last executing test programs: 10.867263228s ago: executing program 3 (id=1248): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004f40)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000400)="f2e0b7531e2063b7a6345c67a555f26bf2ef0fbc7006a89c01a5517e64a10b791358670701b411733c3a0934877d466f0cd8cb7f6a170fc7a990fb07b3e8d4c588345e6b8fdf025851f3aadc6c3abde6ba8a4b5ece8598be1d57bd1e85c8e8660cbc3a", 0x63}], 0x1}}], 0x1, 0x48100) (async, rerun: 64) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x3a8, 0x2b0, 0x2b0, 0x2b0, 0x138, 0x98, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x408) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async, rerun: 32) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001800010000000000f8dbdf2102200008000000090000000008000100e000000206001c004e20000008000700e000000208000200ffffffff080001"], 0x4c}}, 0x0) (rerun: 32) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3400000050000104002ff827a754c3549faa7bb2", @ANYRES32=0x0, @ANYBLOB="00000000201200001400128009000100626f6e6400"], 0x34}}, 0x0) (async, rerun: 32) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000010"], 0x50}}, 0x0) (rerun: 32) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) (async) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x5}) (async, rerun: 64) r4 = semget$private(0x0, 0x4, 0x80) (rerun: 64) semop(r4, &(0x7f0000000100)=[{0x2, 0xd5db}], 0x1) (async) semop(r4, &(0x7f0000000140)=[{0x0, 0xfffb}, {0x0, 0x7f, 0x1800}], 0x2) (async) semctl$SETALL(r4, 0x0, 0x11, &(0x7f0000000080)=[0xb7]) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10.06809293s ago: executing program 3 (id=1251): openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x240181, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, 0x0, 0x0) bind$inet6(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, 0x0, 0x0) bind$inet6(r1, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=@newtaction={0x18, 0x30, 0x100, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885, 0x0, 0x4, 0x306}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MKDIRAT={0x25, 0x54, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000000)='./file0\x00', 0x20, 0x0, 0x1}) io_uring_enter(r3, 0x3516, 0xc2de, 0x8, 0x0, 0x0) 9.723444696s ago: executing program 3 (id=1254): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e21, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000040)=0x4, 0x4) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x0, 0x0, 0x0, 0x400}, 0xfffffffe, [0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x8, 0x3, 0x0, 0xfffffffa, 0x711, 0x0, 0x80000001, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x6e3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1ff, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1], [0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0xee, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffe1b, 0x0, 0x0, 0x0, 0xfffffffd, 0x8000]}, 0x45c) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() fchownat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x1000) quotactl_fd$Q_GETINFO(0xffffffffffffffff, 0xffffffff80000501, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket(0x15, 0x5, 0x0) mmap(&(0x7f00007fb000/0x2000)=nil, 0x2000, 0x2000011, 0x13, r1, 0xa0e8e000) getsockopt(r5, 0x200000000114, 0x2710, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106800000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67100000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 8.154829973s ago: executing program 4 (id=1260): r0 = open(0x0, 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, 0x0, 0x4000) r2 = socket(0xa, 0x40000000002, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f0000000080)={{{@in=@loopback, @in=@remote, 0x4e23, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0xfffffffffffffffc, 0x4}, 0x0, 0x0, 0x1, 0x1}, {{@in=@multicast1, 0x4d5, 0x32}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x0, 0x0, 0x0, 0xb7, 0x4}}, 0xe8) sendmmsg(r5, &(0x7f0000000180), 0x400000000000077, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) timer_settime(0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xd4}}, 0x0) (fail_nth: 4) getsockopt$EBT_SO_GET_INFO(r2, 0x0, 0x80, &(0x7f0000000240)={'broute\x00', 0x0, 0x0, 0x0, [0x80000000000008, 0x8, 0xfffffffffffffa9f, 0x2, 0x1, 0x4b3]}, &(0x7f0000000000)=0x78) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file3\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x0, 0xa, 0x6, 0x0, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x9, @void, @value, @void, @value}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x2, &(0x7f0000000040)=[{0x5, 0x9, 0x5, 0x9}, {0x9, 0x5, 0x1, 0x9}]}) 7.514176641s ago: executing program 1 (id=1262): r0 = socket$nl_generic(0x10, 0x3, 0x10) getresuid(&(0x7f0000000080), &(0x7f00000001c0), &(0x7f0000000200)=0x0) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="305000003d00090000000800000800000100000004000000100001800c00108008000200", @ANYRES32=r1, @ANYBLOB="080002"], 0x30}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000000) 7.325940733s ago: executing program 3 (id=1263): r0 = io_uring_setup(0x5f41, &(0x7f00000001c0)={0x0, 0x0, 0x2}) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x800, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x7}, 0x1c) listen(r3, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0xe97, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r5, 0xc038563c, &(0x7f00000002c0)={0x0, 0xe7, {0x100, 0xf, 0xfffff1b6, 0xfffffffd}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="8c000000", @ANYRES16, @ANYBLOB="01002dbd7000fbdbdf250800000005000d000000000006001d00070000000c000f00030000000000000014001f00000000000000000000000000000000010600030002f8ffff13002000fc0000000000000000000000000000011400080076657468315f746f5f62617461647600050004000000000005000d00000000000500060001000000"], 0x8c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2) close_range(r0, 0xffffffffffffffff, 0x0) 7.236068886s ago: executing program 1 (id=1265): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000001}, 0x4000811) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='cpuset\x00') r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)}, 0x20) preadv(r0, &(0x7f0000000840)=[{&(0x7f0000000880)=""/4090, 0xffa}], 0x1, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x8000000003c) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r2, 0x7005) epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000100)=0x2, 0x4) connect$inet6(r6, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) recvmmsg(r6, &(0x7f0000000080), 0x21e, 0x40010002, 0x0) 6.060002015s ago: executing program 1 (id=1266): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00') read$FUSE(r0, &(0x7f0000001080)={0x2020}, 0x2020) preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000480)=""/187, 0xbb}], 0x1, 0x4c, 0x0) socket$alg(0x26, 0x5, 0x0) syz_open_dev$sndctrl(&(0x7f0000001ac0), 0xffffffff7ffffffd, 0x80000) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) capset(&(0x7f00000020c0)={0x19980330}, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b7050000000000007910a800000000001da00000000000080000000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2a) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) timerfd_create(0x3, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, 0x0, 0x0) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r4, 0x402, 0x8000003d) fcntl$setsig(r4, 0xa, 0x40000000001d) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000, 0x1) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x30}}, 0x40) sendmmsg$unix(r2, &(0x7f0000000000), 0x0, 0x4) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) socket(0x10, 0x3, 0x0) syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) 5.448013568s ago: executing program 4 (id=1270): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x54c, 0x5c4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="002205000000477738e21f8f4fb2c63afcfdfb6d7e50906fb254bbcdcf16b4b8690b3dad86e404043b374e5d12125cb8e199e79d1d0e0414d9f81d8734f33ef4d6d079e1e103a22a11b9c513344e86979ed277ee3e83a5a0a1f752c9ad1eff83b73dfcf4131ef13af39cb867a4c0689f4e033e3917a30e58d39ed9876a34764879167b2ce8b85f6bd7dfc8451b6280a8e46c91305ca47e716fac625aab431a276cade4db89942ef6c77c6030b6bed3c5ef4e1c97b350dcaaf22412e7023a6bb68f2409abef7ef6dfa662b244630c4fbf3951660e73b438ec9626fc0552a59bf10b2bb189f04ac5b7cb1a2d0b5bc1f2fa914545ba042813ebf9ec26b4"], 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 5.352040544s ago: executing program 3 (id=1271): getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000800)={0x0}, &(0x7f0000000840)=0xc) sched_setscheduler(r0, 0x5, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x101) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) io_submit(0x0, 0x7, &(0x7f00000007c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x9, 0xffffffffffffffff, &(0x7f0000000300)="77dac0f091bb24e5d72b09889cb29310db2df593a713d57fd90dda2eaedd23aa7f8b873c0bfff0c05cdb1247c7a94bb84d834283d5ab599fc52f3109b73346457c2fc60f4d1450788168ceed6dce63df4ce5d82e35290cb5b846c917d1247adf55ea2bcfe3b8139f4418d1417c058c7d2cd254b595f085522cae0bc581f341783de0a01362ca23734c8b2463a17cad8a708ae87c12bb232081d5ffbe3edfe2e69fa18437c7ea12787b", 0xa9, 0x24, 0x0, 0x1}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2, 0x9, r3, &(0x7f00000003c0)="492093622fb04df3f1e71620246487ece62c5cafedac16b55d90a44cd7b319951d4b0c9820915e0dd2a5c991e24fc52aa8db1ece73a1e03ac35f1d7afabc25ce89176774a52b2cc2a9548e8609b5990f619dd45ad46d328d30b1c68a6de635de8640175136fa7d6e18c141a5a512c80765d313af871d1d8894aae8149135dae84dfb46c6d0d4e1c8386604abd11a3fe582d53c9e284f826846076689ce1390e96ca778166e6d8dbef4dcd788faf3561790d6936c6033de76dda3a66b81042dc6289cb2c9f5b9462042cba29662da4dfeff8c9cd2709385d701ff2a35aef182e7464724712ba924771d74e64f66e82ffc", 0xf0, 0x80000000, 0x0, 0x3}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x4, 0xffffffffffffffff, &(0x7f0000000240)="cce5f28ef25819625e573a", 0xb, 0x84}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x7, 0x3, r1, &(0x7f0000000900)="342bb8fc9d01fb2b17e01cf3f79fc32347950760b1a5e55ecc369d4d41446cd629f74d156af48005", 0x28, 0x863d, 0x0, 0x2}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x6, 0x100, 0xffffffffffffffff, &(0x7f0000000540)="4f6d8775d91394fa3e792d15655be217cdd72da613c593eec6d91280a9c8838b5d3516d976425f190bcf9fb0b75505c576176625bb59d26c7ace197d3ea90481b66288aaff8fb17bc5970359b3b7d266", 0x50, 0xe, 0x0, 0x2}, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x5, 0x3, r2, &(0x7f0000000600)="2b1878a036037b5d07f35129a73fb72cc211a5866efeb3e8327f49bcf8edb28494122a1f0374d7d3a944654d49d59c6da7a5f46d564d1d3d895f72bc8e1beaa4f1274b30eed7ffeaf42fb438a480d0ad9637d455d066148a02f3d39489f948c8c609c25323847a9ef45a833fadaaa60e4157b85cbda2cbe142b7a4505dc88c11384fcf178d56a41c2c835271f96a954f857f662bf17a173599cc7b7b3030c9679a9eb0d8888eb239b6b68500655d58da5001d5fbb899c1c11ab985dba32f9bb8e7052cd4d60583cb058ce2939ffbd0a46e64a255b76679846fd555982bc111033b8295047d852ef056fb", 0xea, 0x5f}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x3, 0x3ff, r2, &(0x7f0000000740)="cf93faedddba4203ad064abcfc44d5ed89c5", 0x12, 0x305, 0x0, 0x2}]) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYRES16], 0x0, 0x4, 0x0, 0x0, 0x41100, 0x25, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffffd1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x282e000, @void, @value}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008d}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r5 = socket$inet6(0xa, 0x40000080806, 0x0) listen(r5, 0x20000005) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 5.334409918s ago: executing program 0 (id=1273): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e21, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000040)=0x4, 0x4) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x0, 0x0, 0x0, 0x400}, 0xfffffffe, [0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x8, 0x3, 0x0, 0xfffffffa, 0x711, 0x0, 0x80000001, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x6e3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1ff, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1], [0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0xee, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffe1b, 0x0, 0x0, 0x0, 0xfffffffd, 0x8000]}, 0x45c) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() fchownat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x1000) quotactl_fd$Q_GETINFO(0xffffffffffffffff, 0xffffffff80000501, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket(0x15, 0x5, 0x0) mmap(&(0x7f00007fb000/0x2000)=nil, 0x2000, 0x2000011, 0x13, r1, 0xa0e8e000) getsockopt(r5, 0x200000000114, 0x2710, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106800000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67100000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 5.256030813s ago: executing program 1 (id=1274): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x4b564d01, 0x0, 0xaf}]}) (async) ioctl$KVM_KVMCLOCK_CTRL(r5, 0xaead) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) r6 = socket(0x10, 0x3, 0x0) write(r6, &(0x7f0000000100)="1400000052004f7fb3e45f2024d2f1c9fb470000", 0x14) (async) recvmmsg(r6, &(0x7f0000005c80), 0x1b, 0x10122, 0x0) 3.965305576s ago: executing program 1 (id=1276): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000001}, 0x4000811) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='cpuset\x00') r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)}, 0x20) preadv(r0, &(0x7f0000000840)=[{&(0x7f0000000880)=""/4090, 0xffa}], 0x1, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x8000000003c) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r2, 0x7005) epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000100)=0x2, 0x4) connect$inet6(r6, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) recvmmsg(r6, &(0x7f0000000080), 0x21e, 0x40010002, 0x0) 2.916541626s ago: executing program 2 (id=1278): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0xfff, 0x0) read$FUSE(r0, &(0x7f0000000b00)={0x2020}, 0x2020) syz_init_net_socket$x25(0x9, 0x5, 0x0) userfaultfd(0x801) syz_open_dev$swradio(0x0, 0x1, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) close(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpid() ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000580)={'gretap0\x00', &(0x7f0000000500)={'syztnl2\x00', 0x0, 0x8000, 0x40, 0xa, 0x5, {{0x9, 0x4, 0x1, 0x10, 0x24, 0x65, 0x0, 0x7, 0x2f, 0x0, @local, @remote, {[@noop, @ssrr={0x89, 0xf, 0x1e, [@rand_addr=0x64010100, @loopback, @private=0xa010100]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000640)={'ip6gre0\x00', &(0x7f00000005c0)={'ip6gre0\x00', r2, 0x29, 0x28, 0x7, 0x9, 0x26, @mcast1, @local, 0x1, 0xbc00, 0x8, 0x1}}) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0xa1) mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x2200080, &(0x7f0000000240)={[{@index_on}]}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1863ae1bfb567e671691853481e6d3c613100027831aca95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) close_range(r5, 0xffffffffffffffff, 0x0) mq_notify(r0, &(0x7f00000004c0)={0x0, 0x1a, 0x0, @thr={&(0x7f0000000340)="2a76b39380f750007270688df6a2321366e6f7d26391fffe02266ca522692358fad2f7c80e0dc855a5163c5e19920e4eba50f5b0800be5c396dba408e1cb4c3b10ad31d712618569d9b3d9226bbd065b5aa8aa05b1addfd9defa99fe66a6bfb656d05829ad35", &(0x7f00000003c0)="36b7d90fbb74d60b2d4a87338125c4bb1ebc66f5e8b2ba8a8e9a5023d3c206f86460f0e89553e37d7f4f625778ee78631a32ff558615c089beb1ab845f56bd60a97f77fbebe35441d995e092767dd2eabf6644981a1c01b2e94e46be5c40ec295c714e7608d3f04a4ef2b950794ce1285584100d8b1e5922332bd6aeb9c27713f167841271dd632ab8f10f7c940c889417e9e64bfb5556b28511ec2b34e1f2686ad1eec60882f3df3df23c53f2dad50ef6e8d48ea340361cce93ac3f142defdb48dd6db08c88b0b195eb5e95a6d104645668cb44132221794bafa76f9514"}}) poll(0x0, 0x0, 0x2) 2.449048068s ago: executing program 0 (id=1279): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0xffffffff}, @hyper, 0x0, 0x400, 0x8, 0x0, 0x8}) 1.730149496s ago: executing program 0 (id=1280): r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000080)={0x980000, 0x6, 0x4, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xa30903, 0x5, '\x00', @value=0x97}}) (fail_nth: 1) 1.583372028s ago: executing program 4 (id=1281): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$get_security(0x11, r1, &(0x7f0000000080), 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) ioctl$TUNSETTXFILTER(r5, 0x400454d1, &(0x7f0000000580)=ANY=[@ANYRES32=r4]) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xb, 0xc, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r6}, 0x18) dup(r2) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) syz_open_procfs(r0, &(0x7f0000000240)='mountinfo\x00') r8 = shmget$private(0x0, 0x3000, 0x1, &(0x7f0000ffc000/0x3000)=nil) shmat(r8, &(0x7f0000ffc000/0x4000)=nil, 0x4000) mlock2(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1) mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1) finit_module(r7, 0x0, 0x0) 1.583029843s ago: executing program 2 (id=1282): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) socket$inet_mptcp(0x2, 0x1, 0x106) 1.582653448s ago: executing program 1 (id=1283): syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4dd086d04b1082a6d00000004090212"], 0x0) r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000540), 0x4000, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000580)=0x4) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000080)=0xc0) write$sndseq(r2, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @time={0x7, 0x5}, {}, {}, @control={0x4, 0x31, 0x10001}}, {0x0, 0x0, 0x7f, 0x3, @tick=0xf27, {0x1}, {}, @addr={0x2a, 0x5}}], 0x38) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x5, 0x3, &(0x7f0000000340)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = socket$inet6(0xa, 0x1, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @random="97c4864ef7a3", @void, {@ipv4={0x800, @generic={{0x8, 0x4, 0x0, 0x0, 0x20, 0x64, 0x0, 0x0, 0xc84cf8fe4733a687, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0xc}, {[@ssrr={0x89, 0x3, 0xef}, @cipso={0x86, 0x6}]}}}}}}, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4ea2, 0x0, @local}, 0x1c) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x181101, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x880c1, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = add_key(&(0x7f0000000640)='ceph\x00', &(0x7f0000000680)={'syz', 0x0}, &(0x7f00000006c0)="03f737784d91e4713483723c1883cd2c65f1b695f8fad7f472a6e03497e27129349e1480a2d47016e39c1aabcf53503a5f06c7c4ffc91cc8bb50543b6c56b4e47b90bb26a33b059d1cc655ed3e98874b4873f89e390e97f734c4db3f45edabc6b2c9b674739ed4a59c36e90784d1cf8a4a89ad04a1df0e46a03bb1f77374a552df5e7f3f3c1dcd8afb78fd25", 0x8c, 0xfffffffffffffffd) r7 = add_key(&(0x7f00000007c0)='cifs.idmap\x00', &(0x7f0000000800)={'syz', 0x3}, &(0x7f0000000840)="66ebba82d4576aa6e7dd2f0e99d4a834f49014810f41f8112ebd4e3cc22e1508c4035c2e65151a0a2d30ef69503e864754686b5b7355384d71cc4b9eab6a14e6342b950ce49a13c66e3f902bcdf4538a96aeb4825d2bf396f59ec9db65cbf9798344259b7b90d0a9df2126980cb257fde45cf21fa0f41059753332a49110ce94cef773e7d66599e89be0c4791c1a8f226bfc5e50c79f2d04ab69002bfa4a37271e73f926234929cc89d1e9025ac6a02ba889b9b9a99327afa050d0477a430353dd073f26", 0xc4, 0xfffffffffffffff9) r8 = add_key$user(&(0x7f0000000940), &(0x7f0000000980)={'syz', 