last executing test programs: 6.373691314s ago: executing program 4 (id=157): prctl$PR_SET_MM(0x23, 0xa, &(0x7f0000ff9000/0x4000)=nil) r0 = syz_open_procfs(0x0, &(0x7f0000000500)='environ\x00') preadv(r0, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x0, 0x0) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000000)=0xd8a, &(0x7f00000000c0)=0x2) 5.86171865s ago: executing program 4 (id=161): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x100007000000) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000080)=0x1300621, 0x4) ioctl$PTP_PEROUT_REQUEST2(r0, 0x40383d0c, &(0x7f0000000000)={{0xe67, 0xfffffffc}, {0x7}, 0xfffffffd}) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000000c0)=0x0) r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x20) tkill(r2, 0x3b) 5.740738629s ago: executing program 0 (id=163): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)={0x24, r1, 0x1, 0x0, 0x25dfdbfc, {{0x2}, {@val={0x8, 0x3, r3}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x24}, 0x1, 0x0, 0x0, 0x20008800}, 0x40880) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x6c}}, 0x0) r4 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r4, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000940)=[{&(0x7f0000001040)="5346f7f875528ef24043c68e04180a332e94ee4784fffee263c06f2d924e8699b6af71aa257b5a316af31628e5148c7012f4d55ce4c29fea9e5b0b61fdf0b2dc866fa81b4e775e235eaebe330e16114548f147b8a966bf1f1fc6c24b9d47d349c87c3f789d2ba608cd25b17b6c80a7f0ceb4a06ff270ff8c9f0d3a19133f1fdfd51b767b8cef1f36e5490c5df5fcb378a6fb6eb5d8aaf7791ce81f61a05e1ebdd1789eb70ac1f3dfed378f6f3e237120052113a75ab977796117f7e7b2d6ee499f51dc070c820d10a0eaef4fc94ddc648bafae070caf70c465267497b3de963df649e113e2060c82b057abfae0798d424c81aeb42796189eb0936a2c547a5c4d6351ed786c75beb926118fb7af49ecc00b545fe2563bd4294a982980afed3f9cf390f304611db4c6d7b64d64f38db5fde5cf7cadb29c697013b710e0218660671d0051ddd7fb7f5eb72a34f469b2e20600000091817eb5b952af43d1a40f4770e7220fcdfe25d3e9747e2af76ece5922724840afdba6f6f9e1d11db8561e8e836413ee04d6e084700ec1ac0e00569f0e4d4844f4710299aabbef615c33e276544669ce074528938ec0cc6d2af1ce7a47a64ad676f08507aa08d4210f979ef4aacfa4d524c9952d4743d65c3c527302942a8880116ce7ebc6c84778346f02c806bb466db7d313d7ebc7ea87823d4a8de0b697929fb3277012327827801f75ca3c5776d1a81acb160007f73148dfaf05ab7eed5a0e603ac468eb2bcd9de5f140758e74c20a9931187e0cbc857aa62a4cec8a62f7e31af3a78cdb8608551cdd68e83aebb3c9e05519184ff996c336553fa6bf16865cd6c4eacf1e360b029cdae41070f5fd183ea0eaae427505d56994ccfd0737aae3abbc45f56710d2e3f2662bf4514044f7fa03cde28fa1783970d3c676cb23cb1923a9feb233267ef663936ccf25f7597a2270724527bf468d22786d0548b25582180b72c51742c4e5c373a1008dd4cfba508e8f3f8ec35e6f1375a11b1fbe2dc09e9fe609e80112c8f5c895c922cd547def707b7252d7afa0030d008b1dd10fd4a56e30237a6e0229fb4562cb8df3d4e64b28e15c075e59554e9d61a6065d49c1e765a49195cf5d6b1e2b6192447817fedfe41fcdf9a4fc5af567906e4b6453da7b97eac255cc253d7bceba09f67da4815438583c6843366b76d9e9277558e48681e9cfa920b47aea0e5c46ef86ea7f1ef534cf7565b24b833ba2cbfe60e6271614850dd68f2a8a6be4f315b83abb8e2699ed8e2a4b3506f9dacbb180c4deeef7489f49faf34cdf4e91a402956564f854d71c892e4aada1c91647ce45d4834d000e8d5be1773ecae388e511228977a69d4cc67fbab60ee1555a219e41eebc31807a87d9cbe88a8b05959e1a988f6ea6ed73a6ac1ec2f3d74d73eaa91a39308e008b7fa1ecc2a020f495750f9936d9c07130d950a777c0d8d131416ef55a4ec041113df65ba4aea92fcb3e2268510f316bd17f04993b6473338fe7c08fd9874e743a31582162232c7d6c614e7b3513abcc0feb99b2c9111300004fe291f5bd682c039183e61c1fdac90b2a015939a8d10b07a05e99e5772b4b9329275cef8de2b066d4e4d421e4a0a69cdd8f674b12f5b3fa764e4b1e9f4d767e252e37477813a03f18da16d598fddcf4be590d9f65f64c647cb2f330a614fe688d3d80182ed8aa59905a1cb0d3f034d927e070d71f56ee8e5c5bdf23c4f85c7a17834467bd6cf58218868fe53e3675c130bbe44bea271fa67999a0dc3dbf7c40dbba6e7d6cc0936bd8d466a1f041883c093a3a60743d0549b1a989a2fa41ff978388014434909053e279a21e7866bd4efb4a9f46b7a8b0d1d84d83020e9e68936ca3de030269784aa29a3e25146cd5b03d21ca82f961be925c9ad487fb24b1e35c2d043ee4b6a4aaf811c4308a6ced6b4c45e7513a3f0e1421cb3b0fd8571a7085c9a4b454e4ee8b44767428666cd108b78369b871ab32f36943e24976f4bb6bd4068cc19585a2de791e3f950d220b28f4ba268d8c9dbccc1a705b1b1c30881babdbc8cc4cf97b801e4d410fd7c61b34b1f126e6df1b0e9c676d1ab5", 0x5c9}, {&(0x7f0000000600)="3001fb90647586f4601659c5ad2644b99bfd65452e947b394c96c29278d097c5f170d77283a744139d2ce2a2f4bb5bb37e7396e7bac14056f25d17145e73bc2461b20ea3fce771f1b32d1585e8a456763cfafcf7189145a6e261af6232014cbf8a0f898bf6d14136874b6a1fd7caf8ec9966b0419be0420dc6e247d1a44f038ae29eb4bc67d6a04e80dfb7715ebafaa20fcbc57ade23cba05da1fbe4bba675b742472eebaabf356adc99866930e146125a272cef5baf5dfad4a28a01208d9908183ab2085a781e531f1bed4ac9c245ec19be383047656a7d857d364e6f69eccea5aca3964f", 0xe5}, {&(0x7f0000000cc0)="79dfe4263f037de282e588f3c773eca5f0c383e7425d1573aa90a44223bfeced3ff85afe9d0c0b3b5a7ed7fcdb96a3934fe7af73ee25d5d36ba42e2a858c3d134299abc0393e031db435ae156e55eb2b2b2e2300e0706dfc5c4ec73ba929ffe8a7bb7ce55d95fb6e58560c45d96a58a13aa944b98c481a82927ec071b272b4592616116116527fd2dbc0dfd58c572f714f6852063afc8358fb33ccb8a95460b32b4e26bea604e534d8983790b5e2a180fed88108b0f5a499d5f80b4e4047d9ecc03d21856a4ec0d0d41496d99dddfa9098d327d9559e82fceb2b1b1ca4b45c9e22b2de", 0xe3}, {&(0x7f0000000380)="c58cf2a0f0f863621a483b19e7ecfce0d34e53fbf2959272146847c314ac0cdfd79dc1815274c3ee57068b3793c243bc98585fab48eb353478689f452328afb023f75f93227bbe5a4aa3fea049ec0862c493e14eb44aacf27f9060bc2c826383c904750402dd05d1e8c3a549a06e280ca4eaf77b4aed57a0c5f6120d25a3d5121895638ec5e2e6", 0x87}, {&(0x7f0000000700)="15c84609b06c6d85a5ca6f3a9a242f214aee4e7093161b717090c0c852a05393abd8992d91576f57bbd3488e85d8456d6c6c09de5c5228ee18819665861f01a2823a7cfa8e9260a5fe3921638db2dc5156149f86916810f913a944e1c8cd7fccb63f37900c5b287016e512b050ca214125b2217260c9ce3019e88b80985402ff7ca34be17e0dbda4f028cec9973a2b9eed83eee86f35f2c0adf50a04296e99c0f709fb3990aa5d0e74a125971357630b6f3eb4fb4064c42c2b2519a1c77824df6f0653fb116149fcb5c7e46fce32b1de7f511951d4b1ae47781250afdb11680684c1d2854810a90dbe10016823346663fdf1df6200a0dc3cafe8ec225fda47", 0xff}, {&(0x7f0000000800)="3a0846cacd7448e2015cc9a09c5f5608265e1e0fe02aa9077d7ddd960ba112fe1c64f57cba71e7ad8bbdc06a3299398e39498fc459bc1745e3d21a7ca987a4f4b774fe331d20dab2e846a721ff43b0491dc4cb32e16330e0d7d520f4887da0d6f356f8ef230b9b2374095ca6f14a6d13e03375c7029e28592c419bfb8957ac024ba8dc90ab15427410b870f3035ff95146d6e29f9b56ac096281d2f2b249f20c9fdc3239f838acc6b3433571d3043d", 0xaf}, {&(0x7f0000000500)="8700144add194dc92e62bfdc1de91e98227f67410fae0aa2958eeb11856055f582d7ed3b9ca5bf48d2e97becf8673e1532a8", 0x32}, {&(0x7f00000008c0)="6aa7e221ef79afca996dde651fad6b8f1085c4567b3af29b90b3221f98f93ce7f8d32156d842e64f2dd8e9b969c22d076b5dbfb714449b009ff42ec0e2a2c1785d5129", 0x43}, {&(0x7f0000000080)="e94b02666c08000080", 0x9}], 0x9, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x2f}, @loopback}}}], 0x20}, 0x0) 5.385143554s ago: executing program 4 (id=164): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xd9, 0x72, 0xa4, 0x40, 0x20b7, 0x1540, 0xb75a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000017c0)={0x2c, &(0x7f0000001580)={0x0, 0x8, 0x1, "f2"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000e40)={0x34, &(0x7f0000000c00)={0x20, 0xb, 0x1, 'l'}, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000000)={0x5b, 0xa, 0x2, "3258c546dacc0400000000000000c40000000000000000000200", 0x34565559}) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000240)=@req3={0x9, 0x9, 0xfffffffc, 0xf, 0xfffffffb, 0x9, 0xfffffff8}, 0x1c) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = add_key(&(0x7f00000002c0)='cifs.spnego\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r6, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x4000000000000251, r5}) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={0x40, 0x21, 0x1, 0xf7}}) syz_usb_control_io$uac1(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44e}}}, &(0x7f0000000400)={0x44, &(0x7f0000000180)={0x0, 0x17, 0x33, "cdcbcbb2f1348495b8725765fd2c79bdfcdf471f41bead6d6245efea940c05366d6d200c0a655bafc22c33d16c47c0fb1fe4eb"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000480)={0x20, 0x81, 0x3, '\x00\x00\x00'}, &(0x7f00000002c0)={0x20, 0x82, 0x3, "e4e69b"}, &(0x7f0000000300)={0x20, 0x83, 0x3, "1b3d19"}, &(0x7f0000000340)={0x20, 0x84, 0x3, '\x00\x00\x00'}, &(0x7f0000000380)={0x20, 0x85, 0x3, "9c2852"}}) fsopen(&(0x7f00000003c0)='befs\x00', 0x1) (fail_nth: 10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r8 = memfd_create(&(0x7f00000003c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r8, 0xffff) fcntl$addseals(r8, 0x409, 0x7) ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f00000002c0)={r8, 0x0, 0x1000, 0x1000}) r9 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) close(r9) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x3800048, &(0x7f0000000640)=ANY=[@ANYBLOB, @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYBLOB='6']) 5.365565922s ago: executing program 3 (id=165): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xd, &(0x7f0000000500)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x22}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xd}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000001300)="e0e90947c50d85ff9782762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = io_uring_setup(0x77bb, &(0x7f00000000c0)={0x0, 0xd709, 0x2, 0xf7fffffe, 0x2000062}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) io_uring_enter(r2, 0x800000, 0x2, 0xf, &(0x7f0000000000)={[0x2000000]}, 0x18) io_uring_register$IORING_REGISTER_PROBE(r3, 0x8, &(0x7f0000000140)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x16) 5.264772914s ago: executing program 3 (id=166): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) socket$alg(0x26, 0x5, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x504}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xb) socket(0x11, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) socket$tipc(0x1e, 0x2, 0x0) memfd_create(&(0x7f0000000b00)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\v\x86\xca<\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeaeqEZ\x84E)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\x9b\xa6\f\xac(\x1b}B\xbe\x7f2\x11\x172W\x86\xc3\x9f\xc5*T\x1e^\xf7o\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xc4+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8h\xb9p2\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51[z\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\x87\xe0\x94\x98\xeb\x1f\xa2\xf0\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xd4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f7\xd5d\x99\xea\t\xa0,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x82\x10n1\xed\xba\xe3\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Q&\x1d\xa8\xea\x1c\xc3\x80\xf5\x9f\x88\x85\xcb\xa7%c\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\xff\xe9\xa0\r\tk\xda\xa4q(\x92\\\xb6\x14I\xf7\xe0z\xf10x0) syz_io_uring_setup(0x1864, &(0x7f00000003c0)={0x0, 0x4, 0x400, 0x1ffd, 0x10004, 0x0, r1}, &(0x7f00000002c0)=0x0, &(0x7f0000000040)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r1, 0x184c, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000000)={0x0, 0xb}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={r4, @in6={{0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x39}, 0x7}}, 0x1, 0x8, 0x5, 0xfffffffe, 0xd4, 0x4, 0x5}, 0x9c) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_GETOPTR(r0, 0x800c5012, &(0x7f0000000140)) 4.941130649s ago: executing program 3 (id=170): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000580)={0x0, 0x1, 0x0, &(0x7f0000000100)=""/47, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x2, 0x0, 0x0, &(0x7f0000000040)=""/99, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000016c0)) ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af00, &(0x7f0000000140)) r2 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000180)=r2) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000380)={0x1, r2}) userfaultfd(0x80001) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) setsockopt(0xffffffffffffffff, 0x1, 0x20, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@file={0x0, '.\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socketpair(0x1, 0x2, 0x0, &(0x7f0000000300)) 4.865960662s ago: executing program 0 (id=171): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x4008004}, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) pidfd_getfd(r3, 0xffffffffffffffff, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x2c}}, 0x4014080) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r1) syz_usb_control_io(r0, 0x0, 0x0) r6 = syz_usbip_server_init(0x4) syz_usb_connect(0x1, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208"], 0x0) write$usbip_server(r6, &(0x7f0000000200)=ANY=[@ANYRES64=r4, @ANYRES8=0x0, @ANYBLOB="0b29078bf95de95b9aa08fca84dc38f505db36398e0cb10568039bccd8fea2b3f1e36d200d8133b316ac5139e80e0398ff72ed70c1e795319eda9517c46a2b8b15356bcfeb714a0a26a46bf1de1491a2166dd2e62330a04285fb9c330d", @ANYRES16=r1, @ANYRESHEX=r5, @ANYRESOCT=r5], 0x30) syz_usb_ep_write(r0, 0x81, 0x8, &(0x7f0000000080)="0001000000000000") 4.825583311s ago: executing program 1 (id=172): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f00000001c0), 0x3ff, 0x191000) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x8924, 0x20001114) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000000f000/0x3000)=nil) shmctl$SHM_INFO(r2, 0xe, &(0x7f00000004c0)=""/86) io_uring_enter(0xffffffffffffffff, 0x40d9, 0x4000, 0x8, 0x0, 0x0) syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x40000000}, &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = socket$inet(0xa, 0x801, 0x84) connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r5, 0x8) r6 = accept4(r5, 0x0, 0x0, 0x0) sendto$inet(r6, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) sendmsg(r6, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000000000)="02", 0x1}], 0x1}, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x3}, 0x8) close(r6) r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r8 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) syz_memcpy_off$IO_URING_METADATA_FLAGS(r3, 0x114, &(0x7f00000000c0)=0x1, 0x0, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919580684010a405dd", 0x0, 0x241, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) ftruncate(r8, 0xffff) fcntl$addseals(r8, 0x409, 0x7) r9 = ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x1000}) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r9, 0x0, 0x0, 0x0, {0x414}, 0x1}) socket$inet_smc(0x2b, 0x1, 0x0) 3.828520548s ago: executing program 1 (id=174): sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[], 0x38}}, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) lseek(r1, 0x7fffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000080)=0x9, 0x6) writev(r0, &(0x7f0000000440)=[{&(0x7f0000000040)="93d90400000300", 0x7}, {&(0x7f0000000140)="139776ff030270", 0x7}], 0x5d) 3.797648231s ago: executing program 3 (id=175): r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 64) r2 = syz_open_dev$dmmidi(&(0x7f0000000200), 0x2, 0x8901) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r2, 0xc0245720, &(0x7f00000001c0)) (async, rerun: 64) sendmsg$NFT_BATCH(r1, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000007000)={&(0x7f0000000d80)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [], {0x14}}, 0x28}}, 0x0) (async, rerun: 64) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x68, 0x30, 0x829, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x6, 0x3, 0x20000000}}, @TCA_SKBEDIT_PRIORITY={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 3.691509524s ago: executing program 1 (id=176): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$cec(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0xc08c5335, &(0x7f0000000180)={0x1, 0x1, {0x1, 0x0, 0x9, 0x3}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000006c0)={0x2c, r3, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x2c}}, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r3, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}]}, @TIPC_NLA_NODE={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x8004}, 0x84) 3.614966009s ago: executing program 3 (id=178): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = dup(r0) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f00000002c0)={0x1, 0xfffffffe}, 0x8) shutdown(r1, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.kill\x00', 0x275a, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f00007fe000/0x800000)=nil) r3 = userfaultfd(0x80801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x1000}) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000140)={0x5, &(0x7f0000000000)=[{0x628, 