last executing test programs: 11.078420828s ago: executing program 0 (id=1827): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x5f58591e46362374}}, 0x0) getsockname$packet(r2, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="08030000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}}, 0x0) 10.747476035s ago: executing program 4 (id=1830): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCFLSH(r0, 0x80204705, 0x20000000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x80, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x8f) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000600)='kfree\x00', r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x2c, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x84, 0x30, 0xffff, 0x0, 0x0, {}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x5c, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x30}]]}, {0x10}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) listen(r2, 0x0) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_control_io(r5, 0x0, &(0x7f0000000ac0)={0x84, 0x0, 0x0, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x1}, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x4, {0x800, 0x40}}, 0x0, &(0x7f0000000840)={0x40, 0x9, 0x1, 0xd7}, &(0x7f0000000880)={0x40, 0xb, 0x2, "47bf"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r5, &(0x7f0000000080)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write(r5, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084") setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, 0x0, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @val={@val={0x88a8, 0x2, 0x1, 0x1}, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x4}}}}}}, 0x0) get_robust_list(0x0, 0x0, 0x0) 9.927597984s ago: executing program 0 (id=1832): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x90, 0x0, 0x0, {0x3, 0x0, 0x28bb, 0x3, 0x0, 0x1, {0x1, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc, 0x7fff, 0x0, 0x0, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={0x0, 0x40}}, 0x0) write$binfmt_aout(r2, 0x0, 0xff2e) ioctl$TCSETS(r2, 0x40045431, 0x0) r3 = syz_open_pts(r2, 0x0) r4 = dup3(r3, r2, 0x80000) ioctl$TIOCSTI(r4, 0x5412, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newlink={0x68, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x28, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0x9, 0x1f}}, @IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x20, {0x6}}]}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x68}}, 0x0) 8.781274321s ago: executing program 0 (id=1833): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x3, &(0x7f0000000200)=0xfffffffd) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0x4, 0x0, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) syz_clone(0x2000, &(0x7f0000000240)="03019e7ff2910d86f638460d2777e6f85363d408bbda05697effcceeb3a8968b3a2675e313553a70dc37f46343fc72227913cc032450585a27076fd34f4cf5682f35ed916ce834fc8b45fe8586a0e93ec2c2396705c5b2ddb507929ebc49846dd47a4e7dd236d3ac64840b9c182469acefc4c4b2a8e2a41e6d6b26b0d072ed2cd53ce0e8ffdf6b9aee6c596d030b56e95da7f2cdd762596bce5bda85ee2cbae7114525b434bd2cbcf24db913cd57890ef838fe", 0xb3, &(0x7f00000000c0), &(0x7f0000000300), &(0x7f0000000380)="c9dc1a1e6a554b33e17e710c9f5da0f6dcb0eedc1cdd7733564719234f90dc7f43df0254538b0a66537d1042cca6f98565d71224963ef720d705d2ad8fd39d635c2c2d43758b774429de99fa60d20cd0f4fe5992da8a985ce68093c0b6fc8349d4005541c660ce3b19554af19f20911f6a38112c369a5aaa65a43f693365f5fc91352c91ac992221bf68d13a332b843fc5a40232f06353d43dafe798cd0d815251ca7522315a7efef1366ca5551752e60510dd29ce7d0b53ad2fbd51e03592dc8ebc92ecf7f38f79c2c8b34f3db6092e2635e2398b") sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x100004, 0xffff, 0xb, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x200000, 0xfffffffc, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000380), 0x0, 0x2, r8}, 0x38) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) 7.282620489s ago: executing program 0 (id=1835): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000001a40)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0}], 0x1, 0x0) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r2, 0x40}, 0x8) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') syz_clone3(&(0x7f0000001340)={0x100000000, 0x0, 0x0, 0x0, {0x2a}, 0x0, 0x0, 0x0, 0x0}, 0x58) pread64(r3, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x7]}, 0x8, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(r4, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) r6 = syz_io_uring_setup(0x2994, &(0x7f0000000580)={0x0, 0x1e7b3, 0x2, 0x0, 0x1ab, 0x0, r5}, &(0x7f0000000040), &(0x7f0000001880)) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r6, 0x21, &(0x7f0000000440)=r4, 0x1) 7.047999652s ago: executing program 4 (id=1837): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0, 0x8}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100000001]}) 6.762755293s ago: executing program 1 (id=1838): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000100), 0x200000, 0x0) ioctl$FBIOGET_FSCREENINFO(r0, 0x4602, &(0x7f0000000280)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f}}, 0x20) io_setup(0x4, &(0x7f0000000140)) mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103) r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) r3 = fsopen(&(0x7f00000000c0)='f2fs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e6, &(0x7f0000000080)="fc") move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e7, &(0x7f0000000080)) r5 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000001500)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000001680)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@cache_none}], [], 0x6b}}) 6.38181499s ago: executing program 4 (id=1839): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x24000010) r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000000000904000002bd22f00009050303000000000009058aff30"], 0x0) bpf$ENABLE_STATS(0x20, &(0x7f0000000000), 0x4) syz_usb_control_io$cdc_ecm(r0, &(0x7f00000005c0)={0x14, 0x0, &(0x7f0000000580)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 6.292128806s ago: executing program 0 (id=1840): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket(0x1, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) socket$netlink(0x10, 0x3, 0x0) syz_open_dev$dmmidi(&(0x7f00000000c0), 0x400, 0x48000) socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1900000004000000040000000900000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r2 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb10000000010200090502"], 0x0) syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000340)={0x1c, &(0x7f0000000380)=ANY=[@ANYBLOB="200b98000000c96a6401cba6760d815fc0bc7719039576f54c397a725b0bad1019a058c108d3bfaf784d70d159fdd8bf0b69bf7adc21dbd01e25f976d2d72b9ff5af28071c7e9b3fd15cb04bc1f565a92e9bb5225a88503e204d8a36b11a07d18b06a733e0e74bed06fb60220d568063e3a03d2022bc51789235883a09bd5073072cba5301b7611831e7a59f", @ANYRES32=r1], 0x0, 0x0}) syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xc38, &(0x7f0000000300)=ANY=[]) ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000080)={0x0, 0x800, "00fa00"}) 6.142785343s ago: executing program 1 (id=1841): bpf$ENABLE_STATS(0x20, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) prctl$PR_MCE_KILL(0x29, 0x0, 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$IP_VS_SO_SET_STARTDAEMON(r5, 0x0, 0x48b, &(0x7f0000000000)={0x0, 'lo\x00', 0x2}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(r4, 0x0, 0x487, &(0x7f00000000c0), 0x0) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000003840), 0xffffffffffffffff) ptrace$ARCH_GET_FS(0x1e, r0, &(0x7f0000000240), 0x1003) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000003fc0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000", @ANYRES16=r6, @ANYBLOB="010000000000000000000100000004000180097fd1f517f05456e89e31c73dfe02"], 0x18}}, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x1a, &(0x7f0000000200)={0x1, 'netdevsim0\x00'}, 0x18) r7 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/pid\x00') keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, &(0x7f0000000640)='asymmetric\x00', &(0x7f00000003c0)=@chain) keyctl$link(0x8, r7, r7) bpf$ENABLE_STATS(0x20, 0x0, 0x0) ioctl$VIDIOC_S_AUDOUT(0xffffffffffffffff, 0x40345632, &(0x7f0000000080)={0x0, "3959bae38505b6494a3cfc779b880d79fa136923747b50cd06010a66418f40ec", 0x2}) socket$inet6(0x10, 0x2, 0x0) 5.15241201s ago: executing program 1 (id=1842): socket$inet(0x2, 0x4000000000000001, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r1, 0x7005) r2 = epoll_create(0x10000e9) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r4 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r5, &(0x7f0000000080)={0x2025}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) shutdown(r0, 0x0) 3.902754787s ago: executing program 1 (id=1845): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.numa_stat\x00', 0x26e1, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x9, [0xd2, 0x7, 0xe7, 0xe, 0x3, 0x8, 0x1, 0x8, 0x9, 0x2, 0xfff5, 0x3, 0x1000, 0x8, 0xd, 0x0, 0x8186, 0x3, 0x403, 0xfff, 0x2, 0x3, 0x1, 0x8bb8, 0x1, 0xfff, 0x8, 0x1, 0x7, 0x7fff, 0x208, 0x6, 0x5, 0x51, 0x3, 0x4, 0x4, 0x9, 0x401, 0x5, 0x5, 0x3, 0x2, 0x2, 0xfff8, 0x9, 0x2, 0x1]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) kexec_load(0x0, 0x0, 0x0, 0x160000) mq_open(&(0x7f00005a1ffb)='e\xeeQ\x92o', 0x42, 0x0, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r3) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000240)={0x18, 0x0, {0x4, @local, 'vcan0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @remote, 'bridge_slave_1\x00'}}) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000080)=""/179) ioctl$SIOCSIFHWADDR(r1, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100"}) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x4}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000dc0)={0x0, 0x6, 0x1, {0x1, @sliced={0x8, [0x8, 0x100, 0x1, 0xff00, 0x7f, 0xfff, 0x5, 0x9b2, 0x0, 0xe8c4, 0xbc04, 0x5, 0x4, 0xd7b1, 0x0, 0x4, 0x3, 0x4, 0x9, 0x9, 0x2, 0x0, 0x2, 0x2, 0x1, 0x5, 0x0, 0x1, 0x2, 0xa2a, 0x3, 0x4, 0x0, 0xe, 0x1, 0x9d4, 0x7, 0xfff7, 0xa, 0x8, 0x5, 0x9, 0x101, 0x6, 0x6, 0x3ff, 0x2, 0xffff], 0x9}}}) 3.412760438s ago: executing program 2 (id=1847): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x7e, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/igmp\x00') r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r2, 0xc0105500, &(0x7f0000000000)={0x80, 0x8, 0x0, 0x0, 0x4, 0xfffe, 0x0}) unshare(0x62040200) unshare(0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {0x1d00}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x48000) 3.318901692s ago: executing program 4 (id=1848): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x2, 0x0, @loopback}}}, 0x108) r1 = socket$nl_route(0x10, 0x3, 0x0) dup3(r1, r0, 0x80000) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) 3.317798015s ago: executing program 1 (id=1849): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000340), 0x0, 0x80) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x4) r3 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace(0x8, r3) r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000001b00), 0x2, 0x0) ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f0000001b40)=0xefe) ioctl$VIDIOC_S_SELECTION(r4, 0xc040565f, &(0x7f0000000000)={0x2, 0x2, 0x3, {0x50, 0x0, 0xe}}) r6 = socket$unix(0x1, 0x5, 0x0) r7 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCGPKT(r7, 0x80045438, &(0x7f0000000440)) bind$unix(r6, &(0x7f0000000a00)=@abs={0x1, 0x0, 0x4e22}, 0x6e) listen(r6, 0x0) r8 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0) write$FUSE_OPEN(r8, 0x0, 0x0) r9 = syz_io_uring_setup(0x48a6, &(0x7f0000000080)={0x0, 0x311d, 0x20, 0x4, 0x10000215, 0x0, r8}, &(0x7f00000002c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r10, r11, &(0x7f0000000280)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r6, 0x0}) r12 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$VHOST_SET_LOG_BASE(r12, 0x4008af04, &(0x7f0000000240)=&(0x7f0000000100)) io_uring_enter(r9, 0xa3d, 0x0, 0x0, 0x0, 0x0) shutdown(r6, 0x0) syz_pidfd_open(r3, 0x0) 3.231551181s ago: executing program 0 (id=1851): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12ac054182000011000001090224000100000000090400000103000000092100000001220500090581030000000000"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0}, 0x0) r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCSFLAG(r2, 0x4004480f, &(0x7f0000000000)=0x3) syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000580)=ANY=[@ANYBLOB="400e0100000420d848d1fdd8db03031361203cd0230ed235f839d3975d1cdd28aa153cea958ef1ce220b181dbcac8c619cf4131779b802afe450fca1e2a919f70f8a57b468e72e69f8d847b4207b57f67537f8cbe3a9bb22dcf80ca3af2535c78d3a9803cafd137f81415b5d41b2c79214679e4521d3099cf3c2f76fdcab318d6450e9443436"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) socket$kcm(0x29, 0x5, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) write$UHID_INPUT(r5, &(0x7f0000002080)={0xc, {"a2e3ad214fc752f91b2538f70e06d038e7ff7fc6e5539b3250078b089b3908386d090890e0878f0e1ac6e7049b3367959b619a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31330d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x4d5}}, 0x1006) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x2, &(0x7f00000000c0), 0x20) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000000c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c81a9176f5888c14e2ee2a2df43eedd69631572fb3904e3f6b503359ce4073d5eb77d3c4f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x3}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffff0000, @void, @value}, 0x94) r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182) ioctl$USBDEVFS_ALLOW_SUSPEND(r9, 0x5522) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) bind$can_raw(0xffffffffffffffff, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r6, @ANYBLOB, @ANYRES32=r8, @ANYRESHEX=r9, @ANYRESDEC=r1, @ANYRES64=r7, @ANYRESOCT=r11, @ANYRESOCT=r9, @ANYRES8=r3], 0x68}, 0x1, 0x0, 0x0, 0x44090}, 0x4004044) ioctl$USBDEVFS_BULK(r9, 0x5523, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a944"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r12 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r12, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[], 0x70}}, 0x4000004) syz_open_dev$usbfs(&(0x7f00000001c0), 0x8001, 0x6a80c0) 2.562866241s ago: executing program 4 (id=1853): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x6c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x9004, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @private1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x851}, 0x2000000000000000) 2.562427616s ago: executing program 3 (id=1854): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = socket$inet(0x2, 0x1, 0x0) listen(r1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) setitimer(0x2, 0x0, 0x0) mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='romfs\x00', 0x5, 0x0) 2.479071604s ago: executing program 2 (id=1855): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000070feffff000000000a20000000000a05000000000000000000010000000900010073797a300000000034000000030a01020000000000000000010000000900010073797a30000000000900030073797a3100000000080007006e61740018040000060a010400000000000000000100000008000b4000000000f0030480400001800e000100636f6e6e6c696d69740000002c00028008000240000000000800014000000000080002400000000008000140000000000800014000000000a003018008000100636d700094030280580103807500010005e360daecd801f90ff50e7867639552061035aae3941922608264ecf394e527910b35a04a8c2ee09bca2321664867ab813098b2b89326563abea550c6404ca3b76a63445bc14f9f14cb86b921761c298411310fe8d36c32ab1055d646f8897f049eb7e1b770a0cae61be6fe46fbfbbbaa00000048000280080001800000000008000340000000000900020073797a300000000008000340000000000900020073797a300000000008000180000000000900020073797a300000000040000280080001800000000008000340000000000900020073797a30000000000900020073797a310000000008000180000000000900020073797a320000000054000280080003400000000008000340000000000900020073797a3100000000080003400000000008000340000000000900020073797a3100000000080003400000000008000180000000000800034000000000080002400000000008000240000000000802038004000280bf0001001cacb4a3a68b031c68acdd1dc0ba5f9ccfb8efd02baaf5b5a41baf6213998b62e2b369fd53c6c4e56a7d6976e372a2d7691f11c917f5b03285d260fe1e9d85fa62fa3070a4a00d245052e901b0f34749b187fd2ad9e3995889edb70a3e1b6d276f33b7f62da25d7d22b1f4c4e35d76f55a1a07e65e1017060481714edcb2bfec1f0ad4c48f69ef2b9d88af5c57cf688a92564f3d65d224707d96328e1d8c3e78bccb14874d17ad08857c4bc29a958490fbd5cadef449e09e1a7b0000480002800900020073797a31000000000900020073797a32000000000900020073797a32000000000900020073797a310000000008000340000000000900020073797a31000000002c0002800900020073797a3100000000080001800000000008000340000000000900020073797a31000000009d0001006bd01f0aaf422d7f052b2fc60c3d9d93cf4634e4b2d4a116bf7aae32643de2fb9c91b8082e44a1664aad3afd061706fffcc142a3da7c339454c0355210a6282d1276887ddcf9d4409d1d0faa5bf3adf6ccfd0ed2ae52f9ae3e6ceca1452505ba79588af434c8700fe2b7f8c53eb505949465db2cbf5aed0c809933f90a05307bf8a2d3cd8af64e303d0da044623b0d84ce368938a7f96fc0330000001c0002800900020073797a31000000000900020073797a31000000000f000100efbb17b799969e4ce91e470008000140000000000800024000000000080001400000000908000240000000000c000180080001006f7366000900010073797a30"], 0x494}}, 0x0) 2.430032593s ago: executing program 1 (id=1856): socket$inet_udplite(0x2, 0x2, 0x88) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080), 0x10201, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000180)=@newqdisc={0x3b, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r2, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x8], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x5, 0xfffe], [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe]}}]}}, @TCA_STAB={0x0, 0x8, 0x0, 0x1, [{{0x0, 0x1, {0x3, 0x26, 0x1e, 0xc, 0x0, 0x5, 0x3}}, {0x0, 0x2, [0x101, 0x4, 0xfe00, 0xfffb, 0x8, 0x80]}}, {{0x0, 0x1, {0x6, 0x8, 0x5, 0x6, 0x2, 0x7, 0x401}}, {0x0, 0x2, [0x3ff, 0x8, 0x2, 0x2, 0x58, 0x1, 0x62, 0xfffb, 0x5, 0x8]}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000058b5711122062e53000000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1800000078000106000000000000000007"], 0x18}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d006a10000000e8fe55a1180015000600142603600e1209000a0044000000a80016000a0001400000000000000000b94dcf5c0461c1d67f6f94007134cf6ee0", 