last executing test programs: 6m34.366700787s ago: executing program 3 (id=287): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080)) 6m34.137411011s ago: executing program 3 (id=288): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) r2 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_mreqsrc(r2, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x8) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@bridge_newvlan={0x24, 0x70, 0x239, 0x70bd2e, 0x25dfdbfb, {0x7, 0x0, 0x0, r1}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x1}}}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004840}, 0x0) 6m33.852914256s ago: executing program 3 (id=289): socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000001240)={'wlan1\x00'}) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22}, 0x21) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000500)=@gcm_256={{0x304}, "1f891d5b00", "11682d84dd05bb63ae661f051e1e79ceafeaa60a5bd1dc83db142ade2bd907fd", "dd6ed25e", "0000000400"}, 0x38) read$FUSE(r2, &(0x7f000000c400)={0x2020}, 0x2020) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$TUNGETVNETBE(0xffffffffffffffff, 0x800454df, 0x0) sendmsg$NFNL_MSG_CTHELPER_DEL(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="4400000002090103000000000000000001000006300002002c0001"], 0x44}, 0x1, 0x0, 0x0, 0x4008054}, 0x0) r6 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, 0x0, &(0x7f0000000200)) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x400, 0x9, 0x3}, 0x10) prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x10) mq_open(&(0x7f0000000040)='#\x00', 0x2, 0x20, &(0x7f0000000100)={0x3, 0x1, 0x8001, 0x6}) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') preadv(r7, &(0x7f0000000140)=[{&(0x7f0000000180)=""/112, 0x70}, {&(0x7f0000000300)=""/99, 0x63}, {&(0x7f0000001280)=""/4096, 0x1000}, {&(0x7f0000000540)=""/130, 0x82}], 0x4, 0x0, 0x0) 6m33.286377924s ago: executing program 3 (id=292): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080)) (fail_nth: 2) 6m30.822431288s ago: executing program 3 (id=298): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = add_key$keyring(&(0x7f00000004c0), &(0x7f0000000500)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9) add_key(0x0, &(0x7f0000000300)={'syz', 0x1}, &(0x7f00000003c0), 0x0, r1) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0) accept$inet(r3, &(0x7f0000000100)={0x2, 0x0, @private}, &(0x7f0000000200)=0x10) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000000c0)={'veth0_to_batadv\x00', &(0x7f0000000440)=@ethtool_per_queue_op={0x4b, 0xf, [0xa7, 0x90000000, 0x7, 0xfff, 0xb, 0x0, 0x14, 0x80000000, 0x9, 0x100, 0x6ba, 0x5, 0x14, 0x800, 0x7, 0xffffff5d, 0x16a, 0x6f, 0x6, 0x6, 0xfffff801, 0x7, 0x1, 0x7, 0xffffffff, 0x9, 0x6, 0x194, 0x1000, 0x9, 0x0, 0x7f, 0x4, 0x1, 0xffff, 0x3e, 0x7, 0x101, 0x10000, 0x4eb16aee, 0x3, 0x526, 0x5, 0x4, 0x0, 0xfffffffb, 0x9, 0x1, 0x160, 0x6, 0x19ce, 0x9, 0x2d, 0x8, 0x0, 0x0, 0x8, 0x0, 0x2, 0x3, 0x557, 0x91, 0x3, 0xfffffffe, 0x7f, 0x7fffffff, 0xfffffffc, 0x3, 0x7, 0x7, 0x1000, 0x7ff, 0xff, 0xfff, 0x2, 0x7c, 0x7fff, 0x4, 0x1, 0x2, 0x4, 0x6, 0x9, 0x8, 0x8ebf, 0x979, 0x5, 0x7, 0x4, 0xff, 0x9, 0x8, 0x800, 0x3, 0x26f81526, 0x39, 0x7f, 0x4, 0x6, 0x8, 0x5, 0x18000, 0xa, 0x5, 0x6, 0x7, 0x101, 0x4, 0x5, 0xba1d, 0x6, 0x1, 0x7fff, 0x81, 0x3, 0x4, 0x0, 0xfff, 0x3, 0x3, 0x9, 0x3, 0xff, 0x0, 0x691, 0xe8de, 0x101, 0xd145]}}) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x13, r2, 0x59967000) chdir(&(0x7f0000000080)='./file1\x00') r6 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000280)={r1, 0x1000, 0x3b}, &(0x7f0000001700)=ANY=[@ANYBLOB="656e633d72617720686173683d7374726565626f673531322d67656e657269630000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f9b0346442045d98bcd10"], &(0x7f0000000700)="958e55ce8a33d367df9217360eaeb5a303d5eca1497ad925e6c8a99645a00ea79c7be40c9ed5007beaf039b64b2c75697a38d5ff7c2a97af9e20b6947af37608298def5e845cc63c2ef688891c88173eb34a2db3dcd966f964383f673f123030e54a5e6353d90bdf19b59b2aa3cef04258f0a4897c68c964131b01daf8f06bc8befe18b6fb1af1e80444ef84eac37c3bad2faa493bf61ba823516c3d80356c9986ba29198c50d0940a95013af87f03075d30f4247a4a61ae9cd5011622add48f1f17a752ebe2e1ede0080e6c0c905c7b75a4f9a2fbb54612f6f4bb37029bda2cb4058bd51d8da50b06a3cc434beb8b6cf1a82657ca2629e0f2e332a9e158d1213f16880bd9acfbae000534c0be9eb34454a68658f73a70d909715d6e612b052de6778300a1836b7fa187039c53f875e7e71f2ffee2ef140807dce4a00572b0f4f5612e76e0a444c7f03a0990347b2c088e4d59d1202eb27d2c8d312bfb6f406e5f916b90db16ba9ea803bb2ec86413625eff44debe0328e9ef3305ea5f11ea346cd4ba79e27c2d12900989421dba3a53654dc59fd0b42c3edab262c6d5dd6a69053e8826162701debfce96b1d7d7c5f60801239cbb4dffcc81be19258998efd7b33a3e4fbf6123eb97ab4ac2e8c7a6614fb4e2cdae313c81fa499eccd6dc30eccd6abc51a44dfbb050f072d5dff3ec3909bcc73c60a32cd1865dd3e9dd902559c8bb989d52a4d6c1f309bd4c77e815b16a91ce1c80b50a361a2694a34f5a9de5bdf411ddb604d30c9c945c50bc10a6ae2b67bfa371cf4781be420432675f4449e6719295afe96e4293faa809c80ab45bce1bb320ecb5db16e204a4d8854045c296e41be404f495910f43c340dab01244434b32b50bb53ba067519900cfd60cb0de420ce2b3be7e12da29ea5117d47a646c41d337a3792bcc32479d033693c363e054ac4afc97f15a35623c7e4eed1b1eb433f165ff7c216517fe36d5c30708ab4166647776c62c19811de8bdf37adb48c858c4bbb889c53606998642b2548f6460676bdee7a01a41c6eace88905317de1c77b4f848bff61f01bc2df30b4b8d72f433d5548c303837668897cb69e198838abde012e7b3537396f420dffa4b7834c912e3baff61a2eb3e2992a034acd51389b6960c92fc17ca0058cc5fec973c5ab3b63ddd3117da4e248b85501df3cc35f20cc85dbbd9ca6125c5a38a62992bf47157278dcce763db1b17c4637739859a691d3d131e74cd9f026db1256bdfdef8bbc74bd4387634dd286aeeedf944bdf4cf0d41eed1c8c786efbfc9efc3c7c86fc59bb8b4dbe8411c063cd7d17f639b52b13a26cc79ae141de8668e37ee8f5b7baf20c3cd7bba1ac968d22dfe3ad76966aa8545237a9eaf1c4c860847cfdeae471d82d1a637e59b553f8fdca4fdeca8f4b225063c9313def4f329b1a466fbbd1d1ca49eca20499eb5ee976d04cbd142957317d091a18cfcb9f580ad206459b84bbdc90da0730a9fea1fe1b609a6a0adc7e9abdf92eb3ce39d35dcf6697c6498a27d46083a598eac67ba732dab53d9d046177bf29d815de861abf87462e0434c94f18aaa1b01929abd6ae2121a72784b95854074a742d61e7e01afba14bd141e438e7afbf317f2816a345fbd6e35118d09607b6bbda37ff8f21f2c9d554c3d8ea46562a3f0d7400b5b8097c892f97823978b79bba569b6fe2420aa155d11c5263236cc1e2ac00f3f2461aca768e800d39fc6e2d5ce82b75a821b02d3fcd4468748a9b668f8e2f9b0894636d71f1c4a421b88f0b9752063b2cd9cdd931337c15089495e7002d3846e14572fa80091821a71500e099e4641aeb5b4246d310cd47c83fbd88f4657cea57ed7dd3ea19a3fa181a48284c5293941a584a624695d35050d2f5589c632057daa88036587bd9442b51a323e50fa4fadae24e86739f7e04bc579eccf7fcdb9954ee942c4de4378c6d652d19d91ce540631b28bc20d66ebad14a769fa7309e4c25ca8934feec09227a8fa24878df02fbc82c200bfaa05726c41c09d589cd47ecd1d7da47dbb48187380b12ebf5fcaa1a1312123212b2c256c95eeb206878ccd91193be50e8c96965f8f4f74df3d9f8eae429113d11248c6f98f6611b60e45b69482ed09efcc40923b5755eaa53ac1aa7f9f4810269be7e4b908b641a5955d617fb80a74ae1276d31301c36f2be9b0e8a2567ae667968fecfdc99214db8558610a1788e223a808753a270940fb09e407eaf104df250d7f4987be037528bcabc48e8135604a2256062ab83336911dda11fa71d339a8cc827ab15f5ab8fc5e9a98059b4692ed330a3975bfdd497d710cca728ace97632837fcc4849f5f71119c6e3f2612699468ae13b296c087fbe6b0ed81f7399efccc535935a5ee025fe11c9d9777f6f0ab1283d6b883bcb33ad9fabcdf7915f2075dfe95ad640b5b49c0f2645f0c14343e93a377bbf1d5625a485eaa4b93c8f6f9cba1b5d9ee0a4a67f72f21f8e2a14f820724d6d05a0ad2ce5a8d3ea9b3af8a5f3c0acf37a0b9f9db7d7acd05003711a21f130a7c458171e60e4b5b85a0631fd1c0d89c064acee29aecf8f00c0402214e4f97638bc3ac67e35e3cb2e3261a5bdef8ef90bee4de7139de0295903127dcff4157c26410afbdea48205d922b5ec97382e3a68f7317a33965a1492551a17b39394f9cec026d645643a0484ebac0b3c3f90786bc71976c8fd540b1494a680d38fe68d97d680724249a4ade13c3cc37d2f29eb421e2ec494e2eeb2d9709fb9f25b961960e4fd72d535a30ca4bbc5f5e29a2f2cf9b32708c3308938f0bc9bcd9d04bd6c56b0035a9ed1715f9951297d642a47e508b635ad0d6632d2007f32618e4b95ec85dd41391d85727eba3bbe360f98879901791f7636ea3d85b5b27582c45a7557d4fe8ce7858a51f1cfe2724583cce447f9f6af887f973dbdd74c18571ab6857372c56bead1f397ba7329d18d434971691f2f2d562752815d035d02f09281f8a2ae713cf84abfb888235d9414d77e62611ca1a51545348aaa0159ca00ddcea55f7a853e3438cea4d44a0a0370811c9264c667e1648e9afa4ab60d69de35ccc6f42aec6b2937574dc2aa24d298d1ab847ef9781de2fe0cf5fd9604924165928f8c96d54187e67293fe59f6a43a36ca73413f56908d48cedf23666914e4c9133dc678f797ceefd3fd3061ad9601f0207489b4a0b5fa7ba8986551fa87b2b3ff0b831e74bea56b68650af18419223e43813936e4bd67372f5f5be639aab8e727d5e3214d344323d695fb8d471195f8a443c03e15b4417394b0a7e29125c62ecdf45ff7075cd52d0581e27703db77f3d4d1d312637a025a54e5a748ad3ed9adb586de6ebfdc4a4bd0366bf84e45b8e4632efc1caa10daa0126c88e826cebe36d8af0a2574c8c37639ea3304079bc72ceb4875c4176357d2f85da5a48a2c28658a92cb21012e6f9a7266188d17a327cdb4b5c2d268d37eb7178096d5cca2929ce727aacff473fc978012df105bf1298983ccf873d84f751e30872653740e67cdcbb44201562cd5e172c3641f12745114698ba99d927e50bc43df01c5082e7991e6ae0c6045130844104689918ebdf4e1edea5d913d3953884a1b4e8b813e1b7dc46ce22e245792acda3c0407ac2f8d531644dfa64845f783bd0f86a81914aeaab6109a8031704312f4e449f90c1e99e066b2fd163cb45a3b6fd79251b96559c399b157a0539c8797dcc3afe2f6d34e72255e88577e3603347955fc2e6dc10a0369caf3faa991a65502043c6b5a6c527b2b209900c4fd486aa3e7c18f1c6ea67da26ecb3b2ff2354b6ab2c0df86077f61e6e3a1fa4e6745c22bdf7965901845a9c66754441f511e3e7fafa3e479d18a00ff48444c6509c921123a1428da5ccee82ee3377da20c7843b314d12056f49f8450208aa9e2babb60ebcd796178e0aa1deb5da695f8bba5b7fa068936a7a0f0251655a7848e2811154a1dec8e23d02387716a7122d2c51fc61c4875353fcb64d5f1159c48bea190517c0da26d2c80f89090eccdd73e0725db70ed61244e1b04df2f3fc53b463bfbfbbb5a363480ced288ebe9d161d4d21fc2907ad9167adba3ad44c2e84c6dcad3b6f728a9d98dbfca6658187fc59bc159e9ca74e3433ff3c9be4739f919aeeb053b15b9f6cd91109b107f8b27a05d9a2a4dec966ec55a94628b4f85712ea5225c9a3111fb7e0e5fa524e8c54251c698b325f897c7b7bb590cb8d8b2840e54ea01209af887daa3281862b0097db915388ff31b553e2bb49189ba2094a75ee109df70a168b95b5c7f6a1a172b519bc852553dd6f45a911490ae6ed3ae200f696772cd3890ec45d93a3dd74cb1159c087acf9128192e387f5d59a75469ee497257e3505d429be9439789309a3316f26584931324e01cc4d17da5521c4a7a50458ec369ba82b26942c7aceb7d2b900a5e4e701c4234fbc4f275a0b063497b1eab385a59edef066a548659780a36e11c940067adf2fb3056090b12e0bb27bec81b934506e9512cfc57eeae7fcee1ca3a99f20e0a2f5fa302dc2b00f1d37ca15464b7d59a257ef8183ab457fc3ca735d4cb3cca395de0f4f2415cc1da83711cc097d9dd3c7bf4b62578c56c7673dcad2d9ffb4f1334c763e236f5a33383590a32b65d9333eadcd45a9a6b1f3c18ebdfc75126454a2362383f62cbe140fdc915aff31e14710d4069faa96a4a74d637f24f6077a5e26cec756627634b2d2f910d8aa5d1abd1cb4c4208854e35789a8be79055faab96652e62f2edd32be96114dd09bd20f57ed09e5185b58b9b80bfc2d0731bfb36cd7043c95a1a42ecc34124b01e326f63ba2a2eb32fa515fd121ae46c5dd3bb0e769253243625b96c4a8da67fafce3451d3ab95685ce6f19ba3cd890efccf316ec5f45a857b176cbdcdbf942d006685fdb954658423c1bea3eceba4ee7626747a7614fe9562f3de619cbf24e3939f9ef3c16207ca82a21bc319e2f346b881e1b3a7a16f37f6293273b3a07ce65c18a53654cd2b950502c21622cebaf967dcd09b8fca49a23eeefce66eb19a1a84f9adb0865c2ed0469f07f0da06401adc48b6341d18d4f81543b61313276a36472961a830eaf4b7289e4fc60b269d4a12c335c4b737097806aa0ef8661d31ead89a256b4cff2e89cf7247fd4304b2a0a55c025ecc733b3f662663fa6f3eefc249ea8ec87f5e6c99a294482a397466b0c898f2008bd34857327cfebd418c093ddeb5b70b5bb93e4c67ddbef9f68d9498e524614786b3b86a39ca8c53b7ee47e9447b92ab2958b6b3d832c4483af94f9e7b5ee6923ffe503a76a9626f173666b389ae80de58551b58e9f94d467bd3a04187a3f73ce6bc925dc38db4fc8e41a1bb524bd6f89d08de5b9fd4c7b232956aa7804e26bf55a4702e712003c3e9af601f5e1fa27ac10eb261ecf336e92315e77ed5c1c3e71e775111219350e2744b2310a2a615e2b001defa70daa02c86efc487d6426874dd085ee6ee1e3173495430d000606669bf940b640261c94b1151fcf93bfeef6f9ebf376dec9b5388fb0c2a52a3c370836c1ced25d8c070d8d097212f32c18071355bd3c2b105ef7559ca71f1669a34d3cbd81540ec70a27747dd739983c9515d708a1c212a4af9a85b1b6aae460629e02825154e1fc5661d037abebaf54fb2602b6d1200de1b1f87995fa96dd0eac290bc5eb17fdf9c96847a0b92c49744acf770bb79418ea36597d41243401fcbf5dae88c14ff44c52968ca07409e8a93baacfce78e5962fc928561d6c27b1e164", &(0x7f0000000340)="b38a3f02fd3f0af9e8dd645d29a288fcf942555bb54d3a848098b0e74b585491631d3b34d567ad57781dba29469cd941f49c523b35e53ccf3d610a") mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r6, 