0x2}, &(0x7f00000009c0)="17b03968fa2cd73769a08b0d17d4d13218ba3f210091ae36e8b8751768d63025ef658d042d7e524e01ad0bb1ca468d3071f23e0990a625ac24a796a537c955b2f2d87675b4fe918ff07ca95f30fba69bef227d5f7632b518107511dce94562bb161e92e27a454d49991a304a8cfc9e3732bd9b7b6b932fc848551f6a85af10ae778bccec3f3d6901", 0x88, 0xfffffffffffffffa) keyctl$dh_compute(0x17, &(0x7f0000000a80)={r6, r7, r8}, 0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b80)={'digest_null-generic\x00'}, &(0x7f0000000bc0)="ab7173b52d9b010d43261bdd94cd91993f4eb2a36a", 0x15}) r9 = socket$caif_stream(0x25, 0x1, 0x4) writev(r9, &(0x7f0000000780)=[{&(0x7f0000000340)="1a1229a2a2", 0x5}], 0x1) r10 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100004366b408c70b0800c84f0102030109022d00010000000009040000032eb47d000905f9ffffff00000009050f47"], 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r3, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) add_key$fscrypt_v1(&(0x7f00000003c0), &(0x7f0000000400)={'fscrypt:', @desc3}, &(0x7f0000000440)={0x0, "03bd6631408d5c0dd1d3d03b734ad6d2acfc2f876ec4082f374a2050a071f86b57201fdcb6122fe8af8ab4118b4df17f417db6cca626e3a7c62d6901fec24e5c", 0x2a}, 0x48, 0x0) r11 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/kernel/cpu_byteorder', 0x0, 0x2) ioctl$SOUND_MIXER_WRITE_VOLUME(r11, 0xc0044d18, &(0x7f0000000600)=0xf) 595.949429ms ago: executing program 0 (id=1284): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x201, 0x4800003e, r0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r1, 0x61, 0x40001002, r2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_sys\x00', 0x275a, 0x0) r3 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r3, 0x0, 0xd1, 0x0, 0x0) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000300), 0x228000, 0x0) pwritev2(r4, &(0x7f00000001c0), 0x0, 0x40, 0x9d, 0x1e) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$inet_udp(0x2, 0x2, 0x0) r7 = creat(&(0x7f00000000c0)='./file1\x00', 0x13e) close(r7) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e0021768238324ee0d5b18eabeda10c06e6143315"], 0x1c}}, 0x0) recvmmsg(r9, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0xa}], 0x2, 0x2, 0x0) bind$unix(r8, &(0x7f0000003000)=@file={0x1}, 0xc) listen(r8, 0x0) r10 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) read$msr(r10, &(0x7f0000000440)=""/200, 0xc8) writev(r10, &(0x7f0000000400)=[{&(0x7f0000002500)='\f7', 0x2}, {&(0x7f00000007c0)="d08c8ad1a7d6f9f1dde04b08d6c3a0e7edc5bdde85788dce0a3465bd8e8c8a2e42f8db811e202588f3523679123fafcd976cb90f30774c66cb16a089bd64fbeec92051d706b567b873abbb1d48d8bd93cf641b39f54775d2c9bd33868b66109f81d087fe6a9bb1ab3ca25412d263d5ef3568cb0a2d16a575a0f1638c39df34d8680f113b000a593bc09c474869a84a6e5ff6578cc2fe1699415fba5a084e2a45a9c08e14472cc558ccc69cc4dcab529fecde72671eca9d9750bbda7bf3a85ac12dae449b4b876b6b30e07790ae2c0dd279b4568d6410d9094e1ca379eeaa3341bd96d69245638c5bab1c41470361b91560e5ef5829b70e91f95f6b7a6f376fbfd8a3a0e44b7f8eac481e3b5f7c4f0faba4372cb43e0be599ea5b5abcf25d9ef1b3869641d97c446e4598a434a17c8d06aee568e65c1d79214ef5cfc13ef79968b599d2e0c86ebee6bbe706c1c618be019b48ddfe42b6dc5a462cd7ea4505279ea9c3a034f147a7b29a7bf665bebd2277478adc2535e30f675cd01ef51677bb44a5114a83281a5b6701d56848488a46a8fed64db8584d98ac5f20d98c3fab6789054ac0c94867f90b3edc7fbb74f6f132b751ebcb393b98fccac645d2dc0bccce0b6524a45e5bcd0b4c7d6786f20534bcebc281b76f61b549e5736873f83e687d30c968b0ca7389438efa08c402eff8d4522536442881c2e6adb27e91c037669c145c64ce75bd0cae6217375af32deeecc0b964ecd1e99fb14b8033752d328c760c0ddad8cd7ec736c7b2d426de540f0f214044615590b84680a09e3ebae62b33589eda8b58b702e8c01f3e3bd2fd41d8a0b9df4d58cc09d0ddf5a711b1839c8e8d261985d43ca7b93b9134adaee6ed156466a126ad7f16b2e6003985f149eb646f220cfb465b6c02b993493035c64552b05f207bfa7481277da25e26ad43790fc84fae546ec0050c581b3e2264fc3e36ed2184b510bd3ac2c872620a21849573023e505666ebe7d59e1ed81835b2fa0136d77051ba03d16efdb00aa06527dd9dcbfdfe82c2c89d76e62dbbd21b42adc87387552bafe00ccaa2495510132d35a194e1397e71edd98eac49775a3d13d6537a86c4839812545d693d932b034dee1b9b0554b0733d54d092c211e2a13a04062b629a3ee8a78816536b2bc3d11296cca5f8d289c5e1ec6363c2e7a1a074fc8b1847f603426648fc472c99ae7242bc1a7c419e2acde77951ef19552461c12f40c6badb5790bad59115964e270b4cd8a09bfaa87ba3f2ed5b4a8b35da017f4f9a4ad8096819bf7cbaf889558727ce2ffaec8340e9e9b95b3c0f8464253f6b451557a64ef10a4b1a4c382f0583278c9be7f98e5675fdb870d53ebed721c844fcddfedf63853a755243a5bc14ef8ff1f6a013805a996c156bd24365f9532baccfdb7318b656cf5b75fd96bfb9fb7d83ccb21233519d92a8eb4aa72104ca07055fecf27fac73b909e9a355f21c536609e1e2b99e2a22df661da1dbd1c485303709dade1cbcc41129873a43fa3609210ab734cf931265b172ea17115c2f2eb3c9e7e8f2db3cfb0a87c89915e154a8d9061110e87d166cc04e15ab137f868cdb602e7dd4e02d6f146c99c4d2238e8356ed373c4ea093a8d658f09d44e9bd2d7b1a5bf9e1df5cfd0b5c396efce9c9efc12cb2a8382463611f1ca83dda36c5278469a7cfb4ccd199b6f28a3932b69616a8dcfad23c712b232eb20456de6dddb46914a2ff4e9bb503f5136a57d57743c96ab3a96c000adba9e0a6780cd7eeed4ab6d444a70033fb550ded3de875a28ca697a5bb982b226c2517d468cd18d5e21ef7bbb9bad396e9625bcc6bb3bd092c264e9d78622b42d6125ea0de88c22e0a5205610b17b929f0e525b0d41a52e57129ac0dd5d5d7dc9e7f8caf9f6d67ffcd524cced32bbc25bec245be3c8c60676c435be86b7bc92c59aee9e41674e38c3c91bbaf598b97ac00ae7e15ac7ee9a7aa89d9ca7cc9822890a0ad693c2b87e30630bd5af4639ee9df7b505f6f44086fad8e4012e701f1b46921dff8bf9c30e48b6a64beb8cbf02f28a6c86819f06973e438694183231053f79e802f447a5388daf7d7d81cc08d17c8bcdd044319ec2c94e80141b53efaf71758f6e36fb4e20a514448ba4df3450972f4695d6170962c751419e5cf302b401de50f692a4c6ddac7cb12dcba133e7a1377703221a0fd1e5809ab92a3b3482a0ce71acba2a972952af46b4b7a76418ec81088b1e48345d71d9a43fc021e9814c25cfb908318804b389dd57ce948ed8d336ddb02ac362d21fa4ad51881e55f0d01516a3109e3ae65317448bbd55efb759f12b7d2886b66ffe0a39b9c92122ac2cfdf149cb78750ad2cdbc1e3a45be63eeca2ca34a38026bded273b758fc4f6b14e91ee3b7681a0389e605827fad9dd2eb074a9a891d57e858c647175cea048069be9f5dd142d70f0ffc09998be58043dc30b0a1af3179de10b30e50f146b6020c09f15cea18803a95a10035c3b971d57f423b42f516c9eacfa1371fb628518a96b9211119a3ba65b54fa7ec0b584fdfcdad3d89aa35c0203f070a80caff684699d41297488ff0edad2c21e4e92f14ffe2e01fa84237720b55e95a814b77a811c37a8b600bebb713222d46e88a40252946ad0493879f8ba0df2cf429114156b5ab24a4243d0c50b0f40f1068fd3557c49701e1ed5e5c6eddb8c8011c11d00a1d188feb3965b4a9a7152e604a7b44c3c1ba7f490e9b6096cc2d7d9e896b87c3884be79516aa10b7ff30f39f50ea04ce9b573944f2bc7d7e80d7cf949c4a3c30536dc9958c01c7562ba164814cb01664c48b419ffa15cfdd41b7ad98b1562408094de707447457afba312c88bd972b354409c10fe8412aaf7b1389a22ea5e2d4c8779d41b74cc825029165ed129c652b4414f33fb2a0204ae8b93be3b02e4c5d7f49a5b021d14f6e4ddfac749c4cd3c0e4d267a456d8e742ca2c3d304d48c8de8665624e46a39058272faa750f508fd84f411a105187054e8e7473bba3eb8cf436f7a7a3a7384e6d382d905acfda5528f7ed2227c63e4cde36419ec84a9431b7f89308aeac07f575b17d0f7cb8c385e8f69e210af9719a022b70b95e306c54d61ff77a38513013754a55fad55d2dfa6096bf1997cfea0ce2c7a3ee45277f4005aac06dec6580e763d1981c5b51e229f39a549946ce12c8375435eb2e5a6de2c281b28c9b5b628acab00f63cbd3071487f6d37a8a417c86b38e8cb4e3e1b9d6964a3d18a4b7505b3e3961190c11dc43b5bfcfb227dad494a07dd8d87d4a0c90e58502a44100f5772f4ae4b2c56fa5ae8039a00a575f534b1d8ef0edfd75d2f2e5cceed3b48e7f5921e86b3c6303f6caae4dd8a0b5336d6d7b17c866ca2b27b21a6ef8722b3a05317af3ce2c5fb6fc3b6cc1d425214ddd087e9c3f381125bf32abc2cc0fc970562f2a8b627373a179b9219ad8a2b0e0d37a00dbaad790c8307b97bc71298116e528bd3448c7a1d870817e2cccfc1dbff0cbb444774a23f69e84a01bcb634dd4cc3acdd6c6c447325cc7149cacb25b4ab1efc52ca999386d21fc371c1a3fd2ac72cc6f5c729625999f21a47d010b8b26cbf946e83d9dfd275aca9cc3ee689134623485f4721c15ddf67871fd83720b5134dedc15f905a5564e1ca72389554e39a22ac051e25a152d50616570d6929e56d0d2b8d6f88d642b93ada7de10b74edba702f55ebb899b84a10846ef8dfecbf5b92ed435620d5b18f6cb8315db2a57f1fb92600c8db579569053062f522824db5a402a243fb1ec8e0359aaa6678456f28d4b564e38b3c45df970277e2a7056a267a8f956b892b0cc6a584f970d16f964713ba130861fd6f14808bad8d6818b182c23a731b8046b9d6574c875c46093560e5df3e1d4c219fe4bc77c9d4df3397c11aa711f658f1eeb6414bfa7a54b6e533027a1423c16520be31ae2d53d2539443684e7e005d0d681fe75319be7396cbb3a41439ce302fb1b21cb515bed86387b3154fc29d2c743851dfc13326b6fd78c48a8a074324457977031a70bbcc01350f1e98ef63d10a4730012f3280d61fe00e19b92c83ab4507b301ba48b48ab08cb526a8172039f6b455b375273f822a61c50f758354e7e2f276cac8b42d802f52c96ac0038d4faff75f775e818d3a3392a42799b1ee70511822c83835aa0ced3ba4daada572c36299750df3d0651df0ec60b898154831ba6b79708a62837c25a66c1ec436997404b0ea36267b35af1bb80599727755e17cb67c8d2369caaf5be706e7cfa2319f5f7c930e79a489d07638fab4c25d382e930889495bf885a562c41dd41034c19ccee82777ad753fece3c2e6cf3c930a7b7b947137ca1fe9804f95d86fe85bae706f9899fd1e72cbf2b5af4b60f2bc2ee19f9a04c2298bff4b6aa997c0dd54a1d6ab17983b74dc14b8f6c962d5135f19c62aa43a4b49004238898b9fa2883c06627ebbb35dcef82f3d9df6affd85f039e196d61cdcd24d5f60373eaeb2d0d514af3d46d3403c004a8263ca757670df292fa285fe76cf6beab720a0a0d0b40839c5b20a53fd451a411ff9a8abd32f985d0c7bacaafa7bebaf51dd4c7f4dfcef351ee349d831a2e71529fb445f931f8c11f10a6db51b981c9eb7fcd05d073bb57273a95ceb16378ae20f1f83bcbb4cb32d6de53e1495865c4c8e3a9db289492ee7633b59ae0d43cccaf53baad7d7e71896be0be368b3253add579d658421425713513452ecbdbe2666f3b5af7bb7ad06a8d010545511c6f251ff8a77caf271e91520cf56db4fbda3dfb6309eac12d4001606f669494760c8ae684d3a31b05414bd262e498b8e640774d8043c30b3dc576d351430d869728cd092c4510bffc0231cae19e8b5dd10f8045dd9fbc939ba14fa5929b44aeeb0f8cc4bb873e80d65d3b03377d3872ea84f420a972eba59fc37b47fcc660c0d45f9a4f1acaecf54eb4fd154c1d1602021ba6edab2a25cf4d151d717115914a0e6d068447bc5af2097acdcc1e869e5149c2657d14aa1f7f6b92a26c48ccb25234ce296d04ac35e6960bf768f075a4c0766eb7a3c7b9a564b9e9160a1cfb4ca3870c748ef9ba8c89c0d818c9a6ef6198f2e5aeaf910a2fff79998388f07b0df0f2788d6c1dabb974a59dfa6074ca363ceb650c2c837842b8d4fa918a82959a037484249427a4d73bc46959ce4ee1ee1f6bca7b4922a34096d445f8f38baa08055ae4e87c36edcac180f8bc7ddceae2ef6db3e7f85420fb2febbef05bc481dabdf6910436f0670bca68d5beba671c2efbfcac5b1c3151a49fb6d7e99dad7b21ed02eeb88cb9636d04396039a323b7fc3da05743742e75cac55442531682adeae326e811aa51961552dcae501145ee59a51a03053cc0ff13b1fffc0dc7e46e7dfb48087de7772ea71acfff3efd8cfdfc96a3d8d028f79f5978d01beccf13cb255c7f3153c5789fae8523bd4af43eba7e56d2085f04434fa3be7281f7297082411b2accc12e7c96daa3aad0c0ce1ecf3c7179a0a97f5459777e3fe864c8b466039e92b02defd65ea0d74bb360d5402d767e404123785ec51255ad4dd54a7c857d107309aff51f8af554cc557b0c48ba75e3f7c14413d72e9935a1fb75bd83124c0f4e82c3d09fc0c0223e8d10fd513246d688248c6740db28390a6a461e20fba095887792dfefd46cb9d0f2aa4c824634083d8a2c48c08c6eaad9a0339af6313e83567d506fc93f35b6d7861d34a50e0bbbf2b72dff4a1e29a1041c53f2ac9a9d34a496d7b0b3ff7fea1f3aff35451ce158804", 0x1000}], 0x2) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x200000, &(0x7f0000000200)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d3fa53cd137e36c3c22a4e6621bd93df5459c96878cfcb9686434306f0f9f56c419cf1ddff7192dda76089a7b33894ca39f", @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r8, @ANYBLOB=',\x00']) setsockopt$inet_int(r6, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4) sendmmsg$inet(r6, &(0x7f0000002240)=[{{&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32, @ANYBLOB="ac1414aa7f0000010000000010000000000000000000ff"], 0x30}}], 0x1, 0x20000000) sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001", @ANYRESDEC=r7], 0x7c}}, 0x1) r11 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r11, &(0x7f0000000040)={0x2a, 0xffffffffffffffff}, 0xc) 595.659063ms ago: executing program 2 (id=1285): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20040051}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="020000000000000002000000e0"], 0x190) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="020000000000000002000000e001"], 0x190) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) syz_emit_ethernet(0x12, &(0x7f00000004c0)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@llc={0x4, {@llc={0x42, 0x42, "f3", "f4"}}}}}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{}, &(0x7f0000000200), &(0x7f0000000340)}, 0x20) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4) 580.044624ms ago: executing program 3 (id=1286): r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) close(r0) r1 = socket(0x1e, 0x4, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000280)) r6 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil) shmat(r6, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) statx(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x400, 0x200, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) statx(0xffffffffffffffff, &(0x7f0000000580)='./file0\x00', 0x800, 0x20, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) shmctl$IPC_SET(r6, 0x1, &(0x7f0000000500)={{0x1, r7, r8, 0xffffffffffffffff, 0x0, 0x88, 0xd}, 0x80000000, 0x639, 0x69f, 0x9, r3, r3, 0x9}) timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x88000}, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f0000000140)={0x1000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r9 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) 508.267261ms ago: executing program 4 (id=1287): r0 = socket(0x28, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000040)=""/104, 0x4d) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0100dd6a6857ab152b9f7e00fd81bc9e68000000191e477029e27ba9bd34d7bf1929a041a64c0bb8cf40a653a1e8edc3e2db1b773bcac9a81c26be5ec355ebaee6c770526eb744073d038368a5093b8676c13eb66f7c5f0840b92b794db0231d66a039b95be7b300fb345c6013c16c5c5b449a5f30782990bea9f931a2b4ed0eaf0759f5534102552679335a4aa5150f2528bb5e3ad2d7446c810cb4a7e2b65c7b841296897399d746f2d8aa4005981f903d14899512c0f8f5ccabf934f07a10f04a28026850cb5166c5e3e7080f17", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) dup2(0xffffffffffffffff, 0xffffffffffffffff) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="110000000400000004000000ff00000000000000", @ANYRES32, @ANYRESDEC, @ANYRES32=r0, @ANYRESHEX=r2, @ANYBLOB="00000000000000000000000000000000000000000000060000000000"], 0x50) r6 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_mreq(r6, 0x29, 0x1d, 0x0, &(0x7f0000000040)) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r5, &(0x7f0000000140), &(0x7f0000000080)=@udp6}, 0x20) r7 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r7, 0x6, 0x0, 0x0, 0x0) fsmount(r7, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r7, 0x7, 0x0, 0x0, 0x0) r8 = syz_io_uring_setup(0x112, &(0x7f0000000280)={0x0, 0x408c, 0x100, 0x8, 0x40}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x2121, 0x0, {0x3}}) io_uring_enter(r8, 0x47f6, 0xb277, 0x0, 0x0, 0x0) 339.916954ms ago: executing program 4 (id=1288): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x400000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x0, 0x0, &(0x7f0000000280)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sync() r2 = socket(0x11, 0x3, 0x0) bind$packet(r2, &(0x7f0000000080)={0x11, 0xd, 0x0, 0x1, 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="10000002ddffffffff0100000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xb, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000003d0009000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota') chdir(&(0x7f0000000100)='./file1\x00') r6 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x766c618eb221465a) quotactl_fd$Q_SETINFO(r6, 0xffffffff80000600, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, 0x0) sendto$packet(r2, &(0x7f00000002c0)="fb5797bac8000000000000000000", 0xe, 0x0, 0x0, 0x0) sync() 338.406497ms ago: executing program 2 (id=1289): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, 0x0, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0xffffffff}, @hyper, 0x0, 0x400, 0x8, 0x0, 0x8}) 266.929991ms ago: executing program 0 (id=1290): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0xffffffff}, @hyper, 0x0, 0x400, 0x8, 0x0, 0x8}) 196.034739ms ago: executing program 2 (id=1291): r0 = socket(0x18, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000100000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x307, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0xa}}], {0x14}}, 0x70}}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000300)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000380)={0x78, 0x3, 0x3, 0x5, 0x0, 0x0, {0x6, 0x0, 0x6}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffd, 0xf533c3f6}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0xfffff775}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0x8}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffb, 0x65}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff, 0x2}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x3}, @NFQA_VERDICT_HDR={0xc}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0x1}}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc, 0x9}}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000800}, 0x4c10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) read(r2, &(0x7f00000058c0)=""/116, 0x74) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000005980)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x44}, 0x0) sendmsg$NFT_MSG_GETCHAIN(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000040a0102"], 0x14}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x100000000004, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) accept4$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, &(0x7f0000000200)=0x10, 0x400) socket(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023893) gettid() timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmmsg(r4, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x0, 0x0) setsockopt$sock_int(r4, 0x1, 0x2e, &(0x7f0000000000)=0x400000d2, 0x4) shutdown(r4, 0x0) 156.839728ms ago: executing program 0 (id=1292): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff0000", @ANYBLOB, @ANYBLOB], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000080000000fcffffff000018ffea2ea6a83fa42c23849c1a05ef29a236a04bebabbcd170971ffa22db836e2c139386921cddba", @ANYRES16=r0, @ANYBLOB="8a17193896fa90e8cca8d478ec6155b5f229bf8ac0c9e2"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mkdir(&(0x7f0000000140)='./bus\x00', 0x84) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000080)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000000, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, 0x0) umount2(&(0x7f0000000100)='./bus\x00', 0x8) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}], [{@permit_directio}, {@seclabel}, {@euid_eq}, {@euid_gt}, {@euid_eq}, {@uid_gt}]}) socket$inet6(0xa, 0x80002, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) 137.497499ms ago: executing program 4 (id=1293): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000001}, 0x4000811) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='cpuset\x00') r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)}, 0x20) preadv(r0, &(0x7f0000000840)=[{&(0x7f0000000880)=""/4090, 0xffa}], 0x1, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x8000000003c) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r2, 0x7005) epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000100)=0x2, 0x4) connect$inet6(r6, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) recvmmsg(r6, &(0x7f0000000080), 0x21e, 0x40010002, 0x0) 0s ago: executing program 2 (id=1294): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) syz_open_dev$sndmidi(0x0, 0x9, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000300), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) capset(0x0, 0x0) r2 = socket(0x10, 0x400000000080803, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x8100}, 0x14) openat$sndseq(0xffffffffffffff9c, 0x0, 