last executing test programs: 11.89117624s ago: executing program 3 (id=291): madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x3f00) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000380)={0x60, 0x2, &(0x7f0000355000/0x4000)=nil, &(0x7f000030d000/0x1000)=nil, 0x3, &(0x7f0000000200)=[{0x15, 0x6}, {0xf, 0x8, 0x200}, {0xa541, 0x3ff, 0x7}, {0x9, 0x3, 0x10}, {0x6, 0x6, 0x6}], 0x5, 0xeb, 0x30, 0x61, 0x47, 0x43}) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) get_robust_list(0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09ff3a150099a283ff04b8008000f0ffff0000000600401500240036001fc411a0b598bc593ab6821148a730cc33a49868c62b2ca654a6613b6aab", 0x42}, {&(0x7f0000000080)='G%\x00\x00\x00\x00\x00\x00\x00\x00', 0xa}], 0x2}, 0x0) recvmmsg(r1, &(0x7f0000001300)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}}], 0x300, 0x48, 0x0) 10.493503937s ago: executing program 3 (id=294): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}}) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xb, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000180000000000000000000005180100002020702500000000abc5fe2167d0f14dbef61ce6002020207b1af8ff00000000bfa10000001e20152e5251bf0ef8ffffffb702000008000000b70300000053732ad3b8df14e328b989506ad2552613e4c2ff8d7f9546", @ANYRES64=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = epoll_create1(0x0) r3 = epoll_create1(0x0) syz_usb_connect(0x0, 0x3d, &(0x7f0000000940)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb9050000000109022b00010000000009049c0002010351000905031300000000000725ec0200000009050f0000"], 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000040)={0xe000201a}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000200", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x24048844) r5 = socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x2, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x1400}}, 0x1c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @private}, 0xd0, 0x0, 0x0, 0x0, 0x5af}) r8 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r8, 0x8953, &(0x7f0000000180)={{0x2, 0x2, @multicast2}, {0x0, @random="ae1457ad617e"}, 0x0, {0x2, 0xfffc, @multicast1=0xe000cc02}}) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x1c}}, 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xcfba, 0x0, 0x0) dup3(r4, r3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$packet(0x11, 0xa, 0x300) socket$packet(0x11, 0x2, 0x300) 8.076563s ago: executing program 0 (id=300): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x27, 0x1, 0x0, 0x2, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000000)=0x4, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0x5, 0xdd5, 0x7, 0x8, 0x6}, 0x14) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000340)={{0x12, 0x1, 0x0, 0x5f, 0xb8, 0xe5, 0x20, 0xccd, 0x80, 0x4a83, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x6f, 0x0, 0x0, 0xaa, 0xd8, 0x23}}, {{0x9, 0x4, 0x0, 0x0, 0x0, 0xa4, 0x6a, 0xf}}]}}]}}, 0x0) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='xfs\x00', 0x8000, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0xa667}], 0x1, 0x0, 0x0, 0x0) signalfd4(r1, &(0x7f0000000340)={[0x1]}, 0x8, 0x80800) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000300)={0xffffffffffffffff, 0x9, 0x8}, 0xc) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000040)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x2, r4, 0x1, &(0x7f00000001c0)) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sys_enter\x00', r5}, 0x10) utime(0x0, 0xfffffffffffffffc) timerfd_settime(r1, 0x3, &(0x7f00000000c0)={{r2, r3+60000000}, {0x77359400}}, &(0x7f0000000100)) 7.117539854s ago: executing program 4 (id=304): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x13, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c250000000000202020630accff00000000bda100000000000026010000f8ffffffb702000008000000b703000000000000850000000800000018010000202070250000000000202020dd1af5ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004540)=[{{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4", 0xf4}], 0x1}}], 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="d00000001800010600000000fedbdf251c140000fe0000010000000005001a0000"], 0xd0}}, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000340)={0xfffffffc, 0x0, 0x0, 0x0, 0x0, "4d6b55f68502bfc6aafbd98ec07c45a8365ccb"}) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000a40)) readv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000280)=""/79, 0x4f}], 0x1) add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f00000001c0)={'fscrypt:', @auto=[0x30, 0x35, 0x39, 0x65, 0x66, 0x33, 0x30, 0x34, 0x30, 0x63, 0x64, 0x63, 0x32, 0x31, 0x39, 0x33]}, &(0x7f0000000480)={0x0, "2a518689193a3e5d5a9927857acd3344b1b1f9cbe44359ddb8071d8c46987740e8f1043dff3cf5fc0a9601e793724dc91953acd6e0209f68d91b42a962b0edf9", 0x16}, 0x48, 0xfffffffffffffff9) 6.91780578s ago: executing program 1 (id=305): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000004000087ec2339a0755524f3e19e2d87808a6381192f100850000009c0000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = creat(0x0, 0x0) r1 = syz_io_uring_setup(0x12e, &(0x7f0000000140)={0x0, 0x5885, 0x400, 0x0, 0x10b}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x6) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x40, 0x0, r0, 0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x200}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) msgget$private(0x0, 0x4) 6.125600797s ago: executing program 4 (id=306): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f0000000100)={0x1, 0x1, @raw_data=[0x0, 0x0, 0x94b9c7be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000]}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x28, 0x3d, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@typed={0xc, 0xba, 0x0, 0x0, @u64=0xfc0000}, @nested={0x4, 0x1}, @nested={0x4, 0x2}]}, 0x28}}, 0x4c000) 6.04723523s ago: executing program 3 (id=307): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prlimit64(0x0, 0xf, &(0x7f0000000100)={0x9, 0x7fffffff}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, 0x0, 0x0) 5.502665351s ago: executing program 4 (id=308): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x1002, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="000000000400000004d981cbaa00000000000000658a0300552a324ba21159204972ab9d44bb10c34f56f462c700fcff00000000bf668b6588f9eec3116255097e4414785e0100000000000000a2aeea3346df396ae6d6e897ac49414a01297f2480a0778b1793", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x9, &(0x7f0000000d80)=@raw=[@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10}}, @jmp={0x5, 0x0, 0x9, 0x1, 0x2, 0xffffffffffffffc2, 0xfffffffffffffffc}], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000000)=@id={0x1e, 0x3, 0x0, {0x4e24}}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d3f0e8b099b3f36006c090890e0878f0e1ac6e7f89b334d959b4a9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05959a71243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90d5943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) mknodat$loop(0xffffffffffffffff, &(0x7f0000001600)='./file1\x00', 0x2000, 0x0) socketpair(0xa, 0xa, 0x2, &(0x7f0000000180)={0xffffffffffffffff}) bind$vsock_stream(r4, &(0x7f0000000300), 0x10) syz_open_procfs(0x0, &(0x7f00000000c0)='uid_map\x00') acct(&(0x7f00000001c0)='./file0\x00') r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0x90, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x7c, 0x1, [@m_connmark={0x34, 0x2, 0x0, 0x0, {{0xd}, {0x4, 0x20}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x90}}, 0x0) unshare(0x62040200) 5.453173566s ago: executing program 3 (id=310): setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='westwood\x00', 0x9) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r4, 0x110, 0x4, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000100), 0xab7801, &(0x7f00000000c0)=ANY=[@ANYRES64=r3]) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5.342952282s ago: executing program 1 (id=311): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x1e4, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4, 0x1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1b4, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}, [@TCA_NETEM_LOSS={0x44, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x8, 0x7, 0x0, 0x8, 0x8001}}, @NETEM_LOSS_GE={0x14, 0x2, {0x10, 0xfffffffc, 0x0, 0xbac}}, @NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x1, 0x1, 0x8001}}]}, @TCA_NETEM_RATE={0x14, 0x6, {0x3, 0x3, 0x1, 0x5}}, @TCA_NETEM_DELAY_DIST={0x33, 0x2, "9f2b57f6fd6d293bfe5b6d9a96ed3dddee6b7e412e5f234d15c69e5d9c27c84e38c1aec4c41bc1aca5f6f367d423db"}, @TCA_NETEM_CORR={0x10, 0x1, {0x7, 0xd654, 0x101}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x2}, @TCA_NETEM_REORDER={0xc, 0x3, {0x0, 0x3}}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x3, 0x1ff, 0x3, 0xf, 0x1}}]}, @TCA_NETEM_DELAY_DIST={0x5b, 0x2, "3c926845bef2777306c8ce8c9e7c870635d5063a53232e3f3126a9cd3087f541a50b088e7362039158e2fc77f6bfc8f0b0af636870d08dde0dc116b78164fa69b70291157cf17607d14c226735b4ee76cb739c4af72fcb"}, @TCA_NETEM_LOSS={0x6c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x4, 0x3, 0x5}}, @NETEM_LOSS_GE={0x14, 0x2, {0x0, 0x9, 0x8, 0x612}}, @NETEM_LOSS_GE={0x14, 0x2, {0x80, 0x1, 0xfe, 0x6}}, @NETEM_LOSS_GI={0x18, 0x1, {0x3, 0x7, 0x6, 0x9}}, @NETEM_LOSS_GE={0x14, 0x2, {0x7, 0x5, 0xf32, 0x1}}]}]}}}]}, 0x1e4}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) 4.024313448s ago: executing program 4 (id=313): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000002180c20000000800450c00201f000f0004069078ac1414bbac1414aa00014e20000c907801febbd9"], 0x0) 3.883748136s ago: executing program 1 (id=314): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000140)={0xc4a, 0x3, 0x1, {0x0, @raw_data="744251283286b63de134f95d9fdec756edcca8185a268eab737493a73e8eefb12fd35ab033f9687328352f7b4fab2df17e8948baa0f19f6b62547c2c0d0bbde385a1e496845523cf077f0d9341fb2022a07098c252d6d0d0e16205b9547de84e226a308c3cb85440a8b2e294e8d504f0318fcc328632620e8ca84687e429ef93189b2bfed2db1185bb692f33b2b25e6ad0517d9c76097d4a415f694318f4fcd4bac649dcf4619bcb00f322bc70d5fae84e23dc636d0ff32efd3f49a78f32dd1a82661eb970b6f829"}, 0xf0a}) openat$cgroup_procs(r0, &(0x7f0000002a40)='cgroup.procs\x00', 0x2, 0x0) r2 = io_uring_setup(0x1de0, &(0x7f0000000440)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x10, 0x3, 0x0) ioctl$FBIO_WAITFORVSYNC(0xffffffffffffffff, 0x40044620, 0x0) r7 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x40f02, 0x0) ioctl$SNDCTL_DSP_SPEED(r7, 0xc0045002, &(0x7f0000000040)) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000024000000030a0108000000000000000001000000040004800900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30010000002800048024000180090001006d657461000000001400028008000240000000140800014000000015140000001100010000000000000000000000000a"], 0xbc}, 0x1, 0x0, 0x0, 0x2000c045}, 0x0) syz_emit_ethernet(0x66, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa429e82211cf808004555005800640000662f9078ac1e0001e00000010421880b000000000c000800080086dd080088be0000000314031a12010000000000002f080022eb000000032607840902000000000000040003150008006558000000018650d7c29c8acf6e278ae33c94480d3922b46c0259bf4b9e38c90a993088bebf11"], 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000740)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r9}, 0x10) 3.782791687s ago: executing program 4 (id=315): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x397, &(0x7f0000000180)={0x0, 0xff90}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="34000000100005070000fa00000000000000001a", @ANYRES32=r2, @ANYBLOB="0000005f41000000140012000c00010076657468"], 0x34}}, 0x0) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_FLAGS={0x8, 0x8, 0x702}]}, 0x34}}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x7fff, &(0x7f0000000080)=0x1) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = eventfd2(0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000004, 0x0, 0x1, r8, 0x11}) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000100)={0x0, 0x0, 0x1, r8, 0xd}) r9 = socket(0x10, 0x803, 0x0) r10 = socket(0x1, 0x803, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@ipv6_deladdrlabel={0x44, 0x49, 0x2, 0x70bd2a, 0x25dfdbff, {0xa, 0x0, 0x78, 0x0, r2, 0x526b}, [@IFAL_ADDRESS={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @IFAL_ADDRESS={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x44}}, 0x0) 3.74877523s ago: executing program 2 (id=316): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000ff07090400000000000000000ab5e2d6bbee0552cd000000ea5699fd07000000fddc3f3757e2218b518e382d048a2ef99157d77f2e9c17fba8835d1387c5cf14b2ec3ad4b15b4c94a03ffc21e62e1b36de653273"], 0x1c}}, 0x0) (async) mkdirat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x110) lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000480)=@v3={0x3000000, [{0xf876, 0x102}, {0x6, 0x1}]}, 0x18, 0x0) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000006"], 0x50) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) (async) getresgid(&(0x7f0000000080), &(0x7f0000000280), &(0x7f00000002c0)) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="8c00f6315ef57a11b822b86257f081a3ac3f60d811813fe7d06d5ee854baade8d7aee755fc4fbb9874a16dfebb0870d277544538be254a7c2b70cf359d381a9bd77e0eb4a2c20ffbcb9b51940d5f524e5b7e1800000000ce8022634460a2573fef3e23e7d405a02d71623e907fb19695e2813a6e20d9d0d2555cb6bc291c3e9fa4a27960ededce641b20a5d524d14378", @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES64=r2, @ANYBLOB=',\x00']) (async) read$FUSE(r2, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0xeea390}}, 0x50) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000084c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020025642532000000000900010073797a3000000000080005"], 0x40c4}}, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[], &(0x7f00000003c0)=""/83, 0xf8, 0x53, 0x1, 0x2, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x12, 0x200000000000037b, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095", @ANYRES64=r3, @ANYRESHEX=r1, @ANYRES16=r4, @ANYRESOCT, @ANYRES8=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_CAPBSET_READ(0x17, 0x20) (async) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x14, 0xc, &(0x7f00000005c0)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, @void, @value}, 0x94) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) userfaultfd(0x80001) madvise(&(0x7f00008d7000/0x1000)=nil, 0x1000, 0x4) (async) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r6 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TIOCSTI(r6, 0x541e, 0x0) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) ioctl$SIOCGETVIFCNT(r7, 0x89e0, 0x0) (async) sendmsg$kcm(0xffffffffffffffff, 0x0, 0xff00) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 2.843484592s ago: executing program 3 (id=317): syz_init_net_socket$x25(0x9, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000280)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000200)={0x16, 0x18, 0xfa00, @id_tos={&(0x7f0000000240)=0xfe, r5, 0x0, 0x0, 0x1}}, 0x20) bpf$TOKEN_CREATE(0x24, &(0x7f0000000300), 0xffffffffffffff72) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, 0x0, 0x20040000) r9 = memfd_create(&(0x7f0000000000)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3', 0x6) r10 = dup(r9) finit_module(r10, 0x0, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x5, 0x6, 0x4b7, 0xe, 0x1280, 0xffffffffffffffff, 0x0, '\x00', r8, 0xffffffffffffffff, 0x4, 0x1, 0x5, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 2.795539981s ago: executing program 1 (id=318): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c9f4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75055df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83766b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b556381768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42ddd5f393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8dc0d472672286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8455029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a82a6ef09d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b420e74c6bcdf1ed0b306141a83bf1268e954ad069257fbfaa1a7ea582badc1a7f2a5b0965f3535872d85c0bc3a233a3ea85df6a8ed76f0f803d54b7bef77d8ea71621f8a78dd17c3b58c5c7476ed6191acbb949e77f7cac81c543f7751e5e1000"/4545], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)={@cgroup, r0, 0x2f, 0x2020, 0x4, @void, @void, @value}, 0x20) 2.706700178s ago: executing program 0 (id=319): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000180)="c4c115f9da0fc75eeec4e1781101d8e20f009600000000f707f0020000c4e1a5d872000f0666baf80cb87c20a98cef66bafc0cb8c202ebf4eff3ad"}], 0xaaaab54, 0x4d, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0xfa, 0xc, 0x1, 0x0, 0xdc, 0x2, 0x7, 0x3, 0x8d, 0x29, 0x60, 0x7, 0x0, 0x5, 0x1, 0x0, 0x0, 0x7, 0x9, '\x00', 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.970959067s ago: executing program 2 (id=320): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prlimit64(0x0, 0xf, &(0x7f0000000100)={0x9, 0x7fffffff}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, 0x0, 0x0) 1.923955463s ago: executing program 2 (id=321): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x20004000) (fail_nth: 2) 1.909642616s ago: executing program 1 (id=322): setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x3f00) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000380)={0x60, 0x2, &(0x7f0000355000/0x4000)=nil, &(0x7f000030d000/0x1000)=nil, 0x3, 0x0, 0x0, 0xeb, 0x30, 0x61, 0x47, 0x43}) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) get_robust_list(0x0, 0x0, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$packet(0x11, 0x3, 0x300) r1 = socket$inet(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09ff3a150099a283ff04b8008000f0ffff0000000600401500240036001fc411a0b598bc593ab6821148a730cc33a49868c62b2ca654a6613b6aab", 0x42}, {&(0x7f0000000080)='G%\x00\x00\x00\x00\x00\x00\x00\x00', 0xa}], 0x2}, 0x0) recvmmsg(r1, &(0x7f0000001300)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}}], 0x300, 0x48, 0x0) 1.812620324s ago: executing program 3 (id=323): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r1, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r1, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r1, &(0x7f0000000040)={0x2, 0x0, {&(0x7f0000000b40)=""/263, 0x107, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r1, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000540)=""/219, 0xdb, 0x0, 0x1, 0x2}}, 0x48) write$vhost_msg_v2(r1, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000400)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x54c, 0x24b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0xa0, 0xc9, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x1, 0x1, 0x8, {0x9, 0x21, 0x7, 0x2, 0x1, {0x22, 0x34}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x4, 0x7, 0xc}}}}}]}}]}}, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0xc07}}, {0x5c, &(0x7f0000000780)=@string={0x5c, 0x3, "b7357e43ce344cb8c3ea8271170cc852270a901d3fdc3432a7a58eaf1c43e8861c520af27ec0028163f075f8a6f87895063a465f784e35b37ea237afc87e52acb45727db3ba85c15ad391ac0cf78413df7969c39fe5314bdb47e"}}]}) write(0xffffffffffffffff, &(0x7f0000000000), 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000001840)={0x14, 0x0, 0x0}, &(0x7f0000001b40)={0x44, 0x0, 0x0, &(0x7f00000019c0)={0x0, 0x8, 0x1, 0x57}, 0x0, 0x0, &(0x7f0000001a80)={0x20, 0x83, 0x2, "3ee6"}, 0x0, &(0x7f0000001b00)={0x20, 0x85, 0x3, "c89593"}}) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$packet(r2, &(0x7f0000000000)={0x1f, 0xf8, 0x0, 0x1, 0x2, 0x6, @broadcast}, 0x14) shutdown(r2, 0x1) 1.73684879s ago: executing program 0 (id=324): r0 = syz_open_dev$loop(&(0x7f0000000300), 0x75f, 0x107783) ioctl$LOOP_SET_STATUS(r0, 0x1277, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x0, 0x0, 0xc, 0x9, "4b8b3ea46929dfed0b2f34380d308f95a023d009852471dd5a94a9fe9549918ae7fd1f0ececd9bada8b108403362cfe0f4fccffb1b6a2115354d4df15d017a3f", "2363f18d9acc6c25af21ca2af6d2e80e4caadd6d126cfb80c92dc817d44dcdec", [0x1]}) 1.106794969s ago: executing program 2 (id=325): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000002180c20000000800450c00201f000f0004069078ac1414bbac1414aa00014e20000c907801febbd9"], 0x0) 1.09960734s ago: executing program 0 (id=326): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x1e4, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0x4, 