0x40049366, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) fsmount(r6, 0x1, 0xf4) syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') ioctl$TCXONC(r0, 0x540a, 0x1) 6m27.862154928s ago: executing program 3 (id=303): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x48000) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) bind$inet6(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000040)) add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0xfd, 0x2, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x800000000000004}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x34, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x10, 0x6071, 0x0, 0xe7, {[@generic={0x8, 0xa, "09df168a00030000"}]}}}}}}}, 0x0) 6m12.77660513s ago: executing program 32 (id=303): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x48000) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) bind$inet6(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000040)) add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffffd) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0xfd, 0x2, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, 0x0, 0x0, 0x0, 0x0, 0x800000000000004}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x4, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x34, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x10, 0x6071, 0x0, 0xe7, {[@generic={0x8, 0xa, "09df168a00030000"}]}}}}}}}, 0x0) 13.623426534s ago: executing program 0 (id=1315): openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) migrate_pages(0x0, 0x4, &(0x7f00000002c0)=0x7f, &(0x7f0000000300)=0xa) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) syz_clone(0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb) r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) pread64(r4, 0x0, 0x0, 0xa) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000280)=0x2) r5 = memfd_secret(0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) futimesat(r5, 0x0, 0x0) connect$ax25(r3, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x700) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(0xffffffffffffffff, 0xc1205531, &(0x7f0000000540)={0x1, 0x400006, 0x0, 0x9, '\x00', '\x00', '\x00', 0x0, 0x81, 0x3, 0xba, "b6855a32474f04ed0000ddcffbffffff"}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) 10.656400411s ago: executing program 0 (id=1319): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000a80)={'tunl0\x00', &(0x7f0000000a00)={'syztnl1\x00', 0x0, 0x8, 0x8000, 0x3, 0x1, {{0x15, 0x4, 0x2, 0x8, 0x54, 0x65, 0x0, 0x1a, 0x4, 0x0, @local, @rand_addr=0x64010102, {[@timestamp_addr={0x44, 0x14, 0x85, 0x1, 0x3, [{@rand_addr=0x64010101, 0xfffff28f}, {@rand_addr=0x64010100, 0xfffffff9}]}, @ssrr={0x89, 0x17, 0x29, [@empty, @rand_addr=0x64010102, @local, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @cipso={0x86, 0x8, 0xffffffffffffffff, [{0x2, 0x2}]}, @lsrr={0x83, 0xb, 0x75, [@loopback, @broadcast]}]}}}}}) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000ac0), 0x4) io_submit(0x0, 0x1, &(0x7f0000000580)=[&(0x7f00000000c0)={0x5000000, 0x0, 0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000080)='=', 0x11}]) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000f00)={0x2c, &(0x7f0000000b80)={0x40, 0xa, 0xc6, {0xc6, 0x5, "b268fa5cbe43163fbb47a7054b4a364e074648af97aa86c3667d1514da28b12a6d36365e70d1d1f33f070f92ed862ed408e74688577d009a1e3893ba5483fff85cfb0709a55db782e7772e262edeba416b75ef852127c23c0813bca75dfe8d8fc590b28bf06bc6709eb0b9ad6ec8483f31c032c7e53c3405c7a92befac8df3d686795b10b817467cc499af30813551f3ce051034f8b7fdf0306f8a68b8640bd7d4dd37a2125c009a7c1b61290ce0c7b73082748168598f7a1b392e9c861e3c3217506f87"}}, &(0x7f0000000c80)={0x0, 0x3, 0x83, @string={0x83, 0x3, "902d599f1298526863e26c72268c779d635c6b6eeb6ea8198e80efe044d51b5443a982f3e8475ccb1d5f4f5c14e271c53e0c45e1935c91504d61f39be0fa84f96f67a22c76a680ee826b6107eb09b3224fdbd6a635f41dcf296262db5d2d4d3087354675bd2401e62916452aeada322db21731991faf6b4afd8a7aaad965593f82"}}, &(0x7f0000000d40)={0x0, 0xf, 0x110, {0x5, 0xf, 0x110, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x2, "66a5f34e1f5249e6c15565bbbbac1b16"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x1, 0xe, 0x4, 0x200, 0x5a}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x0, 0x5}, @generic={0xd1, 0x10, 0x1, "a7546ab8506bcb3eb7410bf7ded750d2ad52dfa2ecfbcfb68e25a105acefeb5f078d1a0b8fe60c2ff8286113906a4eba42dca0a62986bceaa944eaef98c64176f0d32445f41b4d6e77d3c3db976b5dd11d9b2f0e1036cb34ded738ef3e479bc9e7ac234bddd6cc645c27512467c543b47d1768c94ae1fcc82fe2d224bf29e96784e081eff3201a8ad5b991179bbe9b962e1ae80205ec6e700bbf3da5a0b4de00fba492537c844f48f1a974d072e88d6ffcf63a230d36c62a6e7fb86d67b09ae87de4ae95c6579431f7a36c01045c"}, @ssp_cap={0x14, 0x10, 0xa, 0x80, 0x2, 0x4, 0x1ef0f, 0x3, [0xc000, 0xff1fbf]}]}}, &(0x7f0000000e80)={0x20, 0x29, 0xf, {0xf, 0x29, 0x4, 0x9a, 0x2, 0x0, "0d55c437", "23ceaedb"}}, &(0x7f0000000ec0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xff, 0x4, 0x8, 0x7, 0xa, 0xccdf, 0x8}}}, &(0x7f0000001380)={0x84, &(0x7f0000000f40)={0x0, 0x11, 0x53, "5c7a795ceaa08e3ea193efa2ad102f74f9f7a4800e61814b35072b9b10f4fc7ee54c5e8e05f97ed31f988a9ee06b496e2cab88df56b7688b5a04f010f2e26c69d15fc266e2a483f9c23265846d6981efa98baf"}, &(0x7f0000000fc0)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000001000)={0x0, 0x8, 0x1, 0x9b}, &(0x7f0000001040)={0x20, 0x0, 0x4, {0x6, 0x1}}, &(0x7f0000001080)={0x20, 0x0, 0x8, {0xe0, 0x10, [0xf0f]}}, &(0x7f00000010c0)={0x40, 0x7, 0x2, 0x94}, &(0x7f0000001100)={0x40, 0x9, 0x1, 0x1}, &(0x7f0000001140)={0x40, 0xb, 0x2, "30ae"}, &(0x7f0000001440)={0x40, 0xf, 0x2, 0xfff2}, &(0x7f00000011c0)={0x40, 0x13, 0x6, @local}, &(0x7f0000001200)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000001240)={0x40, 0x19, 0x2, "a80f"}, &(0x7f0000001280)={0x40, 0x1a, 0x2, 0xcd16}, &(0x7f00000012c0)={0x40, 0x1c, 0x1, 0x7}, &(0x7f0000001300)={0x40, 0x1e, 0x1, 0x8}, &(0x7f0000001340)={0x40, 0x21, 0x1, 0x6}}) 10.628970124s ago: executing program 5 (id=1320): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = memfd_create(&(0x7f0000000640)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\xfd\x89\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2f7bf0c893f5c85ee2347bf4f0a23fcefb298e8a501afad6369fb13f0a", @ANYRES16=r2, @ANYBLOB="010000000000000000003f00000008000300", @ANYRES32=r1, @ANYBLOB="14005e8008000100000000000800020000000000"], 0x30}}, 0x0) pipe2(&(0x7f0000000040), 0x0) epoll_create(0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) ioctl$PIO_UNIMAPCLR(0xffffffffffffffff, 0x4b68, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xffa1, &(0x7f0000000500)={&(0x7f00000000c0)=ANY=[], 0x40}}, 0x0) r4 = socket$inet(0x2, 0x2, 0x1) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000000540)=[{{0x0, 0x2, &(0x7f0000000000)=[{&(0x7f00000000c0)="08001497733f5d3e", 0x6c6d}], 0x5}}, {{0x0, 0x0, &(0x7f0000000440), 0x56}}], 0x2, 0x2004000) 8.666820061s ago: executing program 5 (id=1324): openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) epoll_create1(0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 8.377032927s ago: executing program 4 (id=1325): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0) pipe(0x0) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) sched_setscheduler(0x0, 0x2, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x400740) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x3, 0x7}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) r6 = memfd_create(&(0x7f0000000640)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\xfd\x89\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000000a40)=[{{&(0x7f0000000400)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000300)=[{&(0x7f00000000c0)}, {&(0x7f0000000480)="83ffc6dcfd257cfa96ea604c0c5ef6da658780d984b129ff2385e0fcb69c2a12f8dc11111c47fab68c6351a6cf0efa15fe9f0913a062972b8f673c100c7cd076e902466d9e1200"/80, 0x50}, {&(0x7f0000000500)="29b945e384262e7231b0916998557fdceee2e7735d71524d3a6d962230d41d4cf73e88251eaef1188ad995bc325b5004a77e8f6b6b1cdc87574082d76493ba5540e3a06600b5641d9f85056d83e369c4cffbed6127626b188bc2e8e85063edc8f7a155eb43939bd38b7da89aecf9b03a7db13172b67e3ee742", 0x79}, {&(0x7f00000001c0)="9dee94ec9c1037da1557bf8da5669b983cc677f9", 0x14}], 0x4, &(0x7f0000000380)=[@rights={{0x18, 0x1, 0x1, [r4, r5]}}], 0x18, 0x24040890}}], 0x1, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, 0x0) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r8, &(0x7f0000000340)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg(r8, &(0x7f00000082c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="250300bf", 0x4}], 0x1}}], 0x40000000000028a, 0x20044850) recvmmsg(r8, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000004a00)=[{&(0x7f0000001a00)=""/4099, 0x1003}], 0x1}}], 0x1003, 0x10122, 0x0) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000040)={0xc}) 7.345691957s ago: executing program 2 (id=1329): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="01000000030000000200000004"], 0x48) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) close(0x3) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x6, 0x4, 0x8, 0x4}, 0x50) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000008900000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000007500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000100), 0x1001) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000ac0)='mm_page_free_batched\x00', r2}, 0x10) (async) r4 = syz_genetlink_get_family_id$team(&(0x7f0000000040), r3) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x60, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xc}, {0xffff, 0xffff}, {0xd, 0xc}}, [@qdisc_kind_options=@q_bfifo={{0xa}, {0x8, 0x2, 0x5}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x5, 0x12, 0x400, 0x0, 0x200, 0x5, 0x2}}, {0xffffffffffffff39, 0x2, [0x2, 0xa59]}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x44004}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000300)={'team0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000380)={'team0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f00000003c0)={'team0\x00', 0x0}) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000480)={'syztnl1\x00', &(0x7f0000000400)={'ip6gre0\x00', 0x0, 0x29, 0x7, 0x6, 0x7, 0x0, @private2, @private0={0xfc, 0x0, '\x00', 0x1}, 0xe316d4226aaa429a, 0x20, 0xa9, 0x4}}) (async) r13 = socket(0x2a, 0x2, 