last executing test programs: 12.736360994s ago: executing program 0 (id=885): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0xb05, 0x1822, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xfe, 0xfd, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) (async) syz_usb_connect$cdc_ncm(0x0, 0x83, &(0x7f0000000100)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x71, 0x2, 0x1, 0xf8, 0x20, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0xf7, 0x32, 0xb}, {0x6, 0x24, 0x1a, 0xd, 0x39}, [@mdlm={0x15, 0x24, 0x12, 0xfffd}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xb, 0x3, 0xfb}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x10, 0x6, 0x1, 0xb}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x5, 0x57, 0x10}}}}}}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x1, 0xc, 0x8, 0x10, 0x2}, 0x17, &(0x7f0000000080)={0x5, 0xf, 0x17, 0x2, [@wireless={0xb, 0x10, 0x1, 0x8, 0x4, 0x60, 0x2, 0x1, 0x9}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x0, 0x7, 0x6}]}, 0x6, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x1834}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x407}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x40b}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x810}}, {0x4, &(0x7f0000000300)=@lang_id={0x4}}, {0xcb, &(0x7f0000000340)=@string={0xcb, 0x3, "ab546e5ff77a0fe6e5d56ade6743fb5f738b903641cc3bef75797b58e1cff5767f1d733b407a0acbe2db3bc81429eb9ed890ab5171857ebe4332db756f7ca042cab40aca6cd56aca8b15d44e8fff4ca3d4c4a0c644819dd8c9cf3963727522b8d6cb0f2424bc085669d01036cb30a4753de3de80680c7a6c2db52bfbaa06e7d9fce32a0b8fbaa0be38cb4c3d6e93f413a62b9c96e87cd996ae48999b0686ec3ecb7569fef30a98604cf10d41978aacae20c390f534f9a2c1008e72c847d6c0d92ddab871fae7553019"}}]}) syz_usb_control_io$hid(r0, 0x0, 0x0) (async) syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f00000000c0)={0x0, 0x22, 0x7, {0x7, 0x21, "3197dad8f0"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 12.168687718s ago: executing program 3 (id=889): r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000180)={0xffffffffffffffff}, 0x4) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x56e, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x10}}}}}]}}]}}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x22c040, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r3, 0x0, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r2, 0x3ba0, &(0x7f0000000800)={0x48, 0x3, r4, 0x0, 0x1004000, 0x0, 0x0}) syz_usb_control_io(r1, &(0x7f0000000b80)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x5, {0x5, 0x23, "820027"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES64=r0, @ANYRESDEC=r0, @ANYRES64=r0], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sysinfo(&(0x7f0000000340)=""/166) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r6}, 0x18) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_usb_ep_read(0xffffffffffffffff, 0x3, 0x8c, &(0x7f00000005c0)=""/140) close(r7) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vm(r9, 0x4018aee2, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x5, &(0x7f0000000140)=0x7ff}) sendmsg$NFT_MSG_GETTABLE(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000edfbac00000300"/20], 0x14}, 0x1, 0x0, 0x0, 0x20004094}, 0x20) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r10 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x319000, 0x0) ioctl$TUNSETOFFLOAD(r10, 0xc004743e, 0x9) r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000240)=[{0x1, 0x80, 0x3, 0x81}]}) clock_gettime(0x0, &(0x7f0000003480)={0x0, 0x0}) recvmmsg(r8, &(0x7f0000003400)=[{{&(0x7f00000009c0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f00000022c0)=[{&(0x7f0000003500)=""/83, 0x53}, {&(0x7f0000000d40)=""/78, 0x4e}, {&(0x7f0000003580)=""/173, 0xad}, {&(0x7f0000000e80)=""/152, 0x98}, {&(0x7f0000000f40)=""/146, 0x92}, {&(0x7f0000001000)=""/154, 0x9a}, {&(0x7f00000010c0)=""/155, 0x9b}, {&(0x7f0000001180)=""/129, 0x81}, {&(0x7f0000001240)=""/114, 0x72}, {&(0x7f0000003640)=""/4096, 0x1000}], 0xa}, 0x8001}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000002380)=""/91, 0x5b}], 0x1, &(0x7f0000002400)=""/4096, 0x1000}, 0x80000000}], 0x2, 0x61, &(0x7f00000034c0)={r12, r13+10000000}) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r11, 0x40082102, &(0x7f0000000080)) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0xeef, 0x1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x5, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x1, 0x1, 0xd, {0x9, 0x21, 0x4, 0x4, 0x1, {0x22, 0x325}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xf4, 0x5, 0x1}}}}}]}}]}}, &(0x7f0000000b00)={0xa, &(0x7f00000006c0)={0xa, 0x6, 0x200, 0x9, 0x2, 0x8, 0x40, 0x24}, 0x118, &(0x7f0000000880)={0x5, 0xf, 0x118, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x49, 0x39, 0x2}, @wireless={0xb, 0x10, 0x1, 0xc, 0x8, 0x9, 0xb, 0xffff, 0x2}, @generic={0xe3, 0x10, 0x4, "a97c1ca19ccf2bb055f85c7847ab6097e8b579c3fc6c13af5021912288653ffa365f1c6310bf92776d91693c9993562e6a2e94fcd257caad6ea0e281d3d3c67cee4ba12ff620743b1467dd2e8c21d37dc03fde524075d4f661d00848e3f0713a6736e187bae102b9965f05b29f57db8a0397dbabebceb7e8c7efaf309470f95ea5219c2c2ad353e154d0c6123742cff87fca8d67ae59644ef611144e767e7b925c7a29aa85d1d168a3cb8eae47c9a6bcf17c2227e052370fc3d4961da45a72f0df78bdb80761013ab6075e541ded8efee9eb6ea5f69907c057800ac6da400000"}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "95a63d6c232ccd2aa5745b677f985739"}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x3, 0x0, 0xb61}]}, 0x7, [{0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x41e}}, {0x102, &(0x7f0000000c00)=@string={0x102, 0x3, "75e968b6368a44fa7d136ece80f6537eb5b3a48e79fa5eeae106f091feff8336c4da38adcbedaf06df54691cc3dea1a0bca3a4088d1b7b7e285b9b94cc6f3ad0580d6b36b8de6e50bbc35052824b35945003389c79e19b48710e0dcb7d6805ab6b71df62ece961313ecc2f2aa811665a01bdf89ea1597d2aee884f6de76b8190d7e525297a2107733af0d4a57cfb32e8d0ff5ba657dc7683aaa644a30f36015c7dbb24dcd3104fe8dee6af81b54ed51dd314977a2f00c55d69f318317d0c0976d7e8a00efd04f50e4cf2e5a5ce5c32ca7ef7f008716ed9638d59cb8b339c382d8e08a963613d613e050748b07e227a6d5783dd5eef2ff5a198343302db2f3e4a"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x816}}, {0x4, &(0x7f0000000bc0)=@lang_id={0x4, 0x3, 0x140c}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x80a}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0x40e}}]}) prctl$PR_SET_IO_FLUSHER(0x41, 0x3) ioctl$TUNGETVNETLE(r7, 0x4010744d, &(0x7f0000000180)) 10.740458184s ago: executing program 1 (id=895): r0 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r0, &(0x7f0000000240)={0x2, 0x4001, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r0, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 10.559887752s ago: executing program 1 (id=898): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) dup(0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c) sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) mlockall(0x7) shutdown(r2, 0x2) close(r2) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) close(0xffffffffffffffff) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201010200000010f3b100000000010203010902240001010330050904000801030101000921ff00010122b00b09058103100002ba07424ae89cf7d629f944a4bedd8607e44fa2444bf40ddf534ff8c07cb111"], 0x0) (fail_nth: 1) mlock2(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc0045540, &(0x7f0000000100)=0x2) mlock2(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x0) 10.310878728s ago: executing program 0 (id=899): sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc800) keyctl$update(0x2, 0x0, &(0x7f0000000300)="31a7", 0x2) add_key$user(0x0, 0x0, &(0x7f0000000400), 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0), 0x60100, 0x0) ioctl$AUTOFS_IOC_FAIL(r1, 0x4c81, 0x9) dup(r0) unshare(0x2010000) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$vnet(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f0000000000)={0x1, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x40, 0x10000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x7}, 0x0, 0x0) ioperm(0x7f, 0x5, 0x84) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) waitid(0x0, r5, 0x0, 0x8, 0xfffffffffffffffd) waitid(0x1, r5, 0x0, 0x4, 0x0) 8.625064736s ago: executing program 0 (id=901): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) socket(0x3, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r3 = add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x1e, r3, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0xc2a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x8, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000b4321f00000000000a00630018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000100b706000014000000b703000000060000850000002f000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x9, 0x1000, &(0x7f0000001e40)=""/4096, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00'}) ioctl$int_in(r2, 0x5421, &(0x7f00000000c0)=0x4) bpf$MAP_CREATE(0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x3, 0x8, @remote, 0x7}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x953c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) 8.399505784s ago: executing program 3 (id=902): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x7, 0x13, r2, 0x4000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x79, 0x0, 0x3, 0x1, 0x1, 0x0, 0x2, 0x5, 0x0, 0x6, 0x1, 0x0, 0x2, 0x3], 0x2000}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'lo\x00'}) ioctl$KVM_RUN(r2, 0xae80, 0x0) unshare(0x20000400) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000180)='ns/pid_for_children\x00') 8.394498669s ago: executing program 1 (id=903): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) socket$kcm(0x2, 0x5, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001200010a8d2f700000000000000000cb0707"], 0x14}}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000280)=0x100000001, 0x4) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000240)={0x9, @pix_mp={0x2217, 0x8, 0x31324d4e, 0x0, 0x4, [{0x6, 0x4}, {0x2, 0x2}, {0xa, 0x6}, {0x1ff, 0x3}, {0x35c, 0x2f}, {0x559, 0xfffffffd}, {0x4, 0x7}, {0xffffffff, 0x2}], 0x2, 0x2, 0x8, 0x0, 0x1}}) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0) clock_nanosleep(0x8, 0x0, &(0x7f00000004c0)={0x0, 0x3938700}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000480)=ANY=[@ANYRESDEC, @ANYRES64=r2, @ANYRES8, @ANYRESHEX, @ANYRES64, @ANYRES32], &(0x7f0000000000)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='cramfs\x00', 0x2a00000, 0x0) syz_io_uring_setup(0x1249, &(0x7f00000000c0)={0x0, 0x2170, 0x4000, 0x1, 0x1c1}, &(0x7f0000000180), 0x0) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r4, &(0x7f00000001c0)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @remote}}, 0x24) sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r4, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) 7.547643319s ago: executing program 3 (id=905): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x2) write$uinput_user_dev(r0, &(0x7f0000000ec0)={'syz0\x00', {}, 0x0, [0x8, 0xe74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0xb16, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5], [0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x100e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbcd5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4], [0x0, 0x0, 0x0, 0xc63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdec, 0x0, 0x0, 0x0, 0xfffffffd, 0x1000, 0x0, 0x0, 0x80000003, 0x0, 0x5]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 1) 6.675351161s ago: executing program 3 (id=907): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000200)={'\x00', 0xfffb, 0xc78b, 0x4, 0x9, 0x3}) ioctl$BLKTRACESTART(r0, 0x1274, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="24000000210001000095860000000000000002000000000000010000000008000b00e20b00005a2ec11f6b2aec5ac3f1bf02dbc9280934db24e4dcc0a8ea0e00ebe4432237434e0f019306756edab982647eaaaebbee175e456afdd6087a04c3c97e44c292f6d097512b298532e707747cea46ee554ce10f51292da190db40fbf65d90eecccfc8207aa2bcd1d47866e6dda049c421f9251804563aed255ac48b6149b94d080bcdab0cef86cab67ce048826f571f328a673a8b5708494f2ba93e75c82ab72f18f5e27c840a5470f041da545d01eafb7d34fd679079eb35fc2fffc7439b53da294e9de1b4ef"], 0x24}, 0x1, 0x0, 0x0, 0x240080c5}, 0x800) sigaltstack(&(0x7f0000000000)={0xffffffffffffffff}, &(0x7f0000000080)={&(0x7f0000000040)=""/2, 0x0, 0x2}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) lsm_set_self_attr(0x65, 0x0, 0x20, 0x0) r3 = syz_usb_connect(0x0, 0x48, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000022546940fa0ae803d0990102030109023600010000000009047500038cbb2a0009050a001000010000090588"], 0x0) syz_usb_control_io$uac1(r3, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = dup(0xffffffffffffffff) connect$inet(r4, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x840) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r2, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4054, 0xfd6, 0x0, 0x0}, &(0x7f0000000100)=0x40) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, &(0x7f0000000540)) r5 = syz_usb_connect$hid(0x2, 0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000400b060a70000002000001090224000100000000090400000103000000092100000001220500090581030000"], 0x0) syz_usb_control_io(r5, 0x0, 0x0) syz_usb_control_io(r5, &(0x7f00000003c0)={0x2c, &(0x7f0000000680)=ANY=[@ANYBLOB="0000570000005700a7ea3163fd3bc518194b120c1e73d54cfc4ad2841ef4f6a3fd7c59ccb785025f2e7b"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82) syz_open_dev$sg(&(0x7f0000000280), 0x0, 0x840) syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x200) syz_open_dev$hidraw(&(0x7f0000001580), 0xffffffffffffff74, 0x8c441) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040ed7e54e20"], 0x7) openat(0xffffffffffffff9c, 0x0, 0xc5001, 0x2) 6.350544654s ago: executing program 1 (id=908): socket(0x3, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000040)={0xc}) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x10}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r3}, {}, {0x15, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x2c, '\x00', 0x0, @cgroup_skb=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 6.26353403s ago: executing program 2 (id=909): r0 = add_key$keyring(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 32) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async, rerun: 32) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async, rerun: 64) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 64) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (rerun: 64) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23) (async) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x80380000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) request_key(&(0x7f0000000140)='rxrpc_s\x00', 0x0, &(0x7f0000000500)=',\x87\xe7\x0f\x88N\xd2\xb3\xf6\xac\xf6\x9e\x18m.\xdfp\x14e\b\x1a-@\x00\x93W\xf3`\xe1\x1cT\xbe/\xb8\x89\x00\xbb\xe0O6b\xe8\r\xa6\x0elCB]\xf4\xbc;h\xfc\xb6\xa0\xda\xbb\xfa\xca\xa1\xbe\x96\x8a\x14\xfd\xae;!\b\xb8\xfa\r\xa6\x13\x1d$\x16\xaa\x93\x86\xf8\xf7\xfd\xd5V\x89I\x9f\xda\xc3?\xad\t\xc9\xcd\xe7\x1d\f\xfd\x99\xb8\xd0]\x1e\xce\x11\x18Ui\xb0\xdd\x8f\xce\x7f\xc6#@\x9c#wd\x854\xa3R\x85\x1a\x99]\xaf\"\x99R\x8a\xa6h\xf8\x83\x86\xf7z7x.r\xcb$\x026\xea\xe9#\x80\x19C\xacc\xcau\xfd\xaaC\x1b\x16\xf5#\xb7\xe7\a\xc0m0\xc4\x94\xd3\x108o6\xa6\x12\xa4\xab\x83O\xa0nF\xa8\xf3\xde\x82\b!^', r0) keyctl$clear(0x7, r0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x0, 0x61, 0x18, 0x50}, [@ldst={0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x27}]}, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async, rerun: 64) socketpair$nbd(0x1, 0x1, 0x0, 0x0) (async) sched_setscheduler(0x0, 0x1, 0x0) (async, rerun: 32) r5 = getpid() (rerun: 32) sched_setscheduler(r5, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) (async) connect$unix(0xffffffffffffffff, 0x0, 0x0) r6 = socket$caif_seqpacket(0x25, 0x5, 0x3) connect$caif(r6, &(0x7f0000000040)=@rfm={0x25, 0x1, "5d26aace86ca93e92d7e006b2c93a0f4"}, 0x22) (async, rerun: 32) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0) (async, rerun: 32) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e08007b0c"], 0xb) (async) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[], 0xa0}}, 0x12) 5.640998748s ago: executing program 4 (id=911): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r0, 0x111, 0x1, 0x1, 0x4) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000}) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) socket(0x1e, 0x1, 0x0) io_uring_enter(r3, 0x47f6, 0x0, 0x2, 0x0, 0x0) 5.58724915s ago: executing program 2 (id=912): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0) (fail_nth: 1) 5.289187747s ago: executing program 2 (id=913): r0 = socket$netlink(0x10, 0x3, 0x15) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x10, 0x0, 0xb9, 0x0, 0x5}, 0x9c) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_STATUS(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010026bd7000fbdbdf25050000000800010000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000080}, 0x90) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newqdisc={0x7c, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe, 0x4}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x24, 0x2, [@TCA_FQ_PIE_DQ_RATE_ESTIMATOR={0x8}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x8}, @TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0x80}, @TCA_FQ_PIE_BETA={0x8, 0x6, 0x20}]}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x2, 0x9]}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 5.069050896s ago: executing program 2 (id=914): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x50, r1, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x34, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="82a10393d71ae05b9082414dc9c9b4f2bfb32d30a21fa448c247bd7204b51f39"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "bebd40e59133fef2"}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x20048810) (fail_nth: 1) 5.037087027s ago: executing program 0 (id=915): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x610001, 