0x51}], 0x1}, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3) r7 = dup(r6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000001000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b"]) syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0xc3, 0xa1, 0xd7, 0x8, 0xccd, 0x99, 0x950d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xbc, 0x71, 0xf9}}]}}]}}, 0x0) 1.598913553s ago: executing program 2 (id=1857): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e14060200c3ff000e000a001000000002800000121f", 0x2e}], 0x1}, 0x20004000) 1.598559441s ago: executing program 3 (id=1858): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x280000, 0x0) r1 = socket$key(0xf, 0x3, 0x2) recvmmsg(r1, &(0x7f0000000440), 0x6f5, 0x2, &(0x7f0000000480)={0x77359400}) mount(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='jffs2\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) close(r0) syz_clone(0xb00b000, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETNOCSUM(r0, 0xff03, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000000)='tracefs\x00', 0x0, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r4}, 0xc) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) rseq(&(0x7f0000000480)={0x0, 0x0, 0x0, 0x2}, 0xfffffffffffffdac, 0x1, 0x0) syz_open_dev$evdev(&(0x7f0000002780), 0x2, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000000280)={&(0x7f0000000140)=[0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r5, 0xc01864ba, &(0x7f0000000400)={0x40008000000, r8, r9, 0xbbbbbbbb}) mount$9p_fd(0x0, &(0x7f0000000380)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000640)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r6}}) 1.598231058s ago: executing program 4 (id=1859): socket$nl_generic(0x11, 0x3, 0x10) connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0x6, @local, 'bridge_slave_1\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}}) syz_emit_ethernet(0x36, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) sendto$inet6(r0, 0x0, 0x0, 0x1, &(0x7f0000000140)={0xa, 0x4e21, 0x7ff, @private2, 0x2003}, 0x1c) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_emit_ethernet(0x3a, &(0x7f0000000140)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@generic={0x13, 0x2}]}}}}}}}, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000200000000000", @ANYRES32=0x0, @ANYBLOB="feffffff000000000000000000000000003f0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000001"], 0x50) 1.483166837s ago: executing program 2 (id=1860): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.numa_stat\x00', 0x26e1, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @sliced={0x9, [0xd2, 0x7, 0xe7, 0xe, 0x3, 0x8, 0x1, 0x8, 0x9, 0x2, 0xfff5, 0x3, 0x1000, 0x8, 0xd, 0x0, 0x8186, 0x3, 0x403, 0xfff, 0x2, 0x3, 0x1, 0x8bb8, 0x1, 0xfff, 0x8, 0x1, 0x7, 0x7fff, 0x208, 0x6, 0x5, 0x51, 0x3, 0x4, 0x4, 0x9, 0x401, 0x5, 0x5, 0x3, 0x2, 0x2, 0xfff8, 0x9, 0x2, 0x1]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) kexec_load(0x0, 0x0, 0x0, 0x160000) mq_open(&(0x7f00005a1ffb)='e\xeeQ\x92o', 0x42, 0x0, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) r3 = syz_open_dev$loop(&(0x7f0000000000), 0x1, 0x8000) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000240)={0x18, 0x0, {0x4, @local, 'vcan0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @remote, 'bridge_slave_1\x00'}}) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f0000000080)=""/179) ioctl$SIOCSIFHWADDR(r1, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100"}) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x4}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000dc0)={0x0, 0x6, 0x1, {0x1, @sliced={0x8, [0x8, 0x100, 0x1, 0xff00, 0x7f, 0xfff, 0x5, 0x9b2, 0x0, 0xe8c4, 0xbc04, 0x5, 0x4, 0xd7b1, 0x0, 0x4, 0x3, 0x4, 0x9, 0x9, 0x2, 0x0, 0x2, 0x2, 0x1, 0x5, 0x0, 0x1, 0x2, 0xa2a, 0x3, 0x4, 0x0, 0xe, 0x1, 0x9d4, 0x7, 0xfff7, 0xa, 0x8, 0x5, 0x9, 0x101, 0x6, 0x6, 0x3ff, 0x2, 0xffff], 0x9}}}) 856.749021ms ago: executing program 3 (id=1861): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) 822.79802ms ago: executing program 2 (id=1862): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, 0x0, 0x0) ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000306113140000000000bf1000000000000025000200091b00003d030000000000008701000000000000bc26000000000000bf67000000000000340300000ee600f0670200001400000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 553.397943ms ago: executing program 3 (id=1863): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r0, r2}, 0x14) socket$inet6(0xa, 0x2, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x18, &(0x7f0000000340)=0x120000, 0x4) sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0xd2, &(0x7f0000000d00)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x9c, 0x11, 0x0, @remote, @mcast2, {[], {0x0, 0xe22, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "9b92fc056f07d114fe3b41c776904545fb44d8e5dc0e57fdbba583dbc1bf026f", "ba38149afe78e80f44a98eddddbf2b6f237458668eb2461a95cd9a215310bae58679f26df35b2d9306a4a2e1dc85e86f", "6ba2c77aea3ef00f0ac8f0e3066b25082e39f5fb07fb432ca8f22890", {"e79710a9e57f1011496e538064796900", "f9d98c0072c691ce00"}}}}}}}}, 0x0) 214.705262ms ago: executing program 2 (id=1864): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0xf) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) socket$inet(0xa, 0x801, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000005100000000000000000a200000000900010073797a300000000014000000100001"], 0x48}}, 0x20050800) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r4, @ANYBLOB="01000000000000000000010000000c000597ff000000000000000c0002000000000000000000040007800c000800000000000000000008000a00000000004400078008000100", @ANYRES32, @ANYBLOB="32000100", @ANYRES32=r5, @ANYBLOB="64800400", @ANYRES32, @ANYBLOB='\b'], 0x90}}, 0x0) 131.391603ms ago: executing program 3 (id=1865): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000700)=@mangle={'mangle\x00', 0x2, 0x6, 0x670, 0x480, 0x480, 0x480, 0xf8, 0x248, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [], 'macvlan1\x00', 'erspan0\x00'}, 0x0, 0xd0, 0xf8, 0x0, {0x7a00000000000000}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, [], [], 'syzkaller0\x00', 'team_slave_1\x00'}, 0x0, 0x118, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@hbh={{0x48}, {0x8, 0x3, 0x0, [0xfff, 0x94, 0x4, 0x17, 0x6, 0x7ff, 0x0, 0x1, 0x0, 0xc, 0x9, 0x200, 0xda, 0x7, 0x7, 0xffff], 0x9}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}}}}, {{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], '\x00', 'dummy0\x00'}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @local, @empty, [], [], [], 0x0, 0x2203}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x7, 0x2, 0x1, 0x2}}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@eui64={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6d0) 0s ago: executing program 3 (id=1866): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000003000000070000000900010073797a300000000068000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000212c0011800a0001006c696d69740000001c0002800c00024000000000000000030c00014000000000000001016c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000400003803c000080080003400000000230"], 0x4dc}, 0x1, 0x0, 0x0, 0x44000}, 0x0) kernel console output (not intermixed with test programs): , bcdDevice= 0.00 [ 396.712801][ T5864] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 396.785891][ T5864] usb 5-1: SerialNumber: syz [ 397.647365][ T25] usb 3-1: USB disconnect, device number 30 [ 397.786732][T10806] openvswitch: netlink: Message has 8 unknown bytes. [ 397.793709][T10806] openvswitch: netlink: Actions may not be safe on all matching packets [ 397.893473][ T5864] usb 5-1: 0:2 : does not exist [ 398.264066][ T5864] usb 5-1: USB disconnect, device number 17 [ 399.413739][T10820] fuse: Unknown parameter '0x0000000000000004' [ 399.496172][ T6055] udevd[6055]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 399.650965][T10825] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1282'. [ 400.219062][T10838] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1284'. [ 400.841154][ T29] audit: type=1400 audit(1735993214.219:1316): avc: denied { write } for pid=10839 comm="syz.2.1285" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 400.858527][ T5866] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 401.820733][ T5866] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 401.835267][ T5866] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 401.848450][ T5866] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 401.983267][ T5866] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.624732][ T5866] usb 4-1: config 0 descriptor?? [ 402.647363][ T5866] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 402.903624][ T8] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 403.006620][ T5864] usb 4-1: USB disconnect, device number 36 [ 403.097985][ T8] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 403.108129][ T8] usb 2-1: New USB device strings: Mfr=223, Product=2, SerialNumber=3 [ 403.137062][ T8] usb 2-1: Product: syz [ 403.141259][ T8] usb 2-1: Manufacturer: syz [ 403.150306][ T8] usb 2-1: SerialNumber: syz [ 403.160711][ T8] usb 2-1: config 0 descriptor?? [ 403.169139][ T8] ch341 2-1:0.0: ch341-uart converter detected [ 403.175898][T10862] fuse: Unknown parameter '0x0000000000000004' [ 403.374448][ T8] usb 2-1: failed to receive control message: -32 [ 403.437055][ T8] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -32 [ 403.449983][ T8] usb 2-1: USB disconnect, device number 40 [ 403.466286][ T8] ch341 2-1:0.0: device disconnected [ 403.554600][T10871] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1294'. [ 403.579161][T10871] netlink: 'syz.3.1294': attribute type 12 has an invalid length. [ 403.599034][ T29] audit: type=1400 audit(1735993216.959:1317): avc: denied { write } for pid=10863 comm="syz.3.1294" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 404.192080][T10873] FAULT_INJECTION: forcing a failure. [ 404.192080][T10873] name failslab, interval 1, probability 0, space 0, times 0 [ 404.204865][T10873] CPU: 0 UID: 0 PID: 10873 Comm: syz.0.1296 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 [ 404.215651][T10873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 404.225717][T10873] Call Trace: [ 404.229001][T10873] [ 404.231933][T10873] dump_stack_lvl+0x16c/0x1f0 [ 404.236630][T10873] should_fail_ex+0x497/0x5b0 [ 404.241320][T10873] ? fs_reclaim_acquire+0xae/0x150 [ 404.246444][T10873] should_failslab+0xc2/0x120 [ 404.251139][T10873] __kmalloc_node_noprof+0xd1/0x510 [ 404.256367][T10873] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 404.261854][T10873] __kvmalloc_node_noprof+0xad/0x1a0 [ 404.267153][T10873] io_uring_setup+0x551/0x3230 [ 404.271939][T10873] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 404.277932][T10873] ? __pfx_io_uring_setup+0x10/0x10 [ 404.283150][T10873] ? __fget_files+0x206/0x3a0 [ 404.287844][T10873] ? ksys_write+0x1ba/0x250 [ 404.292361][T10873] ? __pfx_ksys_write+0x10/0x10 [ 404.297224][T10873] __x64_sys_io_uring_setup+0x98/0x140 [ 404.302703][T10873] do_syscall_64+0xcd/0x250 [ 404.307223][T10873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.313135][T10873] RIP: 0033:0x7fa30d185d29 [ 404.317556][T10873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.337178][T10873] RSP: 002b:00007fa30aff5fc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 404.345611][T10873] RAX: ffffffffffffffda RBX: 00007fa30d375fa0 RCX: 00007fa30d185d29 [ 404.353585][T10873] RDX: 0000000020000340 RSI: 00000000200005c0 RDI: 00000000000072d7 [ 404.361538][T10873] RBP: 00000000200005c0 R08: 0000000000000000 R09: 0000000020000340 [ 404.369491][T10873] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 404.377442][T10873] R13: 00000000200003c0 R14: 00000000000072d7 R15: 0000000020000340 [ 404.385401][T10873] [ 404.388513][ C0] vkms_vblank_simulate: vblank timer overrun [ 405.480593][ T29] audit: type=1400 audit(1735993218.869:1318): avc: denied { listen } for pid=10881 comm="syz.0.1298" lport=36666 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 407.328659][T10896] 9pnet_fd: Insufficient options for proto=fd [ 407.677789][ T29] audit: type=1400 audit(1735993221.059:1319): avc: denied { mounton } for pid=10922 comm="syz.0.1307" path="/276/file0" dev="tmpfs" ino=1487 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 408.645203][ T8] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 409.022016][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 409.046168][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 409.057102][ T8] usb 5-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.00 [ 409.066362][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.076968][ T8] usb 5-1: config 0 descriptor?? [ 409.082461][T10930] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 409.279986][ T25] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 409.331899][T10930] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.342958][T10930] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.378715][ T29] audit: type=1400 audit(1735993222.769:1320): avc: denied { read } for pid=10928 comm="syz.4.1306" path="socket:[27231]" dev="sockfs" ino=27231 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 409.456970][ T25] usb 1-1: Using ep0 maxpacket: 32 [ 409.470979][ T25] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 409.479818][ T25] usb 1-1: config 0 has no interface number 0 [ 409.501928][ T25] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 409.511531][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.520091][ T25] usb 1-1: Product: syz [ 409.524385][ T25] usb 1-1: Manufacturer: syz [ 409.529531][ T25] usb 1-1: SerialNumber: syz [ 409.545114][ T25] usb 1-1: config 0 descriptor?? [ 409.555922][ T25] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 409.585336][ T25] usb 1-1: selecting invalid altsetting 1 [ 409.606384][ T25] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 409.651419][ T25] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 409.662848][T10956] cgroup: Invalid name [ 409.707247][ T25] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 409.717597][ T25] usb 1-1: media controller created [ 409.748390][ T25] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 409.923281][T10960] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1317'. [ 410.052573][ T25] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 410.381001][ T25] usb 1-1: USB disconnect, device number 32 [ 410.774729][ T5864] usb 5-1: USB disconnect, device number 18 [ 410.958176][T10968] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 410.987428][ T29] audit: type=1326 audit(1735993224.359:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10969 comm="syz.3.1321" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7aa5985d29 code=0x80000000 [ 411.072293][T10974] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1320'. [ 411.304816][ T25] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 411.495896][T10978] binder: 10977:10978 ioctl c0306201 20000380 returned -22 [ 411.517267][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 411.525935][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 411.544689][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 411.554193][ T29] audit: type=1400 audit(1735993224.889:1322): avc: denied { write } for pid=10977 comm="syz.4.1323" name="binder1" dev="binder" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 411.765133][ T29] audit: type=1400 audit(1735993224.889:1323): avc: denied { append } for pid=10977 comm="syz.4.1323" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 412.177706][T10984] fuse: Bad value for 'fd' [ 412.191959][ T25] usb 2-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=58.6f [ 412.201081][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.209760][ T25] usb 2-1: Product: syz [ 412.213949][ T25] usb 2-1: Manufacturer: syz [ 412.221424][ T25] usb 2-1: SerialNumber: syz [ 412.221457][ T29] audit: type=1400 audit(1735993224.899:1324): avc: denied { read write } for pid=10977 comm="syz.4.1323" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 412.228192][ T25] usb 2-1: config 0 descriptor?? [ 412.266993][ T25] keyspan 2-1:0.0: Keyspan 1 port adapter converter detected [ 412.274566][ T25] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 87 [ 412.334777][ T29] audit: type=1400 audit(1735993224.899:1325): avc: denied { open } for pid=10977 comm="syz.4.1323" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 412.387794][ T25] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 7 [ 412.422039][ T25] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 81 [ 412.458179][ T25] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 2 [ 412.486480][ T25] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 85 [ 412.505044][ T25] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 5 [ 412.518879][ T25] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 412.594817][ T8] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 412.824768][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 412.835965][ T8] usb 5-1: config 0 has an invalid interface number: 156 but max is 0 [ 412.844222][ T8] usb 5-1: config 0 has no interface number 0 [ 412.850733][ T8] usb 5-1: New USB device found, idVendor=2304, idProduct=0228, bcdDevice=ed.1a [ 412.880567][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.048168][ T8] usb 5-1: config 0 descriptor?? [ 413.409407][ T825] usb 2-1: USB disconnect, device number 41 [ 413.450124][ T825] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 413.482616][ T825] keyspan 2-1:0.0: device disconnected [ 413.495387][T10987] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 413.727473][T10987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 414.034842][T10987] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 414.113206][ T8] dvb-usb: found a 'Pinnacle PCTV DVB-T Flash Stick' in cold state, will try to load a firmware [ 414.207303][ T8] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 414.215448][ T8] dib0700: firmware download failed at 7 with -22 [ 414.225155][ T8] usb 5-1: USB disconnect, device number 19 [ 414.237712][T11005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1330'. [ 414.259943][T11005] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1330'. [ 414.661493][T11012] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1331'. [ 414.717602][T11012] netlink: 