0x0) getsockname$packet(r13, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r14, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r14, {0x9, 0x3}, {}, {0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FLAGS={0x8}]}}]}, 0x40}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000540)={'syztnl0\x00', &(0x7f00000004c0)={'syztnl2\x00', 0x0, 0x29, 0x32, 0x2, 0xd, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, @local, 0x7, 0x80, 0x75a5, 0x2}}) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f00000005c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc18f33b6c5704944}, 0xc, &(0x7f0000000580)={&(0x7f0000000b40)={0x4a8, r4, 0x800, 0x70bd2c, 0x25dfdbfc, {}, [{{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x1, 0x9, 0x8, 0x6}]}}}]}}, {{0x8, 0x1, r7}, {0xfc, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0xf, 0x1, 0x1, 0xffffffff}, {0xd, 0xbc, 0x9, 0x130f4b55}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x91127b7}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8, 0x1, r9}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7f}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffffffb}}}]}}, {{0x8, 0x1, r10}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x486}}}]}}, {{0x8, 0x1, r11}, {0x210, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffc}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r12}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0x6, 0x3, 0xfa, 0x8}, {0x1, 0x2, 0x87, 0x1}, {0x5, 0x4, 0x9, 0x3}, {0x240, 0xf, 0x0, 0x8}, {0x200, 0x5, 0x0, 0x2}]}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r15}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x2b6}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}]}, 0x4a8}, 0x1, 0x0, 0x0, 0x84}, 0x91) r16 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$inet_pktinfo(r16, 0x0, 0x50, 0x0, &(0x7f0000000040)) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) 6.702491211s ago: executing program 2 (id=1330): r0 = openat$random(0xffffffffffffff9c, &(0x7f000000fe80), 0x40800, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f000000fec0)=ANY=[@ANYBLOB]) 6.6759899s ago: executing program 1 (id=1331): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e08003950"], 0x15) r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) capset(&(0x7f0000000f40)={0x19980330}, 0x0) write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x44f0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0xfffff6cb, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000019200)={'wlan1\x00'}) sendmsg$NL80211_CMD_DEL_TX_TS(r1, &(0x7f00000191c0)={&(0x7f0000019180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000192c0)={&(0x7f0000019340)=ANY=[@ANYRESOCT=r4, @ANYBLOB="248c933202d1e9b627a8ed67306d5d19393ba20477074830ff19288da101a6c9e8bd0f1880c3defb8ddb4818ceab24dd81da04872139c1af99b87444ea524864ea0adf7bab12810807d46ee117c7a0be2d901cc6898e01effbaf608a27f42a29259f070edc7ac733560b01d28b41d968cc7c3bf7745e9753c0d93db195389c959bff601733238aee5e94c97886a6a9b7d82b40480fdc4a52b8fd4730caf9724cfcd278beedc841462fc39932145ec6303f2b59b61986e0c1ed95cd78229bd5e350b70dc6454ddfd469037a02dcecedf6322922a9571e338c320fa94c425d14b6b8215f960ed1875d7f8f7bb2", @ANYBLOB="000428bd7000fcdbdf256a000000080003008d2a8763c92f018e52ed9df96ed4a0e6147fc0f82f4d23fb2af62298451e120f8f0b32496e27ae75d7de6153dd75e079d040027bd1af3a35b1472922c70d5508640da63e5caf401b1ac43b31e212e5d27cbae4c6652d0c3baa6ab24eb3dbc88e52c86dbb3a0f70ee94dd1377269b4847eba70a8dac4a99c50d8a92afbd66dfd86a16d0431e5f281a9931d98196a7595f1e8b76fd453ba20e13facb19df62f15d5106aee367b597996166d4353b", @ANYRES64, @ANYRESHEX=r1], 0x44}, 0x1, 0x0, 0x0, 0x20000050}, 0x6793574145ae1086) bind$inet6(r5, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) socket$pppl2tp(0x18, 0x1, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0xcb) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000180)={0x18}, 0x18) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000019080)=ANY=[@ANYBLOB='trans=Qd,rfdno=', @ANYRES8=r6, @ANYBLOB="2c7766646e663d592391e355d91331c7cce82571712eadf6b9de413ba56c6a6a26c1283bb2177af0b957a945c9b459b171754b06510bddbf4b7f2baeb5ce9f95e1f8f4f65d3b2777c6147820a1339f3374bf929aadfb7c5d85ea3b2b7d748d84ae055ce40b13907703a930580ba7c44837c6", @ANYRESHEX, @ANYBLOB="2c64f26275673d3078300400000030303030303030342c6163636573733d000000", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00') read$FUSE(r7, &(0x7f0000000980)={0x2020}, 0x2020) 6.583575291s ago: executing program 2 (id=1332): setuid(0xee00) r0 = semget$private(0x0, 0x4000000009, 0x88) semop(r0, &(0x7f0000000040)=[{0x2, 0xfffe, 0x1000}], 0x1) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 0x0, 0xdc, 0x100d}, 0x6, 0x94c, 0x0, 0x0, 0x0, 0x0, 0xf932}) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010029bd7000fcdbdf253400000008000300", @ANYRES32=r4, @ANYBLOB="cfa45051e83c1733dca41dbeae41cef580c13ac40d6a8bae5b7eb804bdf465d9842b2a5ff8b0d94123390fce5c12e355ef3ea459287b60132adf2f3d427411a8e85d39d5fdee706a98e300207038f20f2526b17dafc2e2b087d11439b1d04e2afc974da42a0582b462999a0e551283a0249be71ccbc7b64db9900ab949e5759d246ffd0453eef0ec95a85d84d581b7a5e755f566a8a4716bf8024772d59eaeeaa42f9547da292533ffd5ef73fd4718caa09dff1d841fca0000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4004001}, 0x20004800) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) semget(0x3, 0x0, 0x4c0) r6 = dup3(r5, r1, 0x0) r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r7, 0xc004500a, &(0x7f00000001c0)=0x10001) read$dsp(r7, &(0x7f00000000c0)=""/108, 0x6c) ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f00000002c0)=0x1) read$dsp(r7, &(0x7f0000000200)=""/168, 0xa8) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x7) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000003c0)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000004c0)={0x1d8, 0x0, &(0x7f0000000cc0)=[@increfs, @release={0x40046306, 0x2}, @increfs={0x40046304, 0x3}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000440)={@fda={0x66646185, 0x6, 0x2, 0x5}, @ptr={0x70742a85, 0x0, &(0x7f0000000700)=""/150, 0x96, 0x1, 0x12}, @fda={0x66646185, 0x8000, 0x0, 0x31}}, &(0x7f0000000500)={0x0, 0x20, 0x48}}, 0x40}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x50, 0x18, &(0x7f00000007c0)={@fda={0x66646185, 0x9, 0x1, 0x2d}, @flat=@weak_binder={0x77622a85, 0x100, 0x1}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}}, &(0x7f0000000540)={0x0, 0x20, 0x38}}, 0x1440}, @increfs={0x40046304, 0x3}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000840)={@fda={0x66646185, 0x6, 0x0, 0x19}, @flat=@handle={0x73682a85, 0x1}, @fd={0x66642a85, 0x0, r5}}, &(0x7f00000008c0)={0x0, 0x20, 0x38}}}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000940)={@fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0x1, &(0x7f0000000900)=""/46, 0x2e, 0x1, 0x1d}, @fd={0x66642a85, 0x0, r5}}, &(0x7f00000009c0)={0x0, 0x18, 0x40}}, 0x40}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000a80)={@ptr={0x70742a85, 0x0, &(0x7f0000000a40)=""/40, 0x28, 0x1, 0x38}, @fda={0x66646185, 0x6, 0x0, 0x29}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000b00)={0x0, 0x28, 0x48}}, 0x400}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000c00)={@flat=@weak_binder={0x77622a85, 0x1000, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000b40)=""/144, 0x90, 0x2, 0x33}, @fda={0x66646185, 0x0, 0x0, 0x3}}, &(0x7f0000000c80)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000240), 0x204280, 0x0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_THREAD_EXIT(r6, 0x40046208, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000200630140000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) 6.344247983s ago: executing program 0 (id=1333): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0xa0}, 0x1, 0x7}, 0x0) 6.239474251s ago: executing program 0 (id=1334): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2f7bf0c893f5c85ee2347bf4f0a23fcefb298e8a501afad6369fb13f0a", @ANYRES16=r2, @ANYBLOB="010000000000000000003f00000008000300", @ANYRES32=r1, @ANYBLOB="14005e8008000100000000000800020000000000"], 0x30}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) epoll_create(0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r6, 0x0, 0xc800) sendmsg$SMC_PNETID_DEL(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000922a4804743dad817bf3a9bbbffb50ede5adf9e9528d6e27216d75f605bdf179085d78ce10cdd10fc175b5456dfc0952aee5222767396c7fd8f7bba579b10a69dd803957ab77f6c1e95e7969bddbd3d7bf82cf78848a6ebb74f4f80ebddd87", @ANYRES16=r5, @ANYBLOB="270e000000000000000004070200"], 0x14}, 0x1, 0x40030000000000}, 0x0) socket$isdn(0x22, 0x2, 0x25) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000540)=[{{0x0, 0x2, &(0x7f0000000000)=[{&(0x7f00000000c0)="08001497733f5d3e", 0x6c6d}], 0x5}}, {{0x0, 0x0, &(0x7f0000000440), 0x56}}], 0x2, 0x2004000) close_range(r3, 0xffffffffffffffff, 0x0) 5.62803161s ago: executing program 2 (id=1335): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0) syz_emit_ethernet(0x56, &(0x7f0000000280)={@broadcast, @dev, @void, {@canfd={0xd, {{0x1, 0x1, 0x0, 0x1}, 0x16, 0x0, 0x0, 0x0, "f8b50d307d74af37e4da9707f653e812f340ace5733a33dc5af03aa1939e28153eb8282b1da382161fd80f7757e423f45751fd1dd4586f5d99cbaaf8b332233f"}}}}, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x0) poll(&(0x7f00000001c0)=[{r2}, {r2, 0x340}, {r2, 0x90}], 0x3, 0xd) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000080)) syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x14000}, 0x40010) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000240), 0xd21, 0x4000) r5 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil) dup3(r5, r6, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a050000e22dcbc80b47befa0000000900010073797a30000000002c000000030a01020000000000000000010000030900030073797a30000000000900010073797a3000000000540000001a0a010400"], 0xc8}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newlink={0x28, 0x10, 0x8, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4d27, 0x20019}, [@IFLA_TARGET_NETNSID={0x8}]}, 0x28}}, 0x4000040) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 5.594983746s ago: executing program 0 (id=1336): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000608000000000000fcffffff9500000000000000"], &(0x7f0000000200)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_exit\x00', r0}, 0x18) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='sys_enter\x00', r1}, 0x18) syz_init_net_socket$rose(0xb, 0x5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f00000000c0)={0x60, 0x1, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0xe51, 0x0, 0x0, 0x3, 0x1, 0x6, 0x1b}) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94) request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f0000001040)={'syz', 0x2}, &(0x7f0000001080)='\x00', 0x0) request_key(&(0x7f00000010c0)='dns_resolver\x00', &(0x7f0000001100)={'syz', 0x2}, 0x0, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) connect$netrom(0xffffffffffffffff, &(0x7f0000000300)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) io_uring_setup(0xfc6, &(0x7f0000000180)) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r7, 0x6, 0x21, &(0x7f0000000b00)="86cf8445f4ba1d9f20174688f169e58c", 0x10) listen(r7, 0x0) 5.592093201s ago: executing program 1 (id=1337): socket$inet(0x2, 