0x0) (async) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x610001, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() (async) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100), &(0x7f0000000280)) (async) r4 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100), &(0x7f0000000280)) io_uring_enter(r4, 0x54, 0x4, 0xf, 0x0, 0x18) (async) io_uring_enter(r4, 0x54, 0x4, 0xf, 0x0, 0x18) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0xc8002, 0x0) (async) r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0xc8002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_RESET(r5, 0xc01064c4, &(0x7f0000000600)={0x0}) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f40), r9) sendmsg$IEEE802154_SCAN_REQ(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x1c, r10, 0x203, 0x70bd26, 0x25dfdc01, {}, [@IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x4}]}, 0x1c}}, 0x20000840) r11 = dup(r7) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x54, 0x0, 0x0) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x54, 0x0, 0x0) r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r13 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r13, 0x8933, &(0x7f0000000140)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_GET_WPAN_PHY(r13, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, r12, 0x7d243a6ea807936d, 0x12, 0x25dfdbf8, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r14}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48891}, 0x880) (async) sendmsg$NL802154_CMD_GET_WPAN_PHY(r13, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, r12, 0x7d243a6ea807936d, 0x12, 0x25dfdbf8, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r14}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48891}, 0x880) sendmsg$NL802154_CMD_NEW_SEC_KEY(r9, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x20, r12, 0x300, 0x70bd27, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x200440c0}, 0x4000) ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000008504"]) 4.589251696s ago: executing program 2 (id=916): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000) unshare(0x2c000100) r0 = inotify_init1(0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x7) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0x10000, 0x0, 0x1, 0x8000, '\x00', 0x0, r0, 0x3, 0x0, 0x3, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x10, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@generic={0x6, 0x3, 0xd, 0xed4, 0x8}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r3, 0x0, 0x81, &(0x7f0000000040)={'nat\x00', 0x0, 0x0, 0x0, [], 0x1, 0x0, 0x0, [{}]}, 0x88) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'}) socket$nl_route(0x10, 0x3, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) bpf$ENABLE_STATS(0x20, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000001a40)=""/102392, 0x18ff8) socket$igmp(0x2, 0x3, 0x2) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x6, 0x0, 0x7fff0006}]}) 4.15312927s ago: executing program 4 (id=917): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @p_u8=0x0}}) (fail_nth: 1) 4.103843204s ago: executing program 0 (id=918): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) socket$kcm(0x2, 0x5, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001200010a8d2f700000000000000000cb0707"], 0x14}}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000280)=0x100000001, 0x4) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000240)={0x9, @pix_mp={0x2217, 0x8, 0x31324d4e, 0x0, 0x4, [{0x6, 0x4}, {0x2, 0x2}, {0xa, 0x6}, {0x1ff, 0x3}, {0x35c, 0x2f}, {0x559, 0xfffffffd}, {0x4, 0x7}, {0xffffffff, 0x2}], 0x2, 0x2, 0x8, 0x0, 0x1}}) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0) clock_nanosleep(0x8, 0x0, &(0x7f00000004c0)={0x0, 0x3938700}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='cramfs\x00', 0x2a00000, 0x0) syz_io_uring_setup(0x1249, &(0x7f00000000c0)={0x0, 0x2170, 0x4000, 0x1, 0x1c1}, &(0x7f0000000180), 0x0) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r4, &(0x7f00000001c0)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @remote}}, 0x24) sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r4, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) 3.867863936s ago: executing program 3 (id=919): io_uring_setup(0x2e34, &(0x7f0000000100)) pipe2$9p(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY_LEVEL(r1, 0x0, 0x2, &(0x7f0000000880)=0x1, 0x4) getsockopt$WPAN_SECURITY_LEVEL(r1, 0x0, 0x2, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syslog(0x4, &(0x7f0000000180)=""/210, 0xd2) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x67) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005f80)=@newtfilter={0x90, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x58, 0x2, [@TCA_FLOW_ACT={0x54, 0x9, 0x0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x20000001, 0x4, 0x2}, 0x1, r5}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}, @TCA_RATE={0x5, 0x5, {0xff, 0x5}}]}, 0x90}}, 0x0) 3.817151911s ago: executing program 4 (id=920): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x0, 0x0, 0x0) 3.391626196s ago: executing program 4 (id=921): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2542, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x14, 0x0, 0x0) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x40000, 0x0, 0x2, 0x1}}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x35, 0x8, 0x0, 0x0, 0x4, 0x0, 0x6c, 0x0, 0x8400000000000, 0x80000000000000, 0x0, 0x8, 0x0, 0xfffffffffffffffd, 0x0, 0xa74], 0xdddd0000, 0x3c4210}) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2542, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x14, 0x0, 0x0) (async) socket(0x10, 0x803, 0x0) (async) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x40000, 0x0, 0x2, 0x1}}) (async) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x35, 0x8, 0x0, 0x0, 0x4, 0x0, 0x6c, 0x0, 0x8400000000000, 0x80000000000000, 0x0, 0x8, 0x0, 0xfffffffffffffffd, 0x0, 0xa74], 0xdddd0000, 0x3c4210}) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) 3.136167166s ago: executing program 1 (id=922): socket(0x1d, 0x6, 0x9) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r4, &(0x7f0000000240)={0x2, 0x4001, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) mount$nfs4(0x0, 0x0, &(0x7f0000000440), 0x0, &(0x7f00000001c0)=ANY=[]) r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0d000080000000002c7266646e6f35", @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',\x00']) pipe(&(0x7f0000005880)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_selinux(r7, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{0x1, 0xffffffffffffffff}, &(0x7f00000005c0), &(0x7f0000000600)=r0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x11, 0x17, &(0x7f0000000480)=ANY=[@ANYBLOB="180000003367232c000000000200000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000000500000018260000", @ANYRES32, @ANYBLOB="0000000007000000186800000a0000000000000000000000bc955200f0ffffff18220000cf5ab585a2", @ANYRES32, @ANYBLOB="0000000009000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000400)='GPL\x00', 0xfa, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000540)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000580)={0x3, 0x5, 0x101, 0x8}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000680)=[0x1, r7, r8], &(0x7f00000006c0)=[{0x0, 0x5, 0xa, 0xa}], 0x10, 0xc, @void, @value}, 0x94) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) unshare(0x40020000) connect$inet6(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xf338}], 0x1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan0\x00'}) 2.330430969s ago: executing program 2 (id=923): syz_usb_connect(0x0, 0x2d2, &(0x7f0000000000)=ANY=[@ANYBLOB="120100008b216740420709204661010203010902c002010000000009047500efd08de70009054e"], 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000700)=ANY=[@ANYBLOB="240000002e0001002aab7000000000000800"], 0x24}], 0x1}, 0x0) r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000100000040000180060001000a00000008000500000000000c000700000000000000000008000900710000000700060072720000080008000000000008000b"], 0x54}}, 0x0) 2.151823542s ago: executing program 4 (id=924): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)="be38", 0x2}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaac14140000000b0014000000000000000000000007"], 0x38}, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x275a, 0x0) socket(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket(0x1d, 0x2, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x0) ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x0}) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x300c4) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff) sendmsg$SMC_PNETID_DEL(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000680)=ANY=[@ANYBLOB], 0x20}, 0x1, 0x40030000000000, 0x0, 0x20004000}, 0x0) sendmsg$SMC_PNETID_DEL(r2, 0x0, 0x8040) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)}, 0x1) socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, 0x0, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x6a, 0x4, 0x20000002, 0x101) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x3b0, 0x0, 0x43, 0xa0, 0x1d0, 0x98, 0x318, 0x178, 0x178, 0x318, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1b0, 0x1d0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x410) 2.150579227s ago: executing program 1 (id=925): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_timeval(r1, 0x1, 0x42, &(0x7f0000000000)={0x0, 0xea60}, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)) socket$rxrpc(0x21, 0x2, 0x5) epoll_create1(0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x40000, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x24044005) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_open_dev$vim2m(0x0, 0xd2, 0x2) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000080)={0x0, 0x101, 0x20, 0xd6}, &(0x7f0000000180)=0x18) 1.60647235s ago: executing program 4 (id=926): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() (fail_nth: 1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, 0x0}], 0x1, 0x5a, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) fcntl$getownex(r0, 0x10, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/ip6_tables_matches\x00') setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) prlimit64(0x0, 0xb, &(0x7f0000000000), 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) gettid() 1.407931469s ago: executing program 0 (id=927): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r0, 0x111, 0x1, 0x1, 0x4) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000}) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) socket(0x1e, 0x1, 0x0) io_uring_enter(r3, 0x47f6, 0x0, 0x2, 0x0, 0x0) 0s ago: executing program 3 (id=928): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): 871] usb 4-1: Using ep0 maxpacket: 32 [ 274.615412][ T5871] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 274.625411][ T5871] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 274.647010][ T5871] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 274.669525][ T5871] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 274.691296][ T5900] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 274.769954][ T5902] usb 2-1: Product: syz [ 274.770004][ T5871] usb 4-1: config 0 interface 0 has no altsetting 0 [ 274.791841][ T5871] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 274.801008][ T5871] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 274.811754][ T5871] usb 4-1: Product: syz [ 274.815925][ T5871] usb 4-1: Manufacturer: syz [ 274.822435][ T5871] usb 4-1: SerialNumber: syz [ 274.833187][ T5871] usb 4-1: config 0 descriptor?? [ 274.850963][ T5871] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 274.863276][ T5871] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 274.893217][ T5902] usb 2-1: Manufacturer: syz [ 275.005625][ T5900] usb 3-1: config 0 has no interfaces? [ 275.013146][ T5902] cdc_wdm 2-1:1.0: skipping garbage [ 275.018556][ T5902] cdc_wdm 2-1:1.0: skipping garbage [ 275.020317][ T5900] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 275.023912][ T5902] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 275.071763][ T5871] usb 4-1: USB disconnect, device number 14 [ 275.096116][ T5871] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 275.124039][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.154871][ T5900] usb 3-1: Product: syz [ 275.159128][ T5900] usb 3-1: Manufacturer: syz [ 275.166338][ T5900] usb 3-1: SerialNumber: syz [ 275.176829][ T5900] usb 3-1: config 0 descriptor?? [ 275.263982][ T5900] usb 2-1: USB disconnect, device number 21 [ 275.358898][ T30] audit: type=1400 audit(1743864709.557:263): avc: denied { read write } for pid=8123 comm="syz.4.643" name="mouse0" dev="devtmpfs" ino=987 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 275.401997][ T30] audit: type=1400 audit(1743864709.557:264): avc: denied { open } for pid=8123 comm="syz.4.643" path="/dev/input/mouse0" dev="devtmpfs" ino=987 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 276.490226][ T30] audit: type=1400 audit(1743864710.677:265): avc: denied { setopt } for pid=8152 comm="syz.1.652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 276.528303][ T5871] libceph: connect (1)[c::]:6789 error -101 [ 276.536592][ T30] audit: type=1400 audit(1743864710.677:266): avc: denied { write } for pid=8152 comm="syz.1.652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 276.538992][ T5871] libceph: mon0 (1)[c::]:6789 connect error [ 276.560766][ T30] audit: type=1400 audit(1743864710.677:267): avc: denied { bind } for pid=8152 comm="syz.1.652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 276.582602][ T8153] ceph: No mds server is up or the cluster is laggy [ 277.088763][ T8169] FAULT_INJECTION: forcing a failure. [ 277.088763][ T8169] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 277.101238][ T5871] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 277.121682][ T8169] CPU: 0 UID: 0 PID: 8169 Comm: syz.1.657 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 277.121716][ T8169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 277.121728][ T8169] Call Trace: [ 277.121733][ T8169] [ 277.121739][ T8169] dump_stack_lvl+0x16c/0x1f0 [ 277.121771][ T8169] should_fail_ex+0x512/0x640 [ 277.121794][ T8169] _copy_from_user+0x2e/0xd0 [ 277.121815][ T8169] copy_msghdr_from_user+0x98/0x160 [ 277.121839][ T8169] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 277.121869][ T8169] ___sys_sendmsg+0xfe/0x1d0 [ 277.121889][ T8169] ? __pfx____sys_sendmsg+0x10/0x10 [ 277.121935][ T8169] __sys_sendmsg+0x16d/0x220 [ 277.121957][ T8169] ? __pfx___sys_sendmsg+0x10/0x10 [ 277.121983][ T8169] ? rcu_is_watching+0x12/0xc0 [ 277.122013][ T8169] do_syscall_64+0xcd/0x260 [ 277.122038][ T8169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.122056][ T8169] RIP: 0033:0x7f6e0818d169 [ 277.122071][ T8169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.122088][ T8169] RSP: 002b:00007f6e0903e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 277.122105][ T8169] RAX: ffffffffffffffda RBX: 00007f6e083a5fa0 RCX: 00007f6e0818d169 [ 277.122115][ T8169] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 277.122125][ T8169] RBP: 00007f6e0903e090 R08: 0000000000000000 R09: 0000000000000000 [ 277.122135][ T8169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 277.122146][ T8169] R13: 0000000000000000 R14: 00007f6e083a5fa0 R15: 00007ffcc1feccc8 [ 277.122168][ T8169] [ 277.731249][ T5832] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 277.740013][ T5902] usb 3-1: USB disconnect, device number 31 [ 277.765899][ T8177] netlink: 8 bytes leftover after parsing attributes in process `syz.2.659'. [ 277.801918][ T5871] usb 5-1: config 0 has no interfaces? [ 277.898988][ T8179] netlink: 60 bytes leftover after parsing attributes in process `syz.2.660'. [ 277.908223][ T10] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 277.926845][ T5871] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 277.936035][ T5871] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.944383][ T5871] usb 5-1: Product: syz [ 277.948538][ T5871] usb 5-1: Manufacturer: syz [ 277.953722][ T5871] usb 5-1: SerialNumber: syz [ 277.970669][ T5871] usb 5-1: config 0 descriptor?? [ 278.108038][ T5832] usb 1-1: config 0 has no interfaces? [ 278.551361][ T5871] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 278.712281][ T5871] usb 4-1: Using ep0 maxpacket: 16 [ 278.718251][ T5832] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 278.732062][ T5832] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.738592][ T5871] usb 4-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config [ 278.754650][ T5832] usb 1-1: Product: syz [ 278.763373][ T5832] usb 1-1: Manufacturer: syz [ 278.771323][ T5832] usb 1-1: SerialNumber: syz [ 278.780397][ T5832] usb 1-1: config 0 descriptor?? [ 278.874836][ T10] usb 2-1: config 0 has no interfaces? [ 278.890786][ T10] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 278.900071][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.911092][ T10] usb 2-1: Product: syz [ 278.915545][ T10] usb 2-1: Manufacturer: syz [ 278.920462][ T10] usb 2-1: SerialNumber: syz [ 278.928443][ T5871] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 278.939057][ T10] usb 2-1: config 0 descriptor?? [ 279.105947][ T5871] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 279.281230][ T5871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.293914][ T5871] usb 4-1: config 0 descriptor?? [ 279.302477][ T5871] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 279.338729][ T8188] netlink: 'syz.2.663': attribute type 4 has an invalid length. [ 279.477547][ T8191] netlink: 28 bytes leftover after parsing attributes in process `syz.2.664'. [ 279.544976][ T8191] netlink: 28 bytes leftover after parsing attributes in process `syz.2.664'. [ 280.473898][ T5870] usb 5-1: USB disconnect, device number 27 [ 280.563557][ T5900] usb 1-1: USB disconnect, device number 22 [ 280.670517][ T5871] usb 2-1: USB disconnect, device number 22 [ 280.772920][ T8204] netlink: 92 bytes leftover after