0x2, 0x2, 0x7}, {0xd, 0x94, 0xa, 0xa}, {0x400, 0x93, 0x7, 0x80000001}, {0x3, 0x2, 0x10, 0xb4ca}, {0x6, 0x3, 0x5, 0xef}]}) r4 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r4, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000080)='cgroup.max.descendants\x00', 0x2, 0x0) write$cgroup_subtree(r6, &(0x7f0000000a00)=ANY=[@ANYRESOCT=r5], 0x9) readv(r6, &(0x7f0000000440)=[{&(0x7f00000000c0)=""/106, 0x6a}], 0x1) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x4, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000002000000000000000000008500000027000000850000000500000095000000000000001644ac29e83946cfc7968102c7dc48c4a4fbacec981fda152b00c5ebc7733d2ed95abd36a3211e2853579a66e749e3368079af8ecb3664", @ANYBLOB="cfe5d209f200e00af88dbaa2ee2dc71051360fd6bfbf4501d18a46eb0d273052312efbc93eaca48dda2105202a9dc834f57b9287f1775cf5da16dc4e1993768de6b0ce9075caeecf2bc55035a313cae2cf11285866158a73da923fe5c4cbe0b1a147018741299cd8668f6de3036de34fa9fe96f4a296a300bd"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x406, @void, @value}, 0x94) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r8 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) rmdir(&(0x7f0000000180)='./file0/../file0\x00') fchdir(r8) getcwd(0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0x1302, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_usb_connect(0x1, 0x3b, &(0x7f0000000400)=ANY=[@ANYRES64=r7], &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0xa, 0x0, r7, 0x8e2c, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x4, 0x0, @void, @value, @void, @value}, 0x50) 3.567398655s ago: executing program 1 (id=179): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x2, 0x7, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x2e) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), r1) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='kfree\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r0}, &(0x7f0000000080), &(0x7f0000000700)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r3}, &(0x7f0000000180), &(0x7f00000001c0)=r3}, 0x20) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20, 0x2909}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}]}}}, @IFLA_LINK={0x8, 0x5, r7}]}, 0x4c}}, 0x8000) r8 = syz_io_uring_setup(0x2, &(0x7f0000000080)={0x0, 0x0, 0x1046, 0x0, 0xfffffffd}, &(0x7f0000002500), &(0x7f0000002540)) io_uring_register$IORING_REGISTER_RESTRICTIONS(r8, 0xb, 0x0, 0x0) 3.553710153s ago: executing program 2 (id=180): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xe4, 0xe4, 0x6, [@enum={0x9, 0x7, 0x0, 0x6, 0x4, [{0xc, 0x6}, {0x8, 0x5}, {0xf, 0x101}, {0xb, 0x3}, {0xd, 0x4}, {0x5, 0xa16c}, {0xf, 0x1}]}, @ptr={0x8, 0x0, 0x0, 0x2, 0x2}, @struct={0x0, 0x8, 0x0, 0x4, 0x0, 0x9, [{0x6, 0x3, 0x3}, {0x2, 0x4, 0xfffffff8}, {0xc, 0x4, 0xa}, {0xb, 0x5, 0x7}, {0x6, 0x2, 0x4}, {0x3, 0x3, 0x9a6}, {0xe, 0x1, 0x8}, {0x1, 0x1, 0xe}]}, @var={0x9, 0x0, 0x0, 0xe, 0x1}, @volatile={0x7}, @fwd={0x7}]}, {0x0, [0x2e, 0x0, 0x0, 0x30]}}, &(0x7f00000003c0)=""/128, 0x102, 0x80, 0x1, 0x2, 0x10000, @value}, 0x28) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff00000000000000000000000000feff000000000000000000"], 0x50) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x20, &(0x7f0000000080)={&(0x7f00000001c0)=""/133, 0x85, 0x0, &(0x7f0000000280)=""/121, 0x79}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xe, 0x10, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x8, 0xfe00}, {0x7, 0x0, 0x8}, {}, {0x5}, {0x7, 0x0, 0x0, 0x0}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x1a}}]}, &(0x7f0000000040)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = dup3(r0, r0, 0x0) ioctl$HIDIOCGRDESCSIZE(r2, 0x80044801, &(0x7f0000000000)) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r2) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r3}, 0x18) prlimit64(0x0, 0xe, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) socket$inet6(0xa, 0x3, 0x8000000003c) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) 3.456029782s ago: executing program 2 (id=181): r0 = accept$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000100)={"e58b0f5f9483b6623103130250df2c17", 0x0, 0x0, {0xfffffffffffffffa, 0x11}, {0x2, 0x9}, 0x86, [0x3ff, 0x5, 0x0, 0xd, 0xc15, 0x7, 0xdca, 0x17d8, 0xc8df, 0x8, 0xfffffffffffffffd, 0x40, 0x200000008e, 0x7, 0x5, 0x4]}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x4000, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000300)={{0x1, 0x1, 0x18, r0, {0xfe4}}, './cgroup/../file0\x00'}) fsetxattr$security_ima(r1, &(0x7f00000004c0), &(0x7f0000000640)=@v2={0x5, 0x3, 0x0, 0x400, 0x78, "e5383ac4e1eb8ec02cb77aef6e00a1b7c86ef9967356cd06552eadd5d28b491d2bf9611521064d66812613922a3a0a21cd6104a137286048d720e771fdc10e2fe5a62655ff37734ddfb8b1cc36c5a9af102f41e77be9ff096adbc6aac5d2f807f05709889890790c5092b5bae4f36a3c14bdf680987a56cd"}, 0x81, 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7fffffff, 0x2}, 0x20) mknod(0x0, 0x8001420, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r2) syz_emit_ethernet(0x36, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) poll(0x0, 0x1d, 0x9) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0x8, 0x70, 0x40000}, 0x20) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="40000000100039040000000000000000000001005e268a2883912515192fbf7ceda399f74eee172d9592bc0c87b0912ae79d71c5dd50c3027e4200881e4898", @ANYRES32=0x0, @ANYBLOB="01980000000000002000128008000100677265001400028008000700ac141400060003003f0000"], 0x40}}, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000380)='./cgroup/../file0\x00', &(0x7f00000003c0), 0x8, &(0x7f0000000540)={[{@default_permissions}, {@index_on}, {@nfs_export_on}, {@metacopy_off}, {@verity_on}, {@volatile}], [{@smackfsdef={'smackfsdef', 0x3d, '/dev/cpu/#/msr\x00'}}]}) r7 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r7, 0x0, 0x484, &(0x7f0000000400)=""/173, &(0x7f0000000040)=0xad) socket$nl_route(0x10, 0x3, 0x0) 2.982009164s ago: executing program 2 (id=182): syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009980708b5192100c7980000000109021b00012000ac00090400000107000009090585cf"], 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xb, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r0}, 0x10) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2.664954264s ago: executing program 1 (id=183): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010200000000000000000000000014000780050014000700000008001240000500000900020073797a32000000000500010007000000110003006861"], 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040)) pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$KVM_GET_TSC_KHZ(r2, 0xaea3) 2.200582481s ago: executing program 4 (id=184): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1af"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$netlink(0x10, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x18) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local}) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000001080)=@nat={'nat\x00', 0x19, 0x1, 0x1b8, [0x20000080, 0x0, 0x0, 0x200000b0, 0x20000208], 0x6c, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000000000000000000000000000000300000000000000000000000000000000000000000000ffffffff0000000000000000b7650000065f18a00f8be51d4b0bc4a16dfc00007fffffff000000000000020000000000ffffffff0100000003000000000000000000726f736530020000000000000000000069705f767469300000000000000000fc68706464700100000000000000000000e318716c30000000f5ff00000000eddcaaaaaaaaaa00ffffff165e6e0000ffffffff000200000000000070000000f0000000280100003830325f3300000000000000003f000000000000000000000000000000bf0600080000000000000000000180004000006e6661634f6c00000000fbfaffffffffffffff0000000000000000bbf9000000280000000000000073797a3100006de00aa91eb21ad80000"]}, 0x1b0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, &(0x7f0000000040)={0x0, [[0x8, 0x0, 0xfffffffd, 0x800000], [0x8, 0x500, 0x2e41ca38], [0x7, 0x0, 0xffffffff, 0x0, 0x9, 0x0, 0x0, 0x281]], '\x00', [{0x2, 0x80003}, {0x0, 0x3}, {}, {0x1000, 0x1, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffc}], '\x00', 0x0, 0x0, 0x0, 0x500}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x0, &(0x7f00000000c0)}) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$nl_generic(0x10, 0x3, 0x10) r6 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f0000000080)=0x200000000) preadv(r7, &(0x7f0000000600)=[{&(0x7f0000000280)=""/117, 0x75}], 0x1, 0x0, 0x0) 1.765529981s ago: executing program 0 (id=185): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) r2 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r2, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0) close(0xffffffffffffffff) io_setup(0x3f, &(0x7f0000000140)) r3 = timerfd_create(0x0, 0x0) ioctl$TFD_IOC_SET_TICKS(r3, 0x40085400, &(0x7f0000000000)=0x3) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r4}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00_^4,\x00'/23, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 1.592866029s ago: executing program 2 (id=186): r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @host}, 0x10) listen(r0, 0x0) ioctl$sock_SIOCOUTQ(r0, 0x5411, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000400), r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$sock(r0, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="87e458baf35963a84224ff9c86ac74729a8180c8fba89a84aca845d9c1f10f17cdde9ca36fb09bb67af563acbe52cc75bb146f65980c3baff62c82a3cfb8edf86ad46104c64d94df54b4043ec8f54c40093774b11882b8d2d17ac02f4e6cf9", 0x5f}], 0x1}}, {{&(0x7f0000000180)=@can, 0x80, &(0x7f0000000540)=[{&(0x7f0000000200)="b3e37666fa4c4948bd51e8e030ac2ffab57e20f454a734c7e71fea91b07b6f4ea2e73b8e51e9839abceea82c6e7de95d6f2857078bb56f76ea02c98150388af223f19bfc255c477f17e57442afa4bff7044ffcc6210be7b63dfdb54d5ad4ed337fc3c2423f540f57492d500cb830447024fb1210d7660b58df3eafa37fc1c1e2c46a610e73c6289e65034444ca14c9be7a5dec6ec05b3fa8f974357933d8f04be0b800adab121daa6a8a8743f29131cfb58cf8819d77a3d180b844d4b490295090136b95", 0xc4}, {&(0x7f0000000300)="72f7f317e451653faa9b3ff95c1de81f7a3a56331dc541b8fe06da2b2eae86409cb39f4cefc762b5957b468eeabb4d461af3edf3901052f3e656db9fa761cbdc10cca4d63e291f581cd7a56044204cb5265a7a9edb6142505513dfb03a444ba26b68999bd6e23b61ab33ecf7fec67a39913bded92d9a00b10a06f7ca761696f923ad2dfd8067623a2e3d72cc079b6a097d749bcccae0342bf20f812f3a0be174d86b7b10b06972d497cfef6c8206e2dabe6d46b0e51ce3037e6855c2b25e16abb79d9d88d410154ee47a5861c00abc7ff63cfafc8aae1db34d54a3423ca07ff02d98", 0xe2}, {&(0x7f0000000400)}, {&(0x7f0000000440)="7badd32506613d43e3d45baa642c2dbdc60ad1a8af059a2f845b7b0aa9c86663c07d24fa7418550fc758eaf0ae378ff49804ebce3c33d1fd333a392e6fb7921069ed37f7c48d366b9856a6f9b0980a87b43102f2025c55cfc7e2ef958d15bcfa39c017ccafbf2fa978b33b5571f5a315bcc895f72cb9db61248bf286da8b576ed2f9e2989e33ae20036f2fe630b637f065e9fbe1443ed0b2ae43536092006c7b723a5564c3440f4370a48578c7785427ee11b3d9c754e4b3c7cf5d7cfd760f2ee1712f7584e240a85bf7560dc02cd9c1767e0a7dbd6b897d97ad15731e63064073a6bf5d4e67", 0xe6}], 0x4, &(0x7f0000000580)=[@txtime={{0x18, 0x1, 0x3d, 0x2}}, @timestamping={{0x14, 0x1, 0x25, 0x2}}, @mark={{0x14, 0x1, 0x24, 0x400}}, @mark={{0x14, 0x1, 0x24, 0x9}}, @mark={{0x14, 0x1, 0x24, 0x1}}, @mark={{0x14, 0x1, 0x24, 0xfff}}], 0x90}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000640)="16655b70958d1124676395719de2c11de1801511f20ec20a1e896a8a49272adf336e3a40f474cb9c2ebbc3014d6ff6f05a8f97727af6a76fb26247a8def021ede4a2d6abe1d523deeaeb42c9d93d412a838f7a00264f7f27c34a1e3e0c8b4c2bac7087a2a1a06ccb20a6d7344eb0fb", 0x6f}], 0x1}}], 0x3, 0x40000) ioctl$SIOCSIFHWADDR(r2, 0x89f1, &(0x7f0000000040)={'veth0_virt_wifi\x00', @multicast}) 903.071032ms ago: executing program 2 (id=187): r0 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r0, 0xffff) fcntl$addseals(r0, 0x409, 0x7) ftruncate(r0, 0x600) r1 = socket$inet(0x2, 0x2, 0x1) r2 = msgget$private(0x0, 0x214) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r4) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/protocols\x00') preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000480)=""/187, 0x10d}], 0x1, 0x76, 0x0) msgsnd(r2, &(0x7f0000000980)=ANY=[@ANYBLOB="03"], 0x401, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r8, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r7, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x26) msgctl$IPC_SET(r2, 0x1, &(0x7f0000000040)={{0x2, r4, r5, 0x0, r5, 0x82, 0x2}, 0x0, 0x0, 0x3, 0x9c84, 0x1, 0x0, 0x0, 0xfffc, 0x1b}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000540)={0x0, 0xbf, "7b854f08c755ec23bede6794f04d2a0a4d4bf68563a2fcb823c39f0f29a2ed6fe259951d68ac86574055a6c57234b8d5fa3c7ae7e11fb386970d0578727332f139bd162934ae4979db027305ca9018dbbe5e8dfd121c5bb1ccc0ae42f2d60473cf3f0c40c1cdc79d454bd4b345ebdf80cd72deb3cf4cd429219ffefb0951c51c60d2875602028f90a1289ce93839c116e4fe52616c93261ba134b5d4bbf568a5e329be14fb6c372ab537f2d450fcaeffe3f79138300878b6e216e0876f3ee9"}, &(0x7f00000001c0)=0xc7) setsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000200)=@assoc_value={r9}, 0x8) msgctl$IPC_RMID(r2, 0x0) rt_sigprocmask(0x0, &(0x7f00000000c0)={[0x5]}, &(0x7f0000000180), 0x8) r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r10, 0x3b81, &(0x7f00000011c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r10, 0x3b82, &(0x7f0000000100)={0x18, r11, 0x3, 0x0, &(0x7f00000002c0)=[{0x8000000000000000, 0xefffffffffff7ffe}, {0x10001, 0x8000000000dbd}, {0x5, 0x8c6}]}) sendmsg$inet(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000400)='\b', 0x1}, {&(0x7f0000000040)="000000070020ac", 0x7}], 0x2}, 0x40) 845.521975ms ago: executing program 4 (id=188): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000040)={0x4}) bind$alg(0xffffffffffffffff, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) msgget(0x3, 0x710) msgget(0x2, 0x624) msgget(0x1, 0x240) msgctl$IPC_RMID(0x0, 0x0) msgget(0x0, 0x200) 783.293264ms ago: executing program 0 (id=189): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) inotify_init() r0 = gettid() futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0xf5) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) tkill(r0, 0x7) 695.731967ms ago: executing program 4 (id=190): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = socket$unix(0x1, 0x5, 0x0) r2 = dup2(r1, r0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) r4 = fcntl$dupfd(r3, 0x406, r3) ioctl$TCFLSH(r4, 0x400455c8, 0x20000000009) close_range(r2, 0xffffffffffffffff, 0x200000000000000) 670.867496ms ago: executing program 0 (id=191): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000240)={0x1}) syz_usb_connect(0x0, 0x24, &(0x7f0000000a80)=ANY=[@ANYBLOB="32010000e01249205c0a17bdac62ff07030109021200010000"], 0x0) ioctl$KVM_X86_SET_MCE(r3, 0x4040ae9e, &(0x7f0000000040)={0x4100000000000000, 0x0, 0xe3, 0x8, 0x1c}) r4 = accept4(r0, 0x0, 0x0, 0x0) ioctl$int_in(r4, 0x5452, &(0x7f0000000280)=0x75) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r4) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r7 = accept4(r6, 0x0, 0x0, 0x0) ioctl$int_in(r7, 0x5452, &(0x7f0000000280)=0x75) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r7) sendmsg$IPVS_CMD_GET_DEST(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x14, r8, 0x2, 0xc, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x4008000) sendmsg$IPVS_CMD_GET_DEST(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x14, r5, 0x2, 0xc, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x4008000) 657.607423ms ago: executing program 2 (id=192): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1f10}}, @var={0xa, 0x0, 0x0, 0xe, 0x1, 0x1}]}, {0x0, [0x0, 0x61]}}, &(0x7f0000003000)=""/4128, 0x44, 0x1020, 0x1, 0x0, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00'}) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f00000003c0)=0xf3e, 0x4) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5) sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="8a0023010000340200000200000008000100", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r5) 272.673743ms ago: executing program 3 (id=193): syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x34, 0xa0, 0x7, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0xda, {{0x5}, {0x5, 0x24, 0x0, 0x1000}, {0xd, 0x24, 0xf, 0x1, 0xb74a, 0x2, 0x8, 0x4}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x43, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x1, 0xbf, 0x6}}}}}]}}]}}, &(0x7f00000004c0)={0x0, 0x0, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="000f08"]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @printk={@lli, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0x10, 0x10, &(0x7f0000000080)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x30) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000000c300)=""/102400, 