24576 bytes leftover after parsing attributes in process `syz.1.1331'. [ 415.142723][ T29] audit: type=1400 audit(1735993228.519:1326): avc: denied { listen } for pid=11018 comm="syz.1.1335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 415.189595][ T29] audit: type=1400 audit(1735993228.579:1327): avc: denied { accept } for pid=11018 comm="syz.1.1335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 415.715776][ T29] audit: type=1400 audit(1735993229.059:1328): avc: denied { append } for pid=11019 comm="syz.4.1338" name="usbmon2" dev="devtmpfs" ino=722 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 416.240672][T11028] 9pnet_fd: Insufficient options for proto=fd [ 416.269609][T11039] tmpfs: Bad value for 'mpol' [ 416.274406][ T29] audit: type=1400 audit(1735993229.659:1329): avc: denied { mounton } for pid=11016 comm="syz.0.1336" path="/syzcgroup/unified/syz0" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1 [ 416.303948][ T29] audit: type=1400 audit(1735993229.659:1330): avc: denied { listen } for pid=11016 comm="syz.0.1336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 416.327451][T11017] XFS (nullb0): Invalid superblock magic number [ 417.135495][T11050] netlink: 472 bytes leftover after parsing attributes in process `syz.3.1342'. [ 417.208227][ T29] audit: type=1400 audit(1735993230.589:1331): avc: denied { bind } for pid=11052 comm="syz.1.1341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 417.306585][ T29] audit: type=1400 audit(1735993230.599:1332): avc: denied { read } for pid=11052 comm="syz.1.1341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 417.454747][ T5864] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 417.664842][ T5864] usb 4-1: Using ep0 maxpacket: 8 [ 417.676052][ T5864] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 417.699164][ T5864] usb 4-1: config 179 has no interface number 0 [ 417.724726][ T5864] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10 [ 417.745615][T11072] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1348'. [ 417.822454][ T5864] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024 [ 417.863448][ T5864] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 417.898997][ T5864] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 417.945616][ T5864] usb 4-1: config 179 interface 65 has no altsetting 0 [ 417.961353][ T5864] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 418.001392][ T5864] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.034104][T11049] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 418.094051][ T5864] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input36 [ 418.173334][ T5175] input input36: unable to receive magic message: -110 [ 418.204568][ T5175] input input36: unable to receive magic message: -32 [ 418.252496][ T5864] usb 4-1: USB disconnect, device number 37 [ 418.258503][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 418.269125][ T5864] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 418.579895][T11087] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1353'. [ 418.675323][T11089] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1354'. [ 418.695314][T11089] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1354'. [ 419.303563][T11106] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 420.029109][T11120] can0: slcan on ttynull. [ 420.098620][T11124] No buffer was provided with the request [ 420.232835][T11120] SELinux: Context system_u:object_r:hald_acl_exec_t:s0 is not valid (left unmapped). [ 420.250228][ T29] audit: type=1400 audit(1735993233.639:1333): avc: denied { relabelto } for pid=11119 comm="syz.2.1364" name="ttynull" dev="devtmpfs" ino=620 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:hald_acl_exec_t:s0" [ 420.278304][ T29] audit: type=1400 audit(1735993233.639:1334): avc: denied { associate } for pid=11119 comm="syz.2.1364" name="ttynull" dev="devtmpfs" ino=620 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 srawcon="system_u:object_r:hald_acl_exec_t:s0" [ 420.306880][ T29] audit: type=1400 audit(1735993233.679:1335): avc: denied { ioctl } for pid=11119 comm="syz.2.1364" path="/dev/ttynull" dev="devtmpfs" ino=620 ioctlcmd=0x5412 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:hald_acl_exec_t:s0" [ 421.217275][ T5866] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 421.265105][T11119] can0 (unregistered): slcan off ttynull. [ 421.343735][T11151] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1366'. [ 421.354010][T11151] netlink: 'syz.0.1366': attribute type 12 has an invalid length. [ 421.400595][ T5866] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 421.485694][ T5866] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 421.600893][ T5866] usb 2-1: New USB device found, idVendor=0582, idProduct=0029, bcdDevice=bb.9d [ 421.669348][ T5866] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.704193][T11136] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 421.737622][ T5866] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 421.894811][ T8] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 421.954291][T11136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 421.968007][T11136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.083349][T11170] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1367'. [ 422.165992][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 422.177116][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 422.194906][ T8] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 422.213526][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.266446][ T8] usb 1-1: config 0 descriptor?? [ 422.281842][ T25] usb 2-1: USB disconnect, device number 42 [ 422.309856][T11173] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1374'. [ 422.525287][ T8] usbhid 1-1:0.0: can't add hid device: -71 [ 422.531343][ T8] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 422.629531][ T8] usb 1-1: USB disconnect, device number 33 [ 422.968392][T11192] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1376'. [ 423.484581][T11197] 9pnet_fd: Insufficient options for proto=fd [ 423.954732][ T8] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 424.048471][T11210] geneve2: entered promiscuous mode [ 424.053868][T11210] geneve2: entered allmulticast mode [ 424.061334][T11210] batman_adv: batadv0: Adding interface: geneve2 [ 424.068021][T11210] batman_adv: batadv0: Interface activated: geneve2 [ 424.224723][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 424.240558][ T8] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 424.248993][ T8] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 424.835191][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 424.844409][ T8] usb 2-1: config 1 has no interface number 0 [ 424.909595][ T8] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 424.921101][ T8] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 424.934290][ T8] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 425.010833][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.201251][ T8] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 425.294888][ T5866] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 425.593910][T11199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 425.644014][T11200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 425.684836][ T5866] usb 3-1: Using ep0 maxpacket: 32 [ 425.707025][ T5866] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 425.751680][T11199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 425.770030][ T5866] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.787689][T11200] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 425.807854][ T5866] usb 3-1: config 0 descriptor?? [ 425.818249][ T8] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 425.828165][ T5866] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 426.004727][ T5864] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 426.391227][T11241] syz.3.1386 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 426.455011][ T5864] usb 1-1: Using ep0 maxpacket: 16 [ 426.484465][ T5864] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 426.545111][ T5866] gspca_nw80x: reg_r err -110 [ 426.550251][ T5866] nw80x 3-1:0.0: probe with driver nw80x failed with error -110 [ 426.561616][T11200] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1379'. [ 426.616598][ T5864] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.648598][ T5864] usb 1-1: Product: syz [ 426.921447][ T5866] snd_usb_pod 2-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 426.931523][ T5864] usb 1-1: Manufacturer: syz [ 427.157054][ T5864] usb 1-1: SerialNumber: syz [ 427.182853][ T5864] usb 1-1: config 0 descriptor?? [ 427.232122][ T25] usb 3-1: USB disconnect, device number 31 [ 427.627302][ T5864] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 427.809726][ T5866] usb 2-1: USB disconnect, device number 43 [ 427.816268][ T5866] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 427.895451][ T5864] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 427.936409][ T5864] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 427.948757][ T5864] usb 1-1: media controller created [ 428.123127][ T5864] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 428.897788][ T5864] zl10353_read_register: readreg error (reg=127, ret==0) [ 428.904941][ T5864] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 428.912878][ T5864] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 429.113067][ T5864] usb 1-1: USB disconnect, device number 34 [ 429.206414][ T5864] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 430.380108][ T29] audit: type=1400 audit(1735993243.769:1336): avc: denied { setopt } for pid=11294 comm="syz.0.1401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 431.274108][ T29] audit: type=1400 audit(1735993244.659:1337): avc: denied { listen } for pid=11301 comm="syz.3.1403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 432.084779][ T5834] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 432.291163][T11313] binder: 11312:11313 ioctl c0306201 20000380 returned -22 [ 432.888150][ T5834] usb 4-1: Using ep0 maxpacket: 16 [ 433.020775][ T5834] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 433.033783][T11325] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1409'. [ 433.062361][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0 [ 433.074732][ T8] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 433.093036][ T5834] usb 4-1: Manufacturer: syz [ 433.105086][ T5834] usb 4-1: config 0 descriptor?? [ 433.248083][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 433.263065][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 433.273227][ T8] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 433.289946][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.316069][T11302] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.318127][T11330] bridge3: entered promiscuous mode [ 433.333410][ T8] usb 3-1: config 0 descriptor?? [ 433.339027][T11302] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 433.359498][T11330] bridge3: entered allmulticast mode [ 433.371132][ T5834] usb 4-1: Cannot retrieve CPort count: 0 [ 433.377080][ T5834] usb 4-1: Cannot retrieve CPort count: -5 [ 433.393045][ T5834] es2_ap_driver 4-1:0.0: probe with driver es2_ap_driver failed with error -5 [ 433.412679][T11333] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1412'. [ 433.444332][T11332] bridge0: port 3(erspan0) entered disabled state [ 433.450982][T11332] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.598304][ T5834] usb 4-1: USB disconnect, device number 38 [ 433.717798][T11333] macsec0: entered promiscuous mode [ 433.752786][ T8] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0 [ 433.766181][ T8] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0 [ 433.793953][ T8] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.000C/input/input37 [ 433.825757][ T8] cm6533_jd 0003:0D8C:0022.000C: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 434.807321][ T29] audit: type=1400 audit(1735993247.619:1338): avc: denied { mount } for pid=11338 comm="syz.4.1415" name="/" dev="ramfs" ino=28844 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 434.843804][ T29] audit: type=1400 audit(1735993248.229:1339): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 435.034761][ T8] usb 3-1: reset high-speed USB device number 32 using dummy_hcd [ 435.529397][ T29] audit: type=1400 audit(1735993248.849:1340): avc: denied { ioctl } for pid=11348 comm="syz.3.1418" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 436.018465][T11355] ebt_limit: overflow, try lower: 0/0 [ 436.843313][T11361] netlink: 'syz.4.1419': attribute type 9 has an invalid length. [ 436.852418][T11361] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1419'. [ 437.344190][T11375] trusted_key: encrypted_key: insufficient parameters specified [ 437.354959][ T29] audit: type=1400 audit(1735993250.749:1341): avc: denied { write } for pid=11372 comm="syz.3.1423" name="wireless" dev="proc" ino=4026533425 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 437.604793][ T8] usb 3-1: device descriptor read/64, error -71 [ 437.844924][ T8] usb 3-1: reset high-speed USB device number 32 using dummy_hcd [ 438.161232][T11379] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1426'. [ 438.524768][ T29] audit: type=1400 audit(1735993251.899:1342): avc: denied { create } for pid=11380 comm="syz.3.1427" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 438.526099][T11382] Invalid source name [ 438.550226][T11382] UBIFS error (pid: 11382): cannot open "/dev/sg0", error -22 [ 438.689146][ T29] audit: type=1400 audit(1735993251.919:1343): avc: denied { mounton } for pid=11380 comm="syz.3.1427" path="/280/file0" dev="tmpfs" ino=1473 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 438.904871][ T8] usb 3-1: device descriptor read/64, error -71 [ 438.918174][T11377] netlink: 24576 bytes leftover after parsing attributes in process `syz.4.1426'. [ 438.967440][T11387] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1428'. [ 439.134939][T11387] netlink: 24576 bytes leftover after parsing attributes in process `syz.1.1428'. [ 439.297545][ T29] audit: type=1400 audit(1735993252.679:1344): avc: denied { unlink } for pid=5833 comm="syz-executor" name="file0" dev="tmpfs" ino=1473 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 439.428938][ T8] usb 3-1: reset high-speed USB device number 32 using dummy_hcd [ 439.500005][ T8] usb 3-1: device descriptor read/8, error -71 [ 439.569194][ T29] audit: type=1326 audit(1735993252.959:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11388 comm="syz.4.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124a985d29 code=0x7ffc0000 [ 439.629333][ T29] audit: type=1326 audit(1735993252.959:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11388 comm="syz.4.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124a985d29 code=0x7ffc0000 [ 439.652884][ C0] vkms_vblank_simulate: vblank timer overrun [ 439.710312][ T29] audit: type=1326 audit(1735993252.959:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11388 comm="syz.4.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f124a985d29 code=0x7ffc0000 [ 439.734152][ C0] vkms_vblank_simulate: vblank timer overrun [ 439.860809][ T8] usb 3-1: reset high-speed USB device number 32 using dummy_hcd [ 440.041764][ T8] usb 3-1: device descriptor read/8, error -71 [ 440.053957][ T29] audit: type=1326 audit(1735993252.959:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11388 comm="syz.4.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124a985d29 code=0x7ffc0000 [ 440.134871][ T29] audit: type=1326 audit(1735993252.959:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11388 comm="syz.4.1429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f124a985d29 code=0x7ffc0000 [ 440.163883][ T5834] usb 3-1: USB disconnect, device number 32 [ 440.235262][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.241729][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.148043][ T5834] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 441.451959][ T29] kauditd_printk_skb: 18 callbacks suppressed [ 441.451976][ T29] audit: type=1400 audit(1735993254.839:1368): avc: denied { listen } for pid=11422 comm="syz.1.1442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 441.993409][T11432] 9pnet_fd: Insufficient options for proto=fd [ 442.172740][T11430] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1441'. [ 442.424987][T11445] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 442.434046][T11445] overlayfs: missing 'lowerdir' [ 442.834786][ T8] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 443.659872][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 443.676624][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 443.718246][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 443.883598][ T8] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 443.917685][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.045546][ T8] usb 2-1: config 0 descriptor?? [ 444.553290][ T8] samsung 0003:0419:0600.000D: unknown main item tag 0x0 [ 444.561637][ T8] samsung 0003:0419:0600.000D: unknown main item tag 0x0 [ 444.584871][ T8] samsung 0003:0419:0600.000D: unknown main item tag 0x0 [ 444.602433][ T8] samsung 0003:0419:0600.000D: unknown main item tag 0x0 [ 444.620200][ T8] samsung 0003:0419:0600.000D: unknown main item tag 0x0 [ 444.648450][ T8] samsung 0003:0419:0600.000D: unknown main item tag 0x0 [ 444.665318][ T8] samsung 0003:0419:0600.000D: unknown main item tag 0x0 [ 444.704024][ T8] samsung 0003:0419:0600.000D: hidraw0: USB HID v0.00 Device [HID 0419:0600] on usb-dummy_hcd.1-1/input0 [ 444.934971][ T29] audit: type=1400 audit(1735993258.319:1369): avc: denied { map } for pid=11462 comm="syz.0.1452" path="socket:[29115]" dev="sockfs" ino=29115 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 445.016075][T11465] FAULT_INJECTION: forcing a failure. [ 445.016075][T11465] name failslab, interval 1, probability 0, space 0, times 0 [ 445.029289][T11465] CPU: 0 UID: 0 PID: 11465 Comm: syz.4.1451 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 [ 445.040064][T11465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 445.050126][T11465] Call Trace: [ 445.053419][T11465] [ 445.056351][T11465] dump_stack_lvl+0x16c/0x1f0 [ 445.061224][T11465] should_fail_ex+0x497/0x5b0 [ 445.066195][T11465] ? fs_reclaim_acquire+0xae/0x150 [ 