0x1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1b4, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}, [@TCA_NETEM_LOSS={0x44, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x8, 0x7, 0x0, 0x8, 0x8001}}, @NETEM_LOSS_GE={0x14, 0x2, {0x10, 0xfffffffc, 0x0, 0xbac}}, @NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x1, 0x1, 0x8001}}]}, @TCA_NETEM_RATE={0x14, 0x6, {0x3, 0x3, 0x1, 0x5}}, @TCA_NETEM_DELAY_DIST={0x33, 0x2, "9f2b57f6fd6d293bfe5b6d9a96ed3dddee6b7e412e5f234d15c69e5d9c27c84e38c1aec4c41bc1aca5f6f367d423db"}, @TCA_NETEM_CORR={0x10, 0x1, {0x7, 0xd654, 0x101}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x2}, @TCA_NETEM_REORDER={0xc, 0x3, {0x0, 0x3}}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x3, 0x1ff, 0x3, 0xf, 0x1}}]}, @TCA_NETEM_DELAY_DIST={0x5b, 0x2, "3c926845bef2777306c8ce8c9e7c870635d5063a53232e3f3126a9cd3087f541a50b088e7362039158e2fc77f6bfc8f0b0af636870d08dde0dc116b78164fa69b70291157cf17607d14c226735b4ee76cb739c4af72fcb"}, @TCA_NETEM_LOSS={0x6c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x4, 0x3, 0x5}}, @NETEM_LOSS_GE={0x14, 0x2, {0x0, 0x9, 0x8, 0x612}}, @NETEM_LOSS_GE={0x14, 0x2, {0x80, 0x1, 0xfe, 0x6}}, @NETEM_LOSS_GI={0x18, 0x1, {0x3, 0x7, 0x6, 0x9}}, @NETEM_LOSS_GE={0x14, 0x2, {0x7, 0x5, 0xf32, 0x1}}]}]}}}]}, 0x1e4}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) 1.032868357s ago: executing program 2 (id=327): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) semctl$IPC_RMID(0x0, 0x0, 0x0) write$selinux_access(0xffffffffffffffff, 0x0, 0x0) getrlimit(0xb, &(0x7f00000000c0)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x6, 0x66c, 0x0, 'queue1\x00'}) write$sndseq(r2, 0x0, 0x0) poll(0x0, 0x0, 0x9d) write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', 0xffffffffffffffff, 0x0, 0x4000000000000}, 0x18) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 575.985077ms ago: executing program 0 (id=328): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) socket$unix(0x1, 0x2, 0x0) r0 = socket$unix(0x1, 0x2, 0x0) socket$unix(0x1, 0x2, 0x0) connect$unix(r0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0e00000004000000", @ANYRES32, @ANYBLOB="0000000000800000000000000000000000000000922a"], 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x10, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)=r3}, 0x20) 510.935755ms ago: executing program 1 (id=329): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000ac0)={0xfffffffffffffffc, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01020000000000000000020000070900010073797a300000000014000000020a010200000000000000000000000a140000001100010000000000000000000000000a516ee6b7efa1de54a91b1bab550d081fdc31a726ec2ee5d0d5d3206d77758acdcd9bc9c484b424c3a27602bae959979d24abdae75d0a572138ef0137a3"], 0x5c}, 0x1, 0x0, 0x0, 0x4000018}, 0x40) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000100)={0x0, 0x2, 0x6}, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0x8, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) write$UHID_INPUT(r4, &(0x7f0000001980)={0x765, {"a2e3ad084fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3245078b089b39353b0e1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b33300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x210000000013, &(0x7f0000000300)=0x100000001, 0x4) connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r7, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x6) setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f00000001c0), 0x4) bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x4) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) 65.538434ms ago: executing program 2 (id=330): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r1, 0x0, 0x9, 0x5, 0x9, 0x0, {0x9, 0xd6, 0x1c, 0x7, 0xfe, 0x401, 0xfff5, 0xa, 0x0, 0x52, 0x8000, 0x7e9, 0x7ff, 0x5, "cb630dab3a0338057401a192419598961f50dc45c87d55b42a28b8f01c0e0e7a"}}) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000140)={0x10000000, 0x101}) io_setup(0x7, &(0x7f0000000040)=0x0) syz_clone3(&(0x7f0000000040)={0x200126000, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, 0x0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0) clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000680)=0xffffffffffffffff) r9 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r10 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r9}, 0x2c, {'wfdno', 0x3d, r10}}) r11 = eventfd2(0x1b, 0x80001) r12 = eventfd(0x7) r13 = openat2(0xffffffffffffff9c, &(0x7f0000000a40)='./file0\x00', &(0x7f0000000a80)={0x40, 0x1c, 0x34}, 0x18) io_submit(r3, 0x9, &(0x7f0000000b00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x9fb30251fcdf4d9, 0x8, r0, &(0x7f0000000080)="a4b15e388020d4046cf99113fb282e23c0dd6d75a16748f024657cad11f05fed070c43a62ff33536b5dfedae8de09312306a1f2e7633f8d9627e6ce04c6aa776c7971ff5c6d68c3cd7d63c605652067662ef10f2e18a9ef1139bafe8ea78b91fe9524464b19a66a4f444efbb4dfc65232a47ce35bd0a8ba146adcd91137b870ce240e406efd4c03e519c417354752de8a76b757a53f1c3cc7f178a969badff0685fabe515139db3923c2717caebd", 0xae, 0x6, 0x0, 0x3, r7}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x8, r2, &(0x7f0000000340)="f2e7712e7ae3546c002601ba19916dcf3cd2346523b77cfb994e7ec619bcff55f19ee2125c3a559fb8a206787bdfbe5d507b1b7d44c4fac11584bb60d9ba3ebbd903f432a123e2595b03033a110c872bec094e9e3f07b077fd923a87c84f57112fbd483e2925b7f9b29ddce70b085e401528bff8229a3c8732a75c9cef29506419707f7746b499bc6d6130292462cd34c3539be7b4846191cc936942d154daabaaefbfc060d3c90b", 0xa8, 0x2, 0x0, 0x1}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x8, 0xd, r2, &(0x7f0000000400)="a8d6b60ec84497582873415ce4df79c2ddf68dc59a136e8a4c0cb2ad2a44a6faf0b6fdfb45f4c0bc5079715e1d723865e046f785d5ab990b6cb73563df3269771011568f91d8210fa954d5cf3e7c7310c68f32c46a827c20948cb295f3e79418659dcd8309398c2fff4386a04864a9373db103b8164b54cd524a72d3ba0b", 0x7e, 0x1, 0x0, 0x2}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, &(0x7f0000000480)="3612841443e7dd5b3161a7e510f4083480d12d74302cc080d92c97e8902d904238e1a8e11a3176a5e04b0dfa28aa71381ddc79085aafc1ea90210e969a03357cb3770063619551f0ba9b75867883cde0e0a59eae0f60aa9fc7c21d3dfa10eeb5108cfd486a12075035cfd04ca07c9f44e23fe5b2dfff28bd842a34a74b09fedf4df87a28aac86f47e58465b3effea719511f8895b63db3621f703b8ef20e83fcff642005f6f4c17f91b8ec7d115c8bf5a130ceaaeb648684783844978afc46989cbe93fea7613d32cbef7d3a72e5c68dcf17aa0594135bca204dc45964a75c693a9c79f2d9526eb052ba41bec2", 0xed, 0x80000001, 0x0, 0x1}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x3, 0x81, r0, &(0x7f00000005c0)="e9219c353b903e802bd9f87b64e466e5a617922e68c9d0e5628652a776a6ee7d0c5db6266ddcdb46fb614025c738e484752d507e9cebb40bc5eecb331a1ec5f03eca52b60813d993e42b4263c5dd89b38a281ecfc4650913477baece259b3b25167409ae", 0x64, 0x5, 0x0, 0x1}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x5, 0x3, r8, &(0x7f00000006c0)="45ae7cdbefe7a2a0b3cab8bf63a147c802f30517ae7780a1734fc90f916c0bcc582a77158171f43427d745397aca472593f1d175129abc920fa1bee00a15d3d6057adb73015939d1d8445cebc5ad75f7a0959b76636176fadcd315aafe2f975e49b5fa774a39710bf7ee332b863779d2ea58d0b6b49bd95dc28a6466277ba76b072e0bc0ca6b19cd88fcaddb1ffac018c13818edaea5ccb5f38fd20ee7f74bcf778f6d2bd4441f7462b54f497eb9", 0xae, 0x7fff, 0x0, 0x7, r9}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x3, 0x8b39, r2, &(0x7f00000007c0)="f0e1653a47505f81558c23a5a550dcac3b023d40eda972db16dd4dd2d68c4a21e1a04eb3a080103ff97403b8783fd6c8c7d7911ba4993dae5dbff2262814a7358df976bb489926c2a21d674e412d71ce36e63395388efefd5ae8613545aefb29c9c21e079595a7088cdd260dd2606cd7ee715fbd83696c8b5a18eddd61ce097b46e04f2f285117e8fa3604f2ae4d324de37fed557a063e3ab4563ec65029164e1b5ac75f79880233a5a37b520f7d9964a43f4a40f5b4a36b375e42ed7c8cb112ee873a3246", 0xc5, 0xd1, 0x0, 0x0, r11}, &(0x7f0000000980)={0x0, 0x0, 0x0, 0xe, 0x8001, r0, &(0x7f0000000900)="fd999cbecced901fdf62e3cda8654e5845313ad98a859e1809b1bc12cde06399e5636c635581f84c96aa6034639c7ea72898b99b9cddc4aa33d20d34ef63a009e87d41e570ad1b11444faa6c7b166fb59c6700258fabe7f59383406664e0b4a40dfd547f205d5f67d4c590ee8fc3fe9304c023074efa70", 0x77, 0xffff, 0x0, 0x2, r12}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x6, 0x2, r0, &(0x7f00000009c0)="4ca61d740ef1daa03418408dab8b9b4cda310c3031fad5577363342b67f64d66a8a89c6a624d17d91a9868d028b96d92fe26a63367afd49efc3a5c12373d7d1d702d", 0x42, 0x4, 0x0, 0x2, r13}]) 48.557582ms ago: executing program 4 (id=331): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prlimit64(0x0, 0xf, &(0x7f0000000100)={0x9, 0x7fffffff}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 0 (id=332): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x26) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4004050}, 0x0) socket(0x1e, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000a40)={'wlan1\x00'}) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2600, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000140)={0x28, 0x3, r7, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000007000000080001006e00000008000300", @ANYRES32=r10, @ANYBLOB="0c0099000000000000000000050053000100000014000400776c616e310000000000000000000000140006"], 0x60}}, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r7, 0x0, &(0x7f00006a2000/0x2000)=nil, 0x2000, 0x1000000001}) ioctl$IOMMU_IOAS_COPY(r6, 0x3b83, &(0x7f0000000180)={0x28, 0x3, r7, r7, 0x6, 0x4, 0x3fff}) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000004780)={'syz_tun\x00', &(0x7f0000000400)=@ethtool_link_settings={0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}) kernel console output (not intermixed with test programs): batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.719442][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.745058][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.768771][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.779755][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.800556][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.815944][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.822880][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.848885][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.874950][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.881892][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.910148][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.931039][ T5821] hsr_slave_0: entered promiscuous mode [ 53.937139][ T5821] hsr_slave_1: entered promiscuous mode [ 53.958762][ T5813] team0: Port device team_slave_0 added [ 53.968876][ T5825] team0: Port device team_slave_0 added [ 53.976267][ T5825] team0: Port device team_slave_1 added [ 54.008544][ T5813] team0: Port device team_slave_1 added [ 54.047879][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.054928][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.081608][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.101534][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.108967][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.140122][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.160032][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.169266][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.195686][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.209342][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.216526][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.242581][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.253532][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.260773][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.268803][ T5823] bridge_slave_0: entered allmulticast mode [ 54.275554][ T5823] bridge_slave_0: entered promiscuous mode [ 54.284333][ T5817] hsr_slave_0: entered promiscuous mode [ 54.290319][ T5817] hsr_slave_1: entered promiscuous mode [ 54.296463][ T5817] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.304399][ T5817] Cannot create hsr debugfs directory [ 54.320883][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.328066][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.335586][ T5823] bridge_slave_1: entered allmulticast mode [ 54.341938][ T5823] bridge_slave_1: entered promiscuous mode [ 54.362133][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.372836][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.432683][ T5823] team0: Port device team_slave_0 added [ 54.451461][ T5825] hsr_slave_0: entered promiscuous mode [ 54.457534][ T5825] hsr_slave_1: entered promiscuous mode [ 54.463387][ T5825] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.471021][ T5825] Cannot create hsr debugfs directory [ 54.478916][ T5813] hsr_slave_0: entered promiscuous mode [ 54.485885][ T5813] hsr_slave_1: entered promiscuous mode [ 54.491711][ T5813] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.499292][ T5813] Cannot create hsr debugfs directory [ 54.506530][ T5823] team0: Port device team_slave_1 added [ 54.549368][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.556364][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.582870][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.596978][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.603924][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.631143][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.692240][ T5823] hsr_slave_0: entered promiscuous mode [ 54.699119][ T5823] hsr_slave_1: entered promiscuous mode [ 54.705780][ T5823] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.713307][ T5823] Cannot create hsr debugfs directory [ 54.755084][ T5816] Bluetooth: hci1: command tx timeout [ 54.760800][ T5816] Bluetooth: hci2: command tx timeout [ 54.766660][ T5138] Bluetooth: hci0: command tx timeout [ 54.789837][ T5821] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.822491][ T5821] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.852321][ T5821] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.860809][ T5821] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.914406][ T5816] Bluetooth: hci3: command tx timeout [ 54.914603][ T55] Bluetooth: hci4: command tx timeout [ 54.928406][ T5817] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 54.937082][ T5817] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 54.949018][ T5817] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 54.957925][ T5817] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 54.992873][ T5813] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.001628][ T5813] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.015726][ T5813] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.034716][ T5813] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.094835][ T5825] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.104231][ T5825] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.122686][ T5825] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.136997][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.161060][ T5825] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.201955][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.216867][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.229426][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.236633][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.252573][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.262809][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.276635][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.286878][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.296490][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.311696][ T1082] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.318775][ T1082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.344866][ T5817] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.377437][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.384534][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.396216][ T5813] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.419743][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.426829][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.436219][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.443285][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.462471][ T5821] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.479958][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.487044][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.547434][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 55.547448][ T29] audit: type=1400 audit(1736915330.357:111): avc: denied { sys_module } for pid=5821 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 55.549502][ T5817] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.618618][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.649984][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.686479][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.702514][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.721302][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.728467][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.767674][ T1082] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.774794][ T1082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.787812][ T1082] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.794927][ T1082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.803916][ T1082] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.811004][ T1082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.841749][ T5823] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.853214][ T5823] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.893531][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.916157][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.938685][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.985887][ T5821] veth0_vlan: entered promiscuous mode [ 56.016691][ T5821] veth1_vlan: entered promiscuous mode [ 56.081323][ T5813] veth0_vlan: entered promiscuous mode [ 56.098975][ T5821] veth0_macvtap: entered promiscuous mode [ 56.109647][ T5821] veth1_macvtap: entered promiscuous mode [ 56.139225][ T5813] veth1_vlan: entered promiscuous mode [ 56.171435][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.186220][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.211866][ T5813] veth0_macvtap: entered promiscuous mode [ 56.231150][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.240684][ T5821] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.250724][ T5821] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.259905][ T5821] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.268916][ T5821] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.292561][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.300826][ T5813] veth1_macvtap: entered promiscuous mode [ 56.332298][ T5823] veth0_vlan: entered promiscuous mode [ 56.357763][ T5813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.373381][ T5813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.384215][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.394356][ T5813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.405577][ T5813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.416543][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.430267][ T5813] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.439470][ T5813] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.448901][ T5813] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.457901][ T5813] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.482715][ T5823] veth1_vlan: entered promiscuous mode [ 56.511537][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.519534][ T5817] veth0_vlan: entered promiscuous mode [ 56.529814][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.575093][ T1082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.585272][ T5817] veth1_vlan: entered promiscuous mode [ 56.592483][ T1082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.593341][ T5825] veth0_vlan: entered promiscuous mode [ 56.623079][ T5823] veth0_macvtap: entered promiscuous mode [ 56.631655][ T29] audit: type=1400 audit(1736915331.447:112): avc: denied { mounton } for pid=5821 comm="syz-executor" path="/root/syzkaller.BzYviF/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 56.642130][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.657195][ T5825] veth1_vlan: entered promiscuous mode [ 56.682166][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.701810][ T29] audit: type=1400 audit(1736915331.477:113): avc: denied { mount } for pid=5821 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 56.724819][ T29] audit: type=1400 audit(1736915331.477:114): avc: denied { mounton } for pid=5821 comm="syz-executor" path="/root/syzkaller.BzYviF/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 