0x10000) socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) (fail_nth: 4) kernel console output (not intermixed with test programs): [ 265.396103][ T8532] RIP: 0033:0x7f252018d169 [ 265.396115][ T8532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.396130][ T8532] RSP: 002b:00007f2520fbe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 265.396145][ T8532] RAX: ffffffffffffffda RBX: 00007f25203a5fa0 RCX: 00007f252018d169 [ 265.396155][ T8532] RDX: 0000000000000000 RSI: 00002000000035c0 RDI: 0000000000000003 [ 265.396164][ T8532] RBP: 00007f2520fbe090 R08: 0000000000000000 R09: 0000000000000000 [ 265.396173][ T8532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.396181][ T8532] R13: 0000000000000000 R14: 00007f25203a5fa0 R15: 00007fff02eab078 [ 265.396201][ T8532] [ 265.535000][ T8534] (unnamed net_device) (uninitialized): down delay (4) is not a multiple of miimon (8), value rounded to 0 ms [ 265.561826][ T45] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 265.738974][ T1203] usb 4-1: config 1 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 265.750311][ T1203] usb 4-1: config 1 interface 0 has no altsetting 0 [ 265.763577][ T1203] usb 4-1: New USB device found, idVendor=0c70, idProduct=f001, bcdDevice= 0.40 [ 265.773267][ T1203] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.781406][ T1203] usb 4-1: Product: К [ 265.785727][ T1203] usb 4-1: Manufacturer: ቖ瑘ꈻ㛣襷Ꭺ黓蘑苬䠩崺擞趚Ō⻚瘳睌훔Αꌪ䏠鵷뀳呍눑⻣⍨繘篤읯﵉ࢇ䰬遯䏆蓖喏岰 [ 265.830204][ T1203] usb 4-1: SerialNumber: ш [ 265.969207][ T45] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF6, changing to 0x86 [ 266.025409][ T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 65535, setting to 1024 [ 266.056510][ T5870] usb 3-1: USB disconnect, device number 19 [ 266.148659][ T45] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x86 has invalid maxpacket 1024 [ 266.252107][ T45] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 266.331166][ T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.383901][ T45] usb 2-1: config 0 descriptor?? [ 266.389903][ T8529] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 266.410225][ T45] gspca_main: spca561-2.14.0 probing abcd:cdee [ 266.438370][ T1203] usbhid 4-1:1.0: can't add hid device: -71 [ 266.450458][ T1203] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 266.462811][ T1203] usb 4-1: USB disconnect, device number 21 [ 266.510953][ T8544] netlink: 'syz.4.695': attribute type 1 has an invalid length. [ 266.519877][ T8544] netlink: 224 bytes leftover after parsing attributes in process `syz.4.695'. [ 266.608539][ T45] spca561 2-1:0.0: probe with driver spca561 failed with error -22 [ 266.617309][ T45] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 266.632299][ T45] usb 2-1: MIDIStreaming interface descriptor not found [ 266.686819][ T45] usb 2-1: USB disconnect, device number 22 [ 266.690439][ T5870] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 266.860469][ T5870] usb 3-1: Using ep0 maxpacket: 8 [ 266.876698][ T5870] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 266.887211][ T5870] usb 3-1: config 0 has no interfaces? [ 266.894479][ T5870] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 266.904880][ T5872] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 266.912606][ T5870] usb 3-1: config 0 has no interfaces? [ 266.923012][ T5870] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 266.923885][ T5830] udevd[5830]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 266.934551][ T5870] usb 3-1: config 0 has no interfaces? [ 266.991496][ T5870] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 267.002509][ T5870] usb 3-1: config 0 has no interfaces? [ 267.008699][ T5870] usb 3-1: New USB device found, idVendor=046d, idProduct=08b1, bcdDevice=6d.2a [ 267.019192][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.031385][ T5870] usb 3-1: config 0 descriptor?? [ 267.273417][ T5872] usb 5-1: Using ep0 maxpacket: 32 [ 267.306339][ T5872] usb 5-1: unable to get BOS descriptor or descriptor too short [ 267.337352][ T5872] usb 5-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 267.871103][ T5872] usb 5-1: config 1 interface 0 has no altsetting 0 [ 267.879650][ T5872] usb 5-1: New USB device found, idVendor=056a, idProduct=0323, bcdDevice= 0.40 [ 267.963198][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.971356][ T5872] usb 5-1: Product: 骚罔꜃먙炽窃捠趐孩ᮌ⟲퇅ㅃ뙘㚿쥁Ԯ⑓乣䘻ꍆ炦囶橗毐맣ឣꟸ꣹絺ﻓ 館嫒攼쉑戢챠赂뤎궣晅撮᷈Ⱟ擷ꏕ뷧놖⍊᧋ㅧओ臰쾕t뒳啜득チ斮愸಴횡䖀焹锳芣⼟掗浰ꄓ臰뼳覨젌拮꺧귀찝냨ు窢ᖌ⚽⹻跟줺麇ὠ≸觩㦻꫚䤭稑풍᧷廉鰄쮽캳琣㊲恻㙶鰑칈✾㞥 [ 268.807290][ T5872] usb 5-1: Manufacturer: 쁆ಹ뫝؉䐆뫬㿿鍷翏ᗓԛꝡᨠॺ甽茳ꨔ⎉敆챭覌౒爴먛އ㾍ﻞ棶☈㝱閥謐∬䦥㐶뵠悆꼔㤢띯㦍䓹慬휼龶긛滜㉩♿䒿䅼뽳⌠偞׈⭱鍿腴ᐗ삧䕊롟ᔯ䄇咲䆇䅃胿∌뽸鰑寅㲣鮜ậǺ䁾Ꮋ໅￟∼Ὅ౬裩ҟᓏ䢸륩냜笔젖譴閹⭤硃ꠚ [ 268.867745][ T8540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 268.878015][ T8540] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.888156][ T5872] usb 5-1: SerialNumber: Ც㕐裱钦⊮踚㊱꧛泮鍜㢎諦꧅꼝ǔ崶઺ඃ㗕췻뎢㢰Ƞ퇰軪鈥媋䆋ٹ矡欂㡬탯લパᛧ [ 268.942865][ T1203] usb 3-1: USB disconnect, device number 20 [ 269.238231][ T8567] FAULT_INJECTION: forcing a failure. [ 269.238231][ T8567] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 269.251939][ T8567] CPU: 0 UID: 0 PID: 8567 Comm: syz.1.702 Not tainted 6.14.0-syzkaller #0 [ 269.251962][ T8567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 269.251972][ T8567] Call Trace: [ 269.251977][ T8567] [ 269.251983][ T8567] dump_stack_lvl+0x16c/0x1f0 [ 269.252013][ T8567] should_fail_ex+0x50a/0x650 [ 269.252047][ T8567] _copy_from_user+0x2e/0xd0 [ 269.252065][ T8567] sg_write+0x2cd/0xe00 [ 269.252093][ T8567] ? __pfx_sg_write+0x10/0x10 [ 269.252141][ T8567] ? bpf_lsm_file_permission+0x9/0x10 [ 269.252159][ T8567] ? security_file_permission+0x71/0x210 [ 269.252185][ T8567] ? rw_verify_area+0xcf/0x680 [ 269.252210][ T8567] ? __pfx_sg_write+0x10/0x10 [ 269.252233][ T8567] vfs_write+0x24c/0x1150 [ 269.252258][ T8567] ? __fget_files+0x1fc/0x3a0 [ 269.252275][ T8567] ? __pfx_lock_release+0x10/0x10 [ 269.252299][ T8567] ? __pfx_vfs_write+0x10/0x10 [ 269.252325][ T8567] ? lock_acquire+0x2f/0xb0 [ 269.252345][ T8567] ? __fget_files+0x40/0x3a0 [ 269.252364][ T8567] ? __fget_files+0x206/0x3a0 [ 269.252392][ T8567] ksys_write+0x12b/0x250 [ 269.252406][ T8567] ? __pfx_ksys_write+0x10/0x10 [ 269.252428][ T8567] do_syscall_64+0xcd/0x250 [ 269.252453][ T8567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.252476][ T8567] RIP: 0033:0x7f7bf778d169 [ 269.252490][ T8567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.252506][ T8567] RSP: 002b:00007f7bf864d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 269.252522][ T8567] RAX: ffffffffffffffda RBX: 00007f7bf79a6080 RCX: 00007f7bf778d169 [ 269.252533][ T8567] RDX: 0000000000000038 RSI: 0000200000000000 RDI: 0000000000000006 [ 269.252543][ T8567] RBP: 00007f7bf864d090 R08: 0000000000000000 R09: 0000000000000000 [ 269.252551][ T8567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.252560][ T8567] R13: 0000000000000000 R14: 00007f7bf79a6080 R15: 00007fffe14ac7f8 [ 269.252579][ T8567] [ 269.881732][ T5872] usbhid 5-1:1.0: can't add hid device: -71 [ 269.887720][ T5872] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 269.897181][ T5872] usb 5-1: USB disconnect, device number 22 [ 270.087636][ T8577] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 270.098198][ T8577] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 270.156565][ T30] kauditd_printk_skb: 78 callbacks suppressed [ 270.156581][ T30] audit: type=1400 audit(1742861563.556:776): avc: denied { create } for pid=8574 comm="syz.2.705" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 270.300570][ T8577] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 270.310867][ T5870] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 270.483434][ T5870] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 270.496049][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.712470][ T8584] veth0_vlan: entered allmulticast mode [ 270.790314][ T8584] veth0_vlan: left promiscuous mode [ 270.799781][ T8584] veth0_vlan: entered promiscuous mode [ 270.871259][ T8584] Failed to initialize the IGMP autojoin socket (err -2) [ 271.189819][ T5870] usb 4-1: Product: syz [ 271.196405][ T5870] usb 4-1: Manufacturer: syz [ 271.201912][ T5870] usb 4-1: SerialNumber: syz [ 271.222721][ T5870] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 271.260063][ T9] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 271.528481][ C0] usb 4-1: ath: unknown panic pattern! [ 271.758490][ T8572] netlink: 12 bytes leftover after parsing attributes in process `syz.3.703'. [ 271.784466][ T45] usb 4-1: USB disconnect, device number 22 [ 272.307840][ T9] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 272.324582][ T9] ath9k_htc: Failed to initialize the device [ 272.345610][ T45] usb 4-1: ath9k_htc: USB layer deinitialized [ 272.881787][ T8599] netlink: 'syz.3.711': attribute type 11 has an invalid length. [ 272.917662][ T30] audit: type=1326 audit(1742861566.316:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8597 comm="syz.3.711" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f67cfb8d169 code=0x0 [ 274.064240][ T8617] netlink: 'syz.0.716': attribute type 1 has an invalid length. [ 274.072261][ T8617] netlink: 224 bytes leftover after parsing attributes in process `syz.0.716'. [ 274.336272][ T991] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 274.490417][ T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 275.207997][ T8636] hub 1-0:1.0: USB hub found [ 275.213433][ T8636] hub 1-0:1.0: 1 port detected [ 275.542864][ T9] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 275.553174][ T9] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 275.562297][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.714286][ T9] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 276.990976][ T30] audit: type=1400 audit(1742861570.326:778): avc: denied { bind } for pid=8647 comm="syz.1.723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 277.040857][ T9] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32 [ 277.148362][ T30] audit: type=1400 audit(1742861570.326:779): avc: denied { listen } for pid=8647 comm="syz.1.723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 277.150944][ T9] stv0680 4-1:4.0: STV(e): camera ping failed!! [ 277.172223][ T30] audit: type=1400 audit(1742861570.526:780): avc: denied { accept } for pid=8647 comm="syz.1.723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 277.261044][ T30] audit: type=1400 audit(1742861570.646:781): avc: denied { connect } for pid=8657 comm="syz.0.726" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 277.262560][ T9] stv0680 4-1:4.0: last error: 0, command = 0x0 [ 277.776470][ T8667] netlink: 'syz.1.727': attribute type 11 has an invalid length. [ 277.801786][ T5872] usb 4-1: USB disconnect, device number 23 [ 277.939950][ T30] audit: type=1326 audit(1742861571.336:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8662 comm="syz.1.727" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7bf778d169 code=0x0 [ 278.183703][ T30] audit: type=1400 audit(1742861571.586:783): avc: denied { append } for pid=8674 comm="syz.0.731" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 278.221539][ T30] audit: type=1400 audit(1742861571.606:784): avc: denied { ioctl } for pid=8674 comm="syz.0.731" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 278.871535][ T8682] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 278.879299][ T8682] audit: out of memory in audit_log_start [ 278.970354][ T5872] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 280.048411][ T5872] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 280.059527][ T8691] hub 1-0:1.0: USB hub found [ 280.064564][ T8691] hub 1-0:1.0: 1 port detected [ 280.564662][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.613097][ T5872] usb 5-1: Product: syz [ 280.620378][ T5872] usb 5-1: Manufacturer: syz [ 280.623298][ T8702] input: syz0 as /devices/virtual/input/input19 [ 280.624998][ T5872] usb 5-1: SerialNumber: syz [ 280.652369][ T8702] FAULT_INJECTION: forcing a failure. [ 280.652369][ T8702] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 280.682664][ T8702] CPU: 1 UID: 0 PID: 8702 Comm: syz.1.738 Not tainted 6.14.0-syzkaller #0 [ 280.682691][ T8702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 280.682699][ T8702] Call Trace: [ 280.682704][ T8702] [ 280.682711][ T8702] dump_stack_lvl+0x16c/0x1f0 [ 280.682739][ T8702] should_fail_ex+0x50a/0x650 [ 280.682767][ T8702] _copy_from_user+0x2e/0xd0 [ 280.682784][ T8702] input_event_from_user+0x134/0x3b0 [ 280.682804][ T8702] ? __pfx_input_event_from_user+0x10/0x10 [ 280.682829][ T8702] uinput_write+0xbb6/0x12b0 [ 280.682857][ T8702] ? __pfx_uinput_write+0x10/0x10 [ 280.682880][ T8702] ? bpf_lsm_file_permission+0x9/0x10 [ 280.682899][ T8702] ? security_file_permission+0x71/0x210 [ 280.682926][ T8702] ? rw_verify_area+0xcf/0x680 [ 280.682951][ T8702] ? __pfx_uinput_write+0x10/0x10 [ 280.682973][ T8702] vfs_write+0x24c/0x1150 [ 280.682999][ T8702] ? __fget_files+0x1fc/0x3a0 [ 280.683015][ T8702] ? __pfx_lock_release+0x10/0x10 [ 280.683039][ T8702] ? __pfx_vfs_write+0x10/0x10 [ 280.683065][ T8702] ? lock_acquire+0x2f/0xb0 [ 280.683086][ T8702] ? __fget_files+0x40/0x3a0 [ 280.683105][ T8702] ? __fget_files+0x206/0x3a0 [ 280.683128][ T8702] ksys_write+0x207/0x250 [ 280.683143][ T8702] ? __pfx_ksys_write+0x10/0x10 [ 280.683165][ T8702] do_syscall_64+0xcd/0x250 [ 280.683190][ T8702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.683214][ T8702] RIP: 0033:0x7f7bf778d169 [ 280.683228][ T8702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.683244][ T8702] RSP: 002b:00007f7bf866e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 280.683259][ T8702] RAX: ffffffffffffffda RBX: 00007f7bf79a5fa0 RCX: 00007f7bf778d169 [ 280.683269][ T8702] RDX: 000000000000fe4f RSI: 0000200000000000 RDI: 0000000000000003 [ 280.683279][ T8702] RBP: 00007f7bf866e090 R08: 0000000000000000 R09: 0000000000000000 [ 280.683288][ T8702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 280.683297][ T8702] R13: 0000000000000000 R14: 00007f7bf79a5fa0 R15: 00007fffe14ac7f8 [ 280.683319][ T8702] [ 281.279937][ T5872] usb 5-1: can't set config #1, error -71 [ 281.296565][ T5872] usb 5-1: USB disconnect, device number 23 [ 282.344935][ T5872] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 282.619129][ T5872] usb 2-1: config 131 has an invalid interface number: 242 but max is 0 [ 282.642087][ T5872] usb 2-1: config 131 has no interface number 0 [ 282.662451][ T8721] netlink: 'syz.4.744': attribute type 11 has an invalid length. [ 282.683311][ T5872] usb 2-1: config 131 interface 242 altsetting 13 endpoint 0x2 has invalid maxpacket 7573, setting to 64 [ 282.695667][ T30] audit: type=1326 audit(1742861576.086:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8720 comm="syz.4.744" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4f19d8d169 code=0x0 [ 282.726553][ T5872] usb 2-1: config 131 interface 242 altsetting 13 endpoint 0xC has invalid wMaxPacketSize 0 [ 282.753937][ T5872] usb 2-1: config 131 interface 242 has no altsetting 0 [ 282.782966][ T5872] usb 2-1: New USB device found, idVendor=0bfd, idProduct=010b, bcdDevice=19.10 [ 282.801460][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=5 [ 282.829899][ T5872] usb 2-1: Product: syz [ 282.840035][ T5872] usb 2-1: Manufacturer: syz [ 282.844763][ T5872] usb 2-1: SerialNumber: syz [ 282.862549][ T8718] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 283.976407][ T5870] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 284.705584][ T5870] usb 1-1: Using ep0 maxpacket: 32 [ 284.733837][ T5870] usb 1-1: unable to get BOS descriptor or descriptor too short [ 284.787262][ T5870] usb 1-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 284.827907][ T5870] usb 1-1: config 1 interface 0 has no altsetting 0 [ 284.838554][ T5870] usb 1-1: New USB device found, idVendor=056a, idProduct=0323, bcdDevice= 0.40 [ 284.848755][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.857178][ T5870] usb 1-1: Product: 骚罔꜃먙炽窃捠趐孩ᮌ⟲퇅ㅃ뙘㚿쥁Ԯ⑓乣䘻ꍆ炦囶橗毐맣ឣꟸ꣹絺ﻓ 館嫒攼쉑戢챠赂뤎궣晅撮᷈Ⱟ擷ꏕ뷧놖⍊᧋ㅧओ臰쾕t뒳啜득チ斮愸಴횡䖀焹锳芣⼟掗浰ꄓ臰뼳覨젌拮꺧귀찝냨ు窢ᖌ⚽⹻跟줺麇ὠ≸觩㦻꫚䤭稑풍᧷廉鰄쮽캳琣㊲恻㙶鰑칈✾㞥 [ 284.893764][ T5870] usb 1-1: Manufacturer: 쁆ಹ뫝؉䐆뫬㿿鍷翏ᗓԛꝡᨠॺ甽茳ꨔ⎉敆챭覌౒爴먛އ㾍ﻞ棶☈㝱閥謐∬䦥㐶뵠悆꼔㤢띯㦍䓹慬휼龶긛滜㉩♿䒿䅼뽳⌠偞׈⭱鍿腴ᐗ삧䕊롟ᔯ䄇咲䆇䅃胿∌뽸鰑寅㲣鮜ậǺ䁾Ꮋ໅￟∼Ὅ౬裩ҟᓏ䢸륩냜笔젖譴閹⭤硃ꠚ [ 285.018844][ T5872] kvaser_usb 2-1:131.242: error -ENODEV: Cannot get usb endpoint(s) [ 285.048236][ T5872] usb 2-1: USB disconnect, device number 23 [ 285.788185][ T5870] usbhid 1-1:1.0: can't add hid device: -71 [ 285.805071][ T5870] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 286.175945][ T5870] usb 1-1: USB disconnect, device number 20 [ 287.950474][ T5870] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 288.120700][ T5870] usb 3-1: Using ep0 maxpacket: 16 [ 288.131903][ T8803] netlink: 'syz.0.759': attribute type 11 has an invalid length. [ 288.139891][ T5870] usb 3-1: config 0 has an invalid interface number: 251 but max is 0 [ 288.150293][ T30] audit: type=1326 audit(1742861581.556:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8802 comm="syz.0.759" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f252018d169 code=0x0 [ 288.179099][ T5870] usb 3-1: config 0 has no interface number 0 [ 288.199222][ T5870] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 288.235198][ T5870] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 288.264719][ T5870] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 288.276366][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.299983][ T5870] usb 3-1: Product: syz [ 288.315465][ T5870] usb 3-1: Manufacturer: syz [ 288.328024][ T5870] usb 3-1: SerialNumber: syz [ 288.347175][ T5870] usb 3-1: config 0 descriptor?? [ 288.364570][ T8798] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 288.372336][ T8798] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 288.600540][ T8798] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 288.622324][ T8798] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 288.858073][ T8798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.911862][ T8798] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.951029][ T5870] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 289.081346][ T5870] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71 [ 289.679985][ T5870] asix 3-1:0.251: probe with driver asix failed with error -5 [ 289.697945][ T5870] usb 3-1: USB disconnect, device number 21 [ 290.230435][ T5870] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 290.584428][ T5870] usb 3-1: Using ep0 maxpacket: 32 [ 290.609996][ T5870] usb 3-1: unable to get BOS descriptor or descriptor too short [ 290.636812][ T8859] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8859 comm=syz.4.769 [ 290.660994][ T5870] usb 3-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 290.687435][ T30] audit: type=1400 audit(1742861584.086:787): avc: denied { read } for pid=8853 comm="syz.4.769" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 290.727155][ T5870] usb 3-1: config 1 interface 0 has no altsetting 0 [ 290.743653][ T5870] usb 3-1: New USB device found, idVendor=056a, idProduct=0323, bcdDevice= 0.40 [ 290.758455][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.762616][ T8867] netlink: 56 bytes leftover after parsing attributes in process `syz.3.771'. [ 290.778652][ T5870] usb 3-1: Product: 骚罔꜃먙炽窃捠趐孩ᮌ⟲퇅ㅃ뙘㚿쥁Ԯ⑓乣䘻ꍆ炦囶橗毐맣ឣꟸ꣹絺ﻓ 館嫒攼쉑戢챠赂뤎궣晅撮᷈Ⱟ擷ꏕ뷧놖⍊᧋ㅧओ臰쾕t뒳啜득チ斮愸಴횡䖀焹锳芣⼟掗浰ꄓ臰뼳覨젌拮꺧귀찝냨ు窢ᖌ⚽⹻跟줺麇ὠ≸觩㦻꫚䤭稑풍᧷廉鰄쮽캳琣㊲恻㙶鰑칈✾㞥 [ 290.818958][ T30] audit: type=1400 audit(1742861584.176:788): avc: denied { setopt } for pid=8866 