445.071508][T11465] should_failslab+0xc2/0x120 [ 445.076291][T11465] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 445.082117][T11465] ? __alloc_skb+0x2b1/0x380 [ 445.086729][T11465] __alloc_skb+0x2b1/0x380 [ 445.091258][T11465] ? __pfx___alloc_skb+0x10/0x10 [ 445.096214][T11465] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 445.102472][T11465] netlink_alloc_large_skb+0x69/0x130 [ 445.108038][T11465] netlink_sendmsg+0x689/0xd70 [ 445.112816][T11465] ? __pfx_netlink_sendmsg+0x10/0x10 [ 445.118125][T11465] ____sys_sendmsg+0xaaf/0xc90 [ 445.122983][T11465] ? copy_msghdr_from_user+0x10b/0x160 [ 445.128451][T11465] ? __pfx_____sys_sendmsg+0x10/0x10 [ 445.133792][T11465] ___sys_sendmsg+0x135/0x1e0 [ 445.138499][T11465] ? __pfx____sys_sendmsg+0x10/0x10 [ 445.143732][T11465] ? __pfx_lock_release+0x10/0x10 [ 445.148939][T11465] ? trace_lock_acquire+0x14e/0x1f0 [ 445.154158][T11465] ? __fget_files+0x206/0x3a0 [ 445.158855][T11465] __sys_sendmsg+0x16e/0x220 [ 445.163467][T11465] ? __pfx___sys_sendmsg+0x10/0x10 [ 445.168601][T11465] do_syscall_64+0xcd/0x250 [ 445.173117][T11465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.179024][T11465] RIP: 0033:0x7f124a985d29 [ 445.183439][T11465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 445.203148][T11465] RSP: 002b:00007f124b830038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 445.211603][T11465] RAX: ffffffffffffffda RBX: 00007f124ab76160 RCX: 00007f124a985d29 [ 445.219668][T11465] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000008 [ 445.227646][T11465] RBP: 00007f124b830090 R08: 0000000000000000 R09: 0000000000000000 [ 445.235621][T11465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 445.243594][T11465] R13: 0000000000000000 R14: 00007f124ab76160 R15: 00007ffc807f27b8 [ 445.251756][T11465] [ 445.254880][ C0] vkms_vblank_simulate: vblank timer overrun [ 445.511690][T11468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 445.725490][T11468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 445.824938][ T5834] usb 2-1: USB disconnect, device number 44 [ 446.044943][ T8] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 446.738927][ T8] usb 1-1: device descriptor read/64, error -71 [ 447.898867][ T8] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 448.034802][ T8] usb 1-1: device descriptor read/64, error -71 [ 448.145110][ T8] usb usb1-port1: attempt power cycle [ 448.198265][ T29] audit: type=1400 audit(1735993260.479:1370): avc: denied { write } for pid=11482 comm="syz.4.1460" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 448.198316][ T29] audit: type=1400 audit(1735993260.489:1371): avc: denied { map } for pid=11482 comm="syz.4.1460" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 448.198349][ T29] audit: type=1400 audit(1735993260.489:1372): avc: denied { execute } for pid=11482 comm="syz.4.1460" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 448.402213][ C0] vkms_vblank_simulate: vblank timer overrun [ 448.591174][ T29] audit: type=1400 audit(1735993261.889:1373): avc: denied { setattr } for pid=11482 comm="syz.4.1460" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 449.021023][T11498] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1462'. [ 449.037102][T11498] nbd: socks must be embedded in a SOCK_ITEM attr [ 449.138752][ T8] usb usb1-port1: Cannot enable. Maybe the USB cable is bad? [ 449.504743][ T8] usb 1-1: new low-speed USB device number 38 using dummy_hcd [ 449.582323][ T8] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 449.590701][ T8] usb 1-1: config 0 has no interface number 0 [ 449.597144][ T8] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 449.608234][ T8] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 449.619227][ T8] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 449.628364][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.642354][ T8] usb 1-1: config 0 descriptor?? [ 449.648902][T11500] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 449.786804][ T8] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 450.461108][T11519] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1467'. [ 450.471363][T11500] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 450.477404][T11523] netlink: 'syz.1.1470': attribute type 10 has an invalid length. [ 450.488460][T11523] team0: Device bond0 is up. Set it down before adding it as a team port [ 450.516651][T11500] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 450.653373][ T8] usb 1-1: USB disconnect, device number 38 [ 451.876480][ T5864] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 452.029578][ T5864] usb 3-1: device descriptor read/64, error -71 [ 452.163171][T11542] geneve3: entered promiscuous mode [ 452.425945][T11542] geneve3: entered allmulticast mode [ 452.433062][T11542] batman_adv: batadv0: Adding interface: geneve3 [ 452.445910][T11542] batman_adv: batadv0: The MTU of interface geneve3 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 452.471222][ C0] vkms_vblank_simulate: vblank timer overrun [ 452.499602][T11542] batman_adv: batadv0: Interface activated: geneve3 [ 452.559479][ T29] audit: type=1400 audit(1735993265.949:1374): avc: denied { mounton } for pid=11548 comm="syz.0.1477" path="/311/file0" dev="tmpfs" ino=1672 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 452.592332][ T5864] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 452.734369][T11553] 9pnet_fd: Insufficient options for proto=fd [ 452.754806][ T5864] usb 3-1: device descriptor read/64, error -71 [ 452.875316][ T5864] usb usb3-port1: attempt power cycle [ 452.924806][ T5866] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 452.946241][T11557] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1480'. [ 453.039739][ T29] audit: type=1400 audit(1735993266.429:1375): avc: denied { setopt } for pid=11556 comm="syz.1.1480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 453.084728][ T5866] usb 1-1: Using ep0 maxpacket: 32 [ 453.097275][ T5866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 453.130513][ T5866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 453.150519][ T5866] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 453.213222][ T5866] usb 1-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 453.228592][ T5866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.229569][T11560] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1481'. [ 453.246333][ T5864] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 453.250236][ T5866] usb 1-1: config 0 descriptor?? [ 453.265307][ T5864] usb 3-1: device descriptor read/8, error -71 [ 453.362787][T11560] xt_CT: You must specify a L4 protocol and not use inversions on it [ 453.595289][ T5864] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 453.632583][ T5864] usb 3-1: device descriptor read/8, error -71 [ 453.654894][ T25] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 453.702937][ T5866] hid (null): unknown global tag 0xe [ 453.713864][ T5866] hid (null): global environment stack underflow [ 453.745064][ T5864] usb usb3-port1: unable to enumerate USB device [ 453.782999][ T5866] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.000E/input/input38 [ 453.824898][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 453.833011][ T25] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d [ 453.842617][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.855634][ T25] usb 2-1: Product: syz [ 453.878435][ T5866] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.000E/input/input39 [ 453.884997][ T25] usb 2-1: Manufacturer: syz [ 453.903271][ T25] usb 2-1: SerialNumber: syz [ 453.915236][ T25] usb 2-1: config 0 descriptor?? [ 453.915322][ T5866] kye 0003:0458:5011.000E: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.0-1/input0 [ 454.135361][ T25] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 454.142283][ T25] dvb_usb_af9015 2-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 454.261483][ T25] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 454.299981][ T25] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 454.554918][ T25] usb 2-1: USB disconnect, device number 45 [ 455.325770][ T5866] usb 1-1: reset high-speed USB device number 39 using dummy_hcd [ 455.464717][ T5866] usb 1-1: device descriptor read/64, error -32 [ 455.691570][T11592] FAULT_INJECTION: forcing a failure. [ 455.691570][T11592] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 455.704824][T11592] CPU: 0 UID: 0 PID: 11592 Comm: syz.4.1489 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 [ 455.715575][T11592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 455.725636][T11592] Call Trace: [ 455.728904][T11592] [ 455.731828][T11592] dump_stack_lvl+0x16c/0x1f0 [ 455.736494][T11592] should_fail_ex+0x497/0x5b0 [ 455.741158][T11592] _copy_from_user+0x2e/0xd0 [ 455.745772][T11592] snd_seq_oss_write+0x398/0x7b0 [ 455.750798][T11592] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 455.756339][T11592] ? inode_security+0x101/0x130 [ 455.761272][T11592] ? avc_policy_seqno+0x9/0x20 [ 455.766050][T11592] ? selinux_file_permission+0x11f/0x580 [ 455.771783][T11592] ? __pfx_odev_write+0x10/0x10 [ 455.776742][T11592] odev_write+0x51/0xa0 [ 455.780920][T11592] vfs_write+0x24c/0x1150 [ 455.785342][T11592] ? __fget_files+0x1fc/0x3a0 [ 455.790021][T11592] ? __pfx_lock_release+0x10/0x10 [ 455.795056][T11592] ? __pfx_vfs_write+0x10/0x10 [ 455.799848][T11592] ? lock_acquire+0x2f/0xb0 [ 455.804335][T11592] ? __fget_files+0x40/0x3a0 [ 455.808913][T11592] ? __fget_files+0x206/0x3a0 [ 455.813576][T11592] ksys_write+0x12b/0x250 [ 455.817983][T11592] ? __pfx_ksys_write+0x10/0x10 [ 455.822850][T11592] do_syscall_64+0xcd/0x250 [ 455.827383][T11592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.833275][T11592] RIP: 0033:0x7f124a985d29 [ 455.837704][T11592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 455.857587][T11592] RSP: 002b:00007f124b872038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 455.866009][T11592] RAX: ffffffffffffffda RBX: 00007f124ab75fa0 RCX: 00007f124a985d29 [ 455.874055][T11592] RDX: 000000000000fd85 RSI: 0000000020003180 RDI: 0000000000000003 [ 455.882037][T11592] RBP: 00007f124b872090 R08: 0000000000000000 R09: 0000000000000000 [ 455.890103][T11592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 455.898168][T11592] R13: 0000000000000000 R14: 00007f124ab75fa0 R15: 00007ffc807f27b8 [ 455.906234][T11592] [ 455.909393][ C0] vkms_vblank_simulate: vblank timer overrun [ 455.917599][ T5866] usb 1-1: reset high-speed USB device number 39 using dummy_hcd [ 456.097189][T11596] netlink: 'syz.1.1491': attribute type 10 has an invalid length. [ 456.105349][T11596] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1491'. [ 456.118710][T11596] ipvlan1: entered promiscuous mode [ 456.124046][T11596] ipvlan1: entered allmulticast mode [ 456.129882][T11596] veth0_vlan: entered allmulticast mode [ 456.153520][T11596] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 456.434862][ T5866] usb 1-1: device descriptor read/64, error -32 [ 457.346106][ T29] audit: type=1400 audit(1735993270.249:1376): avc: denied { setopt } for pid=11601 comm="syz.4.1493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 457.399886][T11605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1494'. [ 457.486088][ T5834] usb 1-1: USB disconnect, device number 39 [ 458.806815][ T29] audit: type=1400 audit(1735993272.199:1377): avc: denied { append } for pid=11599 comm="syz.0.1495" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 459.097697][T11628] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 459.114955][ T25] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 459.377286][ T25] usb 1-1: Using ep0 maxpacket: 32 [ 459.807872][ T25] usb 1-1: config 8 has an invalid interface number: 203 but max is 0 [ 459.819005][ T25] usb 1-1: config 8 has no interface number 0 [ 459.827992][ T25] usb 1-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83 [ 459.841204][ T25] usb 1-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024 [ 459.858639][ T25] usb 1-1: config 8 interface 203 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 459.869934][ T25] usb 1-1: config 8 interface 203 has no altsetting 0 [ 459.879829][ T25] usb 1-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 459.889446][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.898350][ T25] usb 1-1: Product: syz [ 459.902634][ T25] usb 1-1: Manufacturer: syz [ 459.907982][ T25] usb 1-1: SerialNumber: syz [ 459.917462][T11640] netlink: 'syz.2.1504': attribute type 4 has an invalid length. [ 460.225422][ T25] usb 1-1: can't set config #8, error -71 [ 460.244152][ T25] usb 1-1: USB disconnect, device number 40 [ 462.034830][ T25] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 462.204972][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 462.439132][ T25] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 462.609197][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.666426][T11674] team0: Device gtp0 is of different type [ 462.685596][ T25] usb 2-1: config 0 descriptor?? [ 462.712862][ T25] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 463.039560][T11682] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1518'. [ 463.242357][T11682] netlink: 24576 bytes leftover after parsing attributes in process `syz.0.1518'. [ 463.268385][ T5866] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 463.428477][ T25] gspca_nw80x: reg_r err -110 [ 463.433335][ T25] nw80x 2-1:0.0: probe with driver nw80x failed with error -110 [ 463.758322][ T5866] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 463.767944][ T5866] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.786163][ T5834] usb 2-1: USB disconnect, device number 46 [ 464.433451][ T5866] usb 5-1: config 0 descriptor?? [ 464.441125][ T5866] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 464.668220][ T2906] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.735125][ T5866] gp8psk: usb in 128 operation failed. [ 464.744256][ T5866] gp8psk: usb in 137 operation failed. [ 464.749827][ T5866] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 464.763300][ T5866] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver) [ 464.772323][ T5866] usb 5-1: media controller created [ 464.789471][ T5866] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 464.814538][ T5866] gp8psk_fe: Frontend attached [ 464.832325][ T5866] usb 5-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 464.842983][ T5866] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 464.881444][ T29] audit: type=1400 audit(1735993278.269:1378): avc: denied { setopt } for pid=11678 comm="syz.4.1517" lport=55042 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 465.908460][ T29] audit: type=1400 audit(1735993279.299:1379): avc: denied { setopt } for pid=11722 comm="syz.3.1530" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 466.673051][ T29] audit: type=1326 audit(1735993280.059:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11730 comm="syz.1.1531" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0afbd85d29 code=0x0 [ 467.087947][ T5866] gp8psk: usb in 138 operation failed. [ 467.093524][ T5866] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected. [ 467.103466][ T5866] gp8psk: found Genpix USB device pID = 203 (hex) [ 467.127684][ T5866] usb 5-1: USB disconnect, device number 20 [ 467.179572][T11739] loop5: detected capacity change from 0 to 7 [ 467.186102][T11739] buffer_io_error: 4 callbacks suppressed [ 467.186117][T11739] Buffer I/O error on dev loop5, logical block 0, async page read [ 467.200203][T11739] Buffer I/O error on dev loop5, logical block 0, async page read [ 467.208216][T11739] Buffer I/O error on dev loop5, logical block 0, async page read [ 467.216340][T11739] Buffer I/O error on dev loop5, logical block 0, async page read [ 467.224445][T11739] Buffer I/O error on dev loop5, logical block 0, async page read [ 467.232667][T11739] Buffer I/O error on dev loop5, logical block 0, async page read [ 467.240727][T11739] Buffer I/O error on dev loop5, logical block 0, async page read [ 467.248851][T11739] ldm_validate_partition_table(): Disk read failed. [ 467.255717][T11739] Buffer I/O error on dev loop5, logical block 0, async page read [ 467.263764][T11739] Buffer I/O error on dev loop5, logical block 0, async page read [ 467.272185][T11739] Buffer I/O error on dev loop5, logical block 0, async page read [ 467.280583][T11739] Dev loop5: unable to read RDB block 0 [ 467.286685][T11739] loop5: unable to read partition table [ 467.293225][T11739] loop5: partition table beyond EOD, truncated [ 467.299676][T11739] loop_reread_partitions: partition scan of loop5 (被xڬdƤݡ [ 467.299676][T11739] ) failed (rc=-5) [ 468.592761][ T5866] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected. [ 470.446654][T11774] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 470.659158][T11778] binder: 11777:11778 ioctl c0306201 20000380 returned -22 [ 473.327199][ T29] audit: type=1400 audit(1735993286.629:1381): avc: denied { setopt } for pid=11788 comm="syz.3.1550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 473.686177][T11804] autofs: Bad value for 'fd' [ 473.793253][T11804] nfs: Unknown parameter './file1' [ 473.793253][T11805] nfs: Unknown parameter './file1' [ 473.856518][T11810] delete_channel: no stack [ 473.861722][T11810] delete_channel: no stack [ 473.866761][ T5867] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 473.878282][T11811] delete_channel: no stack [ 473.882882][T11811] delete_channel: no stack [ 474.024834][ T5867] usb 5-1: Using ep0 maxpacket: 32 [ 474.031226][ T5867] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 474.044742][ T5866] usb 2-1: new full-speed USB device number 47 using dummy_hcd [ 474.059945][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.086173][ T5867] usb 5-1: config 0 descriptor?? [ 474.101264][ T5867] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 474.307140][T11818] binder: 11817:11818 ioctl c0306201 20000380 returned -22 [ 474.325823][ T5866] usb 2-1: config 0 has an invalid interface number: 138 but max is 0 [ 474.334044][ T5866] usb 2-1: config 0 has no interface number 0 [ 474.341277][ T5866] usb 2-1: config 0 interface 138 altsetting 0 has an endpoint descriptor with address 0x61, changing to 0x1 [ 474.355681][ T5866] usb 2-1: config 0 interface 138 altsetting 0 has an endpoint descriptor with address 0x97, changing to 0x87 [ 474.371567][ T5866] usb 2-1: config 0 interface 138 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 