0x19000) socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0x4000000) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r4, 0x50009404, &(0x7f0000000140)) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_DQEVENT(r5, 0x80885659, 0x0) ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f00000000c0)=0x3) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'fo\x00', 0x1b, 0x8a, 0x4000069}, 0x2c) syz_usb_connect$printer(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x64, 0xd0, 0xf, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x7, 0x1, 0x3, 0x68, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0xff, 0x58}}, [{{0x9, 0x5, 0x82, 0x2, 0x400, 0x3f, 0x2, 0x9}}]}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x310, 0xf9, 0x8, 0x6, 0x40, 0x2}, 0x83, &(0x7f0000000140)={0x5, 0xf, 0x83, 0x4, [@ss_container_id={0x14, 0x10, 0x4, 0x1, "99a27f1c609ed3871a082b5612a90d23"}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "052d6f49710ccfcd571853005b77c418"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x5, 0x9, 0xffc}, @generic={0x4c, 0x10, 0xa, "3e6a5f03b12213f6b5aed20aee4a465b65a67e7c14fbc7941a9720b59393e6ed104e5e640a3338a49acd8324208226dcfe97600b8e9eae2b5bffec06e645c1925736fef593fdd40e0c"}]}, 0x2, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x415}}, {0xeb, &(0x7f0000000240)=@string={0xeb, 0x3, "27a26a460f107b6aaa1b7a0ed22a0e2c1f657ee622112626cf94e1ed430cedeb4a46499a1e2248fde99133a073fdcdc7bda20a1c7850bbae65bdea677850ce95a7dfb1d84820ba975cf3f2e071f934f1e0e19615ead00fa69daf863ebcc6224dbdb4b289c325d9ea1985fdf4b6df06bfcc76620fa15ed8c366a50aa354aeaffce2a0859226383c81b900db591a188256bb3a2358e1c563ef042d79efa74260255b1aa3e5b834f074883b74d368f9257c7be79cce1f78d8eddaad2fdb5e3640b78415007330bfcde8e10782fe57251334aaee05104ad2b057f4ac289c7fc3e52e713b587664ba0f59ca"}}]}) 0s ago: executing program 1 (id=194): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x3}, &(0x7f00000003c0)=0x0, &(0x7f0000000280)=0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r3}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8905, &(0x7f0000000900)={'wlan1\x00', @random="00000020fdfd"}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, 0x0, 0x0) r6 = syz_io_uring_setup(0x31e2, &(0x7f0000000080)={0x0, 0xfffffffe, 0x10100, 0xfffffffe}, &(0x7f0000000000), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r6, 0x18, &(0x7f0000000100)={0x6, r6, 0x2, {0x2, 0x1}, 0xa9}, 0x1) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000340), 0x141842, 0x0) ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f0000000380)) writev(r7, &(0x7f0000000040)=[{&(0x7f0000000000)="b2ff", 0x2}], 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.45' (ED25519) to the list of known hosts. [ 51.016463][ T29] audit: type=1400 audit(1733971493.273:88): avc: denied { mounton } for pid=5801 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 51.020445][ T5801] cgroup: Unknown subsys name 'net' [ 51.039223][ T29] audit: type=1400 audit(1733971493.273:89): avc: denied { mount } for pid=5801 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 51.066641][ T29] audit: type=1400 audit(1733971493.313:90): avc: denied { unmount } for pid=5801 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 51.172720][ T5801] cgroup: Unknown subsys name 'cpuset' [ 51.179869][ T5801] cgroup: Unknown subsys name 'rlimit' [ 51.312243][ T29] audit: type=1400 audit(1733971493.573:91): avc: denied { setattr } for pid=5801 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 51.341689][ T29] audit: type=1400 audit(1733971493.573:92): avc: denied { create } for pid=5801 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 51.363680][ T29] audit: type=1400 audit(1733971493.573:93): avc: denied { write } for pid=5801 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 51.386184][ T5803] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 51.386671][ T29] audit: type=1400 audit(1733971493.573:94): avc: denied { read } for pid=5801 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 51.415309][ T29] audit: type=1400 audit(1733971493.583:95): avc: denied { mounton } for pid=5801 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 51.440405][ T29] audit: type=1400 audit(1733971493.583:96): avc: denied { mount } for pid=5801 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 51.465204][ T29] audit: type=1400 audit(1733971493.613:97): avc: denied { read } for pid=5483 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 52.243483][ T5801] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 56.869974][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 56.869990][ T29] audit: type=1400 audit(1733971499.123:103): avc: denied { create } for pid=5811 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 56.896985][ T29] audit: type=1400 audit(1733971499.123:104): avc: denied { read write } for pid=5811 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 56.922116][ T29] audit: type=1400 audit(1733971499.123:105): avc: denied { open } for pid=5811 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 56.946835][ T29] audit: type=1400 audit(1733971499.133:106): avc: denied { ioctl } for pid=5811 comm="syz-executor" path="socket:[5340]" dev="sockfs" ino=5340 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 57.016458][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.016458][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 57.030778][ T5827] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 57.031722][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 57.040030][ T5827] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.046282][ T5826] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 57.056031][ T5828] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 57.059815][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 57.066468][ T5827] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.073968][ T5826] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 57.088370][ T5830] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 57.096702][ T5826] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 57.099355][ T5829] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 57.104430][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 57.111997][ T5827] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.118411][ T5830] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 57.125884][ T5827] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 57.132704][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 57.138882][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 57.147113][ T5830] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 57.154769][ T5826] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 57.160027][ T5830] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 57.166168][ T5827] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 57.175796][ T5830] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 57.187246][ T29] audit: type=1400 audit(1733971499.443:107): avc: denied { read } for pid=5811 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 57.190331][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 57.211488][ T5830] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 57.223003][ T5826] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 57.223636][ T5819] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 57.238153][ T5827] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 57.246176][ T29] audit: type=1400 audit(1733971499.443:108): avc: denied { open } for pid=5811 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 57.248368][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 57.298893][ T29] audit: type=1400 audit(1733971499.443:109): avc: denied { mounton } for pid=5811 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 57.464037][ T29] audit: type=1400 audit(1733971499.723:110): avc: denied { module_request } for pid=5824 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 57.536311][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 57.549120][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 57.605114][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 57.696321][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.704663][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.711991][ T5824] bridge_slave_0: entered allmulticast mode [ 57.718404][ T5824] bridge_slave_0: entered promiscuous mode [ 57.725696][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.733185][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.740472][ T5811] bridge_slave_0: entered allmulticast mode [ 57.746838][ T5811] bridge_slave_0: entered promiscuous mode [ 57.755504][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.762606][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.769717][ T5811] bridge_slave_1: entered allmulticast mode [ 57.776531][ T5811] bridge_slave_1: entered promiscuous mode [ 57.788496][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.796742][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.803865][ T5812] bridge_slave_0: entered allmulticast mode [ 57.811454][ T5812] bridge_slave_0: entered promiscuous mode [ 57.819068][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.826494][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.833894][ T5824] bridge_slave_1: entered allmulticast mode [ 57.840815][ T5824] bridge_slave_1: entered promiscuous mode [ 57.847254][ T5815] chnl_net:caif_netlink_parms(): no params data found [ 57.864867][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.872644][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.879696][ T5812] bridge_slave_1: entered allmulticast mode [ 57.886586][ T5812] bridge_slave_1: entered promiscuous mode [ 57.914187][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.924614][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.935457][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.946517][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 57.957367][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.975284][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.995997][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.036581][ T5811] team0: Port device team_slave_0 added [ 58.056863][ T5824] team0: Port device team_slave_0 added [ 58.064508][ T5811] team0: Port device team_slave_1 added [ 58.082927][ T5812] team0: Port device team_slave_0 added [ 58.095672][ T5824] team0: Port device team_slave_1 added [ 58.110984][ T5812] team0: Port device team_slave_1 added [ 58.116721][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.124683][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.134394][ T5821] bridge_slave_0: entered allmulticast mode [ 58.140911][ T5821] bridge_slave_0: entered promiscuous mode [ 58.147329][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.154471][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.161631][ T5815] bridge_slave_0: entered allmulticast mode [ 58.167953][ T5815] bridge_slave_0: entered promiscuous mode [ 58.178968][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.185945][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.211868][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.227862][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.235008][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.242202][ T5821] bridge_slave_1: entered allmulticast mode [ 58.248742][ T5821] bridge_slave_1: entered promiscuous mode [ 58.255020][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.262223][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.269297][ T5815] bridge_slave_1: entered allmulticast mode [ 58.275913][ T5815] bridge_slave_1: entered promiscuous mode [ 58.291736][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.298678][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.325012][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.356873][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.366702][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.374291][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.400526][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.413218][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.420320][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.446440][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.460210][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.467148][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.493532][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.505770][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.515861][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.549208][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.556361][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.582899][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.594807][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.613993][ T5815] team0: Port device team_slave_0 added [ 58.640862][ T5815] team0: Port device team_slave_1 added [ 58.655813][ T5811] hsr_slave_0: entered promiscuous mode [ 58.662020][ T5811] hsr_slave_1: entered promiscuous mode [ 58.669729][ T5821] team0: Port device team_slave_0 added [ 58.688172][ T5824] hsr_slave_0: entered promiscuous mode [ 58.694328][ T5824] hsr_slave_1: entered promiscuous mode [ 58.700764][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.708462][ T5824] Cannot create hsr debugfs directory [ 58.729775][ T5821] team0: Port device team_slave_1 added [ 58.735804][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.742966][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.768905][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.797789][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.804816][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.830721][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.852264][ T5812] hsr_slave_0: entered promiscuous mode [ 58.858237][ T5812] hsr_slave_1: entered promiscuous mode [ 58.866307][ T5812] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.873966][ T5812] Cannot create hsr debugfs directory [ 58.916287][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.925450][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.952484][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.978165][ T5815] hsr_slave_0: entered promiscuous mode [ 58.984167][ T5815] hsr_slave_1: entered promiscuous mode [ 58.992133][ T5815] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.999663][ T5815] Cannot create hsr debugfs directory [ 59.005639][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.014663][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.040982][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.120180][ T5821] hsr_slave_0: entered promiscuous mode [ 59.126160][ T5821] hsr_slave_1: entered promiscuous mode [ 59.132221][ T5821] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 59.139746][ T5821] Cannot create hsr debugfs directory [ 59.190391][ T5819] Bluetooth: hci0: command tx timeout [ 59.269812][ T5812] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 59.278983][ T5812] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 59.285694][ T5819] Bluetooth: hci3: command tx timeout [ 59.303434][ T5812] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 59.312552][ T5812] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.340504][ T5811] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 59.350666][ T5819] Bluetooth: hci4: command tx timeout [ 59.350849][ T55] Bluetooth: hci2: command tx timeout [ 59.356122][ T5822] Bluetooth: hci1: command tx timeout [ 59.382584][ T5811] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 59.406077][ T5824] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 59.418118][ T5811] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 59.427984][ T5811] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 59.450158][ T5824] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 59.471217][ T5824] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 59.479696][ T5824] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 59.513751][ T5815] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.524641][ T5815] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.535777][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.553423][ T5815] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.575589][ T5815] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.615376][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.626338][ T5821] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 59.636883][ T5821] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 59.645359][ T5821] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 