0x4000000000000001, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$inet6(0xa, 0x1, 0x8010000000000084) r2 = socket(0x1e, 0x1, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x8a, &(0x7f0000000040), 0x4) 4.463764252s ago: executing program 1 (id=1338): getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) r2 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x3c1, 0x3, 0x420, 0x0, 0x2b8, 0x25c, 0x0, 0x7, 0x350, 0x3a8, 0x3a8, 0x350, 0x3a8, 0x7fffffe, 0x0, {[{{@ipv6={@private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'macvlan1\x00', 'dvmrp0\x00'}, 0x16c, 0x218, 0x260, 0xa010000, {}, [@common=@unspec=@quota={{0x38}}, @common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0xc, [@dev, @dev, @empty, @remote, @dev, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @rand_addr=' \x01\x00', @private1, @remote, @loopback, @empty, @private2, @dev, @mcast1, @rand_addr=' \x01\x00']}}]}, @unspec=@CT0={0x48}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x480) syz_open_dev$vcsa(&(0x7f0000000040), 0x6, 0x82c0) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, 0x0) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/meminfo\x00', 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10) sendfile(r5, r4, 0x0, 0x20000023893) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c) r6 = openat$kvm(0x0, &(0x7f0000000140), 0x204181, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x32) 4.378663502s ago: executing program 4 (id=1339): r0 = socket$tipc(0x1e, 0x5, 0x0) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x15) dup(r0) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r2, 0x3ba0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r3, 0x0, 0x10001, 0x0, 0x6, 0x4e8d0, 0x107b9c}) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x10, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xbf21, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0xd}, 0x94) mount$fuseblk(&(0x7f0000000140), &(0x7f0000000280)='./cgroup\x00', &(0x7f00000002c0), 0x2000000, 0x0) 3.813411694s ago: executing program 5 (id=1340): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b26, &(0x7f0000000280)={'wlan1\x00'}) (fail_nth: 3) socket$alg(0x26, 0x5, 0x0) 3.740596549s ago: executing program 0 (id=1341): ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3}) memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000040)='T', 0x1, 0x8910, 0x0, 0x0) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r4) sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa08001900e0"], 0x58}}, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r7, 0xc0045627, &(0x7f00000000c0)=0x3) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r7, 0x80845663, 0x0) r8 = syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) r9 = msgget$private(0x0, 0x101) msgsnd(r9, &(0x7f0000000000)={0x2}, 0x4, 0x0) msgrcv(r9, 0x0, 0x0, 0x1, 0x5800) msgsnd(r9, &(0x7f0000000140)={0x1, "d1c818f7777981c20c619b8f72ea756b18d8c819e4cf7b37"}, 0x20, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r8, 0x80047c05, &(0x7f0000000940)) socket$kcm(0x2, 0x5, 0x84) membarrier(0x10, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) 2.367752478s ago: executing program 1 (id=1342): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@hyper}) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_io_uring_setup(0x890, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}}) io_uring_enter(r1, 0x7323, 0x700, 0x5, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11000000040000000400000005"], 0x50) 2.358982544s ago: executing program 4 (id=1343): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = syz_open_dev$loop(0x0, 0x6, 0x200800) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x9) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = mq_open(&(0x7f000084dff0)='z\xbf\x17', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x101}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r5, &(0x7f0000001140)=""/4111, 0x100f, 0x9, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) r8 = epoll_create1(0x0) fcntl$dupfd(r8, 0x2, 0xffffffffffffffff) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) 1.767675776s ago: executing program 5 (id=1344): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0xa0}, 0x1, 0x7}, 0x0) 988.904587ms ago: executing program 4 (id=1345): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000280)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount$pvfs2(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, 0x8184c, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) write$FUSE_NOTIFY_RETRIEVE(r4, 0x0, 0x0) ioctl$USBDEVFS_GET_SPEED(r4, 0x551f) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="04"], 0x3b) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r9, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r10}) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) 812.902313ms ago: executing program 2 (id=1346): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 561.685066ms ago: executing program 1 (id=1347): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_ethernet(0x3b6, &(0x7f0000000440)=ANY=[@ANYBLOB="61fe71b72b5f1780c202090386dd6000195803803afffe800000000000000000000000000018ff0200000000000000000000000000018600907800feffffff00000000000000000aa78ce5400659808000000003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42c60a5c15b37adac15084dbaf736b41e5af180200010000000000000000260004000418fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d036397a0acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978061d06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e2f7c0bf90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a000023f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000050b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743474671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68f2d2c6393a9f3becd1a9f51a948b5b303f4f0182107fcc1876d4ec1876d4e6fa3ce2dfdb43a6f021659ff5c2d6b3d9363ed09bd9281c9fe68a3000000006f0000044e43e740e077e1d16212fb05145e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1eb91a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d96967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c0000000000000000000005090000000900000036da018dff16e70b8b1400000000e18e88605aa6be1a02a326a6bce65f81ed"], 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000000)=0xffffffff, 0x4) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r2 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_JOIN_FILTERS(r2, 0x65, 0x6, &(0x7f0000000000), &(0x7f0000000040)=0x4) socket$inet_smc(0x2b, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800100000400000028000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRESHEX=0x0, @ANYBLOB="0000558b68aac2ad00b7000000000000009500000000000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x288, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, 0x0, 0x10) r6 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r7, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x37, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=r5, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r7], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket(0x1, 0x803, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r11 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'veth1\x00'}) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) 473.577474ms ago: executing program 5 (id=1348): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x24) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[], 0x0, 0x2c}, 0x28) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r5, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) r7 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DONE(r7, 0x0, 0xc9, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 43.542331ms ago: executing program 2 (id=1349): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r0, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0xfd}, 0x10) listen(r0, 0x1) listen(r0, 0x0) r1 = getpid() r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f913", 0x11}], 0x1}, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[], 0x34}}, 0x4008092) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10138, 0x2, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000180)=@ethtool_ringparam={0x11, 0x0, 0x20040001, 0x2, 0x3f, 0x0, 0x0, 0x9, 0x200}}) 0s ago: executing program 4 (id=1350): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) gettid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x400000000000004) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod$loop(0x0, 0xfff, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000004380), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(0xffffffffffffffff, 0xc1004110, &(0x7f0000000040)={0x0, [0x2, 0x8, 0x5], [{0x0, 0x0, 0x0, 0x0, 0x1}, {0x9, 0x0, 0x0, 0x1}, {0x0, 0x3fffffe}, {0x7}, {}, {0x0, 0x9}, {0x0, 0x1}, {}, {0x0, 0x7}], 0x20}) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000019080)=ANY=[@ANYRES8], 0x54}, 0x1, 0x0, 0x0, 0x44800}, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1) kernel console output (not intermixed with test programs): 442.099650][ T30] audit: type=1400 audit(1753888279.756:1644): avc: denied { read } for pid=10268 comm="syz.2.929" path="socket:[23195]" dev="sockfs" ino=23195 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 442.320764][T10283] syz.0.932: attempt to access beyond end of device [ 442.320764][T10283] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 442.341687][T10283] syz.0.932: attempt to access beyond end of device [ 442.341687][T10283] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 444.158875][T10283] Mount JFS Failure: -5 [ 445.332827][T10305] netlink: 76 bytes leftover after parsing attributes in process `syz.1.936'. [ 445.554171][ T30] audit: type=1400 audit(1753888282.486:1645): avc: denied { bind } for pid=10293 comm="syz.2.935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 446.339055][ T30] audit: type=1400 audit(1753888282.496:1646): avc: denied { listen } for pid=10293 comm="syz.2.935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 446.375704][T10294] loop6: detected capacity change from 0 to 524288000 [ 446.440119][T10310] netlink: 'syz.4.939': attribute type 1 has an invalid length. [ 446.443544][ T30] audit: type=1400 audit(1753888282.496:1647): avc: denied { setopt } for pid=10293 comm="syz.2.935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 446.472702][T10297] netlink: 'syz.2.935': attribute type 4 has an invalid length. [ 446.512551][T10297] netlink: 152 bytes leftover after parsing attributes in process `syz.2.935'. [ 446.688759][T10297] : renamed from bond0 [ 446.720340][T10299] netlink: 64 bytes leftover after parsing attributes in process `syz.1.936'. [ 447.101673][T10312] 8021q: adding VLAN 0 to HW filter on device bond5 [ 447.118260][T10312] bond4: (slave bond5): making interface the new active one [ 447.127520][T10312] bond4: (slave bond5): Enslaving as an active interface with an up link [ 447.384244][ T30] audit: type=1400 audit(1753888282.506:1648): avc: denied { write } for pid=10293 comm="syz.2.935" path="socket:[23747]" dev="sockfs" ino=23747 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 447.407789][ C0] vkms_vblank_simulate: vblank timer overrun [ 450.291028][ T5838] Bluetooth: hci2: unexpected event 0x30 length: 12 > 3 [ 450.514431][ T10] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 450.764204][ T5948] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 451.414251][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 451.428993][ T10] usb 1-1: config 0 has an invalid interface number: 231 but max is 0 [ 451.482030][T10355] netlink: 76 bytes leftover after parsing attributes in process `syz.5.948'. [ 451.510802][ T10] usb 1-1: config 0 has no interface number 0 [ 451.551962][ T10] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 451.903496][ T5948] usb 3-1: Using ep0 maxpacket: 8 [ 452.016800][T10355] netlink: 64 bytes leftover after parsing attributes in process `syz.5.948'. [ 452.032190][ T5948] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 452.041366][ T5948] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.049464][ T5948] usb 3-1: Product: syz [ 452.063818][ T5948] usb 3-1: Manufacturer: syz [ 452.083128][ T5948] usb 3-1: SerialNumber: syz [ 452.134700][ T5948] usb 3-1: config 0 descriptor?? [ 452.694034][ T10] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 452.787461][ T5948] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 453.153264][ T10] usb 1-1: string descriptor 0 read error: -71 [ 453.161803][ T10] usb 1-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 453.346433][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.416600][T10370] netlink: 20 bytes leftover after parsing attributes in process `syz.0.954'. [ 453.435067][ T10] usb 1-1: config 0 descriptor?? [ 453.681147][ T10] usb 1-1: can't set config #0, error -71 [ 453.738383][ T10] usb 1-1: USB disconnect, device number 32 [ 453.889800][ T5948] gspca_sonixj: reg_w1 err -71 [ 453.935052][ T5948] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 453.957221][ T5948] usb 3-1: USB disconnect, device number 29 [ 454.016073][T10374] FAULT_INJECTION: forcing a failure. [ 454.016073][T10374] name failslab, interval 1, probability 0, space 0, times 0 [ 454.041021][T10374] CPU: 1 UID: 0 PID: 10374 Comm: syz.5.955 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 454.041054][T10374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 454.041064][T10374] Call Trace: [ 454.041070][T10374] [ 454.041078][T10374] dump_stack_lvl+0x16c/0x1f0 [ 454.041102][T10374] should_fail_ex+0x512/0x640 [ 454.041122][T10374] ? fs_reclaim_acquire+0xae/0x150 [ 454.041145][T10374] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 454.041162][T10374] should_failslab+0xc2/0x120 [ 454.041181][T10374] __kmalloc_noprof+0xd2/0x510 [ 454.041203][T10374] tomoyo_realpath_from_path+0xc2/0x6e0 [ 454.041224][T10374] ? tomoyo_profile+0x47/0x60 [ 454.041245][T10374] tomoyo_path_number_perm+0x245/0x580 [ 454.041269][T10374] ? tomoyo_path_number_perm+0x237/0x580 [ 454.041297][T10374] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 454.041323][T10374] ? find_held_lock+0x2b/0x80 [ 454.041365][T10374] ? find_held_lock+0x2b/0x80 [ 454.041384][T10374] ? hook_file_ioctl_common+0x145/0x410 [ 454.041411][T10374] ? __fget_files+0x20e/0x3c0 [ 454.041429][T10374] security_file_ioctl+0x9b/0x240 [ 454.041447][T10374] __x64_sys_ioctl+0xb7/0x210 [ 454.041473][T10374] do_syscall_64+0xcd/0x4c0 [ 454.041496][T10374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.041513][T10374] RIP: 0033:0x7f9f11f8e9a9 [ 454.041528][T10374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.041544][T10374] RSP: 002b:00007f9f12daf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 454.041560][T10374] RAX: ffffffffffffffda RBX: 00007f9f121b5fa0 RCX: 00007f9f11f8e9a9 [ 454.041571][T10374] RDX: 0000200000000080 RSI: 000000004020ae76 RDI: 0000000000000004 [ 454.041580][T10374] RBP: 00007f9f12daf090 R08: 0000000000000000 R09: 0000000000000000 [ 454.041590][T10374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 454.041600][T10374] R13: 0000000000000000 R14: 00007f9f121b5fa0 R15: 00007fffa2f38cc8 [ 454.041623][T10374] [ 454.041663][T10374] ERROR: Out of memory at tomoyo_realpath_from_path. [ 454.376416][T10377] netlink: 'syz.4.956': attribute type 10 has an invalid length. [ 454.386839][T10377] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.394642][T10377] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.452627][T10377] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.460086][T10377] bridge0: port 2(bridge_slave_1) entered forwarding state [ 454.468108][T10377] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.475475][T10377] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.502723][T10377] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 455.470611][ T30] audit: type=1400 audit(1753888293.276:1649): avc: denied { bind } for pid=10382 comm="syz.2.958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 455.959859][ T30] audit: type=1400 audit(1753888293.276:1650): avc: denied { node_bind } for pid=10382 comm="syz.2.958" saddr=172.20.20.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 455.985043][ T30] audit: type=1400 audit(1753888293.306:1651): avc: denied { read } for pid=10382 comm="syz.2.958" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 457.894263][T10402] netlink: 24 bytes leftover after parsing attributes in process `syz.1.962'. [ 457.952161][T10412] netlink: 36 bytes leftover after parsing attributes in process `syz.5.966'. [ 457.962215][T10412] FAULT_INJECTION: forcing a failure. [ 457.962215][T10412] name failslab, interval 1, probability 0, space 0, times 0 [ 457.974887][T10412] CPU: 1 UID: 0 PID: 10412 Comm: syz.5.966 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 457.974904][T10412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 457.974910][T10412] Call Trace: [ 457.974915][T10412] [ 457.974919][T10412] dump_stack_lvl+0x16c/0x1f0 [ 457.974937][T10412] should_fail_ex+0x512/0x640 [ 457.974953][T10412] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 457.974973][T10412] should_failslab+0xc2/0x120 [ 457.974986][T10412] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 457.975004][T10412] ? __alloc_skb+0x2b2/0x380 [ 457.975019][T10412] __alloc_skb+0x2b2/0x380 [ 457.975031][T10412] ? __pfx___alloc_skb+0x10/0x10 [ 457.975047][T10412] netlink_ack+0x15d/0xb80 [ 457.975062][T10412] ? avc_has_perm_noaudit+0x149/0x3b0 [ 457.975081][T10412] netlink_rcv_skb+0x332/0x420 [ 457.975096][T10412] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 457.975108][T10412] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 457.975129][T10412] ? ns_capable+0xd7/0x110 [ 457.975143][T10412] nfnetlink_rcv+0x1b3/0x430 [ 457.975153][T10412] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 457.975163][T10412] ? netlink_deliver_tap+0x1ae/0xd30 [ 457.975179][T10412] netlink_unicast+0x58d/0x850 [ 457.975197][T10412] ? __pfx_netlink_unicast+0x10/0x10 [ 457.975215][T10412] netlink_sendmsg+0x8d1/0xdd0 [ 457.975233][T10412] ? __pfx_netlink_sendmsg+0x10/0x10 [ 457.975253][T10412] ____sys_sendmsg+0xa98/0xc70 [ 457.975269][T10412] ? copy_msghdr_from_user+0x10a/0x160 [ 457.975282][T10412] ? __pfx_____sys_sendmsg+0x10/0x10 [ 457.975304][T10412] ___sys_sendmsg+0x134/0x1d0 [ 457.975317][T10412] ? __pfx____sys_sendmsg+0x10/0x10 [ 457.975329][T10412] ? __lock_acquire+0x622/0x1c90 [ 457.975357][T10412] ? __mutex_unlock_slowpath+0x80/0x800 [ 457.975375][T10412] __sys_sendmsg+0x16d/0x220 [ 457.975387][T10412] ? __pfx___sys_sendmsg+0x10/0x10 [ 457.975409][T10412] do_syscall_64+0xcd/0x4c0 [ 457.975423][T10412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.975435][T10412] RIP: 0033:0x7f9f11f8e9a9 [ 457.975445][T10412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 457.975455][T10412] RSP: 002b:00007f9f12daf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 457.975466][T10412] RAX: ffffffffffffffda RBX: 00007f9f121b5fa0 RCX: 00007f9f11f8e9a9 [ 457.975472][T10412] RDX: 0000000000000840 RSI: 0000200000000700 RDI: 0000000000000003 [ 457.975479][T10412] RBP: 00007f9f12daf090 R08: 0000000000000000 R09: 0000000000000000 [ 457.975485][T10412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 457.975491][T10412] R13: 0000000000000000 R14: 00007f9f121b5fa0 R15: 00007fffa2f38cc8 [ 457.975504][T10412] [ 458.333839][T10414] xt_l2tp: missing protocol rule (udp|l2tpip) [ 458.779807][T10397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 458.779998][T10417] netlink: 20 bytes leftover after parsing attributes in process `syz.4.968'. [ 459.341119][T10431] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 460.969161][T10453] bad cache= option: no%e [ 460.969161][T10453] [ 460.976101][T10453] CIFS: VFS: bad cache= option: no%e [ 461.424260][ T92] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 461.552602][ T5838] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 461.689738][ T92] usb 2-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 461.704973][ T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.718667][ T92] usb 2-1: Product: syz [ 461.722938][ T92] usb 2-1: Manufacturer: syz [ 461.732656][ T92] usb 2-1: SerialNumber: syz [ 461.880763][ T92] usb 2-1: config 0 descriptor?? [ 461.987929][T10460] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 462.404189][ T5948] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 462.546883][T10444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 462.626814][T10444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 462.664348][T10467] netlink: 4 bytes leftover after parsing attributes in process `syz.4.980'. [ 462.674704][T10467] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 462.716922][ T30] audit: type=1400 audit(1753888300.446:1652): avc: denied { getopt } for pid=10464 comm="syz.4.980" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 462.816671][ T5948] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 462.817836][T10444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 462.828109][ T5948] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 462.854731][ T5948] usb 3-1: Product: syz [ 462.972788][ T5948] usb 3-1: Manufacturer: syz [ 462.981810][ T5948] usb 3-1: SerialNumber: syz [ 462.998062][ T5948] usb 3-1: config 0 descriptor?? [ 463.115473][T10444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 463.354317][ T10] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 463.370775][T10467] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 463.404035][ T5948] usb 3-1: USB disconnect, device number 30 [ 463.491904][T10475] xt_l2tp: missing protocol rule (udp|l2tpip) [ 463.577392][T10444] sctp: [Deprecated]: syz.1.974 (pid 10444) Use of struct sctp_assoc_value in delayed_ack socket option. [ 463.577392][T10444] Use struct sctp_sack_info instead [ 463.871964][ T10] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 463.891631][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.934063][ T10] usb 6-1: Product: syz [ 463.946870][ T10] usb 6-1: Manufacturer: syz [ 463.971881][ T10] usb 6-1: SerialNumber: syz [ 463.985387][ T10] usb 6-1: config 0 descriptor?? [ 464.009054][ T10] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 019 [ 464.055663][ T92] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 464.076126][ T92] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 464.087854][ T92] asix 2-1:0.0: probe with driver asix failed with error -71 [ 464.098596][ T92] usb 2-1: USB disconnect, device