474.384594][ T5866] usb 2-1: config 0 interface 138 altsetting 0 endpoint 0x87 has invalid wMaxPacketSize 0 [ 474.398363][ T5866] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice= f.66 [ 474.409970][ T5866] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.423567][ T5866] usb 2-1: config 0 descriptor?? [ 474.639472][ T5866] usb 2-1: string descriptor 0 read error: -71 [ 474.693676][ T5866] usbtest 2-1:0.138: Linux gadget zero [ 474.702113][ T5866] usbtest 2-1:0.138: full-speed {control in/out bulk-out int-in} tests (+alt) [ 474.724589][ T5866] usb 2-1: USB disconnect, device number 47 [ 474.739346][ T5867] gspca_nw80x: reg_r err -71 [ 474.744086][ T5867] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 474.815081][ T5867] usb 5-1: USB disconnect, device number 21 [ 474.956813][T11822] netlink: 'syz.0.1561': attribute type 9 has an invalid length. [ 476.620509][T11837] tipc: Started in network mode [ 476.625521][T11837] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 476.634416][T11837] tipc: Enabling of bearer rejected, failed to enable media [ 476.851198][ T29] audit: type=1400 audit(1735993290.239:1382): avc: denied { ioctl } for pid=11843 comm="syz.0.1567" path="socket:[31761]" dev="sockfs" ino=31761 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 476.876172][ C1] vkms_vblank_simulate: vblank timer overrun [ 477.926694][T11846] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1568'. [ 478.927013][T11846] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1568'. [ 481.681831][T11889] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1572'. [ 482.765329][T11901] 9pnet_fd: Insufficient options for proto=fd [ 485.613528][T11926] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1583'. [ 486.569017][T11942] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1592'. [ 486.830721][T11946] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1595'. [ 487.240197][T11952] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1598'. [ 487.452738][T11956] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 487.496351][ T8] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 487.515879][T11956] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11956 comm=syz.4.1600 [ 487.634773][ T8] usb 2-1: device descriptor read/64, error -71 [ 487.680363][ T29] audit: type=1400 audit(1735993301.069:1383): avc: denied { bind } for pid=11958 comm="syz.4.1602" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 487.921665][ T8] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 488.085661][ T8] usb 2-1: device descriptor read/64, error -71 [ 488.195227][ T8] usb usb2-port1: attempt power cycle [ 488.464809][ T5867] usb 5-1: new low-speed USB device number 22 using dummy_hcd [ 488.564799][T11977] netlink: 'syz.2.1607': attribute type 1 has an invalid length. [ 488.644179][ T5866] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 488.651923][ T8] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 488.731342][ T5867] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 488.742974][ T8] usb 2-1: device descriptor read/8, error -71 [ 488.750077][ T5867] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 488.793657][T11977] bond1: entered promiscuous mode [ 488.799260][T11977] bond1: entered allmulticast mode [ 488.824868][ T5867] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 488.828523][T11979] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 488.863267][T11979] bond1: (slave batadv1): making interface the new active one [ 488.871068][T11979] batadv1: entered promiscuous mode [ 488.878062][T11979] batadv1: entered allmulticast mode [ 488.890187][T11979] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 488.945836][ T5867] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 26984, setting to 8 [ 488.956830][ T5867] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 488.966061][ T5866] usb 4-1: Using ep0 maxpacket: 8 [ 488.974944][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.988258][ T5866] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 489.008938][T11968] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 489.018201][ T5866] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.038932][ T5866] usb 4-1: Product: syz [ 489.043195][ T5866] usb 4-1: Manufacturer: syz [ 489.055767][ T5867] hub 5-1:1.0: bad descriptor, ignoring hub [ 489.061719][ T5867] hub 5-1:1.0: probe with driver hub failed with error -5 [ 489.074717][ T8] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 489.089243][ T5866] usb 4-1: SerialNumber: syz [ 489.097078][ T5866] usb 4-1: config 0 descriptor?? [ 489.104692][ T5867] cdc_wdm 5-1:1.0: skipping garbage [ 489.112005][ T5866] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 489.118843][ T8] usb 2-1: device descriptor read/8, error -71 [ 489.129493][ T5867] cdc_wdm 5-1:1.0: skipping garbage [ 489.138684][ T5867] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 489.244919][ T8] usb usb2-port1: unable to enumerate USB device [ 489.321850][ T5129] Bluetooth: hci5: sending frame failed (-49) [ 489.331238][ T5823] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 489.342063][T11968] raw_sendmsg: syz.4.1604 forgot to set AF_INET. Fix it! [ 489.683040][ T5864] usb 5-1: USB disconnect, device number 22 [ 490.479927][T11973] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 490.751204][T11994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.785050][T11993] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1611'. [ 490.851392][T11994] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.962367][ T5866] gspca_sonixj: reg_w1 err -71 [ 491.204907][ T5866] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 491.238177][ T5866] usb 4-1: USB disconnect, device number 39 [ 492.196698][ T5864] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 492.843803][T12023] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1617'. [ 492.854087][ T5864] usb 1-1: Using ep0 maxpacket: 16 [ 492.895450][T12031] IPVS: set_ctl: invalid protocol: 103 172.20.20.66:20003 [ 493.052948][ T29] audit: type=1400 audit(1735993306.439:1384): avc: denied { write } for pid=12029 comm="syz.1.1622" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 493.831954][ T5864] usb 1-1: config 0 interface 0 has no altsetting 0 [ 493.838826][ T5864] usb 1-1: New USB device found, idVendor=056a, idProduct=0015, bcdDevice= 0.00 [ 493.847947][ T5864] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.880675][ T5864] usb 1-1: config 0 descriptor?? [ 494.378676][T12042] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 494.536664][ T5864] usb 1-1: can't set config #0, error -71 [ 494.575275][ T5864] usb 1-1: USB disconnect, device number 41 [ 494.607554][T12052] netlink: 11 bytes leftover after parsing attributes in process `syz.3.1628'. [ 494.735353][ T5867] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 494.945341][ T5866] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 495.207087][ T5867] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 495.217405][ T5867] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 495.226530][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.236690][ T5864] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 495.238179][ T5867] usb 2-1: config 0 descriptor?? [ 495.253638][ T5867] pwc: Askey VC010 type 2 USB webcam detected. [ 495.324715][ T5866] usb 4-1: Using ep0 maxpacket: 8 [ 495.419933][ T5866] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d [ 495.429141][ T5866] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.439032][ T5866] usb 4-1: Product: syz [ 495.443219][ T5866] usb 4-1: Manufacturer: syz [ 495.447878][ T5866] usb 4-1: SerialNumber: syz [ 495.455662][ T5864] usb 3-1: Using ep0 maxpacket: 16 [ 495.462302][ T5864] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 495.464535][ T5866] usb 4-1: config 0 descriptor?? [ 495.473909][ T5864] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 495.494752][ T5864] usb 3-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00 [ 495.504006][ T5864] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.553150][ T5864] usb 3-1: config 0 descriptor?? [ 495.902869][ T5866] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 495.904104][T12048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 495.913103][ T5866] dvb_usb_af9015 4-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 495.926602][T12048] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 495.933343][ T5866] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 495.936588][T12065] 9pnet_fd: Insufficient options for proto=fd [ 495.960913][ T5866] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 495.969853][T12048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 495.976037][ T5866] usb 4-1: USB disconnect, device number 40 [ 496.143262][T12048] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 496.178291][ T5864] logitech-djreceiver 0003:046D:C52B.000F: unknown main item tag 0x0 [ 496.198349][ T5864] logitech-djreceiver 0003:046D:C52B.000F: unknown main item tag 0x0 [ 496.211870][ T5864] logitech-djreceiver 0003:046D:C52B.000F: item fetching failed at offset 2/5 [ 496.221521][ T5864] logitech-djreceiver 0003:046D:C52B.000F: logi_dj_probe: parse failed [ 496.230140][ T5864] logitech-djreceiver 0003:046D:C52B.000F: probe with driver logitech-djreceiver failed with error -22 [ 496.443919][ T5867] pwc: recv_control_msg error -71 req 02 val 2700 [ 496.451700][ T5867] pwc: recv_control_msg error -71 req 02 val 2c00 [ 496.519710][ T29] audit: type=1400 audit(1735993309.899:1385): avc: denied { lock } for pid=12057 comm="syz.2.1631" path="socket:[32014]" dev="sockfs" ino=32014 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 496.525138][ T57] usb 3-1: USB disconnect, device number 38 [ 496.566005][ T5867] pwc: recv_control_msg error -71 req 04 val 1000 [ 496.694950][ T5864] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 496.695360][ T5867] pwc: recv_control_msg error -71 req 04 val 1300 [ 496.777352][ T5867] pwc: recv_control_msg error -71 req 04 val 1400 [ 496.784229][ T5867] pwc: recv_control_msg error -71 req 02 val 2000 [ 496.794077][ T5867] pwc: recv_control_msg error -71 req 02 val 2100 [ 496.804538][ T5867] pwc: recv_control_msg error -71 req 04 val 1500 [ 496.815543][ T5867] pwc: recv_control_msg error -71 req 02 val 2500 [ 496.829787][ T5867] pwc: recv_control_msg error -71 req 02 val 2400 [ 496.836718][ T5867] pwc: recv_control_msg error -71 req 02 val 2600 [ 496.846328][ T5867] pwc: recv_control_msg error -71 req 02 val 2900 [ 496.857653][ T5864] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 496.875634][ T5867] pwc: recv_control_msg error -71 req 02 val 2800 [ 496.878857][ T5864] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 496.902218][ T5864] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 496.902218][ T5867] pwc: recv_control_msg error -71 req 04 val 1100 [ 496.902562][ T5867] pwc: recv_control_msg error -71 req 04 val 1200 [ 496.914588][ T5864] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.937309][ T5864] usb 1-1: config 0 descriptor?? [ 496.955088][ T5867] pwc: Registered as video103. [ 496.960910][ T5867] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input40 [ 496.991887][ T5867] usb 2-1: USB disconnect, device number 52 [ 497.157593][T12076] FAULT_INJECTION: forcing a failure. [ 497.157593][T12076] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 497.185021][T12076] CPU: 1 UID: 0 PID: 12076 Comm: syz.1.1637 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 [ 497.195826][T12076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 497.205910][T12076] Call Trace: [ 497.209283][T12076] [ 497.212220][T12076] dump_stack_lvl+0x16c/0x1f0 [ 497.216921][T12076] should_fail_ex+0x497/0x5b0 [ 497.221610][T12076] _copy_to_user+0x32/0xd0 [ 497.226051][T12076] simple_read_from_buffer+0xd0/0x160 [ 497.231429][T12076] proc_fail_nth_read+0x198/0x270 [ 497.236457][T12076] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 497.242004][T12076] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 497.247546][T12076] vfs_read+0x1df/0xbe0 [ 497.251697][T12076] ? __fget_files+0x1fc/0x3a0 [ 497.256373][T12076] ? __pfx___mutex_lock+0x10/0x10 [ 497.261399][T12076] ? __pfx_vfs_read+0x10/0x10 [ 497.266078][T12076] ? __fget_files+0x206/0x3a0 [ 497.270790][T12076] ksys_read+0x12b/0x250 [ 497.275026][T12076] ? __pfx_ksys_read+0x10/0x10 [ 497.280050][T12076] do_syscall_64+0xcd/0x250 [ 497.284558][T12076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.290453][T12076] RIP: 0033:0x7f0afbd8473c [ 497.294862][T12076] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 497.314471][T12076] RSP: 002b:00007f0afcbf4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 497.322883][T12076] RAX: ffffffffffffffda RBX: 00007f0afbf75fa0 RCX: 00007f0afbd8473c [ 497.330861][T12076] RDX: 000000000000000f RSI: 00007f0afcbf40a0 RDI: 0000000000000006 [ 497.338829][T12076] RBP: 00007f0afcbf4090 R08: 0000000000000000 R09: 0000000000000000 [ 497.346791][T12076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 497.354755][T12076] R13: 0000000000000000 R14: 00007f0afbf75fa0 R15: 00007ffc9dc892d8 [ 497.362735][T12076] [ 497.410352][T12081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 497.419192][T12081] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 497.427365][ T29] audit: type=1400 audit(1735993310.819:1386): avc: denied { write } for pid=12068 comm="syz.0.1635" path="socket:[32027]" dev="sockfs" ino=32027 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 499.302496][ T5864] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0010/input/input41 [ 499.426898][T12108] 9pnet_fd: Insufficient options for proto=fd [ 499.441040][ T5864] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0010/input/input42 [ 499.474708][ T5864] uclogic 0003:256C:006D.0010: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 499.553873][T12069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 499.570909][T12069] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 499.680847][T12114] netlink: 'syz.2.1647': attribute type 1 has an invalid length. [ 499.688778][T12114] netlink: 105116 bytes leftover after parsing attributes in process `syz.2.1647'. [ 500.300434][ T8] usb 1-1: USB disconnect, device number 42 [ 500.836794][T12124] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1649'. [ 501.620831][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.627482][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.995853][T12157] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1659'. [ 502.234735][ T57] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 502.496454][T12195] binder: 12188:12195 ioctl c0306201 20000380 returned -22 [ 502.851975][ T57] usb 5-1: config 0 has an invalid interface number: 106 but max is 0 [ 502.876295][ T57] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 502.939519][ T57] usb 5-1: config 0 has no interface number 0 [ 502.989464][ T57] usb 5-1: config 0 interface 106 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 503.027699][ T57] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 503.037325][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.303218][ T57] usb 5-1: config 0 descriptor?? [ 503.329915][T12212] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1665'. [ 503.370934][ T57] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 504.605924][ T1153] usb 5-1: Failed to submit usb control message: -110 [ 504.613223][ T1153] usb 5-1: unable to send the bmi data to the device: -110 [ 504.621124][ T1153] usb 5-1: unable to get target info from device [ 504.628047][ T1153] usb 5-1: could not get target info (-110) [ 504.633973][ T1153] usb 5-1: could not probe fw (-110) [ 505.208659][ T57] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 505.250001][T12256] syzkaller1: entered promiscuous mode [ 505.255851][T12256] syzkaller1: entered allmulticast mode [ 505.552204][ T57] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 505.564350][ T57] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 505.636628][ T57] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 505.827508][ T57] usb 2-1: config 0 interface 0 has no altsetting 0 [ 505.873678][ T5866] usb 5-1: USB disconnect, device number 23 [ 505.951520][ T57] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 505.971360][ T57] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 506.065387][ T57] usb 2-1: config 0 interface 0 has no altsetting 0 [ 506.090105][ T57] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 506.099340][ T57] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 506.120701][ T57] usb 2-1: config 0 interface 0 has no altsetting 0 [ 506.128563][ T57] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 506.140518][ T57] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 506.157328][ T57] usb 2-1: config 0 interface 0 has no altsetting 0 [ 506.171893][T12264] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1678'. [ 506.187599][ T57] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 506.196989][ T57] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 506.216288][T12264] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1678'. [ 506.226296][ T57] usb 2-1: config 0 interface 0 has no altsetting 0 [ 506.237074][ T57] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 506.247611][ T57] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 506.287461][ T57] usb 2-1: config 0 interface 0 has no altsetting 0 [ 506.337922][ T57] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 506.392827][ T57] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 506.460353][ T57] usb 2-1: config 0 interface 0 has no altsetting 0 [ 506.505230][ T57] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 506.558092][ T57] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 506.579538][T12267] netlink: 'syz.3.1679': attribute type 1 has an invalid length. [ 506.586940][ T57] usb 2-1: config 0 interface 0 has no altsetting 0 [ 506.902781][ T57] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 506.912675][ T57] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 506.923788][ T57] usb 2-1: Product: syz [ 506.929759][ T57] usb 2-1: Manufacturer: syz [ 507.017388][T12267] bond1: entered promiscuous mode [ 507.022478][T12267] bond1: entered allmulticast mode [ 507.038249][ T57] usb 2-1: SerialNumber: syz [ 507.054794][ T57] usb 2-1: config 0 descriptor?? [ 507.132200][ T57] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 