59.667938][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.675135][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.693446][ T5821] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 59.719368][ T2937] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.726452][ T2937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.739484][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.782436][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.802741][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.809805][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.829737][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.848790][ T3919] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.855899][ T3919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.876305][ T5812] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.898935][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.935789][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.953630][ T2937] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.960709][ T2937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.982185][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.991484][ T29] audit: type=1400 audit(1733971502.253:111): avc: denied { sys_module } for pid=5812 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 60.028869][ T5815] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.056753][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.067373][ T2937] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.074954][ T2937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.093533][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.100621][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.154679][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.161793][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.173239][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.180336][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.190774][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.197829][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.234437][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.245590][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.342028][ T5811] veth0_vlan: entered promiscuous mode [ 60.372992][ T5811] veth1_vlan: entered promiscuous mode [ 60.393713][ T5812] veth0_vlan: entered promiscuous mode [ 60.423293][ T5812] veth1_vlan: entered promiscuous mode [ 60.442292][ T5811] veth0_macvtap: entered promiscuous mode [ 60.466350][ T5811] veth1_macvtap: entered promiscuous mode [ 60.511197][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.536022][ T5812] veth0_macvtap: entered promiscuous mode [ 60.552236][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.561631][ T5811] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.570954][ T5811] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.579633][ T5811] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.588638][ T5811] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.612511][ T5812] veth1_macvtap: entered promiscuous mode [ 60.628940][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.651557][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.693728][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 60.705431][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.723291][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.731754][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.756334][ T5824] veth0_vlan: entered promiscuous mode [ 60.765477][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 60.777083][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 60.787696][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.808325][ T3919] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.821718][ T5812] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.834591][ T3919] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.837073][ T5812] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.851371][ T5812] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.860521][ T5812] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.874277][ T5824] veth1_vlan: entered promiscuous mode [ 60.938127][ T5824] veth0_macvtap: entered promiscuous mode [ 60.947743][ T5824] veth1_macvtap: entered promiscuous mode [ 60.964788][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.973412][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.976372][ T5815] veth0_vlan: entered promiscuous mode [ 61.001292][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.011951][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.022184][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.033383][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.044100][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.055392][ T29] audit: type=1400 audit(1733971503.313:112): avc: denied { mounton } for pid=5811 comm="syz-executor" path="/root/syzkaller.gI3DjG/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 61.092033][ T5815] veth1_vlan: entered promiscuous mode [ 61.109322][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.120940][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.131295][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.134679][ T5811] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 61.142256][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.167821][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.186435][ T5815] veth0_macvtap: entered promiscuous mode [ 61.218136][ T5821] veth0_vlan: entered promiscuous mode [ 61.227971][ T5821] veth1_vlan: entered promiscuous mode [ 61.248057][ T5821] veth0_macvtap: entered promiscuous mode [ 61.259379][ T5815] veth1_macvtap: entered promiscuous mode [ 61.275703][ T5822] Bluetooth: hci0: command tx timeout [ 61.284668][ T3919] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.295021][ T5821] veth1_macvtap: entered promiscuous mode [ 61.306336][ T5824] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.317467][ T5824] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.328113][ T3919] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.336482][ T5824] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.349850][ T5824] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.384541][ T5822] Bluetooth: hci3: command tx timeout [ 61.431273][ T5822] Bluetooth: hci1: command tx timeout [ 61.437070][ T5822] Bluetooth: hci4: command tx timeout [ 61.444541][ T5822] Bluetooth: hci2: command tx timeout [ 61.455471][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.467497][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.484822][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.499323][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.518774][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.535560][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.546719][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.586359][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.607825][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.619616][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.636292][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.646758][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.657557][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.667434][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.678610][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.691626][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.708485][ T1227] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.716576][ T1227] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.720454][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.761740][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.785128][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.795648][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.805570][ T5821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.816011][ T5821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.826382][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.834099][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.845451][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.855550][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.866304][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.876245][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.887032][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.897166][ T5815] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.907739][ T5815] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.918341][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.936114][ T29] kauditd_printk_skb: 21 callbacks suppressed [ 61.936128][ T29] audit: type=1400 audit(1733971504.193:134): avc: denied { mounton } for pid=5812 comm="syz-executor" path="/root/syzkaller.pWPIpj/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 61.937290][ T5821] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.993916][ T5821] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.005571][ T29] audit: type=1400 audit(1733971504.263:135): avc: denied { read } for pid=5899 comm="syz.3.7" name="mISDNtimer" dev="devtmpfs" ino=1269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 62.028540][ T5821] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.038057][ T5821] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.041407][ T5900] Bluetooth: MGMT ver 1.23 [ 62.046970][ T29] audit: type=1400 audit(1733971504.263:136): avc: denied { open } for pid=5899 comm="syz.3.7" path="/dev/mISDNtimer" dev="devtmpfs" ino=1269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 62.076621][ T5815] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.085942][ T5815] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.094937][ T5815] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.104597][ T29] audit: type=1400 audit(1733971504.263:137): avc: denied { perfmon } for pid=5899 comm="syz.3.7" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 62.110071][ T5815] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.126056][ T29] audit: type=1400 audit(1733971504.263:138): avc: denied { prog_run } for pid=5899 comm="syz.3.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 62.138001][ T5901] netlink: 100 bytes leftover after parsing attributes in process `syz.3.7'. [ 62.152855][ T29] audit: type=1400 audit(1733971504.303:139): avc: denied { bind } for pid=5899 comm="syz.3.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.265663][ T29] audit: type=1400 audit(1733971504.303:140): avc: denied { write } for pid=5899 comm="syz.3.7" path="socket:[7296]" dev="sockfs" ino=7296 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.299504][ T29] audit: type=1400 audit(1733971504.313:141): avc: denied { create } for pid=5899 comm="syz.3.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 62.333258][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.349903][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.357972][ T29] audit: type=1400 audit(1733971504.313:142): avc: denied { ioctl } for pid=5899 comm="syz.3.7" path="socket:[7299]" dev="sockfs" ino=7299 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 62.384092][ T5907] syz.3.8 uses obsolete (PF_INET,SOCK_PACKET) [ 62.397729][ T29] audit: type=1400 audit(1733971504.403:143): avc: denied { write } for pid=5899 comm="syz.3.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 62.429532][ T5909] netlink: 'syz.1.9': attribute type 4 has an invalid length. [ 62.458487][ T5909] netlink: 'syz.1.9': attribute type 4 has an invalid length. [ 62.465490][ T1227] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.476067][ T1227] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.560422][ T3919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.576750][ T3919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.588946][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.651928][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.664634][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.672654][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.771499][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.792792][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.974995][ T5914] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 63.086313][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 63.190776][ T5914] usb 4-1: Using ep0 maxpacket: 8 [ 63.192555][ T5927] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5'. [ 63.200750][ T5914] usb 4-1: New USB device found, idVendor=0830, idProduct=0080, bcdDevice=46.ac [ 63.248736][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.262619][ T5927] cgroup: Unknown subsys name 'euid<00000000000000000000' [ 63.369428][ T5819] Bluetooth: hci0: command tx timeout [ 63.407179][ T5914] usb 4-1: Product: syz [ 63.411662][ T5914] usb 4-1: Manufacturer: syz [ 63.416317][ T5914] usb 4-1: SerialNumber: syz [ 63.430544][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 63.430571][ T5819] Bluetooth: hci3: command tx timeout [ 63.450171][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 63.458627][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 63.464937][ T5914] usb 4-1: config 0 descriptor?? [ 63.474896][ T5930] FAULT_INJECTION: forcing a failure. [ 63.474896][ T5930] name failslab, interval 1, probability 0, space 0, times 1 [ 63.478902][ T5914] kl5kusb105 4-1:0.0: KL5KUSB105D / PalmConnect converter detected [ 63.487662][ T5930] CPU: 0 UID: 0 PID: 5930 Comm: syz.4.5 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 63.505970][ T5930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 63.516024][ T5930] Call Trace: [ 63.519279][ T5930] [ 63.522188][ T5930] dump_stack_lvl+0x16c/0x1f0 [ 63.526862][ T5930] should_fail_ex+0x497/0x5b0 [ 63.531519][ T5930] ? fs_reclaim_acquire+0xae/0x150 [ 63.536609][ T5930] should_failslab+0xc2/0x120 [ 63.541261][ T5930] __kmalloc_cache_noprof+0x68/0x410 [ 63.546520][ T5930] ? trace_lock_acquire+0x14e/0x1f0 [ 63.551702][ T5930] open_substream+0xec/0x9b0 [ 63.556272][ T5930] ? lockdep_hardirqs_on+0x7c/0x110 [ 63.561444][ T5930] rawmidi_open_priv+0x542/0x6e0 [ 63.566534][ T5930] snd_rawmidi_open+0x4bf/0xbd0 [ 63.571362][ T5930] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 63.576708][ T5930] ? __pfx_default_wake_function+0x10/0x10 [ 63.582508][ T5930] ? do_raw_spin_lock+0x12d/0x2c0 [ 63.587515][ T5930] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 63.592870][ T5930] snd_open+0x1fe/0x450 [ 63.597006][ T5930] ? __pfx_snd_open+0x10/0x10 [ 63.601659][ T5930] chrdev_open+0x237/0x6a0 [ 63.606050][ T5930] ? __pfx_chrdev_open+0x10/0x10 [ 63.610976][ T5930] do_dentry_open+0xf59/0x1ea0 [ 63.615725][ T5930] ? __pfx_chrdev_open+0x10/0x10 [ 63.620657][ T5930] vfs_open+0x82/0x3f0 [ 63.624703][ T5930] ? may_open+0x1f2/0x400 [ 63.629023][ T5930] path_openat+0x1e6a/0x2d60 [ 63.633599][ T5930] ? __pfx_path_openat+0x10/0x10 [ 63.638510][ T5930] ? __pfx___lock_acquire+0x10/0x10 [ 63.643697][ T5930] ? lock_acquire.part.0+0x11b/0x380 [ 63.648972][ T5930] ? find_held_lock+0x2d/0x110 [ 63.653719][ T5930] do_filp_open+0x20c/0x470 [ 63.658201][ T5930] ? __pfx_do_filp_open+0x10/0x10 [ 63.663212][ T5930] ? find_held_lock+0x2d/0x110 [ 63.667964][ T5930] ? alloc_fd+0x41f/0x760 [ 63.672272][ T5930] do_sys_openat2+0x17a/0x1e0 [ 63.676923][ T5930] ? __pfx_do_sys_openat2+0x10/0x10 [ 63.682096][ T5930] ? do_user_addr_fault+0xe50/0x13f0 [ 63.687363][ T5930] ? __pfx_lock_release+0x10/0x10 [ 63.692365][ T5930] __x64_sys_openat+0x175/0x210 [ 63.697193][ T5930] ? __pfx___x64_sys_openat+0x10/0x10 [ 63.702544][ T5930] ? do_user_addr_fault+0x83d/0x13f0 [ 63.707816][ T5930] do_syscall_64+0xcd/0x250 [ 63.712304][ T5930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.718177][ T5930] RIP: 0033:0x7f1b1d37e880 [ 63.722574][ T5930] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 63.742167][ T5930] RSP: 002b:00007f1b1e212b90 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 63.750569][ T5930] RAX: ffffffffffffffda RBX: 0000000000141101 RCX: 00007f1b1d37e880 [ 63.758521][ T5930] RDX: 0000000000141101 RSI: 00007f1b1e212c30 RDI: 00000000ffffff9c [ 63.766467][ T5930] RBP: 00007f1b1e212c30 R08: 0000000000000000 R09: 0000000000000000 [ 63.774412][ T5930] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 63.782362][ T5930] R13: 0000000000000000 R14: 00007f1b1d546160 R15: 00007ffd3c46e4d8 [ 63.790329][ T5930] [ 63.794698][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 63.806210][ T5819] Bluetooth: hci2: command tx timeout [ 63.830548][ T5819] Bluetooth: hci4: command tx timeout [ 63.835953][ T5819] Bluetooth: hci1: command tx timeout [ 63.851099][ T5914] usb 4-1: KL5KUSB105D / PalmConnect converter now attached to ttyUSB0 [ 63.859800][ T5913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 63.875396][ T5913] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 63.894514][ T5913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 63.918710][ T5913] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 63.928745][ T5909] syz.1.9 (5909) used greatest stack depth: 21184 bytes left [ 64.034918][ T5914] usb 4-1: USB disconnect, device number 2 [ 64.043848][ T5914] kl5kusb105d ttyUSB0: KL5KUSB105D / PalmConnect converter now disconnected from ttyUSB0 [ 64.054334][ T5914] kl5kusb105 4-1:0.0: device disconnected [ 64.210210][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 64.218918][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 64.510516][ T5914] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 64.694108][ T5914] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 64.713506][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 64.752419][ T5914] usb 4-1: Product: syz [ 64.770190][ T5914] usb 4-1: Manufacturer: syz [ 64.781222][ T5914] usb 4-1: SerialNumber: syz [ 64.794707][ T5914] usb 4-1: config 0 descriptor?? [ 65.110350][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 65.169973][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 65.233949][ T5966] binder: BINDER_SET_CONTEXT_MGR already set [ 65.240566][ T5966] binder: 5958:5966 ioctl 4018620d 20004a80 returned -16 [ 65.360873][ T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!! [ 65.567529][ T5819] Bluetooth: hci0: command tx timeout [ 65.567540][ T55] Bluetooth: hci3: command tx timeout [ 65.698325][ T5972] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 65.910484][ T5819] Bluetooth: hci4: command tx timeout [ 65.914882][ T55] Bluetooth: hci1: command tx timeout [ 65.916243][ T5822] Bluetooth: hci2: command tx timeout [ 65.930096][ T48] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 65.990927][ T5989] openvswitch: netlink: VXLAN extension message has 2 unknown bytes. [ 66.101662][ T48] usb 2-1: Using ep0 maxpacket: 16 [ 66.111741][ T48] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 66.128161][ T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 66.148053][ T48] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 66.159519][ T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.171063][ T48] usb 2-1: Product: syz [ 66.175266][ T48] usb 2-1: Manufacturer: syz [ 66.179872][ T48] usb 2-1: SerialNumber: syz [ 66.188013][ T5914] usb 4-1: non-Atmel transceiver xxxx6cf2 [ 66.195984][ T48] usb 2-1: config 0 descriptor?? [ 66.201058][ T5864] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 66.213786][ T48] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 66.223620][ T48] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 66.394366][ T5864] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.400240][ T5940] FAULT_INJECTION: forcing a failure. [ 66.400240][ T5940] name failslab, interval 1, probability 0, space 0, times 0 [ 66.409216][ T5864] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.418580][ T5940] CPU: 1 UID: 0 PID: 5940 Comm: syz.3.13 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 66.438124][ T5940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 66.448171][ T5940] Call Trace: [ 66.451455][ T5940] [ 66.454376][ T5940] dump_stack_lvl+0x16c/0x1f0 [ 66.459047][ T5940] should_fail_ex+0x497/0x5b0 [ 66.463717][ T5940] ? fs_reclaim_acquire+0xae/0x150 [ 66.468825][ T5940] should_failslab+0xc2/0x120 [ 66.473500][ T5940] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 66.478871][ T5940] ? security_file_alloc+0x34/0x2b0 [ 66.484064][ T5940] security_file_alloc+0x34/0x2b0 [ 66.489081][ T5940] init_file+0x93/0x480 [ 66.493232][ T5940] alloc_empty_file+0x91/0x1e0 [ 66.497990][ T5940] alloc_file_pseudo+0x147/0x210 [ 66.502921][ T5940] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 66.508366][ T5940] ? alloc_fd+0x41f/0x760 [ 66.512686][ T5940] ? __pfx_lock_release+0x10/0x10 [ 66.517697][ T5940] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 66.523061][ T5940] __anon_inode_getfile+0x136/0x3d0 [ 66.528254][ T5940] ? _raw_spin_unlock+0x28/0x50 [ 66.533095][ T5940] ? __pfx___anon_inode_getfile+0x10/0x10 [ 66.538812][ T5940] anon_inode_getfd+0x52/0xb0 [ 66.543485][ T5940] __x64_sys_fsopen+0x18b/0x240 [ 66.548326][ T5940] do_syscall_64+0xcd/0x250 [ 66.552825][ T5940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.558708][ T5940] RIP: 0033:0x7f303257ff19 [ 66.563110][ T5940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.582709][ T5940] RSP: 002b:00007f30333f8058 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 66.591108][ T5940] RAX: ffffffffffffffda RBX: 00007f3032745fa0 RCX: 00007f303257ff19 [ 66.599063][ T5940] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000200003c0 [ 66.607024][ T5940] RBP: 00007f30333f80a0 R08: 0000000000000000 R09: 0000000000000000 [ 66.614978][ T5940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 66.622932][ T5940] R13: 0000000000000000 R14: 00007f3032745fa0 R15: 00007ffddf440258 [ 66.630920][ T5940] [ 66.644789][ T5864] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 66.655407][ T5864] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.680339][ T5864] usb 1-1: config 0 descriptor?? [ 66.706094][ T5940] ======================================================= [ 66.706094][ T5940] WARNING: The mand mount option has been deprecated and [ 66.706094][ T5940] and is ignored by this kernel. Remove the mand [ 66.706094][ T5940] option from the mount to silence this warning. [ 66.706094][ T5940] ======================================================= [ 66.783364][ T5914] usb 4-1: Firmware version (0.0) predates our first public release. [ 66.792867][ T5914] usb 4-1: Please update to version 0.2 or newer [ 66.802619][ T5914] usb 4-1: atusb_probe: initialization failed, error = -19 [ 66.894420][ T5818] udevd[5818]: failed to send result of seq 10798 to main daemon: Connection refused [ 66.912106][ T5914] usb 4-1: USB disconnect, device number 3 [ 67.101514][ T5999] netlink: 12 bytes leftover after parsing attributes in process `syz.4.31'. [ 67.103751][ T48] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 67.123180][ T5864] hid-steam 0003:28DE:1142.0001: unknown main item tag 0x0 [ 67.132083][ T48] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 67.141453][ T5864] hid-steam 0003:28DE:1142.0001: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0 [ 67.153143][ T29] kauditd_printk_skb: 74 callbacks suppressed [ 67.153157][ T29] audit: type=1400 audit(1733971509.413:218): avc: denied { create } for pid=6000 comm="syz.2.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 67.187115][ T29] audit: type=1400 audit(1733971509.413:219): avc: denied { write } for pid=6000 comm="syz.2.30" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 67.210447][ T5864] hid-steam 0003:28DE:1142.0001: Steam wireless receiver connected [ 67.218695][ T29] audit: type=1400 audit(1733971509.453:220): avc: denied { name_bind } for pid=6002 comm="syz.2.32" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 67.233846][ T5864] hid-steam 0003:28DE:1142.0002: unknown main item tag 0x0 [ 67.265177][ T5864] hid-steam 0003:28DE:1142.0002: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0 [ 67.272202][ T29] audit: type=1400 audit(1733971509.453:221): avc: denied { node_bind } for pid=6002 comm="syz.2.32" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 67.341080][ T48] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 67.350318][ T48] em28xx 2-1:0.0: No AC97 audio processor [ 67.356295][ T29] audit: type=1400 audit(1733971509.613:222): avc: denied { getopt } for pid=5980 comm="syz.0.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 68.069179][ T29] audit: type=1400 audit(1733971509.843:223): avc: denied { setopt } for pid=6009 comm="syz.4.33" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 68.089961][ T29] audit: type=1400 audit(1733971509.843:224): avc: denied { getopt } for pid=6009 comm="syz.4.33" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 68.124663][ T29] audit: type=1400 audit(1733971510.383:225): avc: denied { connect } for pid=6011 comm="syz.3.34" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.145417][ T29] audit: type=1400 audit(1733971510.383:226): avc: denied { write } for pid=6011 comm="syz.3.34" laddr=fe80::13 lport=60 faddr=fe80:: scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.234412][ T29] audit: type=1400 audit(1733971510.493:227): avc: denied { read } for pid=6020 comm="syz.2.36" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 68.467271][ T6027] PKCS7: Unknown OID: [4] (bad) [ 68.472590][ T6027] PKCS7: Only support pkcs7_signedData type [ 68.930558][ T9] usb 1-1: reset high-speed USB device number 2 using dummy_hcd [ 68.991310][ T5983] [U] vÔ3 [ 69.032861][ T48] usb 2-1: USB disconnect, device number 2 [ 69.039315][ T48] em28xx 2-1:0.0: Disconnecting em28xx [ 69.051032][ T48] em28xx 2-1:0.0: Freeing device [ 69.072661][ T6033] netlink: 'syz.0.39': attribute type 1 has an invalid length. [ 69.220979][ T6035] FAULT_INJECTION: forcing a failure. [ 69.220979][ T6035] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 69.236226][ T6035] CPU: 0 UID: 0 PID: 6035 Comm: syz.3.38 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 69.246745][ T6035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 69.256787][ T6035] Call Trace: [ 69.260052][ T6035] [ 69.262987][ T6035] dump_stack_lvl+0x16c/0x1f0 [ 69.267659][ T6035] should_fail_ex+0x497/0x5b0 [ 69.272331][ T6035] _copy_from_user+0x2e/0xd0 [ 69.276914][ T6035] memdup_user_nul+0x72/0x110 [ 69.281586][ T6035] sel_write_enforce+0xce/0x510 [ 69.286429][ T6035] ? rcu_is_watching+0x12/0xc0 [ 69.291185][ T6035] ? __pfx_sel_write_enforce+0x10/0x10 [ 69.296640][ T6035] ? __pfx_sel_write_enforce+0x10/0x10 [ 69.302089][ T6035] vfs_writev+0x6da/0xdd0 [ 69.306411][ T6035] ? fdget_pos+0x267/0x390 [ 69.310832][ T6035] ? __pfx_vfs_writev+0x10/0x10 [ 69.315673][ T6035] ? __mutex_lock+0x1cc/0xa60 [ 69.320337][ T6035] ? find_held_lock+0x2d/0x110 [ 69.325097][ T6035] ? __pfx___mutex_lock+0x10/0x10 [ 69.330108][ T6035] ? trace_lock_acquire+0x14e/0x1f0 [ 69.335308][ T6035] ? __fget_files+0x206/0x3a0 [ 69.339994][ T6035] ? do_writev+0x133/0x340 [ 69.344410][ T6035] do_writev+0x133/0x340 [ 69.348644][ T6035] ? __pfx_do_writev+0x10/0x10 [ 69.353424][ T6035] do_syscall_64+0xcd/0x250 [ 69.357917][ T6035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.363801][ T6035] RIP: 0033:0x7f303257ff19 [ 69.368201][ T6035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.387793][ T6035] RSP: 002b:00007f30333d7058 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 69.396191][ T6035] RAX: ffffffffffffffda RBX: 00007f3032746080 RCX: 00007f303257ff19 [ 69.404146][ T6035] RDX: 0000000000000001 RSI: 00000000200001c0 RDI: 0000000000000004 [ 69.412101][ T6035] RBP: 00007f30333d70a0 R08: 0000000000000000 R09: 0000000000000000 [ 69.420061][ T6035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 69.428019][ T6035] R13: 0000000000000000 R14: 00007f3032746080 R15: 00007ffddf440258 [ 69.435986][ T6035] [ 69.439083][ C0] vkms_vblank_simulate: vblank timer overrun [ 69.999509][ T6035] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 70.362904][ T5864] usb 1-1: USB disconnect, device number 2 [ 70.370082][ T5867] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 70.377207][ T5864] hid-steam 0003:28DE:1142.0001: Steam wireless receiver disconnected [ 70.433662][ T6051] capability: warning: `syz.3.43' uses deprecated v2 capabilities in a way that may be insecure [ 70.540063][ T5867] usb 5-1: Using ep0 maxpacket: 32 [ 70.546558][ T5867] usb 5-1: config 0 has an invalid interface number: 156 but max is 0 [ 70.555643][ T5867] usb 5-1: config 0 has no interface number 0 [ 70.562789][ T5867] usb 5-1: config 0 interface 156 has no altsetting 0 [ 70.571672][ T5867] usb 5-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=7a.d6 [ 70.580808][ T970] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 70.588676][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.596985][ T5867] usb 5-1: Product: syz [ 70.601216][ T5867] usb 5-1: Manufacturer: syz [ 70.605785][ T5867] usb 5-1: SerialNumber: syz [ 70.612090][ T5867] usb 5-1: config 0 descriptor?? [ 70.710082][ T5914] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 70.750111][ T970] usb 2-1: Using ep0 maxpacket: 8 [ 70.757308][ T970] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 70.767874][ T970] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 70.779199][ T970] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 70.789731][ T970] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 70.802776][ T970] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 70.811872][ T970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.823876][ T5864] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 70.911327][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 70.922422][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.933195][ T5914] usb 4-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 70.942490][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.955406][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.961962][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.964516][ T5864] usb 1-1: device descriptor read/64, error -71 [ 70.973806][ T5914] usb 4-1: config 0 descriptor?? [ 71.035711][ T970] usb 2-1: usb_control_msg returned -32 [ 71.060094][ T970] usbtmc 2-1:16.0: can't read capabilities [ 71.085304][ T970] usb 2-1: USB disconnect, device number 3 [ 71.219490][ T5914] sony 0003:054C:0268.0003: hiddev0,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.3-1/input0 [ 71.234433][ T5914] sony 0003:054C:0268.0003: failed to claim input [ 71.236809][ T5864] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 71.410273][ T5914] usb 4-1: USB disconnect, device number 4 [ 71.500870][ T5864] usb 1-1: device descriptor read/64, error -71 [ 71.632671][ T5864] usb usb1-port1: attempt power cycle [ 71.772789][ T6069] netlink: 72 bytes leftover after parsing attributes in process `syz.1.47'. [ 71.886553][ T5867] usb 5-1: USB disconnect, device number 2 [ 72.180787][ T29] kauditd_printk_skb: 144 callbacks suppressed [ 72.180828][ T29] audit: type=1326 audit(1733971514.393:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6067 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f58c1176ee7 code=0x7ffc0000 [ 72.281262][ T29] audit: type=1326 audit(1733971514.443:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6067 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58c111c119 code=0x7ffc0000 [ 72.305477][ C0] vkms_vblank_simulate: vblank timer overrun [ 72.318893][ T5864] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 72.355197][ T5864] usb 1-1: device descriptor read/8, error -71 [ 72.378324][ T29] audit: type=1326 audit(1733971514.443:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6067 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f58c1176ee7 code=0x7ffc0000 [ 72.409117][ T29] audit: type=1326 audit(1733971514.443:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6067 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58c111c119 code=0x7ffc0000 [ 72.459620][ T29] audit: type=1326 audit(1733971514.443:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6067 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f58c117ff19 code=0x7ffc0000 [ 72.489520][ T29] audit: type=1326 audit(1733971514.443:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6067 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f58c1176ee7 code=0x7ffc0000 [ 72.515041][ T29] audit: type=1326 audit(1733971514.443:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6067 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58c111c119 code=0x7ffc0000 [ 72.538047][ C0] vkms_vblank_simulate: vblank timer overrun [ 72.549877][ T29] audit: type=1326 audit(1733971514.443:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6067 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f58c117ff19 code=0x7ffc0000 [ 72.564880][ T6085] xt_socket: unknown flags 0x8 [ 72.572844][ C0] vkms_vblank_simulate: vblank timer overrun [ 72.590587][ T29] audit: type=1326 audit(1733971514.473:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6067 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f58c1176ee7 code=0x7ffc0000 [ 72.619334][ T29] audit: type=1326 audit(1733971514.473:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6067 comm="syz.1.