56.731211][ T5823] veth1_macvtap: entered promiscuous mode [ 56.756969][ T29] audit: type=1400 audit(1736915331.477:115): avc: denied { mount } for pid=5821 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 56.780912][ T29] audit: type=1400 audit(1736915331.487:116): avc: denied { mounton } for pid=5821 comm="syz-executor" path="/root/syzkaller.BzYviF/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 56.816489][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 56.825531][ T5817] veth0_macvtap: entered promiscuous mode [ 56.844147][ T55] Bluetooth: hci2: command tx timeout [ 56.849564][ T55] Bluetooth: hci0: command tx timeout [ 56.852318][ T5825] veth0_macvtap: entered promiscuous mode [ 56.855322][ T5816] Bluetooth: hci1: command tx timeout [ 56.866483][ T29] audit: type=1400 audit(1736915331.487:117): avc: denied { mounton } for pid=5821 comm="syz-executor" path="/root/syzkaller.BzYviF/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=6596 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 56.882709][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.898052][ T29] audit: type=1400 audit(1736915331.487:118): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 56.922840][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.926737][ T29] audit: type=1400 audit(1736915331.497:119): avc: denied { mounton } for pid=5821 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2724 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 56.938058][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.957036][ T29] audit: type=1400 audit(1736915331.497:120): avc: denied { mount } for pid=5821 comm="syz-executor" name="/" dev="gadgetfs" ino=6597 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 56.969347][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.994214][ T5816] Bluetooth: hci3: command tx timeout [ 56.997452][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.001876][ T5816] Bluetooth: hci4: command tx timeout [ 57.012696][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.028663][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.039452][ T5817] veth1_macvtap: entered promiscuous mode [ 57.053082][ T5825] veth1_macvtap: entered promiscuous mode [ 57.078420][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.101641][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.111876][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.122547][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.132545][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.143350][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.154703][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.176595][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.191529][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.202544][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.222458][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.240027][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.259817][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.276277][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.286956][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.300054][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.309946][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.320811][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.332342][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.348173][ T5823] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.374157][ T5823] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.544063][ T5894] binder: 5888:5894 ioctl c0306201 0 returned -14 [ 57.575086][ T5823] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.586512][ T5823] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.367999][ T5817] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.394401][ T5817] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.424039][ T5817] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.432767][ T5817] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.520336][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.531574][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.541491][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.602974][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.631241][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.671420][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.700903][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.712436][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.730246][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.770232][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.785929][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.798467][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.809962][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.820398][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.831377][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.844121][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.854774][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.865903][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.876682][ T5825] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.886274][ T5825] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.895185][ T5825] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.903891][ T5825] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.914577][ T55] Bluetooth: hci1: command tx timeout [ 58.918707][ T5816] Bluetooth: hci0: command tx timeout [ 58.925373][ T55] Bluetooth: hci2: command tx timeout [ 58.948852][ T3537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.957346][ T3537] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.004401][ T1070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.022384][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.030473][ T1070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.033825][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.071171][ T2134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.079112][ T5816] Bluetooth: hci4: command tx timeout [ 59.079144][ T5816] Bluetooth: hci3: command tx timeout [ 59.100660][ T2134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.123910][ T1070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.132155][ T1070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.154552][ T5858] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 59.182762][ T5908] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1'. [ 59.185628][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.216814][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.429508][ T5858] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 59.439951][ T5858] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 59.453536][ T5918] netlink: 256 bytes leftover after parsing attributes in process `syz.2.10'. [ 59.508306][ T5918] netlink: 48 bytes leftover after parsing attributes in process `syz.2.10'. [ 59.590959][ T5858] usb 2-1: Product: syz [ 59.595311][ T5858] usb 2-1: Manufacturer: syz [ 59.599987][ T5858] usb 2-1: SerialNumber: syz [ 59.615408][ T5858] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 59.630093][ T5906] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 59.640528][ T5815] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 59.684008][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 59.716405][ T47] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 59.754186][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 59.801440][ T5906] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 59.811787][ T5906] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 59.837712][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.856371][ T5906] usb 5-1: config 0 descriptor?? [ 59.870557][ T5906] pwc: Askey VC010 type 2 USB webcam detected. [ 59.874781][ T47] usb 1-1: Using ep0 maxpacket: 16 [ 59.890009][ T47] usb 1-1: unable to get BOS descriptor or descriptor too short [ 59.901163][ T47] usb 1-1: config index 0 descriptor too short (expected 2093, got 45) [ 59.930695][ T47] usb 1-1: config 7 has an invalid interface number: 117 but max is 0 [ 59.946354][ T47] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 59.970342][ T47] usb 1-1: config 7 has no interface number 0 [ 59.977054][ T47] usb 1-1: config 7 interface 117 has no altsetting 0 [ 60.000121][ T47] usb 1-1: New USB device found, idVendor=0421, idProduct=04c9, bcdDevice=ed.ff [ 60.017506][ T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.038249][ T47] usb 1-1: Product: syz [ 60.060405][ T47] usb 1-1: Manufacturer: syz [ 60.070771][ T47] usb 1-1: SerialNumber: syz [ 60.275518][ T5906] pwc: recv_control_msg error -32 req 02 val 2b00 [ 60.292245][ T5906] pwc: recv_control_msg error -32 req 02 val 2700 [ 60.314642][ T5906] pwc: recv_control_msg error -32 req 02 val 2c00 [ 60.315372][ T5906] pwc: recv_control_msg error -32 req 04 val 1000 [ 60.315787][ T5906] pwc: recv_control_msg error -32 req 04 val 1300 [ 60.316685][ T5913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 60.316928][ T5913] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 60.318055][ T5913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 60.318264][ T5913] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 60.319249][ T5906] pwc: recv_control_msg error -32 req 04 val 1400 [ 60.319713][ T5906] pwc: recv_control_msg error -32 req 02 val 2000 [ 60.320147][ T5906] pwc: recv_control_msg error -32 req 02 val 2100 [ 60.321528][ T5906] pwc: recv_control_msg error -32 req 04 val 1500 [ 60.419140][ T5860] usb 2-1: USB disconnect, device number 2 [ 60.530363][ T5906] pwc: recv_control_msg error -71 req 02 val 2400 [ 60.537325][ T5933] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1'. [ 60.538729][ T5906] pwc: recv_control_msg error -71 req 02 val 2600 [ 60.565072][ T29] kauditd_printk_skb: 77 callbacks suppressed [ 60.565087][ T29] audit: type=1400 audit(1736915335.377:198): avc: denied { name_bind } for pid=5907 comm="syz.0.1" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 60.622312][ T29] audit: type=1400 audit(1736915335.427:199): avc: denied { create } for pid=5927 comm="syz.2.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 60.623237][ T5906] pwc: recv_control_msg error -71 req 02 val 2900 [ 60.648926][ T5906] pwc: recv_control_msg error -71 req 02 val 2800 [ 60.660250][ T5906] pwc: recv_control_msg error -71 req 04 val 1100 [ 60.664508][ T5908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 60.668665][ T5906] pwc: recv_control_msg error -71 req 04 val 1200 [ 60.675694][ T5815] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 60.676122][ T5815] ath9k_htc: Failed to initialize the device [ 60.694236][ T5908] openvswitch: netlink: Flow key attr not present in new flow. [ 60.706726][ T5860] usb 2-1: ath9k_htc: USB layer deinitialized [ 60.721124][ T29] audit: type=1400 audit(1736915335.457:200): avc: denied { ioctl } for pid=5927 comm="syz.2.13" path="socket:[6888]" dev="sockfs" ino=6888 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 60.753305][ T5906] pwc: Registered as video103. [ 60.769610][ T5906] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input5 [ 60.782374][ T29] audit: type=1400 audit(1736915335.587:201): avc: denied { read } for pid=5176 comm="acpid" name="event4" dev="devtmpfs" ino=2731 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 60.787581][ T5906] usb 5-1: USB disconnect, device number 2 [ 60.804821][ C1] vkms_vblank_simulate: vblank timer overrun [ 60.841296][ T29] audit: type=1400 audit(1736915335.587:202): avc: denied { open } for pid=5176 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2731 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 60.892144][ T29] audit: type=1400 audit(1736915335.587:203): avc: denied { ioctl } for pid=5176 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2731 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 60.995056][ T55] Bluetooth: hci2: command tx timeout [ 61.001136][ T55] Bluetooth: hci1: command tx timeout [ 61.009435][ T29] audit: type=1400 audit(1736915335.817:204): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 61.057148][ T29] audit: type=1400 audit(1736915335.867:205): avc: denied { create } for pid=5935 comm="syz.2.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 61.098381][ T5936] Bluetooth: MGMT ver 1.23 [ 61.105662][ T29] audit: type=1400 audit(1736915335.907:206): avc: denied { bind } for pid=5935 comm="syz.2.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 61.125335][ T29] audit: type=1400 audit(1736915335.907:207): avc: denied { write } for pid=5935 comm="syz.2.14" path="socket:[8348]" dev="sockfs" ino=8348 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 61.159378][ T5816] Bluetooth: hci3: command tx timeout [ 61.160011][ T55] Bluetooth: hci4: command tx timeout [ 61.374039][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 61.973287][ T5860] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 62.004063][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 62.160465][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 62.190596][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 62.242913][ T1200] IPVS: starting estimator thread 0... [ 62.304003][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 62.317816][ T5929] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 62.320229][ T5860] usb 3-1: Using ep0 maxpacket: 32 [ 62.334302][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 62.343206][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 62.395398][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 62.414772][ T5949] IPVS: using max 30 ests per chain, 72000 per kthread [ 62.446102][ T5948] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 62.574772][ T5860] usb 3-1: config 0 has an invalid interface number: 23 but max is 0 [ 62.585197][ T5860] usb 3-1: config 0 has no interface number 0 [ 62.591332][ T5860] usb 3-1: config 0 interface 23 has no altsetting 0 [ 62.665383][ T5860] usb 3-1: New USB device found, idVendor=052b, idProduct=1803, bcdDevice= c.62 [ 62.695796][ T47] usb 1-1: bad CDC descriptors [ 62.717070][ T5860] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.724233][ T47] usb 1-1: USB disconnect, device number 2 [ 62.783017][ T5860] usb 3-1: config 0 descriptor?? [ 62.796991][ T5860] gspca_main: sunplus-2.14.0 probing 052b:1803 [ 63.205789][ T5921] usb 3-1: USB disconnect, device number 2 [ 63.650365][ T5968] tmpfs: Bad value for 'mpol' [ 64.284084][ T25] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 64.607208][ T25] usb 2-1: New USB device found, idVendor=0424, idProduct=7505, bcdDevice=74.82 [ 64.628611][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 64.665248][ T25] usb 2-1: Product: syz [ 64.669482][ T25] usb 2-1: Manufacturer: syz [ 64.692473][ T25] usb 2-1: SerialNumber: syz [ 64.707325][ T5982] lo speed is unknown, defaulting to 1000 [ 64.726877][ T5982] lo speed is unknown, defaulting to 1000 [ 64.748997][ T5982] lo speed is unknown, defaulting to 1000 [ 64.773841][ T25] usb 2-1: config 0 descriptor?? [ 64.783738][ T25] smsc75xx v1.0.0 [ 64.787492][ T25] smsc75xx 2-1:0.0 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 64.797584][ T25] smsc75xx 2-1:0.0: probe with driver smsc75xx failed with error -22 [ 64.833277][ T5982] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 65.177305][ T5982] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 65.509104][ T5982] lo speed is unknown, defaulting to 1000 [ 65.516980][ T5982] lo speed is unknown, defaulting to 1000 [ 65.676286][ T5982] lo speed is unknown, defaulting to 1000 [ 65.697887][ T5982] lo speed is unknown, defaulting to 1000 [ 65.705234][ T5982] lo speed is unknown, defaulting to 1000 [ 65.745247][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 65.745263][ T29] audit: type=1400 audit(1736915340.537:233): avc: denied { audit_write } for pid=5988 comm="syz.2.27" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 65.859948][ T29] audit: type=1107 audit(1736915340.537:234): pid=5988 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='xiH aۗL)PEumDکrQp 3PQ64mLa';1$5F,L`W\} 15 [ 68.202335][ T55] Bluetooth: hci0: Unable to find connection for dst 00:00:00:00:00:00 sid 0xbc [ 68.222748][ T29] audit: type=1400 audit(1736915343.027:242): avc: denied { mounton } for pid=6017 comm="syz.1.36" path="/7/file0" dev="tmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 68.244818][ C1] vkms_vblank_simulate: vblank timer overrun [ 68.868051][ T6032] netlink: 20 bytes leftover after parsing attributes in process `syz.0.42'. [ 69.019152][ T5860] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 69.390715][ T5860] usb 4-1: Using ep0 maxpacket: 8 [ 69.845624][ T5860] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 69.855578][ T5860] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 69.865516][ T5860] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 69.876259][ T5860] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 69.897565][ T5860] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 69.908433][ T5860] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.451618][ T6056] NILFS (loop2): device size too small [ 70.905539][ T5860] usb 4-1: usb_control_msg returned -32 [ 70.911154][ T5860] usbtmc 4-1:16.0: can't read capabilities [ 70.925252][ T5860] usb 4-1: USB disconnect, device number 2 [ 71.101916][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.110989][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.873665][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 71.873681][ T29] audit: type=1400 audit(1736915345.947:248): avc: denied { read } for pid=6058 comm="syz.0.49" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 71.927431][ T29] audit: type=1400 audit(1736915345.947:249): avc: denied { open } for pid=6058 comm="syz.0.49" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 71.981248][ T6068] Cannot find del_set index 0 as target [ 71.989509][ T29] audit: type=1400 audit(1736915345.947:250): avc: denied { ioctl } for pid=6058 comm="syz.0.49" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d0c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 72.097885][ T29] audit: type=1400 audit(1736915346.017:251): avc: denied { shutdown } for pid=6058 comm="syz.0.49" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 72.126584][ T29] audit: type=1400 audit(1736915346.907:252): avc: denied { create } for pid=6069 comm="syz.0.