507.482351][T12266] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 507.490310][T12266] bond1: (slave batadv2): making interface the new active one [ 507.497888][T12266] batadv2: entered promiscuous mode [ 507.503150][T12266] batadv2: entered allmulticast mode [ 507.509077][T12266] bond1: (slave batadv2): Enslaving as an active interface with an up link [ 507.584795][ T57] usb 5-1: new low-speed USB device number 24 using dummy_hcd [ 507.736558][ T8] usb 2-1: USB disconnect, device number 53 [ 507.736903][ T57] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 507.752839][ T8] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 507.797743][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 507.831369][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 507.834168][T12287] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1685'. [ 507.884989][T12288] tipc: Enabling of bearer rejected, failed to enable media [ 507.897494][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 507.923600][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 507.953080][ T57] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 507.962574][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 507.986447][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 508.008795][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 508.034741][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 508.046631][ T57] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 508.054060][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 508.065568][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 508.078134][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 508.105626][ T57] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 508.133445][ T57] usb 5-1: string descriptor 0 read error: -22 [ 508.160717][T12300] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1690'. [ 508.162108][ T57] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 508.210898][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.250767][ T57] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 508.378096][T12304] FAULT_INJECTION: forcing a failure. [ 508.378096][T12304] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 508.399037][T12304] CPU: 0 UID: 0 PID: 12304 Comm: syz.0.1691 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 [ 508.410012][T12304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 508.420067][T12304] Call Trace: [ 508.423335][T12304] [ 508.426251][T12304] dump_stack_lvl+0x16c/0x1f0 [ 508.430931][T12304] should_fail_ex+0x497/0x5b0 [ 508.435602][T12304] _copy_from_iter+0x2a1/0x1560 [ 508.440443][T12304] ? find_held_lock+0x2d/0x110 [ 508.445201][T12304] ? __pfx__copy_from_iter+0x10/0x10 [ 508.449566][T12275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 508.450469][T12304] ? rawv6_sendmsg+0xa25/0x4440 [ 508.463613][T12304] ? __pfx_lock_release+0x10/0x10 [ 508.468629][T12304] ? trace_lock_acquire+0x14e/0x1f0 [ 508.473822][T12304] rawv6_sendmsg+0x2362/0x4440 [ 508.478599][T12304] ? avc_has_perm_noaudit+0x119/0x3a0 [ 508.483966][T12304] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 508.489062][T12304] ? avc_has_perm_noaudit+0x143/0x3a0 [ 508.494442][T12304] ? avc_has_perm+0x11b/0x1c0 [ 508.499110][T12304] ? __pfx_avc_has_perm+0x10/0x10 [ 508.504137][T12304] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 508.509237][T12304] ? inet_sendmsg+0x119/0x140 [ 508.513924][T12304] inet_sendmsg+0x119/0x140 [ 508.518446][T12304] __sys_sendto+0x42a/0x4f0 [ 508.522943][T12304] ? __pfx___sys_sendto+0x10/0x10 [ 508.527981][T12304] ? ksys_write+0x1ba/0x250 [ 508.532472][T12304] ? __pfx_ksys_write+0x10/0x10 [ 508.537313][T12304] __x64_sys_sendto+0xe0/0x1c0 [ 508.542066][T12304] ? do_syscall_64+0x91/0x250 [ 508.546758][T12304] ? lockdep_hardirqs_on+0x7c/0x110 [ 508.551943][T12304] do_syscall_64+0xcd/0x250 [ 508.556444][T12304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.562326][T12304] RIP: 0033:0x7fa30d185d29 [ 508.566727][T12304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.586323][T12304] RSP: 002b:00007fa30afd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 508.594736][T12304] RAX: ffffffffffffffda RBX: 00007fa30d376080 RCX: 00007fa30d185d29 [ 508.602692][T12304] RDX: 0000000000000004 RSI: 0000000020000040 RDI: 0000000000000005 [ 508.610654][T12304] RBP: 00007fa30afd5090 R08: 0000000000000000 R09: 0000000000000000 [ 508.618611][T12304] R10: 0000000000003b00 R11: 0000000000000246 R12: 0000000000000001 [ 508.626563][T12304] R13: 0000000000000000 R14: 00007fa30d376080 R15: 00007ffe78d2ccc8 [ 508.634547][T12304] [ 508.640121][ T8] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 508.652362][T12306] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1692'. [ 508.658167][T12275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 508.733798][T12275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 508.750631][T12275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 508.861807][T12275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 508.905043][T12275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 508.954970][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 508.995927][T12275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.163650][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 509.177367][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 509.318631][ T8] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 509.393982][T12275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.430191][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.538861][ T8] usb 2-1: config 0 descriptor?? [ 509.684470][T12314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1694'. [ 509.835168][T12275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.866695][T12275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 510.299404][ T57] usb 5-1: USB disconnect, device number 24 [ 510.476010][ T8] microsoft 0003:045E:07DA.0011: ignoring exceeding usage max [ 510.499417][ T8] microsoft 0003:045E:07DA.0011: No inputs registered, leaving [ 510.618185][ T8] microsoft 0003:045E:07DA.0011: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 510.635662][ T8] microsoft 0003:045E:07DA.0011: no inputs found [ 510.642046][ T8] microsoft 0003:045E:07DA.0011: could not initialize ff, continuing anyway [ 510.701007][ T8] usb 2-1: USB disconnect, device number 54 [ 510.809647][T12325] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1698'. [ 510.899293][ T29] audit: type=1400 audit(1735993324.289:1387): avc: denied { search } for pid=12323 comm="syz.3.1698" name="/" dev="configfs" ino=1135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 510.921563][ C1] vkms_vblank_simulate: vblank timer overrun [ 511.034712][ T29] audit: type=1400 audit(1735993324.319:1388): avc: denied { write } for pid=12323 comm="syz.3.1698" name="/" dev="configfs" ino=1135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 511.056930][ C1] vkms_vblank_simulate: vblank timer overrun [ 511.077980][ T29] audit: type=1400 audit(1735993324.319:1389): avc: denied { add_name } for pid=12323 comm="syz.3.1698" name="memory.events" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 511.102175][ T29] audit: type=1400 audit(1735993324.329:1390): avc: denied { create } for pid=12323 comm="syz.3.1698" name="memory.events" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:configfs_t tclass=file permissive=1 [ 511.123141][ C1] vkms_vblank_simulate: vblank timer overrun [ 511.804865][ T5864] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 511.964806][ T5864] usb 4-1: Using ep0 maxpacket: 32 [ 511.983919][ T5864] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 512.024072][ T5864] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 512.044980][ T5864] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 512.072035][ T5864] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 512.093547][ T5864] usb 4-1: config 0 descriptor?? [ 512.151749][T12354] libceph: resolve '. [ 512.151749][T12354] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 512.151749][T12354] ' (ret=-3): failed [ 512.265465][ T29] audit: type=1400 audit(1735993325.649:1391): avc: denied { mount } for pid=12353 comm="syz.2.1709" name="/" dev="9p" ino=17889801302421081418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 512.432124][ T29] audit: type=1400 audit(1735993325.819:1392): avc: denied { unmount } for pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 514.798388][T12372] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1714'. [ 514.908758][ T57] usb 4-1: USB disconnect, device number 41 [ 515.213455][T12372] netlink: 24576 bytes leftover after parsing attributes in process `syz.1.1714'. [ 515.295852][T12383] netlink: 'syz.0.1716': attribute type 1 has an invalid length. [ 515.382824][T12383] bond3: entered promiscuous mode [ 515.428546][T12383] bond3: entered allmulticast mode [ 515.759827][T12398] netlink: 'syz.3.1721': attribute type 1 has an invalid length. [ 515.787026][T12393] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 515.903435][T12393] bond3: (slave batadv1): making interface the new active one [ 515.911601][T12393] batadv1: entered promiscuous mode [ 515.926587][T12393] batadv1: entered allmulticast mode [ 515.935890][T12393] bond3: (slave batadv1): Enslaving as an active interface with an up link [ 515.965117][T12398] bond2: entered promiscuous mode [ 515.971485][T12398] bond2: entered allmulticast mode [ 515.984751][ T29] audit: type=1400 audit(1735993329.349:1393): avc: denied { wake_alarm } for pid=12399 comm="syz.1.1722" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 516.018501][T12396] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 516.048274][T12396] bond2: (slave batadv3): making interface the new active one [ 516.065588][T12396] batadv3: entered promiscuous mode [ 516.089095][T12396] batadv3: entered allmulticast mode [ 516.104941][T12396] bond2: (slave batadv3): Enslaving as an active interface with an up link [ 516.116511][T12402] netlink: 11 bytes leftover after parsing attributes in process `syz.4.1723'. [ 516.219726][T12411] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1724'. [ 516.465614][ T57] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 516.644735][ T57] usb 1-1: Using ep0 maxpacket: 8 [ 516.652993][ T57] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d [ 516.662960][ T57] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.674765][ T57] usb 1-1: Product: syz [ 516.679229][ T57] usb 1-1: Manufacturer: syz [ 516.684534][ T57] usb 1-1: SerialNumber: syz [ 516.737020][ T57] usb 1-1: config 0 descriptor?? [ 516.874824][ T5866] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 517.199175][ T57] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 517.206252][ T57] dvb_usb_af9015 1-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 517.223987][ T5866] usb 5-1: Using ep0 maxpacket: 8 [ 517.241178][ T57] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 517.250709][ T5866] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d [ 517.270484][ T57] dvb_usb_af9035 1-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 517.275170][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.309455][ T5866] usb 5-1: Product: syz [ 517.313922][ T5866] usb 5-1: Manufacturer: syz [ 517.321340][ T5866] usb 5-1: SerialNumber: syz [ 517.333314][ T5866] usb 5-1: config 0 descriptor?? [ 517.642011][ T57] usb 1-1: USB disconnect, device number 43 [ 517.989105][ T5866] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 518.547791][ T5866] dvb_usb_af9015 5-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 518.558122][ T5866] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 518.564561][ T5866] dvb_usb_af9035 5-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 518.597885][ T5866] usb 5-1: USB disconnect, device number 25 [ 519.055842][T12450] binder: 12449:12450 ioctl c0306201 20000380 returned -22 [ 519.624722][T12453] netlink: 'syz.0.1734': attribute type 10 has an invalid length. [ 519.633794][T12453] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1734'. [ 519.662129][T12453] ipvlan1: entered promiscuous mode [ 519.667889][T12453] ipvlan1: entered allmulticast mode [ 519.670582][T12454] input: syz0 as /devices/virtual/input/input44 [ 519.673317][T12453] veth0_vlan: entered allmulticast mode [ 519.788917][T12462] FAULT_INJECTION: forcing a failure. [ 519.788917][T12462] name failslab, interval 1, probability 0, space 0, times 0 [ 519.844789][T12462] CPU: 0 UID: 0 PID: 12462 Comm: syz.3.1738 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 [ 519.855595][T12462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 519.865756][T12462] Call Trace: [ 519.869040][T12462] [ 519.871978][T12462] dump_stack_lvl+0x16c/0x1f0 [ 519.876692][T12462] should_fail_ex+0x497/0x5b0 [ 519.881415][T12462] ? fs_reclaim_acquire+0xae/0x150 [ 519.886564][T12462] should_failslab+0xc2/0x120 [ 519.891275][T12462] __kmalloc_cache_noprof+0x68/0x410 [ 519.896592][T12462] io_sq_offload_create+0x4d5/0x13c0 [ 519.901901][T12462] ? __pfx_io_sq_offload_create+0x10/0x10 [ 519.907640][T12462] ? io_pages_map+0x1db/0x520 [ 519.912340][T12462] io_uring_setup+0x17df/0x3230 [ 519.917225][T12462] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 519.923230][T12462] ? __pfx_io_uring_setup+0x10/0x10 [ 519.928451][T12462] ? __fget_files+0x206/0x3a0 [ 519.933144][T12462] ? ksys_write+0x1ba/0x250 [ 519.937664][T12462] ? __pfx_ksys_write+0x10/0x10 [ 519.942530][T12462] __x64_sys_io_uring_setup+0x98/0x140 [ 519.948015][T12462] do_syscall_64+0xcd/0x250 [ 519.952548][T12462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.958460][T12462] RIP: 0033:0x7f7aa5985d29 [ 519.962884][T12462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 519.982506][T12462] RSP: 002b:00007f7aa66dcfc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 519.990926][T12462] RAX: ffffffffffffffda RBX: 00007f7aa5b76080 RCX: 00007f7aa5985d29 [ 519.998891][T12462] RDX: 0000000020000340 RSI: 00000000200005c0 RDI: 00000000000072d7 [ 520.006874][T12462] RBP: 00000000200005c0 R08: 0000000000000000 R09: 0000000020000340 [ 520.014841][T12462] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 520.022807][T12462] R13: 00000000200003c0 R14: 00000000000072d7 R15: 0000000020000340 [ 520.030786][T12462] [ 520.095604][T12453] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 520.131222][T12464] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1741'. [ 520.140481][T12464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1741'. [ 522.140323][T12490] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1748'. [ 523.742292][T12538] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1751'. [ 523.973479][T12546] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1753'. [ 524.694725][ T57] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 524.877131][ T57] usb 2-1: Using ep0 maxpacket: 16 [ 524.945895][ T57] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 524.957333][ T57] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 524.972362][T12551] nbd4: detected capacity change from 0 to 12 [ 524.987516][ T57] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 525.009035][ T6055] block nbd4: Send control failed (result -89) [ 525.016366][ T57] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.028184][ T6055] block nbd4: Request send failed, requeueing [ 525.039055][ T57] usb 2-1: config 0 descriptor?? [ 525.043505][T12550] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1755'. [ 525.051643][ T5823] block nbd4: Receive control failed (result -32) [ 525.073393][T12550] nbd: socks must be embedded in a SOCK_ITEM attr [ 525.081523][T11648] block nbd4: Dead connection, failed to find a fallback [ 525.088960][T11648] block nbd4: shutting down sockets [ 525.094287][T11648] blk_print_req_error: 154 callbacks suppressed [ 525.094300][T11648] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 525.114701][T11648] buffer_io_error: 4 callbacks suppressed [ 525.114717][T11648] Buffer I/O error on dev nbd4, logical block 0, async page read [ 525.173210][ T6055] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 525.196622][ T6055] Buffer I/O error on dev nbd4, logical block 0, async page read [ 525.196786][ T6055] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 525.196813][ T6055] Buffer I/O error on dev nbd4, logical block 0, async page read [ 525.196903][ T6055] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 525.196918][ T6055] Buffer I/O error on dev nbd4, logical block 0, async page read [ 525.196993][ T6055] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 525.197018][ T6055] Buffer I/O error on dev nbd4, logical block 0, async page read [ 525.197093][ T6055] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 525.197118][ T6055] Buffer I/O error on dev nbd4, logical block 0, async page read [ 525.197209][ T6055] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 525.197223][ T6055] Buffer I/O error on dev nbd4, logical block 0, async page read [ 525.197300][ T6055] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 525.197325][ T6055] Buffer I/O error on dev nbd4, logical block 0, async page read [ 525.197362][ T6055] ldm_validate_partition_table(): Disk read failed. [ 525.197395][ T6055] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 525.197416][ T6055] Buffer I/O error on dev nbd4, logical block 0, async page read [ 525.197501][ T6055] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 525.197516][ T6055] Buffer I/O error on dev nbd4, logical block 0, async page read [ 525.197673][ T6055] Dev nbd4: unable to read RDB block 0 [ 525.197855][ T6055] nbd4: unable to read partition table [ 525.197983][ T6055] nbd4: partition table beyond EOD, truncated [ 525.198932][T12551] ldm_validate_partition_table(): Disk read failed. [ 525.199234][T12551] Dev nbd4: unable to read RDB block 0 [ 525.199444][T12551] nbd4: unable to read partition table [ 525.199547][T12551] nbd4: partition table beyond EOD, truncated [ 525.413389][ T6055] ldm_validate_partition_table(): Disk read failed. [ 525.413648][ T6055] Dev nbd4: unable to read RDB block 0 [ 525.413851][ T6055] nbd4: unable to read partition table [ 525.413964][ T6055] nbd4: partition table beyond EOD, truncated [ 525.455317][ T57] microsoft 0003:045E:07DA.0012: ignoring exceeding usage max [ 525.458346][ T57] microsoft 0003:045E:07DA.0012: No inputs registered, leaving [ 525.460236][ T57] microsoft 