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f58c111c119 code=0x7ffc0000 [ 72.653805][ T5864] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 72.700968][ T5864] usb 1-1: device descriptor read/8, error -71 [ 72.810235][ T5864] usb usb1-port1: unable to enumerate USB device [ 72.871020][ T5864] kernel write not supported for file 42/task/43/loginuid (pid: 5864 comm: kworker/0:4) [ 73.390477][ T6104] sp0: Synchronizing with TNC [ 73.607679][ T6114] netlink: 'syz.3.60': attribute type 4 has an invalid length. [ 73.636168][ T6114] netlink: 'syz.3.60': attribute type 4 has an invalid length. [ 73.689523][ T6118] FAULT_INJECTION: forcing a failure. [ 73.689523][ T6118] name failslab, interval 1, probability 0, space 0, times 0 [ 73.704589][ T6118] CPU: 1 UID: 0 PID: 6118 Comm: syz.3.63 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 73.715099][ T6118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 73.725131][ T6118] Call Trace: [ 73.728396][ T6118] [ 73.731303][ T6118] dump_stack_lvl+0x16c/0x1f0 [ 73.735972][ T6118] should_fail_ex+0x497/0x5b0 [ 73.740646][ T6118] ? fs_reclaim_acquire+0xae/0x150 [ 73.745738][ T6118] should_failslab+0xc2/0x120 [ 73.750478][ T6118] __kmalloc_noprof+0xcb/0x510 [ 73.755215][ T6118] ? d_absolute_path+0x137/0x1b0 [ 73.760131][ T6118] ? rcu_is_watching+0x12/0xc0 [ 73.764891][ T6118] tomoyo_encode2+0x100/0x3e0 [ 73.769545][ T6118] tomoyo_encode+0x29/0x50 [ 73.774122][ T6118] tomoyo_realpath_from_path+0x19d/0x720 [ 73.779740][ T6118] tomoyo_path_number_perm+0x248/0x590 [ 73.785173][ T6118] ? tomoyo_path_number_perm+0x235/0x590 [ 73.790778][ T6118] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 73.796750][ T6118] ? __pfx_lock_release+0x10/0x10 [ 73.801760][ T6118] ? trace_lock_acquire+0x14e/0x1f0 [ 73.806945][ T6118] ? lock_acquire+0x2f/0xb0 [ 73.811421][ T6118] ? __fget_files+0x40/0x3a0 [ 73.815982][ T6118] ? __fget_files+0x206/0x3a0 [ 73.820630][ T6118] security_file_ioctl+0x9b/0x240 [ 73.825628][ T6118] __x64_sys_ioctl+0xb7/0x200 [ 73.830283][ T6118] do_syscall_64+0xcd/0x250 [ 73.834771][ T6118] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.840638][ T6118] RIP: 0033:0x7f303257ff19 [ 73.845039][ T6118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.864617][ T6118] RSP: 002b:00007f30333f8058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.873002][ T6118] RAX: ffffffffffffffda RBX: 00007f3032745fa0 RCX: 00007f303257ff19 [ 73.880950][ T6118] RDX: 0000000020000040 RSI: 00000000c4c85512 RDI: 0000000000000003 [ 73.888895][ T6118] RBP: 00007f30333f80a0 R08: 0000000000000000 R09: 0000000000000000 [ 73.896841][ T6118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 73.904785][ T6118] R13: 0000000000000000 R14: 00007f3032745fa0 R15: 00007ffddf440258 [ 73.912744][ T6118] [ 73.951317][ T6118] ERROR: Out of memory at tomoyo_realpath_from_path. [ 74.696709][ T6128] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 74.723909][ T6128] FAULT_INJECTION: forcing a failure. [ 74.723909][ T6128] name failslab, interval 1, probability 0, space 0, times 0 [ 74.737247][ T6128] CPU: 0 UID: 0 PID: 6128 Comm: syz.4.67 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 74.747774][ T6128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 74.757855][ T6128] Call Trace: [ 74.761138][ T6128] [ 74.764068][ T6128] dump_stack_lvl+0x16c/0x1f0 [ 74.768759][ T6128] should_fail_ex+0x497/0x5b0 [ 74.773460][ T6128] ? fs_reclaim_acquire+0xae/0x150 [ 74.778588][ T6128] should_failslab+0xc2/0x120 [ 74.783274][ T6128] kmem_cache_alloc_lru_noprof+0x73/0x3d0 [ 74.789003][ T6128] ? ovl_alloc_inode+0x25/0x190 [ 74.793876][ T6128] ? __pfx_ovl_alloc_inode+0x10/0x10 [ 74.799174][ T6128] ovl_alloc_inode+0x25/0x190 [ 74.803861][ T6128] alloc_inode+0x5d/0x230 [ 74.808195][ T6128] new_inode+0x22/0x210 [ 74.812357][ T6128] ovl_new_inode+0x1d/0x50 [ 74.816774][ T6128] ovl_create_object+0x17e/0x300 [ 74.821722][ T6128] ? __pfx_ovl_create_object+0x10/0x10 [ 74.827186][ T6128] ? bpf_lsm_inode_permission+0x9/0x10 [ 74.832660][ T6128] ? security_inode_permission+0xbf/0x260 [ 74.838408][ T6128] ? __pfx_ovl_create+0x10/0x10 [ 74.843271][ T6128] lookup_open.isra.0+0x1174/0x14c0 [ 74.848488][ T6128] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 74.854054][ T6128] ? do_huge_pmd_numa_page+0xcf0/0xed0 [ 74.859538][ T6128] ? lock_acquire+0x2f/0xb0 [ 74.864056][ T6128] ? path_openat+0x153e/0x2d60 [ 74.868835][ T6128] ? do_huge_pmd_numa_page+0xcf0/0xed0 [ 74.874316][ T6128] ? __pfx_down_write+0x10/0x10 [ 74.879144][ T6128] ? mnt_get_write_access+0x20c/0x300 [ 74.884521][ T6128] path_openat+0x904/0x2d60 [ 74.889010][ T6128] ? __pfx_path_openat+0x10/0x10 [ 74.893938][ T6128] ? __pfx___lock_acquire+0x10/0x10 [ 74.899146][ T6128] ? lock_acquire.part.0+0x11b/0x380 [ 74.904411][ T6128] ? find_held_lock+0x2d/0x110 [ 74.909165][ T6128] do_filp_open+0x20c/0x470 [ 74.913649][ T6128] ? __pfx_do_filp_open+0x10/0x10 [ 74.918650][ T6128] ? find_held_lock+0x2d/0x110 [ 74.923417][ T6128] ? alloc_fd+0x41f/0x760 [ 74.927729][ T6128] do_sys_openat2+0x17a/0x1e0 [ 74.932388][ T6128] ? __pfx_do_sys_openat2+0x10/0x10 [ 74.937576][ T6128] ? __fget_files+0x206/0x3a0 [ 74.942261][ T6128] __x64_sys_openat+0x175/0x210 [ 74.947112][ T6128] ? __pfx___x64_sys_openat+0x10/0x10 [ 74.952460][ T6128] ? ksys_write+0x1ba/0x250 [ 74.956942][ T6128] do_syscall_64+0xcd/0x250 [ 74.961427][ T6128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.967300][ T6128] RIP: 0033:0x7f1b1d37ff19 [ 74.971690][ T6128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.991280][ T6128] RSP: 002b:00007f1b1e255058 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 74.999703][ T6128] RAX: ffffffffffffffda RBX: 00007f1b1d545fa0 RCX: 00007f1b1d37ff19 [ 75.007669][ T6128] RDX: 0000000000000541 RSI: 0000000020000080 RDI: ffffffffffffff9c [ 75.015616][ T6128] RBP: 00007f1b1e2550a0 R08: 0000000000000000 R09: 0000000000000000 [ 75.023584][ T6128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 75.031529][ T6128] R13: 0000000000000000 R14: 00007f1b1d545fa0 R15: 00007ffd3c46e4d8 [ 75.039480][ T6128] [ 75.042582][ C0] vkms_vblank_simulate: vblank timer overrun [ 75.189999][ T6134] netlink: 'syz.2.66': attribute type 10 has an invalid length. [ 75.771134][ T6134] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.778823][ T6134] team0: Port device bond0 added [ 75.883202][ T6137] Illegal XDP return value 154 on prog (id 10) dev N/A, expect packet loss! [ 76.005620][ T6148] openvswitch: netlink: nsh attribute has 65524 unknown bytes. [ 76.013310][ T6148] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 76.150167][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 76.362021][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 76.438644][ T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 76.475969][ T25] cfg80211: failed to load regulatory.db [ 76.496432][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 76.537897][ T9] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 76.555250][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.567125][ T9] usb 3-1: Product: syz [ 76.584660][ T9] usb 3-1: Manufacturer: syz [ 76.589310][ T9] usb 3-1: SerialNumber: syz [ 76.612553][ T9] usb 3-1: config 0 descriptor?? [ 76.629382][ T9] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 76.648824][ T9] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 76.718436][ T6158] FAULT_INJECTION: forcing a failure. [ 76.718436][ T6158] name failslab, interval 1, probability 0, space 0, times 0 [ 76.740562][ T970] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 76.755532][ T6158] CPU: 0 UID: 0 PID: 6158 Comm: syz.1.77 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 76.766066][ T6158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 76.776124][ T6158] Call Trace: [ 76.779384][ T6158] [ 76.782305][ T6158] dump_stack_lvl+0x16c/0x1f0 [ 76.786986][ T6158] should_fail_ex+0x497/0x5b0 [ 76.791646][ T6158] ? fs_reclaim_acquire+0xae/0x150 [ 76.796741][ T6158] should_failslab+0xc2/0x120 [ 76.801399][ T6158] __kmalloc_cache_noprof+0x68/0x410 [ 76.806661][ T6158] ? kasan_save_track+0x14/0x30 [ 76.811590][ T6158] snd_mixer_oss_put_volume1_sw.constprop.0.isra.0+0xd4/0x510 [ 76.819054][ T6158] snd_mixer_oss_put_recsrc1_sw+0x87/0xc0 [ 76.824769][ T6158] snd_mixer_oss_ioctl1+0xaf9/0x1cf0 [ 76.830073][ T6158] ? __pfx_snd_mixer_oss_put_recsrc1_sw+0x10/0x10 [ 76.836514][ T6158] ? __pfx_snd_mixer_oss_ioctl1+0x10/0x10 [ 76.842226][ T6158] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 76.848748][ T6158] ? __pfx_lock_release+0x10/0x10 [ 76.853805][ T6158] ? selinux_file_ioctl+0x180/0x270 [ 76.859006][ T6158] snd_mixer_oss_ioctl+0x3e/0x50 [ 76.863925][ T6158] ? __pfx_snd_mixer_oss_ioctl+0x10/0x10 [ 76.869536][ T6158] __x64_sys_ioctl+0x190/0x200 [ 76.874293][ T6158] do_syscall_64+0xcd/0x250 [ 76.878777][ T6158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.884656][ T6158] RIP: 0033:0x7f58c117ff19 [ 76.889048][ T6158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.908642][ T6158] RSP: 002b:00007f58c1f5d058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.917043][ T6158] RAX: ffffffffffffffda RBX: 00007f58c1345fa0 RCX: 00007f58c117ff19 [ 76.924997][ T6158] RDX: 0000000020000080 RSI: 00000000c0044dff RDI: 0000000000000003 [ 76.932953][ T6158] RBP: 00007f58c1f5d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 76.940917][ T6158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 76.948875][ T6158] R13: 0000000000000000 R14: 00007f58c1345fa0 R15: 00007fff1f219238 [ 76.956832][ T6158] [ 76.959948][ C0] vkms_vblank_simulate: vblank timer overrun [ 76.960543][ T970] usb 5-1: Using ep0 maxpacket: 16 [ 76.985992][ T970] usb 5-1: config 0 has an invalid interface number: 70 but max is 0 [ 76.994965][ T970] usb 5-1: config 0 has no interface number 0 [ 77.001319][ T970] usb 5-1: config 0 interface 70 has no altsetting 0 [ 77.013837][ T970] usb 5-1: New USB device found, idVendor=11ca, idProduct=0201, bcdDevice=76.66 [ 77.023357][ T970] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.031553][ T970] usb 5-1: Product: syz [ 77.035721][ T970] usb 5-1: Manufacturer: syz [ 77.040495][ T970] usb 5-1: SerialNumber: syz [ 77.046590][ T970] usb 5-1: config 0 descriptor?? [ 77.096383][ T25] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 77.240466][ T9] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 77.246734][ T9] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 77.259394][ T29] kauditd_printk_skb: 89 callbacks suppressed [ 77.259410][ T29] audit: type=1326 audit(1733971519.523:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6149 comm="syz.4.74" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b1d37ff19 code=0x0 [ 77.264801][ T9] em28xx 3-1:0.0: AC97 chip type couldn't be determined [ 77.288080][ C0] vkms_vblank_simulate: vblank timer overrun [ 77.291236][ T25] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 77.295591][ T9] em28xx 3-1:0.0: No AC97 audio processor [ 77.301644][ T25] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 77.353954][ T6163] block nbd0: shutting down sockets [ 77.416797][ T9] usb 3-1: USB disconnect, device number 2 [ 77.424703][ T9] em28xx 3-1:0.0: Disconnecting em28xx [ 77.438927][ T9] em28xx 3-1:0.0: Freeing device [ 77.468834][ T6172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.74'. [ 77.496379][ T6172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 77.535840][ T25] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 77.556401][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.557307][ T6172] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 77.593211][ T6161] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 77.604612][ T25] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 77.696639][ T29] audit: type=1400 audit(1733971519.953:472): avc: denied { create } for pid=6149 comm="syz.4.74" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 78.136337][ T9] usb 4-1: USB disconnect, device number 5 [ 78.718212][ T29] audit: type=1400 audit(1733971520.943:473): avc: denied { write } for pid=6189 comm="syz.0.84" name="ip_mr_cache" dev="proc" ino=4026533247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 79.897793][ T970] cdc_acm 5-1:0.70: Zero length descriptor references [ 79.937941][ T970] cdc_acm 5-1:0.70: probe with driver cdc_acm failed with error -22 [ 80.014861][ T970] usb 5-1: USB disconnect, device number 3 [ 80.277325][ T29] audit: type=1400 audit(1733971522.533:474): avc: denied { mounton } for pid=6185 comm="syz.2.83" path="/proc/69/task" dev="proc" ino=8042 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 80.408170][ T29] audit: type=1400 audit(1733971522.663:475): avc: denied { create } for pid=6202 comm="syz.1.88" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 80.757319][ T6203] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 80.774283][ T6200] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 80.783040][ T6200] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 81.178078][ T29] audit: type=1400 audit(1733971523.283:476): avc: denied { write } for pid=6197 comm="syz.4.86" name="001" dev="devtmpfs" ino=734 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 81.515126][ T970] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 81.594330][ T6222] netlink: 68 bytes leftover after parsing attributes in process `syz.0.93'. [ 81.621319][ T29] audit: type=1400 audit(1733971523.883:477): avc: denied { bind } for pid=6221 comm="syz.0.93" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 81.642134][ T29] audit: type=1400 audit(1733971523.903:478): avc: denied { node_bind } for pid=6221 comm="syz.0.93" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 81.749590][ T970] usb 3-1: device descriptor read/64, error -71 [ 81.880074][ T5867] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 81.880129][ T48] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 82.001596][ T970] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 82.020141][ T5902] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 82.040065][ T48] usb 1-1: Using ep0 maxpacket: 32 [ 82.044992][ T5867] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 82.046612][ T48] usb 1-1: New USB device found, idVendor=08ca, idProduct=0111, bcdDevice=6d.c8 [ 82.056065][ T5867] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 82.056098][ T5867] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 82.065335][ T48] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.084162][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.095624][ T5864] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 82.107868][ T29] audit: type=1400 audit(1733971524.363:479): avc: denied { rename } for pid=5171 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 82.109601][ T5867] usb 2-1: config 0 descriptor?? [ 82.134222][ T29] audit: type=1400 audit(1733971524.363:480): avc: denied { unlink } for pid=5171 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 82.157984][ T48] usb 1-1: config 0 descriptor?? [ 82.164708][ T48] gspca_main: mr97310a-2.14.0 probing 08ca:0111 [ 82.170185][ T970] usb 3-1: device descriptor read/64, error -71 [ 82.171163][ T48] gspca_mr97310a: reg write [21] error -22 [ 82.183117][ T48] mr97310a 1-1:0.0: probe with driver mr97310a failed with error -22 [ 82.200071][ T5902] usb 4-1: Using ep0 maxpacket: 16 [ 82.206363][ T5902] usb 4-1: config 0 has an invalid interface number: 70 but max is 0 [ 82.215363][ T5902] usb 4-1: config 0 has no interface number 0 [ 82.221672][ T5902] usb 4-1: config 0 interface 70 has no altsetting 0 [ 82.229832][ T5902] usb 4-1: New USB device found, idVendor=11ca, idProduct=0201, bcdDevice=76.66 [ 82.239611][ T5902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.247806][ T5902] usb 4-1: Product: syz [ 82.251992][ T5902] usb 4-1: Manufacturer: syz [ 82.256571][ T5902] usb 4-1: SerialNumber: syz [ 82.263015][ T5902] usb 4-1: config 0 descriptor?? [ 82.280139][ T5864] usb 5-1: Using ep0 maxpacket: 32 [ 82.284402][ T970] usb usb3-port1: attempt power cycle [ 82.286703][ T5864] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 82.301516][ T5864] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 82.312587][ T5864] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 82.322371][ T5864] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 82.335993][ T5864] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 82.345989][ T5864] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.357057][ T5864] usb 5-1: config 0 descriptor?? [ 82.402180][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 82.402193][ T29] audit: type=1400 audit(1733971524.663:482): avc: denied { read } for pid=6221 comm="syz.0.93" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 82.432094][ T29] audit: type=1400 audit(1733971524.663:483): avc: denied { open } for pid=6221 comm="syz.0.93" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 82.478421][ T29] audit: type=1326 audit(1733971524.733:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6223 