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 72.179024][ T6072] tipc: Started in network mode [ 72.179929][ T6070] netlink: 8 bytes leftover after parsing attributes in process `syz.0.52'. [ 72.196624][ T6072] tipc: Node identity ac14140f, cluster identity 4711 [ 72.233786][ T6072] tipc: Enabling of bearer rejected, failed to enable media [ 72.317618][ T6078] Zero length message leads to an empty skb [ 72.397350][ T29] audit: type=1400 audit(1736915347.197:253): avc: denied { connect } for pid=6074 comm="syz.4.54" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 72.462585][ T29] audit: type=1400 audit(1736915347.197:254): avc: denied { name_connect } for pid=6074 comm="syz.4.54" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 72.732538][ T29] audit: type=1400 audit(1736915347.207:255): avc: denied { name_connect } for pid=6069 comm="syz.0.52" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 73.524319][ T6085] syz.3.55 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 73.894285][ T29] audit: type=1400 audit(1736915348.687:256): avc: denied { open } for pid=6086 comm="syz.0.57" path="/dev/ptyq5" dev="devtmpfs" ino=124 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 74.043589][ T29] audit: type=1400 audit(1736915348.707:257): avc: denied { ioctl } for pid=6086 comm="syz.0.57" path="/dev/ptyq5" dev="devtmpfs" ino=124 ioctlcmd=0x5438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 76.203648][ T969] cfg80211: failed to load regulatory.db [ 77.976771][ T6137] netlink: 'syz.1.68': attribute type 11 has an invalid length. [ 78.236171][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 78.236188][ T29] audit: type=1400 audit(1736915352.777:264): avc: denied { append } for pid=6131 comm="syz.1.68" name="iommu" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 78.264573][ C1] vkms_vblank_simulate: vblank timer overrun [ 78.478401][ T29] audit: type=1400 audit(1736915353.197:265): avc: denied { bind } for pid=6127 comm="syz.3.67" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 78.499038][ T29] audit: type=1400 audit(1736915353.197:266): avc: denied { name_bind } for pid=6127 comm="syz.3.67" src=20010 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=rawip_socket permissive=1 [ 78.520728][ T29] audit: type=1400 audit(1736915353.197:267): avc: denied { node_bind } for pid=6127 comm="syz.3.67" saddr=fe80::aa src=20010 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 78.662919][ T6140] mmap: syz.0.69 (6140) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 79.154121][ T5906] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 79.797100][ T5906] usb 1-1: device descriptor read/64, error -71 [ 80.057142][ T5906] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 80.184057][ T5906] usb 1-1: device descriptor read/64, error -71 [ 80.294351][ T5906] usb usb1-port1: attempt power cycle [ 80.424177][ T6159] gfs2: gfs2 mount does not exist [ 80.516567][ T29] audit: type=1400 audit(1736915355.227:268): avc: denied { read write } for pid=6154 comm="syz.3.73" name="sg0" dev="devtmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 80.604925][ T29] audit: type=1400 audit(1736915355.227:269): avc: denied { open } for pid=6154 comm="syz.3.73" path="/dev/sg0" dev="devtmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 80.628587][ C1] vkms_vblank_simulate: vblank timer overrun [ 80.794202][ T5906] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 80.814453][ T5906] usb 1-1: device descriptor read/8, error -71 [ 81.084144][ T5906] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 81.103857][ T6163] program syz.3.75 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 81.158137][ T5906] usb 1-1: device descriptor read/8, error -71 [ 81.173664][ T29] audit: type=1400 audit(1736915355.977:270): avc: denied { write } for pid=6161 comm="syz.3.75" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 81.175411][ T6163] netlink: 8 bytes leftover after parsing attributes in process `syz.3.75'. [ 81.193539][ C1] vkms_vblank_simulate: vblank timer overrun [ 81.275109][ T6166] netlink: 8 bytes leftover after parsing attributes in process `syz.3.75'. [ 81.282410][ T29] audit: type=1400 audit(1736915355.977:271): avc: denied { nlmsg_write } for pid=6161 comm="syz.3.75" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 81.289412][ T5906] usb usb1-port1: unable to enumerate USB device [ 81.474787][ T29] audit: type=1400 audit(1736915356.287:272): avc: denied { read write } for pid=6170 comm="syz.3.78" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 81.497808][ C1] vkms_vblank_simulate: vblank timer overrun [ 81.829149][ T29] audit: type=1400 audit(1736915356.287:273): avc: denied { open } for pid=6170 comm="syz.3.78" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 82.377946][ T5906] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 82.596980][ T5906] usb 5-1: Using ep0 maxpacket: 8 [ 82.606719][ T5906] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 82.626489][ T5906] usb 5-1: config 179 has no interface number 0 [ 82.642308][ T5906] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 82.673099][ T5906] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 82.696463][ T5906] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 82.763050][ T5906] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 82.788335][ T5906] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 82.818673][ T5906] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 82.834401][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.936150][ T6168] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 83.136694][ T6200] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.655333][ T6201] netlink: 'syz.3.84': attribute type 3 has an invalid length. [ 83.706854][ T6201] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.84'. [ 83.769502][ T6201] NILFS (loop3): device size too small [ 83.875683][ C0] Illegal XDP return value 16128 on prog (id 20) dev bond_slave_0, expect packet loss! [ 83.982464][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 83.982483][ T29] audit: type=1400 audit(1736915357.967:279): avc: denied { connect } for pid=6193 comm="syz.2.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 84.275880][ T29] audit: type=1400 audit(1736915357.967:280): avc: denied { write } for pid=6193 comm="syz.2.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 85.229349][ T29] audit: type=1400 audit(1736915360.017:281): avc: denied { sys_module } for pid=6208 comm="syz.0.86" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 85.282874][ T25] usb 5-1: USB disconnect, device number 3 [ 85.282913][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 85.298615][ C0] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 85.354740][ T6209] capability: warning: `syz.0.86' uses deprecated v2 capabilities in a way that may be insecure [ 85.390992][ T29] audit: type=1400 audit(1736915360.197:282): avc: denied { mount } for pid=6208 comm="syz.0.86" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 85.412639][ C1] vkms_vblank_simulate: vblank timer overrun [ 85.604135][ T29] audit: type=1400 audit(1736915360.287:283): avc: denied { unmount } for pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 86.080244][ T29] audit: type=1400 audit(1736915360.887:284): avc: denied { unmount } for pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 86.165327][ T1200] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 86.249708][ T6233] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 86.734843][ T1200] usb 1-1: Using ep0 maxpacket: 16 [ 86.741503][ T1200] usb 1-1: config index 0 descriptor too short (expected 16456, got 72) [ 86.760513][ T1200] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 86.783985][ T1200] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 86.799013][ T1200] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 86.807693][ T1200] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 86.818994][ T1200] usb 1-1: config 0 has no interface number 0 [ 86.835314][ T1200] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 86.851423][ T1200] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 86.863161][ T1200] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 86.900009][ T1200] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 86.913989][ T1200] usb 1-1: config 0 interface 125 has no altsetting 0 [ 86.920872][ T1200] usb 1-1: config 0 interface 125 has no altsetting 2 [ 86.936250][ T1200] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 86.979969][ T1200] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.994874][ T1200] usb 1-1: Product: syz [ 86.999128][ T1200] usb 1-1: Manufacturer: syz [ 87.003772][ T1200] usb 1-1: SerialNumber: syz [ 87.325378][ T1200] usb 1-1: config 0 descriptor?? [ 87.365598][ T1200] usb 1-1: selecting invalid altsetting 2 [ 87.385711][ T29] audit: type=1400 audit(1736915362.147:285): avc: denied { read write } for pid=6241 comm="syz.3.95" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 87.433165][ T29] audit: type=1400 audit(1736915362.147:286): avc: denied { open } for pid=6241 comm="syz.3.95" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 87.467712][ T29] audit: type=1400 audit(1736915362.147:287): avc: denied { execute } for pid=6241 comm="syz.3.95" path="/21/memory.current" dev="tmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 87.944322][ T6250] FAULT_INJECTION: forcing a failure. [ 87.944322][ T6250] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 87.957544][ T6250] CPU: 0 UID: 0 PID: 6250 Comm: syz.3.100 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 87.968145][ T6250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 87.978208][ T6250] Call Trace: [ 87.981486][ T6250] [ 87.984422][ T6250] dump_stack_lvl+0x16c/0x1f0 [ 87.989111][ T6250] should_fail_ex+0x497/0x5b0 [ 87.993801][ T6250] _copy_from_user+0x2e/0xd0 [ 87.998396][ T6250] drm_ioctl+0x501/0xc00 [ 88.002655][ T6250] ? __pfx_drm_wait_vblank_ioctl+0x10/0x10 [ 88.008472][ T6250] ? __pfx_drm_ioctl+0x10/0x10 [ 88.013241][ T6250] ? __pfx_lock_release+0x10/0x10 [ 88.018280][ T6250] ? selinux_file_ioctl+0x180/0x270 [ 88.023489][ T6250] ? selinux_file_ioctl+0xb4/0x270 [ 88.028609][ T6250] ? __pfx_drm_ioctl+0x10/0x10 [ 88.033381][ T6250] __x64_sys_ioctl+0x190/0x200 [ 88.038155][ T6250] do_syscall_64+0xcd/0x250 [ 88.042667][ T6250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.048569][ T6250] RIP: 0033:0x7f7c07185d29 [ 88.052991][ T6250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.072615][ T6250] RSP: 002b:00007f7c07edd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 88.081040][ T6250] RAX: ffffffffffffffda RBX: 00007f7c07375fa0 RCX: 00007f7c07185d29 [ 88.089014][ T6250] RDX: 0000000020000140 RSI: 00000000c018643a RDI: 0000000000000004 [ 88.096982][ T6250] RBP: 00007f7c07edd090 R08: 0000000000000000 R09: 0000000000000000 [ 88.104941][ T6250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 88.112899][ T6250] R13: 0000000000000000 R14: 00007f7c07375fa0 R15: 00007ffcb3e7a858 [ 88.120865][ T6250] [ 88.125169][ T969] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 88.159056][ T29] audit: type=1400 audit(1736915362.967:288): avc: denied { read } for pid=6253 comm="syz.4.99" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 88.284701][ T969] usb 2-1: Using ep0 maxpacket: 8 [ 88.300075][ T969] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 88.316254][ T969] usb 2-1: config 179 has no interface number 0 [ 88.317138][ T9] hid (null): unknown global tag 0xe [ 88.322565][ T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 88.322614][ T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 88.334084][ T9] hid (null): unknown global tag 0xc [ 88.342157][ T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 88.441090][ T1200] get_1284_register timeout [ 88.449841][ T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 88.450918][ T1200] uss720 1-1:0.125: probe with driver uss720 failed with error -5 [ 88.461375][ C0] usb 1-1: async_complete: urb error -104 [ 88.463775][ T969] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 88.474109][ T9] hid-generic 001B:0009:0001.0001: unknown main item tag 0x3 [ 88.497155][ T969] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 88.543119][ T9] hid-generic 001B:0009:0001.0001: unknown global tag 0xe [ 88.554399][ T9] hid-generic 001B:0009:0001.0001: item 0 2 1 14 parsing failed [ 88.656505][ T969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.675156][ T6245] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 88.679486][ T9] hid-generic 001B:0009:0001.0001: probe with driver hid-generic failed with error -22 [ 88.940524][ T25] usb 2-1: USB disconnect, device number 4 [ 88.946397][ C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 88.946433][ C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 89.063764][ T29] audit: type=1400 audit(1736915363.867:289): avc: denied { connect } for pid=6224 comm="syz.0.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 89.345742][ T29] audit: type=1400 audit(1736915364.137:290): avc: denied { audit_control } for pid=6261 comm="syz.4.102" capability=30 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 91.821157][ T25] usb 1-1: USB disconnect, device number 7 [ 91.950770][ T29] audit: type=1400 audit(1736915366.757:291): avc: denied { read write } for pid=6289 comm="syz.2.108" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 91.972814][ T6294] vivid-001: disconnect [ 91.998821][ T29] audit: type=1400 audit(1736915366.757:292): avc: denied { open } for pid=6289 comm="syz.2.108" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 92.027836][ T29] audit: type=1400 audit(1736915366.757:293): avc: denied { create } for pid=6292 comm="syz.0.110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 92.170109][ T6293] vivid-001: reconnect [ 92.187592][ T29] audit: type=1400 audit(1736915366.997:294): avc: denied { create } for pid=6299 comm="syz.4.111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 92.331173][ T29] audit: type=1400 audit(1736915367.077:295): avc: denied { write } for pid=6290 comm="syz.1.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 92.901090][ T29] audit: type=1400 audit(1736915367.707:296): avc: denied { unmount } for pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 92.991165][ T5860] hid (null): unknown global tag 0xe [ 93.070002][ T5860] hid (null): unknown global tag 0xc [ 93.293291][ T5860] hid-generic 001B:0009:0001.0002: unknown main item tag 0x3 [ 93.301059][ T5860] hid-generic 001B:0009:0001.0002: unknown global tag 0xe [ 93.309086][ T5860] hid-generic 001B:0009:0001.0002: item 0 2 1 14 parsing failed [ 93.326234][ T5860] hid-generic 001B:0009:0001.0002: probe with driver hid-generic failed with error -22 [ 94.249673][ T29] audit: type=1400 audit(1736915369.057:297): avc: denied { create } for pid=6319 comm="syz.4.117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 94.280196][ T5860] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 94.337642][ T29] audit: type=1400 audit(1736915369.057:298): avc: denied { write } for pid=6319 comm="syz.4.117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 94.444620][ T5860] usb 2-1: Using ep0 maxpacket: 8 [ 94.503003][ T969] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 94.526926][ T5860] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 94.535401][ T5860] usb 2-1: config 179 has no interface number 0 [ 94.546286][ T5860] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 94.562042][ T5860] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 94.576955][ T29] audit: type=1400 audit(1736915369.387:299): avc: denied { setopt } for pid=6326 comm="syz.2.119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 94.630253][ T6333] FAULT_INJECTION: forcing a failure. [ 94.630253][ T6333] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.664874][ T6333] CPU: 0 UID: 0 PID: 6333 Comm: syz.4.120 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 94.675472][ T6333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 94.685527][ T6333] Call Trace: [ 94.688802][ T6333] [ 94.691731][ T6333] dump_stack_lvl+0x16c/0x1f0 [ 94.696421][ T6333] should_fail_ex+0x497/0x5b0 [ 94.701110][ T6333] _copy_from_user+0x2e/0xd0 [ 94.705706][ T6333] snd_pcm_oss_write2+0x1c6/0x3f0 [ 94.710739][ T6333] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 94.716290][ T6333] ? snd_pcm_kernel_ioctl+0x267/0x2e0 [ 94.721662][ T6333] ? snd_pcm_oss_prepare+0x11e/0x220 [ 94.726956][ T6333] snd_pcm_oss_write+0x727/0xa00 [ 94.731907][ T6333] ? rw_verify_area+0xd0/0x700 [ 94.736679][ T6333] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 94.742145][ T6333] vfs_write+0x24c/0x1150 [ 94.746478][ T6333] ? __fget_files+0x1fc/0x3a0 [ 94.751155][ T6333] ? __pfx_lock_release+0x10/0x10 [ 94.756186][ T6333] ? __pfx_vfs_write+0x10/0x10 [ 94.760956][ T6333] ? lock_acquire+0x2f/0xb0 [ 94.765460][ T6333] ? __fget_files+0x40/0x3a0 [ 94.770058][ T6333] ? __fget_files+0x206/0x3a0 [ 94.774744][ T6333] ksys_write+0x12b/0x250 [ 94.779076][ T6333] ? __pfx_ksys_write+0x10/0x10 [ 94.783936][ T6333] do_syscall_64+0xcd/0x250 [ 94.788446][ T6333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.794347][ T6333] RIP: 0033:0x7f10f7385d29 [ 94.798760][ T6333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.818368][ T6333] RSP: 002b:00007f10f8113038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 94.826785][ T6333] RAX: ffffffffffffffda RBX: 00007f10f7576160 RCX: 00007f10f7385d29 [ 94.834754][ T6333] RDX: 00000000ffffffd9 RSI: 00000000200001c0 RDI: 0000000000000008 [ 94.842724][ T6333] RBP: 00007f10f8113090 R08: 0000000000000000 R09: 0000000000000000 [ 94.850692][ T6333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.858662][ T6333] R13: 0000000000000000 R14: 00007f10f7576160 R15: 00007fffb54b5bc8 [ 94.866649][ T6333] [ 94.869714][ C0] vkms_vblank_simulate: vblank timer overrun [ 95.523547][ T5860] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 95.534814][ T5860] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 95.546363][ T5860] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 95.559775][ T5860] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 95.568934][ T5860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.621470][ T969] usb 4-1: config 0 interface 0 has no altsetting 0 [ 95.628299][ T969] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 95.648155][ T969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.669612][ T969] usb 4-1: config 0 descriptor?? [ 95.685078][ T6314] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 95.849858][ T6337] sp0: Synchronizing with TNC [ 95.862391][ T29] audit: type=1400 audit(1736915370.667:300): avc: denied { search } for pid=5485 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 95.886735][ T29] audit: type=1400 audit(1736915370.697:301): avc: denied { read } for pid=5485 comm="dhcpcd" name="n100" dev="tmpfs" ino=2278 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 95.908881][ T29] audit: type=1400 audit(1736915370.697:302): avc: denied { open } for pid=5485 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=2278 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 95.932175][ T29] audit: type=1400 audit(1736915370.697:303): avc: denied { getattr } for pid=5485 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=2278 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 96.111468][ T6344] netlink: 'syz.0.123': attribute type 3 has an invalid length. [ 96.119441][ T6344] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.123'. [ 96.147787][ T6344] NILFS (loop0): device size too small [ 96.404131][ T29] audit: type=1400 audit(1736915371.187:304): avc: denied { read } for pid=6346 comm="syz.2.125" name="cec2" dev="devtmpfs" ino=961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 96.426386][ C0] vkms_vblank_simulate: vblank timer overrun [ 96.437223][ T5860] usb 2-1: USB disconnect, device number 5 [ 96.443113][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 96.443151][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 96.463014][ T969] (null): keene_cmd_main failed (-110) [ 96.484410][ T969] video4linux radio48: keene_cmd_main failed (-32) [ 96.491277][ T969] radio-keene 4-1:0.0: V4L2 device registered as radio48 [ 96.984307][ T6353] netlink: 'syz.4.124': attribute type 3 has an invalid length. [ 96.992110][ T6353] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.124'. [ 97.072041][ T6353] NILFS (loop4): device size too small [ 97.293160][ T29] audit: type=1400 audit(1736915371.187:305): avc: denied { open } for pid=6346 comm="syz.2.125" path="/dev/cec2" dev="devtmpfs" ino=961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 97.381022][ T969] usb 4-1: USB disconnect, device number 3 [ 97.442636][ T29] audit: type=1400 audit(1736915371.517:306): avc: denied { ioctl } for pid=6346 comm="syz.2.125" path="/dev/cec2" dev="devtmpfs" ino=961 ioctlcmd=0x6104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 97.674127][ T5860] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 97.706202][ T6368] overlayfs: missing 'lowerdir' [ 97.834093][ T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 97.849947][ T5860] usb 2-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 97.864378][ T5860] usb 2-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 97.882752][ T5860] usb 2-1: Product: syz [ 97.910866][ T5860] usb 2-1: Manufacturer: syz [ 97.926064][ T5860] usb 2-1: SerialNumber: syz [ 97.944363][ T5860] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 97.994091][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 98.003671][ T9] usb 1-1: config 2 has an invalid interface number: 31 but max is 0 [ 98.023317][ T9] usb 1-1: config 2 has no interface number 0 [ 98.041612][ T9] usb 1-1: config 2 interface 31 has no altsetting 0 [ 98.048620][ T5906] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 98.065976][ T9] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 98.084191][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.102375][ T9] usb 1-1: Product: syz [ 98.112488][ T9] usb 1-1: Manufacturer: syz [ 98.127330][ T9] usb 1-1: SerialNumber: syz [ 98.214060][ T5906] usb 3-1: Using ep0 maxpacket: 32 [ 98.225664][ T5906] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 98.270661][ T5906] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 98.292260][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.323648][ T5906] usb 3-1: config 0 descriptor?? [ 98.361977][ T5860] vp7045: USB control message 'in' went wrong. [ 98.376604][ T5860] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 