0003:045E:07DA.0012: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 525.460273][ T57] microsoft 0003:045E:07DA.0012: no inputs found [ 525.460290][ T57] microsoft 0003:045E:07DA.0012: could not initialize ff, continuing anyway [ 525.670384][ T8] usb 2-1: USB disconnect, device number 55 [ 526.553323][T12475] warn_alloc: 1 callbacks suppressed [ 526.553342][T12475] syz.3.1745: vmalloc error: size 6164480, failed to allocated page array size 12040, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 526.577366][T12475] CPU: 1 UID: 0 PID: 12475 Comm: syz.3.1745 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 [ 526.588239][T12475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 526.598319][T12475] Call Trace: [ 526.601616][T12475] [ 526.604553][T12475] dump_stack_lvl+0x16c/0x1f0 [ 526.609259][T12475] warn_alloc+0x24d/0x3a0 [ 526.613611][T12475] ? __pfx_warn_alloc+0x10/0x10 [ 526.618527][T12475] ? __get_vm_area_node+0x1b0/0x2f0 [ 526.623749][T12475] ? __get_vm_area_node+0x1dc/0x2f0 [ 526.628967][T12475] __vmalloc_node_range_noprof+0x1105/0x1530 [ 526.634977][T12475] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 526.640112][T12475] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 526.646463][T12475] ? __get_vm_area_node+0x1b0/0x2f0 [ 526.651688][T12475] ? __get_vm_area_node+0x1dc/0x2f0 [ 526.656924][T12475] __vmalloc_node_range_noprof+0xd85/0x1530 [ 526.662842][T12475] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 526.667996][T12475] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 526.673137][T12475] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 526.679523][T12475] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 526.684663][T12475] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 526.690146][T12475] vmalloc_user_noprof+0x6b/0x90 [ 526.695109][T12475] ? vb2_vmalloc_alloc+0x11e/0x3d0 [ 526.700256][T12475] vb2_vmalloc_alloc+0x11e/0x3d0 [ 526.705228][T12475] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 526.710714][T12475] __vb2_queue_alloc+0x896/0x1230 [ 526.715781][T12475] vb2_core_create_bufs+0x55d/0xab0 [ 526.721010][T12475] ? __pfx_vb2_core_create_bufs+0x10/0x10 [ 526.726758][T12475] ? rcu_is_watching+0x12/0xc0 [ 526.731563][T12475] ? trace_contention_end+0xee/0x140 [ 526.736889][T12475] vb2_create_bufs+0x566/0x780 [ 526.741693][T12475] ? __pfx_vb2_create_bufs+0x10/0x10 [ 526.747019][T12475] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 526.752946][T12475] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 526.758880][T12475] v4l_create_bufs+0x156/0x270 [ 526.763669][T12475] __video_do_ioctl+0xaf0/0xf00 [ 526.768536][T12475] ? __pfx___video_do_ioctl+0x10/0x10 [ 526.773913][T12475] ? __might_fault+0xe3/0x190 [ 526.778606][T12475] video_usercopy+0x4d2/0x1620 [ 526.783379][T12475] ? __pfx___video_do_ioctl+0x10/0x10 [ 526.788758][T12475] ? __pfx_video_usercopy+0x10/0x10 [ 526.793979][T12475] v4l2_ioctl+0x1ba/0x250 [ 526.798313][T12475] ? __pfx_v4l2_ioctl+0x10/0x10 [ 526.803175][T12475] __x64_sys_ioctl+0x190/0x200 [ 526.808126][T12475] do_syscall_64+0xcd/0x250 [ 526.812640][T12475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.818541][T12475] RIP: 0033:0x7f7aa5985d29 [ 526.822961][T12475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 526.842569][T12475] RSP: 002b:00007f7aa66fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 526.850997][T12475] RAX: ffffffffffffffda RBX: 00007f7aa5b75fa0 RCX: 00007f7aa5985d29 [ 526.858976][T12475] RDX: 0000000020000dc0 RSI: 00000000c100565c RDI: 0000000000000004 [ 526.866955][T12475] RBP: 00007f7aa5a01b08 R08: 0000000000000000 R09: 0000000000000000 [ 526.875026][T12475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 526.883006][T12475] R13: 0000000000000000 R14: 00007f7aa5b75fa0 R15: 00007fff65fffae8 [ 526.890991][T12475] [ 526.900796][T12475] Mem-Info: [ 526.904103][T12475] active_anon:10641 inactive_anon:0 isolated_anon:0 [ 526.904103][T12475] active_file:4050 inactive_file:3945 isolated_file:0 [ 526.904103][T12475] unevictable:768 dirty:280 writeback:0 [ 526.904103][T12475] slab_reclaimable:11578 slab_unreclaimable:108335 [ 526.904103][T12475] mapped:34558 shmem:6293 pagetables:968 [ 526.904103][T12475] sec_pagetables:0 bounce:0 [ 526.904103][T12475] kernel_misc_reclaimable:0 [ 526.904103][T12475] free:1248304 free_pcp:5305 free_cma:0 [ 526.949430][T12475] Node 0 active_anon:42564kB inactive_anon:0kB active_file:16200kB inactive_file:15740kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:138228kB dirty:1120kB writeback:0kB shmem:23636kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11536kB pagetables:3872kB sec_pagetables:0kB all_unreclaimable? no [ 526.982418][T12475] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:40kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 527.012729][T12475] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 527.040866][T12475] lowmem_reserve[]: 0 2459 2459 0 0 [ 527.046481][T12475] Node 0 DMA32 free:1067064kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:42664kB inactive_anon:0kB active_file:16200kB inactive_file:15644kB unevictable:1536kB writepending:1120kB present:3129332kB managed:2547144kB mlocked:0kB bounce:0kB free_pcp:21204kB local_pcp:20892kB free_cma:0kB [ 527.077203][T12475] lowmem_reserve[]: 0 0 0 0 0 [ 527.082253][T12475] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:96kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 527.109431][T12475] lowmem_reserve[]: 0 [ 527.127255][T12575] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1760'. [ 527.146712][T12575] netlink: 'syz.1.1760': attribute type 12 has an invalid length. [ 527.160233][T12475] 0 0 0 0 [ 527.163569][T12475] Node 1 Normal free:3906804kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:40kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 527.311186][T12475] lowmem_reserve[]: 0 0 0 0 0 [ 527.316427][T12475] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 527.330215][T12475] Node 0 DMA32: 9*4kB (UME) 11*8kB (UME) 9*16kB (UME) 15*32kB (UM) 188*64kB (UME) 145*128kB (UM) 46*256kB (ME) 32*512kB (UME) 17*1024kB (UM) 9*2048kB (UME) 237*4096kB (M) = 1066092kB [ 527.349951][T12475] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 527.362297][T12475] Node 1 Normal: 203*4kB (UME) 43*8kB (UME) 47*16kB (UME) 194*32kB (UME) 87*64kB (UME) 23*128kB (UME) 12*256kB (UME) 12*512kB (UME) 6*1024kB (UM) 6*2048kB (UME) 943*4096kB (M) = 3906804kB [ 527.382426][T12475] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 527.392190][T12475] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 527.401697][T12475] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 527.411377][T12475] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 527.420756][T12475] 14310 total pagecache pages [ 527.425499][T12475] 0 pages in swap cache [ 527.429660][T12475] Free swap = 124456kB [ 527.433815][T12475] Total swap = 124996kB [ 527.438070][T12475] 2097051 pages RAM [ 527.441880][T12475] 0 pages HighMem/MovableOnly [ 527.446601][T12475] 428607 pages reserved [ 527.450858][T12475] 0 pages cma reserved [ 528.688528][T12590] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1765'. [ 528.709166][T12590] netlink: 'syz.1.1765': attribute type 12 has an invalid length. [ 529.900996][T12606] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 529.913664][T12606] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 531.006073][T12599] binder: 12597:12599 ioctl c0306201 20000680 returned -14 [ 531.035087][ T29] audit: type=1400 audit(1735993344.399:1394): avc: denied { call } for pid=12597 comm="syz.2.1766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 531.095301][T12599] 9pnet_fd: Insufficient options for proto=fd [ 531.193261][ T29] audit: type=1400 audit(1735993344.399:1395): avc: denied { transfer } for pid=12597 comm="syz.2.1766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 531.924227][T12624] veth0_to_team: entered promiscuous mode [ 531.931751][T12624] veth0_to_team: entered allmulticast mode [ 532.264593][T12627] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1775'. [ 533.063453][T12637] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1776'. [ 537.223404][T12702] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1792'. [ 537.471043][ T29] audit: type=1400 audit(1735993350.859:1396): avc: denied { read } for pid=12706 comm="syz.0.1795" name="ttynull" dev="devtmpfs" ino=620 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:hald_acl_exec_t:s0" [ 537.532172][ T29] audit: type=1400 audit(1735993350.859:1397): avc: denied { open } for pid=12706 comm="syz.0.1795" path="/dev/ttynull" dev="devtmpfs" ino=620 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:hald_acl_exec_t:s0" [ 537.845191][ T8] usb 3-1: new full-speed USB device number 39 using dummy_hcd [ 538.583459][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 538.764721][ T8] usb 3-1: New USB device found, idVendor=1e71, idProduct=2011, bcdDevice= 0.00 [ 538.783269][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.804224][ T8] usb 3-1: config 0 descriptor?? [ 538.935244][T12730] 9pnet_fd: Insufficient options for proto=fd [ 539.655061][T12712] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 540.786368][ T8] nzxt-smart2 0003:1E71:2011.0013: hidraw0: USB HID v0.00 Device [HID 1e71:2011] on usb-dummy_hcd.2-1/input0 [ 540.956479][T12747] netlink: 11 bytes leftover after parsing attributes in process `syz.4.1807'. [ 540.990150][T12749] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1808'. [ 541.031731][ T57] usb 3-1: USB disconnect, device number 39 [ 541.090789][T12752] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 541.424883][ T5866] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 541.613174][ T5866] usb 5-1: Using ep0 maxpacket: 8 [ 541.648804][ T5866] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d [ 541.673390][ T5866] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.727027][ T5866] usb 5-1: Product: syz [ 541.744839][ T5866] usb 5-1: Manufacturer: syz [ 541.758862][ T5866] usb 5-1: SerialNumber: syz [ 541.796795][ T5866] usb 5-1: config 0 descriptor?? [ 541.958830][T12762] netlink: 'syz.0.1812': attribute type 1 has an invalid length. [ 542.249944][T12762] bond4: entered promiscuous mode [ 542.255454][T12762] bond4: entered allmulticast mode [ 542.289511][ T5866] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 542.298133][ T5866] dvb_usb_af9015 5-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 542.333816][ T5866] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 542.345023][ T5866] dvb_usb_af9035 5-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 542.394981][T12764] netlink: 'syz.2.1811': attribute type 1 has an invalid length. [ 542.402942][ T5866] usb 5-1: USB disconnect, device number 26 [ 542.482617][T12765] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 542.628788][T12765] bond4: (slave batadv2): making interface the new active one [ 542.638530][T12765] batadv2: entered promiscuous mode [ 542.644331][T12765] batadv2: entered allmulticast mode [ 542.651615][T12765] bond4: (slave batadv2): Enslaving as an active interface with an up link [ 542.711294][T12764] bond2: entered promiscuous mode [ 542.716503][T12764] bond2: entered allmulticast mode [ 543.366084][T12768] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 543.437407][T12768] bond2: (slave batadv2): making interface the new active one [ 543.445493][T12768] batadv2: entered promiscuous mode [ 543.453675][T12768] batadv2: entered allmulticast mode [ 543.460925][T12768] bond2: (slave batadv2): Enslaving as an active interface with an up link [ 543.478874][T12774] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1814'. [ 543.488083][T12774] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 543.495682][T12774] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 543.504017][T12774] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 543.583631][T12779] FAULT_INJECTION: forcing a failure. [ 543.583631][T12779] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 543.604544][T12774] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 543.612930][T12774] batman_adv: batadv0: Interface deactivated: geneve3 [ 543.627165][T12774] batman_adv: batadv0: Removing interface: geneve3 [ 543.654192][T12779] CPU: 0 UID: 0 PID: 12779 Comm: syz.4.1816 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 [ 543.664968][T12779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 543.675088][T12779] Call Trace: [ 543.678351][T12779] [ 543.681263][T12779] dump_stack_lvl+0x16c/0x1f0 [ 543.685927][T12779] should_fail_ex+0x497/0x5b0 [ 543.690596][T12779] _copy_from_user+0x2e/0xd0 [ 543.695183][T12779] do_fcntl+0xbbd/0x15b0 [ 543.699430][T12779] ? __pfx_do_fcntl+0x10/0x10 [ 543.704086][T12779] ? selinux_file_fcntl+0x93/0x170 [ 543.709201][T12779] __x64_sys_fcntl+0x170/0x200 [ 543.713959][T12779] do_syscall_64+0xcd/0x250 [ 543.718462][T12779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.724343][T12779] RIP: 0033:0x7f124a985d29 [ 543.728739][T12779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 543.748325][T12779] RSP: 002b:00007f124b872038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 543.756718][T12779] RAX: ffffffffffffffda RBX: 00007f124ab75fa0 RCX: 00007f124a985d29 [ 543.764681][T12779] RDX: 0000000020000180 RSI: 0000000000000025 RDI: 0000000000000004 [ 543.772629][T12779] RBP: 00007f124b872090 R08: 0000000000000000 R09: 0000000000000000 [ 543.780596][T12779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 543.788684][T12779] R13: 0000000000000000 R14: 00007f124ab75fa0 R15: 00007ffc807f27b8 [ 543.796662][T12779] [ 543.924865][ T8] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 543.935211][ T5866] usb 1-1: new full-speed USB device number 44 using dummy_hcd [ 544.063872][ T29] audit: type=1400 audit(1735993357.449:1398): avc: denied { mounton } for pid=12780 comm="syz.4.1817" path="/syzcgroup/unified/syz4" dev="cgroup2" ino=38 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 544.088380][T12781] tmpfs: Unknown parameter '' [ 544.144926][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 544.168801][ T5866] usb 1-1: config 0 has an invalid interface number: 217 but max is 0 [ 544.177471][ T5866] usb 1-1: config 0 has no interface number 0 [ 544.215062][ T8] usb 2-1: config 0 has no interfaces? [ 544.228238][ T8] usb 2-1: New USB device found, idVendor=0445, idProduct=5010, bcdDevice= 0.00 [ 544.241709][ T5866] usb 1-1: New USB device found, idVendor=0af0, idProduct=d257, bcdDevice=e9.5c [ 544.251333][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.259776][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.434668][T12788] 9pnet_fd: Insufficient options for proto=fd [ 544.599124][ T5866] usb 1-1: Product: syz [ 544.604327][ T5866] usb 1-1: Manufacturer: syz [ 544.620655][ T8] usb 2-1: config 0 descriptor?? [ 544.625953][ T5866] usb 1-1: SerialNumber: syz [ 544.642999][ T5866] usb 1-1: config 0 descriptor?? [ 544.659528][ T5866] hso 1-1:0.217: Not our interface [ 544.695471][T12790] 9pnet_fd: Insufficient options for proto=fd [ 544.843834][ T5866] usb 2-1: USB disconnect, device number 56 [ 544.892715][ T57] usb 1-1: USB disconnect, device number 44 [ 545.284955][ T29] audit: type=1400 audit(1735993358.579:1399): avc: denied { accept } for pid=12799 comm="syz.4.1822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 545.775378][ T29] audit: type=1400 audit(1735993358.699:1400): avc: denied { connect } for pid=12799 comm="syz.4.1822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 545.841668][ T29] audit: type=1400 audit(1735993358.699:1401): avc: denied { name_connect } for pid=12799 comm="syz.4.1822" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 546.502319][T12819] netlink: 'syz.0.1827': attribute type 1 has an invalid length. [ 546.528833][T12816] 9pnet_fd: Insufficient options for proto=fd [ 546.572805][T12819] bond5: entered promiscuous mode [ 546.694891][T12819] bond5: entered allmulticast mode [ 546.707511][T12824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 546.973133][T12829] 9pnet_fd: Insufficient options for proto=fd [ 547.076323][T12824] bond5: (slave batadv0): making interface the new active one [ 547.083860][T12824] batadv0: entered promiscuous mode [ 547.089406][T12824] batadv0: entered allmulticast mode [ 547.099586][T12824] bond5: (slave batadv0): Enslaving as an active interface with an up link [ 547.229035][T12827] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1830'. [ 547.541786][T12833] bond0: (slave vlan2): Opening slave failed [ 547.574806][ T57] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 548.065874][T12835] binder_alloc: 12830: binder_alloc_buf, no vma [ 549.354019][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 549.382240][ T57] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 549.391466][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.938528][ T57] usb 5-1: config 0 descriptor?? [ 549.985675][ T29] audit: type=1400 audit(1735993363.359:1402): avc: denied { bind } for pid=12841 comm="syz.1.1834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 550.055315][ T29] audit: type=1400 audit(1735993363.359:1403): avc: denied { node_bind } for pid=12841 comm="syz.1.1834" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 550.148694][ T57] usb 5-1: can't set config #0, error -71 [ 550.463458][T12851] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 550.523139][ T57] usb 5-1: USB disconnect, device number 27 [ 551.244884][ T8] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 551.404918][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 551.475831][T12866] IPVS: Unknown mcast interface: lo [ 551.557357][ T57] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 551.763036][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 551.952932][ T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 551.963187][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 551.974281][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 551.985904][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 551.987243][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 551.996349][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 552.036640][ T8] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 552.050516][ T8] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 552.069228][ T8] usb 1-1: Manufacturer: syz [ 552.085983][ T8] usb 1-1: config 0 descriptor?? [ 552.184516][ T57] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 