comm="syz.3.771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 290.839332][ T5870] usb 3-1: Manufacturer: 쁆ಹ뫝؉䐆뫬㿿鍷翏ᗓԛꝡᨠॺ甽茳ꨔ⎉敆챭覌౒爴먛އ㾍ﻞ棶☈㝱閥謐∬䦥㐶뵠悆꼔㤢띯㦍䓹慬휼龶긛滜㉩♿䒿䅼뽳⌠偞׈⭱鍿腴ᐗ삧䕊롟ᔯ䄇咲䆇䅃胿∌뽸鰑寅㲣鮜ậǺ䁾Ꮋ໅￟∼Ὅ౬裩ҟᓏ䢸륩냜笔젖譴閹⭤硃ꠚ [ 291.488063][ T8871] netlink: 'syz.3.773': attribute type 11 has an invalid length. [ 291.496275][ T5870] usbhid 3-1:1.0: can't add hid device: -71 [ 291.508247][ T30] audit: type=1326 audit(1742861584.906:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8870 comm="syz.3.773" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f67cfb8d169 code=0x0 [ 291.533972][ T5870] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 291.550542][ T5870] usb 3-1: USB disconnect, device number 22 [ 291.961634][ T8881] fuse: Bad value for 'fd' [ 293.895523][ T55] Bluetooth: hci4: command 0x0405 tx timeout [ 294.043453][ T8900] tipc: Enabling of bearer rejected, failed to enable media [ 296.289856][ T991] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 296.340134][ T30] audit: type=1400 audit(1742861589.736:790): avc: denied { create } for pid=8927 comm="syz.3.789" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 296.394958][ T8931] fuse: Bad value for 'fd' [ 296.470035][ T30] audit: type=1400 audit(1742861589.866:791): avc: denied { unlink } for pid=5828 comm="syz-executor" name="file0" dev="tmpfs" ino=769 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 296.492635][ C0] vkms_vblank_simulate: vblank timer overrun [ 298.573473][ T8958] tipc: Enabling of bearer rejected, failed to enable media [ 299.154683][ T8961] netlink: 156 bytes leftover after parsing attributes in process `syz.4.799'. [ 299.530568][ T1203] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 299.677905][ T8972] input: syz0 as /devices/virtual/input/input20 [ 299.743945][ T5194] udevd[5194]: worker [5833] terminated by signal 33 (Unknown signal 33) [ 299.750392][ T1203] usb 2-1: Using ep0 maxpacket: 16 [ 299.771614][ T5194] udevd[5194]: worker [5833] failed while handling '/devices/virtual/input/input20/event4' [ 299.774373][ T1203] usb 2-1: config 2 has an invalid interface number: 195 but max is 0 [ 299.824243][ T1203] usb 2-1: config 2 has no interface number 0 [ 299.841710][ T1203] usb 2-1: config 2 interface 195 has no altsetting 0 [ 299.863418][ T1203] usb 2-1: string descriptor 0 read error: -22 [ 299.869711][ T1203] usb 2-1: New USB device found, idVendor=17ef, idProduct=a387, bcdDevice= 3.04 [ 300.049378][ T1203] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.063892][ T1203] r8152-cfgselector 2-1: Unknown version 0x0000 [ 300.074476][ T5870] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 300.089144][ T8979] fuse: Bad value for 'fd' [ 300.251635][ T5870] usb 5-1: not running at top speed; connect to a high speed hub [ 300.266953][ T5870] usb 5-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 300.281723][ T5870] usb 5-1: config 1 interface 0 has no altsetting 0 [ 300.290156][ T5870] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 300.299989][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.308414][ T5870] usb 5-1: Product: ᡦ趏过猾绚䕊褍백䰮禽躬逤諔⏗贀詹倢夭ꖪ䜠棬낎荆鄚ᘞ瘒䂨뽯萖䣭髣侴켺焈ᴂꝧ虋셔梏苘䥤꼒뛰㹵꥜쮚뿔侽龮뫍窼㕍蘣໨俐驓矐苧옟鞲ꔢﳽ쭬釠萪 [ 300.349482][ T5872] r8152-cfgselector 2-1: USB disconnect, device number 24 [ 300.368068][ T5870] usb 5-1: Manufacturer: 庡悑ቯﮧ⮤ﱄ紿⣅꿧뾘Ҍ颩챜ꯏ궲஋笩ⳮ蜚苌抂릾◞㺷ಚ範僅엳뻺뼥䮪鿺嬈鷰㚔涟蓐㔗卖矂陸謯틲⨜㤭읔稊뀔ᶖ茬⛺蚮ⷀᬇ鋁竨х젬跣詉 [ 300.388989][ C0] vkms_vblank_simulate: vblank timer overrun [ 300.405015][ T5870] usb 5-1: SerialNumber: ю [ 300.490455][ T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 300.643158][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 300.661152][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.679598][ T9] usb 1-1: config 0 has no interfaces? [ 300.688858][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.721645][ T9] usb 1-1: config 0 has no interfaces? [ 300.787105][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.801287][ T9] usb 1-1: config 0 has no interfaces? [ 300.883184][ T5870] usb 5-1: USB disconnect, device number 24 [ 300.907341][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.966719][ T9] usb 1-1: config 0 has no interfaces? [ 301.041239][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=08b1, bcdDevice=6d.2a [ 301.059377][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.106028][ T9] usb 1-1: config 0 descriptor?? [ 301.377291][ T8983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 301.412944][ T8983] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 301.533203][ T1203] usb 1-1: USB disconnect, device number 21 [ 302.203953][ T36] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 303.594907][ T9019] hub 1-0:1.0: USB hub found [ 303.600683][ T9019] hub 1-0:1.0: 1 port detected [ 305.350466][ T5870] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 305.510407][ T9] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 305.519743][ T5870] usb 3-1: config index 0 descriptor too short (expected 81, got 44) [ 305.538048][ T30] audit: type=1400 audit(1742862051.939:792): avc: denied { write } for pid=9061 comm="syz.3.827" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 305.544013][ T9062] random: crng reseeded on system resumption [ 305.569566][ T5870] usb 3-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 305.604351][ T5870] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 305.622153][ T30] audit: type=1400 audit(1742862051.939:793): avc: denied { open } for pid=9061 comm="syz.3.827" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 305.649771][ T5870] usb 3-1: string descriptor 0 read error: -71 [ 305.657355][ T5870] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 305.666896][ T5870] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.692408][ T5870] usb 3-1: can't set config #1, error -71 [ 305.716355][ T5870] usb 3-1: USB disconnect, device number 23 [ 305.730548][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 305.739873][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 305.774510][ T9] usb 5-1: config 0 has no interfaces? [ 305.794241][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 305.814723][ T9] usb 5-1: config 0 has no interfaces? [ 305.829543][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 305.850021][ T9] usb 5-1: config 0 has no interfaces? [ 305.861561][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 305.872017][ T9] usb 5-1: config 0 has no interfaces? [ 305.877501][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=08b1, bcdDevice=6d.2a [ 305.937310][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.967154][ T9] usb 5-1: config 0 descriptor?? [ 306.068530][ T9062] netlink: 12 bytes leftover after parsing attributes in process `syz.3.827'. [ 306.260347][ T9] usb 2-1: new low-speed USB device number 25 using dummy_hcd [ 306.293602][ T9051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 306.357186][ T9051] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 306.450370][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 306.627924][ T9] usb 2-1: config 7 has an invalid interface number: 67 but max is 0 [ 306.638665][ T9] usb 2-1: config 7 has no interface number 0 [ 306.651528][ T9] usb 2-1: string descriptor 0 read error: -22 [ 306.699364][ T9] usb 2-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16 [ 306.714928][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.762609][ T1203] usb 5-1: USB disconnect, device number 25 [ 307.061431][ T9] usb 2-1: USB disconnect, device number 25 [ 308.376904][ T9101] netlink: 16 bytes leftover after parsing attributes in process `syz.1.835'. [ 308.552869][ T9109] smc: net device ip_vti0 applied user defined pnetid SYZ0 [ 308.564401][ T9110] netlink: 277 bytes leftover after parsing attributes in process `syz.0.838'. [ 309.064283][ T9109] smc: net device ip_vti0 erased user defined pnetid SYZ0 [ 309.099019][ T30] audit: type=1400 audit(1742862055.499:794): avc: denied { map } for pid=9114 comm="syz.1.840" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 309.596170][ T9115] unknown channel width for channel at 909000KHz? [ 309.611212][ T9115] unknown channel width for channel at 909000KHz? [ 309.618906][ T9115] unknown channel width for channel at 909000KHz? [ 309.634008][ T30] audit: type=1326 audit(1742862056.039:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9116 comm="syz.3.841" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f67cfb8d169 code=0x0 [ 310.842227][ T30] audit: type=1400 audit(1742862056.929:796): avc: denied { getopt } for pid=9140 comm="syz.3.846" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 310.999380][ T9149] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 312.175809][ T9167] 9pnet_fd: Insufficient options for proto=fd [ 312.490615][ T9] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 313.398284][ T9] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 313.410593][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.418627][ T9] usb 2-1: Product: syz [ 313.489271][ T9] usb 2-1: Manufacturer: syz [ 313.499171][ T9] usb 2-1: SerialNumber: syz [ 313.521419][ T9] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 313.541751][ T5870] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 313.594629][ T9194] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9194 comm=syz.2.857 [ 314.387757][ T5872] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 314.583535][ T5872] usb 5-1: Using ep0 maxpacket: 8 [ 314.614295][ C0] usb 2-1: ath: unknown panic pattern! [ 314.653507][ T5870] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 314.706722][ T5872] usb 5-1: too many configurations: 10, using maximum allowed: 8 [ 314.834772][ T5870] ath9k_htc: Failed to initialize the device [ 314.854117][ T5872] usb 5-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 314.861195][ T9165] netlink: 12 bytes leftover after parsing attributes in process `syz.1.851'. [ 314.872145][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.872171][ T5872] usb 5-1: Product: syz [ 314.872186][ T5872] usb 5-1: Manufacturer: syz [ 314.872200][ T5872] usb 5-1: SerialNumber: syz [ 314.879055][ T5872] usb 5-1: config 0 descriptor?? [ 314.933129][ T5870] usb 2-1: ath9k_htc: USB layer deinitialized [ 314.984559][ T45] usb 2-1: USB disconnect, device number 26 [ 314.985183][ T5872] radio-usb-si4713 5-1:0.0: Si4713 development board discovered: (10C4:8244) [ 315.635588][ T5872] radio-usb-si4713 5-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 315.679332][ T5872] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 315.712405][ T5872] usb 5-1: USB disconnect, device number 26 [ 315.914723][ T9221] input: syz0 as /devices/virtual/input/input21 [ 316.098037][ T30] audit: type=1400 audit(1742862062.499:797): avc: denied { append } for pid=9217 comm="syz.0.862" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 316.310381][ T1203] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 317.083034][ T1203] usb 4-1: config 0 has an invalid interface number: 33 but max is 0 [ 317.106322][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.106567][ T1203] usb 4-1: config 0 has no interface number 0 [ 317.143485][ T1203] usb 4-1: New USB device found, idVendor=2eca, idProduct=c101, bcdDevice=f6.9e [ 317.179731][ T1203] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.210422][ T1203] usb 4-1: Product: syz [ 317.214937][ T1203] usb 4-1: Manufacturer: syz [ 317.223334][ T1203] usb 4-1: SerialNumber: syz [ 317.243776][ T1203] usb 4-1: config 0 descriptor?? [ 317.367145][ T30] audit: type=1326 audit(1742862063.769:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9243 comm="syz.1.869" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7bf778d169 code=0x0 [ 317.585657][ T9250] smc: net device ip_vti0 applied user defined pnetid SYZ0 [ 317.596747][ T9250] smc: net device ip_vti0 erased user defined pnetid SYZ0 [ 317.680588][ T9252] FAULT_INJECTION: forcing a failure. [ 317.680588][ T9252] name failslab, interval 1, probability 0, space 0, times 0 [ 317.693459][ T9252] CPU: 0 UID: 0 PID: 9252 Comm: syz.0.871 Not tainted 6.14.0-syzkaller #0 [ 317.693481][ T9252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 317.693492][ T9252] Call Trace: [ 317.693497][ T9252] [ 317.693503][ T9252] dump_stack_lvl+0x16c/0x1f0 [ 317.693532][ T9252] should_fail_ex+0x50a/0x650 [ 317.693558][ T9252] ? fs_reclaim_acquire+0xae/0x150 [ 317.693584][ T9252] ? alloc_fs_context+0x57/0x9c0 [ 317.693600][ T9252] should_failslab+0xc2/0x120 [ 317.693619][ T9252] __kmalloc_cache_noprof+0x68/0x410 [ 317.693650][ T9252] alloc_fs_context+0x57/0x9c0 [ 317.693671][ T9252] path_mount+0xb08/0x1f10 [ 317.693691][ T9252] ? kmem_cache_free+0x2e2/0x4d0 [ 317.693707][ T9252] ? __pfx_path_mount+0x10/0x10 [ 317.693728][ T9252] ? putname+0x13c/0x180 [ 317.693751][ T9252] __x64_sys_mount+0x28f/0x310 [ 317.693776][ T9252] ? __pfx___x64_sys_mount+0x10/0x10 [ 317.693802][ T9252] do_syscall_64+0xcd/0x250 [ 317.693828][ T9252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.693852][ T9252] RIP: 0033:0x7f252018d169 [ 317.693865][ T9252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.693881][ T9252] RSP: 002b:00007f2520f7c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 317.693897][ T9252] RAX: ffffffffffffffda RBX: 00007f25203a6160 RCX: 00007f252018d169 [ 317.693908][ T9252] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 0000000000000000 [ 317.693918][ T9252] RBP: 00007f2520f7c090 R08: 0000200000000300 R09: 0000000000000000 [ 317.693936][ T9252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 317.693945][ T9252] R13: 0000000000000000 R14: 00007f25203a6160 R15: 00007fff02eab078 [ 317.693967][ T9252] [ 317.872721][ C0] vkms_vblank_simulate: vblank timer overrun [ 318.351029][ T30] audit: type=1400 audit(1742862064.759:799): avc: denied { ioctl } for pid=9260 comm="syz.2.873" path="socket:[22523]" dev="sockfs" ino=22523 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 318.351731][ T9263] netlink: 112 bytes leftover after parsing attributes in process `syz.2.873'. [ 318.559557][ T1203] kernel write not supported for file /dsp (pid: 1203 comm: kworker/1:2) [ 319.000342][ T9277] hub 1-0:1.0: USB hub found [ 319.005920][ T9277] hub 1-0:1.0: 1 port detected [ 319.371782][ T1203] usb 4-1: USB disconnect, device number 24 [ 319.376122][ T30] audit: type=1400 audit(1742862065.749:800): avc: denied { append } for pid=9274 comm="syz.2.877" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 319.401199][ C0] vkms_vblank_simulate: vblank timer overrun [ 319.811232][ T10] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 320.546039][ T10] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 320.574524][ T10] usb 3-1: config 0 has no interface number 0 [ 320.780421][ T10] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 320.860210][ T30] audit: type=1326 audit(1742862067.249:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.1.882" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7bf778d169 code=0x0 [ 320.928192][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.065399][ T10] usb 3-1: config 0 descriptor?? [ 321.087167][ T10] usb 3-1: selecting invalid altsetting 1 [ 321.115596][ T10] dvb_ttusb_budget: ttusb_init_controller: error [ 321.150313][ T10] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 321.175135][ T30] audit: type=1400 audit(1742862067.579:802): avc: denied { append } for pid=9300 comm="syz.0.883" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 321.439833][ T10] DVB: Unable to find symbol cx22700_attach() [ 321.891484][ T10] DVB: Unable to find symbol tda10046_attach() [ 321.936616][ T10] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 322.037416][ T10] usb 3-1: USB disconnect, device number 24 [ 322.110990][ T30] audit: type=1400 audit(1742862068.509:803): avc: denied { create } for pid=9325 comm="syz.3.889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 322.138707][ T9326] kvm: pic: non byte write [ 322.200344][ T30] audit: type=1400 audit(1742862068.519:804): avc: denied { bind } for pid=9325 comm="syz.3.889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 322.850344][ T30] audit: type=1400 audit(1742862069.249:805): avc: denied { read append } for pid=9329 comm="syz.3.890" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 322.923890][ T30] audit: type=1400 audit(1742862069.249:806): avc: denied { open } for pid=9329 comm="syz.3.890" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 322.948277][ T30] audit: type=1400 audit(1742862069.259:807): avc: denied { ioctl } for pid=9329 comm="syz.3.890" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4620 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 322.973888][ T30] audit: type=1400 audit(1742862069.279:808): avc: denied { read append } for pid=9329 comm="syz.3.890" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 322.999406][ T30] audit: type=1400 audit(1742862069.279:809): avc: denied { open } for pid=9329 comm="syz.3.890" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 323.063759][ T9332] netlink: 12 bytes leftover after parsing attributes in process `syz.2.891'. [ 323.862585][ T30] audit: type=1326 audit(1742862070.269:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9341 comm="syz.1.895" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7bf778d169 code=0x0 [ 324.154858][ T1167] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 324.921709][ T9365] netlink: 32 bytes leftover after parsing attributes in process `syz.3.902'. [ 326.405425][ T7127] wg1 speed is unknown, defaulting to 1000 [ 326.690823][ T9386] hub 1-0:1.0: USB hub found [ 326.696441][ T9386] hub 1-0:1.0: 1 port detected [ 327.083253][ T9389] FAULT_INJECTION: forcing a failure. [ 327.083253][ T9389] name failslab, interval 1, probability 0, space 0, times 0 [ 327.131816][ T9389] CPU: 1 UID: 0 PID: 9389 Comm: syz.0.906 Not tainted 6.14.0-syzkaller #0 [ 327.131842][ T9389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 327.131850][ T9389] Call Trace: [ 327.131855][ T9389] [ 327.131862][ T9389] dump_stack_lvl+0x16c/0x1f0 [ 327.131890][ T9389] should_fail_ex+0x50a/0x650 [ 327.131915][ T9389] ? fs_reclaim_acquire+0xae/0x150 [ 327.131941][ T9389] ? tomoyo_encode2+0x100/0x3e0 [ 327.131964][ T9389] should_failslab+0xc2/0x120 [ 327.131982][ T9389] __kmalloc_noprof+0xcb/0x510 [ 327.132001][ T9389] ? rcu_is_watching+0x12/0xc0 [ 327.132020][ T9389] tomoyo_encode2+0x100/0x3e0 [ 327.132046][ T9389] tomoyo_encode+0x29/0x50 [ 327.132068][ T9389] tomoyo_realpath_from_path+0x19d/0x720 [ 327.132103][ T9389] ? tomoyo_path_number_perm+0x235/0x590 [ 327.132128][ T9389] tomoyo_path_number_perm+0x248/0x590 [ 327.132148][ T9389] ? tomoyo_path_number_perm+0x235/0x590 [ 327.132171][ T9389] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 327.132218][ T9389] ? __pfx_lock_release+0x10/0x10 [ 327.132240][ T9389] ? trace_lock_acquire+0x14e/0x1f0 [ 327.132263][ T9389] ? lock_acquire+0x2f/0xb0 [ 327.132284][ T9389] ? __fget_files+0x40/0x3a0 [ 327.132304][ T9389] ? __fget_files+0x206/0x3a0 [ 327.132324][ T9389] security_file_ioctl+0x9b/0x240 [ 327.132349][ T9389] __x64_sys_ioctl+0xb7/0x200 [ 327.132375][ T9389] do_syscall_64+0xcd/0x250 [ 327.132401][ T9389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.132424][ T9389] RIP: 0033:0x7f252018d169 [ 327.132437][ T9389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.132453][ T9389] RSP: 002b:00007f2520f9d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 327.132469][ T9389] RAX: ffffffffffffffda RBX: 00007f25203a6080 RCX: 00007f252018d169 [ 327.132480][ T9389] RDX: 0000200000000480 RSI: 00000000c0502100 RDI: 0000000000000005 [ 327.132490][ T9389] RBP: 00007f2520f9d090 R08: 0000000000000000 R09: 0000000000000000 [ 327.132500][ T9389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 327.132510][ T9389] R13: 0000000000000000 R14: 00007f25203a6080 R15: 00007fff02eab078 [ 327.132533][ T9389] [ 327.132546][ T9389] ERROR: Out of memory at tomoyo_realpath_from_path. [ 327.383941][ T30] audit: type=1326 audit(1742862073.779:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9379 comm="syz.0.906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f252018d169 code=0x7fc00000 [ 327.420547][ T1203] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 327.583125][ T1203] usb 4-1: Using ep0 maxpacket: 32 [ 327.598168][ T1203] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 327.620663][ T1203] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 328.027700][ T1203] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 328.039109][ T45] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 328.100769][ T1203] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 328.158508][ T1203] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 328.186260][ T1203] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.199341][ T1203] usb 4-1: Product: syz [ 328.230395][ T45] usb 3-1: device descriptor read/64, error -71 [ 328.270668][ T1203] usb 4-1: Manufacturer: syz [ 328.275375][ T1203] usb 4-1: SerialNumber: syz [ 328.363517][ T30] audit: type=1326 audit(1742862074.769:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9404 comm="syz.4.912" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4f19d8d169 code=0x0 [ 328.521366][ T45] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 328.661608][ T45] usb 3-1: device descriptor read/64, error -71 [ 328.774223][ T45] usb usb3-port1: attempt power cycle [ 329.363314][ T30] audit: type=1400 audit(1742862075.769:813): avc: denied { getopt } for pid=9419 comm="syz.4.917" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 329.457269][ T1203] cdc_ncm 4-1:1.0: bind() failure [ 329.550584][ T10] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 329.795237][ T45] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 329.806864][ T1203] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 329.831083][ T45] usb 3-1: device descriptor read/8, error -71 [ 329.838205][ T1203] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 329.849393][ T1203] usbtest 4-1:1.1: probe with driver usbtest failed with error -71 [ 329.864914][ T1203] usb 4-1: USB disconnect, device number 25 [ 329.873655][ T10] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 330.152100][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.220609][ T45] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 330.221306][ T10] usb 1-1: Product: syz [ 330.237646][ T10] usb 1-1: Manufacturer: syz [ 330.242588][ T10] usb 1-1: SerialNumber: syz [ 330.269961][ T10] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 330.281257][ T45] usb 3-1: device descriptor read/8, error -71 [ 330.284536][ T5872] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 330.360389][ T5870] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 330.390623][ T45] usb usb3-port1: unable to enumerate USB device [ 330.528410][ T5870] usb 5-1: Using ep0 maxpacket: 8 [ 330.544206][ T5870] usb 5-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 330.557422][ T5870] usb 5-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0 [ 330.567569][ T5870] usb 5-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 330.581572][ T5870] usb 5-1: config 0 interface 0 has no altsetting 0 [ 330.589504][ T5870] usb 5-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00 [ 330.600327][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.617263][ T5870] usb 5-1: config 0 descriptor?? [ 330.739739][ C0] usb 1-1: ath: unknown panic pattern! [ 330.794710][ T9446] netlink: 16 bytes leftover after parsing attributes in process `syz.1.926'. [ 330.803960][ T9446] netlink: 60 bytes leftover after parsing attributes in process `syz.1.926'. [ 330.888926][ T9448] netlink: 40 bytes leftover after parsing attributes in process `syz.1.928'. [ 330.951380][ T9416] netlink: 12 bytes leftover after parsing attributes in process `syz.0.915'. [ 330.970678][ T45] usb 1-1: USB disconnect, device number 22 [ 331.055020][ T9452] netlink: 56 bytes leftover after parsing attributes in process `syz.1.928'. [ 331.349613][ T5872] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 331.414759][ T5872] ath9k_htc: Failed to initialize the device [ 331.444442][ T45] usb 1-1: ath9k_htc: USB layer deinitialized [ 331.474803][ T9454] overlayfs: failed to resolve './file1': -2 [ 332.004786][ T9461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 332.497972][ T5870] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 332.505358][ T5870] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 332.513101][ T5870] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 332.520548][ T5870] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 332.527620][ T5870] chicony 0003:04F2:1421.0009: unknown main item tag 0x0 [ 332.546985][ T9461] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 332.555156][ T5870] chicony 0003:04F2:1421.0009: hidraw0: USB HID v0.02 Device [HID 04f2:1421] on usb-dummy_hcd.4-1/input0 [ 333.045692][ T45] usb 5-1: USB disconnect, device number 27 [ 335.088304][ T9498] hub 1-0:1.0: USB hub found [ 335.096493][ T9498] hub 1-0:1.0: 1 port detected [ 336.703281][ T30] audit: type=1400 audit(1742862083.099:814): avc: denied { ioctl } for pid=9527 comm="syz.3.948" path="socket:[24229]" dev="sockfs" ino=24229 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 336.735294][ T9526] smc: net device ip_vti0 applied user defined pnetid SYZ0 [ 336.755137][ T9532] netlink: 'syz.3.948': attribute type 1 has an invalid length. [ 336.804887][ T1167] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 336.805231][ T9532] 8021q: adding VLAN 0 to HW filter on device bond1 [ 336.848362][ T9528] bond1: (slave gretap1): making interface the new active one [ 336.859392][ T9528] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 336.876578][ T30] audit: type=1400 audit(1742862083.279:815): avc: denied { listen } for pid=9527 comm="syz.3.948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 338.192366][ T9526] smc: net device ip_vti0 erased user defined pnetid SYZ0 [ 338.699833][ T5870] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 338.860451][ T5870] usb 4-1: Using ep0 maxpacket: 16 [ 339.032781][ T9561] hub 1-0:1.0: USB hub found [ 339.040840][ T9561] hub 1-0:1.0: 1 port detected [ 339.391360][ T5870] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 185, changing to 7 [ 339.460512][ T5870] usb 4-1: config 1 interface 1 has no altsetting 0 [ 339.484635][ T5870] usb 4-1: string descriptor 0 read error: -22 [ 339.509120][ T5870] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 339.535160][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.659364][ T5870] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 339.680318][ T5870] usb 4-1: 2:1 : sample bitwidth 128 in over sample bytes 4 [ 339.687655][ T5870] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 341.043655][ T9588] hub 1-0:1.0: USB hub found [ 341.048941][ T9588] hub 1-0:1.0: 1 port detected [ 341.946807][ T5870] usb 4-1: USB disconnect, device number 26 [ 342.075973][ T30] audit: type=1400 audit(1742862088.469:816): avc: denied { create } for pid=9597 comm="syz.0.962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 342.832411][ T30] audit: type=1400 audit(1742862088.469:817): avc: denied { bind } for pid=9597 comm="syz.0.962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 342.868557][ T9607] smc: net device ip_vti0 applied user defined pnetid SYZ0 [ 342.876692][ T9607] smc: net device ip_vti0 erased user defined pnetid SYZ0 [ 342.980874][ T5978] udevd[5978]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 343.823609][ T5873] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 343.991597][ T9623] netlink: 'syz.3.969': attribute type 1 has an invalid length. [ 343.999358][ T9623] netlink: 224 bytes leftover after parsing attributes in process `syz.3.969'. [ 344.019668][ T9625] Lens B: ================= START STATUS ================= [ 344.032477][ T5873] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 344.049921][ T5873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.050398][ T9625] Lens B: Focus, Absolute: [ 344.078746][ T5873] usb 2-1: Product: syz [ 344.087707][ T5873] usb 2-1: Manufacturer: syz [ 344.088822][ T9625] 0 [ 344.097738][ T5873] usb 2-1: SerialNumber: syz [ 344.100484][ T9625] [ 344.123971][ T5873] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 344.137101][ T5870] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 344.163428][ T9625] Lens B: ================== END STATUS ================== [ 344.163788][ T30] audit: type=1400 audit(1742862090.569:818): avc: denied { wake_alarm } for pid=9624 comm="syz.2.971" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 344.619017][ T30] audit: type=1400 audit(1742862091.019:819): avc: denied { checkpoint_restore } for pid=9624 comm="syz.2.971" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 344.619081][ C0] usb 2-1: ath: unknown panic pattern! [ 344.831783][ T30] audit: type=1400 audit(1742862091.019:820): avc: denied { setopt } for pid=9624 comm="syz.2.971" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 344.843037][ T9609] netlink: 12 bytes leftover after parsing attributes in process `syz.1.966'. [ 345.342428][ T5870] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 345.372599][ T5870] ath9k_htc: Failed to initialize the device [ 345.419047][ T5873] usb 2-1: USB disconnect, device number 27 [ 345.433537][ T5873] usb 2-1: ath9k_htc: USB layer deinitialized [ 345.477722][ T9641] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 346.619612][ T9659] smc: net device ip_vti0 applied user defined pnetid SYZ0 [ 346.711920][ T9659] smc: net device ip_vti0 erased user defined pnetid SYZ0 [ 349.050139][ T9691] FAULT_INJECTION: forcing a failure. [ 349.050139][ T9691] name failslab, interval 1, probability 0, space 0, times 0 [ 349.063351][ T9691] CPU: 0 UID: 0 PID: 9691 Comm: syz.4.988 Not tainted 6.14.0-syzkaller #0 [ 349.063372][ T9691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 349.063382][ T9691] Call Trace: [ 349.063387][ T9691] [ 349.063394][ T9691] dump_stack_lvl+0x16c/0x1f0 [ 349.063424][ T9691] should_fail_ex+0x50a/0x650 [ 349.063449][ T9691] ? fs_reclaim_acquire+0xae/0x150 [ 349.063476][ T9691] ? shrinker_alloc+0xfb/0xbb0 [ 349.063499][ T9691] should_failslab+0xc2/0x120 [ 349.063519][ T9691] __kmalloc_cache_noprof+0x68/0x410 [ 349.063545][ T9691] ? lockdep_hardirqs_on+0x7c/0x110 [ 349.063572][ T9691] shrinker_alloc+0xfb/0xbb0 [ 349.063594][ T9691] ? mark_held_locks+0x9f/0xe0 [ 349.063619][ T9691] ? irqentry_exit+0x3b/0x90 [ 349.063640][ T9691] ? lockdep_hardirqs_on+0x7c/0x110 [ 349.063666][ T9691] ? __pfx_shrinker_alloc+0x10/0x10 [ 349.063695][ T9691] ? lockdep_init_map_type+0x16d/0x7d0 [ 349.063723][ T9691] ? __raw_spin_lock_init+0x3a/0x110 [ 349.063739][ T9691] ? __init_rwsem+0x12d/0x1b0 [ 349.063767][ T9691] alloc_super+0x7cc/0xbd0 [ 349.063798][ T9691] sget+0x11b/0x760 [ 349.063822][ T9691] ? __pfx_set_anon_super+0x10/0x10 [ 349.063846][ T9691] ? __pfx_devpts_fill_super+0x10/0x10 [ 349.063870][ T9691] mount_nodev+0x30/0x120 [ 349.063900][ T9691] ? __pfx_devpts_mount+0x10/0x10 [ 349.063920][ T9691] legacy_get_tree+0x109/0x220 [ 349.063939][ T9691] vfs_get_tree+0x8b/0x340 [ 349.063961][ T9691] vfs_cmd_create+0xd7/0x2a0 [ 349.063982][ T9691] __do_sys_fsconfig+0x7ba/0xbe0 [ 349.064004][ T9691] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 349.064037][ T9691] do_syscall_64+0xcd/0x250 [ 349.064062][ T9691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.064085][ T9691] RIP: 0033:0x7f4f19d8d169 [ 349.064098][ T9691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.064114][ T9691] RSP: 002b:00007f4f1ab55038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 349.064131][ T9691] RAX: ffffffffffffffda RBX: 00007f4f19fa6160 RCX: 00007f4f19d8d169 [ 349.064142][ T9691] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 349.064151][ T9691] RBP: 00007f4f1ab55090 R08: 0000000000000000 R09: 0000000000000000 [ 349.064161][ T9691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.064171][ T9691] R13: 0000000000000000 R14: 00007f4f19fa6160 R15: 00007fff19ddd538 [ 349.064195][ T9691] [ 349.462619][ T9700] FAULT_INJECTION: forcing a failure. [ 349.462619][ T9700] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 349.477874][ T9700] CPU: 0 UID: 0 PID: 9700 Comm: syz.3.991 Not tainted 6.14.0-syzkaller #0 [ 349.477897][ T9700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 349.477907][ T9700] Call Trace: [ 349.477912][ T9700] [ 349.477918][ T9700] dump_stack_lvl+0x16c/0x1f0 [ 349.477948][ T9700] should_fail_ex+0x50a/0x650 [ 349.477978][ T9700] _copy_to_user+0x32/0xd0 [ 349.477997][ T9700] simple_read_from_buffer+0xd0/0x160 [ 349.478024][ T9700] proc_fail_nth_read+0x198/0x270 [ 349.478046][ T9700] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 349.478071][ T9700] ? rw_verify_area+0xcf/0x680 [ 349.478093][ T9700] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 349.478116][ T9700] vfs_read+0x1df/0xbf0 [ 349.478141][ T9700] ? __fget_files+0x1fc/0x3a0 [ 349.478158][ T9700] ? __pfx___mutex_lock+0x10/0x10 [ 349.478181][ T9700] ? __pfx_vfs_read+0x10/0x10 [ 349.478212][ T9700] ? __fget_files+0x206/0x3a0 [ 349.478235][ T9700] ksys_read+0x12b/0x250 [ 349.478259][ T9700] ? __pfx_ksys_read+0x10/0x10 [ 349.478289][ T9700] do_syscall_64+0xcd/0x250 [ 349.478313][ T9700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.478335][ T9700] RIP: 0033:0x7f67cfb8bb7c [ 349.478349][ T9700] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 349.478365][ T9700] RSP: 002b:00007f67d095a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 349.478380][ T9700] RAX: ffffffffffffffda RBX: 00007f67cfda5fa0 RCX: 00007f67cfb8bb7c [ 349.478390][ T9700] RDX: 000000000000000f RSI: 00007f67d095a0a0 RDI: 0000000000000004 [ 349.478399][ T9700] RBP: 00007f67d095a090 R08: 0000000000000000 R09: 0000000000000000 [ 349.478409][ T9700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.478418][ T9700] R13: 0000000000000000 R14: 00007f67cfda5fa0 R15: 00007ffdf635e668 [ 349.478439][ T9700] [ 350.657022][ T8057] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 350.691038][ T30] audit: type=1400 audit(1742862097.079:821): avc: denied { mounton } for pid=9718 comm="syz.3.995" path="/194/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 350.954817][ T54] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 351.540430][ T9734] netlink: 180 bytes leftover after parsing attributes in process `syz.1.999'. [ 351.978506][ T30] audit: type=1400 audit(1742862098.379:822): avc: denied { write } for pid=9738 comm="syz.4.1003" path="socket:[24696]" dev="sockfs" ino=24696 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 354.471188][ T5873] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 354.691826][ T5873] usb 3-1: Using ep0 maxpacket: 32 [ 354.715068][ T5873] usb 3-1: unable to get BOS descriptor or descriptor too short [ 354.736074][ T5873] usb 3-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 355.322071][ T5873] usb 3-1: config 1 interface 0 has no altsetting 0 [ 355.333671][ T5873] usb 3-1: New USB device found, idVendor=056a, idProduct=0323, bcdDevice= 0.40 [ 355.417655][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.447815][ T5873] usb 3-1: Product: 骚罔꜃먙炽窃捠趐孩ᮌ⟲퇅ㅃ뙘㚿쥁Ԯ⑓乣䘻ꍆ炦囶橗毐맣ឣꟸ꣹絺ﻓ 館嫒攼쉑戢챠赂뤎궣晅撮᷈Ⱟ擷ꏕ뷧놖⍊᧋ㅧओ臰쾕t뒳啜득チ斮愸಴횡䖀焹锳芣⼟掗浰ꄓ臰뼳覨젌拮꺧귀찝냨ు窢ᖌ⚽⹻跟줺麇ὠ≸觩㦻꫚䤭稑풍᧷廉鰄쮽캳琣㊲恻㙶鰑칈✾㞥 [ 355.569653][ T5873] usb 3-1: Manufacturer: 쁆ಹ뫝؉䐆뫬㿿鍷翏ᗓԛꝡᨠॺ甽茳ꨔ⎉敆챭覌౒爴먛އ㾍ﻞ棶☈㝱閥謐∬䦥㐶뵠悆꼔㤢띯㦍䓹慬휼龶긛滜㉩♿䒿䅼뽳⌠偞׈⭱鍿腴ᐗ삧䕊롟ᔯ䄇咲䆇䅃胿∌뽸鰑寅㲣鮜ậǺ䁾Ꮋ໅￟∼Ὅ౬裩ҟᓏ䢸륩냜笔젖譴閹⭤硃ꠚ [ 355.653849][ T5873] usb 3-1: SerialNumber: Ც㕐裱钦⊮踚㊱꧛泮鍜㢎諦꧅꼝ǔ崶઺ඃ㗕췻뎢㢰Ƞ퇰軪鈥媋䆋ٹ矡欂㡬탯લパ [ 355.761403][ T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 356.390517][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 356.409968][ T10] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 356.420066][ T10] usb 5-1: config 0 has an invalid descriptor of length 192, skipping remainder of the config [ 356.432700][ T5873] usbhid 3-1:1.0: can't add hid device: -71 [ 356.438629][ T5873] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 356.505530][ T10] usb 5-1: config 0 has no interface number 0 [ 356.516601][ T5873] usb 3-1: USB disconnect, device number 29 [ 356.537667][ T10] usb 5-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 40369, setting to 1024 [ 356.564764][ T10] usb 5-1: config 0 interface 67 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024 [ 356.574999][ T10] usb 5-1: config 0 interface 67 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 356.596393][ T10] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 356.607471][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.657209][ T10] usb 5-1: Product: syz [ 356.672889][ T10] usb 5-1: Manufacturer: syz [ 356.680649][ T10] usb 5-1: SerialNumber: syz [ 356.693018][ T10] usb 5-1: config 0 descriptor?? [ 356.703307][ T9787] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 356.724477][ T10] smsc95xx v2.0.0 [ 356.731858][ T10] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 356.742181][ T10] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 358.619621][ T1203] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 358.833107][ T1203] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 358.942195][ T5872] usb 5-1: USB disconnect, device number 28 [ 359.010313][ T1203] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.044005][ T1203] usb 4-1: config 0 descriptor?? [ 359.053002][ T1203] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 359.287710][ T1203] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 359.680373][ T30] audit: type=1400 audit(1742862106.039:823): avc: denied { nlmsg_read } for pid=9835 comm="syz.2.1029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 359.838813][ T1107] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 359.868708][ T1203] gspca_cpia1: usb_control_msg 02, error -71 [ 359.877986][ T1203] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0) [ 359.879921][ T1203] usb 4-1: USB disconnect, device number 27 [ 362.193772][ T30] audit: type=1326 audit(1742862108.519:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9863 comm="syz.1.1037" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7bf778d169 code=0x0 [ 366.252950][ T30] audit: type=1400 audit(1742862112.119:825): avc: denied { write } for pid=9909 comm="syz.3.1049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 366.779484][ T9920] tipc: Enabling of bearer rejected, failed to enable media [ 369.200611][ T5907] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 369.208447][ T1203] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 369.454339][ T9956] netlink: 'syz.2.1064': attribute type 1 has an invalid length. [ 369.464733][ T9956] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1064'. [ 369.482084][ T5907] usb 2-1: Using ep0 maxpacket: 32 [ 369.495685][ T5907] usb 2-1: unable to get BOS descriptor or descriptor too short [ 369.506975][ T1203] usb 1-1: Using ep0 maxpacket: 32 [ 369.544616][ T5907] usb 2-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 369.564323][ T1203] usb 1-1: unable to get BOS descriptor or descriptor too short [ 369.573600][ T5907] usb 2-1: config 1 