number 23 [ 464.848852][ T10] (null): failure reading functionality [ 464.858984][ T10] i2c i2c-1: connected i2c-tiny-usb device [ 465.056387][ T30] audit: type=1400 audit(1753888302.866:1653): avc: denied { create } for pid=10487 comm="syz.4.987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 465.158483][T10490] delete_channel: no stack [ 465.412167][ T30] audit: type=1400 audit(1753888302.946:1654): avc: denied { connect } for pid=10487 comm="syz.4.987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 465.456920][T10496] syz.0.986: attempt to access beyond end of device [ 465.456920][T10496] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 465.474520][T10496] syz.0.986: attempt to access beyond end of device [ 465.474520][T10496] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 465.747771][ T30] audit: type=1400 audit(1753888302.956:1655): avc: denied { write } for pid=10487 comm="syz.4.987" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 466.096840][T10496] Mount JFS Failure: -5 [ 466.371634][ T10] usb 6-1: USB disconnect, device number 19 [ 466.516868][T10510] netlink: 76 bytes leftover after parsing attributes in process `syz.4.991'. [ 466.877887][T10514] netlink: 76 bytes leftover after parsing attributes in process `syz.1.990'. [ 466.896796][T10512] netlink: 64 bytes leftover after parsing attributes in process `syz.4.991'. [ 467.636523][T10515] netlink: 64 bytes leftover after parsing attributes in process `syz.1.990'. [ 468.645118][ T30] audit: type=1400 audit(1753888306.446:1656): avc: denied { setcurrent } for pid=10521 comm="syz.1.995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 469.517917][ T30] audit: type=1401 audit(1753888306.476:1657): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 469.535155][ T30] audit: type=1400 audit(1753888306.486:1658): avc: denied { connect } for pid=10521 comm="syz.1.995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 470.068987][ T30] audit: type=1400 audit(1753888307.876:1659): avc: denied { open } for pid=10531 comm="syz.4.996" path="/dev/ptyqd" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 470.100940][T10535] pim6reg1: entered allmulticast mode [ 470.183981][T10538] netlink: 'syz.4.999': attribute type 1 has an invalid length. [ 470.304385][ T10] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 470.438782][T10538] bond6 (unregistering): Released all slaves [ 471.073999][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 471.084813][ T10] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 471.093947][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.129648][ T10] usb 2-1: config 0 descriptor?? [ 471.146778][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 471.234915][ T30] audit: type=1400 audit(1753888309.036:1660): avc: denied { audit_control } for pid=10544 comm="syz.4.1003" capability=30 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 471.300135][T10551] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 471.504154][ T5911] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 472.200082][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 472.215155][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 472.223768][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 472.232099][T10558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 472.244052][T10558] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 472.269347][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 472.276828][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 472.286758][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 472.317713][ T10] pwc: recv_control_msg error -32 req 02 val 2000 [ 472.338696][ T5911] usb 1-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 472.351140][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.360758][ T5911] usb 1-1: Product: syz [ 472.365061][ T5911] usb 1-1: Manufacturer: syz [ 472.369865][ T5911] usb 1-1: SerialNumber: syz [ 472.484001][ T5911] usb 1-1: config 0 descriptor?? [ 472.508540][ T10] pwc: recv_control_msg error -32 req 02 val 2100 [ 472.858226][ T5867] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 473.024501][ T10] pwc: recv_control_msg error -71 req 02 val 2500 [ 473.032796][ T10] pwc: recv_control_msg error -71 req 02 val 2400 [ 473.046752][ T10] pwc: recv_control_msg error -71 req 02 val 2600 [ 473.063095][ T10] pwc: recv_control_msg error -71 req 02 val 2900 [ 473.070514][ T10] pwc: recv_control_msg error -71 req 02 val 2800 [ 473.081381][ T10] pwc: recv_control_msg error -71 req 04 val 1100 [ 473.092791][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 473.109235][ T10] pwc: Registered as video103. [ 473.117434][T10567] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1005'. [ 473.593777][T10567] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1005'. [ 473.624436][ T5867] usb 6-1: Using ep0 maxpacket: 32 [ 473.673344][ T5867] usb 6-1: config 0 has an invalid interface number: 231 but max is 0 [ 473.683519][ T5867] usb 6-1: config 0 has no interface number 0 [ 473.985605][ T5867] usb 6-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 473.998390][T10545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 473.998506][ T5867] usb 6-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 474.026203][ T5867] usb 6-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 474.035692][T10545] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 474.046373][ T5867] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 474.058178][T10545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 474.069054][ T5867] usb 6-1: Product: syz [ 474.073224][ T5867] usb 6-1: Manufacturer: syz [ 474.084380][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input87 [ 474.109009][ T5867] usb 6-1: SerialNumber: syz [ 474.149657][ T10] usb 2-1: USB disconnect, device number 24 [ 474.160740][T10545] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 474.171759][ T5867] usb 6-1: config 0 descriptor?? [ 474.193197][T10564] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 474.201055][T10564] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 474.233497][ T5867] plusb 6-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.5-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, c6:0b:d8:9a:6a:ce [ 474.486543][T10545] sctp: [Deprecated]: syz.0.1000 (pid 10545) Use of struct sctp_assoc_value in delayed_ack socket option. [ 474.486543][T10545] Use struct sctp_sack_info instead [ 474.552095][T10577] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1009'. [ 475.122729][T10577] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1009'. [ 475.135057][ T5911] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 475.153045][ T5911] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 475.168531][ T5911] asix 1-1:0.0: probe with driver asix failed with error -71 [ 475.189691][ T5911] usb 1-1: USB disconnect, device number 33 [ 475.532167][ T10] usb 6-1: USB disconnect, device number 20 [ 475.540240][ T10] plusb 6-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.5-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 475.652154][T10583] xt_l2tp: missing protocol rule (udp|l2tpip) [ 475.974471][T10585] netlink: 'syz.4.1010': attribute type 1 has an invalid length. [ 476.034751][T10585] sctp: [Deprecated]: syz.4.1010 (pid 10585) Use of int in max_burst socket option. [ 476.034751][T10585] Use struct sctp_assoc_value instead [ 476.052515][T10593] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1012'. [ 476.768583][ T5911] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 476.876543][T10607] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 477.428291][ T5911] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 477.433450][ T30] audit: type=1400 audit(1753888315.236:1661): avc: denied { map } for pid=10609 comm="syz.2.1017" path="/proc/743/net/ip6_mr_cache" dev="proc" ino=4026532887 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 477.443698][ T5911] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.464919][ T30] audit: type=1400 audit(1753888315.276:1662): avc: denied { execute } for pid=10609 comm="syz.2.1017" path="/proc/743/net/ip6_mr_cache" dev="proc" ino=4026532887 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 477.496738][ T5911] usb 6-1: Product: syz [ 477.496761][ T5911] usb 6-1: Manufacturer: syz [ 477.496776][ T5911] usb 6-1: SerialNumber: syz [ 477.498714][ T5911] usb 6-1: config 0 descriptor?? [ 477.528325][ T5911] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 021 [ 477.970759][ T5911] (null): failure reading functionality [ 478.335095][T10612] delete_channel: no stack [ 478.342695][ T5911] i2c i2c-1: connected i2c-tiny-usb device [ 478.517552][T10620] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 478.542553][T10624] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 478.549120][T10624] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 478.562538][T10624] vhci_hcd vhci_hcd.0: Device attached [ 478.573016][T10625] vhci_hcd: connection closed [ 478.576391][ T8541] vhci_hcd: stop threads [ 478.585968][ T8541] vhci_hcd: release socket [ 478.590521][ T8541] vhci_hcd: disconnect device [ 478.623220][ T30] audit: type=1400 audit(1753888316.426:1663): avc: denied { append } for pid=10623 comm="syz.2.1023" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 478.731535][T10633] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1021'. [ 478.806054][T10634] dns_resolver: Unsupported server list version (0) [ 479.130580][T10633] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1021'. [ 479.490869][T10640] FAULT_INJECTION: forcing a failure. [ 479.490869][T10640] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 479.540925][T10640] CPU: 1 UID: 0 PID: 10640 Comm: syz.0.1025 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 479.540956][T10640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 479.540967][T10640] Call Trace: [ 479.540973][T10640] [ 479.540980][T10640] dump_stack_lvl+0x16c/0x1f0 [ 479.541006][T10640] should_fail_ex+0x512/0x640 [ 479.541033][T10640] _copy_from_user+0x2e/0xd0 [ 479.541060][T10640] kstrtouint_from_user+0xd6/0x1d0 [ 479.541082][T10640] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 479.541101][T10640] ? __lock_acquire+0xb8a/0x1c90 [ 479.541138][T10640] proc_fail_nth_write+0x83/0x220 [ 479.541157][T10640] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 479.541181][T10640] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 479.541197][T10640] vfs_write+0x29d/0x1150 [ 479.541216][T10640] ? __pfx___mutex_lock+0x10/0x10 [ 479.541238][T10640] ? __pfx_vfs_write+0x10/0x10 [ 479.541262][T10640] ? __fget_files+0x20e/0x3c0 [ 479.541288][T10640] ksys_write+0x12a/0x250 [ 479.541304][T10640] ? __pfx_ksys_write+0x10/0x10 [ 479.541318][T10640] ? v4l2_ioctl+0x1c5/0x250 [ 479.541339][T10640] ? fput+0x70/0xf0 [ 479.541364][T10640] do_syscall_64+0xcd/0x4c0 [ 479.541396][T10640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.541419][T10640] RIP: 0033:0x7fddc1f8d45f [ 479.541433][T10640] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 479.541449][T10640] RSP: 002b:00007fddbfdf6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 479.541466][T10640] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fddc1f8d45f [ 479.541478][T10640] RDX: 0000000000000001 RSI: 00007fddbfdf60a0 RDI: 0000000000000004 [ 479.541488][T10640] RBP: 00007fddbfdf6090 R08: 0000000000000000 R09: 0000000000000000 [ 479.541498][T10640] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 479.541508][T10640] R13: 0000000000000000 R14: 00007fddc21b5fa0 R15: 00007ffe874ffa28 [ 479.541533][T10640] [ 479.555776][ T30] audit: type=1400 audit(1753888317.346:1664): avc: denied { getopt } for pid=10641 comm="syz.2.