parsing attributes in process `syz.2.669'. [ 281.092861][ T8204] netlink: 92 bytes leftover after parsing attributes in process `syz.2.669'. [ 282.289718][ T10] usb 4-1: USB disconnect, device number 15 [ 282.324761][ T30] audit: type=1400 audit(1743864716.497:268): avc: denied { setopt } for pid=8207 comm="syz.1.670" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 282.507433][ T30] audit: type=1400 audit(1743864716.707:269): avc: denied { write } for pid=8218 comm="syz.2.674" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 282.831225][ T5872] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 283.045023][ T30] audit: type=1400 audit(1743864716.707:270): avc: denied { open } for pid=8218 comm="syz.2.674" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 283.072364][ T30] audit: type=1400 audit(1743864716.717:271): avc: denied { execute } for pid=8218 comm="syz.2.674" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 283.191738][ T5872] usb 1-1: config 0 has no interfaces? [ 283.334083][ T5872] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 283.371303][ T30] audit: type=1400 audit(1743864717.557:272): avc: denied { ioctl } for pid=8218 comm="syz.2.674" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 283.405180][ T5872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.531341][ T5872] usb 1-1: Product: syz [ 283.563638][ T5872] usb 1-1: Manufacturer: syz [ 283.575063][ T5872] usb 1-1: SerialNumber: syz [ 283.591310][ T5900] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 283.621079][ T5872] usb 1-1: config 0 descriptor?? [ 283.802277][ T5900] usb 3-1: Using ep0 maxpacket: 32 [ 283.808673][ T5900] usb 3-1: config 0 has an invalid interface number: 106 but max is 0 [ 283.817641][ T5900] usb 3-1: config 0 has no interface number 0 [ 283.823851][ T5900] usb 3-1: config 0 interface 106 has no altsetting 0 [ 283.851477][ T5900] usb 3-1: New USB device found, idVendor=0421, idProduct=6901, bcdDevice=2d.1d [ 283.876235][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.893621][ T5900] usb 3-1: Product: syz [ 283.907599][ T5900] usb 3-1: Manufacturer: syz [ 283.922967][ T5900] usb 3-1: SerialNumber: syz [ 283.944829][ T5900] usb 3-1: config 0 descriptor?? [ 283.962660][ T5900] cdc_phonet 3-1:0.106: probe with driver cdc_phonet failed with error -22 [ 284.599544][ T5870] usb 3-1: USB disconnect, device number 32 [ 284.734068][ T8239] netlink: 60 bytes leftover after parsing attributes in process `syz.3.677'. [ 286.290880][ T5870] usb 1-1: USB disconnect, device number 23 [ 287.861385][ T5870] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 288.321234][ T5870] usb 1-1: device descriptor read/64, error -71 [ 288.517380][ T8265] netlink: 'syz.2.685': attribute type 4 has an invalid length. [ 288.971319][ T3080] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 288.994301][ T5870] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 289.412896][ T5870] usb 1-1: device descriptor read/64, error -71 [ 289.440969][ T3080] usb 2-1: Using ep0 maxpacket: 16 [ 289.913410][ T3080] usb 2-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config [ 289.962100][ T3080] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 289.991302][ T3080] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 290.000393][ T3080] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.012522][ T3080] usb 2-1: config 0 descriptor?? [ 290.021544][ T5870] usb usb1-port1: attempt power cycle [ 290.033203][ T3080] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 290.071674][ T8278] netlink: 24 bytes leftover after parsing attributes in process `syz.2.690'. [ 290.082849][ T8278] netlink: 24 bytes leftover after parsing attributes in process `syz.2.690'. [ 290.453511][ T8289] netlink: 15 bytes leftover after parsing attributes in process `syz.2.693'. [ 290.655871][ T5870] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 290.699231][ T5870] usb 1-1: device descriptor read/8, error -71 [ 290.711337][ T3080] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 290.810212][ T8294] Invalid source name [ 290.814330][ T8294] UBIFS error (pid: 8294): cannot open "ubifs", error -22 [ 290.886876][ T3080] usb 4-1: config 0 has no interfaces? [ 290.918861][ T3080] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 290.928685][ T3080] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.987693][ T3080] usb 4-1: Product: syz [ 290.992629][ T3080] usb 4-1: Manufacturer: syz [ 290.997321][ T3080] usb 4-1: SerialNumber: syz [ 291.014358][ T3080] usb 4-1: config 0 descriptor?? [ 291.191247][ T5870] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 291.212758][ T5870] usb 1-1: Using ep0 maxpacket: 16 [ 291.233227][ T5870] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 291.274123][ T5870] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 291.315457][ T5870] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 291.345518][ T5870] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 22 [ 291.387224][ T5870] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 291.398336][ T5870] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 291.425063][ T5870] usb 1-1: SerialNumber: syz [ 291.452264][ T5870] cdc_acm 1-1:1.0: skipping garbage [ 291.624217][ T8301] netlink: 'syz.4.697': attribute type 1 has an invalid length. [ 291.788659][ T10] usb 2-1: USB disconnect, device number 23 [ 291.850141][ T5872] usb 1-1: USB disconnect, device number 27 [ 291.905085][ T8304] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 291.920167][ T8304] cramfs: wrong magic [ 292.621224][ T5870] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 292.621243][ T5872] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 293.684413][ T5872] usb 5-1: config 0 has no interfaces? [ 293.700265][ T5870] usb 2-1: config 0 has no interfaces? [ 293.708494][ T5872] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 293.730157][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.738185][ T5870] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 293.738212][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.738227][ T5870] usb 2-1: Product: syz [ 293.738240][ T5870] usb 2-1: Manufacturer: syz [ 293.738252][ T5870] usb 2-1: SerialNumber: syz [ 293.763864][ T5870] usb 2-1: config 0 descriptor?? [ 293.778786][ T5832] usb 4-1: USB disconnect, device number 16 [ 293.848917][ T5872] usb 5-1: Product: syz [ 293.854944][ T5872] usb 5-1: Manufacturer: syz [ 293.859623][ T5872] usb 5-1: SerialNumber: syz [ 293.882920][ T5872] usb 5-1: config 0 descriptor?? [ 294.311229][ T5832] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 294.366744][ T30] audit: type=1400 audit(1743864728.557:273): avc: denied { append } for pid=8327 comm="syz.0.702" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 294.461317][ T5832] usb 4-1: device descriptor read/64, error -71 [ 294.711274][ T5832] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 294.842373][ T5832] usb 4-1: device descriptor read/64, error -71 [ 294.962282][ T5832] usb usb4-port1: attempt power cycle [ 295.301793][ T5832] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 295.378209][ T5832] usb 4-1: device descriptor read/8, error -71 [ 295.431493][ T5900] usb 2-1: USB disconnect, device number 24 [ 295.491919][ T5870] usb 5-1: USB disconnect, device number 28 [ 295.603262][ T30] audit: type=1400 audit(1743864729.797:274): avc: denied { append } for pid=8341 comm="syz.2.707" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 295.625887][ C0] vkms_vblank_simulate: vblank timer overrun [ 295.992692][ T8349] syz_tun: entered allmulticast mode [ 295.998573][ T8349] syz_tun: left allmulticast mode [ 296.058216][ T5832] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 296.144463][ T8355] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 296.151760][ T8355] cramfs: wrong magic [ 296.157671][ T5832] usb 4-1: device descriptor read/8, error -71 [ 297.132574][ T5832] usb usb4-port1: unable to enumerate USB device [ 297.668827][ T8374] netlink: 12 bytes leftover after parsing attributes in process `syz.2.714'. [ 297.824028][ T8381] xt_connbytes: Forcing CT accounting to be enabled [ 297.831355][ T8381] set match dimension is over the limit! [ 297.850992][ T30] audit: type=1400 audit(1743864732.017:275): avc: denied { setopt } for pid=8377 comm="syz.0.715" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 297.857538][ T8382] netlink: 28 bytes leftover after parsing attributes in process `syz.2.714'. [ 298.672271][ T8397] syz_tun: entered allmulticast mode [ 298.800810][ T5832] usb 5-1: new full-speed USB device number 29 using dummy_hcd [ 298.973947][ T5832] usb 5-1: config 252 has an invalid interface number: 191 but max is 0 [ 298.982662][ T5832] usb 5-1: config 252 has no interface number 0 [ 299.109914][ T5832] usb 5-1: New USB device found, idVendor=054c, idProduct=0069, bcdDevice=6d.6f [ 299.134888][ T5832] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.378714][ T8391] syz_tun: left allmulticast mode [ 299.402438][ T5832] usb 5-1: Product: syz [ 299.769905][ T5832] usb 5-1: Manufacturer: syz [ 299.840650][ T5832] usb 5-1: SerialNumber: syz [ 299.951375][ T5832] usb-storage 5-1:252.191: USB Mass Storage device detected [ 300.144073][ T8409] syz_tun: entered allmulticast mode [ 300.149057][ T8395] FAULT_INJECTION: forcing a failure. [ 300.149057][ T8395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.211262][ T8395] CPU: 1 UID: 0 PID: 8395 Comm: syz.4.719 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 300.211289][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 300.211299][ T8395] Call Trace: [ 300.211304][ T8395] [ 300.211310][ T8395] dump_stack_lvl+0x16c/0x1f0 [ 300.211337][ T8395] should_fail_ex+0x512/0x640 [ 300.211359][ T8395] _copy_to_user+0x32/0xd0 [ 300.211379][ T8395] simple_read_from_buffer+0xcb/0x170 [ 300.211405][ T8395] proc_fail_nth_read+0x197/0x270 [ 300.211426][ T8395] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 300.211448][ T8395] ? rw_verify_area+0xcf/0x680 [ 300.211463][ T8395] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 300.211479][ T8395] vfs_read+0x1de/0xc70 [ 300.211497][ T8395] ? __pfx___mutex_lock+0x10/0x10 [ 300.211512][ T8395] ? __pfx_vfs_read+0x10/0x10 [ 300.211532][ T8395] ? __fget_files+0x20e/0x3c0 [ 300.211546][ T8395] ksys_read+0x12a/0x240 [ 300.211555][ T8395] ? __pfx_ksys_read+0x10/0x10 [ 300.211568][ T8395] do_syscall_64+0xcd/0x260 [ 300.211584][ T8395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.211595][ T8395] RIP: 0033:0x7fa1a618bb7c [ 300.211604][ T8395] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 300.211615][ T8395] RSP: 002b:00007fa1a6f6b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 300.211626][ T8395] RAX: ffffffffffffffda RBX: 00007fa1a63a5fa0 RCX: 00007fa1a618bb7c [ 300.211632][ T8395] RDX: 000000000000000f RSI: 00007fa1a6f6b0a0 RDI: 0000000000000005 [ 300.211638][ T8395] RBP: 00007fa1a6f6b090 R08: 0000000000000000 R09: 0000000000000000 [ 300.211644][ T8395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 300.211650][ T8395] R13: 0000000000000000 R14: 00007fa1a63a5fa0 R15: 00007fff17ffd1c8 [ 300.211663][ T8395] [ 300.446241][ T8411] cgroup: noprefix used incorrectly [ 300.462430][ T5832] usb-storage 5-1:252.191: Quirks match for vid 054c pid 0069: 1 [ 300.505894][ T8409] syz_tun: left allmulticast mode [ 301.114521][ T5832] usb 5-1: USB disconnect, device number 29 [ 301.361123][ T8421] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 301.368453][ T8421] cramfs: wrong magic [ 301.461321][ T5900] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 301.556642][ T8425] FAULT_INJECTION: forcing a failure. [ 301.556642][ T8425] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 301.593410][ T8425] CPU: 0 UID: 0 PID: 8425 Comm: syz.4.725 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 301.593431][ T8425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 301.593443][ T8425] Call Trace: [ 301.593447][ T8425] [ 301.593452][ T8425] dump_stack_lvl+0x16c/0x1f0 [ 301.593472][ T8425] should_fail_ex+0x512/0x640 [ 301.593487][ T8425] _copy_from_user+0x2e/0xd0 [ 301.593502][ T8425] copy_msghdr_from_user+0x98/0x160 [ 301.593517][ T8425] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 301.593536][ T8425] ___sys_sendmsg+0xfe/0x1d0 [ 301.593550][ T8425] ? __pfx____sys_sendmsg+0x10/0x10 [ 301.593579][ T8425] __sys_sendmsg+0x16d/0x220 [ 301.593592][ T8425] ? __pfx___sys_sendmsg+0x10/0x10 [ 301.593605][ T8425] ? __pfx_bpf_trace_run2+0x10/0x10 [ 301.593620][ T8425] ? syscall_trace_enter+0x1cb/0x260 [ 301.593634][ T8425] ? rcu_is_watching+0x12/0xc0 [ 301.593650][ T8425] do_syscall_64+0xcd/0x260 [ 301.593667][ T8425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.593678][ T8425] RIP: 0033:0x7fa1a618d169 [ 301.593687][ T8425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.593698][ T8425] RSP: 002b:00007fa1a6f6b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 301.593708][ T8425] RAX: ffffffffffffffda RBX: 00007fa1a63a5fa0 RCX: 00007fa1a618d169 [ 301.593715][ T8425] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003 [ 301.593721][ T8425] RBP: 00007fa1a6f6b090 R08: 0000000000000000 R09: 0000000000000000 [ 301.593727][ T8425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.593733][ T8425] R13: 0000000000000000 R14: 00007fa1a63a5fa0 R15: 00007fff17ffd1c8 [ 301.593745][ T8425] [ 301.773777][ T5900] usb 2-1: Using ep0 maxpacket: 16 [ 301.839271][ T5900] usb 2-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config [ 301.865446][ T5900] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 301.894771][ T5900] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 301.920887][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.088391][ T5900] usb 2-1: config 0 descriptor?? [ 302.097491][ T5900] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 302.963554][ T5870] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 303.144893][ T5870] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 303.157181][ T5870] usb 5-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 303.175990][ T5870] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 304.136312][ T5870] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 304.151042][ T5870] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 304.161929][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 304.169956][ T5870] usb 5-1: Product: syz [ 304.174396][ T5870] usb 5-1: Manufacturer: syz [ 304.210895][ T5870] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 304.355717][ T5872] usb 2-1: USB disconnect, device number 25 [ 304.414562][ T5902] usb 5-1: USB disconnect, device number 30 [ 304.502345][ T5832] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 304.702876][ T5832] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 304.717838][ T5832] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 304.732987][ T5832] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 304.743977][ T5832] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.777712][ T8454] FAULT_INJECTION: forcing a failure. [ 304.777712][ T8454] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 304.793429][ T8443] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 304.807151][ T5832] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 304.819546][ T8454] CPU: 0 UID: 0 PID: 8454 Comm: syz.2.734 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 304.819569][ T8454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 304.819576][ T8454] Call Trace: [ 304.819580][ T8454] [ 304.819584][ T8454] dump_stack_lvl+0x16c/0x1f0 [ 304.819604][ T8454] should_fail_ex+0x512/0x640 [ 304.819618][ T8454] _copy_from_user+0x2e/0xd0 [ 304.819631][ T8454] __sys_bpf+0x21d/0x4d80 [ 304.819648][ T8454] ? __pfx___sys_bpf+0x10/0x10 [ 304.819662][ T8454] ? ksys_write+0x190/0x240 [ 304.819674][ T8454] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 304.819700][ T8454] ? fput+0x70/0xf0 [ 304.819712][ T8454] ? ksys_write+0x1b9/0x240 [ 304.819721][ T8454] ? __pfx_ksys_write+0x10/0x10 [ 304.819732][ T8454] __x64_sys_bpf+0x78/0xc0 [ 304.819746][ T8454] ? lockdep_hardirqs_on+0x7c/0x110 [ 304.819760][ T8454] do_syscall_64+0xcd/0x260 [ 304.819775][ T8454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.819787][ T8454] RIP: 0033:0x7f081038d169 [ 304.819796][ T8454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.819806][ T8454] RSP: 002b:00007f081114a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 304.819817][ T8454] RAX: ffffffffffffffda RBX: 00007f08105a5fa0 RCX: 00007f081038d169 [ 304.819824][ T8454] RDX: 0000000000000004 RSI: 0000200000000140 RDI: 0000000000000022 [ 304.819830][ T8454] RBP: 00007f081114a090 R08: 0000000000000000 R09: 0000000000000000 [ 304.819836][ T8454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.819842][ T8454] R13: 0000000000000000 R14: 00007f08105a5fa0 R15: 00007ffd60552578 [ 304.819855][ T8454] [ 305.363896][ T8461] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 305.374499][ T8461] cramfs: wrong magic [ 305.505957][ T5832] usb 4-1: USB disconnect, device number 21 [ 305.630686][ T8472] FAULT_INJECTION: forcing a failure. [ 305.630686][ T8472] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.696804][ T8472] CPU: 1 UID: 0 PID: 8472 Comm: syz.1.738 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 305.696833][ T8472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 305.696843][ T8472] Call Trace: [ 305.696849][ T8472] [ 305.696856][ T8472] dump_stack_lvl+0x16c/0x1f0 [ 305.696883][ T8472] should_fail_ex+0x512/0x640 [ 305.696905][ T8472] _copy_to_user+0x32/0xd0 [ 305.696925][ T8472] simple_read_from_buffer+0xcb/0x170 [ 305.696950][ T8472] proc_fail_nth_read+0x197/0x270 [ 305.696974][ T8472] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 305.697000][ T8472] ? rw_verify_area+0xcf/0x680 [ 305.697022][ T8472] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 305.697046][ T8472] vfs_read+0x1de/0xc70 [ 305.697075][ T8472] ? __pfx___mutex_lock+0x10/0x10 [ 305.697096][ T8472] ? __pfx_vfs_read+0x10/0x10 [ 305.697125][ T8472] ? __fget_files+0x20e/0x3c0 [ 305.697147][ T8472] ksys_read+0x12a/0x240 [ 305.697162][ T8472] ? __pfx_ksys_read+0x10/0x10 [ 305.697179][ T8472] ? rcu_is_watching+0x12/0xc0 [ 305.697207][ T8472] do_syscall_64+0xcd/0x260 [ 305.697231][ T8472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.697247][ T8472] RIP: 0033:0x7f6e0818bb7c [ 305.697262][ T8472] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 305.697276][ T8472] RSP: 002b:00007f6e0901d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 305.697292][ T8472] RAX: ffffffffffffffda RBX: 00007f6e083a6080 RCX: 00007f6e0818bb7c [ 305.697302][ T8472] RDX: 000000000000000f RSI: 00007f6e0901d0a0 RDI: 0000000000000004 [ 305.697310][ T8472] RBP: 00007f6e0901d090 R08: 0000000000000000 R09: 0000000000000000 [ 305.697319][ T8472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.697329][ T8472] R13: 0000000000000000 R14: 00007f6e083a6080 R15: 00007ffcc1feccc8 [ 305.697352][ T8472] [ 306.171472][ T6328] udevd[6328]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 306.577184][ T8486] netlink: 20 bytes leftover after parsing attributes in process `syz.0.744'. [ 308.504354][ T8502] netlink: 'syz.4.748': attribute type 4 has an invalid length. [ 308.546688][ T8504] netlink: 20 bytes leftover after parsing attributes in process `syz.3.749'. [ 308.581406][ T5832] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 308.592888][ T8504] netlink: 20 bytes leftover after parsing attributes in process `syz.3.749'. [ 308.762715][ T5832] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 309.095942][ T5832] usb 1-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 309.188971][ T5832] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 309.210280][ T5832] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 309.245156][ T8514] netlink: 28 bytes leftover after parsing attributes in process `syz.3.750'. [ 309.309536][ T8513] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 309.381316][ T8513] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 309.390226][ T8513] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 309.415012][ T5832] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 309.432057][ T5832] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 309.444043][ T8513] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 309.453099][ T5832] usb 1-1: Product: syz [ 309.461613][ T5832] usb 1-1: Manufacturer: syz [ 309.468285][ T8513] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 309.500401][ T5832] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 309.599444][ T8514] 8021q: adding VLAN 0 to HW filter on device bond2 [ 309.663765][ T8517] xt_connbytes: Forcing CT accounting to be enabled [ 309.812058][ T5900] usb 1-1: USB disconnect, device number 28 [ 309.828875][ T8517] set match dimension is over the limit! [ 310.120091][ T8522] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 310.150574][ T30] audit: type=1400 audit(1743864744.347:276): avc: denied { create } for pid=8520 comm="syz.3.754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 310.208152][ T30] audit: type=1400 audit(1743864744.377:277): avc: denied { ioctl } for pid=8519 comm="syz.2.753" path="socket:[16321]" dev="sockfs" ino=16321 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 310.233883][ T30] audit: type=1400 audit(1743864744.407:278): avc: denied { sys_admin } for pid=8520 comm="syz.3.754" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 310.257776][ T30] audit: type=1400 audit(1743864744.407:279): avc: denied { bind } for pid=8519 comm="syz.2.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 310.400247][ T30] audit: type=1400 audit(1743864744.507:280): avc: denied { view } for pid=8519 comm="syz.2.753" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 310.479035][ T8533] netlink: 20 bytes leftover after parsing attributes in process `syz.3.756'. [ 310.504747][ T30] audit: type=1400 audit(1743864744.537:281): avc: denied { getopt } for pid=8519 comm="syz.2.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 310.537520][ T8535] netlink: 20 bytes leftover after parsing attributes in process `syz.0.757'. [ 310.557814][ T8536] FAULT_INJECTION: forcing a failure. [ 310.557814][ T8536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.560491][ T30] audit: type=1400 audit(1743864744.547:282): avc: denied { write } for pid=8519 comm="syz.2.753" path="socket:[16320]" dev="sockfs" ino=16320 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 310.611260][ T8536] CPU: 1 UID: 0 PID: 8536 Comm: syz.3.756 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 310.611287][ T8536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 310.611297][ T8536] Call Trace: [ 310.611302][ T8536] [ 310.611308][ T8536] dump_stack_lvl+0x16c/0x1f0 [ 310.611337][ T8536] should_fail_ex+0x512/0x640 [ 310.611360][ T8536] _copy_from_user+0x2e/0xd0 [ 310.611380][ T8536] copy_msghdr_from_user+0x98/0x160 [ 310.611404][ T8536] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 310.611429][ T8536] ? __lock_acquire+0x5ca/0x1ba0 [ 310.611450][ T8536] ___sys_recvmsg+0xdb/0x1a0 [ 310.611469][ T8536] ? __pfx____sys_recvmsg+0x10/0x10 [ 310.611498][ T8536] ? find_held_lock+0x2b/0x80 [ 310.611533][ T8536] do_recvmmsg+0x2fe/0x740 [ 310.611556][ T8536] ? __pfx_do_recvmmsg+0x10/0x10 [ 310.611581][ T8536] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 310.611610][ T8536] ? __fget_files+0x20e/0x3c0 [ 310.611632][ T8536] __x64_sys_recvmmsg+0x22a/0x280 [ 310.611654][ T8536] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 310.611681][ T8536] do_syscall_64+0xcd/0x260 [ 310.611705][ T8536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.611721][ T8536] RIP: 0033:0x7fd72d58d169 [ 310.611734][ T8536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.611750][ T8536] RSP: 002b:00007fd72e382038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 310.611767][ T8536] RAX: ffffffffffffffda RBX: 00007fd72d7a6080 RCX: 00007fd72d58d169 [ 310.611778][ T8536] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003 [ 310.611788][ T8536] RBP: 00007fd72e382090 R08: 0000000000000000 R09: 0000000000000000 [ 310.611798][ T8536] R10: 0000000040002042 R11: 0000000000000246 R12: 0000000000000001 [ 310.611808][ T8536] R13: 0000000000000001 R14: 00007fd72d7a6080 R15: 00007ffccc92c788 [ 310.611829][ T8536] [ 311.691016][ T8546] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 311.709854][ T8546] cramfs: wrong magic [ 311.768438][ T8555] netlink: 20 bytes leftover after parsing attributes in process `syz.4.762'. [ 311.847077][ T8558] xt_connbytes: Forcing CT accounting to be enabled [ 311.907576][ T8558] set match dimension is over the limit! [ 312.046363][ T8562] netlink: 28 bytes leftover after parsing attributes in process `syz.0.765'. [ 312.066132][ T8562] 8021q: adding VLAN 0 to HW filter on device bond4 [ 312.263535][ T8572] FAULT_INJECTION: forcing a failure. [ 312.263535][ T8572] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 312.326245][ T8572] CPU: 1 UID: 0 PID: 8572 Comm: syz.1.768 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 312.326269][ T8572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 312.326279][ T8572] Call Trace: [ 312.326284][ T8572] [ 312.326290][ T8572] dump_stack_lvl+0x16c/0x1f0 [ 312.326316][ T8572] should_fail_ex+0x512/0x640 [ 312.326336][ T8572] _copy_from_user+0x2e/0xd0 [ 312.326354][ T8572] do_sock_getsockopt+0x5f4/0x800 [ 312.326380][ T8572] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 312.326401][ T8572] ? __fget_files+0x204/0x3c0 [ 312.326430][ T8572] __sys_getsockopt+0x12f/0x260 [ 312.326453][ T8572] __x64_sys_getsockopt+0xbd/0x160 [ 312.326470][ T8572] ? do_syscall_64+0x91/0x260 [ 312.326488][ T8572] ? lockdep_hardirqs_on+0x7c/0x110 [ 312.326507][ T8572] do_syscall_64+0xcd/0x260 [ 312.326529][ T8572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.326543][ T8572] RIP: 0033:0x7f6e0818d169 [ 312.326555][ T8572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.326569][ T8572] RSP: 002b:00007f6e08ffc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 312.326583][ T8572] RAX: ffffffffffffffda RBX: 00007f6e083a6160 RCX: 00007f6e0818d169 [ 312.326594][ T8572] RDX: 0000000000000007 RSI: 000000000000011b RDI: 0000000000000003 [ 312.326603][ T8572] RBP: 00007f6e08ffc090 R08: 0000200000000240 R09: 0000000000000000 [ 312.326611][ T8572] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 312.326621][ T8572] R13: 0000000000000001 R14: 00007f6e083a6160 R15: 00007ffcc1feccc8 [ 312.326642][ T8572] [ 312.598816][ T8579] netlink: 12 bytes leftover after parsing attributes in process `syz.2.771'. [ 312.609005][ T30] audit: type=1400 audit(1743864746.797:283): avc: denied { create } for pid=8578 comm="syz.2.771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 312.629216][ T30] audit: type=1400 audit(1743864746.797:284): avc: denied { write } for pid=8578 comm="syz.2.771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 312.681893][ T30] audit: type=1400 audit(1743864746.797:285): avc: denied { nlmsg_write } for pid=8578 comm="syz.2.771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 313.623431][ T5900] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 314.611384][ T5900] usb 5-1: Using ep0 maxpacket: 32 [ 314.675632][ T5900] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 314.721367][ T5900] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 314.804805][ T5900] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 314.864184][ T5900] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 314.898035][ T5900] usb 5-1: config 0 interface 0 has no altsetting 0 [ 314.915265][ T5900] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 314.924822][ T5900] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 314.930285][ T8601] FAULT_INJECTION: forcing a failure. [ 314.930285][ T8601] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 314.943732][ T5900] usb 5-1: Product: syz [ 314.962998][ T8601] CPU: 0 UID: 0 PID: 8601 Comm: syz.2.777 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 314.963027][ T8601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 314.963038][ T8601] Call Trace: [ 314.963044][ T8601] [ 314.963050][ T8601] dump_stack_lvl+0x16c/0x1f0 [ 314.963080][ T8601] should_fail_ex+0x512/0x640 [ 314.963103][ T8601] _copy_from_user+0x2e/0xd0 [ 314.963125][ T8601] copy_msghdr_from_user+0x98/0x160 [ 314.963148][ T8601] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 314.963173][ T8601] ? __lock_acquire+0x5ca/0x1ba0 [ 314.963195][ T8601] ___sys_recvmsg+0xdb/0x1a0 [ 314.963214][ T8601] ? __pfx____sys_recvmsg+0x10/0x10 [ 314.963238][ T8601] ? find_held_lock+0x2b/0x80 [ 314.963272][ T8601] do_recvmmsg+0x2fe/0x740 [ 314.963295][ T8601] ? __pfx_do_recvmmsg+0x10/0x10 [ 314.963319][ T8601] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 314.963350][ T8601] ? __fget_files+0x20e/0x3c0 [ 314.963374][ T8601] __x64_sys_recvmmsg+0x22a/0x280 [ 314.963396][ T8601] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 314.963415][ T8601] ? rcu_is_watching+0x12/0xc0 [ 314.963451][ T8601] do_syscall_64+0xcd/0x260 [ 314.963476][ T8601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.963495][ T8601] RIP: 0033:0x7f081038d169 [ 314.963508][ T8601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 314.963525][ T8601] RSP: 002b:00007f081114a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 314.963543][ T8601] RAX: ffffffffffffffda RBX: 00007f08105a5fa0 RCX: 00007f081038d169 [ 314.963554][ T8601] RDX: 0000000000000001 RSI: 0000200000000380 RDI: 0000000000000004 [ 314.963564][ T8601] RBP: 00007f081114a090 R08: 0000000000000000 R09: 0000000000000000 [ 314.963573][ T8601] R10: 0000000000000030 R11: 0000000000000246 R12: 0000000000000001 [ 314.963583][ T8601] R13: 0000000000000000 R14: 00007f08105a5fa0 R15: 00007ffd60552578 [ 314.963605][ T8601] [ 314.979135][ T5900] usb 5-1: Manufacturer: syz [ 314.999182][ T8603] netlink: 'syz.0.778': attribute type 4 has an invalid length. [ 315.002540][ T5900] usb 5-1: SerialNumber: syz [ 315.189594][ T5900] usb 5-1: config 0 descriptor?? [ 315.193616][ T8609] set match dimension is over the limit! [ 315.197980][ T5900] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 315.217443][ T5900] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 315.350148][ T8617] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 315.358237][ T8617] cramfs: wrong magic [ 315.406833][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 315.406850][ T30] audit: type=1326 audit(1743864749.607:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8587 comm="syz.4.775" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa1a618d169 code=0x0 [ 315.670242][ T8620] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 315.857719][ T8620] cramfs: wrong magic [ 316.201296][ T5900] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 316.245997][ T8629] FAULT_INJECTION: forcing a failure. [ 316.245997][ T8629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.259252][ T8629] CPU: 1 UID: 0 PID: 8629 Comm: syz.1.785 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 316.259275][ T8629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 316.259285][ T8629] Call Trace: [ 316.259291][ T8629] [ 316.259297][ T8629] dump_stack_lvl+0x16c/0x1f0 [ 316.259323][ T8629] should_fail_ex+0x512/0x640 [ 316.259346][ T8629] _copy_from_user+0x2e/0xd0 [ 316.259365][ T8629] __x64_sys_sendfile64+0x120/0x220 [ 316.259383][ T8629] ? ksys_write+0x1b9/0x240 [ 316.259396][ T8629] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 316.259411][ T8629] ? rcu_is_watching+0x12/0xc0 [ 316.259434][ T8629] do_syscall_64+0xcd/0x260 [ 316.259453][ T8629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.259466][ T8629] RIP: 0033:0x7f6e0818d169 [ 316.259482][ T8629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.259496][ T8629] RSP: 002b:00007f6e08ffc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 316.259509][ T8629] RAX: ffffffffffffffda RBX: 00007f6e083a6160 RCX: 00007f6e0818d169 [ 316.259518][ T8629] RDX: 0000200000002080 RSI: 0000000000000003 RDI: 0000000000000004 [ 316.259526][ T8629] RBP: 00007f6e08ffc090 R08: 0000000000000000 R09: 0000000000000000 [ 316.259533][ T8629] R10: 000000000000023b R11: 0000000000000246 R12: 0000000000000001 [ 316.259541][ T8629] R13: 0000000000000000 R14: 00007f6e083a6160 R15: 00007ffcc1feccc8 [ 316.259557][ T8629] [ 316.511212][ T5900] usb 4-1: device descriptor read/64, error -71 [ 316.568311][ T5902] usb 5-1: USB disconnect, device number 31 [ 316.575614][ T5902] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 316.638744][ T30] audit: type=1400 audit(1743864750.837:290): avc: denied { read } for pid=8630 comm="syz.0.786" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 316.723354][ T30] audit: type=1400 audit(1743864750.837:291): avc: denied { open } for pid=8630 comm="syz.0.786" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 316.751597][ T5900] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 316.874484][ T30] audit: type=1400 audit(1743864750.867:292): avc: denied { ioctl } for pid=8630 comm="syz.0.786" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d0c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 317.032532][ T30] audit: type=1400 audit(1743864750.907:293): avc: denied { write } for pid=8634 comm="syz.4.788" name="route" dev="proc" ino=4026532955 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 317.106068][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.112696][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.141511][ T5900] usb 4-1: device descriptor read/64, error -71 [ 317.383259][ T30] audit: type=1400 audit(1743864751.327:294): avc: denied { accept } for pid=8641 comm="syz.2.790" laddr=fe80::a8aa:aaff:feaa:aa16 lport=39932 faddr=ff02::1 fport=20007 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 317.461602][ T5900] usb usb4-port1: attempt power cycle [ 318.501522][ T3080] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 318.531536][ T5900] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 318.621832][ T5900] usb 4-1: device descriptor read/8, error -71 [ 318.665141][ T3080] usb 2-1: config 0 has no interfaces? [ 318.673233][ T3080] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 318.722435][ T3080] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.778894][ T3080] usb 2-1: Product: syz [ 318.801468][ T5902] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 318.921225][ T3080] usb 2-1: Manufacturer: syz [ 318.925922][ T3080] usb 2-1: SerialNumber: syz [ 318.961421][ T5902] usb 1-1: Using ep0 maxpacket: 8 [ 318.974128][ T3080] usb 2-1: config 0 descriptor?? [ 318.975114][ T5902] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 319.449043][ T5902] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 319.476613][ T5902] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 319.509238][ T5902] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 319.535697][ T5902] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 319.569161][ T5902] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 319.588032][ T5902] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 319.702077][ T5900] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 319.741187][ T5902] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 319.757802][ T5900] usb 4-1: Using ep0 maxpacket: 16 [ 319.765367][ T5902] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 319.768372][ T8669] netlink: 24 bytes leftover after parsing attributes in process `syz.4.798'. [ 319.785848][ T5902] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 319.798674][ T5900] usb 4-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config [ 319.809272][ T5900] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 319.811305][ T5902] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 319.823005][ T5900] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 319.850001][ T5902] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 319.884408][ T5902] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 319.893249][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.904209][ T5902] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 319.904245][ T5902] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 