comm="syz.3.94" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f303257ff19 code=0x0 [ 82.770076][ T970] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 82.780764][ T6232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 82.833317][ T6232] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 82.903271][ T970] usb 3-1: device descriptor read/8, error -71 [ 82.994240][ T5864] ntrig 0003:1B96:000A.0004: item fetching failed at offset 1/5 [ 83.036187][ T5864] ntrig 0003:1B96:000A.0004: parse failed [ 83.099384][ T5864] ntrig 0003:1B96:000A.0004: probe with driver ntrig failed with error -22 [ 83.225916][ T970] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 83.269125][ T970] usb 3-1: device descriptor read/8, error -71 [ 83.350177][ T5864] usb 5-1: USB disconnect, device number 4 [ 83.396925][ T970] usb usb3-port1: unable to enumerate USB device [ 84.060998][ T29] audit: type=1400 audit(1733971526.323:485): avc: denied { create } for pid=6242 comm="syz.2.98" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 84.084188][ T29] audit: type=1400 audit(1733971526.343:486): avc: denied { write } for pid=6242 comm="syz.2.98" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 84.129978][ T29] audit: type=1400 audit(1733971526.373:487): avc: denied { ioctl } for pid=6239 comm="syz.4.97" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 84.171168][ T970] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 84.359736][ T970] usb 5-1: Using ep0 maxpacket: 8 [ 84.392729][ T970] usb 5-1: config 2 has an invalid interface number: 31 but max is 0 [ 84.404671][ T970] usb 5-1: config 2 has no interface number 0 [ 84.416981][ T970] usb 5-1: config 2 interface 31 has no altsetting 0 [ 84.752009][ T970] usb 5-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 84.761150][ T970] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.769239][ T970] usb 5-1: Product: syz [ 84.774211][ T970] usb 5-1: Manufacturer: syz [ 84.779002][ T970] usb 5-1: SerialNumber: syz [ 84.784877][ T5867] usbhid 2-1:0.0: can't add hid device: -71 [ 84.791037][ T5867] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 84.811572][ T970] ch9200 5-1:2.31: probe with driver ch9200 failed with error -22 [ 84.830207][ T5867] usb 2-1: USB disconnect, device number 4 [ 84.945420][ T6248] warning: `syz.1.99' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 85.028671][ T5902] cdc_acm 4-1:0.70: Zero length descriptor references [ 85.060069][ T5902] cdc_acm 4-1:0.70: probe with driver cdc_acm failed with error -22 [ 85.131419][ T5866] usb 5-1: USB disconnect, device number 5 [ 85.160136][ T6253] capability: warning: `syz.2.100' uses 32-bit capabilities (legacy support in use) [ 85.173092][ T6252] mkiss: ax0: crc mode is auto. [ 85.180597][ T5902] usb 4-1: USB disconnect, device number 6 [ 85.201453][ T48] usb 1-1: USB disconnect, device number 7 [ 85.267954][ T29] audit: type=1400 audit(1733971527.523:488): avc: denied { getopt } for pid=6250 comm="syz.3.101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 85.422866][ T29] audit: type=1400 audit(1733971527.533:489): avc: denied { read write } for pid=6246 comm="syz.1.99" name="udmabuf" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 85.463366][ T29] audit: type=1400 audit(1733971527.533:490): avc: denied { open } for pid=6246 comm="syz.1.99" path="/dev/udmabuf" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 85.486727][ C0] vkms_vblank_simulate: vblank timer overrun [ 85.676213][ T29] audit: type=1400 audit(1733971527.933:491): avc: denied { create } for pid=6263 comm="syz.1.105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 86.218686][ T6264] netlink: 24 bytes leftover after parsing attributes in process `syz.1.105'. [ 86.480015][ T48] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 86.680677][ T48] usb 5-1: device descriptor read/64, error -71 [ 87.402300][ T48] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 87.412186][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 87.412199][ T29] audit: type=1400 audit(1733971529.673:497): avc: denied { name_bind } for pid=6288 comm="syz.1.110" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 87.473683][ T29] audit: type=1400 audit(1733971529.723:498): avc: denied { shutdown } for pid=6288 comm="syz.1.110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 87.540838][ T29] audit: type=1400 audit(1733971529.783:499): avc: denied { write } for pid=6282 comm="syz.2.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 87.599168][ T48] usb 5-1: device descriptor read/64, error -71 [ 87.711553][ T29] audit: type=1400 audit(1733971529.973:500): avc: denied { create } for pid=6299 comm="syz.0.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 87.730098][ T48] usb usb5-port1: attempt power cycle [ 87.768543][ T29] audit: type=1400 audit(1733971529.993:501): avc: denied { write } for pid=6299 comm="syz.0.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 87.858812][ T6302] netlink: 32 bytes leftover after parsing attributes in process `syz.1.115'. [ 87.868518][ T6302] IPVS: length: 173 != 24 [ 87.893039][ T29] audit: type=1400 audit(1733971529.993:502): avc: denied { nlmsg_read } for pid=6299 comm="syz.0.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 87.935329][ T29] audit: type=1400 audit(1733971530.013:503): avc: denied { read } for pid=6301 comm="syz.1.115" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 87.936988][ T6311] binder: 6310:6311 ioctl c0306201 20000580 returned -22 [ 87.996948][ T29] audit: type=1400 audit(1733971530.013:504): avc: denied { open } for pid=6301 comm="syz.1.115" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 88.025321][ T29] audit: type=1400 audit(1733971530.173:505): avc: denied { read } for pid=6299 comm="syz.0.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 88.050124][ T29] audit: type=1400 audit(1733971530.263:506): avc: denied { ioctl } for pid=6310 comm="syz.3.119" path="/dev/sg0" dev="devtmpfs" ino=725 ioctlcmd=0x2286 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 88.080343][ T48] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 88.100432][ T48] usb 5-1: device descriptor read/8, error -71 [ 88.111512][ T6313] mkiss: ax0: crc mode is auto. [ 88.164101][ T6320] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=263 sclass=netlink_route_socket pid=6320 comm=syz.3.122 [ 88.341022][ T48] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 88.394958][ T6330] Zero length message leads to an empty skb [ 88.402802][ T48] usb 5-1: device descriptor read/8, error -71 [ 88.532172][ T48] usb usb5-port1: unable to enumerate USB device [ 88.763775][ T6336] syz.0.127 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 89.493387][ T6352] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 89.533956][ T6348] netlink: 4 bytes leftover after parsing attributes in process `syz.4.129'. [ 89.583618][ T6362] ebt_among: src integrity fail: 300 [ 90.447708][ T6380] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 90.466269][ T6380] FAULT_INJECTION: forcing a failure. [ 90.466269][ T6380] name failslab, interval 1, probability 0, space 0, times 0 [ 90.479511][ T6380] CPU: 1 UID: 0 PID: 6380 Comm: syz.3.139 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 90.490120][ T6380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 90.500176][ T6380] Call Trace: [ 90.503454][ T6380] [ 90.506390][ T6380] dump_stack_lvl+0x16c/0x1f0 [ 90.511079][ T6380] should_fail_ex+0x497/0x5b0 [ 90.515771][ T6380] ? fs_reclaim_acquire+0xae/0x150 [ 90.520895][ T6380] should_failslab+0xc2/0x120 [ 90.525564][ T6380] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 90.530926][ T6380] ? security_inode_alloc+0x3b/0x2b0 [ 90.536200][ T6380] security_inode_alloc+0x3b/0x2b0 [ 90.541298][ T6380] inode_init_always_gfp+0xce4/0x1030 [ 90.546659][ T6380] alloc_inode+0x82/0x230 [ 90.550977][ T6380] new_inode+0x22/0x210 [ 90.555123][ T6380] ovl_new_inode+0x1d/0x50 [ 90.559526][ T6380] ovl_create_object+0x17e/0x300 [ 90.564451][ T6380] ? __pfx_ovl_create_object+0x10/0x10 [ 90.569901][ T6380] ? bpf_lsm_inode_permission+0x9/0x10 [ 90.575356][ T6380] ? security_inode_permission+0xbf/0x260 [ 90.581067][ T6380] ? __pfx_ovl_create+0x10/0x10 [ 90.585906][ T6380] lookup_open.isra.0+0x1174/0x14c0 [ 90.591127][ T6380] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 90.596666][ T6380] ? do_huge_pmd_numa_page+0xcf0/0xed0 [ 90.602121][ T6380] ? lock_acquire+0x2f/0xb0 [ 90.606614][ T6380] ? path_openat+0x153e/0x2d60 [ 90.611367][ T6380] ? do_huge_pmd_numa_page+0xcf0/0xed0 [ 90.616817][ T6380] ? __pfx_down_write+0x10/0x10 [ 90.621660][ T6380] ? mnt_get_write_access+0x20c/0x300 [ 90.627026][ T6380] path_openat+0x904/0x2d60 [ 90.631523][ T6380] ? __pfx_path_openat+0x10/0x10 [ 90.636447][ T6380] ? __pfx___lock_acquire+0x10/0x10 [ 90.641631][ T6380] ? lock_acquire.part.0+0x11b/0x380 [ 90.646901][ T6380] ? find_held_lock+0x2d/0x110 [ 90.651660][ T6380] do_filp_open+0x20c/0x470 [ 90.656150][ T6380] ? __pfx_do_filp_open+0x10/0x10 [ 90.661158][ T6380] ? find_held_lock+0x2d/0x110 [ 90.665925][ T6380] ? alloc_fd+0x41f/0x760 [ 90.670244][ T6380] do_sys_openat2+0x17a/0x1e0 [ 90.674909][ T6380] ? __pfx_do_sys_openat2+0x10/0x10 [ 90.680101][ T6380] ? __fget_files+0x206/0x3a0 [ 90.684766][ T6380] __x64_sys_openat+0x175/0x210 [ 90.689606][ T6380] ? __pfx___x64_sys_openat+0x10/0x10 [ 90.694967][ T6380] ? ksys_write+0x1ba/0x250 [ 90.699461][ T6380] do_syscall_64+0xcd/0x250 [ 90.703956][ T6380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.709850][ T6380] RIP: 0033:0x7f303257ff19 [ 90.714249][ T6380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.733841][ T6380] RSP: 002b:00007f30333f8058 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 90.742257][ T6380] RAX: ffffffffffffffda RBX: 00007f3032745fa0 RCX: 00007f303257ff19 [ 90.750228][ T6380] RDX: 0000000000000541 RSI: 0000000020000080 RDI: ffffffffffffff9c [ 90.758183][ T6380] RBP: 00007f30333f80a0 R08: 0000000000000000 R09: 0000000000000000 [ 90.766138][ T6380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 90.774093][ T6380] R13: 0000000000000000 R14: 00007f3032745fa0 R15: 00007ffddf440258 [ 90.782057][ T6380] [ 90.793174][ T5864] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 90.861096][ T48] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 90.951900][ T5864] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 90.962110][ T5864] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 90.975081][ T5864] usb 1-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 90.984155][ T5864] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.993690][ T5864] usb 1-1: config 0 descriptor?? [ 91.010615][ T48] usb 5-1: Using ep0 maxpacket: 16 [ 91.017513][ T48] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 91.029368][ T48] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b5.89 [ 91.038525][ T48] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.046951][ T48] usb 5-1: Product: syz [ 91.051226][ T48] usb 5-1: Manufacturer: syz [ 91.055876][ T48] usb 5-1: SerialNumber: syz [ 91.061578][ T48] usb 5-1: config 0 descriptor?? [ 91.068076][ T48] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 91.090009][ T5902] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 91.190128][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 91.201745][ T6375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.210545][ T6375] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.240525][ T5864] usb 1-1: USB disconnect, device number 8 [ 91.351139][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 91.376732][ T9] usb 4-1: config 0 has an invalid interface number: 16 but max is 0 [ 91.393352][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 91.424571][ T9] usb 4-1: config 0 has no interface number 0 [ 91.457761][ T9] usb 4-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 91.490045][ T9] usb 4-1: config 0 interface 16 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 91.501203][ T5902] usb 3-1: config 252 has an invalid interface number: 250 but max is 0 [ 91.509586][ T5902] usb 3-1: config 252 has no interface number 0 [ 91.516055][ T5902] usb 3-1: config 252 interface 250 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 91.526433][ T5902] usb 3-1: config 252 interface 250 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 91.531597][ T9] usb 4-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d [ 91.538960][ T5902] usb 3-1: New USB device found, idVendor=f706, idProduct=1048, bcdDevice=ff.fc [ 91.556743][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.559966][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.565073][ T9] usb 4-1: Product: syz [ 91.577671][ T9] usb 4-1: Manufacturer: syz [ 91.582336][ T5902] usb 3-1: Product: syz [ 91.582353][ T5902] usb 3-1: Manufacturer: syz [ 91.582368][ T5902] usb 3-1: SerialNumber: syz [ 91.604596][ T9] usb 4-1: SerialNumber: syz [ 91.611319][ T9] usb 4-1: config 0 descriptor?? [ 91.616928][ T6386] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 91.631035][ T6386] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 91.640820][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 91.913188][ T6386] overlayfs: failed to resolve './file1': -2 [ 91.978496][ T9] usb 4-1: USB disconnect, device number 7 [ 92.601239][ T6406] netlink: 32 bytes leftover after parsing attributes in process `syz.0.143'. [ 92.611069][ T6406] IPVS: length: 173 != 24 [ 92.640200][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 92.640214][ T29] audit: type=1400 audit(1733971534.373:516): avc: denied { create } for pid=6376 comm="syz.4.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 92.684649][ T29] audit: type=1400 audit(1733971534.373:517): avc: denied { setopt } for pid=6376 comm="syz.4.138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 92.800364][ T6401] could not allocate digest TFM handle sha384-arm64 [ 92.811223][ T29] audit: type=1400 audit(1733971535.073:518): avc: denied { search } for pid=5171 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 92.866039][ T29] audit: type=1400 audit(1733971535.123:519): avc: denied { bind } for pid=6412 comm="syz.1.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 92.887016][ T29] audit: type=1400 audit(1733971535.123:520): avc: denied { name_bind } for pid=6412 comm="syz.1.145" src=20067 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 92.909746][ T29] audit: type=1400 audit(1733971535.123:521): avc: denied { node_bind } for pid=6412 comm="syz.1.145" src=20067 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1 [ 92.935031][ T6413] syz.1.145: attempt to access beyond end of device [ 92.935031][ T6413] loop1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 92.948810][ T6413] XFS (loop1): SB validate failed with error -5. [ 93.063014][ T29] audit: type=1400 audit(1733971535.323:522): avc: denied { setattr } for pid=6421 comm="syz.1.146" name="NFC_LLCP" dev="sockfs" ino=10769 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 93.092770][ T29] audit: type=1400 audit(1733971535.353:523): avc: denied { accept } for pid=6421 comm="syz.1.146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 93.141494][ T48] gspca_pac7302: reg_w() failed i: 78 v: 40 error -110 [ 93.148590][ T48] gspca_pac7302 5-1:0.0: probe with driver gspca_pac7302 failed with error -110 [ 93.166307][ T6424] netlink: 'syz.3.147': attribute type 4 has an invalid length. [ 93.253193][ T29] audit: type=1400 audit(1733971535.513:524): avc: denied { getopt } for pid=6434 comm="syz.1.