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 479.860865][ T5890] usb 6-1: USB disconnect, device number 21 [ 479.986036][T10650] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1024'. [ 480.015265][T10649] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 480.276138][T10657] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1030'. [ 481.220647][T10653] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 482.664407][ T5867] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 482.677247][T10682] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1037'. [ 482.744876][T10680] mmap: syz.0.1036 (10680) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 482.855422][T10687] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1039'. [ 482.960102][ T5867] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 483.000503][ T5867] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 483.072551][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.234888][ T5867] usb 5-1: config 0 descriptor?? [ 483.266305][ T5867] pwc: Askey VC010 type 2 USB webcam detected. [ 483.270828][T10676] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 483.552312][T10679] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 483.684399][ T5911] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 483.692272][ T5867] pwc: recv_control_msg error -32 req 02 val 2b00 [ 483.700804][ T5867] pwc: recv_control_msg error -32 req 02 val 2700 [ 483.716753][ T5867] pwc: recv_control_msg error -32 req 02 val 2c00 [ 483.726994][T10673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 483.757923][T10673] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 483.769726][ T5867] pwc: recv_control_msg error -32 req 04 val 1000 [ 483.791445][ T5867] pwc: recv_control_msg error -32 req 04 val 1300 [ 483.809055][ T5867] pwc: recv_control_msg error -32 req 04 val 1400 [ 483.830809][ T5867] pwc: recv_control_msg error -32 req 02 val 2000 [ 483.866217][ T5911] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 483.881282][ T5911] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 483.884275][ T92] usb 1-1: new full-speed USB device number 34 using dummy_hcd [ 483.909868][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.946187][ T5911] usb 2-1: config 0 descriptor?? [ 483.968897][ T5911] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 484.034277][ T92] usb 1-1: device descriptor read/64, error -71 [ 484.053442][ T5867] pwc: recv_control_msg error -71 req 04 val 1500 [ 484.067180][ T5867] pwc: recv_control_msg error -71 req 02 val 2500 [ 484.083430][ T5867] pwc: recv_control_msg error -71 req 02 val 2400 [ 484.092920][ T5867] pwc: recv_control_msg error -71 req 02 val 2600 [ 484.093305][T10698] FAULT_INJECTION: forcing a failure. [ 484.093305][T10698] name failslab, interval 1, probability 0, space 0, times 0 [ 484.100202][ T5867] pwc: recv_control_msg error -71 req 02 val 2900 [ 484.112857][T10698] CPU: 0 UID: 0 PID: 10698 Comm: syz.2.1042 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 484.112880][T10698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 484.112889][T10698] Call Trace: [ 484.112894][T10698] [ 484.112900][T10698] dump_stack_lvl+0x16c/0x1f0 [ 484.112923][T10698] should_fail_ex+0x512/0x640 [ 484.112943][T10698] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 484.112970][T10698] should_failslab+0xc2/0x120 [ 484.112993][T10698] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 484.113017][T10698] ? __alloc_skb+0x2b2/0x380 [ 484.113038][T10698] __alloc_skb+0x2b2/0x380 [ 484.113054][T10698] ? __pfx___alloc_skb+0x10/0x10 [ 484.113070][T10698] ? genl_rcv_msg+0x4c0/0x800 [ 484.113084][T10698] ? genl_rcv_msg+0x4bb/0x800 [ 484.113103][T10698] netlink_ack+0x15d/0xb80 [ 484.113131][T10698] netlink_rcv_skb+0x332/0x420 [ 484.113151][T10698] ? __pfx_genl_rcv_msg+0x10/0x10 [ 484.113166][T10698] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 484.113197][T10698] ? netlink_deliver_tap+0x1ae/0xd30 [ 484.113224][T10698] genl_rcv+0x28/0x40 [ 484.113245][T10698] netlink_unicast+0x58d/0x850 [ 484.113269][T10698] ? __pfx_netlink_unicast+0x10/0x10 [ 484.113297][T10698] netlink_sendmsg+0x8d1/0xdd0 [ 484.113322][T10698] ? __pfx_netlink_sendmsg+0x10/0x10 [ 484.113357][T10698] ____sys_sendmsg+0xa98/0xc70 [ 484.113379][T10698] ? copy_msghdr_from_user+0x10a/0x160 [ 484.113397][T10698] ? __pfx_____sys_sendmsg+0x10/0x10 [ 484.113430][T10698] ___sys_sendmsg+0x134/0x1d0 [ 484.113449][T10698] ? __pfx____sys_sendmsg+0x10/0x10 [ 484.113466][T10698] ? __lock_acquire+0x622/0x1c90 [ 484.113510][T10698] ? __mutex_unlock_slowpath+0x80/0x800 [ 484.113536][T10698] __sys_sendmsg+0x16d/0x220 [ 484.113554][T10698] ? __pfx___sys_sendmsg+0x10/0x10 [ 484.113587][T10698] do_syscall_64+0xcd/0x4c0 [ 484.113607][T10698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.113622][T10698] RIP: 0033:0x7f255dd8e9a9 [ 484.113634][T10698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 484.113649][T10698] RSP: 002b:00007f255ebc9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 484.113665][T10698] RAX: ffffffffffffffda RBX: 00007f255dfb5fa0 RCX: 00007f255dd8e9a9 [ 484.113675][T10698] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 484.113684][T10698] RBP: 00007f255ebc9090 R08: 0000000000000000 R09: 0000000000000000 [ 484.113693][T10698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 484.113702][T10698] R13: 0000000000000000 R14: 00007f255dfb5fa0 R15: 00007ffdc57ad0a8 [ 484.113724][T10698] [ 484.274303][ T92] usb 1-1: new full-speed USB device number 35 using dummy_hcd [ 484.330165][ C0] vkms_vblank_simulate: vblank timer overrun [ 484.396966][ T5867] pwc: recv_control_msg error -71 req 02 val 2800 [ 484.403918][ T5867] pwc: recv_control_msg error -71 req 04 val 1100 [ 484.411071][ T5867] pwc: recv_control_msg error -71 req 04 val 1200 [ 484.554248][ T92] usb 1-1: device descriptor read/64, error -71 [ 484.593719][ T5867] pwc: Registered as video103. [ 485.111359][ T92] usb usb1-port1: attempt power cycle [ 485.335436][ T5867] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input88 [ 485.374700][ T5911] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 485.396792][ T5867] usb 5-1: USB disconnect, device number 32 [ 485.464212][ T92] usb 1-1: new full-speed USB device number 36 using dummy_hcd [ 485.494291][ T92] usb 1-1: device descriptor read/8, error -71 [ 485.554451][ T5911] usb 6-1: Using ep0 maxpacket: 32 [ 485.567665][ T5911] usb 6-1: config 0 has an invalid interface number: 231 but max is 0 [ 485.576804][ T5911] usb 6-1: config 0 has no interface number 0 [ 485.582994][ T5911] usb 6-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 485.593839][ T5911] usb 6-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 485.607264][ T5911] usb 6-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 485.612891][T10717] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 485.617262][ T5911] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.654637][ T5911] usb 6-1: Product: syz [ 485.658847][ T5911] usb 6-1: Manufacturer: syz [ 485.663573][ T5911] usb 6-1: SerialNumber: syz [ 485.674883][ T5911] usb 6-1: config 0 descriptor?? [ 485.680447][T10708] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 485.687861][T10708] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 485.711993][ T5911] plusb 6-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.5-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 46:69:3e:e0:89:cc [ 485.757652][ T92] usb 1-1: new full-speed USB device number 37 using dummy_hcd [ 485.821865][ T92] usb 1-1: device descriptor read/8, error -71 [ 485.863462][T10717] wg1 speed is unknown, defaulting to 1000 [ 485.946688][ T92] usb usb1-port1: unable to enumerate USB device [ 486.478875][ T92] usb 2-1: USB disconnect, device number 25 [ 488.015083][ T5911] usb 6-1: USB disconnect, device number 22 [ 488.070285][ T5911] plusb 6-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.5-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 488.284309][ T92] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 488.384282][ T5890] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 488.630862][ T92] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 488.775328][ T92] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 488.788078][ T5890] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 488.821935][ T92] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.832417][ T5890] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 488.854473][ T5890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.889718][ T5890] usb 5-1: config 0 descriptor?? [ 488.895908][ T92] usb 1-1: config 0 descriptor?? [ 488.909214][ T92] pwc: Askey VC010 type 2 USB webcam detected. [ 488.927888][ T5890] pwc: Askey VC010 type 2 USB webcam detected. [ 488.983180][T10750] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 489.398355][ T5890] pwc: recv_control_msg error -32 req 02 val 2b00 [ 489.405767][ T92] pwc: recv_control_msg error -32 req 02 val 2b00 [ 489.437236][ T92] pwc: recv_control_msg error -32 req 02 val 2700 [ 489.504289][ T5890] pwc: recv_control_msg error -32 req 02 val 2700 [ 489.566030][T10732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 489.577442][ T92] pwc: recv_control_msg error -32 req 02 val 2c00 [ 489.586506][ T5890] pwc: recv_control_msg error -32 req 02 val 2c00 [ 489.607710][T10732] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 489.623605][T10736] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 489.634918][T10736] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 489.658964][ T92] pwc: recv_control_msg error -32 req 04 val 1000 [ 489.682479][ T5890] pwc: recv_control_msg error -32 req 04 val 1000 [ 489.712817][ T92] pwc: recv_control_msg error -32 req 04 val 1300 [ 489.726379][ T5890] pwc: recv_control_msg error -32 req 04 val 1300 [ 489.746368][ T92] pwc: recv_control_msg error -32 req 04 val 1400 [ 489.767066][ T5890] pwc: recv_control_msg error -32 req 04 val 1400 [ 489.891166][ T92] pwc: recv_control_msg error -32 req 02 val 2000 [ 489.934496][ T5890] pwc: recv_control_msg error -32 req 02 val 2000 [ 490.011701][T10762] netlink: 'syz.5.1059': attribute type 1 has an invalid length. [ 490.020297][ T5911] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 490.226299][ T92] pwc: recv_control_msg error -71 req 04 val 1500 [ 490.236401][ T92] pwc: recv_control_msg error -71 req 02 val 2500 [ 490.256049][ T5890] pwc: recv_control_msg error -71 req 04 val 1500 [ 490.388921][ T5911] usb 2-1: config 0 has an invalid interface number: 171 but max is 0 [ 490.399785][ T5911] usb 2-1: config 0 has no interface number 0 [ 490.445274][ T5911] usb 2-1: config 0 interface 171 has no altsetting 0 [ 490.594809][ T5911] usb 2-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 1.00 [ 