interface 0 has no altsetting 0 [ 369.586240][ T1203] usb 1-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 369.599313][ T1203] usb 1-1: config 1 interface 0 has no altsetting 0 [ 369.608524][ T5907] usb 2-1: New USB device found, idVendor=056a, idProduct=0323, bcdDevice= 0.40 [ 369.617658][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.636873][ T5907] usb 2-1: Product: 骚罔꜃먙炽窃捠趐孩ᮌ⟲퇅ㅃ뙘㚿쥁Ԯ⑓乣䘻ꍆ炦囶橗毐맣ឣꟸ꣹絺ﻓ 館嫒攼쉑戢챠赂뤎궣晅撮᷈Ⱟ擷ꏕ뷧놖⍊᧋ㅧओ臰쾕t뒳啜득チ斮愸಴횡䖀焹锳芣⼟掗浰ꄓ臰뼳覨젌拮꺧귀찝냨ు窢ᖌ⚽⹻跟줺麇ὠ≸觩㦻꫚䤭稑풍᧷廉鰄쮽캳琣㊲恻㙶鰑칈✾㞥 [ 369.637145][ T1203] usb 1-1: New USB device found, idVendor=056a, idProduct=0323, bcdDevice= 0.40 [ 369.682552][ T5907] usb 2-1: Manufacturer: 쁆ಹ뫝؉䐆뫬㿿鍷翏ᗓԛꝡᨠॺ甽茳ꨔ⎉敆챭覌౒爴먛އ㾍ﻞ棶☈㝱閥謐∬䦥㐶뵠悆꼔㤢띯㦍䓹慬휼龶긛滜㉩♿䒿䅼뽳⌠偞׈⭱鍿腴ᐗ삧䕊롟ᔯ䄇咲䆇䅃胿∌뽸鰑寅㲣鮜ậǺ䁾Ꮋ໅￟∼Ὅ౬裩ҟᓏ䢸륩냜笔젖譴閹⭤硃ꠚ [ 369.765225][ T5907] usb 2-1: SerialNumber: Ც㕐裱钦⊮踚㊱꧛泮鍜㢎諦꧅꼝ǔ崶઺ඃ㗕췻뎢㢰Ƞ퇰軪鈥媋䆋ٹ矡欂㡬탯લパᛧ [ 369.780502][ T1203] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.791443][ T1203] usb 1-1: Product: 骚罔꜃먙炽窃捠趐孩ᮌ⟲퇅ㅃ뙘㚿쥁Ԯ⑓乣䘻ꍆ炦囶橗毐맣ឣꟸ꣹絺ﻓ 館嫒攼쉑戢챠赂뤎궣晅撮᷈Ⱟ擷ꏕ뷧놖⍊᧋ㅧओ臰쾕t뒳啜득チ斮愸಴횡䖀焹锳芣⼟掗浰ꄓ臰뼳覨젌拮꺧귀찝냨ు窢ᖌ⚽⹻跟줺麇ὠ≸觩㦻꫚䤭稑풍᧷廉鰄쮽캳琣㊲恻㙶鰑칈✾㞥 [ 369.919988][ T1203] usb 1-1: Manufacturer: 쁆ಹ뫝؉䐆뫬㿿鍷翏ᗓԛꝡᨠॺ甽茳ꨔ⎉敆챭覌౒爴먛އ㾍ﻞ棶☈㝱閥謐∬䦥㐶뵠悆꼔㤢띯㦍䓹慬휼龶긛滜㉩♿䒿䅼뽳⌠偞׈⭱鍿腴ᐗ삧䕊롟ᔯ䄇咲䆇䅃胿∌뽸鰑寅㲣鮜ậǺ䁾Ꮋ໅￟∼Ὅ౬裩ҟᓏ䢸륩냜笔젖譴閹⭤硃ꠚ [ 369.960695][ T1203] usb 1-1: SerialNumber: Ც㕐裱钦⊮踚㊱꧛泮鍜㢎諦꧅꼝ǔ崶઺ඃ㗕췻뎢㢰Ƞ퇰軪鈥媋䆋ٹ矡欂㡬탯લパᛧ [ 370.130942][ T10] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 370.147484][ T9965] netlink: 'syz.2.1068': attribute type 11 has an invalid length. [ 370.350279][ T30] audit: type=1326 audit(1742862116.579:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9963 comm="syz.2.1068" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fae0fd8d169 code=0x0 [ 370.462456][ T1203] usbhid 1-1:1.0: can't add hid device: -71 [ 370.481871][ T10] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 370.500443][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.504478][ T1203] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 370.527361][ T10] usb 5-1: Product: syz [ 370.548191][ T1203] usb 1-1: USB disconnect, device number 23 [ 370.640789][ T10] usb 5-1: Manufacturer: syz [ 370.690109][ T10] usb 5-1: SerialNumber: syz [ 370.714674][ T10] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 370.735428][ T5872] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 370.828093][ T5907] usbhid 2-1:1.0: can't add hid device: -71 [ 370.834947][ T5907] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 370.890488][ T5907] usb 2-1: USB disconnect, device number 28 [ 370.953572][ C0] usb 5-1: ath: unknown panic pattern! [ 371.216016][ T9962] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1067'. [ 371.241823][ T5907] usb 5-1: USB disconnect, device number 29 [ 371.827222][ T5872] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 371.858097][ T5872] ath9k_htc: Failed to initialize the device [ 371.871181][ T9981] netlink: zone id is out of range [ 371.905165][ T5907] usb 5-1: ath9k_htc: USB layer deinitialized [ 371.946207][ T9981] netlink: set zone limit has 4 unknown bytes [ 373.266156][T10012] Failed to initialize the IGMP autojoin socket (err -2) [ 373.290503][ T30] audit: type=1400 audit(1742862119.669:827): avc: denied { execute } for pid=10008 comm="syz.4.1079" path="/dev/audio1" dev="devtmpfs" ino=1292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 376.364809][T10040] kvm: kvm [10039]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x9f [ 376.660329][ T1203] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 376.760381][ T5907] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 376.923417][ T5907] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 377.143978][ T1203] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 377.158066][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.176490][ T1203] usb 2-1: config 0 has no interface number 0 [ 377.185199][ T5907] usb 5-1: Product: syz [ 377.190470][ T5907] usb 5-1: Manufacturer: syz [ 377.198689][ T5907] usb 5-1: SerialNumber: syz [ 377.206057][ T1203] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 377.218948][ T1203] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 377.245202][ T5907] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 377.254932][ T1203] usb 2-1: Product: syz [ 377.261588][ T1203] usb 2-1: SerialNumber: syz [ 377.269511][ T5822] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 377.290652][ T1203] usb 2-1: config 0 descriptor?? [ 377.300375][ T1203] cm109 2-1:0.8: invalid payload size 8, expected 4 [ 377.311265][ T1203] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input22 [ 377.860174][ C1] usb 5-1: ath: unknown panic pattern! [ 377.911055][ C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 377.913096][ T5873] usb 2-1: USB disconnect, device number 29 [ 377.918304][ C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 377.962260][ T5873] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 378.073280][T10046] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1089'. [ 378.097100][ T5907] usb 5-1: USB disconnect, device number 30 [ 378.221584][ T10] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 378.310692][ T5822] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 378.318248][ T5822] ath9k_htc: Failed to initialize the device [ 378.325888][ T5907] usb 5-1: ath9k_htc: USB layer deinitialized [ 378.374663][ T10] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 378.384813][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.393955][ T10] usb 4-1: Product: syz [ 378.398770][ T10] usb 4-1: Manufacturer: syz [ 378.403800][ T10] usb 4-1: SerialNumber: syz [ 378.421573][ T5873] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 378.429477][ T10] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 378.445285][ T5872] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 378.546124][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.580400][ T5873] usb 3-1: Using ep0 maxpacket: 8 [ 378.590009][ T5873] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 378.598708][ T5873] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 378.609587][ T5873] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 378.619100][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.852034][ C0] usb 4-1: ath: unknown panic pattern! [ 379.307686][T10055] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1092'. [ 379.437081][ T5873] usb 4-1: USB disconnect, device number 28 [ 379.500590][ T5872] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 379.549422][ T5872] ath9k_htc: Failed to initialize the device [ 379.574730][ T5873] usb 4-1: ath9k_htc: USB layer deinitialized [ 381.561665][ T10] usb 3-1: USB disconnect, device number 30 [ 381.827424][T10109] netlink: 'syz.3.1106': attribute type 1 has an invalid length. [ 381.970759][T10109] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1106'. [ 382.728684][ T5822] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 383.174213][ T5822] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 383.196354][ T5822] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.204973][ T5822] usb 2-1: Product: syz [ 383.209272][ T5822] usb 2-1: Manufacturer: syz [ 383.239253][ T5822] usb 2-1: SerialNumber: syz [ 383.267728][ T5822] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 383.563692][ T1203] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 384.214049][T10115] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1109'. [ 384.216508][ C1] usb 2-1: ath: unknown panic pattern! [ 384.491850][ T5822] usb 2-1: USB disconnect, device number 30 [ 384.702039][T10137] 9pnet_virtio: no channels available for device c::: [ 384.760123][ T5873] libceph: mon0 (1)[b::]:6789 connect error [ 384.787667][ T30] audit: type=1400 audit(1742862131.189:828): avc: denied { mount } for pid=10138 comm="syz.0.1118" name="/" dev="9p" ino=1694025360095192279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 384.841452][T10140] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1118'. [ 384.901384][ T30] audit: type=1400 audit(1742862131.229:829): avc: denied { setattr } for pid=10138 comm="syz.0.1118" name="/" dev="9p" ino=1694025360095192279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 384.968617][ T30] audit: type=1400 audit(1742862131.369:830): avc: denied { unmount } for pid=5816 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 385.053870][ T5873] libceph: mon0 (1)[b::]:6789 connect error [ 385.260792][ T1203] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 385.273697][ T1203] ath9k_htc: Failed to initialize the device [ 385.280022][T10153] FAULT_INJECTION: forcing a failure. [ 385.280022][T10153] name failslab, interval 1, probability 0, space 0, times 0 [ 385.463731][T10137] ceph: No mds server is up or the cluster is laggy [ 385.596793][ T5873] libceph: mon0 (1)[b::]:6789 connect error [ 385.911109][ T5822] usb 2-1: ath9k_htc: USB layer deinitialized [ 385.925720][T10153] CPU: 1 UID: 0 PID: 10153 Comm: syz.1.1121 Not tainted 6.14.0-syzkaller #0 [ 385.925738][T10153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 385.925745][T10153] Call Trace: [ 385.925749][T10153] [ 385.925753][T10153] dump_stack_lvl+0x16c/0x1f0 [ 385.925773][T10153] should_fail_ex+0x50a/0x650 [ 385.925790][T10153] ? fs_reclaim_acquire+0xae/0x150 [ 385.925807][T10153] should_failslab+0xc2/0x120 [ 385.925819][T10153] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 385.925831][T10153] ? __alloc_skb+0x2b1/0x380 [ 385.925849][T10153] __alloc_skb+0x2b1/0x380 [ 385.925863][T10153] ? __pfx___alloc_skb+0x10/0x10 [ 385.925878][T10153] ? __mutex_trylock_common+0x80/0x250 [ 385.925894][T10153] ? __pfx___mutex_trylock_common+0x10/0x10 [ 385.925910][T10153] ? __netlink_dump_start+0x154/0x970 [ 385.925926][T10153] netlink_dump+0x699/0xd00 [ 385.925941][T10153] ? __mutex_lock+0x1cc/0xb10 [ 385.925956][T10153] ? __pfx_netlink_dump+0x10/0x10 [ 385.925969][T10153] ? __netlink_dump_start+0x154/0x970 [ 385.925988][T10153] ? netlink_lookup+0x259/0x520 [ 385.926002][T10153] ? __pfx_netlink_lookup+0x10/0x10 [ 385.926019][T10153] __netlink_dump_start+0x6ca/0x970 [ 385.926035][T10153] ? __pfx_rtm_dump_nexthop+0x10/0x10 [ 385.926048][T10153] rtnetlink_rcv_msg+0xb44/0xea0 [ 385.926065][T10153] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 385.926081][T10153] ? __pfx_rtnl_dumpit+0x10/0x10 [ 385.926092][T10153] ? __pfx_rtm_dump_nexthop+0x10/0x10 [ 385.926108][T10153] netlink_rcv_skb+0x16b/0x440 [ 385.926123][T10153] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 385.926139][T10153] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 385.926162][T10153] ? netlink_deliver_tap+0x1ae/0xd30 [ 385.926178][T10153] netlink_unicast+0x53c/0x7f0 [ 385.926194][T10153] ? __pfx_netlink_unicast+0x10/0x10 [ 385.926213][T10153] netlink_sendmsg+0x8b8/0xd70 [ 385.926230][T10153] ? __pfx_netlink_sendmsg+0x10/0x10 [ 385.926250][T10153] ____sys_sendmsg+0xaaf/0xc90 [ 385.926262][T10153] ? copy_msghdr_from_user+0x10b/0x160 [ 385.926278][T10153] ? __pfx_____sys_sendmsg+0x10/0x10 [ 385.926296][T10153] ___sys_sendmsg+0x135/0x1e0 [ 385.926313][T10153] ? __pfx____sys_sendmsg+0x10/0x10 [ 385.926340][T10153] ? __pfx_lock_release+0x10/0x10 [ 385.926355][T10153] ? trace_lock_acquire+0x14e/0x1f0 [ 385.926371][T10153] ? __fget_files+0x206/0x3a0 [ 385.926385][T10153] __sys_sendmsg+0x16e/0x220 [ 385.926401][T10153] ? __pfx___sys_sendmsg+0x10/0x10 [ 385.926425][T10153] do_syscall_64+0xcd/0x250 [ 385.926440][T10153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.926456][T10153] RIP: 0033:0x7f7bf778d169 [ 385.926465][T10153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.926475][T10153] RSP: 002b:00007f7bf866e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 385.926486][T10153] RAX: ffffffffffffffda RBX: 00007f7bf79a5fa0 RCX: 00007f7bf778d169 [ 385.926492][T10153] RDX: 0000000000004080 RSI: 0000200000000000 RDI: 0000000000000003 [ 385.926498][T10153] RBP: 00007f7bf866e090 R08: 0000000000000000 R09: 0000000000000000 [ 385.926504][T10153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 385.926510][T10153] R13: 0000000000000000 R14: 00007f7bf79a5fa0 R15: 00007fffe14ac7f8 [ 385.926522][T10153] [ 388.030087][T10173] netlink: 'syz.4.1127': attribute type 10 has an invalid length. [ 388.061222][T10173] 8021q: adding VLAN 0 to HW filter on device team0 [ 388.175494][T10173] bond0: (slave team0): Enslaving as an active interface with an up link [ 388.200720][T10179] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1127'. [ 388.483714][T10182] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1129'. [ 388.492988][T10182] netlink: 'syz.1.1129': attribute type 1 has an invalid length. [ 388.558702][ T30] audit: type=1400 audit(1742862134.959:831): avc: denied { connect } for pid=10183 comm="syz.3.1130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 388.781790][T10190] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 388.788425][T10190] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 389.056848][T10190] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 389.396207][T10190] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 389.676221][T10190] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 389.685965][T10190] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 389.717621][T10190] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 389.758227][T10190] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 390.427474][T10190] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 390.440257][T10190] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 390.632914][T10205] hub 1-0:1.0: USB hub found [ 390.637769][T10205] hub 1-0:1.0: 1 port detected [ 391.187513][ T5822] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 391.567045][T10226] ax25_connect(): syz.0.1139 uses autobind, please contact jreuter@yaina.de [ 392.013537][ T30] audit: type=1400 audit(1742862137.969:832): avc: denied { connect } for pid=10221 comm="syz.0.1139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 392.450287][ T5822] usb 4-1: Using ep0 maxpacket: 32 [ 392.508021][ T5822] usb 4-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 392.532540][ T5822] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.555188][ T5822] usb 4-1: Product: syz [ 392.573988][ T5822] usb 4-1: Manufacturer: syz [ 392.583206][ T5822] usb 4-1: SerialNumber: syz [ 392.589803][T10235] netlink: 'syz.1.1142': attribute type 1 has an invalid length. [ 392.615168][T10235] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1142'. [ 392.627192][ T5822] usb 4-1: config 0 descriptor?? [ 392.683724][T10237] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1143'. [ 392.726570][T10237] netlink: 'syz.2.1143': attribute type 1 has an invalid length. [ 393.157984][T10204] netlink: 'syz.3.1136': attribute type 10 has an invalid length. [ 393.166223][T10204] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1136'. [ 393.175099][T10204] team0: entered promiscuous mode [ 393.180114][T10204] team_slave_0: entered promiscuous mode [ 393.186055][T10204] team_slave_1: entered promiscuous mode [ 393.191978][T10204] bridge0: port 3(team0) entered blocking state [ 393.198275][T10204] bridge0: port 3(team0) entered disabled state [ 393.204677][T10204] team0: entered allmulticast mode [ 393.209795][T10204] team_slave_0: entered allmulticast mode [ 393.215594][T10204] team_slave_1: entered allmulticast mode [ 393.224564][T10204] bridge0: port 3(team0) entered blocking state [ 393.230852][T10204] bridge0: port 3(team0) entered forwarding state [ 393.783532][ T5822] peak_usb 4-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 394.694041][T10250] fuse: Bad value for 'rootmode' [ 394.699456][ T5822] peak_usb 4-1:0.0: unable to read PCAN-USB Pro firmware info (err -71) [ 395.128663][ T30] audit: type=1400 audit(1742862141.519:833): avc: denied { mount } for pid=10257 comm="syz.2.1150" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 395.664653][ T5822] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -71 [ 395.686029][T10264] evm: overlay not supported [ 396.111520][ T5822] usb 4-1: USB disconnect, device number 29 [ 396.552815][ T30] audit: type=1400 audit(1742862142.849:834): avc: denied { listen } for pid=10275 comm="syz.4.1155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 396.648204][ T5873] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 396.669670][ T5873] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 396.900517][ T10] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 397.796704][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 397.799348][ T30] audit: type=1400 audit(1742862144.199:835): avc: denied { map } for pid=10284 comm="syz.0.1157" path="socket:[27041]" dev="sockfs" ino=27041 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 397.830304][ T10] usb 1-1: no configurations [ 397.835018][ T10] usb 1-1: can't read configurations, error -22 [ 397.956512][ T30] audit: type=1400 audit(1742862144.199:836): avc: denied { read } for pid=10284 comm="syz.0.1157" path="socket:[27041]" dev="sockfs" ino=27041 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 397.992322][T10295] FAULT_INJECTION: forcing a failure. [ 397.992322][T10295] name failslab, interval 1, probability 0, space 0, times 0 [ 398.010348][T10295] CPU: 1 UID: 0 PID: 10295 Comm: syz.1.1160 Not tainted 6.14.0-syzkaller #0 [ 398.010373][T10295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 398.010382][T10295] Call Trace: [ 398.010387][T10295] [ 398.010393][T10295] dump_stack_lvl+0x16c/0x1f0 [ 398.010423][T10295] should_fail_ex+0x50a/0x650 [ 398.010447][T10295] ? fs_reclaim_acquire+0xae/0x150 [ 398.010471][T10295] should_failslab+0xc2/0x120 [ 398.010490][T10295] __kmalloc_cache_node_noprof+0x6e/0x420 [ 398.010506][T10295] ? trace_kmalloc+0x2d/0xd0 [ 398.010527][T10295] ? page_pool_create_percpu+0x7a/0xb20 [ 398.010554][T10295] page_pool_create_percpu+0x7a/0xb20 [ 398.010577][T10295] bpf_test_run_xdp_live+0x193/0x500 [ 398.010597][T10295] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 398.010613][T10295] ? find_held_lock+0x2d/0x110 [ 398.010630][T10295] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 398.010649][T10295] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 398.010666][T10295] ? prepare_to_wait_event+0xce/0x6a0 [ 398.010694][T10295] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 398.010715][T10295] ? 0xffffffffa00038c0 [ 398.010727][T10295] ? 0xffffffffa00038c0 [ 398.010737][T10295] ? 