319.906832][ T5902] usb 1-1: string descriptor 0 read error: -22 [ 320.285772][ T5900] usb 4-1: config 0 descriptor?? [ 320.292715][ T5902] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 320.309331][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.309685][ T5900] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 320.362728][ T5902] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 320.501345][ T5832] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 320.714443][ T8678] FAULT_INJECTION: forcing a failure. [ 320.714443][ T8678] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 320.941310][ T5900] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 320.969037][ T8678] CPU: 0 UID: 0 PID: 8678 Comm: syz.0.794 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 320.969066][ T8678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 320.969076][ T8678] Call Trace: [ 320.969082][ T8678] [ 320.969089][ T8678] dump_stack_lvl+0x16c/0x1f0 [ 320.969119][ T8678] should_fail_ex+0x512/0x640 [ 320.969140][ T8678] _copy_to_user+0x32/0xd0 [ 320.969161][ T8678] simple_read_from_buffer+0xcb/0x170 [ 320.969187][ T8678] proc_fail_nth_read+0x197/0x270 [ 320.969213][ T8678] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 320.969239][ T8678] ? rw_verify_area+0xcf/0x680 [ 320.969259][ T8678] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 320.969283][ T8678] vfs_read+0x1de/0xc70 [ 320.969308][ T8678] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 320.969329][ T8678] ? __pfx___mutex_lock+0x10/0x10 [ 320.969350][ T8678] ? __pfx_vfs_read+0x10/0x10 [ 320.969374][ T8678] ? __rcu_read_unlock+0x2b4/0x580 [ 320.969390][ T8678] ? __fget_files+0x20e/0x3c0 [ 320.969413][ T8678] ksys_read+0x12a/0x240 [ 320.969427][ T8678] ? __pfx_ksys_read+0x10/0x10 [ 320.969439][ T8678] ? syscall_trace_enter+0x1cb/0x260 [ 320.969456][ T8678] ? __bpf_trace_sys_enter+0x37/0x60 [ 320.969473][ T8678] ? rcu_is_watching+0x12/0xc0 [ 320.969495][ T8678] do_syscall_64+0xcd/0x260 [ 320.969518][ T8678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.969540][ T8678] RIP: 0033:0x7fe2b1d8bb7c [ 320.969554][ T8678] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 320.969569][ T8678] RSP: 002b:00007fe2b2b7d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 320.969584][ T8678] RAX: ffffffffffffffda RBX: 00007fe2b1fa6080 RCX: 00007fe2b1d8bb7c [ 320.969594][ T8678] RDX: 000000000000000f RSI: 00007fe2b2b7d0a0 RDI: 0000000000000005 [ 320.969603][ T8678] RBP: 00007fe2b2b7d090 R08: 0000000000000000 R09: 0000000000000000 [ 320.969613][ T8678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.969623][ T8678] R13: 0000000000000001 R14: 00007fe2b1fa6080 R15: 00007fff066aaa98 [ 320.969646][ T8678] [ 321.209273][ T5871] usb 2-1: USB disconnect, device number 26 [ 321.217814][ T5902] usb 1-1: USB disconnect, device number 29 [ 321.274188][ T5832] usb 5-1: Using ep0 maxpacket: 32 [ 321.280645][ T5832] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 321.281262][ T5900] usb 3-1: Using ep0 maxpacket: 16 [ 321.288995][ T5832] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 321.310613][ T5832] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 321.323641][ T5832] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 321.336848][ T5832] usb 5-1: config 0 interface 0 has no altsetting 0 [ 321.384942][ T8682] Invalid source name [ 321.389050][ T8682] UBIFS error (pid: 8682): cannot open "ubifs", error -22 [ 321.405661][ T5900] usb 3-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config [ 321.436158][ T5832] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 321.447470][ T5900] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 321.464296][ T5900] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 321.474025][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.488886][ T5900] usb 3-1: config 0 descriptor?? [ 321.497603][ T5832] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 321.720230][ T5832] usb 5-1: Product: syz [ 321.774468][ T5832] usb 5-1: Manufacturer: syz [ 321.802721][ T5832] usb 5-1: SerialNumber: syz [ 323.325912][ T5900] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 323.326020][ T5832] usb 5-1: config 0 descriptor?? [ 323.481335][ T5902] usb 4-1: USB disconnect, device number 25 [ 323.614340][ T5832] usb 5-1: can't set config #0, error -71 [ 323.633285][ T5832] usb 5-1: USB disconnect, device number 32 [ 323.783233][ T30] audit: type=1400 audit(1743864757.987:295): avc: denied { bind } for pid=8692 comm="syz.3.804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 323.789741][ T5900] usb 3-1: USB disconnect, device number 33 [ 323.869613][ T30] audit: type=1400 audit(1743864758.067:296): avc: denied { setopt } for pid=8694 comm="syz.2.805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 324.191250][ T3080] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 324.241366][ T5871] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 324.331407][ T3080] usb 5-1: device descriptor read/64, error -71 [ 324.732622][ T5871] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 324.741599][ T5871] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 324.750926][ T5871] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 324.759131][ T30] audit: type=1400 audit(1743864758.947:297): avc: denied { map } for pid=8711 comm="syz.2.812" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 324.766671][ T5871] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 324.796422][ T30] audit: type=1400 audit(1743864758.997:298): avc: denied { setopt } for pid=8711 comm="syz.2.812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 324.797411][ T5900] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 324.827728][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 324.838775][ T5871] usb 4-1: Product: syz [ 324.846982][ T5871] usb 4-1: Manufacturer: syz [ 324.865072][ T5871] cdc_wdm 4-1:1.0: skipping garbage [ 324.870655][ T5871] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 324.881317][ T3080] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 324.963366][ T8717] team_slave_0: entered promiscuous mode [ 324.969315][ T8717] team_slave_1: entered promiscuous mode [ 325.001828][ T5900] usb 1-1: Using ep0 maxpacket: 16 [ 325.027221][ T3080] usb 5-1: device descriptor read/64, error -71 [ 325.035737][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 325.047121][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 325.057000][ T5900] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 325.097294][ T8718] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 325.122972][ T5900] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 325.142229][ T5871] usb 4-1: USB disconnect, device number 26 [ 325.156340][ T3080] usb usb5-port1: attempt power cycle [ 325.158638][ T8720] netlink: 'syz.1.815': attribute type 1 has an invalid length. [ 325.163193][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.196528][ T5900] usb 1-1: config 0 descriptor?? [ 325.282250][ T8723] netlink: 28 bytes leftover after parsing attributes in process `syz.1.815'. [ 325.511361][ T3080] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 325.532502][ T3080] usb 5-1: device descriptor read/8, error -71 [ 325.683661][ T5900] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0003/input/input5 [ 325.829424][ T3080] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 325.846651][ T30] audit: type=1400 audit(1743864760.047:299): avc: denied { read } for pid=5182 comm="acpid" name="js0" dev="devtmpfs" ino=3020 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 325.846697][ T30] audit: type=1400 audit(1743864760.047:300): avc: denied { open } for pid=5182 comm="acpid" path="/dev/input/js0" dev="devtmpfs" ino=3020 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 325.846731][ T30] audit: type=1400 audit(1743864760.047:301): avc: denied { ioctl } for pid=5182 comm="acpid" path="/dev/input/js0" dev="devtmpfs" ino=3020 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 325.851492][ T5900] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 325.887066][ T3080] usb 5-1: device descriptor read/8, error -71 [ 325.992244][ T3080] usb usb5-port1: unable to enumerate USB device [ 326.301316][ T3080] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 326.456184][ T3080] usb 4-1: Using ep0 maxpacket: 16 [ 326.553304][ T3080] usb 4-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config [ 326.561917][ T5902] usb 1-1: USB disconnect, device number 30 [ 326.564200][ T3080] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 326.589971][ T3080] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 326.600238][ T3080] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.621372][ T3080] usb 4-1: config 0 descriptor?? [ 326.638660][ T3080] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 326.750445][ T8723] 8021q: adding VLAN 0 to HW filter on device bond3 [ 327.040939][ T8735] xt_connbytes: Forcing CT accounting to be enabled [ 327.048152][ T8735] set match dimension is over the limit! [ 327.135542][ T5902] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 327.272506][ T8739] netlink: 60 bytes leftover after parsing attributes in process `syz.1.820'. [ 327.288235][ T8739] netlink: 60 bytes leftover after parsing attributes in process `syz.1.820'. [ 327.303653][ T5902] usb 3-1: Using ep0 maxpacket: 32 [ 327.319137][ T5902] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 327.327989][ T5902] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 327.376667][ T5902] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 327.425965][ T5902] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 327.451023][ T5902] usb 3-1: config 0 interface 0 has no altsetting 0 [ 327.463525][ T5902] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 327.779552][ T8742] FAULT_INJECTION: forcing a failure. [ 327.779552][ T8742] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 327.903593][ T5900] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 327.904086][ T5902] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 327.919869][ T5902] usb 3-1: Product: syz [ 327.923188][ T8742] CPU: 1 UID: 0 PID: 8742 Comm: syz.0.821 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 327.923214][ T8742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 327.923224][ T8742] Call Trace: [ 327.923230][ T8742] [ 327.923236][ T8742] dump_stack_lvl+0x16c/0x1f0 [ 327.923269][ T8742] should_fail_ex+0x512/0x640 [ 327.923291][ T8742] _copy_from_user+0x2e/0xd0 [ 327.923311][ T8742] io_submit_one+0xbb/0x1da0 [ 327.923329][ T8742] ? __lock_acquire+0xaa4/0x1ba0 [ 327.923348][ T8742] ? __pfx_io_submit_one+0x10/0x10 [ 327.923362][ T8742] ? rcu_is_watching+0x12/0xc0 [ 327.923384][ T8742] ? irqentry_exit+0x3b/0x90 [ 327.923403][ T8742] ? lockdep_hardirqs_on+0x7c/0x110 [ 327.923429][ T8742] ? __x64_sys_io_submit+0x20f/0x350 [ 327.923446][ T8742] ? __x64_sys_io_submit+0x1a9/0x350 [ 327.923465][ T8742] __x64_sys_io_submit+0x1a9/0x350 [ 327.923483][ T8742] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 327.923504][ T8742] ? rcu_is_watching+0x12/0xc0 [ 327.923524][ T8742] do_syscall_64+0xcd/0x260 [ 327.923545][ T8742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.923560][ T8742] RIP: 0033:0x7fe2b1d8d169 [ 327.923573][ T8742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.923588][ T8742] RSP: 002b:00007fe2b2b9e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 327.923602][ T8742] RAX: ffffffffffffffda RBX: 00007fe2b1fa5fa0 RCX: 00007fe2b1d8d169 [ 327.923612][ T8742] RDX: 0000200000000780 RSI: 0000000000000001 RDI: 00007fe2b2b55000 [ 327.923621][ T8742] RBP: 00007fe2b2b9e090 R08: 0000000000000000 R09: 0000000000000000 [ 327.923630][ T8742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 327.923638][ T8742] R13: 0000000000000000 R14: 00007fe2b1fa5fa0 R15: 00007fff066aaa98 [ 327.923658][ T8742] [ 328.111519][ T5902] usb 3-1: Manufacturer: syz [ 328.116196][ T5902] usb 3-1: SerialNumber: syz [ 328.127516][ T5902] usb 3-1: config 0 descriptor?? [ 328.145934][ T5902] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 328.160266][ T5902] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 328.250172][ T5900] usb 5-1: Using ep0 maxpacket: 16 [ 328.259169][ T5900] usb 5-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config [ 328.271085][ T5900] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 328.275406][ T8749] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 328.292986][ T8749] cramfs: wrong magic [ 328.313193][ T5900] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 328.323929][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.357060][ T30] audit: type=1326 audit(1743864762.557:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.2.817" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f081038d169 code=0x0 [ 328.380884][ C0] vkms_vblank_simulate: vblank timer overrun [ 328.389976][ T5900] usb 5-1: config 0 descriptor?? [ 328.398035][ T5900] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 328.415984][ T30] audit: type=1326 audit(1743864762.617:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8753 comm="syz.0.823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2b1d8d169 code=0x7ffc0000 [ 328.454373][ T30] audit: type=1326 audit(1743864762.617:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8753 comm="syz.0.823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fe2b1d8d169 code=0x7ffc0000 [ 328.508141][ T8757] netlink: 20 bytes leftover after parsing attributes in process `syz.0.823'. [ 328.823395][ T5902] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 329.538604][ T5872] usb 4-1: USB disconnect, device number 27 [ 329.602383][ T5902] usb 1-1: Using ep0 maxpacket: 16 [ 329.615373][ T5902] usb 1-1: config index 0 descriptor too short (expected 61988, got 36) [ 329.623927][ T5902] usb 1-1: config 135 has too many interfaces: 114, using maximum allowed: 32 [ 329.632914][ T5902] usb 1-1: config 135 has an invalid descriptor of length 31, skipping remainder of the config [ 329.643493][ T5902] usb 1-1: config 135 has 0 interfaces, different from the descriptor's value: 114 [ 329.670151][ T5902] usb 1-1: New USB device found, idVendor=1608, idProduct=030b, bcdDevice=40.85 [ 329.689899][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.710199][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 329.710218][ T30] audit: type=1400 audit(1743864763.907:317): avc: denied { bind } for pid=8766 comm="syz.3.826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 329.737860][ T5902] usb 1-1: Product: syz [ 329.742295][ T5902] usb 1-1: Manufacturer: syz [ 329.746938][ T5902] usb 1-1: SerialNumber: syz [ 329.814898][ T5872] usb 3-1: USB disconnect, device number 34 [ 329.821195][ T30] audit: type=1400 audit(1743864764.017:318): avc: denied { create } for pid=8772 comm="syz.3.828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 329.840880][ T30] audit: type=1400 audit(1743864764.017:319): avc: denied { setopt } for pid=8772 comm="syz.3.828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 329.875427][ T5872] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 329.982478][ T5902] usb 1-1: USB disconnect, device number 31 [ 330.020733][ T8778] syz_tun: entered allmulticast mode [ 330.028728][ T8778] syz_tun: left allmulticast mode [ 330.061732][ T3080] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 330.224439][ T3080] usb 4-1: New USB device found, idVendor=040a, idProduct=0002, bcdDevice=b1.c4 [ 330.234252][ T3080] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.267436][ T3080] usb 4-1: config 0 descriptor?? [ 330.291034][ T3080] gspca_main: spca501-2.14.0 probing 040a:0002 [ 330.506170][ T30] audit: type=1400 audit(1743864764.707:320): avc: denied { setattr } for pid=8772 comm="syz.3.828" name="NETLINK" dev="sockfs" ino=17384 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 330.593737][ T3080] gspca_spca501: reg write: error -71 [ 330.599162][ T3080] spca501 4-1:0.0: Reg write failed for 0x00,0xaa,0x00 [ 330.640287][ T5872] usb 5-1: USB disconnect, device number 37 [ 330.693023][ T3080] spca501 4-1:0.0: probe with driver spca501 failed with error -22 [ 330.748156][ T3080] usb 4-1: USB disconnect, device number 28 [ 330.785491][ T8783] netlink: 'syz.4.832': attribute type 4 has an invalid length. [ 330.971191][ T30] audit: type=1400 audit(1743864765.167:321): avc: denied { ioctl } for pid=8780 comm="syz.0.831" path="socket:[18084]" dev="sockfs" ino=18084 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 331.698819][ T5871] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 331.741318][ T5902] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 331.815491][ T30] audit: type=1400 audit(1743864766.017:322): avc: denied { connect } for pid=8804 comm="syz.0.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 331.840578][ T30] audit: type=1400 audit(1743864766.047:323): avc: denied { bind } for pid=8804 comm="syz.0.