.670291][ T1313] ? __pfx_panic+0x10/0x10 [ 768.674716][ T1313] ? check_panic_on_warn+0x1f/0x90 [ 768.679830][ T1313] check_panic_on_warn.cold+0x19/0x34 [ 768.685199][ T1313] ? lowpan_xmit+0xe84/0x1150 [ 768.689886][ T1313] __warn.cold+0x191/0x328 [ 768.694309][ T1313] __report_bug+0x296/0x3d0 [ 768.698805][ T1313] ? lowpan_xmit+0xe84/0x1150 [ 768.703487][ T1313] ? __pfx___report_bug+0x10/0x10 [ 768.708506][ T1313] ? stack_depot_save_flags+0x27/0x9d0 [ 768.713954][ T1313] ? __lock_acquire+0x4a5/0x2630 [ 768.718898][ T1313] ? kfree_skbmem+0x19a/0x210 [ 768.723582][ T1313] ? __kasan_slab_free+0x5f/0x80 [ 768.728519][ T1313] ? kmem_cache_free+0x127/0x6c0 [ 768.733464][ T1313] ? lowpan_xmit+0xe84/0x1150 [ 768.738129][ T1313] report_bug+0xb2/0x220 [ 768.742362][ T1313] ? lowpan_xmit+0xe84/0x1150 [ 768.747027][ T1313] handle_bug+0x16a/0x2a0 [ 768.751346][ T1313] exc_invalid_op+0x17/0x50 [ 768.755860][ T1313] asm_exc_invalid_op+0x1a/0x20 [ 768.760712][ T1313] RIP: 0010:lowpan_xmit+0xe84/0x1150 [ 768.765993][ T1313] Code: 00 00 48 8b 8d a8 fe ff ff 0f b7 85 74 fe ff ff 4c 89 ff 48 01 81 40 02 00 00 e8 77 12 17 fe e9 7c fc ff ff e8 3d f5 c5 f6 90 <0f> 0b 90 e9 a8 f6 ff ff e8 2f f5 c5 f6 90 0f 0b 90 e9 af f5 ff ff [ 768.785589][ T1313] RSP: 0018:ffffc90005cd78a0 EFLAGS: 00010293 [ 768.791663][ T1313] RAX: 0000000000000000 RBX: ffffc90005cd7930 RCX: ffffffff8b42b1c6 [ 768.799639][ T1313] RDX: ffff88802a2ca540 RSI: ffffffff8b42bb23 RDI: ffff88802a2ca540 [ 768.807600][ T1313] RBP: ffffc90005cd7a40 R08: 0000000000000003 R09: 000000000000ffff [ 768.815567][ T1313] R10: 000000000000ffff R11: 0000000000000000 R12: ffff8880207db5b6 [ 768.823538][ T1313] R13: ffffc90005cd7940 R14: ffff888029778e50 R15: ffff8880207db500 [ 768.831513][ T1313] ? lowpan_xmit+0x526/0x1150 [ 768.836183][ T1313] ? lowpan_xmit+0xe83/0x1150 [ 768.840882][ T1313] ? __pfx_lowpan_xmit+0x10/0x10 [ 768.845818][ T1313] ? skb_network_protocol+0x2ce/0x3d0 [ 768.851202][ T1313] ? lockdep_unlock+0x5a/0xc0 [ 768.855889][ T1313] ? dev_hard_start_xmit+0x128/0x7a0 [ 768.861164][ T1313] dev_hard_start_xmit+0x128/0x7a0 [ 768.866272][ T1313] __dev_queue_xmit+0x1baa/0x4950 [ 768.871291][ T1313] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 768.877174][ T1313] ? __pfx___dev_queue_xmit+0x10/0x10 [ 768.882546][ T1313] ? __lock_acquire+0x4a5/0x2630 [ 768.887473][ T1313] ? ref_tracker_free+0x37e/0x6c0 [ 768.892502][ T1313] ? do_raw_spin_lock+0x128/0x260 [ 768.897528][ T1313] ? rcu_is_watching+0x12/0xc0 [ 768.902297][ T1313] ? __pfx_tx+0x10/0x10 [ 768.906442][ T1313] tx+0xc4/0x130 [ 768.910001][ T1313] kthread+0x1d8/0x3c0 [ 768.914060][ T1313] ? __kthread_parkme+0xbb/0x230 [ 768.919014][ T1313] ? __pfx_kthread+0x10/0x10 [ 768.923604][ T1313] ? rcu_is_watching+0x12/0xc0 [ 768.928369][ T1313] ? __pfx_default_wake_function+0x10/0x10 [ 768.934179][ T1313] ? __kthread_parkme+0x18c/0x230 [ 768.939204][ T1313] ? kthread+0x13a/0x450 [ 768.943450][ T1313] ? __pfx_kthread+0x10/0x10 [ 768.948047][ T1313] kthread+0x370/0x450 [ 768.952111][ T1313] ? __pfx_kthread+0x10/0x10 [ 768.956709][ T1313] ret_from_fork+0x72b/0xd50 [ 768.961297][ T1313] ? __pfx_ret_from_fork+0x10/0x10 [ 768.966398][ T1313] ? __switch_to+0x800/0x1100 [ 768.971068][ T1313] ? __pfx_kthread+0x10/0x10 [ 768.975648][ T1313] ret_from_fork_asm+0x1a/0x30 [ 768.980417][ T1313] [ 768.983716][ T1313] Kernel Offset: disabled [ 768.988031][ T1313] Rebooting in 86400 seconds..