552.194521][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.204688][ T57] usb 5-1: Product: syz [ 552.208938][ T57] usb 5-1: Manufacturer: syz [ 552.213634][ T57] usb 5-1: SerialNumber: syz [ 552.228714][ T57] usb 5-1: config 0 descriptor?? [ 552.380162][ T8] rc_core: IR keymap rc-hauppauge not found [ 552.389231][ T8] Registered IR keymap rc-empty [ 552.406068][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 552.468450][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 552.490151][ T57] adutux 5-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 552.505227][ T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 552.518819][ T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input46 [ 552.533410][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 552.568610][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 552.597249][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 552.625422][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 552.835319][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 553.055158][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 553.211651][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 553.219038][ T5866] usb 5-1: USB disconnect, device number 28 [ 553.245008][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 553.265854][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 553.285975][ T8] mceusb 1-1:0.0: Error: mce write urb status = -71 [ 553.315853][ T8] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 553.393589][ T8] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 553.405499][T12874] 9pnet_fd: Insufficient options for proto=fd [ 553.444232][ T8] usb 1-1: USB disconnect, device number 45 [ 553.851583][T12884] netlink: 'syz.3.1846': attribute type 4 has an invalid length. [ 554.087372][ T29] audit: type=1400 audit(1735993367.449:1404): avc: denied { ioctl } for pid=12889 comm="syz.1.1849" path="/dev/ptyq7" dev="devtmpfs" ino=126 ioctlcmd=0x5438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 554.501365][T12891] nvme_fabrics: missing parameter 'transport=%s' [ 554.508442][T12891] nvme_fabrics: missing parameter 'nqn=%s' [ 554.834796][ T5866] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 554.929286][T12911] tipc: Started in network mode [ 554.966258][T12911] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 554.975564][T12911] tipc: New replicast peer: fc01:0000:0000:0000:0000:0000:0000:0000 [ 554.985379][ T5866] usb 1-1: device descriptor read/64, error -71 [ 555.032155][T12917] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 555.045670][T12917] VFS: Can't find a romfs filesystem on dev nullb0. [ 555.045670][T12917] [ 555.269346][T12911] tipc: Enabled bearer , priority 10 [ 555.351383][T12914] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1856'. [ 555.613209][ T5866] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 555.695905][T12922] netlink: 'syz.2.1857': attribute type 10 has an invalid length. [ 555.719859][T12922] team0: Device bond0 is up. Set it down before adding it as a team port [ 555.734245][ T29] audit: type=1400 audit(1735993369.119:1405): avc: denied { read } for pid=12923 comm="syz.3.1858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 555.786227][ T5866] usb 1-1: device descriptor read/64, error -71 [ 555.813758][T12927] MTD: Couldn't look up '': -22 [ 555.898523][ T29] audit: type=1400 audit(1735993369.279:1406): avc: denied { mount } for pid=12923 comm="syz.3.1858" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 555.921112][ T5866] usb usb1-port1: attempt power cycle [ 555.933054][ T29] audit: type=1400 audit(1735993369.279:1407): avc: denied { read } for pid=12923 comm="syz.3.1858" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 555.955103][ T29] audit: type=1400 audit(1735993369.279:1408): avc: denied { open } for pid=12923 comm="syz.3.1858" path="/377/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 555.977613][ T29] audit: type=1804 audit(1735993369.289:1409): pid=12927 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.1858" name="/" dev="pidfs" ino=13229 res=1 errno=0 [ 555.998931][ T29] audit: type=1400 audit(1735993369.289:1410): avc: denied { ioctl } for pid=12923 comm="syz.3.1858" path="/377/file0" dev="tracefs" ino=1 ioctlcmd=0x64ba scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 556.023324][ T57] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 556.384758][ T57] usb 2-1: Using ep0 maxpacket: 8 [ 556.394807][ T8] tipc: Node number set to 1 [ 556.396706][ T29] audit: type=1400 audit(1735993369.789:1411): avc: denied { unmount } for pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 556.455118][ T5866] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 556.467926][ T57] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d [ 556.475786][ T5866] usb 1-1: device descriptor read/8, error -71 [ 556.477200][ T57] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.518170][ T57] usb 2-1: Product: syz [ 556.522531][ T57] usb 2-1: Manufacturer: syz [ 556.534829][ T57] usb 2-1: SerialNumber: syz [ 556.548672][ T57] usb 2-1: config 0 descriptor?? [ 556.816641][ T5866] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 556.966672][ T5866] usb 1-1: device descriptor read/8, error -71 [ 557.011454][ T57] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 557.042248][ T57] dvb_usb_af9015 2-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 557.075095][ T5866] usb usb1-port1: unable to enumerate USB device [ 557.075801][ T57] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 557.092702][T12943] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1864'. [ 557.106425][T12943] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1864'. [ 557.106518][ T57] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 557.116361][T12943] netlink: 'syz.2.1864': attribute type 1 has an invalid length. [ 557.158619][ T57] usb 2-1: USB disconnect, device number 57 [ 557.179859][T12943] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1864'. [ 557.217048][T12945] Cannot find del_set index 0 as target [ 557.246385][ T5823] block nbd1: Receive control failed (result -107) [ 557.285072][T12943] [ 557.287435][T12943] ====================================================== [ 557.294465][T12943] WARNING: possible circular locking dependency detected [ 557.301481][T12943] 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 Not tainted [ 557.308576][T12943] ------------------------------------------------------ [ 557.315679][T12943] syz.2.1864/12943 is trying to acquire lock: [ 557.321732][T12943] ffff888025b168c8 (&q->limits_lock){+.+.}-{4:4}, at: __nbd_set_size+0x2c0/0x730 [ 557.330893][T12943] [ 557.330893][T12943] but task is already holding lock: [ 557.338241][T12943] ffff888025b16278 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: nbd_start_device+0x8ef/0xd70 [ 557.348689][T12943] [ 557.348689][T12943] which lock already depends on the new lock. [ 557.348689][T12943] [ 557.359092][T12943] [ 557.359092][T12943] the existing dependency chain (in reverse order) is: [ 557.368093][T12943] [ 557.368093][T12943] -> #5 (&q->q_usage_counter(io)#50){++++}-{0:0}: [ 557.376697][T12943] blk_mq_submit_bio+0x1fb6/0x24c0 [ 557.382339][T12943] __submit_bio+0x384/0x540 [ 557.387349][T12943] submit_bio_noacct_nocheck+0x698/0xd70 [ 557.393676][T12943] submit_bio_noacct+0x93a/0x1e20 [ 557.399210][T12943] mpage_readahead+0x41d/0x590 [ 557.404508][T12943] read_pages+0x1a8/0xdc0 [ 557.409368][T12943] page_cache_ra_unbounded+0x3dc/0x750 [ 557.415358][T12943] force_page_cache_ra+0x24b/0x340 [ 557.420980][T12943] page_cache_sync_ra+0x110/0x9c0 [ 557.426520][T12943] filemap_get_pages+0xd7b/0x1be0 [ 557.432057][T12943] filemap_read+0x3ca/0xd70 [ 557.437075][T12943] blkdev_read_iter+0x187/0x480 [ 557.442436][T12943] vfs_read+0x87f/0xbe0 [ 557.447103][T12943] ksys_read+0x12b/0x250 [ 557.451852][T12943] do_syscall_64+0xcd/0x250 [ 557.456877][T12943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.463295][T12943] [ 557.463295][T12943] -> #4 (mapping.invalidate_lock#2){++++}-{4:4}: [ 557.471810][T12943] down_read+0x9a/0x330 [ 557.476484][T12943] filemap_fault+0x62c/0x2820 [ 557.481699][T12943] __do_fault+0x10a/0x490 [ 557.486725][T12943] do_pte_missing+0xebd/0x3e00 [ 557.492004][T12943] __handle_mm_fault+0x103c/0x2a40 [ 557.497714][T12943] handle_mm_fault+0x3fa/0xaa0 [ 557.502991][T12943] do_user_addr_fault+0x7a3/0x13f0 [ 557.508620][T12943] exc_page_fault+0x5c/0xc0 [ 557.513636][T12943] asm_exc_page_fault+0x26/0x30 [ 557.519003][T12943] rep_movs_alternative+0x30/0x70 [ 557.524535][T12943] _copy_from_user+0x9a/0xd0 [ 557.529644][T12943] copy_msghdr_from_user+0x99/0x160 [ 557.535353][T12943] ___sys_sendmsg+0xff/0x1e0 [ 557.540450][T12943] __sys_sendmmsg+0x201/0x420 [ 557.545659][T12943] __x64_sys_sendmmsg+0x9c/0x100 [ 557.551105][T12943] do_syscall_64+0xcd/0x250 [ 557.556126][T12943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.562562][T12943] [ 557.562562][T12943] -> #3 (&mm->mmap_lock){++++}-{4:4}: [ 557.570123][T12943] __might_fault+0x11b/0x190 [ 557.575240][T12943] _copy_from_user+0x29/0xd0 [ 557.580349][T12943] __blk_trace_setup+0xa8/0x180 [ 557.585718][T12943] blk_trace_ioctl+0x163/0x290 [ 557.590991][T12943] blkdev_ioctl+0x109/0x6d0 [ 557.596013][T12943] __x64_sys_ioctl+0x190/0x200 [ 557.601291][T12943] do_syscall_64+0xcd/0x250 [ 557.606312][T12943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.612722][T12943] [ 557.612722][T12943] -> #2 (&q->debugfs_mutex){+.+.}-{4:4}: [ 557.620537][T12943] __mutex_lock+0x19b/0xa60 [ 557.625559][T12943] blk_mq_init_sched+0x42b/0x640 [ 557.631018][T12943] elevator_init_mq+0x2cd/0x420 [ 557.636397][T12943] add_disk_fwnode+0x113/0x1300 [ 557.641769][T12943] sd_probe+0xa86/0x1000 [ 557.646530][T12943] really_probe+0x23e/0xa90 [ 557.651547][T12943] __driver_probe_device+0x1de/0x440 [ 557.657350][T12943] driver_probe_device+0x4c/0x1b0 [ 557.662904][T12943] __device_attach_driver+0x1df/0x310 [ 557.668890][T12943] bus_for_each_drv+0x157/0x1e0 [ 557.674271][T12943] __device_attach_async_helper+0x1d3/0x290 [ 557.680683][T12943] async_run_entry_fn+0x9c/0x530 [ 557.686144][T12943] process_one_work+0x9c5/0x1ba0 [ 557.691599][T12943] worker_thread+0x6c8/0xf00 [ 557.696707][T12943] kthread+0x2c1/0x3a0 [ 557.701293][T12943] ret_from_fork+0x45/0x80 [ 557.706220][T12943] ret_from_fork_asm+0x1a/0x30 [ 557.711525][T12943] [ 557.711525][T12943] -> #1 (&q->q_usage_counter(queue)#50){++++}-{0:0}: [ 557.720382][T12943] blk_queue_enter+0x50f/0x640 [ 557.725666][T12943] blk_mq_alloc_request+0x59b/0x950 [ 557.731383][T12943] scsi_execute_cmd+0x1eb/0xf40 [ 557.736747][T12943] read_capacity_16+0x213/0xe10 [ 557.742114][T12943] sd_revalidate_disk.isra.0+0x1a06/0xa8d0 [ 557.748437][T12943] sd_probe+0x904/0x1000 [ 557.753195][T12943] really_probe+0x23e/0xa90 [ 557.758213][T12943] __driver_probe_device+0x1de/0x440 [ 557.764014][T12943] driver_probe_device+0x4c/0x1b0 [ 557.769551][T12943] __device_attach_driver+0x1df/0x310 [ 557.775462][T12943] bus_for_each_drv+0x157/0x1e0 [ 557.780865][T12943] __device_attach_async_helper+0x1d3/0x290 [ 557.787271][T12943] async_run_entry_fn+0x9c/0x530 [ 557.792723][T12943] process_one_work+0x9c5/0x1ba0 [ 557.798199][T12943] worker_thread+0x6c8/0xf00 [ 557.803298][T12943] kthread+0x2c1/0x3a0 [ 557.807903][T12943] ret_from_fork+0x45/0x80 [ 557.812833][T12943] ret_from_fork_asm+0x1a/0x30 [ 557.818117][T12943] [ 557.818117][T12943] -> #0 (&q->limits_lock){+.+.}-{4:4}: [ 557.825763][T12943] __lock_acquire+0x249e/0x3c40 [ 557.831126][T12943] lock_acquire.part.0+0x11b/0x380 [ 557.836764][T12943] __mutex_lock+0x19b/0xa60 [ 557.841780][T12943] __nbd_set_size+0x2c0/0x730 [ 557.847074][T12943] nbd_start_device+0x8fd/0xd70 [ 557.852431][T12943] nbd_genl_connect+0x1204/0x1c00 [ 557.858036][T12943] genl_family_rcv_msg_doit+0x202/0x2f0 [ 557.864103][T12943] genl_rcv_msg+0x565/0x800 [ 557.869110][T12943] netlink_rcv_skb+0x16b/0x440 [ 557.874405][T12943] genl_rcv+0x28/0x40 [ 557.878899][T12943] netlink_unicast+0x53c/0x7f0 [ 557.884180][T12943] netlink_sendmsg+0x8b8/0xd70 [ 557.889461][T12943] ____sys_sendmsg+0xaaf/0xc90 [ 557.894735][T12943] ___sys_sendmsg+0x135/0x1e0 [ 557.899923][T12943] __sys_sendmsg+0x16e/0x220 [ 557.905021][T12943] do_syscall_64+0xcd/0x250 [ 557.910041][T12943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.916456][T12943] [ 557.916456][T12943] other info that might help us debug this: [ 557.916456][T12943] [ 557.926664][T12943] Chain exists of: [ 557.926664][T12943] &q->limits_lock --> mapping.invalidate_lock#2 --> &q->q_usage_counter(io)#50 [ 557.926664][T12943] [ 557.941702][T12943] Possible unsafe locking scenario: [ 557.941702][T12943] [ 557.949138][T12943] CPU0 CPU1 [ 557.954484][T12943] ---- ---- [ 557.960002][T12943] lock(&q->q_usage_counter(io)#50); [ 557.965381][T12943] lock(mapping.invalidate_lock#2); [ 557.973216][T12943] lock(&q->q_usage_counter(io)#50); [ 557.981113][T12943] lock(&q->limits_lock); [ 557.985529][T12943] [ 557.985529][T12943] *** DEADLOCK *** [ 557.985529][T12943] [ 557.993659][T12943] 5 locks held by syz.2.1864/12943: [ 557.998841][T12943] #0: ffffffff8ff7ba90 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 558.007206][T12943] #1: ffffffff8ff7bb48 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x580/0x800 [ 558.016520][T12943] #2: ffff888025c69198 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0xa1b/0x1c00 [ 558.026541][T12943] #3: ffff888025b16278 (&q->q_usage_counter(io)#50){++++}-{0:0}, at: nbd_start_device+0x8ef/0xd70 [ 558.037401][T12943] #4: ffff888025b162b0 (&q->q_usage_counter(queue)#34){+.+.}-{0:0}, at: nbd_start_device+0x8ef/0xd70 [ 558.048368][T12943] [ 558.048368][T12943] stack backtrace: [ 558.054246][T12943] CPU: 0 UID: 0 PID: 12943 Comm: syz.2.1864 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0 [ 558.064992][T12943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 558.075034][T12943] Call Trace: [ 558.078300][T12943] [ 558.081216][T12943] dump_stack_lvl+0x116/0x1f0 [ 558.085895][T12943] print_circular_bug+0x419/0x5d0 [ 558.090910][T12943] check_noncircular+0x31a/0x400 [ 558.095840][T12943] ? __pfx_check_noncircular+0x10/0x10 [ 558.101293][T12943] ? lockdep_lock+0xc6/0x200 [ 558.105886][T12943] ? __pfx_lockdep_lock+0x10/0x10 [ 558.111005][T12943] ? __pfx_mark_lock+0x10/0x10 [ 558.115758][T12943] __lock_acquire+0x249e/0x3c40 [ 558.120600][T12943] ? __pfx___lock_acquire+0x10/0x10 [ 558.125784][T12943] ? __lock_acquire+0x15a9/0x3c40 [ 558.130798][T12943] lock_acquire.part.0+0x11b/0x380 [ 558.135901][T12943] ? __nbd_set_size+0x2c0/0x730 [ 558.140746][T12943] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 558.146370][T12943] ? rcu_is_watching+0x12/0xc0 [ 558.151126][T12943] ? trace_lock_acquire+0x14e/0x1f0 [ 558.156319][T12943] ? __nbd_set_size+0x2c0/0x730 [ 558.161166][T12943] ? lock_acquire+0x2f/0xb0 [ 558.165655][T12943] ? __nbd_set_size+0x2c0/0x730 [ 558.170499][T12943] __mutex_lock+0x19b/0xa60 [ 558.174993][T12943] ? __nbd_set_size+0x2c0/0x730 [ 558.179837][T12943] ? __nbd_set_size+0x2c0/0x730 [ 558.184684][T12943] ? __lock_acquire+0x15a9/0x3c40 [ 558.189699][T12943] ? __pfx___mutex_lock+0x10/0x10 [ 558.194721][T12943] ? __pfx___lock_acquire+0x10/0x10 [ 558.199910][T12943] ? __nbd_set_size+0x2c0/0x730 [ 558.204756][T12943] __nbd_set_size+0x2c0/0x730 [ 558.209432][T12943] ? lock_acquire.part.0+0x11b/0x380 [ 558.214721][T12943] ? find_held_lock+0x2d/0x110 [ 558.219567][T12943] ? blk_mq_freeze_queue_wait+0x186/0x190 [ 558.225277][T12943] ? __pfx_lock_release+0x10/0x10 [ 558.230377][T12943] ? __pfx___nbd_set_size+0x10/0x10 [ 558.235575][T12943] ? __pfx_autoremove_wake_function+0x10/0x10 [ 558.241633][T12943] ? nbd_start_device+0x8ef/0xd70 [ 558.246653][T12943] nbd_start_device+0x8fd/0xd70 [ 558.251538][T12943] nbd_genl_connect+0x1204/0x1c00 [ 558.256554][T12943] ? __pfx_nbd_genl_connect+0x10/0x10 [ 558.261918][T12943] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 558.269547][T12943] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 558.276915][T12943] genl_family_rcv_msg_doit+0x202/0x2f0 [ 558.282459][T12943] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 558.288524][T12943] ? genl_get_cmd+0x195/0x580 [ 558.293201][T12943] ? __radix_tree_lookup+0x21f/0x2c0 [ 558.298565][T12943] genl_rcv_msg+0x565/0x800 [ 558.303055][T12943] ? __pfx_genl_rcv_msg+0x10/0x10 [ 558.308064][T12943] ? __pfx_nbd_genl_connect+0x10/0x10 [ 558.313422][T12943] ? __pfx___lock_acquire+0x10/0x10 [ 558.318619][T12943] netlink_rcv_skb+0x16b/0x440 [ 558.323385][T12943] ? __pfx_genl_rcv_msg+0x10/0x10 [ 558.328402][T12943] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 558.333688][T12943] ? down_read+0xc9/0x330 [ 558.338018][T12943] ? __pfx_down_read+0x10/0x10 [ 558.342773][T12943] ? netlink_deliver_tap+0x1ae/0xd30 [ 558.348053][T12943] genl_rcv+0x28/0x40 [ 558.352030][T12943] netlink_unicast+0x53c/0x7f0 [ 558.356804][T12943] ? __pfx_netlink_unicast+0x10/0x10 [ 558.362084][T12943] netlink_sendmsg+0x8b8/0xd70 [ 558.366843][T12943] ? __pfx_netlink_sendmsg+0x10/0x10 [ 558.372145][T12943] ____sys_sendmsg+0xaaf/0xc90 [ 558.377026][T12943] ? copy_msghdr_from_user+0x10b/0x160 [ 558.382475][T12943] ? __pfx_____sys_sendmsg+0x10/0x10 [ 558.388024][T12943] ___sys_sendmsg+0x135/0x1e0 [ 558.392719][T12943] ? __pfx____sys_sendmsg+0x10/0x10 [ 558.397909][T12943] ? __pfx_lock_release+0x10/0x10 [ 558.402924][T12943] ? trace_lock_acquire+0x14e/0x1f0 [ 558.408123][T12943] ? __fget_files+0x206/0x3a0 [ 558.412792][T12943] __sys_sendmsg+0x16e/0x220 [ 558.417374][T12943] ? __pfx___sys_sendmsg+0x10/0x10 [ 558.422472][T12943] ? __x64_sys_futex+0x1e1/0x4c0 [ 558.427404][T12943] do_syscall_64+0xcd/0x250 [ 558.431908][T12943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 558.437814][T12943] RIP: 0033:0x7f9bd8b85d29 [ 558.442217][T12943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 558.461827][T12943] RSP: 002b:00007f9bd9a00038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 558.470326][T12943] RAX: ffffffffffffffda RBX: 00007f9bd8d75fa0 RCX: 00007f9bd8b85d29 [ 558.478289][T12943] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 000000000000000a [ 558.486421][T12943] RBP: 00007f9bd8c01b08 R08: 0000000000000000 R09: 0000000000000000 [ 558.494404][T12943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 558.502371][T12943] R13: 0000000000000000 R14: 00007f9bd8d75fa0 R15: 00007ffdf65c53c8 [ 558.510376][T12943] [ 563.056691][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.063039][ T1293] ieee802154 phy1 wpan1: encryption failed: -22