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 331.860793][ T8805] libceph: resolve '400' (ret=-3): failed [ 331.893145][ T5902] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 331.901373][ T5871] usb 5-1: Using ep0 maxpacket: 16 [ 331.910582][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 331.912641][ T5871] usb 5-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config [ 331.935330][ T5902] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 331.943520][ T5871] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 331.953363][ T5902] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 331.960366][ T5871] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 331.976036][ T3080] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 331.985115][ T5871] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.985315][ T5902] usb 3-1: Manufacturer: syz [ 331.996536][ T5871] usb 5-1: config 0 descriptor?? [ 332.006478][ T5902] usb 3-1: config 0 descriptor?? [ 332.015484][ T5871] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 332.091296][ T5902] rc_core: IR keymap rc-hauppauge not found [ 332.097264][ T5902] Registered IR keymap rc-empty [ 332.104284][ T5902] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 332.115722][ T5902] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input6 [ 332.121444][ T3080] usb 4-1: device descriptor read/64, error -71 [ 332.277904][ T5902] usb 3-1: USB disconnect, device number 35 [ 332.283790][ T8814] Invalid source name [ 332.287959][ T8814] UBIFS error (pid: 8814): cannot open "ubifs", error -22 [ 332.371624][ T3080] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 332.521278][ T3080] usb 4-1: device descriptor read/64, error -71 [ 332.562721][ T8817] netlink: 32 bytes leftover after parsing attributes in process `syz.2.837'. [ 332.794571][ T3080] usb usb4-port1: attempt power cycle [ 332.851249][ T5871] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 334.180590][ T5871] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 334.193785][ T5873] usb 5-1: USB disconnect, device number 38 [ 334.220198][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 334.233857][ T30] audit: type=1400 audit(1743864768.437:324): avc: denied { write } for pid=8822 comm="syz.4.844" name="sg0" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 334.268214][ C0] vkms_vblank_simulate: vblank timer overrun [ 334.275757][ T8823] FAULT_INJECTION: forcing a failure. [ 334.275757][ T8823] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 334.289485][ T8823] CPU: 0 UID: 0 PID: 8823 Comm: syz.4.844 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 334.289511][ T8823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 334.289521][ T8823] Call Trace: [ 334.289527][ T8823] [ 334.289533][ T8823] dump_stack_lvl+0x16c/0x1f0 [ 334.289563][ T8823] should_fail_ex+0x512/0x640 [ 334.289586][ T8823] _copy_from_user+0x2e/0xd0 [ 334.289608][ T8823] do_sys_poll+0x1d5/0xe00 [ 334.289636][ T8823] ? kernel_text_address+0x8d/0x100 [ 334.289661][ T8823] ? arch_stack_walk+0xa6/0x100 [ 334.289687][ T8823] ? __pfx_do_sys_poll+0x10/0x10 [ 334.289736][ T8823] ? __lock_acquire+0x5ca/0x1ba0 [ 334.289811][ T8823] ? __pfx_timespec64_add_safe+0x10/0x10 [ 334.289832][ T8823] ? ktime_get_ts64+0x2d2/0x400 [ 334.289858][ T8823] ? read_tsc+0x9/0x20 [ 334.289882][ T8823] ? ktime_get_ts64+0x256/0x400 [ 334.289914][ T8823] __x64_sys_poll+0x1a6/0x450 [ 334.289932][ T8823] ? __pfx___x64_sys_poll+0x10/0x10 [ 334.289947][ T8823] ? rcu_is_watching+0x12/0xc0 [ 334.289976][ T8823] do_syscall_64+0xcd/0x260 [ 334.290001][ T8823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.290019][ T8823] RIP: 0033:0x7fa1a618d169 [ 334.290034][ T8823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.290050][ T8823] RSP: 002b:00007fa1a6f6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 334.290068][ T8823] RAX: ffffffffffffffda RBX: 00007fa1a63a5fa0 RCX: 00007fa1a618d169 [ 334.290079][ T8823] RDX: 0000000000000002 RSI: 0000000000000001 RDI: 00002000000001c0 [ 334.290089][ T8823] RBP: 00007fa1a6f6b090 R08: 0000000000000000 R09: 0000000000000000 [ 334.290099][ T8823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.290109][ T8823] R13: 0000000000000000 R14: 00007fa1a63a5fa0 R15: 00007fff17ffd1c8 [ 334.290132][ T8823] [ 334.351384][ C0] vkms_vblank_simulate: vblank timer overrun [ 334.491602][ T3080] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 334.500877][ T8823] netlink: 12 bytes leftover after parsing attributes in process `syz.4.844'. [ 334.531764][ T3080] usb 4-1: device descriptor read/8, error -71 [ 334.545741][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 334.555687][ T8823] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 334.626467][ T5871] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 334.640980][ T5871] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 334.650970][ T5871] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.673459][ T30] audit: type=1400 audit(1743864768.877:325): avc: denied { create } for pid=8826 comm="syz.1.845" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 334.732139][ T5871] usb 1-1: config 0 descriptor?? [ 334.771456][ T3080] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 334.880422][ T8838] netlink: 20 bytes leftover after parsing attributes in process `syz.4.846'. [ 334.969154][ T8838] netlink: 20 bytes leftover after parsing attributes in process `syz.4.846'. [ 334.991267][ T3080] usb 4-1: device not accepting address 32, error -71 [ 335.016234][ T3080] usb usb4-port1: unable to enumerate USB device [ 335.162045][ T5871] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 335.202522][ T5872] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 335.264046][ T5871] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 335.449093][ T8850] FAULT_INJECTION: forcing a failure. [ 335.449093][ T8850] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.462909][ T8850] CPU: 0 UID: 0 PID: 8850 Comm: syz.4.850 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 335.462933][ T8850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 335.462942][ T8850] Call Trace: [ 335.462948][ T8850] [ 335.462954][ T8850] dump_stack_lvl+0x16c/0x1f0 [ 335.462981][ T8850] should_fail_ex+0x512/0x640 [ 335.463006][ T8850] _copy_to_iter+0x2a4/0x15a0 [ 335.463031][ T8850] ? __pfx__copy_to_iter+0x10/0x10 [ 335.463051][ T8850] ? const_folio_flags+0x5b/0x100 [ 335.463069][ T8850] ? folio_mark_accessed+0xc1/0xc00 [ 335.463088][ T8850] ? __pfx_folio_mark_accessed+0x10/0x10 [ 335.463114][ T8850] copy_page_to_iter+0xf1/0x180 [ 335.463134][ T8850] filemap_read+0x6b1/0xe90 [ 335.463165][ T8850] ? __pfx_filemap_read+0x10/0x10 [ 335.463202][ T8850] ? I_BDEV+0xd/0x20 [ 335.463225][ T8850] blkdev_read_iter+0x190/0x4d0 [ 335.463245][ T8850] vfs_read+0x8c8/0xc70 [ 335.463273][ T8850] ? __pfx_vfs_read+0x10/0x10 [ 335.463298][ T8850] ? __rcu_read_unlock+0x2b4/0x580 [ 335.463323][ T8850] ksys_read+0x12a/0x240 [ 335.463336][ T8850] ? __pfx_ksys_read+0x10/0x10 [ 335.463357][ T8850] do_syscall_64+0xcd/0x260 [ 335.463381][ T8850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.463400][ T8850] RIP: 0033:0x7fa1a618d169 [ 335.463414][ T8850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.463430][ T8850] RSP: 002b:00007fa1a6f29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 335.463447][ T8850] RAX: ffffffffffffffda RBX: 00007fa1a63a6160 RCX: 00007fa1a618d169 [ 335.463458][ T8850] RDX: 0000000000002020 RSI: 0000200000001740 RDI: 000000000000000a [ 335.463468][ T8850] RBP: 00007fa1a6f29090 R08: 0000000000000000 R09: 0000000000000000 [ 335.463478][ T8850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 335.463487][ T8850] R13: 0000000000000000 R14: 00007fa1a63a6160 R15: 00007fff17ffd1c8 [ 335.463514][ T8850] [ 336.011589][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 336.023833][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 336.037425][ T5872] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 336.105627][ T5872] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 336.155083][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.252051][ T8859] FAULT_INJECTION: forcing a failure. [ 336.252051][ T8859] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 336.456609][ T5872] usb 2-1: config 0 descriptor?? [ 336.508974][ T8859] CPU: 0 UID: 0 PID: 8859 Comm: syz.0.842 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 336.509007][ T8859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 336.509018][ T8859] Call Trace: [ 336.509025][ T8859] [ 336.509033][ T8859] dump_stack_lvl+0x16c/0x1f0 [ 336.509063][ T8859] should_fail_ex+0x512/0x640 [ 336.509086][ T8859] _copy_from_user+0x2e/0xd0 [ 336.509108][ T8859] core_sys_select+0x2c7/0xbe0 [ 336.509132][ T8859] ? __pfx_core_sys_select+0x10/0x10 [ 336.509172][ T8859] ? set_user_sigmask+0x21b/0x2b0 [ 336.509195][ T8859] ? __pfx_set_user_sigmask+0x10/0x10 [ 336.509221][ T8859] do_pselect.constprop.0+0x19f/0x1e0 [ 336.509240][ T8859] ? __pfx_do_pselect.constprop.0+0x10/0x10 [ 336.509258][ T8859] ? __pfx___schedule+0x10/0x10 [ 336.509285][ T8859] __x64_sys_pselect6+0x182/0x240 [ 336.509303][ T8859] ? __pfx___x64_sys_pselect6+0x10/0x10 [ 336.509327][ T8859] do_syscall_64+0xcd/0x260 [ 336.509353][ T8859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.509371][ T8859] RIP: 0033:0x7fe2b1d8d169 [ 336.509385][ T8859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.509401][ T8859] RSP: 002b:00007fe2b2b7d038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 336.509418][ T8859] RAX: ffffffffffffffda RBX: 00007fe2b1fa6080 RCX: 00007fe2b1d8d169 [ 336.509430][ T8859] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000040 [ 336.509440][ T8859] RBP: 00007fe2b2b7d090 R08: 0000000000000000 R09: 0000000000000000 [ 336.509450][ T8859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 336.509461][ T8859] R13: 0000000000000000 R14: 00007fe2b1fa6080 R15: 00007fff066aaa98 [ 336.509483][ T8859] [ 337.194038][ T5902] usb 1-1: USB disconnect, device number 32 [ 337.731590][ T5900] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 337.750071][ T5872] usbhid 2-1:0.0: can't add hid device: -71 [ 337.756512][ T5872] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 337.776241][ T5872] usb 2-1: USB disconnect, device number 27 [ 337.846272][ T5826] Bluetooth: hci4: connection err: -111 [ 337.911240][ T5900] usb 5-1: Using ep0 maxpacket: 16 [ 337.919741][ T5900] usb 5-1: config 0 has an invalid descriptor of length 218, skipping remainder of the config [ 337.936161][ T5900] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 337.949355][ T5900] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 337.959060][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.021518][ T5900] usb 5-1: config 0 descriptor?? [ 338.061236][ T5871] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 338.085466][ T5900] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 338.280111][ T5902] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 338.281880][ T5871] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 338.338435][ T5871] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 338.366916][ T5871] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 338.412095][ T5871] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 338.421836][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 338.422313][ T5902] usb 4-1: device descriptor read/64, error -71 [ 338.429843][ T5871] usb 1-1: Product: syz [ 338.450114][ T5871] usb 1-1: Manufacturer: syz [ 338.475965][ T5871] cdc_wdm 1-1:1.0: skipping garbage [ 338.499052][ T5871] cdc_wdm 1-1:1.0: skipping garbage [ 338.505287][ T5871] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 338.660014][ T8888] netlink: 20 bytes leftover after parsing attributes in process `syz.1.860'. [ 338.673134][ T8888] netlink: 20 bytes leftover after parsing attributes in process `syz.1.860'. [ 338.701570][ T5902] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 338.708406][ T5871] usb 1-1: USB disconnect, device number 33 [ 338.745255][ T30] audit: type=1400 audit(1743864772.947:326): avc: denied { mount } for pid=8889 comm="syz.2.861" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 338.797232][ T30] audit: type=1400 audit(1743864772.967:327): avc: denied { read write } for pid=8889 comm="syz.2.861" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 338.825518][ T30] audit: type=1400 audit(1743864772.967:328): avc: denied { open } for pid=8889 comm="syz.2.861" path="/181/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 338.847810][ T30] audit: type=1800 audit(1743864772.987:329): pid=8890 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.861" name="/" dev="9p" ino=2 res=0 errno=0 [ 338.875783][ T30] audit: type=1400 audit(1743864772.987:330): avc: denied { append } for pid=8889 comm="syz.2.861" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 338.898603][ T5902] usb 4-1: device descriptor read/64, error -71 [ 338.908907][ T30] audit: type=1400 audit(1743864773.067:331): avc: denied { unmount } for pid=5828 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 339.014289][ T5902] usb usb4-port1: attempt power cycle [ 340.054147][ T5902] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 340.068617][ T8899] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 340.077624][ T8899] cramfs: wrong magic [ 340.094440][ T5902] usb 4-1: device descriptor read/8, error -71 [ 340.325231][ T3080] usb 5-1: USB disconnect, device number 39 [ 340.331277][ T5902] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 340.374038][ T5902] usb 4-1: device descriptor read/8, error -71 [ 340.408986][ T8909] siw: device registration error -23 [ 340.493815][ T8912] netlink: 'syz.4.866': attribute type 4 has an invalid length. [ 340.506150][ T8912] netlink: 'syz.4.866': attribute type 4 has an invalid length. [ 340.529014][ T5902] usb usb4-port1: unable to enumerate USB device [ 340.997247][ T8917] Invalid source name [ 341.026567][ T8917] UBIFS error (pid: 8917): cannot open "ubifs", error -22 [ 341.518307][ T8922] set match dimension is over the limit! [ 342.752355][ T30] audit: type=1400 audit(1743864776.937:332): avc: denied { relabelfrom } for pid=8936 comm="syz.0.875" name="" dev="pipefs" ino=18675 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 343.121257][ T5871] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 343.200532][ T8941] netlink: 20 bytes leftover after parsing attributes in process `syz.4.876'. [ 343.270847][ T8945] netlink: 'syz.2.877': attribute type 4 has an invalid length. [ 343.280152][ T8945] netlink: 'syz.2.877': attribute type 4 has an invalid length. [ 343.302966][ T5871] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 343.369686][ T8947] netlink: 28 bytes leftover after parsing attributes in process `syz.3.879'. [ 343.411973][ T5871] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 343.425845][ T5871] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 343.440305][ T5871] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 343.449504][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 343.463839][ T5871] usb 2-1: Product: syz [ 343.469872][ T5871] usb 2-1: Manufacturer: syz [ 343.491417][ T5872] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 343.494966][ T5871] cdc_wdm 2-1:1.0: skipping garbage [ 343.510420][ T5871] cdc_wdm 2-1:1.0: skipping garbage [ 343.518113][ T5871] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 343.628026][ T8958] fuse: Unknown parameter '$E¶Û†§Žèõx¸IÚÕX¥¹ÌxÖ-½P×X½ Û [ 343.891261][ T8965] dump_stack_lvl+0x16c/0x1f0 [ 343.891288][ T8965] should_fail_ex+0x512/0x640 [ 343.891305][ T8965] ? fs_reclaim_acquire+0xae/0x150 [ 343.891329][ T8965] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 343.891353][ T8965] should_failslab+0xc2/0x120 [ 343.891370][ T8965] __kmalloc_noprof+0xd2/0x510 [ 343.891393][ T8965] tomoyo_realpath_from_path+0xc2/0x6e0 [ 343.891420][ T8965] ? tomoyo_profile+0x47/0x60 [ 343.891439][ T8965] tomoyo_path_number_perm+0x245/0x580 [ 343.891459][ T8965] ? tomoyo_path_number_perm+0x237/0x580 [ 343.891481][ T8965] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 343.891503][ T8965] ? find_held_lock+0x2b/0x80 [ 343.891549][ T8965] ? find_held_lock+0x2b/0x80 [ 343.891569][ T8965] ? hook_file_ioctl_common+0x145/0x410 [ 343.891592][ T8965] ? __fget_files+0x20e/0x3c0 [ 343.891613][ T8965] security_file_ioctl+0x9b/0x240 [ 343.891638][ T8965] __x64_sys_ioctl+0xb7/0x200 [ 343.891663][ T8965] do_syscall_64+0xcd/0x260 [ 343.891691][ T8965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.891708][ T8965] RIP: 0033:0x7fd72d58d169 [ 343.891726][ T8965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.891742][ T8965] RSP: 002b:00007fd72e3a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 343.891759][ T8965] RAX: ffffffffffffffda RBX: 00007fd72d7a5fa0 RCX: 00007fd72d58d169 [ 343.891769][ T8965] RDX: 0000200000000180 RSI: 000000004010744d RDI: 0000000000000005 [ 343.891780][ T8965] RBP: 00007fd72e3a3090 R08: 0000000000000000 R09: 0000000000000000 [ 343.891790][ T8965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 343.891799][ T8965] R13: 0000000000000000 R14: 00007fd72d7a5fa0 R15: 00007ffccc92c788 [ 343.891823][ T8965] [ 343.892953][ T8965] ERROR: Out of memory at tomoyo_realpath_from_path. [ 344.020637][ T5872] usb 5-1: USB disconnect, device number 40 [ 344.043010][ C0] vkms_vblank_simulate: vblank timer overrun [ 344.219722][ T5902] usb 1-1: Using ep0 maxpacket: 8 [ 344.272074][ T8969] veth0_vlan: entered allmulticast mode [ 344.313555][ T8969] veth0_vlan: left promiscuous mode [ 344.325007][ T8969] veth0_vlan: entered promiscuous mode [ 344.693773][ T5902] usb 1-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30 [ 344.713697][ T5902] usb 1-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 344.747123][ T5902] usb 1-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 344.775209][ T8975] FAULT_INJECTION: forcing a failure. [ 344.775209][ T8975] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 344.780037][ T5902] usb 1-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 344.789146][ T8975] CPU: 1 UID: 0 PID: 8975 Comm: syz.1.890 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 344.789169][ T8975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 344.789179][ T8975] Call Trace: [ 344.789183][ T8975] [ 344.789189][ T8975] dump_stack_lvl+0x16c/0x1f0 [ 344.789216][ T8975] should_fail_ex+0x512/0x640 [ 344.789236][ T8975] _copy_from_user+0x2e/0xd0 [ 344.789254][ T8975] copy_from_sockptr_offset.constprop.0+0x153/0x1a0 [ 344.789275][ T8975] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 344.789301][ T8975] do_ipv6_setsockopt+0x865/0x4420 [ 344.789325][ T8975] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 344.789345][ T8975] ? find_held_lock+0x2b/0x80 [ 344.789365][ T8975] ? avc_has_perm_noaudit+0x117/0x3b0 [ 344.789383][ T8975] ? avc_has_perm_noaudit+0x149/0x3b0 [ 344.789400][ T8975] ? avc_has_perm+0x11a/0x1c0 [ 344.789414][ T8975] ? __pfx_avc_has_perm+0x10/0x10 [ 344.789436][ T8975] ? sock_has_perm+0x259/0x2f0 [ 344.789453][ T8975] ? __pfx_sock_has_perm+0x10/0x10 [ 344.789480][ T8975] ? ipv6_setsockopt+0xcb/0x170 [ 344.789497][ T8975] ipv6_setsockopt+0xcb/0x170 [ 344.789518][ T8975] rawv6_setsockopt+0xc2/0x510 [ 344.789537][ T8975] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 344.789555][ T8975] ? selinux_socket_setsockopt+0x6a/0x80 [ 344.789571][ T8975] ? sock_common_setsockopt+0x2e/0xf0 [ 344.789594][ T8975] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 344.789618][ T8975] do_sock_setsockopt+0x221/0x470 [ 344.789638][ T8975] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 344.789670][ T8975] __sys_setsockopt+0x1a0/0x230 [ 344.789690][ T8975] __x64_sys_setsockopt+0xbd/0x160 [ 344.789706][ T8975] ? do_syscall_64+0x91/0x260 [ 344.789725][ T8975] ? lockdep_hardirqs_on+0x7c/0x110 [ 344.789743][ T8975] do_syscall_64+0xcd/0x260 [ 344.789764][ T8975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.789779][ T8975] RIP: 0033:0x7f6e0818d169 [ 344.789791][ T8975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 344.789805][ T8975] RSP: 002b:00007f6e0903e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 344.789820][ T8975] RAX: ffffffffffffffda RBX: 00007f6e083a5fa0 RCX: 00007f6e0818d169 [ 344.789830][ T8975] RDX: 00000000000000d4 RSI: 0000000000000029 RDI: 0000000000000003 [ 344.789838][ T8975] RBP: 00007f6e0903e090 R08: 0000000000000004 R09: 0000000000000000 [ 344.789846][ T8975] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 344.789855][ T8975] R13: 0000000000000000 R14: 00007f6e083a5fa0 R15: 00007ffcc1feccc8 [ 344.789874][ T8975] [ 345.008962][ C0] vkms_vblank_simulate: vblank timer overrun [ 345.094957][ T5902] usb 1-1: config 0 interface 0 has no altsetting 0 [ 345.114282][ T5902] usb 1-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00 [ 345.123712][ T5902] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.239779][ T5832] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 345.273651][ T5902] usb 1-1: config 0 descriptor?? [ 345.402018][ T5832] usb 4-1: Using ep0 maxpacket: 16 [ 345.439585][ T5832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 345.480591][ T5832] usb 4-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 345.505581][ T5832] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.514178][ T5902] usbhid 1-1:0.0: can't add hid device: -71 [ 345.520276][ T5902] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 345.531544][ T5902] usb 1-1: USB disconnect, device number 34 [ 345.547388][ T5832] usb 4-1: config 0 descriptor?? [ 345.571300][ T5872] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 345.797850][ T5872] usb 5-1: config 0 has no interfaces? [ 345.883962][ T5872] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 345.900591][ T8996] Invalid source name [ 345.905239][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.914577][ T5872] usb 5-1: Product: syz [ 345.918827][ T5872] usb 5-1: Manufacturer: syz [ 345.923739][ T5872] usb 5-1: SerialNumber: syz [ 345.926389][ T8996] UBIFS error (pid: 8996): cannot open "ubifs", error -22 [ 345.934109][ T5872] usb 5-1: config 0 descriptor?? [ 346.040143][ T5832] elecom 0003:056E:00E6.0005: hidraw0: USB HID v0.00 Device [HID 056e:00e6] on usb-dummy_hcd.3-1/input0 [ 346.202493][ T30] audit: type=1400 audit(1743864780.397:333): avc: denied { read } for pid=9002 comm="syz.0.899" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 346.226596][ C0] vkms_vblank_simulate: vblank timer overrun [ 346.310283][ T8973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 346.325202][ T8973] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 346.736109][ T5871] usb 4-1: USB disconnect, device number 37 [ 346.743866][ T30] audit: type=1400 audit(1743864780.397:334): avc: denied { open } for pid=9002 comm="syz.0.899" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 347.570052][ T30] audit: type=1400 audit(1743864780.397:335): avc: denied { ioctl } for pid=9002 comm="syz.0.899" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 347.596112][ C0] vkms_vblank_simulate: vblank timer overrun [ 347.604102][ T30] audit: type=1400 audit(1743864780.507:336): avc: denied { read } for pid=8972 comm="syz.3.889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 347.626199][ T30] audit: type=1400 audit(1743864780.787:337): avc: denied { ioctl } for pid=8972 comm="syz.3.889" path="socket:[18920]" dev="sockfs" ino=18920 ioctlcmd=0x744d scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 347.756775][ T30] audit: type=1400 audit(1743864781.807:338): avc: denied { search } for pid=5179 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 347.778244][ C0] vkms_vblank_simulate: vblank timer overrun [ 348.121286][ T5902] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 348.548612][ T5902] usb 1-1: config 0 has no interfaces? [ 348.557802][ T5902] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 348.601980][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.621488][ T5902] usb 1-1: Product: syz [ 348.626205][ T5902] usb 1-1: Manufacturer: syz [ 348.631866][ T5902] usb 1-1: SerialNumber: syz [ 348.646862][ T5902] usb 1-1: config 0 descriptor?? [ 348.676148][ T9024] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 348.683576][ T9024] cramfs: wrong magic [ 348.732933][ T5871] usb 5-1: USB disconnect, device number 41 [ 348.805203][ T30] audit: type=1400 audit(1743864783.007:339): avc: denied { ioctl } for pid=9026 comm="syz.3.905" path="/dev/uinput" dev="devtmpfs" ino=920 ioctlcmd=0x5564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 348.833530][ T9027] FAULT_INJECTION: forcing a failure. [ 348.833530][ T9027] name failslab, interval 1, probability 0, space 0, times 0 [ 348.871486][ T9027] CPU: 1 UID: 0 PID: 9027 Comm: syz.3.905 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 348.871510][ T9027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 348.871518][ T9027] Call Trace: [ 348.871523][ T9027] [ 348.871529][ T9027] dump_stack_lvl+0x16c/0x1f0 [ 348.871549][ T9027] should_fail_ex+0x512/0x640 [ 348.871561][ T9027] ? fs_reclaim_acquire+0xae/0x150 [ 348.871577][ T9027] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 348.871593][ T9027] should_failslab+0xc2/0x120 [ 348.871606][ T9027] __kmalloc_noprof+0xd2/0x510 [ 348.871621][ T9027] tomoyo_realpath_from_path+0xc2/0x6e0 [ 348.871638][ T9027] ? tomoyo_profile+0x47/0x60 [ 348.871649][ T9027] tomoyo_path_number_perm+0x245/0x580 [ 348.871661][ T9027] ? tomoyo_path_number_perm+0x237/0x580 [ 348.871676][ T9027] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 348.871690][ T9027] ? find_held_lock+0x2b/0x80 [ 348.871715][ T9027] ? find_held_lock+0x2b/0x80 [ 348.871728][ T9027] ? hook_file_ioctl_common+0x145/0x410 [ 348.871742][ T9027] ? __fget_files+0x20e/0x3c0 [ 348.871756][ T9027] security_file_ioctl+0x9b/0x240 [ 348.871772][ T9027] __x64_sys_ioctl+0xb7/0x200 [ 348.871788][ T9027] do_syscall_64+0xcd/0x260 [ 348.871805][ T9027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.871816][ T9027] RIP: 0033:0x7fd72d58d169 [ 348.871825][ T9027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.871836][ T9027] RSP: 002b:00007fd72e3a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 348.871846][ T9027] RAX: ffffffffffffffda RBX: 00007fd72d7a5fa0 RCX: 00007fd72d58d169 [ 348.871853][ T9027] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 348.871859][ T9027] RBP: 00007fd72e3a3090 R08: 0000000000000000 R09: 0000000000000000 [ 348.871865][ T9027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 348.871871][ T9027] R13: 0000000000000000 R14: 00007fd72d7a5fa0 R15: 00007ffccc92c788 [ 348.871883][ T9027] [ 348.871887][ T9027] ERROR: Out of memory at tomoyo_realpath_from_path. [ 349.155565][ T9027] input: syz0 as /devices/virtual/input/input8 [ 349.902278][ T30] audit: type=1400 audit(1743864784.097:340): avc: denied { append } for pid=9037 comm="syz.3.907" name="sg0" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 350.241374][ T5869] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 350.319079][ T9048] FAULT_INJECTION: forcing a failure. [ 350.319079][ T9048] name failslab, interval 1, probability 0, space 0, times 0 [ 350.365115][ T9048] CPU: 1 UID: 0 PID: 9048 Comm: syz.4.910 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 350.365143][ T9048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 350.365153][ T9048] Call Trace: [ 350.365159][ T9048] [ 350.365166][ T9048] dump_stack_lvl+0x16c/0x1f0 [ 350.365192][ T9048] should_fail_ex+0x512/0x640 [ 350.365210][ T9048] ? fs_reclaim_acquire+0xae/0x150 [ 350.365233][ T9048] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 350.365257][ T9048] should_failslab+0xc2/0x120 [ 350.365276][ T9048] __kmalloc_noprof+0xd2/0x510 [ 350.365300][ T9048] tomoyo_realpath_from_path+0xc2/0x6e0 [ 350.365326][ T9048] ? tomoyo_profile+0x47/0x60 [ 350.365345][ T9048] tomoyo_path_number_perm+0x245/0x580 [ 350.365365][ T9048] ? tomoyo_path_number_perm+0x237/0x580 [ 350.365387][ T9048] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 350.365410][ T9048] ? find_held_lock+0x2b/0x80 [ 350.365453][ T9048] ? find_held_lock+0x2b/0x80 [ 350.365472][ T9048] ? hook_file_ioctl_common+0x145/0x410 [ 350.365495][ T9048] ? __fget_files+0x20e/0x3c0 [ 350.365516][ T9048] security_file_ioctl+0x9b/0x240 [ 350.365541][ T9048] __x64_sys_ioctl+0xb7/0x200 [ 350.365567][ T9048] do_syscall_64+0xcd/0x260 [ 350.365592][ T9048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.365609][ T9048] RIP: 0033:0x7fa1a618d169 [ 350.365623][ T9048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.365639][ T9048] RSP: 002b:00007fa1a6f6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 350.365657][ T9048] RAX: ffffffffffffffda RBX: 00007fa1a63a5fa0 RCX: 00007fa1a618d169 [ 350.365669][ T9048] RDX: 0000200000000000 RSI: 0000000000005385 RDI: 0000000000000003 [ 350.365679][ T9048] RBP: 00007fa1a6f6b090 R08: 0000000000000000 R09: 0000000000000000 [ 350.365689][ T9048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 350.365700][ T9048] R13: 0000000000000000 R14: 00007fa1a63a5fa0 R15: 00007fff17ffd1c8 [ 350.365727][ T9048] [ 350.365759][ T9048] ERROR: Out of memory at tomoyo_realpath_from_path. [ 350.491241][ T5902] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 350.643949][ T5869] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 350.652438][ T5869] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 350.662664][ T5869] usb 4-1: config 0 has no interface number 0 [ 350.671790][ T5869] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 350.699410][ T5869] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 350.808698][ T5869] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 350.818538][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.829920][ T5869] usb 4-1: Product: syz [ 350.836970][ T9053] FAULT_INJECTION: forcing a failure. [ 350.836970][ T9053] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 350.838234][ T5869] usb 4-1: Manufacturer: syz [ 350.856566][ T5869] usb 4-1: SerialNumber: syz [ 350.864715][ T5869] usb 4-1: config 0 descriptor?? [ 350.897427][ T9053] CPU: 0 UID: 0 PID: 9053 Comm: syz.2.912 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 350.897452][ T9053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 350.897468][ T9053] Call Trace: [ 350.897475][ T9053] [ 350.897483][ T9053] dump_stack_lvl+0x16c/0x1f0 [ 350.897516][ T9053] should_fail_ex+0x512/0x640 [ 350.897535][ T9053] _copy_from_user+0x2e/0xd0 [ 350.897549][ T9053] copy_msghdr_from_user+0x98/0x160 [ 350.897564][ T9053] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 350.897583][ T9053] ___sys_sendmsg+0xfe/0x1d0 [ 350.897600][ T9053] ? __pfx____sys_sendmsg+0x10/0x10 [ 350.897646][ T9053] __sys_sendmsg+0x16d/0x220 [ 350.897665][ T9053] ? __pfx___sys_sendmsg+0x10/0x10 [ 350.897684][ T9053] ? rcu_is_watching+0x12/0xc0 [ 350.897703][ T9053] do_syscall_64+0xcd/0x260 [ 350.897720][ T9053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.897731][ T9053] RIP: 0033:0x7f081038d169 [ 350.897742][ T9053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.897758][ T9053] RSP: 002b:00007f081114a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 350.897774][ T9053] RAX: ffffffffffffffda RBX: 00007f08105a5fa0 RCX: 00007f081038d169 [ 350.897784][ T9053] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 350.897793][ T9053] RBP: 00007f081114a090 R08: 0000000000000000 R09: 0000000000000000 [ 350.897802][ T9053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 350.897811][ T9053] R13: 0000000000000000 R14: 00007f08105a5fa0 R15: 00007ffd60552578 [ 350.897826][ T9053] [ 351.276227][ T5902] usb 2-1: config 0 has no interfaces? [ 351.287044][ T9038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 351.316639][ T5872] usb 1-1: USB disconnect, device number 35 [ 351.323523][ T9038] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 351.359536][ T30] audit: type=1400 audit(1743864785.447:341): avc: denied { create } for pid=9057 comm="syz.2.913" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 351.402928][ T9064] FAULT_INJECTION: forcing a failure. [ 351.402928][ T9064] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 351.434290][ T30] audit: type=1400 audit(1743864785.457:342): avc: denied { write } for pid=9057 comm="syz.2.913" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 351.454853][ T9064] CPU: 1 UID: 0 PID: 9064 Comm: syz.2.914 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 351.454875][ T9064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 351.454883][ T9064] Call Trace: [ 351.454889][ T9064] [ 351.454895][ T9064] dump_stack_lvl+0x16c/0x1f0 [ 351.454924][ T9064] should_fail_ex+0x512/0x640 [ 351.454945][ T9064] _copy_from_user+0x2e/0xd0 [ 351.454965][ T9064] copy_msghdr_from_user+0x98/0x160 [ 351.454987][ T9064] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 351.455017][ T9064] ___sys_sendmsg+0xfe/0x1d0 [ 351.455038][ T9064] ? __pfx____sys_sendmsg+0x10/0x10 [ 351.455083][ T9064] __sys_sendmsg+0x16d/0x220 [ 351.455102][ T9064] ? __pfx___sys_sendmsg+0x10/0x10 [ 351.455127][ T9064] ? rcu_is_watching+0x12/0xc0 [ 351.455156][ T9064] do_syscall_64+0xcd/0x260 [ 351.455178][ T9064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.455194][ T9064] RIP: 0033:0x7f081038d169 [ 351.455207][ T9064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.455222][ T9064] RSP: 002b:00007f081114a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 351.455239][ T9064] RAX: ffffffffffffffda RBX: 00007f08105a5fa0 RCX: 00007f081038d169 [ 351.455249][ T9064] RDX: 0000000020048810 RSI: 0000200000000100 RDI: 0000000000000003 [ 351.455259][ T9064] RBP: 00007f081114a090 R08: 0000000000000000 R09: 0000000000000000 [ 351.455269][ T9064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 351.455279][ T9064] R13: 0000000000000000 R14: 00007f08105a5fa0 R15: 00007ffd60552578 [ 351.455301][ T9064] [ 351.775277][ T5869] usb 4-1: USB disconnect, device number 38 [ 351.833409][ T5902] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 351.851425][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.859465][ T5902] usb 2-1: Product: syz [ 351.885092][ T5902] usb 2-1: Manufacturer: syz [ 351.889752][ T5902] usb 2-1: SerialNumber: syz [ 351.927469][ T5902] usb 2-1: config 0 descriptor?? [ 352.238582][ T9071] FAULT_INJECTION: forcing a failure. [ 352.238582][ T9071] name failslab, interval 1, probability 0, space 0, times 0 [ 352.278645][ T9071] CPU: 0 UID: 0 PID: 9071 Comm: syz.4.917 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 352.278674][ T9071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 352.278684][ T9071] Call Trace: [ 352.278690][ T9071] [ 352.278697][ T9071] dump_stack_lvl+0x16c/0x1f0 [ 352.278725][ T9071] should_fail_ex+0x512/0x640 [ 352.278743][ T9071] ? fs_reclaim_acquire+0xae/0x150 [ 352.278769][ T9071] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 352.278793][ T9071] should_failslab+0xc2/0x120 [ 352.278813][ T9071] __kmalloc_noprof+0xd2/0x510 [ 352.278836][ T9071] tomoyo_realpath_from_path+0xc2/0x6e0 [ 352.278863][ T9071] ? tomoyo_profile+0x47/0x60 [ 352.278883][ T9071] tomoyo_path_number_perm+0x245/0x580 [ 352.278903][ T9071] ? tomoyo_path_number_perm+0x237/0x580 [ 352.278927][ T9071] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 352.278949][ T9071] ? find_held_lock+0x2b/0x80 [ 352.278993][ T9071] ? find_held_lock+0x2b/0x80 [ 352.279013][ T9071] ? hook_file_ioctl_common+0x145/0x410 [ 352.279036][ T9071] ? __fget_files+0x20e/0x3c0 [ 352.279057][ T9071] security_file_ioctl+0x9b/0x240 [ 352.279082][ T9071] __x64_sys_ioctl+0xb7/0x200 [ 352.279108][ T9071] do_syscall_64+0xcd/0x260 [ 352.279132][ T9071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.279149][ T9071] RIP: 0033:0x7fa1a618d169 [ 352.279163][ T9071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 352.279179][ T9071] RSP: 002b:00007fa1a6f6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 352.279195][ T9071] RAX: ffffffffffffffda RBX: 00007fa1a63a5fa0 RCX: 00007fa1a618d169 [ 352.279206][ T9071] RDX: 00002000000000c0 RSI: 00000000c0205649 RDI: 0000000000000003 [ 352.279216][ T9071] RBP: 00007fa1a6f6b090 R08: 0000000000000000 R09: 0000000000000000 [ 352.279225][ T9071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 352.279235][ T9071] R13: 0000000000000000 R14: 00007fa1a63a5fa0 R15: 00007fff17ffd1c8 [ 352.279258][ T9071] [ 352.279265][ T9071] ERROR: Out of memory at tomoyo_realpath_from_path. [ 353.082926][ T9082] kvm: pic: non byte read [ 353.251909][ T9091] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 353.259711][ T5902] usb 2-1: USB disconnect, device number 29 [ 353.260994][ T9091] cramfs: wrong magic [ 354.481223][ T5869] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 354.654370][ T9104] xt_connbytes: Forcing CT accounting to be enabled [ 354.661019][ T9104] set match dimension is over the limit! [ 354.731877][ T5869] usb 3-1: config 0 has an invalid interface number: 117 but max is 0 [ 354.785719][ T5869] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 354.888846][ T5869] usb 3-1: config 0 has no interface number 0 [ 354.923296][ T5869] usb 3-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30 [ 355.239369][ T9115] FAULT_INJECTION: forcing a failure. [ 355.239369][ T9115] name failslab, interval 1, probability 0, space 0, times 0 [ 355.252397][ T9115] CPU: 1 UID: 0 PID: 9115 Comm: syz.4.926 