98.399986][ T5906] hub 3-1:0.0: bad descriptor, ignoring hub [ 98.424418][ T5906] hub 3-1:0.0: probe with driver hub failed with error -5 [ 98.435224][ T5860] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 98.456686][ T5906] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 98.474224][ T969] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 98.482896][ T5860] usb 2-1: USB disconnect, device number 6 [ 98.580667][ T6366] netlink: 168 bytes leftover after parsing attributes in process `syz.0.129'. [ 98.634143][ T969] usb 4-1: Using ep0 maxpacket: 8 [ 98.657392][ T969] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 98.674098][ T5978] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 98.692549][ T969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.710959][ T969] usb 4-1: Product: syz [ 98.737024][ T969] usb 4-1: Manufacturer: syz [ 98.751851][ T969] usb 4-1: SerialNumber: syz [ 98.781008][ T969] usb 4-1: config 0 descriptor?? [ 98.795553][ T969] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 98.812846][ T9] ch9200 1-1:2.31: probe with driver ch9200 failed with error -22 [ 98.846454][ T5978] usb 5-1: Using ep0 maxpacket: 16 [ 98.863457][ T9] usb 1-1: USB disconnect, device number 8 [ 98.864252][ T5978] usb 5-1: config 0 has an invalid interface number: 214 but max is 0 [ 98.893742][ T8] usb 3-1: USB disconnect, device number 3 [ 98.942386][ T5978] usb 5-1: config 0 has no interface number 0 [ 98.961695][ T5978] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 99.005263][ T5978] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 99.040850][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.091543][ T5978] usb 5-1: Product: syz [ 99.310100][ T6377] NILFS (loop1): device size too small [ 99.425804][ T5978] usb 5-1: Manufacturer: syz [ 99.430488][ T5978] usb 5-1: SerialNumber: syz [ 99.532600][ T6379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 99.534099][ T969] gspca_sonixj: reg_r err -110 [ 99.545149][ T6379] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 99.579204][ T5978] usb 5-1: config 0 descriptor?? [ 99.588172][ T969] sonixj 4-1:0.0: probe with driver sonixj failed with error -110 [ 100.904179][ T5858] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 101.134136][ T5858] usb 1-1: Using ep0 maxpacket: 16 [ 101.141199][ T5858] usb 1-1: config 0 has no interfaces? [ 101.152601][ T5858] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 101.162495][ T5858] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.230084][ T6392] siw: device registration error -23 [ 101.241497][ T5858] usb 1-1: Product: syz [ 101.245812][ T5858] usb 1-1: Manufacturer: syz [ 101.250465][ T5858] usb 1-1: SerialNumber: syz [ 101.414477][ T5858] usb 1-1: config 0 descriptor?? [ 101.446982][ T969] usb 4-1: USB disconnect, device number 4 [ 101.670006][ T5978] usbtouchscreen 5-1:0.214: Failed to read FW rev: -71 [ 101.685814][ T8] usb 1-1: USB disconnect, device number 9 [ 101.699827][ T5978] usbtouchscreen 5-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 101.781946][ T5978] usb 5-1: USB disconnect, device number 4 [ 101.797896][ T6399] netlink: 'syz.3.137': attribute type 10 has an invalid length. [ 101.805883][ T6399] netlink: 40 bytes leftover after parsing attributes in process `syz.3.137'. [ 102.023370][ T6403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.139'. [ 102.064945][ T6403] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6403 comm=syz.3.139 [ 102.099789][ T6403] netlink: 4 bytes leftover after parsing attributes in process `syz.3.139'. [ 102.196196][ T6406] netlink: 'syz.1.140': attribute type 3 has an invalid length. [ 102.204301][ T6406] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.140'. [ 102.232983][ T6406] NILFS (loop1): device size too small [ 102.714180][ T5978] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 102.884138][ T5978] usb 5-1: Using ep0 maxpacket: 8 [ 102.939345][ T5978] usb 5-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 102.984076][ T5978] usb 5-1: config 6 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 103.106857][ T5978] usb 5-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 103.116076][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.124575][ T5978] usb 5-1: Product: syz [ 103.128735][ T5978] usb 5-1: Manufacturer: syz [ 103.133299][ T5978] usb 5-1: SerialNumber: syz [ 103.224533][ T6418] misc userio: Invalid payload size [ 103.230925][ T6418] misc userio: No port type given on /dev/userio [ 103.274184][ T25] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 103.317624][ T6419] misc userio: Invalid payload size [ 103.733337][ T5978] hso 5-1:6.0: Can't find BULK IN endpoint [ 103.780584][ T6421] ALSA: mixer_oss: invalid OSS volume '' [ 103.894052][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 103.920325][ T25] usb 3-1: config 0 has no interfaces? [ 103.928767][ T25] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 103.946673][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.990088][ T25] usb 3-1: Product: syz [ 104.007834][ T25] usb 3-1: Manufacturer: syz [ 104.080832][ T25] usb 3-1: SerialNumber: syz [ 104.404500][ T25] usb 3-1: config 0 descriptor?? [ 104.445335][ T9] usb 5-1: USB disconnect, device number 5 [ 104.509100][ T6427] netlink: 4 bytes leftover after parsing attributes in process `syz.1.145'. [ 104.734518][ T6424] x_tables: unsorted underflow at hook 3 [ 104.744981][ T6424] netlink: 16 bytes leftover after parsing attributes in process `syz.0.146'. [ 104.760769][ T6424] syz.0.146: attempt to access beyond end of device [ 104.760769][ T6424] loop0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 104.893673][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 104.893705][ T29] audit: type=1400 audit(1736915379.667:316): avc: denied { bind } for pid=6422 comm="syz.3.147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 105.041981][ T6431] lo speed is unknown, defaulting to 1000 [ 105.275324][ T5860] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 105.354565][ T29] audit: type=1400 audit(1736915380.107:317): avc: denied { create } for pid=6414 comm="syz.2.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 105.378062][ T29] audit: type=1400 audit(1736915380.107:318): avc: denied { read } for pid=6414 comm="syz.2.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 105.454006][ T5860] usb 2-1: Using ep0 maxpacket: 16 [ 105.465805][ T5860] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 105.519756][ T5860] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.560393][ T5860] usb 2-1: Product: syz [ 105.720564][ T5860] usb 2-1: Manufacturer: syz [ 105.725343][ T5860] usb 2-1: SerialNumber: syz [ 105.845299][ T25] usb 3-1: USB disconnect, device number 4 [ 105.852881][ T6435] netlink: 558 bytes leftover after parsing attributes in process `syz.2.143'. [ 105.986475][ T5860] r8152-cfgselector 2-1: Unknown version 0x0000 [ 105.994069][ T5860] r8152-cfgselector 2-1: config 0 descriptor?? [ 106.404016][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 107.020250][ T9] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 107.048379][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.075812][ T9] usb 5-1: Product: syz [ 107.087414][ T9] usb 5-1: Manufacturer: syz [ 107.107167][ T6448] sctp: [Deprecated]: syz.0.148 (pid 6448) Use of struct sctp_assoc_value in delayed_ack socket option. [ 107.107167][ T6448] Use struct sctp_sack_info instead [ 107.127026][ T9] usb 5-1: SerialNumber: syz [ 107.148213][ T9] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 107.182945][ T5906] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 108.427468][ T6471] FAULT_INJECTION: forcing a failure. [ 108.427468][ T6471] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 108.496328][ T6471] CPU: 1 UID: 0 PID: 6471 Comm: syz.3.154 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 108.506962][ T6471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 108.517037][ T6471] Call Trace: [ 108.520331][ T6471] [ 108.523275][ T6471] dump_stack_lvl+0x16c/0x1f0 [ 108.527977][ T6471] should_fail_ex+0x497/0x5b0 [ 108.532681][ T6471] _copy_from_user+0x2e/0xd0 [ 108.537292][ T6471] ucma_join_multicast+0xa2/0x160 [ 108.542350][ T6471] ? __pfx_ucma_join_multicast+0x10/0x10 [ 108.548019][ T6471] ? __might_fault+0xe3/0x190 [ 108.552700][ T6471] ? __pfx_ucma_join_multicast+0x10/0x10 [ 108.558331][ T6471] ucma_write+0x1f9/0x330 [ 108.562658][ T6471] ? __pfx_ucma_write+0x10/0x10 [ 108.567490][ T6471] ? bpf_lsm_file_permission+0x9/0x10 [ 108.572840][ T6471] ? security_file_permission+0x71/0x210 [ 108.578473][ T6471] ? __pfx_ucma_write+0x10/0x10 [ 108.583405][ T6471] vfs_write+0x24c/0x1150 [ 108.587723][ T6471] ? __fget_files+0x1fc/0x3a0 [ 108.592394][ T6471] ? __pfx_lock_release+0x10/0x10 [ 108.597434][ T6471] ? __pfx_vfs_write+0x10/0x10 [ 108.602198][ T6471] ? lock_acquire+0x2f/0xb0 [ 108.606694][ T6471] ? __fget_files+0x40/0x3a0 [ 108.611274][ T6471] ? __fget_files+0x206/0x3a0 [ 108.615943][ T6471] ksys_write+0x207/0x250 [ 108.620266][ T6471] ? __pfx_ksys_write+0x10/0x10 [ 108.625120][ T6471] do_syscall_64+0xcd/0x250 [ 108.629631][ T6471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.635519][ T6471] RIP: 0033:0x7f7c07185d29 [ 108.639912][ T6471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.659519][ T6471] RSP: 002b:00007f7c07edd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 108.667918][ T6471] RAX: ffffffffffffffda RBX: 00007f7c07375fa0 RCX: 00007f7c07185d29 [ 108.675968][ T6471] RDX: 00000000000000a0 RSI: 0000000020000340 RDI: 0000000000000003 [ 108.683943][ T6471] RBP: 00007f7c07edd090 R08: 0000000000000000 R09: 0000000000000000 [ 108.691931][ T6471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.699901][ T6471] R13: 0000000000000000 R14: 00007f7c07375fa0 R15: 00007ffcb3e7a858 [ 108.707889][ T6471] [ 108.742428][ T5978] usb 5-1: USB disconnect, device number 6 [ 109.169376][ T5906] usb 5-1: Service connection timeout for: 256 [ 109.195292][ T5906] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 109.259932][ T5906] ath9k_htc: Failed to initialize the device [ 109.326907][ T5978] usb 5-1: ath9k_htc: USB layer deinitialized [ 109.437461][ T5860] r8152-cfgselector 2-1: USB disconnect, device number 7 [ 109.486027][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.157'. [ 109.566671][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.157'. [ 109.637577][ T29] audit: type=1400 audit(1736915384.377:319): avc: denied { create } for pid=6478 comm="syz.3.157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 109.672294][ T29] audit: type=1400 audit(1736915384.377:320): avc: denied { write } for pid=6478 comm="syz.3.157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 109.844300][ T6489] siw: device registration error -23 [ 109.890186][ T6490] netlink: 'syz.4.156': attribute type 3 has an invalid length. [ 109.898136][ T6490] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.156'. [ 109.954631][ T6490] NILFS (loop4): device size too small [ 110.637601][ T6496] lo speed is unknown, defaulting to 1000 [ 110.934034][ T5978] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 111.517369][ T5978] usb 2-1: Using ep0 maxpacket: 32 [ 112.346123][ T5978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 112.465614][ T5978] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 112.580330][ T5978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.606155][ T5906] hid (null): unknown global tag 0xe [ 112.608872][ T5978] usb 2-1: Product: syz [ 112.614023][ T5906] hid (null): unknown global tag 0xc [ 112.616740][ T5978] usb 2-1: Manufacturer: syz [ 112.626091][ T5978] usb 2-1: SerialNumber: syz [ 112.695013][ T5906] hid-generic 001B:0009:0001.0003: unknown main item tag 0x3 [ 112.727222][ T5906] hid-generic 001B:0009:0001.0003: unknown global tag 0xe [ 112.735457][ T5978] usb 2-1: config 0 descriptor?? [ 112.819478][ T5906] hid-generic 001B:0009:0001.0003: item 0 2 1 14 parsing failed [ 112.876791][ T5906] hid-generic 001B:0009:0001.0003: probe with driver hid-generic failed with error -22 [ 112.927588][ T5978] cdc_ether 2-1:0.0: skipping garbage [ 113.115182][ T5978] usb 2-1: bad CDC descriptors [ 113.154779][ T5978] usb 2-1: unsupported MDLM descriptors [ 113.323656][ T6532] lo speed is unknown, defaulting to 1000 [ 113.365508][ T29] audit: type=1400 audit(1736915388.107:321): avc: denied { ioctl } for pid=6531 comm="syz.2.169" path="/dev/sg0" dev="devtmpfs" ino=718 ioctlcmd=0x2284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 113.391100][ T29] audit: type=1400 audit(1736915388.107:322): avc: denied { ioctl } for pid=6531 comm="syz.2.169" path="/dev/input/event3" dev="devtmpfs" ino=1018 ioctlcmd=0x45a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 113.416839][ T29] audit: type=1326 audit(1736915388.107:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef6c985d29 code=0x7ffc0000 [ 113.440206][ T29] audit: type=1326 audit(1736915388.107:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef6c985d29 code=0x7ffc0000 [ 113.463832][ T29] audit: type=1326 audit(1736915388.107:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fef6c985d29 code=0x7ffc0000 [ 113.487025][ T29] audit: type=1326 audit(1736915388.107:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef6c985d29 code=0x7ffc0000 [ 113.510526][ T29] audit: type=1326 audit(1736915388.107:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef6c985d29 code=0x7ffc0000 [ 113.534084][ T29] audit: type=1326 audit(1736915388.107:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fef6c987c47 code=0x7ffc0000 [ 113.557317][ T29] audit: type=1326 audit(1736915388.107:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fef6c987bbc code=0x7ffc0000 [ 113.569572][ T5978] usb 2-1: USB disconnect, device number 8 [ 113.580498][ T29] audit: type=1326 audit(1736915388.107:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fef6c987af4 code=0x7ffc0000 [ 114.761541][ T6548] netlink: 340 bytes leftover after parsing attributes in process `syz.0.173'. [ 114.994633][ T6553] netlink: 'syz.0.175': attribute type 3 has an invalid length. [ 115.002519][ T6553] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.175'. [ 115.038318][ T6553] NILFS (loop0): device size too small [ 116.477637][ T6564] lo speed is unknown, defaulting to 1000 [ 116.533385][ T6561] tty tty28: ldisc open failed (-12), clearing slot 27 [ 116.854043][ T1200] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 117.681014][ T1200] usb 2-1: Using ep0 maxpacket: 8 [ 117.691899][ T1200] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 117.702293][ T1200] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 117.712139][ T1200] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 118.272939][ T1200] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 118.286147][ T1200] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 118.295238][ T1200] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.489064][ T5906] hid (null): unknown global tag 0xe [ 118.494476][ T5906] hid (null): unknown global tag 0xc [ 118.505679][ T5906] hid-generic 001B:0009:0001.0004: unknown main item tag 0x3 [ 118.513744][ T5906] hid-generic 001B:0009:0001.0004: unknown global tag 0xe [ 118.534201][ T5906] hid-generic 001B:0009:0001.0004: item 0 2 1 14 parsing failed [ 118.763173][ T5906] hid-generic 001B:0009:0001.0004: probe with driver hid-generic failed with error -22 [ 118.831284][ T29] kauditd_printk_skb: 74 callbacks suppressed [ 118.831295][ T29] audit: type=1326 audit(1736915393.637:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000 [ 118.925728][ T29] audit: type=1326 audit(1736915393.637:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000 [ 118.948939][ C1] vkms_vblank_simulate: vblank timer overrun [ 119.051276][ T6595] netlink: 'syz.1.178': attribute type 4 has an invalid length. [ 119.127875][ T29] audit: type=1326 audit(1736915393.677:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000 [ 119.151090][ C1] vkms_vblank_simulate: vblank timer overrun [ 119.384520][ T1200] usb 2-1: usb_control_msg returned -32 [ 119.390296][ T29] audit: type=1326 audit(1736915393.687:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000 [ 120.375375][ T1200] usbtmc 2-1:16.0: can't read capabilities [ 120.425559][ T29] audit: type=1326 audit(1736915393.687:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000 [ 121.047574][ T6601] Invalid logical block size (1792) [ 121.066955][ T29] audit: type=1326 audit(1736915393.687:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000 [ 121.090436][ T29] audit: type=1326 audit(1736915393.687:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000 [ 121.113640][ C1] vkms_vblank_simulate: vblank timer overrun [ 121.120216][ T29] audit: type=1326 audit(1736915393.687:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000 [ 121.148327][ T29] audit: type=1326 audit(1736915393.687:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000 [ 121.204400][ T29] audit: type=1326 audit(1736915393.687:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000 [ 121.382372][ T6572] syz.1.178 (6572): drop_caches: 2 [ 121.459157][ T25] usb 2-1: USB disconnect, device number 9 [ 123.354106][ T1200] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 123.391237][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 123.410849][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x24ad [ 123.444384][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xb58b [ 123.471300][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xf8be [ 123.495189][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xa207 [ 123.504591][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x7e9d [ 123.594619][ T6639] binder: Unknown parameter 'stZats' [ 123.636964][ T1200] usb 1-1: Using ep0 maxpacket: 8 [ 123.756319][ T1200] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 123.764961][ T1200] usb 1-1: config 179 has no interface number 0 [ 123.771239][ T1200] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 123.845850][ T29] kauditd_printk_skb: 33 callbacks suppressed [ 123.845884][ T29] audit: type=1400 audit(1736915398.647:448): avc: denied { setopt } for pid=6640 comm="syz.2.