0xffffffffa00038c0 [ 398.010745][T10295] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 398.010764][T10295] bpf_prog_test_run_xdp+0x81f/0x1560 [ 398.010786][T10295] ? lock_acquire+0x2f/0xb0 [ 398.010803][T10295] ? __fget_files+0x40/0x3a0 [ 398.010816][T10295] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 398.010835][T10295] ? __fget_files+0x206/0x3a0 [ 398.010850][T10295] ? fput+0x67/0x440 [ 398.010865][T10295] ? __bpf_prog_get+0xa0/0x290 [ 398.010885][T10295] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 398.010903][T10295] __sys_bpf+0xfc6/0x49c0 [ 398.010917][T10295] ? __pfx_lock_release+0x10/0x10 [ 398.010935][T10295] ? __pfx___sys_bpf+0x10/0x10 [ 398.010948][T10295] ? vfs_write+0x306/0x1150 [ 398.010972][T10295] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 398.011001][T10295] ? fput+0x67/0x440 [ 398.011016][T10295] ? ksys_write+0x1ba/0x250 [ 398.011028][T10295] ? __pfx_ksys_write+0x10/0x10 [ 398.011043][T10295] __x64_sys_bpf+0x78/0xc0 [ 398.011056][T10295] ? lockdep_hardirqs_on+0x7c/0x110 [ 398.011074][T10295] do_syscall_64+0xcd/0x250 [ 398.011093][T10295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.011113][T10295] RIP: 0033:0x7f7bf778d169 [ 398.011123][T10295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.011136][T10295] RSP: 002b:00007f7bf866e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 398.011149][T10295] RAX: ffffffffffffffda RBX: 00007f7bf79a5fa0 RCX: 00007f7bf778d169 [ 398.011158][T10295] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a [ 398.011166][T10295] RBP: 00007f7bf866e090 R08: 0000000000000000 R09: 0000000000000000 [ 398.011174][T10295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 398.011182][T10295] R13: 0000000000000000 R14: 00007f7bf79a5fa0 R15: 00007fffe14ac7f8 [ 398.011199][T10295] [ 400.921964][T10322] veth0_to_bridge: entered promiscuous mode [ 401.049234][T10327] : renamed from bond0 (while UP) [ 401.348404][ T30] audit: type=1400 audit(1742862147.449:837): avc: denied { ioctl } for pid=10310 comm="syz.1.1165" path="socket:[27224]" dev="sockfs" ino=27224 ioctlcmd=0x8923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 401.815674][T10322] veth0_to_bridge: left promiscuous mode [ 402.677777][T10342] ======================================================= [ 402.677777][T10342] WARNING: The mand mount option has been deprecated and [ 402.677777][T10342] and is ignored by this kernel. Remove the mand [ 402.677777][T10342] option from the mount to silence this warning. [ 402.677777][T10342] ======================================================= [ 402.712682][ C0] vkms_vblank_simulate: vblank timer overrun [ 402.961297][T10342] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 403.400912][ T82] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 403.681538][ T30] audit: type=1400 audit(1742862149.979:838): avc: denied { create } for pid=10354 comm="syz.3.1177" name="#17" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 403.994803][ T30] audit: type=1400 audit(1742862149.979:839): avc: denied { link } for pid=10354 comm="syz.3.1177" name="#17" dev="tmpfs" ino=1242 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 404.018205][ T30] audit: type=1400 audit(1742862149.989:840): avc: denied { rename } for pid=10354 comm="syz.3.1177" name="#18" dev="tmpfs" ino=1242 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 405.430840][T10381] overlayfs: missing 'lowerdir' [ 405.989817][ T30] audit: type=1326 audit(1742862152.389:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10382 comm="syz.0.1186" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f252018d169 code=0x0 [ 408.925566][T10413] sp0: Synchronizing with TNC [ 409.007607][T10413] Failed to initialize the IGMP autojoin socket (err -2) [ 409.698040][ T30] audit: type=1400 audit(1742862156.009:842): avc: denied { setcheckreqprot } for pid=10415 comm="syz.4.1196" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 409.839394][T10422] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 410.671432][T10428] FAULT_INJECTION: forcing a failure. [ 410.671432][T10428] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 410.928271][T10435] FAULT_INJECTION: forcing a failure. [ 410.928271][T10435] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 410.941579][T10435] CPU: 0 UID: 0 PID: 10435 Comm: syz.3.1201 Not tainted 6.14.0-syzkaller #0 [ 410.941600][T10435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 410.941610][T10435] Call Trace: [ 410.941615][T10435] [ 410.941622][T10435] dump_stack_lvl+0x16c/0x1f0 [ 410.941652][T10435] should_fail_ex+0x50a/0x650 [ 410.941683][T10435] _copy_from_user+0x2e/0xd0 [ 410.941701][T10435] copy_msghdr_from_user+0x99/0x160 [ 410.941728][T10435] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 410.941759][T10435] ? __pfx___lock_acquire+0x10/0x10 [ 410.941787][T10435] ___sys_recvmsg+0xdc/0x1a0 [ 410.941812][T10435] ? __pfx____sys_recvmsg+0x10/0x10 [ 410.941836][T10435] ? find_held_lock+0x2d/0x110 [ 410.941866][T10435] ? __pfx___might_resched+0x10/0x10 [ 410.941892][T10435] ? __might_fault+0xe3/0x190 [ 410.941917][T10435] do_recvmmsg+0x2f8/0x740 [ 410.941945][T10435] ? __pfx_do_recvmmsg+0x10/0x10 [ 410.941968][T10435] ? vfs_write+0x306/0x1150 [ 410.941999][T10435] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 410.942029][T10435] ? __fget_files+0x206/0x3a0 [ 410.942052][T10435] __x64_sys_recvmmsg+0x239/0x290 [ 410.942069][T10435] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 410.942092][T10435] do_syscall_64+0xcd/0x250 [ 410.942117][T10435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.942140][T10435] RIP: 0033:0x7f67cfb8d169 [ 410.942155][T10435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.942177][T10435] RSP: 002b:00007f67d0939038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 410.942194][T10435] RAX: ffffffffffffffda RBX: 00007f67cfda6080 RCX: 00007f67cfb8d169 [ 410.942206][T10435] RDX: 000000000000072a RSI: 0000200000000080 RDI: 0000000000000005 [ 410.942216][T10435] RBP: 00007f67d0939090 R08: 0000000000000000 R09: 0000000000000000 [ 410.942225][T10435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 410.942235][T10435] R13: 0000000000000000 R14: 00007f67cfda6080 R15: 00007ffdf635e668 [ 410.942258][T10435] [ 410.948270][ T30] audit: type=1326 audit(1742862157.319:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10411 comm="syz.2.1194" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fae0fd8d169 code=0x0 [ 410.994881][T10428] CPU: 0 UID: 0 PID: 10428 Comm: syz.4.1197 Not tainted 6.14.0-syzkaller #0 [ 410.994901][T10428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 410.994911][T10428] Call Trace: [ 410.994915][T10428] [ 410.994921][T10428] dump_stack_lvl+0x16c/0x1f0 [ 410.994950][T10428] should_fail_ex+0x50a/0x650 [ 410.994978][T10428] _copy_from_iter+0x2a1/0x1560 [ 410.994993][T10428] ? trace_lock_acquire+0x14e/0x1f0 [ 410.995012][T10428] ? __alloc_skb+0x1fe/0x380 [ 410.995034][T10428] ? __pfx__copy_from_iter+0x10/0x10 [ 410.995048][T10428] ? __virt_addr_valid+0x1a4/0x590 [ 410.995066][T10428] ? __virt_addr_valid+0x5e/0x590 [ 410.995081][T10428] ? __phys_addr_symbol+0x30/0x80 [ 410.995096][T10428] ? __check_object_size+0x488/0x710 [ 410.995122][T10428] netlink_sendmsg+0x813/0xd70 [ 410.995147][T10428] ? __pfx_netlink_sendmsg+0x10/0x10 [ 410.995175][T10428] ____sys_sendmsg+0xaaf/0xc90 [ 410.995193][T10428] ? copy_msghdr_from_user+0x10b/0x160 [ 410.995215][T10428] ? __pfx_____sys_sendmsg+0x10/0x10 [ 410.995241][T10428] ___sys_sendmsg+0x135/0x1e0 [ 410.995264][T10428] ? __pfx____sys_sendmsg+0x10/0x10 [ 410.995293][T10428] ? __pfx_lock_release+0x10/0x10 [ 410.995313][T10428] ? trace_lock_acquire+0x14e/0x1f0 [ 410.995336][T10428] ? __fget_files+0x206/0x3a0 [ 410.995356][T10428] __sys_sendmsg+0x16e/0x220 [ 410.995378][T10428] ? __pfx___sys_sendmsg+0x10/0x10 [ 410.995412][T10428] do_syscall_64+0xcd/0x250 [ 410.995435][T10428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.995455][T10428] RIP: 0033:0x7f4f19d8d169 [ 410.995467][T10428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.995482][T10428] RSP: 002b:00007f4f1ab97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 410.995497][T10428] RAX: ffffffffffffffda RBX: 00007f4f19fa5fa0 RCX: 00007f4f19d8d169 [ 410.995506][T10428] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 410.995515][T10428] RBP: 00007f4f1ab97090 R08: 0000000000000000 R09: 0000000000000000 [ 410.995524][T10428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 410.995532][T10428] R13: 0000000000000000 R14: 00007f4f19fa5fa0 R15: 00007fff19ddd538 [ 410.995551][T10428] [ 411.450379][T10444] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 411.769165][ T30] audit: type=1400 audit(1742862157.329:844): avc: denied { shutdown } for pid=10432 comm="syz.3.1201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 412.399328][T10441] netlink: 'syz.4.1202': attribute type 1 has an invalid length. [ 412.426575][T10441] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1202'. [ 412.456117][ T30] audit: type=1400 audit(1742862158.859:845): avc: denied { read } for pid=10458 comm="syz.0.1205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 412.609537][T10464] random: crng reseeded on system resumption [ 412.621250][ T30] audit: type=1400 audit(1742862159.009:846): avc: denied { append } for pid=10463 comm="syz.2.1206" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 413.687512][T10482] hub 1-0:1.0: USB hub found [ 413.692506][T10482] hub 1-0:1.0: 1 port detected [ 414.068633][T10464] Restarting kernel threads ... [ 414.070375][ T30] audit: type=1400 audit(1742862160.469:847): avc: denied { ioctl } for pid=10463 comm="syz.2.1206" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x3305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 414.100318][ C0] vkms_vblank_simulate: vblank timer overrun [ 414.118664][T10464] done. [ 414.731187][ T30] audit: type=1400 audit(1742862161.129:848): avc: denied { ioctl } for pid=10501 comm="syz.1.1212" path="socket:[28226]" dev="sockfs" ino=28226 ioctlcmd=0x89e4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 415.315987][T10527] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1218'. [ 417.209569][T10550] FAULT_INJECTION: forcing a failure. [ 417.209569][T10550] name failslab, interval 1, probability 0, space 0, times 0 [ 417.222932][T10550] CPU: 0 UID: 0 PID: 10550 Comm: syz.0.1222 Not tainted 6.14.0-syzkaller #0 [ 417.222953][T10550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 417.222963][T10550] Call Trace: [ 417.222969][T10550] [ 417.222976][T10550] dump_stack_lvl+0x16c/0x1f0 [ 417.223006][T10550] should_fail_ex+0x50a/0x650 [ 417.223034][T10550] ? fs_reclaim_acquire+0xae/0x150 [ 417.223061][T10550] ? assoc_array_insert+0x10a/0x3140 [ 417.223079][T10550] should_failslab+0xc2/0x120 [ 417.223098][T10550] __kmalloc_cache_noprof+0x68/0x410 [ 417.223128][T10550] ? avc_has_perm_noaudit+0x119/0x3a0 [ 417.223150][T10550] assoc_array_insert+0x10a/0x3140 [ 417.223173][T10550] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 417.223200][T10550] ? rcu_is_watching+0x12/0xc0 [ 417.223218][T10550] ? trace_lock_acquire+0x14e/0x1f0 [ 417.223237][T10550] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 417.223265][T10550] ? __pfx_assoc_array_insert+0x10/0x10 [ 417.223283][T10550] ? __key_link_lock+0x4a/0xb0 [ 417.223305][T10550] ? down_write+0x14e/0x200 [ 417.223337][T10550] ? __pfx_down_write+0x10/0x10 [ 417.223360][T10550] ? __pfx_key_set_index_key+0x10/0x10 [ 417.223382][T10550] __key_link_begin+0xf5/0x260 [ 417.223401][T10550] __key_create_or_update+0x4e5/0xe10 [ 417.223430][T10550] ? __pfx___key_create_or_update+0x10/0x10 [ 417.223457][T10550] ? lookup_user_key+0x2ca/0x12f0 [ 417.223494][T10550] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 417.223524][T10550] key_create_or_update+0x42/0x60 [ 417.223553][T10550] __do_sys_add_key+0x29c/0x460 [ 417.223574][T10550] ? __pfx___do_sys_add_key+0x10/0x10 [ 417.223591][T10550] ? ksys_write+0x1ba/0x250 [ 417.223617][T10550] do_syscall_64+0xcd/0x250 [ 417.223642][T10550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.223665][T10550] RIP: 0033:0x7f252018d169 [ 417.223679][T10550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.223695][T10550] RSP: 002b:00007f2520f7c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 417.223713][T10550] RAX: ffffffffffffffda RBX: 00007f25203a6160 RCX: 00007f252018d169 [ 417.223724][T10550] RDX: 0000200000000100 RSI: 0000200000000180 RDI: 0000200000000140 [ 417.223734][T10550] RBP: 00007f2520f7c090 R08: fffffffffffffffe R09: 0000000000000000 [ 417.223744][T10550] R10: 00000000000000ca R11: 0000000000000246 R12: 0000000000000002 [ 417.223754][T10550] R13: 0000000000000000 R14: 00007f25203a6160 R15: 00007fff02eab078 [ 417.223777][T10550] [ 417.467905][ C0] vkms_vblank_simulate: vblank timer overrun [ 417.608937][ T30] audit: type=1400 audit(1742862163.389:849): avc: denied { write } for pid=10543 comm="syz.1.1225" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 417.632016][ C0] vkms_vblank_simulate: vblank timer overrun [ 417.822924][T10559] FAULT_INJECTION: forcing a failure. [ 417.822924][T10559] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 417.836551][T10559] CPU: 1 UID: 0 PID: 10559 Comm: syz.2.1228 Not tainted 6.14.0-syzkaller #0 [ 417.836573][T10559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 417.836584][T10559] Call Trace: [ 417.836589][T10559] [ 417.836596][T10559] dump_stack_lvl+0x16c/0x1f0 [ 417.836626][T10559] should_fail_ex+0x50a/0x650 [ 417.836654][T10559] _copy_to_user+0x32/0xd0 [ 417.836673][T10559] copy_to_sockptr_offset.constprop.0+0x12b/0x150 [ 417.836699][T10559] ? __pfx_copy_to_sockptr_offset.constprop.0+0x10/0x10 [ 417.836724][T10559] ? btf_new_fd+0x3ecc/0x5360 [ 417.836743][T10559] ? bpf_vlog_finalize+0x1ba/0x360 [ 417.836763][T10559] btf_new_fd+0x40ff/0x5360 [ 417.836783][T10559] ? avc_has_perm_noaudit+0x143/0x3a0 [ 417.836814][T10559] ? __pfx_btf_new_fd+0x10/0x10 [ 417.836837][T10559] ? cap_capable+0xb3/0x250 [ 417.836859][T10559] ? bpf_lsm_capable+0x9/0x10 [ 417.836879][T10559] ? security_capable+0x7e/0x260 [ 417.836901][T10559] ? ns_capable+0xd7/0x110 [ 417.836927][T10559] __sys_bpf+0x1747/0x49c0 [ 417.836945][T10559] ? __pfx_lock_release+0x10/0x10 [ 417.836970][T10559] ? __pfx___sys_bpf+0x10/0x10 [ 417.836986][T10559] ? vfs_write+0x306/0x1150 [ 417.837017][T10559] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 417.837065][T10559] ? fput+0x67/0x440 [ 417.837083][T10559] ? ksys_write+0x1ba/0x250 [ 417.837097][T10559] ? __pfx_ksys_write+0x10/0x10 [ 417.837116][T10559] __x64_sys_bpf+0x78/0xc0 [ 417.837133][T10559] ? lockdep_hardirqs_on+0x7c/0x110 [ 417.837155][T10559] do_syscall_64+0xcd/0x250 [ 417.837180][T10559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.837203][T10559] RIP: 0033:0x7fae0fd8d169 [ 417.837217][T10559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.837233][T10559] RSP: 002b:00007fae10bc7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 417.837250][T10559] RAX: ffffffffffffffda RBX: 00007fae0ffa5fa0 RCX: 00007fae0fd8d169 [ 417.837260][T10559] RDX: 0000000000000020 RSI: 00002000000000c0 RDI: 0000000000000012 [ 417.837270][T10559] RBP: 00007fae10bc7090 R08: 0000000000000000 R09: 0000000000000000 [ 417.837279][T10559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 417.837289][T10559] R13: 0000000000000001 R14: 00007fae0ffa5fa0 R15: 00007ffc9ad864d8 [ 417.837315][T10559] [ 418.270241][ C0] hrtimer: interrupt took 46712 ns [ 418.748299][T10567] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1232'. [ 418.980306][ T5826] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 419.050301][ T1203] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 419.150352][ T5826] usb 4-1: Using ep0 maxpacket: 8 [ 419.171805][ T5826] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 419.171880][ T5826] usb 4-1: config 0 has no interface number 0 [ 419.172038][ T5826] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 419.172176][ T5826] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 419.172244][ T5826] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.318683][ T1203] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 419.461515][ T5826] usb 4-1: config 0 descriptor?? [ 419.487364][ T5826] iowarrior 4-1:0.1: no interrupt-in endpoint found [ 419.513762][ T1203] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 419.524012][ T1203] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 419.533252][ T1203] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.555448][T10567] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 419.565979][ T1203] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 419.783811][T10574] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1233'. [ 419.828980][T10574] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 419.898616][T10574] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 420.120543][ T1203] usb 5-1: USB disconnect, device number 31 [ 420.122718][ T10] usb 4-1: USB disconnect, device number 30 [ 420.370937][ T30] audit: type=1400 audit(1742862166.779:850): avc: denied { create } for pid=10582 comm="syz.2.1235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 420.463981][T10584] lo speed is unknown, defaulting to 1000 [ 420.469995][T10584] lo speed is unknown, defaulting to 1000 [ 420.479046][T10584] lo speed is unknown, defaulting to 1000 [ 420.553958][T10584] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -2 [ 420.877397][T10584] lo speed is unknown, defaulting to 1000 [ 420.897159][T10584] lo speed is unknown, defaulting to 1000 [ 420.917456][T10584] lo speed is unknown, defaulting to 1000 [ 421.047498][T10584] lo speed is unknown, defaulting to 1000 [ 421.262892][T10584] lo speed is unknown, defaulting to 1000 [ 421.405096][T10597] FAULT_INJECTION: forcing a failure. [ 421.405096][T10597] name failslab, interval 1, probability 0, space 0, times 0 [ 421.869887][T10597] CPU: 0 UID: 0 PID: 10597 Comm: syz.0.1239 Not tainted 6.14.0-syzkaller #0 [ 421.869912][T10597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 421.869920][T10597] Call Trace: [ 421.869925][T10597] [ 421.869931][T10597] dump_stack_lvl+0x16c/0x1f0 [ 421.869959][T10597] should_fail_ex+0x50a/0x650 [ 421.869988][T10597] should_failslab+0xc2/0x120 [ 421.870016][T10597] __kmalloc_node_track_caller_noprof+0xcf/0x510 [ 421.870036][T10597] ? sidtab_sid2str_get+0x17a/0x680 [ 421.870064][T10597] kmemdup_noprof+0x29/0x60 [ 421.870085][T10597] sidtab_sid2str_get+0x17a/0x680 [ 421.870110][T10597] sidtab_entry_to_string+0x33/0x110 [ 421.870133][T10597] security_sid_to_context_core+0x35c/0x640 [ 421.870159][T10597] avc_audit_post_callback+0x1ac/0x8c0 [ 421.870176][T10597] ? audit_log_format+0xe9/0x130 [ 421.870200][T10597] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 421.870215][T10597] ? skb_put+0x138/0x1b0 [ 421.870233][T10597] ? audit_log_n_string+0x253/0x540 [ 421.870263][T10597] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 421.870279][T10597] common_lsm_audit+0x33e/0x2290 [ 421.870303][T10597] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 421.870320][T10597] ? __pfx_common_lsm_audit+0x10/0x10 [ 421.870346][T10597] ? irqentry_exit+0x3b/0x90 [ 421.870369][T10597] ? preempt_schedule_thunk+0x1a/0x30 [ 421.870393][T10597] ? preempt_schedule_common+0x44/0xc0 [ 421.870419][T10597] ? slow_avc_audit+0x17d/0x210 [ 421.870434][T10597] slow_avc_audit+0x17d/0x210 [ 421.870451][T10597] ? __pfx_slow_avc_audit+0x10/0x10 [ 421.870477][T10597] ? avc_has_perm_noaudit+0x2fa/0x3a0 [ 421.870498][T10597] avc_has_perm+0x18d/0x1c0 [ 421.870517][T10597] ? __pfx_avc_has_perm+0x10/0x10 [ 421.870538][T10597] ? __pfx_mark_lock+0x10/0x10 [ 421.870566][T10597] inode_has_perm+0x168/0x1d0 [ 421.870587][T10597] file_has_perm+0x2e8/0x350 [ 421.870608][T10597] ? __pfx_file_has_perm+0x10/0x10 [ 421.870628][T10597] ? mark_held_locks+0x9f/0xe0 [ 421.870657][T10597] selinux_file_permission+0x40d/0x580 [ 421.870687][T10597] security_file_permission+0x1e3/0x210 [ 421.870714][T10597] rw_verify_area+0xb9/0x680 [ 421.870739][T10597] __io_read+0x28a/0x12b0 [ 421.870763][T10597] ? __fget_files+0x206/0x3a0 [ 421.870786][T10597] io_read+0x1e/0x70 [ 421.870810][T10597] io_issue_sqe+0x175/0x12d0 [ 421.870828][T10597] io_submit_sqes+0x96a/0x2670 [ 421.870859][T10597] __do_sys_io_uring_enter+0xd60/0x1670 [ 421.870880][T10597] ? __fget_files+0x206/0x3a0 [ 421.870896][T10597] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 421.870916][T10597] ? fput+0x67/0x440 [ 421.870936][T10597] ? ksys_write+0x1ba/0x250 [ 421.870951][T10597] ? __pfx_ksys_write+0x10/0x10 [ 421.870975][T10597] do_syscall_64+0xcd/0x250 [ 