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 355.252423][ T9115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 355.252434][ T9115] Call Trace: [ 355.252440][ T9115] [ 355.252446][ T9115] dump_stack_lvl+0x16c/0x1f0 [ 355.252475][ T9115] should_fail_ex+0x512/0x640 [ 355.252495][ T9115] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 355.252517][ T9115] should_failslab+0xc2/0x120 [ 355.252538][ T9115] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 355.252558][ T9115] ? mas_alloc_nodes+0x18b/0x8b0 [ 355.252583][ T9115] mas_alloc_nodes+0x18b/0x8b0 [ 355.252610][ T9115] mas_node_count_gfp+0x105/0x130 [ 355.252633][ T9115] mas_preallocate+0x53e/0xcd0 [ 355.252660][ T9115] ? __lock_acquire+0xaa4/0x1ba0 [ 355.252680][ T9115] ? __pfx_mas_preallocate+0x10/0x10 [ 355.252719][ T9115] ? __asan_memset+0x23/0x50 [ 355.252749][ T9115] commit_merge+0x29a/0x1020 [ 355.252771][ T9115] ? __pfx_commit_merge+0x10/0x10 [ 355.252794][ T9115] ? vma_merge_existing_range+0xc3d/0x1c80 [ 355.252811][ T9115] ? vma_merge_existing_range+0xc4a/0x1c80 [ 355.252833][ T9115] vma_merge_existing_range+0xc52/0x1c80 [ 355.252858][ T9115] ? __pfx_vma_merge_existing_range+0x10/0x10 [ 355.252884][ T9115] vma_modify+0x87/0x410 [ 355.252904][ T9115] vma_modify_flags+0x212/0x2d0 [ 355.252923][ T9115] ? __pfx_vma_modify_flags+0x10/0x10 [ 355.252939][ T9115] ? mtree_range_walk+0x718/0xc00 [ 355.252976][ T9115] mlock_fixup+0x27c/0xe50 [ 355.252998][ T9115] apply_mlockall_flags+0x2d4/0x470 [ 355.253018][ T9115] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 355.253036][ T9115] ? __pfx___might_resched+0x10/0x10 [ 355.253067][ T9115] ? __pfx_down_write_killable+0x10/0x10 [ 355.253093][ T9115] ? __pfx_ksys_write+0x10/0x10 [ 355.253114][ T9115] __do_sys_munlockall+0xc5/0x280 [ 355.253134][ T9115] do_syscall_64+0xcd/0x260 [ 355.253159][ T9115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.253176][ T9115] RIP: 0033:0x7fa1a618d169 [ 355.253190][ T9115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.253207][ T9115] RSP: 002b:00007fa1a6f29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 355.253224][ T9115] RAX: ffffffffffffffda RBX: 00007fa1a63a6160 RCX: 00007fa1a618d169 [ 355.253235][ T9115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 355.253245][ T9115] RBP: 00007fa1a6f29090 R08: 0000000000000000 R09: 0000000000000000 [ 355.253255][ T9115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 355.253264][ T9115] R13: 0000000000000001 R14: 00007fa1a63a6160 R15: 00007fff17ffd1c8 [ 355.253287][ T9115] [ 355.253304][ T9115] vmg ffffc900042dfc80 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start) [ 355.526112][ T9115] vmg ffffc900042dfc80 state: mm ffff88807abdee00 pgoff 200000000 [ 355.526112][ T9115] vmi ffffc900042dfe38 [200000000000,200000800000) [ 355.526112][ T9115] prev ffff888060f65dc0 middle ffff888060f65dc0 next 0000000000000000 target 0000000000000000 [ 355.526112][ T9115] start 200000000000 end 200000800000 flags 8100077 [ 355.526112][ T9115] file 0000000000000000 anon_vma ffff88807dade550 policy 0000000000000000 [ 355.526112][ T9115] uffd_ctx 0000000000000000 [ 355.526112][ T9115] anon_name 0000000000000000 [ 355.526112][ T9115] state 0 [ 355.526112][ T9115] just_expand 0 [ 355.526112][ T9115] __adjust_middle_start 0 __adjust_next_start 0 [ 355.526112][ T9115] __remove_middle 0 __remove_next 0 [ 355.591196][ T9115] vmg ffffc900042dfc80 mm: [ 355.595629][ T9115] mm ffff88807abdee00 task_size 140737488351232 [ 355.595629][ T9115] mmap_base 140332267683840 mmap_legacy_base 47300527484928 [ 355.595629][ T9115] pgd ffff888077846000 mm_users 4 mm_count 1 pgtables_bytes 126976 map_count 36 [ 355.595629][ T9115] hiwater_rss 14e7 hiwater_vm 5f85 total_vm 5fe8 locked_vm 800 [ 355.595629][ T9115] pinned_vm 0 data_vm 23fb exec_vm 1a4 stack_vm 21 [ 355.595629][ T9115] start_code 7fa1a6048000 end_code 7fa1a61e9529 start_data 7fa1a6380000 end_data 7fa1a6380000 [ 355.595629][ T9115] start_brk 55555ee4f000 brk 55555ee83000 start_stack 7fff17ffda30 [ 355.595629][ T9115] arg_start 7fff17ffdf6d arg_end 7fff17ffdf81 env_start 7fff17ffdf81 env_end 7fff17ffdfe9 [ 355.595629][ T9115] binfmt ffffffff8e60a620 flags 800007fd [ 355.595629][ T9115] ioctx_table 0000000000000000 [ 355.595629][ T9115] owner ffff8880786d4880 exe_file ffff888034b5ba40 [ 355.595629][ T9115] notifier_subscriptions 0000000000000000 [ 355.595629][ T9115] numa_next_scan 4294972718 numa_scan_offset 0 numa_scan_seq 0 [ 355.595629][ T9115] tlb_flush_pending 0 [ 355.595629][ T9115] def_flags: 0x0() [ 355.696333][ T9115] vmg ffffc900042dfc80 prev: [ 355.701407][ T9115] vma ffff888060f65dc0 start 0000200000000000 end 0000200000800000 mm ffff88807abdee00 [ 355.701407][ T9115] prot 25 anon_vma ffff88807dade550 vm_ops 0000000000000000 [ 355.701407][ T9115] pgoff 200000000 file 0000000000000000 private_data 0000000000000000 [ 355.701407][ T9115] refcnt 1 [ 355.701407][ T9115] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty) [ 355.738863][ T9115] vmg ffffc900042dfc80 middle: [ 355.743748][ T9115] vma ffff888060f65dc0 start 0000200000000000 end 0000200000800000 mm ffff88807abdee00 [ 355.743748][ T9115] prot 25 anon_vma ffff88807dade550 vm_ops 0000000000000000 [ 355.743748][ T9115] pgoff 200000000 file 0000000000000000 private_data 0000000000000000 [ 355.743748][ T9115] refcnt 1 [ 355.743748][ T9115] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty) [ 355.780893][ T9115] vmg ffffc900042dfc80 next: (NULL) [ 355.786213][ T9115] vmg ffffc900042dfc80 vmi: [ 355.790750][ T9115] MAS: tree=ffff88807abdee40 enode=ffff88802dcb7e0c [ 355.790786][ T9115] (ma_active) [ 355.797584][ T9115] Store Type: [ 355.800884][ T9115] node_store [ 355.807670][ T9115] [6/10] index=200000000000 last=2000007fffff [ 355.814023][ T9115] min=0 max=55555ee70fff alloc=0000000000000000, depth=1, flags=0 [ 355.822312][ T9115] maple_tree(ffff88807abdee40) flags 30B, height 2 root ffff888034f5421e [ 355.830744][ T9115] 0-ffffffffffffffff: node ffff888034f54200 depth 0 type 3 parent ffff88807abdee41 contents: 35555de4e000 2a4c45174000 2b000 ffff8000e8002000 0 0 0 0 0 0 | 03 03| ffff88802dcb7e0c 55555EE70FFF ffff88801f69240c 7FA1A5FFFFFF ffff88802dcb6e0c 7FA1A6F2AFFF ffff88802dcb660c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 [ 355.868218][ T9115] 0-55555ee70fff: node ffff88802dcb7e00 depth 1 type 1 parent ffff888034f54206 contents: 0000000000000000 110C22FFFF ffff888060f65780 110E22FFFF 0000000000000000 1B2F61FFFF ffff888060f65500 1B2F65FFFF 0000000000000000 1FFFFFFFEFFF ffff888060f65a00 1FFFFFFFFFFF ffff888060f65dc0 2000007FFFFF ffff888027e47500 200000FFFFFF ffff888060f658c0 200001000FFF 0000000000000000 55555EE4EFFF ffff888027c8cc80 55555EE70FFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 355.915168][ T9115] 0-110c22ffff: 0000000000000000 [ 355.920550][ T9115] 110c230000-110e22ffff: ffff888060f65780 [ 355.927123][ T9115] 110e230000-1b2f61ffff: 0000000000000000 [ 355.933253][ T9115] 1b2f620000-1b2f65ffff: ffff888060f65500 [ 355.939352][ T9115] 1b2f660000-1fffffffefff: 0000000000000000 [ 355.946081][ T9115] 1ffffffff000-1fffffffffff: ffff888060f65a00 [ 355.952621][ T9115] 200000000000-2000007fffff: ffff888060f65dc0 [ 355.959092][ T9115] 200000800000-200000ffffff: ffff888027e47500 [ 355.965579][ T9115] 200001000000-200001000fff: ffff888060f658c0 [ 355.973754][ T9115] 200001001000-55555ee4efff: 0000000000000000 [ 355.980220][ T9115] 55555ee4f000-55555ee70fff: ffff888027c8cc80 [ 355.986752][ T9115] 55555ee71000-7fa1a5ffffff: node ffff88801f692400 depth 1 type 1 parent ffff888034f5420e contents: ffff888030078500 55555EE82FFF 0000000000000000 7FA1A3FF6FFF ffff8880300783c0 7FA1A3FF7FFF ffff888030078280 7FA1A47F7FFF ffff888030078140 7FA1A47F8FFF ffff888030078000 7FA1A4FF8FFF ffff888031650dc0 7FA1A4FFAFFF ffff888031650c80 7FA1A53FAFFF ffff888031650b40 7FA1A53FCFFF ffff888031650a00 7FA1A57FCFFF ffff8880316508c0 7FA1A57FEFFF ffff888031650780 7FA1A5BFEFFF ffff888031650640 7FA1A5BFFFFF ffff888031650500 7FA1A5FFFFFF 0000000000000000 0 000000000000000d [ 356.038201][ T9115] 55555ee71000-55555ee82fff: ffff888030078500 [ 356.044970][ T9115] 55555ee83000-7fa1a3ff6fff: 0000000000000000 [ 356.051568][ T9115] 7fa1a3ff7000-7fa1a3ff7fff: ffff8880300783c0 [ 356.058019][ T9115] 7fa1a3ff8000-7fa1a47f7fff: ffff888030078280 [ 356.064581][ T9115] 7fa1a47f8000-7fa1a47f8fff: ffff888030078140 [ 356.071039][ T9115] 7fa1a47f9000-7fa1a4ff8fff: ffff888030078000 [ 356.077543][ T9115] 7fa1a4ff9000-7fa1a4ffafff: ffff888031650dc0 [ 356.084020][ T9115] 7fa1a4ffb000-7fa1a53fafff: ffff888031650c80 [ 356.090479][ T9115] 7fa1a53fb000-7fa1a53fcfff: ffff888031650b40 [ 356.096993][ T9115] 7fa1a53fd000-7fa1a57fcfff: ffff888031650a00 [ 356.103483][ T9115] 7fa1a57fd000-7fa1a57fefff: ffff8880316508c0 [ 356.109922][ T9115] 7fa1a57ff000-7fa1a5bfefff: ffff888031650780 [ 356.116779][ T9115] 7fa1a5bff000-7fa1a5bfffff: ffff888031650640 [ 356.123510][ T9115] 7fa1a5c00000-7fa1a5ffffff: ffff888031650500 [ 356.129970][ T9115] 7fa1a6000000-7fa1a6f2afff: node ffff88802dcb6e00 depth 1 type 1 parent ffff888034f54216 contents: ffff8880316503c0 7FA1A6047FFF ffff888031650280 7FA1A61E9FFF ffff888031650140 7FA1A6295FFF ffff888031650000 7FA1A6375FFF ffff88802d105b40 7FA1A637EFFF 0000000000000000 7FA1A637FFFF ffff8880310fa3c0 7FA1A6EDDFFF 0000000000000000 7FA1A6F08FFF ffff888027e47140 7FA1A6F09FFF ffff8880332dfa00 7FA1A6F29FFF ffff8880267378c0 7FA1A6F2AFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000a [ 356.178336][ T9115] 7fa1a6000000-7fa1a6047fff: ffff8880316503c0 [ 356.184787][ T9115] 7fa1a6048000-7fa1a61e9fff: ffff888031650280 [ 356.191262][ T9115] 7fa1a61ea000-7fa1a6295fff: ffff888031650140 [ 356.197701][ T9115] 7fa1a6296000-7fa1a6375fff: ffff888031650000 [ 356.204236][ T9115] 7fa1a6376000-7fa1a637efff: ffff88802d105b40 [ 356.210660][ T9115] 7fa1a637f000-7fa1a637ffff: 0000000000000000 [ 356.217537][ T9115] 7fa1a6380000-7fa1a6eddfff: ffff8880310fa3c0 [ 356.224270][ T9115] 7fa1a6ede000-7fa1a6f08fff: 0000000000000000 [ 356.230747][ T9115] 7fa1a6f09000-7fa1a6f09fff: ffff888027e47140 [ 356.271779][ T5869] usb 3-1: config 0 interface 117 altsetting 0 has an endpoint descriptor with address 0x4E, changing to 0xE [ 356.287152][ T5869] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 356.297174][ T5869] usb 3-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239 [ 356.369233][ T9115] 7fa1a6f0a000-7fa1a6f29fff: ffff8880332dfa00 [ 356.378408][ T9115] 7fa1a6f2a000-7fa1a6f2afff: ffff8880267378c0 [ 356.385428][ T9115] 7fa1a6f2b000-ffffffffffffffff: node ffff88802dcb6600 depth 1 type 1 parent ffff888034f5421e contents: ffff8880323c8280 7FA1A6F4AFFF ffff888027e47780 7FA1A6F4BFFF ffff88803476f140 7FA1A6F6BFFF ffff88803476f280 7FA1A6F6FFFF ffff88803476fdc0 7FA1A6F71FFF ffff88803476fb40 7FA1A6F73FFF 0000000000000000 7FFF17FDCFFF ffff88803476fc80 7FFF17FFDFFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008 [ 356.432143][ C1] vkms_vblank_simulate: vblank timer overrun [ 356.438573][ T9115] 7fa1a6f2b000-7fa1a6f4afff: ffff8880323c8280 [ 356.445215][ T9115] 7fa1a6f4b000-7fa1a6f4bfff: ffff888027e47780 [ 356.451658][ T9115] 7fa1a6f4c000-7fa1a6f6bfff: ffff88803476f140 [ 356.458082][ T9115] 7fa1a6f6c000-7fa1a6f6ffff: ffff88803476f280 [ 356.464519][ T9115] 7fa1a6f70000-7fa1a6f71fff: ffff88803476fdc0 [ 356.470931][ T9115] 7fa1a6f72000-7fa1a6f73fff: ffff88803476fb40 [ 356.477459][ T9115] 7fa1a6f74000-7fff17fdcfff: 0000000000000000 [ 356.483885][ T9115] 7fff17fdd000-7fff17ffdfff: ffff88803476fc80 [ 356.490285][ T9115] 7fff17ffe000-ffffffffffffffff: 0000000000000000 [ 356.497185][ T9115] ------------[ cut here ]------------ [ 356.502643][ T9115] WARNING: CPU: 1 PID: 9115 at mm/vma.c:759 vma_merge_existing_range+0x5d3/0x1c80 [ 356.511852][ T9115] Modules linked in: [ 356.515923][ T9115] CPU: 1 UID: 0 PID: 9115 Comm: syz.4.926 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 356.527708][ T9115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 356.538230][ T9115] RIP: 0010:vma_merge_existing_range+0x5d3/0x1c80 [ 356.544663][ T9115] Code: 00 00 00 48 89 d8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 4d 1c aa ff 48 c7 c6 20 d3 9b 8b 48 89 df e8 be bc f2 ff 90 <0f> 0b 90 e9 9b fc ff ff e8 30 1c aa ff 48 8b 54 24 20 48 b8 00 00 [ 356.564307][ T9115] RSP: 0018:ffffc900042dfb20 EFLAGS: 00010293 [ 356.570372][ T9115] RAX: 0000000000000000 RBX: ffffc900042dfc80 RCX: ffffffff8b68a713 [ 356.578413][ T9115] RDX: ffff8880282a2440 RSI: ffffffff82112402 RDI: 0000000000000006 [ 356.586589][ T9115] RBP: ffff888060f65dc0 R08: 0000000000000006 R09: ffffffffffffffff [ 356.594571][ T9115] R10: ffffffffffffffff R11: 0000000000000001 R12: 0000200000800000 [ 356.602577][ T9115] R13: ffffc900042dfca0 R14: ffff888060f65dc0 R15: 0000200000000000 [ 356.610552][ T9115] FS: 00007fa1a6f296c0(0000) GS:ffff888124ab3000(0000) knlGS:0000000000000000 [ 356.619570][ T9115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 356.626366][ T9115] CR2: 00007f9e0e400020 CR3: 0000000077846000 CR4: 00000000003526f0 [ 356.634520][ T9115] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 356.642503][ T9115] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 356.650487][ T9115] Call Trace: [ 356.653783][ T9115] [ 356.656706][ T9115] ? __pfx_vma_merge_existing_range+0x10/0x10 [ 356.662801][ T9115] vma_modify+0x87/0x410 [ 356.667041][ T9115] vma_modify_flags+0x212/0x2d0 [ 356.671892][ T9115] ? __pfx_vma_modify_flags+0x10/0x10 [ 356.677250][ T9115] ? mtree_range_walk+0x718/0xc00 [ 356.682302][ T9115] ? mas_walk+0x6a6/0x910 [ 356.686623][ T9115] mlock_fixup+0x27c/0xe50 [ 356.691029][ T9115] apply_mlockall_flags+0x2d4/0x470 [ 356.696238][ T9115] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 356.701966][ T9115] ? __pfx___might_resched+0x10/0x10 [ 356.707246][ T9115] ? __pfx_down_write_killable+0x10/0x10 [ 356.712892][ T9115] ? __pfx_ksys_write+0x10/0x10 [ 356.717756][ T9115] __do_sys_munlockall+0xc5/0x280 [ 356.722799][ T9115] do_syscall_64+0xcd/0x260 [ 356.727529][ T9115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.733623][ T9115] RIP: 0033:0x7fa1a618d169 [ 356.738026][ T9115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.757681][ T9115] RSP: 002b:00007fa1a6f29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 356.766125][ T9115] RAX: ffffffffffffffda RBX: 00007fa1a63a6160 RCX: 00007fa1a618d169 [ 356.774219][ T9115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 356.782193][ T9115] RBP: 00007fa1a6f29090 R08: 0000000000000000 R09: 0000000000000000 [ 356.790147][ T9115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 356.798173][ T9115] R13: 0000000000000001 R14: 00007fa1a63a6160 R15: 00007fff17ffd1c8 [ 356.806153][ T9115] [ 356.809161][ T9115] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 356.816429][ T9115] CPU: 1 UID: 0 PID: 9115 Comm: syz.4.926 Not tainted 6.14.0-syzkaller-13423-ga8662bcd2ff1 #0 PREEMPT(full) [ 356.827966][ T9115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 356.838012][ T9115] Call Trace: [ 356.841274][ T9115] [ 356.844193][ T9115] dump_stack_lvl+0x3d/0x1f0 [ 356.848792][ T9115] panic+0x71c/0x800 [ 356.852671][ T9115] ? __pfx_panic+0x10/0x10 [ 356.857073][ T9115] ? show_trace_log_lvl+0x29b/0x3e0 [ 356.862263][ T9115] ? check_panic_on_warn+0x1f/0xb0 [ 356.867359][ T9115] ? vma_merge_existing_range+0x5d3/0x1c80 [ 356.873148][ T9115] check_panic_on_warn+0xab/0xb0 [ 356.878072][ T9115] __warn+0xf6/0x3c0 [ 356.881952][ T9115] ? vma_merge_existing_range+0x5d3/0x1c80 [ 356.887754][ T9115] report_bug+0x3c3/0x580 [ 356.892075][ T9115] ? vma_merge_existing_range+0x5d3/0x1c80 [ 356.897865][ T9115] handle_bug+0x184/0x210 [ 356.902225][ T9115] exc_invalid_op+0x17/0x50 [ 356.906722][ T9115] asm_exc_invalid_op+0x1a/0x20 [ 356.911558][ T9115] RIP: 0010:vma_merge_existing_range+0x5d3/0x1c80 [ 356.917970][ T9115] Code: 00 00 00 48 89 d8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 4d 1c aa ff 48 c7 c6 20 d3 9b 8b 48 89 df e8 be bc f2 ff 90 <0f> 0b 90 e9 9b fc ff ff e8 30 1c aa ff 48 8b 54 24 20 48 b8 00 00 [ 356.937567][ T9115] RSP: 0018:ffffc900042dfb20 EFLAGS: 00010293 [ 356.943651][ T9115] RAX: 0000000000000000 RBX: ffffc900042dfc80 RCX: ffffffff8b68a713 [ 356.951629][ T9115] RDX: ffff8880282a2440 RSI: ffffffff82112402 RDI: 0000000000000006 [ 356.959593][ T9115] RBP: ffff888060f65dc0 R08: 0000000000000006 R09: ffffffffffffffff [ 356.967549][ T9115] R10: ffffffffffffffff R11: 0000000000000001 R12: 0000200000800000 [ 356.975504][ T9115] R13: ffffc900042dfca0 R14: ffff888060f65dc0 R15: 0000200000000000 [ 356.983470][ T9115] ? mt_dump_node+0xcd3/0x16d0 [ 356.988223][ T9115] ? vma_merge_existing_range+0x5d2/0x1c80 [ 356.994023][ T9115] ? __pfx_vma_merge_existing_range+0x10/0x10 [ 357.000079][ T9115] vma_modify+0x87/0x410 [ 357.004307][ T9115] vma_modify_flags+0x212/0x2d0 [ 357.009144][ T9115] ? __pfx_vma_modify_flags+0x10/0x10 [ 357.014516][ T9115] ? mtree_range_walk+0x718/0xc00 [ 357.019534][ T9115] ? mas_walk+0x6a6/0x910 [ 357.023852][ T9115] mlock_fixup+0x27c/0xe50 [ 357.028259][ T9115] apply_mlockall_flags+0x2d4/0x470 [ 357.033449][ T9115] ? __pfx_apply_mlockall_flags+0x10/0x10 [ 357.039160][ T9115] ? __pfx___might_resched+0x10/0x10 [ 357.044443][ T9115] ? __pfx_down_write_killable+0x10/0x10 [ 357.050072][ T9115] ? __pfx_ksys_write+0x10/0x10 [ 357.054909][ T9115] __do_sys_munlockall+0xc5/0x280 [ 357.059918][ T9115] do_syscall_64+0xcd/0x260 [ 357.064412][ T9115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.070294][ T9115] RIP: 0033:0x7fa1a618d169 [ 357.074693][ T9115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 357.094285][ T9115] RSP: 002b:00007fa1a6f29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098 [ 357.102687][ T9115] RAX: ffffffffffffffda RBX: 00007fa1a63a6160 RCX: 00007fa1a618d169 [ 357.110645][ T9115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 357.118608][ T9115] RBP: 00007fa1a6f29090 R08: 0000000000000000 R09: 0000000000000000 [ 357.126562][ T9115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 357.134657][ T9115] R13: 0000000000000001 R14: 00007fa1a63a6160 R15: 00007fff17ffd1c8 [ 357.142678][ T9115] [ 357.145915][ T9115] Kernel Offset: disabled [ 357.150220][ T9115] Rebooting in 86400 seconds..