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 124.007286][ T1200] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 124.018853][ T1200] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 124.030121][ T1200] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 124.041938][ T1200] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 124.055687][ T1200] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 124.864578][ T1200] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.114331][ T6620] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 125.228031][ T29] audit: type=1326 audit(1736915400.037:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1464b85d29 code=0x7ffc0000 [ 125.231372][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 125.251248][ C1] vkms_vblank_simulate: vblank timer overrun [ 125.259824][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 125.274476][ T1200] usb 1-1: USB disconnect, device number 10 [ 125.282471][ T6652] lo speed is unknown, defaulting to 1000 [ 125.422239][ T29] audit: type=1326 audit(1736915400.037:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1464b85d29 code=0x7ffc0000 [ 125.445466][ C1] vkms_vblank_simulate: vblank timer overrun [ 125.695316][ T29] audit: type=1326 audit(1736915400.077:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1464b85d29 code=0x7ffc0000 [ 125.725646][ T6665] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 125.795738][ T29] audit: type=1326 audit(1736915400.077:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1464b85d29 code=0x7ffc0000 [ 125.823956][ T29] audit: type=1326 audit(1736915400.077:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1464b85d29 code=0x7ffc0000 [ 125.852987][ T29] audit: type=1326 audit(1736915400.077:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1464b87c47 code=0x7ffc0000 [ 125.883977][ T29] audit: type=1326 audit(1736915400.077:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f1464b87bbc code=0x7ffc0000 [ 125.907423][ T29] audit: type=1326 audit(1736915400.077:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f1464b87af4 code=0x7ffc0000 [ 125.936625][ T29] audit: type=1326 audit(1736915400.077:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f1464b87af4 code=0x7ffc0000 [ 125.971623][ T5860] IPVS: starting estimator thread 0... [ 126.184567][ T6666] IPVS: using max 27 ests per chain, 64800 per kthread [ 126.514037][ T969] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 126.598921][ T6674] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.221185][ T6674] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.552978][ T6674] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.615037][ T969] usb 5-1: Using ep0 maxpacket: 16 [ 127.621609][ T969] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 127.630741][ T969] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 127.657580][ T6674] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.674069][ T969] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 127.720349][ T969] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 127.734307][ T969] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 127.743255][ T969] usb 5-1: config 0 has no interface number 0 [ 127.749625][ T969] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 127.760886][ T969] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 127.770883][ T969] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 127.781904][ T969] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 127.795131][ T969] usb 5-1: config 0 interface 125 has no altsetting 0 [ 127.802109][ T969] usb 5-1: config 0 interface 125 has no altsetting 2 [ 127.803568][ T6688] netlink: 12 bytes leftover after parsing attributes in process `syz.0.209'. [ 127.814808][ T969] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 127.836173][ T969] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.852746][ T969] usb 5-1: Product: syz [ 127.852989][ T6674] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.859457][ T969] usb 5-1: Manufacturer: syz [ 127.877040][ T6688] x_tables: duplicate underflow at hook 1 [ 127.878154][ T6674] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.893844][ T6688] : renamed from lo (while UP) [ 127.902154][ T969] usb 5-1: SerialNumber: syz [ 127.916517][ T6674] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.923455][ T969] usb 5-1: config 0 descriptor?? [ 127.939318][ T6688] netlink: 24 bytes leftover after parsing attributes in process `syz.0.209'. [ 127.939593][ T6674] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.973564][ T969] usb 5-1: selecting invalid altsetting 2 [ 129.039810][ T969] get_1284_register timeout [ 129.044434][ T969] uss720 5-1:0.125: probe with driver uss720 failed with error -5 [ 129.052326][ C1] usb 5-1: async_complete: urb error -104 [ 129.052395][ C1] usb 5-1: async_complete: urb error -104 [ 129.385031][ T6708] netlink: 'syz.2.214': attribute type 2 has an invalid length. [ 129.399453][ T6708] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.214'. [ 129.444364][ T29] kauditd_printk_skb: 64 callbacks suppressed [ 129.444379][ T29] audit: type=1400 audit(1736915404.257:522): avc: denied { setopt } for pid=6711 comm="syz.3.215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 130.034778][ T29] audit: type=1400 audit(1736915404.827:523): avc: denied { mount } for pid=6716 comm="syz.2.217" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 130.447158][ T6727] fuse: Bad value for 'fd' [ 131.111482][ T9] usb 5-1: USB disconnect, device number 7 [ 131.370066][ T6731] fuse: Bad value for 'fd' [ 131.891972][ T29] audit: type=1400 audit(1736915406.687:524): avc: denied { unmount } for pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 131.911920][ C1] vkms_vblank_simulate: vblank timer overrun [ 132.118109][ T29] audit: type=1400 audit(1736915406.927:525): avc: denied { listen } for pid=6733 comm="syz.0.222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 132.139201][ T29] audit: type=1400 audit(1736915406.927:526): avc: denied { accept } for pid=6733 comm="syz.0.222" lport=42738 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 132.550254][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.557034][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.081392][ T29] audit: type=1400 audit(1736915407.817:527): avc: denied { read } for pid=6742 comm="syz.1.225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 133.433089][ T29] audit: type=1400 audit(1736915408.237:528): avc: denied { mounton } for pid=6751 comm="syz.1.227" path="/proc/155/task" dev="proc" ino=11121 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 133.492026][ T6755] mkiss: ax0: crc mode is auto. [ 133.510334][ T6755] netlink: 'syz.2.228': attribute type 1 has an invalid length. [ 133.535538][ T6755] bond1: entered promiscuous mode [ 133.540576][ T6755] bond1: entered allmulticast mode [ 133.560494][ T6755] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 133.568428][ T6755] bond1: (slave batadv1): making interface the new active one [ 133.575960][ T6755] batadv1: entered promiscuous mode [ 133.581199][ T6755] batadv1: entered allmulticast mode [ 133.587280][ T6755] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 133.761846][ T29] audit: type=1400 audit(1736915408.517:529): avc: denied { listen } for pid=6750 comm="syz.2.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 134.284020][ T5906] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 135.708462][ T5906] usb 1-1: config 8 has an invalid interface number: 177 but max is 0 [ 135.717080][ T5906] usb 1-1: config 8 has no interface number 0 [ 135.723182][ T5906] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 135.735825][ T5906] usb 1-1: config 8 interface 177 has no altsetting 0 [ 135.742631][ T5906] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 135.756936][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.779836][ T6756] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 136.003238][ T29] audit: type=1400 audit(1736915410.807:530): avc: denied { write } for pid=6752 comm="syz.0.226" name="001" dev="devtmpfs" ino=747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 136.009620][ T5906] usb 1-1: string descriptor 0 read error: -71 [ 136.088111][ T6779] fuse: Bad value for 'fd' [ 136.101297][ T969] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 136.342340][ T969] usb 2-1: Using ep0 maxpacket: 8 [ 136.361229][ T969] usb 2-1: config 0 has an invalid descriptor of length 60, skipping remainder of the config [ 136.483159][ T969] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 136.520962][ C0] ir_toy 1-1:8.177: out urb status: -71 [ 136.535834][ T969] usb 2-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad [ 136.547264][ T969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.555482][ T5978] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 136.568195][ T969] usb 2-1: Product: syz [ 136.573141][ T969] usb 2-1: Manufacturer: syz [ 136.577875][ T969] usb 2-1: SerialNumber: syz [ 136.584468][ T969] usb 2-1: config 0 descriptor?? [ 136.826461][ T5978] usb 5-1: Using ep0 maxpacket: 8 [ 136.980110][ T29] audit: type=1400 audit(1736915411.767:531): avc: denied { accept } for pid=6787 comm="syz.0.238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 137.034183][ T5906] ir_toy 1-1:8.177: could not write reset command: -110 [ 137.042047][ T5906] ir_toy 1-1:8.177: probe with driver ir_toy failed with error -110 [ 137.261154][ T29] audit: type=1400 audit(1736915412.047:532): avc: denied { create } for pid=6773 comm="syz.1.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 137.307765][ T6793] FAULT_INJECTION: forcing a failure. [ 137.307765][ T6793] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 137.389708][ T5906] usb 1-1: USB disconnect, device number 11 [ 137.515330][ T5978] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 137.525155][ T5978] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 137.533810][ T29] audit: type=1400 audit(1736915412.157:533): avc: denied { read } for pid=6773 comm="syz.1.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 137.534944][ T5978] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 137.534970][ T5978] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 137.535007][ T5978] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 137.586911][ T5978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.601378][ T6793] CPU: 1 UID: 0 PID: 6793 Comm: syz.3.236 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 137.612018][ T6793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 137.622066][ T6793] Call Trace: [ 137.625330][ T6793] [ 137.628248][ T6793] dump_stack_lvl+0x16c/0x1f0 [ 137.632920][ T6793] should_fail_ex+0x497/0x5b0 [ 137.637606][ T6793] _copy_from_user+0x2e/0xd0 [ 137.642180][ T6793] __x64_sys_rt_sigaction+0x194/0x310 [ 137.647543][ T6793] ? __pfx___x64_sys_rt_sigaction+0x10/0x10 [ 137.653431][ T6793] do_syscall_64+0xcd/0x250 [ 137.657930][ T6793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.663813][ T6793] RIP: 0033:0x7f7c07185d29 [ 137.668214][ T6793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.687828][ T6793] RSP: 002b:00007f7c04fd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000000d [ 137.696229][ T6793] RAX: ffffffffffffffda RBX: 00007f7c07376160 RCX: 00007f7c07185d29 [ 137.704187][ T6793] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000019 [ 137.712142][ T6793] RBP: 00007f7c04fd5090 R08: 0000000020000440 R09: 0000000000000000 [ 137.720097][ T6793] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 137.728053][ T6793] R13: 0000000000000001 R14: 00007f7c07376160 R15: 00007ffcb3e7a858 [ 137.736023][ T6793] [ 137.739091][ C1] vkms_vblank_simulate: vblank timer overrun [ 137.746417][ T29] audit: type=1400 audit(1736915412.157:534): avc: denied { setopt } for pid=6773 comm="syz.1.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 137.765649][ T6798] netlink: 8 bytes leftover after parsing attributes in process `syz.2.237'. [ 137.765872][ C1] vkms_vblank_simulate: vblank timer overrun [ 137.780940][ T29] audit: type=1400 audit(1736915412.167:535): avc: denied { connect } for pid=6773 comm="syz.1.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 137.934816][ T29] audit: type=1400 audit(1736915412.737:536): avc: denied { append } for pid=6801 comm="syz.3.239" name="001" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 137.958341][ T6803] usb usb9: usbfs: process 6803 (syz.3.239) did not claim interface 0 before use [ 137.977193][ T5906] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 138.049569][ T5978] usb 5-1: usb_control_msg returned -71 [ 138.055403][ T5978] usbtmc 5-1:16.0: can't read capabilities [ 138.143030][ T5978] usb 5-1: USB disconnect, device number 8 [ 138.305757][ T5906] usb 1-1: New USB device found, idVendor=99fa, idProduct=8988, bcdDevice=98.53 [ 138.314936][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.323207][ T5906] usb 1-1: Product: syz [ 138.327552][ T5906] usb 1-1: Manufacturer: syz [ 138.332317][ T5906] usb 1-1: SerialNumber: syz [ 138.357505][ T5906] usb 1-1: config 0 descriptor?? [ 138.368313][ T29] audit: type=1400 audit(1736915413.177:537): avc: denied { nlmsg_read } for pid=6804 comm="syz.3.240" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 138.385362][ T5906] gspca_main: spca506-2.14.0 probing 99fa:8988 [ 138.845035][ T5906] usb 1-1: USB disconnect, device number 12 [ 138.856874][ T5978] usb 2-1: USB disconnect, device number 10 [ 140.914573][ T29] audit: type=1400 audit(1736915415.197:538): avc: denied { append } for pid=6832 comm="syz.3.250" name="iommu" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 141.630228][ T29] audit: type=1400 audit(1736915416.437:539): avc: denied { create } for pid=6839 comm="syz.3.251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 141.704140][ T29] audit: type=1400 audit(1736915416.507:540): avc: denied { ioctl } for pid=6839 comm="syz.3.251" path="socket:[12294]" dev="sockfs" ino=12294 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 141.767944][ T6840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.813186][ T5978] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 141.821511][ T29] audit: type=1400 audit(1736915416.547:541): avc: denied { ioctl } for pid=6839 comm="syz.3.251" path="socket:[12299]" dev="sockfs" ino=12299 ioctlcmd=0x8990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 141.829856][ T6840] bond0: (slave rose0): Enslaving as an active interface with an up link [ 141.866869][ T29] audit: type=1400 audit(1736915416.677:542): avc: denied { read } for pid=6845 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 141.916778][ T29] audit: type=1400 audit(1736915416.707:543): avc: denied { open } for pid=6845 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 142.200524][ T5978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.414774][ T29] audit: type=1400 audit(1736915416.707:544): avc: denied { getattr } for pid=6845 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 142.419246][ T5978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.574003][ T5978] usb 5-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 142.583642][ T5978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.629278][ T5978] usb 5-1: config 0 descriptor?? [ 142.766799][ T6856] netlink: 'syz.0.253': attribute type 3 has an invalid length. [ 142.774729][ T6856] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.253'. [ 142.822179][ T6856] NILFS (loop0): device size too small [ 142.924020][ T29] audit: type=1400 audit(1736915417.677:545): avc: denied { write } for pid=6843 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1705 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 143.041915][ T5978] usbhid 5-1:0.0: can't add hid device: -71 [ 143.043969][ T29] audit: type=1400 audit(1736915417.677:546): avc: denied { add_name } for pid=6843 comm="dhcpcd-run-hook" name="resolv.conf.lapb0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 143.214227][ T5978] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 143.244374][ T25] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 143.254764][ T29] audit: type=1400 audit(1736915417.687:547): avc: denied { create } for pid=6843 comm="dhcpcd-run-hook" name="resolv.conf.lapb0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 143.277271][ T29] audit: type=1400 audit(1736915417.687:548): avc: denied { write } for pid=6843 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.lapb0.link" dev="tmpfs" ino=2693 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 143.303324][ C1] vkms_vblank_simulate: vblank timer overrun [ 143.310166][ T5978] usb 5-1: USB disconnect, device number 9 [ 144.320472][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 144.346000][ T25] usb 3-1: config 0 has an invalid descriptor of length 60, skipping remainder of the config [ 144.361486][ T25] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 144.383880][ T25] usb 3-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad [ 144.406805][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.464029][ T25] usb 3-1: Product: syz [ 144.474125][ T969] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 144.494002][ T25] usb 3-1: Manufacturer: syz [ 144.623959][ T25] usb 3-1: SerialNumber: syz [ 144.631291][ T25] usb 3-1: config 0 descriptor?? [ 144.718387][ T969] usb 4-1: config 0 interface 0 has no altsetting 0 [ 144.755541][ T969] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 144.775396][ T969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.052887][ T969] usb 4-1: config 0 descriptor?? [ 145.656085][ T969] (null): keene_cmd_main failed (-110) [ 145.732422][ T969] video4linux radio48: keene_cmd_main failed (-32) [ 145.739715][ T969] radio-keene 4-1:0.0: V4L2 device registered as radio48 [ 147.025103][ T5921] usb 3-1: USB disconnect, device number 5 [ 147.167327][ T6915] lo speed is unknown, defaulting to 1000 [ 147.265842][ T6928] syz.4.264[6928] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.266233][ T6928] syz.4.264[6928] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 147.277977][ T6928] syz.4.264[6928] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 148.074598][ T8] usb 4-1: USB disconnect, device number 5 [ 148.145538][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 148.145552][ T29] audit: type=1400 audit(1736915422.957:553): avc: denied { create } for pid=6934 comm="syz.1.268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 148.838707][ T29] audit: type=1400 audit(1736915422.957:554): avc: denied { getopt } for pid=6938 comm="syz.2.267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 148.937382][ T6952] vivid-007: disconnect [ 149.841124][ T29] audit: type=1400 audit(1736915424.157:555): avc: denied { write } for pid=6938 comm="syz.2.267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 150.200365][ T6938] vivid-007: reconnect [ 150.522601][ T8] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 150.784836][ T6984] lo speed is unknown, defaulting to 1000 [ 151.896012][ T8] usb 2-1: config 0 interface 0 has no altsetting 0 [ 151.914020][ T8] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 151.923090][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.976568][ T8] usb 2-1: config 0 descriptor?? [ 152.608031][ T8] (null): keene_cmd_main failed (-110) [ 152.666779][ T8] video4linux radio48: keene_cmd_main failed (-32) [ 152.673339][ T8] radio-keene 2-1:0.0: V4L2 device registered as radio48 [ 152.716963][ T29] audit: type=1400 audit(1736915427.497:556): avc: denied { write } for pid=6996 comm="syz.3.280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 153.404130][ T29] audit: type=1400 audit(1736915427.517:557): avc: denied { map } for pid=6966 comm="syz.1.272" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 153.429356][ T8] usb 2-1: USB disconnect, device number 11 [ 153.452382][ T29] audit: type=1400 audit(1736915428.227:558): avc: denied { setrlimit } for pid=7008 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1 [ 153.525250][ T1200] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 153.694030][ T1200] usb 5-1: Using ep0 maxpacket: 16 [ 153.792465][ T29] audit: type=1400 audit(1736915428.597:559): avc: denied { create } for pid=6998 comm="syz.2.279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 153.819531][ T1200] usb 5-1: config 0 interface 0 has no altsetting 0 [ 153.826330][ T1200] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c07, bcdDevice= 0.00 [ 153.834003][ T29] audit: type=1400 audit(1736915428.627:560): avc: denied { write } for pid=6998 comm="syz.2.279" path="socket:[12594]" dev="sockfs" ino=12594 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 153.849026][ T1200] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.456789][ T1200] usb 5-1: config 0 descriptor?? [ 154.805039][ T7005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.820268][ T7005] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 155.169809][ T1200] usbhid 5-1:0.0: can't add hid device: -71 [ 155.184249][ T1200] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 155.464324][ T1200] usb 5-1: USB disconnect, device number 10 [ 155.792664][ T7035] netlink: 'syz.3.287': attribute type 11 has an invalid length. [ 156.630947][ T7043] usb usb9: usbfs: process 7043 (syz.2.288) did not claim interface 0 before use [ 156.960775][ T7046] netlink: 'syz.1.289': attribute type 3 has an invalid length. [ 156.968583][ T7046] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.289'. [ 156.990780][ T7046] NILFS (loop1): device size too small [ 157.154350][ T29] audit: type=1400 audit(1736915431.897:561): avc: denied { setopt } for pid=7048 comm="syz.2.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 158.685309][ T29] audit: type=1400 audit(1736915433.487:562): avc: denied { connect } for pid=7048 comm="syz.2.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 158.838976][ T29] audit: type=1400 audit(1736915433.607:563): avc: denied { connect } for pid=7066 comm="syz.1.296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 158.964158][ T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 159.550242][ T9] usb 4-1: config 0 has an invalid interface number: 156 but max is 0 [ 159.587223][ T9] usb 4-1: config 0 has no interface number 0 [ 159.593366][ T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 159.594082][ T29] audit: type=1400 audit(1736915433.687:564): avc: denied { listen } for pid=7059 comm="syz.4.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 159.610728][ T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 159.635822][ T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 159.654493][ T9] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 159.658119][ T7049] overlayfs: missing 'workdir' [ 159.744039][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.754133][ T29] audit: type=1400 audit(1736915434.117:565): avc: denied { shutdown } for pid=7048 comm="syz.2.