421.871000][T10597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.871029][T10597] RIP: 0033:0x7f252018d169 [ 421.871044][T10597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.871059][T10597] RSP: 002b:00007f2520fbe038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 421.871077][T10597] RAX: ffffffffffffffda RBX: 00007f25203a5fa0 RCX: 00007f252018d169 [ 421.871087][T10597] RDX: 0000000000000000 RSI: 0000000000000567 RDI: 0000000000000003 [ 421.871097][T10597] RBP: 00007f2520fbe090 R08: 0000000000000000 R09: 0000000000000000 [ 421.871106][T10597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 421.871114][T10597] R13: 0000000000000000 R14: 00007f25203a5fa0 R15: 00007fff02eab078 [ 421.871133][T10597] [ 422.211112][ C0] vkms_vblank_simulate: vblank timer overrun [ 422.227025][ T30] audit: type=1400 audit(1742862167.809:851): avc: denied { read } for pid=10595 comm="syz.0.1239" path="socket:[28380]" dev="sockfs" ino=28380 scontext=root:sysadm_r:sysadm_t tsid=146 tclass=llc_socket permissive=1 [ 422.248699][ C0] vkms_vblank_simulate: vblank timer overrun [ 423.539173][T10619] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 423.554496][T10620] netlink: 'syz.0.1246': attribute type 1 has an invalid length. [ 423.555147][T10619] SELinux: failed to load policy [ 423.562793][T10620] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1246'. [ 423.649103][ T30] audit: type=1400 audit(1742862170.049:852): avc: denied { connect } for pid=10610 comm="syz.4.1245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 424.349529][ T30] audit: type=1400 audit(1742862170.719:853): avc: denied { map } for pid=10630 comm="syz.0.1249" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 424.393286][ T30] audit: type=1400 audit(1742862170.719:854): avc: denied { execute } for pid=10630 comm="syz.0.1249" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 424.417418][ C0] vkms_vblank_simulate: vblank timer overrun [ 424.426428][ T5870] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 424.783537][ T5870] usb 2-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=16.e3 [ 424.810808][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.822498][ T5870] usb 2-1: Product: syz [ 424.827481][ T5870] usb 2-1: Manufacturer: syz [ 424.846276][ T5870] usb 2-1: SerialNumber: syz [ 424.971432][ T5870] usb 2-1: config 0 descriptor?? [ 425.083546][ T5870] comedi comedi0: Wrong number of endpoints [ 425.148800][ T5870] dt9812 2-1:0.0: driver 'dt9812' failed to auto-configure device. [ 425.417280][ T5870] usb 2-1: USB disconnect, device number 31 [ 425.849624][ T5873] lo speed is unknown, defaulting to 1000 [ 426.226083][T10666] Failed to initialize the IGMP autojoin socket (err -2) [ 426.365107][T10668] netlink: 'syz.1.1259': attribute type 1 has an invalid length. [ 426.381480][T10668] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1259'. [ 426.410956][T10670] Failed to initialize the IGMP autojoin socket (err -2) [ 427.677630][T10670] FAULT_INJECTION: forcing a failure. [ 427.677630][T10670] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 427.690728][T10670] CPU: 1 UID: 0 PID: 10670 Comm: syz.4.1260 Not tainted 6.14.0-syzkaller #0 [ 427.690741][T10670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 427.690747][T10670] Call Trace: [ 427.690750][T10670] [ 427.690754][T10670] dump_stack_lvl+0x16c/0x1f0 [ 427.690775][T10670] should_fail_ex+0x50a/0x650 [ 427.690793][T10670] _copy_from_iter+0x2a1/0x1560 [ 427.690805][T10670] ? trace_lock_acquire+0x14e/0x1f0 [ 427.690818][T10670] ? __alloc_skb+0x1fe/0x380 [ 427.690834][T10670] ? __pfx__copy_from_iter+0x10/0x10 [ 427.690844][T10670] ? __virt_addr_valid+0x1a4/0x590 [ 427.690857][T10670] ? __virt_addr_valid+0x5e/0x590 [ 427.690867][T10670] ? __phys_addr_symbol+0x30/0x80 [ 427.690877][T10670] ? __check_object_size+0x488/0x710 [ 427.690891][T10670] netlink_sendmsg+0x813/0xd70 [ 427.690909][T10670] ? __pfx_netlink_sendmsg+0x10/0x10 [ 427.690929][T10670] ____sys_sendmsg+0xaaf/0xc90 [ 427.690941][T10670] ? copy_msghdr_from_user+0x10b/0x160 [ 427.690962][T10670] ? __pfx_____sys_sendmsg+0x10/0x10 [ 427.690979][T10670] ___sys_sendmsg+0x135/0x1e0 [ 427.690995][T10670] ? __pfx____sys_sendmsg+0x10/0x10 [ 427.691015][T10670] ? __pfx_lock_release+0x10/0x10 [ 427.691030][T10670] ? trace_lock_acquire+0x14e/0x1f0 [ 427.691046][T10670] ? __fget_files+0x206/0x3a0 [ 427.691059][T10670] __sys_sendmsg+0x16e/0x220 [ 427.691075][T10670] ? __pfx___sys_sendmsg+0x10/0x10 [ 427.691098][T10670] do_syscall_64+0xcd/0x250 [ 427.691115][T10670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.691130][T10670] RIP: 0033:0x7f4f19d8d169 [ 427.691139][T10670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.691150][T10670] RSP: 002b:00007f4f1ab97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 427.691160][T10670] RAX: ffffffffffffffda RBX: 00007f4f19fa5fa0 RCX: 00007f4f19d8d169 [ 427.691166][T10670] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 427.691172][T10670] RBP: 00007f4f1ab97090 R08: 0000000000000000 R09: 0000000000000000 [ 427.691178][T10670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 427.691183][T10670] R13: 0000000000000000 R14: 00007f4f19fa5fa0 R15: 00007fff19ddd538 [ 427.691195][T10670] [ 429.054155][ T30] audit: type=1400 audit(1742862175.449:855): avc: denied { write } for pid=10697 comm="syz.2.1269" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 429.490488][ T5873] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 429.900612][ T5873] usb 5-1: Using ep0 maxpacket: 16 [ 429.942332][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 429.954010][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 429.983575][ T5873] usb 5-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 430.463293][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.730849][ T5873] usb 5-1: config 0 descriptor?? [ 431.240439][ T5873] playstation 0003:054C:05C4.000B: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.4-1/input0 [ 431.567839][ T5873] playstation 0003:054C:05C4.000B: Failed to retrieve feature with reportID 18: -32 [ 431.781113][ T5873] playstation 0003:054C:05C4.000B: Failed to retrieve DualShock4 pairing info: -32 [ 431.817415][ T5873] playstation 0003:054C:05C4.000B: Failed to get MAC address from DualShock4 [ 431.847073][ T5873] playstation 0003:054C:05C4.000B: Failed to create dualshock4. [ 431.878621][ T5873] playstation 0003:054C:05C4.000B: probe with driver playstation failed with error -32 [ 431.891356][T10732] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 431.899641][T10732] overlayfs: missing 'lowerdir' [ 432.862139][ T1203] usb 5-1: USB disconnect, device number 32 [ 432.962024][T10743] FAULT_INJECTION: forcing a failure. [ 432.962024][T10743] name failslab, interval 1, probability 0, space 0, times 0 [ 433.077129][T10743] CPU: 0 UID: 0 PID: 10743 Comm: syz.0.1280 Not tainted 6.14.0-syzkaller #0 [ 433.077148][T10743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 433.077155][T10743] Call Trace: [ 433.077158][T10743] [ 433.077162][T10743] dump_stack_lvl+0x16c/0x1f0 [ 433.077182][T10743] should_fail_ex+0x50a/0x650 [ 433.077199][T10743] ? fs_reclaim_acquire+0xae/0x150 [ 433.077216][T10743] ? tomoyo_realpath_from_path+0xb9/0x720 [ 433.077232][T10743] should_failslab+0xc2/0x120 [ 433.077245][T10743] __kmalloc_noprof+0xcb/0x510 [ 433.077256][T10743] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 433.077274][T10743] tomoyo_realpath_from_path+0xb9/0x720 [ 433.077289][T10743] ? tomoyo_path_number_perm+0x235/0x590 [ 433.077303][T10743] ? tomoyo_path_number_perm+0x235/0x590 [ 433.077318][T10743] tomoyo_path_number_perm+0x248/0x590 [ 433.077331][T10743] ? tomoyo_path_number_perm+0x235/0x590 [ 433.077345][T10743] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 433.077370][T10743] ? __pfx_lock_release+0x10/0x10 [ 433.077384][T10743] ? trace_lock_acquire+0x14e/0x1f0 [ 433.077398][T10743] ? lock_acquire+0x2f/0xb0 [ 433.077411][T10743] ? __fget_files+0x40/0x3a0 [ 433.077423][T10743] ? __fget_files+0x206/0x3a0 [ 433.077435][T10743] security_file_ioctl+0x9b/0x240 [ 433.077452][T10743] __x64_sys_ioctl+0xb7/0x200 [ 433.077467][T10743] do_syscall_64+0xcd/0x250 [ 433.077484][T10743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.077499][T10743] RIP: 0033:0x7f252018d169 [ 433.077507][T10743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.077517][T10743] RSP: 002b:00007f2520fbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 433.077528][T10743] RAX: ffffffffffffffda RBX: 00007f25203a5fa0 RCX: 00007f252018d169 [ 433.077534][T10743] RDX: 0000200000000080 RSI: 00000000c0205649 RDI: 0000000000000003 [ 433.077540][T10743] RBP: 00007f2520fbe090 R08: 0000000000000000 R09: 0000000000000000 [ 433.077549][T10743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 433.077555][T10743] R13: 0000000000000000 R14: 00007f25203a5fa0 R15: 00007fff02eab078 [ 433.077567][T10743] [ 433.078226][T10743] ERROR: Out of memory at tomoyo_realpath_from_path. [ 433.414334][ T30] audit: type=1400 audit(1742862179.809:856): avc: denied { module_load } for pid=10739 comm="syz.4.1281" path="/sys/power/wakeup_count" dev="sysfs" ino=1407 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 433.910751][ T30] audit: type=1404 audit(1742862180.309:857): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1 [ 433.973483][ T5870] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 433.978510][ T30] audit: type=1400 audit(1742862180.379:858): avc: denied { read write } for pid=5821 comm="syz-executor" name="loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 434.063982][ T30] audit: type=1400 audit(1742862180.389:859): avc: denied { ioctl } for pid=10742 comm="syz.1.1283" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=0 [ 434.118872][ T30] audit: type=1400 audit(1742862180.419:860): avc: denied { mounton } for pid=10748 comm="syz.0.1284" path="/294/file1" dev="tmpfs" ino=1589 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=0 [ 434.177324][ T30] audit: type=1400 audit(1742862180.419:861): avc: denied { read } for pid=10750 comm="syz.2.1285" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=0 [ 434.199923][ C0] vkms_vblank_simulate: vblank timer overrun [ 434.243510][ T30] audit: type=1400 audit(1742862180.419:862): avc: denied { create } for pid=10750 comm="syz.2.1285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=0 [ 434.263163][ C0] vkms_vblank_simulate: vblank timer overrun [ 434.287172][ T30] audit: type=1400 audit(1742862180.429:863): avc: denied { create } for pid=10752 comm="syz.3.1286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=0 [ 434.312961][ T30] audit: type=1400 audit(1742862180.429:864): avc: denied { prog_load } for pid=10752 comm="syz.3.1286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 434.370412][ T30] audit: type=1400 audit(1742862180.429:865): avc: denied { execmem } for pid=10752 comm="syz.3.1286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 434.399625][ T30] audit: type=1400 audit(1742862180.429:866): avc: denied { read write } for pid=10742 comm="syz.1.1283" name="sg0" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=0 [ 434.439824][ T30] audit: type=1400 audit(1742862180.429:867): avc: denied { write } for pid=10748 comm="syz.0.1284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=0 [ 539.510157][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 539.517135][ C0] rcu: 1-...!: (1 ticks this GP) idle=fa64/1/0x4000000000000000 softirq=39649/39649 fqs=0 [ 539.528174][ C0] rcu: (detected by 0, t=10502 jiffies, g=33833, q=115 ncpus=2) [ 539.535897][ C0] Sending NMI from CPU 0 to CPUs 1: [ 539.535922][ C1] NMI backtrace for cpu 1 [ 539.535933][ C1] CPU: 1 UID: 0 PID: 10768 Comm: syz.0.1292 Not tainted 6.14.0-syzkaller #0 [ 539.535948][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 539.535969][ C1] RIP: 0010:__lock_acquire+0xec0/0x3c40 [ 539.535993][ C1] Code: 00 00 48 8b 84 24 e8 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 93 22 00 00 48 81 c4 f0 00 00 00 89 d0 5b 5d 41 5c 41 5d 41 5e <41> 5f c3 cc cc cc cc 41 83 fe 01 c7 04 24 00 00 00 00 0f 87 4c f2 [ 539.536005][ C1] RSP: 0018:ffffc90000a28bc8 EFLAGS: 00000086 [ 539.536016][ C1] RAX: 0000000000000001 RBX: 1ffff92000145181 RCX: ffffffff8195c64e [ 539.536024][ C1] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffffff9425acb8 [ 539.536032][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff2dd8d98 [ 539.536040][ C1] R10: ffffffff96ec6cc7 R11: 0000000000000001 R12: 0000000000000000 [ 539.536048][ C1] R13: ffffffff9aad17d0 R14: 0000000000000000 R15: ffff888036bfd398 [ 539.536056][ C1] FS: 000055555b5eb500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 539.536070][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 539.536079][ C1] CR2: 0000001b2fce0000 CR3: 0000000027af4000 CR4: 00000000003526f0 [ 539.536087][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 539.536094][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 539.536102][ C1] Call Trace: [ 539.536108][ C1] [ 539.536114][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 539.536130][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 539.536148][ C1] ? nmi_handle+0x1ac/0x5d0 [ 539.536166][ C1] ? __lock_acquire+0xec0/0x3c40 [ 539.536183][ C1] ? default_do_nmi+0x6a/0x160 [ 539.536197][ C1] ? exc_nmi+0x170/0x1e0 [ 539.536210][ C1] ? end_repeat_nmi+0xf/0x53 [ 539.536235][ C1] ? hlock_class+0x4e/0x130 [ 539.536249][ C1] ? __lock_acquire+0xec0/0x3c40 [ 539.536265][ C1] ? __lock_acquire+0xec0/0x3c40 [ 539.536282][ C1] ? __lock_acquire+0xec0/0x3c40 [ 539.536298][ C1] [ 539.536303][ C1] [ 539.536307][ C1] lock_acquire.part.0+0x11b/0x380 [ 539.536324][ C1] ? debug_object_activate+0x149/0x4a0 [ 539.536342][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 539.536359][ C1] ? rcu_is_watching+0x12/0xc0 [ 539.536373][ C1] ? trace_lock_acquire+0x14e/0x1f0 [ 539.536387][ C1] ? debug_object_activate+0x149/0x4a0 [ 539.536402][ C1] ? lock_acquire+0x2f/0xb0 [ 539.536418][ C1] ? debug_object_activate+0x149/0x4a0 [ 539.536433][ C1] _raw_spin_lock_irqsave+0x3a/0x60 [ 539.536449][ C1] ? debug_object_activate+0x149/0x4a0 [ 539.536463][ C1] debug_object_activate+0x149/0x4a0 [ 539.536478][ C1] ? lock_acquire.part.0+0x11b/0x380 [ 539.536496][ C1] ? __pfx_debug_object_activate+0x10/0x10 [ 539.536513][ C1] ? do_raw_spin_lock+0x12d/0x2c0 [ 539.536526][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 539.536539][ C1] ? __pfx_advance_sched+0x10/0x10 [ 539.536553][ C1] enqueue_hrtimer+0x25/0x3c0 [ 539.536567][ C1] __hrtimer_run_queues+0x903/0xae0 [ 539.536581][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 539.536594][ C1] ? read_tsc+0x9/0x20 [ 539.536609][ C1] hrtimer_interrupt+0x392/0x8e0 [ 539.536626][ C1] __sysvec_apic_timer_interrupt+0x10f/0x400 [ 539.536646][ C1] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 539.536663][ C1] [ 539.536667][ C1] [ 539.536671][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 539.536689][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 [ 539.536705][ C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 86 9a 3c f6 48 89 df e8 de 19 3d f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 01 00 00 00 e8 45 f1 2d f6 65 8b 05 06 c3 a9 74 85 c0 74 16 5b [ 539.536717][ C1] RSP: 0018:ffffc90004e37bb0 EFLAGS: 00000246 [ 539.536728][ C1] RAX: 0000000000000002 RBX: ffff8880b872c680 RCX: 1ffffffff20c4511 [ 539.536736][ C1] RDX: 0000000000000000 RSI: ffffffff8b6cfbe0 RDI: ffffffff8bd36960 [ 539.536745][ C1] RBP: 0000000000000246 R08: 0000000000000001 R09: 0000000000000001 [ 539.536753][ C1] R10: ffffffff90626c17 R11: 0000000000000001 R12: 0000000000000001 [ 539.536761][ C1] R13: ffffc90004e37d78 R14: 0000000000000000 R15: ffff8880b872c700 [ 539.536774][ C1] hrtimer_start_range_ns+0x4db/0xfe0 [ 539.536790][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 539.536805][ C1] ? do_nanosleep+0x18a/0x510 [ 539.536817][ C1] do_nanosleep+0x1f3/0x510 [ 539.536832][ C1] ? __pfx_do_nanosleep+0x10/0x10 [ 539.536844][ C1] ? __asan_memset+0x23/0x50 [ 539.536863][ C1] ? __hrtimer_init+0x106/0x2c0 [ 539.536881][ C1] hrtimer_nanosleep+0x158/0x380 [ 539.536895][ C1] ? __pfx_hrtimer_nanosleep+0x10/0x10 [ 539.536907][ C1] ? __might_fault+0xe3/0x190 [ 539.536923][ C1] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 539.536942][ C1] ? get_timespec64+0x148/0x240 [ 539.536958][ C1] ? __pfx_get_timespec64+0x10/0x10 [ 539.536973][ C1] common_nsleep+0xa1/0xd0 [ 539.536990][ C1] __x64_sys_clock_nanosleep+0x344/0x4a0 [ 539.537005][ C1] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 539.537020][ C1] do_syscall_64+0xcd/0x250 [ 539.537038][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.537054][ C1] RIP: 0033:0x7f25201bfa25 [ 539.537066][ C1] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 [ 539.537077][ C1] RSP: 002b:00007fff02eab170 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 539.537088][ C1] RAX: ffffffffffffffda RBX: 00007f25203a5fa0 RCX: 00007f25201bfa25 [ 539.537096][ C1] RDX: 00007fff02eab1b0 RSI: 0000000000000000 RDI: 0000000000000000 [ 539.537104][ C1] RBP: 00007f25203a7ba0 R08: 0000000000000000 R09: 00007f2520fbf000 [ 539.537112][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000006a3f4 [ 539.537120][ C1] R13: 00007f25203a6080 R14: ffffffffffffffff R15: 00007fff02eab2f0 [ 539.537132][ C1] [ 539.537918][ C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g33833 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 540.124118][ C0] rcu: Possible timer handling issue on cpu=1 timer-softirq=22470 [ 540.131999][ C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g33833 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 540.143360][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 540.153318][ C0] rcu: RCU grace-period kthread stack dump: [ 540.159201][ C0] task:rcu_preempt state:I stack:27552 pid:18 tgid:18 ppid:2 task_flags:0x208040 flags:0x00004000 [ 540.171117][ C0] Call Trace: [ 540.174393][ C0] [ 540.177321][ C0] __schedule+0xf43/0x5890 [ 540.181747][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 540.186957][ C0] ? __pfx___schedule+0x10/0x10 [ 540.191809][ C0] ? schedule+0x298/0x350 [ 540.196135][ C0] ? __pfx_lock_release+0x10/0x10 [ 540.201161][ C0] ? lock_acquire+0x2f/0xb0 [ 540.205663][ C0] ? schedule+0x1fd/0x350 [ 540.210165][ C0] schedule+0xe7/0x350 [ 540.214231][ C0] schedule_timeout+0x124/0x280 [ 540.219081][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 540.224455][ C0] ? __pfx_process_timeout+0x10/0x10 [ 540.229744][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 540.235548][ C0] ? prepare_to_swait_event+0xf3/0x470 [ 540.241011][ C0] rcu_gp_fqs_loop+0x1eb/0xb00 [ 540.245794][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 540.251080][ C0] ? rcu_gp_init+0xc82/0x1630 [ 540.255758][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 540.260958][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 540.266767][ C0] rcu_gp_kthread+0x271/0x380 [ 540.271444][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 540.276644][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 540.281841][ C0] ? __kthread_parkme+0x148/0x220 [ 540.286861][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 540.292059][ C0] kthread+0x3af/0x750 [ 540.296129][ C0] ? __pfx_kthread+0x10/0x10 [ 540.300719][ C0] ? __pfx_kthread+0x10/0x10 [ 540.305305][ C0] ret_from_fork+0x45/0x80 [ 540.309725][ C0] ? __pfx_kthread+0x10/0x10 [ 540.314311][ C0] ret_from_fork_asm+0x1a/0x30 [ 540.319101][ C0] [ 540.322632][ C0] vkms_vblank_simulate: vblank timer overrun