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 93.359953][ C0] vkms_vblank_simulate: vblank timer overrun [ 94.039426][ T48] usb 5-1: USB disconnect, device number 10 [ 94.060569][ T29] audit: type=1400 audit(1733971536.323:525): avc: denied { append } for pid=6438 comm="syz.4.151" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 94.804883][ T5866] usb 3-1: USB disconnect, device number 7 [ 94.977610][ T6455] binder: BINDER_SET_CONTEXT_MGR already set [ 94.983694][ T6455] binder: 6447:6455 ioctl 4018620d 20004a80 returned -16 [ 95.595869][ T6476] FAULT_INJECTION: forcing a failure. [ 95.595869][ T6476] name failslab, interval 1, probability 0, space 0, times 0 [ 95.608717][ T6476] CPU: 1 UID: 0 PID: 6476 Comm: syz.3.162 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 95.619316][ T6476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 95.629371][ T6476] Call Trace: [ 95.632636][ T6476] [ 95.635555][ T6476] dump_stack_lvl+0x16c/0x1f0 [ 95.640224][ T6476] should_fail_ex+0x497/0x5b0 [ 95.644890][ T6476] ? fs_reclaim_acquire+0xae/0x150 [ 95.650007][ T6476] should_failslab+0xc2/0x120 [ 95.654685][ T6476] __kmalloc_noprof+0xcb/0x510 [ 95.659439][ T6476] tomoyo_realpath_from_path+0xb9/0x720 [ 95.664977][ T6476] tomoyo_mount_acl+0x66d/0x880 [ 95.669817][ T6476] ? hlock_class+0x4e/0x130 [ 95.674310][ T6476] ? __lock_acquire+0x15a9/0x3c40 [ 95.679322][ T6476] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 95.684704][ T6476] ? __pfx___lock_acquire+0x10/0x10 [ 95.689890][ T6476] ? stack_trace_save+0x95/0xd0 [ 95.694738][ T6476] ? __pfx_lock_release+0x10/0x10 [ 95.699758][ T6476] ? trace_lock_acquire+0x14e/0x1f0 [ 95.704948][ T6476] ? tomoyo_mount_permission+0x149/0x420 [ 95.710569][ T6476] ? lock_acquire+0x2f/0xb0 [ 95.715055][ T6476] ? tomoyo_mount_permission+0x149/0x420 [ 95.720675][ T6476] tomoyo_mount_permission+0x16e/0x420 [ 95.726118][ T6476] ? tomoyo_mount_permission+0x149/0x420 [ 95.731736][ T6476] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 95.737709][ T6476] ? get_current_fs_domain+0x184/0x1f0 [ 95.743163][ T6476] security_sb_mount+0x9b/0x260 [ 95.748001][ T6476] path_mount+0x129/0x1f20 [ 95.752405][ T6476] ? kmem_cache_free+0x152/0x4c0 [ 95.757328][ T6476] ? __pfx_path_mount+0x10/0x10 [ 95.762170][ T6476] ? putname+0x13c/0x180 [ 95.766406][ T6476] __x64_sys_mount+0x294/0x320 [ 95.771159][ T6476] ? __pfx___x64_sys_mount+0x10/0x10 [ 95.776450][ T6476] do_syscall_64+0xcd/0x250 [ 95.780945][ T6476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.786826][ T6476] RIP: 0033:0x7f303257ff19 [ 95.791240][ T6476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.810834][ T6476] RSP: 002b:00007f30333f8058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 95.819236][ T6476] RAX: ffffffffffffffda RBX: 00007f3032745fa0 RCX: 00007f303257ff19 [ 95.827206][ T6476] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 00000000200000c0 [ 95.835263][ T6476] RBP: 00007f30333f80a0 R08: 00000000200001c0 R09: 0000000000000000 [ 95.843245][ T6476] R10: 0000000002800080 R11: 0000000000000246 R12: 0000000000000002 [ 95.851205][ T6476] R13: 0000000000000000 R14: 00007f3032745fa0 R15: 00007ffddf440258 [ 95.859189][ T6476] [ 95.874744][ T6476] ERROR: Out of memory at tomoyo_realpath_from_path. [ 96.520025][ T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 96.673000][ T5866] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 96.902574][ T9] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 97.085923][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.299263][ T5866] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 97.388982][ T9] usb 5-1: Product: syz [ 97.393444][ T5866] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 97.403771][ T9] usb 5-1: Manufacturer: syz [ 97.408340][ T9] usb 5-1: SerialNumber: syz [ 97.419931][ T5866] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 97.429593][ T5866] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 97.440649][ T5866] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 97.453075][ T9] usb 5-1: config 0 descriptor?? [ 97.460257][ T5866] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 97.469333][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 97.477413][ T5866] usb 1-1: Product: syz [ 97.481646][ T5866] usb 1-1: Manufacturer: syz [ 97.489675][ T5866] cdc_wdm 1-1:1.0: skipping garbage [ 97.499880][ T5866] cdc_wdm 1-1:1.0: skipping garbage [ 97.517756][ T5866] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 97.523754][ T5866] cdc_wdm 1-1:1.0: Unknown control protocol [ 97.650290][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 97.650306][ T29] audit: type=1400 audit(1733971539.903:532): avc: denied { shutdown } for pid=6520 comm="syz.3.178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 97.679668][ T6525] netlink: 80 bytes leftover after parsing attributes in process `syz.2.177'. [ 97.734212][ T29] audit: type=1400 audit(1733971539.973:533): avc: denied { map } for pid=6520 comm="syz.3.178" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 98.020180][ T5902] usb 4-1: new low-speed USB device number 8 using dummy_hcd [ 98.020456][ T6538] netlink: 32 bytes leftover after parsing attributes in process `syz.2.181'. [ 98.170335][ T5902] usb 4-1: device descriptor read/64, error -71 [ 98.172602][ T6540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 98.189029][ T6539] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 98.195662][ T6539] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 98.206111][ T6540] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 98.229085][ T6538] IPVS: length: 173 != 24 [ 98.265430][ T6539] vhci_hcd vhci_hcd.0: Device attached [ 98.410027][ T5902] usb 4-1: new low-speed USB device number 9 using dummy_hcd [ 98.442494][ T5866] vhci_hcd: vhci_device speed not set [ 98.502369][ T5866] usb 33-1: new full-speed USB device number 2 using vhci_hcd [ 98.540047][ T5902] usb 4-1: device descriptor read/64, error -71 [ 98.556822][ T48] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 98.578483][ T9] usb 5-1: non-Atmel transceiver xxxx6cf2 [ 98.650326][ T5902] usb usb4-port1: attempt power cycle [ 98.720178][ T48] usb 3-1: Using ep0 maxpacket: 8 [ 98.730833][ T48] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 98.741965][ T48] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 98.751843][ T48] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 98.760967][ T48] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.779127][ T6483] FAULT_INJECTION: forcing a failure. [ 98.779127][ T6483] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.792742][ T6483] CPU: 1 UID: 0 PID: 6483 Comm: syz.4.164 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 98.803332][ T6483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 98.813389][ T6483] Call Trace: [ 98.816669][ T6483] [ 98.819681][ T6483] dump_stack_lvl+0x16c/0x1f0 [ 98.824368][ T6483] should_fail_ex+0x497/0x5b0 [ 98.829058][ T6483] _copy_from_user+0x2e/0xd0 [ 98.833666][ T6483] kstrtouint_from_user+0xd7/0x1c0 [ 98.838785][ T6483] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 98.844517][ T6483] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 98.850163][ T6483] proc_fail_nth_write+0x84/0x250 [ 98.855197][ T6483] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 98.860822][ T6483] ? ksys_write+0x12b/0x250 [ 98.865310][ T6483] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 98.866743][ T29] audit: type=1400 audit(1733971541.093:534): avc: denied { mounton } for pid=6481 comm="syz.4.164" path="/25/file0" dev="tmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 98.870918][ T6483] vfs_write+0x24c/0x1150 [ 98.870959][ T6483] ? __fget_files+0x1fc/0x3a0 [ 98.870978][ T6483] ? __pfx___mutex_lock+0x10/0x10 [ 98.870998][ T6483] ? __pfx_vfs_write+0x10/0x10 [ 98.871024][ T6483] ? __fget_files+0x206/0x3a0 [ 98.871051][ T6483] ksys_write+0x12b/0x250 [ 98.871068][ T6483] ? __pfx_ksys_write+0x10/0x10 [ 98.871095][ T6483] do_syscall_64+0xcd/0x250 [ 98.871119][ T6483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.871141][ T6483] RIP: 0033:0x7f1b1d37e9cf [ 98.871157][ T6483] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 98.960342][ T6483] RSP: 002b:00007f1b1e255050 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 98.968752][ T6483] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1b1d37e9cf [ 98.976724][ T6483] RDX: 0000000000000001 RSI: 00007f1b1e2550b0 RDI: 0000000000000007 [ 98.984692][ T6483] RBP: 00007f1b1e2550a0 R08: 0000000000000000 R09: 0000000000000000 [ 98.992659][ T6483] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 99.000628][ T6483] R13: 0000000000000000 R14: 00007f1b1d545fa0 R15: 00007ffd3c46e4d8 [ 99.008591][ T6483] [ 99.013666][ T25] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 99.031152][ T48] usb 3-1: string descriptor 0 read error: -71 [ 99.037778][ T48] hub 3-1:32.0: USB hub found [ 99.047685][ T48] hub 3-1:32.0: config failed, can't read hub descriptor (err -22) [ 99.064359][ T9] usb 5-1: Firmware version (0.0) predates our first public release. [ 99.072503][ T9] usb 5-1: Please update to version 0.2 or newer [ 99.079108][ T9] usb 5-1: atusb_probe: initialization failed, error = -19 [ 99.090390][ T5902] usb 4-1: new low-speed USB device number 10 using dummy_hcd [ 99.091148][ T48] usb 3-1: USB disconnect, device number 8 [ 99.105198][ T9] usb 5-1: USB disconnect, device number 11 [ 99.128995][ T5902] usb 4-1: device descriptor read/8, error -71 [ 99.190616][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 99.197031][ T25] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 99.206869][ T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 99.216730][ T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 99.226736][ T25] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 99.240840][ T25] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 99.250389][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.390057][ T5902] usb 4-1: new low-speed USB device number 11 using dummy_hcd [ 99.410615][ T5902] usb 4-1: device descriptor read/8, error -71 [ 99.464330][ T25] usb 2-1: GET_CAPABILITIES returned 0 [ 99.470024][ T25] usbtmc 2-1:16.0: can't read capabilities [ 99.490168][ T6541] vhci_hcd: connection reset by peer [ 99.492423][ T48] usb 1-1: USB disconnect, device number 9 [ 99.497711][ T6066] vhci_hcd: stop threads [ 99.507093][ T6066] vhci_hcd: release socket [ 99.512906][ T6066] vhci_hcd: disconnect device [ 99.524179][ T5902] usb usb4-port1: unable to enumerate USB device [ 100.325661][ T48] usb 2-1: USB disconnect, device number 5 [ 100.344734][ T29] audit: type=1400 audit(1733971542.603:535): avc: denied { connect } for pid=6555 comm="syz.2.186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 100.371040][ T29] audit: type=1400 audit(1733971542.603:536): avc: denied { listen } for pid=6555 comm="syz.2.186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 100.399814][ T29] audit: type=1400 audit(1733971542.603:537): avc: denied { ioctl } for pid=6555 comm="syz.2.186" path="socket:[11314]" dev="sockfs" ino=11314 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 100.468917][ T29] audit: type=1400 audit(1733971542.603:538): avc: denied { write } for pid=6555 comm="syz.2.186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 100.495077][ T29] audit: type=1400 audit(1733971542.753:539): avc: denied { getopt } for pid=6557 comm="syz.2.187" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 100.556056][ T29] audit: type=1400 audit(1733971542.813:540): avc: denied { getopt } for pid=6557 comm="syz.2.187" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 100.576915][ T29] audit: type=1400 audit(1733971542.823:541): avc: denied { write } for pid=6557 comm="syz.2.187" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 101.306426][ T6580] [ 101.308768][ T6580] ============================= [ 101.313583][ T6580] [ BUG: Invalid wait context ] [ 101.318395][ T6580] 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 Not tainted [ 101.325478][ T6580] ----------------------------- [ 101.330292][ T6580] iou-wrk-6579/6580 is trying to lock: [ 101.335719][ T6580] ffff8880305a2518 (&sighand->siglock){-.-.}-{3:3}, at: __lock_task_sighand+0xc2/0x340 [ 101.345336][ T6580] other info that might help us debug this: [ 101.351191][ T6580] context-{5:5} [ 101.354617][ T6580] 3 locks held by iou-wrk-6579/6580: [ 101.359866][ T6580] #0: ffff888079073180 (&wq->lock){+.+.}-{2:2}, at: io_worker_handle_work+0xafd/0x1680 [ 101.369579][ T6580] #1: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1c2/0x590 [ 101.378937][ T6580] #2: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: __lock_task_sighand+0x3f/0x340 [ 101.388644][ T6580] stack backtrace: [ 101.392331][ T6580] CPU: 0 UID: 0 PID: 6580 Comm: iou-wrk-6579 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 [ 101.403141][ T6580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 101.413174][ T6580] Call Trace: [ 101.416422][ T6580] [ 101.419324][ T6580] dump_stack_lvl+0x116/0x1f0 [ 101.423975][ T6580] __lock_acquire+0x878/0x3c40 [ 101.428711][ T6580] ? __pfx___lock_acquire+0x10/0x10 [ 101.433877][ T6580] ? __pfx___lock_acquire+0x10/0x10 [ 101.439043][ T6580] ? hlock_class+0x4e/0x130 [ 101.443607][ T6580] ? mark_lock+0xb5/0xc60 [ 101.447905][ T6580] lock_acquire.part.0+0x11b/0x380 [ 101.452987][ T6580] ? __lock_task_sighand+0xc2/0x340 [ 101.458157][ T6580] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 101.463759][ T6580] ? rcu_is_watching+0x12/0xc0 [ 101.468495][ T6580] ? trace_lock_acquire+0x14e/0x1f0 [ 101.473665][ T6580] ? trace_lock_acquire+0x14e/0x1f0 [ 101.478835][ T6580] ? __lock_task_sighand+0xc2/0x340 [ 101.484012][ T6580] ? lock_acquire+0x2f/0xb0 [ 101.488486][ T6580] ? __lock_task_sighand+0xc2/0x340 [ 101.493656][ T6580] _raw_spin_lock_irqsave+0x3a/0x60 [ 101.498824][ T6580] ? __lock_task_sighand+0xc2/0x340 [ 101.503998][ T6580] __lock_task_sighand+0xc2/0x340 [ 101.508991][ T6580] group_send_sig_info+0x290/0x300 [ 101.514074][ T6580] ? __pfx_group_send_sig_info+0x10/0x10 [ 101.519677][ T6580] ? __pfx___lock_acquire+0x10/0x10 [ 101.524931][ T6580] bpf_send_signal_common+0x3d3/0x530 [ 101.530274][ T6580] ? __pfx_bpf_send_signal_common+0x10/0x10 [ 101.536154][ T6580] ? trace_lock_acquire+0x14e/0x1f0 [ 101.541325][ T6580] ? __pfx___lock_acquire+0x10/0x10 [ 101.546507][ T6580] ? bpf_trace_run2+0x1c2/0x590 [ 101.551326][ T6580] bpf_send_signal+0x1d/0x30 [ 101.555895][ T6580] bpf_prog_631417f49dd64198+0x25/0x48 [ 101.561320][ T6580] bpf_trace_run2+0x231/0x590 [ 101.566026][ T6580] ? __pfx_bpf_trace_run2+0x10/0x10 [ 101.571216][ T6580] ? hlock_class+0x4e/0x130 [ 101.575699][ T6580] ? mark_lock+0xb5/0xc60 [ 101.580012][ T6580] __bpf_trace_contention_end+0xca/0x110 [ 101.585623][ T6580] ? __pfx___bpf_trace_contention_end+0x10/0x10 [ 101.591848][ T6580] ? hlock_class+0x4e/0x130 [ 101.596323][ T6580] ? __lock_acquire+0x15a9/0x3c40 [ 101.601317][ T6580] trace_contention_end.constprop.0+0xf0/0x170 [ 101.607454][ T6580] __pv_queued_spin_lock_slowpath+0x27e/0xc90 [ 101.613505][ T6580] ? __bfs+0x5a0/0x670 [ 101.617562][ T6580] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 101.624120][ T6580] ? lock_acquire.part.0+0x11b/0x380 [ 101.629373][ T6580] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 101.634976][ T6580] do_raw_spin_lock+0x210/0x2c0 [ 101.639808][ T6580] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 101.645150][ T6580] ? lock_acquire+0x2f/0xb0 [ 101.649630][ T6580] ? io_worker_handle_work+0xafd/0x1680 [ 101.655148][ T6580] io_worker_handle_work+0xafd/0x1680 [ 101.660500][ T6580] io_wq_worker+0x33f/0xdf0 [ 101.664993][ T6580] ? __pfx_io_wq_worker+0x10/0x10 [ 101.670000][ T6580] ? ret_from_fork+0x23/0x80 [ 101.674584][ T6580] ? __pfx_lock_release+0x10/0x10 [ 101.679575][ T6580] ? do_raw_spin_lock+0x12d/0x2c0 [ 101.684569][ T6580] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 101.689916][ T6580] ? __pfx_io_wq_worker+0x10/0x10 [ 101.694925][ T6580] ret_from_fork+0x45/0x80 [ 101.699319][ T6580] ? __pfx_io_wq_worker+0x10/0x10 [ 101.704322][ T6580] ret_from_fork_asm+0x1a/0x30 [ 101.709063][ T6580] [ 101.712104][ C0] vkms_vblank_simulate: vblank timer overrun [ 101.723755][ T5865] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 101.859979][ T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 101.899968][ T5865] usb 1-1: Using ep0 maxpacket: 32 [ 101.906372][ T5865] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 101.916803][ T5865] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 101.927760][ T5865] usb 1-1: New USB device found, idVendor=0a5c, idProduct=bd17, bcdDevice=62.ac [ 101.936890][ T5865] usb 1-1: New USB device strings: Mfr=255, Product=7, SerialNumber=3 [ 101.945668][ T5865] usb 1-1: Product: syz [ 101.949826][ T5865] usb 1-1: Manufacturer: syz [ 101.954438][ T5865] usb 1-1: SerialNumber: syz [ 101.959552][ T5865] usb 1-1: config 0 descriptor?? [ 102.020789][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 102.029194][ T9] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1023 [ 102.040687][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 102.049896][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.057966][ T9] usb 4-1: Product: syz [ 102.062137][ T9] usb 4-1: Manufacturer: syz [ 102.066719][ T9] usb 4-1: SerialNumber: syz [ 102.072348][ T6577] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 102.417928][ T6584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.430855][ T6584] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.629970][ T55] Bluetooth: hci5: command 0xfc11 tx timeout [ 102.629979][ T5822] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 103.626907][ T5865] usb 1-1: USB disconnect, device number 10 [ 103.660054][ T5866] vhci_hcd: vhci_device speed not set [ 104.266002][ T9] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 104.275887][ T9] usb 4-1: USB disconnect, device number 12