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 159.817310][ T9] usb 4-1: config 0 descriptor?? [ 159.838016][ T9] gspca_main: spca561-2.14.0 probing abcd:cdee [ 160.180908][ T29] audit: type=1400 audit(1736915434.987:566): avc: denied { block_suspend } for pid=7064 comm="syz.3.294" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 160.486969][ T7075] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 160.579787][ T7093] netlink: 'syz.4.301': attribute type 11 has an invalid length. [ 160.669565][ T9] spca561 4-1:0.156: probe with driver spca561 failed with error -22 [ 160.688666][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 160.697425][ T9] usb 4-1: MIDIStreaming interface descriptor not found [ 161.108300][ T7083] netlink: 36 bytes leftover after parsing attributes in process `syz.1.297'. [ 161.208636][ T9] usb 4-1: USB disconnect, device number 6 [ 161.337712][ T969] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 161.590636][ T5806] udevd[5806]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.156/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 161.881366][ T969] usb 1-1: Using ep0 maxpacket: 32 [ 162.141393][ T969] usb 1-1: config 0 has an invalid interface number: 111 but max is 1 [ 162.165928][ T969] usb 1-1: config 0 has no interface number 1 [ 162.179412][ T969] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83 [ 162.191926][ T969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.203829][ T969] usb 1-1: Product: syz [ 162.210535][ T969] usb 1-1: Manufacturer: syz [ 162.374092][ T969] usb 1-1: SerialNumber: syz [ 162.397495][ T969] usb 1-1: config 0 descriptor?? [ 162.407504][ T7110] netlink: 16 bytes leftover after parsing attributes in process `syz.4.306'. [ 162.584050][ T7110] openvswitch: netlink: Flow key attr not present in new flow. [ 162.893189][ T7090] syz.0.300: attempt to access beyond end of device [ 162.893189][ T7090] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 163.474491][ T969] snd-usb-6fire 1-1:0.111: unable to receive device firmware state. [ 163.482704][ T969] snd-usb-6fire 1-1:0.111: probe with driver snd-usb-6fire failed with error -110 [ 163.520386][ T7130] lo speed is unknown, defaulting to 1000 [ 164.577437][ T29] audit: type=1400 audit(1736915439.367:567): avc: denied { setopt } for pid=7133 comm="syz.3.310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 164.676560][ T7158] netlink: 4 bytes leftover after parsing attributes in process `syz.4.315'. [ 165.548050][ T7164] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2047 sclass=netlink_route_socket pid=7164 comm=syz.2.316 [ 165.662412][ T5861] usb 1-1: USB disconnect, device number 13 [ 166.612838][ T7184] FAULT_INJECTION: forcing a failure. [ 166.612838][ T7184] name failslab, interval 1, probability 0, space 0, times 0 [ 166.680103][ T7184] CPU: 0 UID: 0 PID: 7184 Comm: syz.2.321 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 166.690734][ T7184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 166.700800][ T7184] Call Trace: [ 166.704078][ T7184] [ 166.707004][ T7184] dump_stack_lvl+0x16c/0x1f0 [ 166.711692][ T7184] should_fail_ex+0x497/0x5b0 [ 166.716391][ T7184] ? fs_reclaim_acquire+0xae/0x150 [ 166.721521][ T7184] should_failslab+0xc2/0x120 [ 166.726218][ T7184] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 166.732043][ T7184] ? __alloc_skb+0x2b1/0x380 [ 166.736645][ T7184] __alloc_skb+0x2b1/0x380 [ 166.741052][ T7184] ? __pfx___alloc_skb+0x10/0x10 [ 166.745975][ T7184] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 166.751940][ T7184] netlink_alloc_large_skb+0x69/0x130 [ 166.757292][ T7184] netlink_sendmsg+0x689/0xd70 [ 166.762041][ T7184] ? __pfx_netlink_sendmsg+0x10/0x10 [ 166.767309][ T7184] ____sys_sendmsg+0xaaf/0xc90 [ 166.772058][ T7184] ? copy_msghdr_from_user+0x10b/0x160 [ 166.777520][ T7184] ? __pfx_____sys_sendmsg+0x10/0x10 [ 166.782790][ T7184] ___sys_sendmsg+0x135/0x1e0 [ 166.787446][ T7184] ? __pfx____sys_sendmsg+0x10/0x10 [ 166.792628][ T7184] ? __pfx_lock_release+0x10/0x10 [ 166.797629][ T7184] ? trace_lock_acquire+0x14e/0x1f0 [ 166.802810][ T7184] ? __fget_files+0x206/0x3a0 [ 166.807466][ T7184] __sys_sendmsg+0x16e/0x220 [ 166.812032][ T7184] ? __pfx___sys_sendmsg+0x10/0x10 [ 166.817126][ T7184] do_syscall_64+0xcd/0x250 [ 166.821629][ T7184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.827501][ T7184] RIP: 0033:0x7fef6c985d29 [ 166.831891][ T7184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.851480][ T7184] RSP: 002b:00007fef6d87b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 166.859869][ T7184] RAX: ffffffffffffffda RBX: 00007fef6cb75fa0 RCX: 00007fef6c985d29 [ 166.867817][ T7184] RDX: 0000000020004000 RSI: 0000000020000600 RDI: 0000000000000003 [ 166.875764][ T7184] RBP: 00007fef6d87b090 R08: 0000000000000000 R09: 0000000000000000 [ 166.883713][ T7184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.891659][ T7184] R13: 0000000000000000 R14: 00007fef6cb75fa0 R15: 00007ffd028f0318 [ 166.899617][ T7184] [ 166.931738][ T29] audit: type=1400 audit(1736915441.727:568): avc: denied { ioctl } for pid=7185 comm="syz.3.323" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 167.164408][ T969] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 167.408899][ T969] usb 4-1: unable to get BOS descriptor or descriptor too short [ 167.491362][ T969] usb 4-1: not running at top speed; connect to a high speed hub [ 167.631891][ T969] usb 4-1: config 1 interface 0 has no altsetting 0 [ 167.878353][ T969] usb 4-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.40 [ 167.887624][ T969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.913995][ T969] usb 4-1: Product: syz [ 167.924939][ T969] usb 4-1: Manufacturer: 㖷䍾㓎롌熂గ勈ਧᶐ㈴ꖧ꾎䌜蛨刜쁾脂镸㨆彆乸댵ꉾ꼷终걒垴꠻ᕜ㦭쀚磏㵁雷㦜叾봔纴 [ 167.981150][ T969] usb 4-1: SerialNumber: syz [ 168.585807][ T29] audit: type=1400 audit(1736915443.387:569): avc: denied { read } for pid=7185 comm="syz.3.323" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 168.585859][ T29] audit: type=1400 audit(1736915443.387:570): avc: denied { open } for pid=7185 comm="syz.3.323" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 273.663878][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 273.663896][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P7209/1:b..l P5817/2:b..l [ 273.664440][ C1] rcu: (detected by 1, t=10502 jiffies, g=12229, q=132 ncpus=2) [ 273.664458][ C1] task:syz-executor state:R running task stack:23008 pid:5817 tgid:5817 ppid:5812 flags:0x00004002 [ 273.664519][ C1] Call Trace: [ 273.664526][ C1] [ 273.664537][ C1] __schedule+0xe58/0x5ad0 [ 273.664579][ C1] ? __pfx___schedule+0x10/0x10 [ 273.664608][ C1] ? mark_held_locks+0x9f/0xe0 [ 273.664633][ C1] preempt_schedule_irq+0x51/0x90 [ 273.664655][ C1] irqentry_exit+0x36/0x90 [ 273.664677][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 273.664702][ C1] RIP: 0010:lock_acquire.part.0+0x155/0x380 [ 273.664723][ C1] Code: b8 ff ff ff ff 65 0f c1 05 40 b0 8b 7e 83 f8 01 0f 85 d0 01 00 00 9c 58 f6 c4 02 0f 85 e5 01 00 00 48 85 ed 0f 85 b6 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7 [ 273.664740][ C1] RSP: 0018:ffffc90004aaf268 EFLAGS: 00000206 [ 273.664756][ C1] RAX: 0000000000000046 RBX: 1ffff92000955e4e RCX: 00000000c70002c2 [ 273.664769][ C1] RDX: 0000000000000001 RSI: ffffffff8b6cdce0 RDI: ffffffff8bd1ef20 [ 273.664782][ C1] RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff2dca798 [ 273.664794][ C1] R10: ffffffff96e53cc7 R11: 0000000000000002 R12: 0000000000000000 [ 273.664806][ C1] R13: ffffffff8e1bb900 R14: 0000000000000000 R15: 0000000000000000 [ 273.664833][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 273.664854][ C1] ? rcu_is_watching+0x12/0xc0 [ 273.664878][ C1] ? trace_lock_acquire+0x14e/0x1f0 [ 273.664904][ C1] ? is_bpf_text_address+0x30/0x1a0 [ 273.664927][ C1] ? lock_acquire+0x2f/0xb0 [ 273.664945][ C1] ? is_bpf_text_address+0x30/0x1a0 [ 273.664966][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 273.664993][ C1] is_bpf_text_address+0x36/0x1a0 [ 273.665014][ C1] ? is_bpf_text_address+0x30/0x1a0 [ 273.665035][ C1] kernel_text_address+0x8d/0x100 [ 273.665055][ C1] __kernel_text_address+0xd/0x40 [ 273.665075][ C1] unwind_get_return_address+0x59/0xa0 [ 273.665096][ C1] arch_stack_walk+0xa7/0x100 [ 273.665129][ C1] stack_trace_save+0x95/0xd0 [ 273.665154][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 273.665186][ C1] save_stack+0x162/0x1f0 [ 273.665206][ C1] ? __pfx_save_stack+0x10/0x10 [ 273.665223][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 273.665242][ C1] ? free_unref_folios+0xa7b/0x14f0 [ 273.665262][ C1] ? folios_put_refs+0x587/0x7b0 [ 273.665281][ C1] ? shmem_undo_range+0x586/0x1170 [ 273.665297][ C1] ? shmem_evict_inode+0x3a3/0xba0 [ 273.665313][ C1] ? evict+0x409/0x960 [ 273.665334][ C1] ? iput+0x52a/0x890 [ 273.665355][ C1] ? do_unlinkat+0x5c3/0x760 [ 273.665373][ C1] ? __x64_sys_unlink+0xc5/0x110 [ 273.665392][ C1] ? do_syscall_64+0xcd/0x250 [ 273.665415][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.665450][ C1] __reset_page_owner+0x8d/0x400 [ 273.665476][ C1] free_unref_folios+0xa7b/0x14f0 [ 273.665508][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 273.665534][ C1] folios_put_refs+0x587/0x7b0 [ 273.665558][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 273.665582][ C1] ? folio_batch_remove_exceptionals+0x115/0x1a0 [ 273.665610][ C1] shmem_undo_range+0x586/0x1170 [ 273.665638][ C1] ? __pfx_shmem_undo_range+0x10/0x10 [ 273.665678][ C1] ? unwind_get_return_address+0x59/0xa0 [ 273.665699][ C1] ? arch_stack_walk+0xa7/0x100 [ 273.665722][ C1] ? hlock_class+0x4e/0x130 [ 273.665767][ C1] ? kasan_save_stack+0x33/0x60 [ 273.665789][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 273.665807][ C1] ? hlock_class+0x4e/0x130 [ 273.665830][ C1] ? __lock_acquire+0x15a9/0x3c40 [ 273.665853][ C1] shmem_evict_inode+0x3a3/0xba0 [ 273.665873][ C1] ? find_held_lock+0x2d/0x110 [ 273.665898][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 273.665916][ C1] ? evict+0x3c8/0x960 [ 273.665938][ C1] ? __pfx_lock_release+0x10/0x10 [ 273.665962][ C1] ? lock_acquire+0x2f/0xb0 [ 273.665985][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 273.666003][ C1] evict+0x409/0x960 [ 273.666027][ C1] ? __pfx_evict+0x10/0x10 [ 273.666063][ C1] iput+0x52a/0x890 [ 273.666086][ C1] ? __pfx_generic_delete_inode+0x10/0x10 [ 273.666107][ C1] do_unlinkat+0x5c3/0x760 [ 273.666128][ C1] ? __virt_addr_valid+0x5e/0x590 [ 273.666151][ C1] ? __pfx_do_unlinkat+0x10/0x10 [ 273.666170][ C1] ? __check_object_size+0x488/0x710 [ 273.666203][ C1] ? getname_flags.part.0+0x1c5/0x550 [ 273.666230][ C1] __x64_sys_unlink+0xc5/0x110 [ 273.666250][ C1] do_syscall_64+0xcd/0x250 [ 273.666275][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.666298][ C1] RIP: 0033:0x7f10f73852d7 [ 273.666313][ C1] RSP: 002b:00007fffb54b4e68 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 273.666332][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f10f73852d7 [ 273.666344][ C1] RDX: 00007fffb54b4e90 RSI: 00007fffb54b4f20 RDI: 00007fffb54b4f20 [ 273.666357][ C1] RBP: 00007fffb54b4f20 R08: 0000000000000000 R09: 0000000000000000 [ 273.666368][ C1] R10: 0000000000000100 R11: 0000000000000206 R12: 00007fffb54b5fa0 [ 273.666380][ C1] R13: 00007f10f74018f4 R14: 00007fffb54b5fe0 R15: 0000000000000034 [ 273.666405][ C1] [ 273.666412][ C1] task:syz.1.329 state:R running task stack:26928 pid:7209 tgid:7205 ppid:5813 flags:0x00004002 [ 273.666466][ C1] Call Trace: [ 273.666472][ C1] [ 273.666488][ C1] __schedule+0xe58/0x5ad0 [ 273.666508][ C1] ? page_ext_put+0x3e/0xd0 [ 273.666530][ C1] ? reacquire_held_locks+0x401/0x4c0 [ 273.666560][ C1] ? __pfx___schedule+0x10/0x10 [ 273.666580][ C1] ? page_table_check_set+0x8ee/0x9c0 [ 273.666611][ C1] ? preempt_schedule_thunk+0x1a/0x30 [ 273.666631][ C1] preempt_schedule_common+0x44/0xc0 [ 273.666655][ C1] preempt_schedule_thunk+0x1a/0x30 [ 273.666678][ C1] _raw_spin_unlock+0x3e/0x50 [ 273.666698][ C1] finish_fault+0x9e7/0x1010 [ 273.666720][ C1] ? __do_fault+0x21c/0x490 [ 273.666748][ C1] do_pte_missing+0xee6/0x3e00 [ 273.666778][ C1] __handle_mm_fault+0x103c/0x2a40 [ 273.666803][ C1] ? find_held_lock+0x2d/0x110 [ 273.666828][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 273.666850][ C1] ? follow_page_pte+0x3c3/0x1b20 [ 273.666870][ C1] ? __pfx_lock_release+0x10/0x10 [ 273.666899][ C1] ? follow_page_pte+0x3f7/0x1b20 [ 273.666925][ C1] handle_mm_fault+0x3fa/0xaa0 [ 273.666951][ C1] __get_user_pages+0x8d9/0x3b50 [ 273.666978][ C1] ? __pfx_mt_find+0x10/0x10 [ 273.667002][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 273.667022][ C1] ? __pfx___get_user_pages+0x10/0x10 [ 273.667045][ C1] ? __mm_populate+0x21d/0x380 [ 273.667071][ C1] populate_vma_page_range+0x27f/0x3a0 [ 273.667094][ C1] ? __pfx_populate_vma_page_range+0x10/0x10 [ 273.667114][ C1] ? __pfx_find_vma_intersection+0x10/0x10 [ 273.667133][ C1] ? vm_mmap_pgoff+0x25b/0x360 [ 273.667158][ C1] __mm_populate+0x1d6/0x380 [ 273.667181][ C1] ? __pfx___mm_populate+0x10/0x10 [ 273.667203][ C1] ? up_write+0x1b2/0x520 [ 273.667228][ C1] vm_mmap_pgoff+0x293/0x360 [ 273.667250][ C1] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 273.667270][ C1] ? do_user_addr_fault+0xe50/0x13f0 [ 273.667297][ C1] ksys_mmap_pgoff+0x7d/0x5c0 [ 273.667320][ C1] __x64_sys_mmap+0x125/0x190 [ 273.667343][ C1] do_syscall_64+0xcd/0x250 [ 273.667368][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.667392][ C1] RIP: 0033:0x7f1464b85d29 [ 273.667405][ C1] RSP: 002b:00007f1465a85038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 273.667422][ C1] RAX: ffffffffffffffda RBX: 00007f1464d76080 RCX: 00007f1464b85d29 [ 273.667435][ C1] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000 [ 273.667447][ C1] RBP: 00007f1464c01b08 R08: ffffffffffffffff R09: 0000000000000000 [ 273.667459][ C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 273.667471][ C1] R13: 0000000000000001 R14: 00007f1464d76080 R15: 00007ffe8340cda8 [ 273.667504][ C1] [ 273.667511][ C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g12229 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 273.667531][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 273.667540][ C1] rcu: RCU grace-period kthread stack dump: [ 273.667546][ C1] task:rcu_preempt state:R running task stack:28472 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 273.667600][ C1] Call Trace: [ 273.667606][ C1] [ 273.667616][ C1] __schedule+0xe58/0x5ad0 [ 273.667637][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 273.667669][ C1] ? __pfx___schedule+0x10/0x10 [ 273.667691][ C1] ? schedule+0x298/0x350 [ 273.667711][ C1] ? __pfx_lock_release+0x10/0x10 [ 273.667735][ C1] ? lock_acquire+0x2f/0xb0 [ 273.667752][ C1] ? schedule+0x1fd/0x350 [ 273.667776][ C1] schedule+0xe7/0x350 [ 273.667798][ C1] schedule_timeout+0x124/0x280 [ 273.667817][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 273.667837][ C1] ? __pfx_process_timeout+0x10/0x10 [ 273.667867][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 273.667889][ C1] ? prepare_to_swait_event+0xf3/0x470 [ 273.667914][ C1] rcu_gp_fqs_loop+0x1eb/0xb00 [ 273.667938][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 273.667957][ C1] ? rcu_gp_init+0xc82/0x1630 [ 273.667980][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 273.668012][ C1] rcu_gp_kthread+0x271/0x380 [ 273.668033][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 273.668055][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 273.668079][ C1] ? __kthread_parkme+0x148/0x220 [ 273.668105][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 273.668126][ C1] kthread+0x2c1/0x3a0 [ 273.668148][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 273.668168][ C1] ? __pfx_kthread+0x10/0x10 [ 273.668192][ C1] ret_from_fork+0x45/0x80 [ 273.668209][ C1] ? __pfx_kthread+0x10/0x10 [ 273.668232][ C1] ret_from_fork_asm+0x1a/0x30 [ 273.668268][ C1] [ 273.668275][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 273.668283][ C1] CPU: 1 UID: 0 PID: 7216 Comm: syz.0.332 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 273.668303][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 273.668314][ C1] RIP: 0010:smp_call_function_many_cond+0x45d/0x1300 [ 273.668339][ C1] Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 aa 0b 0c 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31 ff 83 e0 01 41 [ 273.668355][ C1] RSP: 0018:ffffc90004cbf5a8 EFLAGS: 00000246 [ 273.668370][ C1] RAX: 0000000000000000 RBX: ffff8880b86469c0 RCX: ffffc900131b0000 [ 273.668382][ C1] RDX: 0000000000080000 RSI: ffffffff818e18f6 RDI: 0000000000000005 [ 273.668393][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 273.668405][ C1] R10: 0000000000000001 R11: 0000000000000005 R12: ffffed10170c8d39 [ 273.668416][ C1] R13: 0000000000000001 R14: ffff8880b86469c8 R15: ffff8880b873fe40 [ 273.668429][ C1] FS: 00007fec111b26c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 273.668448][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 273.668460][ C1] CR2: 000000002032e030 CR3: 000000002947c000 CR4: 00000000003526f0 [ 273.668472][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 273.668488][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 273.668500][ C1] Call Trace: [ 273.668506][ C1] [ 273.668513][ C1] ? rcu_check_gp_kthread_starvation+0x31b/0x450 [ 273.668538][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 273.668563][ C1] ? rcu_sched_clock_irq+0x247a/0x3310 [ 273.668596][ C1] ? timekeeping_advance+0x72e/0xa90 [ 273.668614][ C1] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 273.668641][ C1] ? __asan_memcpy+0x3c/0x60 [ 273.668660][ C1] ? cgroup_rstat_updated+0x2a/0xb20 [ 273.668692][ C1] ? rcu_is_watching+0x12/0xc0 [ 273.668719][ C1] ? update_process_times+0x178/0x2d0 [ 273.668742][ C1] ? __pfx_update_process_times+0x10/0x10 [ 273.668764][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 273.668788][ C1] ? update_wall_time+0x1c/0x40 [ 273.668809][ C1] ? tick_nohz_handler+0x376/0x530 [ 273.668836][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 273.668859][ C1] ? __hrtimer_run_queues+0x5fb/0xae0 [ 273.668891][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 273.668913][ C1] ? read_tsc+0x9/0x20 [ 273.668943][ C1] ? hrtimer_interrupt+0x392/0x8e0 [ 273.668978][ C1] ? __sysvec_apic_timer_interrupt+0x10f/0x400 [ 273.669001][ C1] ? sysvec_apic_timer_interrupt+0x9f/0xc0 [ 273.669023][ C1] [ 273.669029][ C1] [ 273.669037][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 273.669069][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 273.669093][ C1] ? smp_call_function_many_cond+0x45d/0x1300 [ 273.669118][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 273.669143][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 273.669170][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 273.669192][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 273.669217][ C1] text_poke_bp_batch+0x22b/0x760 [ 273.669240][ C1] ? __pfx_text_poke_loc_init+0x10/0x10 [ 273.669265][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 273.669296][ C1] ? rcu_is_watching+0x12/0xc0 [ 273.669320][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 273.669343][ C1] text_poke_bp+0xa3/0xd0 [ 273.669360][ C1] ? __pfx_text_poke_bp+0x10/0x10 [ 273.669381][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 273.669404][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 273.669426][ C1] __static_call_transform+0x34d/0x770 [ 273.669447][ C1] ? __pfx___static_call_transform+0x10/0x10 [ 273.669466][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 273.669494][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 273.669514][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 273.669533][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 273.669552][ C1] arch_static_call_transform+0x5d/0xb0 [ 273.669569][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 273.669591][ C1] __static_call_update+0xee/0x660 [ 273.669614][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 273.669634][ C1] ? __pfx___static_call_update+0x10/0x10 [ 273.669659][ C1] ? rcu_is_watching+0x12/0xc0 [ 273.669683][ C1] ? __kmalloc_noprof+0x23b/0x510 [ 273.669706][ C1] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 273.669728][ C1] tracepoint_add_func+0xbcb/0xeb0 [ 273.669756][ C1] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 273.669778][ C1] tracepoint_probe_register_prio_may_exist+0xbd/0x110 [ 273.669802][ C1] ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10 [ 273.669825][ C1] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 273.669849][ C1] ? __local_bh_enable_ip+0xa4/0x120 [ 273.669875][ C1] bpf_probe_register+0x189/0x200 [ 273.669898][ C1] bpf_raw_tp_link_attach+0x2cd/0x5f0 [ 273.669922][ C1] ? __pfx_lock_release+0x10/0x10 [ 273.669941][ C1] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 273.669968][ C1] ? lock_acquire+0x2f/0xb0 [ 273.669985][ C1] ? __fget_files+0x40/0x3a0 [ 273.670012][ C1] ? fput+0x67/0x440 [ 273.670034][ C1] ? __bpf_prog_get+0xa0/0x290 [ 273.670056][ C1] __sys_bpf+0x3a4/0x49c0 [ 273.670082][ C1] ? __pfx___sys_bpf+0x10/0x10 [ 273.670108][ C1] ? do_user_addr_fault+0xdc7/0x13f0 [ 273.670125][ C1] ? reacquire_held_locks+0x20b/0x4c0 [ 273.670147][ C1] ? do_futex+0x123/0x350 [ 273.670166][ C1] ? __pfx_do_futex+0x10/0x10 [ 273.670194][ C1] ? xfd_validate_state+0x5d/0x180 [ 273.670213][ C1] ? rcu_is_watching+0x12/0xc0 [ 273.670240][ C1] __x64_sys_bpf+0x78/0xc0 [ 273.670262][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 273.670284][ C1] do_syscall_64+0xcd/0x250 [ 273.670309][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.670332][ C1] RIP: 0033:0x7fec13785d29 [ 273.670346][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.670362][ C1] RSP: 002b:00007fec111b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 273.670380][ C1] RAX: ffffffffffffffda RBX: 00007fec13976240 RCX: 00007fec13785d29 [ 273.670392][ C1] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000011 [ 273.670404][ C1] RBP: 00007fec13801b08 R08: 0000000000000000 R09: 0000000000000000 [ 273.670415][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 273.670427][ C1] R13: 0000000000000000 R14: 00007fec13976240 R15: 00007ffdfd21f298 [ 273.670450][ C1] [ 419.967929][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 246s! [syz.0.332:7216] [ 419.967953][ C1] Modules linked in: [ 419.967964][ C1] irq event stamp: 19207518 [ 419.967971][ C1] hardirqs last enabled at (19207517): [] irqentry_exit+0x3b/0x90 [ 419.968004][ C1] hardirqs last disabled at (19207518): [] sysvec_apic_timer_interrupt+0xe/0xc0 [ 419.968028][ C1] softirqs last enabled at (19207516): [] handle_softirqs+0x5bb/0x8f0 [ 419.968052][ C1] softirqs last disabled at (19207507): [] __irq_exit_rcu+0x109/0x170 [ 419.968077][ C1] CPU: 1 UID: 0 PID: 7216 Comm: syz.0.332 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 419.968097][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 419.968107][ C1] RIP: 0010:smp_call_function_many_cond+0x458/0x1300 [ 419.968133][ C1] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 aa 0b 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31 [ 419.968150][ C1] RSP: 0018:ffffc90004cbf5a8 EFLAGS: 00000246 [ 419.968166][ C1] RAX: 0000000000080000 RBX: ffff8880b86469c0 RCX: ffffc900131b0000 [ 419.968178][ C1] RDX: 0000000000080000 RSI: ffffffff818e18f6 RDI: 0000000000000005 [ 419.968190][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 419.968201][ C1] R10: 0000000000000001 R11: 0000000000000005 R12: ffffed10170c8d39 [ 419.968212][ C1] R13: 0000000000000001 R14: ffff8880b86469c8 R15: ffff8880b873fe40 [ 419.968224][ C1] FS: 00007fec111b26c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 419.968243][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 419.968256][ C1] CR2: 000000002032e030 CR3: 000000002947c000 CR4: 00000000003526f0 [ 419.968267][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 419.968278][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 419.968290][ C1] Call Trace: [ 419.968296][ C1] [ 419.968305][ C1] ? watchdog_timer_fn+0x570/0x7d0 [ 419.968330][ C1] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 419.968351][ C1] ? __hrtimer_run_queues+0x5fb/0xae0 [ 419.968382][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 419.968404][ C1] ? read_tsc+0x9/0x20 [ 419.968434][ C1] ? hrtimer_interrupt+0x392/0x8e0 [ 419.968468][ C1] ? __sysvec_apic_timer_interrupt+0x10f/0x400 [ 419.968491][ C1] ? sysvec_apic_timer_interrupt+0x9f/0xc0 [ 419.968513][ C1] [ 419.968519][ C1] [ 419.968526][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 419.968559][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 419.968583][ C1] ? smp_call_function_many_cond+0x458/0x1300 [ 419.968608][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 419.968631][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 419.968663][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 419.968685][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 419.968711][ C1] text_poke_bp_batch+0x22b/0x760 [ 419.968734][ C1] ? __pfx_text_poke_loc_init+0x10/0x10 [ 419.968758][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 419.968787][ C1] ? rcu_is_watching+0x12/0xc0 [ 419.968813][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 419.968835][ C1] text_poke_bp+0xa3/0xd0 [ 419.968852][ C1] ? __pfx_text_poke_bp+0x10/0x10 [ 419.968873][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 419.968895][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 419.968916][ C1] __static_call_transform+0x34d/0x770 [ 419.968936][ C1] ? __pfx___static_call_transform+0x10/0x10 [ 419.968955][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 419.968978][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 419.968997][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 419.969017][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 419.969036][ C1] arch_static_call_transform+0x5d/0xb0 [ 419.969053][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 419.969074][ C1] __static_call_update+0xee/0x660 [ 419.969097][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 419.969117][ C1] ? __pfx___static_call_update+0x10/0x10 [ 419.969137][ C1] ? rcu_is_watching+0x12/0xc0 [ 419.969161][ C1] ? __kmalloc_noprof+0x23b/0x510 [ 419.969185][ C1] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 419.969207][ C1] tracepoint_add_func+0xbcb/0xeb0 [ 419.969236][ C1] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 419.969257][ C1] tracepoint_probe_register_prio_may_exist+0xbd/0x110 [ 419.969281][ C1] ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10 [ 419.969304][ C1] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 419.969328][ C1] ? __local_bh_enable_ip+0xa4/0x120 [ 419.969352][ C1] bpf_probe_register+0x189/0x200 [ 419.969376][ C1] bpf_raw_tp_link_attach+0x2cd/0x5f0 [ 419.969400][ C1] ? __pfx_lock_release+0x10/0x10 [ 419.969419][ C1] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 419.969445][ C1] ? lock_acquire+0x2f/0xb0 [ 419.969462][ C1] ? __fget_files+0x40/0x3a0 [ 419.969490][ C1] ? fput+0x67/0x440 [ 419.969512][ C1] ? __bpf_prog_get+0xa0/0x290 [ 419.969534][ C1] __sys_bpf+0x3a4/0x49c0 [ 419.969560][ C1] ? __pfx___sys_bpf+0x10/0x10 [ 419.969586][ C1] ? do_user_addr_fault+0xdc7/0x13f0 [ 419.969604][ C1] ? reacquire_held_locks+0x20b/0x4c0 [ 419.969626][ C1] ? do_futex+0x123/0x350 [ 419.969649][ C1] ? __pfx_do_futex+0x10/0x10 [ 419.969680][ C1] ? xfd_validate_state+0x5d/0x180 [ 419.969702][ C1] ? rcu_is_watching+0x12/0xc0 [ 419.969731][ C1] __x64_sys_bpf+0x78/0xc0 [ 419.969754][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 419.969775][ C1] do_syscall_64+0xcd/0x250 [ 419.969801][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.969823][ C1] RIP: 0033:0x7fec13785d29 [ 419.969840][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.969855][ C1] RSP: 002b:00007fec111b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 419.969873][ C1] RAX: ffffffffffffffda RBX: 00007fec13976240 RCX: 00007fec13785d29 [ 419.969885][ C1] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000011 [ 419.969896][ C1] RBP: 00007fec13801b08 R08: 0000000000000000 R09: 0000000000000000 [ 419.969907][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 419.969918][ C1] R13: 0000000000000000 R14: 00007fec13976240 R15: 00007ffdfd21f298 [ 419.969941][ C1] [ 419.969949][ C1] Sending NMI from CPU 1 to CPUs 0: [ 419.969971][ C0] NMI backtrace for cpu 0 [ 419.969979][ C0] CPU: 0 UID: 0 PID: 7210 Comm: syz.2.330 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 419.969994][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 419.970001][ C0] RIP: 0010:mark_lock+0x127/0xc60 [ 419.970015][ C0] Code: 00 00 00 00 48 c7 40 10 00 00 00 00 48 8b 84 24 08 01 00 00 65 48 2b 04 25 28 00 00 00 0f 85 56 09 00 00 48 8d 65 d8 89 d0 5b <41> 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 8d 7e 22 48 89 f8 48 [ 419.970027][ C0] RSP: 0018:ffffc90000007a80 EFLAGS: 00000046 [ 419.970037][ C0] RAX: 0000000000000001 RBX: ffff888050e60b52 RCX: 1ffffffff2dca828 [ 419.970046][ C0] RDX: 0000000000000001 RSI: 0000000000000100 RDI: ffffffff96e54140 [ 419.970054][ C0] RBP: ffffc90000007aa0 R08: 0000000000000000 R09: fffffbfff2dca798 [ 419.970063][ C0] R10: ffffffff96e53cc7 R11: 0000000000000001 R12: ffff888050e60000 [ 419.970071][ C0] R13: 0000000000000100 R14: 0000000000000008 R15: 1ffff92000000f32 [ 419.970080][ C0] FS: 00007fef6d8596c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 419.970095][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 419.970104][ C0] CR2: 0000001b2f403ff8 CR3: 0000000021392000 CR4: 00000000003526f0 [ 419.970113][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 419.970121][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 419.970129][ C0] Call Trace: [ 419.970133][ C0] [ 419.970137][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 419.970152][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 419.970165][ C0] ? nmi_handle+0x1ac/0x5d0 [ 419.970179][ C0] ? mark_lock+0x127/0xc60 [ 419.970192][ C0] ? default_do_nmi+0x6a/0x160 [ 419.970206][ C0] ? exc_nmi+0x170/0x1e0 [ 419.970219][ C0] ? end_repeat_nmi+0xf/0x53 [ 419.970239][ C0] ? mark_lock+0x127/0xc60 [ 419.970252][ C0] ? mark_lock+0x127/0xc60 [ 419.970266][ C0] ? mark_lock+0x127/0xc60 [ 419.970279][ C0] [ 419.970283][ C0] [ 419.970287][ C0] __lock_acquire+0x9f1/0x3c40 [ 419.970304][ C0] ? hlock_class+0x4e/0x130 [ 419.970322][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 419.970338][ C0] lock_acquire.part.0+0x11b/0x380 [ 419.970353][ C0] ? debug_object_activate+0x149/0x4a0 [ 419.970369][ C0] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 419.970383][ C0] ? rcu_is_watching+0x12/0xc0 [ 419.970400][ C0] ? trace_lock_acquire+0x14e/0x1f0 [ 419.970418][ C0] ? debug_object_activate+0x149/0x4a0 [ 419.970433][ C0] ? lock_acquire+0x2f/0xb0 [ 419.970446][ C0] ? debug_object_activate+0x149/0x4a0 [ 419.970461][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 419.970475][ C0] ? debug_object_activate+0x149/0x4a0 [ 419.970490][ C0] debug_object_activate+0x149/0x4a0 [ 419.970504][ C0] ? lock_acquire.part.0+0x11b/0x380 [ 419.970518][ C0] ? __pfx_debug_object_activate+0x10/0x10 [ 419.970534][ C0] ? do_raw_spin_lock+0x12d/0x2c0 [ 419.970551][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 419.970567][ C0] ? __pfx_advance_sched+0x10/0x10 [ 419.970582][ C0] enqueue_hrtimer+0x25/0x3c0 [ 419.970599][ C0] __hrtimer_run_queues+0x903/0xae0 [ 419.970619][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 419.970635][ C0] ? read_tsc+0x9/0x20 [ 419.970654][ C0] hrtimer_interrupt+0x392/0x8e0 [ 419.970672][ C0] ? irq_work_single+0x13a/0x260 [ 419.970689][ C0] __sysvec_apic_timer_interrupt+0x10f/0x400 [ 419.970704][ C0] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 419.970719][ C0] [ 419.970724][ C0] [ 419.970728][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 419.970746][ C0] RIP: 0010:lock_acquire.part.0+0x155/0x380 [ 419.970761][ C0] Code: b8 ff ff ff ff 65 0f c1 05 40 b0 8b 7e 83 f8 01 0f 85 d0 01 00 00 9c 58 f6 c4 02 0f 85 e5 01 00 00 48 85 ed 0f 85 b6 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7 [ 419.970773][ C0] RSP: 0018:ffffc90004fbf5e8 EFLAGS: 00000206 [ 419.970782][ C0] RAX: 0000000000000046 RBX: 1ffff920009f7ebe RCX: ffffffff8175e32e [ 419.970791][ C0] RDX: 0000000000000001 RSI: ffffffff8b6cdce0 RDI: ffffffff8bd1ef20 [ 419.970800][ C0] RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff2dca7af [ 419.970808][ C0] R10: ffffffff96e53d7f R11: 0000000000000000 R12: 0000000000000000 [ 419.970817][ C0] R13: ffff88807c466090 R14: 0000000000000000 R15: 0000000000000000 [ 419.970828][ C0] ? hlock_class+0x4e/0x130 [ 419.970847][ C0] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 419.970861][ C0] ? rcu_is_watching+0x12/0xc0 [ 419.970878][ C0] ? trace_lock_acquire+0x14e/0x1f0 [ 419.970901][ C0] ? __unix_dgram_recvmsg+0x267/0xe50 [ 419.970919][ C0] ? lock_acquire+0x2f/0xb0 [ 419.970932][ C0] ? __unix_dgram_recvmsg+0x267/0xe50 [ 419.970950][ C0] __mutex_lock+0x19b/0xa60 [ 419.970966][ C0] ? __unix_dgram_recvmsg+0x267/0xe50 [ 419.970984][ C0] ? __pfx_mark_lock+0x10/0x10 [ 419.970997][ C0] ? __unix_dgram_recvmsg+0x267/0xe50 [ 419.971015][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 419.971031][ C0] ? __scm_recv_common.constprop.0+0x19f/0x650 [ 419.971048][ C0] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 419.971070][ C0] ? __unix_dgram_recvmsg+0x267/0xe50 [ 419.971087][ C0] __unix_dgram_recvmsg+0x267/0xe50 [ 419.971106][ C0] ? __pfx___unix_dgram_recvmsg+0x10/0x10 [ 419.971123][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 419.971141][ C0] ? find_held_lock+0x2d/0x110 [ 419.971159][ C0] ? __might_fault+0x13b/0x190 [ 419.971177][ C0] unix_dgram_recvmsg+0xd0/0x110 [ 419.971195][ C0] ____sys_recvmsg+0x5f8/0x6b0 [ 419.971213][ C0] ? __pfx_____sys_recvmsg+0x10/0x10 [ 419.971233][ C0] ? irqentry_exit+0x3b/0x90 [ 419.971248][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 419.971264][ C0] ___sys_recvmsg+0x115/0x1a0 [ 419.971277][ C0] ? __pfx____sys_recvmsg+0x10/0x10 [ 419.971289][ C0] ? find_held_lock+0x2d/0x110 [ 419.971311][ C0] ? __pfx___might_resched+0x10/0x10 [ 419.971326][ C0] ? __might_fault+0xe3/0x190 [ 419.971344][ C0] do_recvmmsg+0x2f8/0x740 [ 419.971358][ C0] ? __pfx_do_recvmmsg+0x10/0x10 [ 419.971371][ C0] ? __pfx_lock_release+0x10/0x10 [ 419.971386][ C0] ? do_futex+0x123/0x350 [ 419.971402][ C0] ? __x64_sys_futex+0x1e1/0x4c0 [ 419.971416][ C0] __x64_sys_recvmmsg+0x239/0x290 [ 419.971430][ C0] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 419.971446][ C0] do_syscall_64+0xcd/0x250 [ 419.971464][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.971480][ C0] RIP: 0033:0x7fef6c985d29 [ 419.971490][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.971502][ C0] RSP: 002b:00007fef6d859038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 419.971514][ C0] RAX: ffffffffffffffda RBX: 00007fef6cb76080 RCX: 00007fef6c985d29 [ 419.971523][ C0] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000005 [ 419.971532][ C0] RBP: 00007fef6ca01b08 R08: 0000000000000000 R09: 0000000000000000 [ 419.971540][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 419.971548][ C0] R13: 0000000000000000 R14: 00007fef6cb76080 R15: 00007ffd028f0318 [ 419.971561][ C0] [ 419.971968][ C1] Kernel panic - not syncing: softlockup: hung tasks [ 419.971979][ C1] CPU: 1 UID: 0 PID: 7216 Comm: syz.0.332 Tainted: G L 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0 [ 419.972002][ C1] Tainted: [L]=SOFTLOCKUP [ 419.972008][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 419.972018][ C1] Call Trace: [ 419.972024][ C1] [ 419.972030][ C1] dump_stack_lvl+0x3d/0x1f0 [ 419.972054][ C1] panic+0x71d/0x800 [ 419.972071][ C1] ? __pfx_panic+0x10/0x10 [ 419.972093][ C1] ? __pfx__printk+0x10/0x10 [ 419.972116][ C1] ? __irq_work_queue_local+0xdd/0x460 [ 419.972137][ C1] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 419.972154][ C1] ? irq_work_queue+0x2a/0x80 [ 419.972174][ C1] ? watchdog_timer_fn+0x5f2/0x7d0 [ 419.972195][ C1] ? watchdog_timer_fn+0x5e5/0x7d0 [ 419.972219][ C1] watchdog_timer_fn+0x603/0x7d0 [ 419.972242][ C1] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 419.972263][ C1] __hrtimer_run_queues+0x5fb/0xae0 [ 419.972292][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 419.972314][ C1] ? read_tsc+0x9/0x20 [ 419.972342][ C1] hrtimer_interrupt+0x392/0x8e0 [ 419.972375][ C1] __sysvec_apic_timer_interrupt+0x10f/0x400 [ 419.972397][ C1] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 419.972418][ C1] [ 419.972423][ C1] [ 419.972431][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 419.972454][ C1] RIP: 0010:smp_call_function_many_cond+0x458/0x1300 [ 419.972477][ C1] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 aa 0b 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31 [ 419.972492][ C1] RSP: 0018:ffffc90004cbf5a8 EFLAGS: 00000246 [ 419.972506][ C1] RAX: 0000000000080000 RBX: ffff8880b86469c0 RCX: ffffc900131b0000 [ 419.972518][ C1] RDX: 0000000000080000 RSI: ffffffff818e18f6 RDI: 0000000000000005 [ 419.972528][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 419.972539][ C1] R10: 0000000000000001 R11: 0000000000000005 R12: ffffed10170c8d39 [ 419.972550][ C1] R13: 0000000000000001 R14: ffff8880b86469c8 R15: ffff8880b873fe40 [ 419.972569][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 419.972596][ C1] ? smp_call_function_many_cond+0x456/0x1300 [ 419.972619][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 419.972659][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 419.972681][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 419.972705][ C1] text_poke_bp_batch+0x22b/0x760 [ 419.972728][ C1] ? __pfx_text_poke_loc_init+0x10/0x10 [ 419.972752][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 419.972781][ C1] ? rcu_is_watching+0x12/0xc0 [ 419.972805][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 419.972826][ C1] text_poke_bp+0xa3/0xd0 [ 419.972843][ C1] ? __pfx_text_poke_bp+0x10/0x10 [ 419.972862][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 419.972885][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 419.972904][ C1] __static_call_transform+0x34d/0x770 [ 419.972925][ C1] ? __pfx___static_call_transform+0x10/0x10 [ 419.972944][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 419.972966][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 419.972984][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 419.973003][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 419.973022][ C1] arch_static_call_transform+0x5d/0xb0 [ 419.973039][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 419.973060][ C1] __static_call_update+0xee/0x660 [ 419.973081][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 419.973102][ C1] ? __pfx___static_call_update+0x10/0x10 [ 419.973122][ C1] ? rcu_is_watching+0x12/0xc0 [ 419.973145][ C1] ? __kmalloc_noprof+0x23b/0x510 [ 419.973168][ C1] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 419.973189][ C1] tracepoint_add_func+0xbcb/0xeb0 [ 419.973216][ C1] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 419.973237][ C1] tracepoint_probe_register_prio_may_exist+0xbd/0x110 [ 419.973260][ C1] ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10 [ 419.973283][ C1] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 419.973306][ C1] ? __local_bh_enable_ip+0xa4/0x120 [ 419.973331][ C1] bpf_probe_register+0x189/0x200 [ 419.973354][ C1] bpf_raw_tp_link_attach+0x2cd/0x5f0 [ 419.973377][ C1] ? __pfx_lock_release+0x10/0x10 [ 419.973395][ C1] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 419.973421][ C1] ? lock_acquire+0x2f/0xb0 [ 419.973437][ C1] ? __fget_files+0x40/0x3a0 [ 419.973464][ C1] ? fput+0x67/0x440 [ 419.973485][ C1] ? __bpf_prog_get+0xa0/0x290 [ 419.973507][ C1] __sys_bpf+0x3a4/0x49c0 [ 419.973532][ C1] ? __pfx___sys_bpf+0x10/0x10 [ 419.973557][ C1] ? do_user_addr_fault+0xdc7/0x13f0 [ 419.973574][ C1] ? reacquire_held_locks+0x20b/0x4c0 [ 419.973596][ C1] ? do_futex+0x123/0x350 [ 419.973613][ C1] ? __pfx_do_futex+0x10/0x10 [ 419.973648][ C1] ? xfd_validate_state+0x5d/0x180 [ 419.973667][ C1] ? rcu_is_watching+0x12/0xc0 [ 419.973695][ C1] __x64_sys_bpf+0x78/0xc0 [ 419.973717][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 419.973739][ C1] do_syscall_64+0xcd/0x250 [ 419.973764][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.973786][ C1] RIP: 0033:0x7fec13785d29 [ 419.973799][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.973814][ C1] RSP: 002b:00007fec111b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 419.973830][ C1] RAX: ffffffffffffffda RBX: 00007fec13976240 RCX: 00007fec13785d29 [ 419.973842][ C1] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000011 [ 419.973854][ C1] RBP: 00007fec13801b08 R08: 0000000000000000 R09: 0000000000000000 [ 419.973865][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 419.973876][ C1] R13: 0000000000000000 R14: 00007fec13976240 R15: 00007ffdfd21f298 [ 419.973897][ C1] [ 421.053078][ C1] Shutting down cpus with NMI [ 421.053278][ C1] Kernel Offset: disabled