490.653333][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.738585][ T5911] usb 2-1: Product: syz [ 490.773456][ T5911] usb 2-1: Manufacturer: syz [ 490.817746][ T5911] usb 2-1: SerialNumber: syz [ 490.910589][ T5911] usb 2-1: config 0 descriptor?? [ 490.985335][ T5890] pwc: recv_control_msg error -71 req 02 val 2500 [ 490.985342][ T5911] usb-storage 2-1:0.171: USB Mass Storage device detected [ 490.988793][T10769] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 490.992949][ T5890] pwc: recv_control_msg error -71 req 02 val 2400 [ 491.016390][ T92] pwc: recv_control_msg error -71 req 02 val 2400 [ 491.023162][ T92] pwc: recv_control_msg error -71 req 02 val 2600 [ 491.030257][ T92] pwc: recv_control_msg error -71 req 02 val 2900 [ 491.038654][ T5890] pwc: recv_control_msg error -71 req 02 val 2600 [ 491.045661][ T92] pwc: recv_control_msg error -71 req 02 val 2800 [ 491.052537][ T5890] pwc: recv_control_msg error -71 req 02 val 2900 [ 491.060558][ T92] pwc: recv_control_msg error -71 req 04 val 1100 [ 491.067435][ T5890] pwc: recv_control_msg error -71 req 02 val 2800 [ 491.074303][ T92] pwc: recv_control_msg error -71 req 04 val 1200 [ 491.081215][ T5890] pwc: recv_control_msg error -71 req 04 val 1100 [ 491.100436][ T5890] pwc: recv_control_msg error -71 req 04 val 1200 [ 491.135049][ T92] pwc: Registered as video103. [ 491.159907][ T5890] videodev: could not get a free minor [ 491.184327][ T92] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input89 [ 491.189243][T10760] afs: Unknown parameter 'dynC' [ 491.197917][ T5890] pwc: Failed to register as video device (-23). [ 491.226064][ T92] usb 1-1: USB disconnect, device number 38 [ 491.235080][ T5890] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -23 [ 491.258527][ T5890] usb 5-1: USB disconnect, device number 33 [ 491.309139][T10760] overlayfs: overlapping lowerdir path [ 491.342899][ T10] usb 2-1: USB disconnect, device number 26 [ 491.641670][T10784] delete_channel: no stack [ 492.004191][ T92] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 492.104074][T10792] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 492.155883][ T92] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 493.179427][ T92] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 493.188641][ T92] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.206401][ T92] usb 1-1: config 0 descriptor?? [ 493.222534][ T92] pwc: Askey VC010 type 2 USB webcam detected. [ 493.298504][T10802] xt_l2tp: missing protocol rule (udp|l2tpip) [ 493.421222][T10808] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1073'. [ 493.819494][ T92] pwc: recv_control_msg error -32 req 02 val 2b00 [ 493.827597][ T92] pwc: recv_control_msg error -32 req 02 val 2700 [ 493.839717][ T92] pwc: recv_control_msg error -32 req 02 val 2c00 [ 493.845787][T10785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 493.904582][T10785] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 493.993348][ T92] pwc: recv_control_msg error -32 req 04 val 1000 [ 494.228084][ T92] pwc: recv_control_msg error -32 req 04 val 1300 [ 494.245030][ T92] pwc: recv_control_msg error -32 req 04 val 1400 [ 494.594221][ T5948] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 494.711100][ T92] pwc: recv_control_msg error -32 req 02 val 2000 [ 494.725627][ T92] pwc: recv_control_msg error -32 req 02 val 2100 [ 494.761888][ T5948] usb 3-1: Using ep0 maxpacket: 32 [ 494.776316][ T5948] usb 3-1: config 0 has an invalid interface number: 231 but max is 0 [ 494.786804][ T5948] usb 3-1: config 0 has no interface number 0 [ 494.793030][ T5948] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 494.805353][ T5948] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 494.841737][ T5948] usb 3-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 494.852331][ T5948] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.861059][ T5948] usb 3-1: Product: syz [ 494.866951][ T5948] usb 3-1: Manufacturer: syz [ 494.886442][ T5948] usb 3-1: SerialNumber: syz [ 494.963984][ T5948] usb 3-1: config 0 descriptor?? [ 494.973920][T10820] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 494.981376][T10820] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 495.007293][ T92] pwc: recv_control_msg error -71 req 02 val 2500 [ 495.038503][ T92] pwc: recv_control_msg error -71 req 02 val 2400 [ 495.051063][ T92] pwc: recv_control_msg error -71 req 02 val 2600 [ 495.053113][ T5948] plusb 3-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, d6:4e:09:0a:09:7e [ 495.064493][ T92] pwc: recv_control_msg error -71 req 02 val 2900 [ 495.156510][ T92] pwc: recv_control_msg error -71 req 02 val 2800 [ 495.176250][T10822] tipc: Enabled bearer , priority 0 [ 495.183491][ T92] pwc: recv_control_msg error -71 req 04 val 1100 [ 495.198237][ T92] pwc: recv_control_msg error -71 req 04 val 1200 [ 495.209848][T10822] syzkaller0: entered promiscuous mode [ 495.217354][ T92] pwc: Registered as video103. [ 495.223209][T10822] syzkaller0: entered allmulticast mode [ 495.231187][ T92] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input90 [ 495.297084][ T92] usb 1-1: USB disconnect, device number 39 [ 495.374073][T10823] tipc: Resetting bearer [ 495.540495][T10830] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1080'. [ 495.550010][T10821] tipc: Resetting bearer [ 495.583383][T10821] tipc: Disabling bearer [ 495.824817][ T92] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 496.185354][ T92] usb 6-1: Using ep0 maxpacket: 32 [ 496.192118][ T92] usb 6-1: config 0 has an invalid interface number: 132 but max is 0 [ 496.211491][ T92] usb 6-1: config 0 has no interface number 0 [ 496.227186][T10848] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1082'. [ 496.263493][ T92] usb 6-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 496.287431][ T92] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 496.292698][T10849] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1083'. [ 496.296672][ T92] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.315893][ T92] usb 6-1: Product: syz [ 496.334889][ T92] usb 6-1: Manufacturer: syz [ 496.339645][ T92] usb 6-1: SerialNumber: syz [ 496.532075][T10849] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1083'. [ 496.720137][T10848] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1082'. [ 496.868962][ T92] usb 6-1: config 0 descriptor?? [ 497.156896][ T92] em28xx 6-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 497.175284][ T92] em28xx 6-1:0.132: Video interface 132 found: [ 497.215911][ T5911] usb 3-1: USB disconnect, device number 31 [ 497.223270][ T5911] plusb 3-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 497.233349][ T30] audit: type=1400 audit(1753888335.016:1665): avc: denied { write } for pid=10853 comm="syz.1.1086" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 497.337009][T10830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 497.507883][T10859] delete_channel: no stack [ 497.565407][T10830] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 497.644194][ T30] audit: type=1400 audit(1753888335.026:1666): avc: denied { remount } for pid=10853 comm="syz.1.1086" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 497.805079][ T30] audit: type=1400 audit(1753888335.146:1667): avc: denied { setopt } for pid=10829 comm="syz.5.1080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 497.957765][ T30] audit: type=1400 audit(1753888335.546:1668): avc: denied { shutdown } for pid=10858 comm="syz.1.1088" lport=9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 497.978280][ C1] vkms_vblank_simulate: vblank timer overrun [ 498.007615][T10830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 498.019467][T10830] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 498.060029][ T92] em28xx 6-1:0.132: unknown em28xx chip ID (0) [ 498.610489][ T5890] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 498.618291][ T92] em28xx 6-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 498.640190][ T92] em28xx 6-1:0.132: board has no eeprom [ 498.704163][ T92] em28xx 6-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 498.712128][ T92] em28xx 6-1:0.132: analog set to bulk mode. [ 498.719070][ T10] em28xx 6-1:0.132: Registering V4L2 extension [ 498.739961][ T92] usb 6-1: USB disconnect, device number 23 [ 498.772166][ T92] em28xx 6-1:0.132: Disconnecting em28xx [ 498.797629][ T5890] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 498.808032][ T5890] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 498.848494][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.950101][ T5890] usb 3-1: config 0 descriptor?? [ 498.992642][ T5890] pwc: Askey VC010 type 2 USB webcam detected. [ 499.091418][ T10] em28xx 6-1:0.132: Config register raw data: 0xffffffed [ 499.101187][ T10] em28xx 6-1:0.132: AC97 chip type couldn't be determined [ 499.191572][T10881] syz.1.1092: attempt to access beyond end of device [ 499.191572][T10881] loop1: rw=0, sector=16, nr_sectors = 2 limit=0 [ 499.587985][ T10] em28xx 6-1:0.132: No AC97 audio processor [ 499.598491][ T5890] pwc: recv_control_msg error -32 req 02 val 2b00 [ 499.607318][ T10] usb 6-1: Decoder not found [ 499.612110][ T5890] pwc: recv_control_msg error -32 req 02 val 2700 [ 499.618666][ T10] em28xx 6-1:0.132: failed to create media graph [ 499.625264][ T10] em28xx 6-1:0.132: V4L2 device video103 deregistered [ 499.633818][ T5890] pwc: recv_control_msg error -32 req 02 val 2c00 [ 499.646485][ T10] em28xx 6-1:0.132: Remote control support is not available for this card. [ 499.657035][ T5890] pwc: recv_control_msg error -32 req 04 val 1000 [ 499.667713][ T5890] pwc: recv_control_msg error -32 req 04 val 1300 [ 499.676386][ T5890] pwc: recv_control_msg error -32 req 04 val 1400 [ 499.683092][ T92] em28xx 6-1:0.132: Closing input extension [ 499.705876][ T5890] pwc: recv_control_msg error -32 req 02 val 2000 [ 499.739546][ T5890] pwc: recv_control_msg error -32 req 02 val 2100 [ 499.844192][T10888] FAULT_INJECTION: forcing a failure. [ 499.844192][T10888] name failslab, interval 1, probability 0, space 0, times 0 [ 499.857351][T10888] CPU: 0 UID: 0 PID: 10888 Comm: syz.0.1094 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 499.857376][T10888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 499.857387][T10888] Call Trace: [ 499.857394][T10888] [ 499.857401][T10888] dump_stack_lvl+0x16c/0x1f0 [ 499.857428][T10888] should_fail_ex+0x512/0x640 [ 499.857452][T10888] ? __kmalloc_noprof+0xbf/0x510 [ 499.857471][T10888] ? jent_kcapi_init+0xea/0x230 [ 499.857489][T10888] should_failslab+0xc2/0x120 [ 499.857509][T10888] __kmalloc_noprof+0xd2/0x510 [ 499.857532][T10888] jent_kcapi_init+0xea/0x230 [ 499.857551][T10888] ? __pfx_jent_kcapi_init+0x10/0x10 [ 499.857571][T10888] crypto_create_tfm_node+0x1c0/0x350 [ 499.857595][T10888] ? crypto_alloc_tfm_node+0x36/0x260 [ 499.857621][T10888] crypto_alloc_tfm_node+0x102/0x260 [ 499.857649][T10888] drbg_kcapi_seed+0xb00/0xee0 [ 499.857671][T10888] ? __pfx_drbg_kcapi_seed+0x10/0x10 [ 499.857691][T10888] ? copy_from_sockptr_offset.constprop.0+0xe4/0x1a0 [ 499.857716][T10888] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 499.857750][T10888] crypto_rng_reset+0x7b/0x130 [ 499.857776][T10888] ? __pfx_rng_setkey+0x10/0x10 [ 499.857801][T10888] alg_setsockopt+0x42c/0xdd0 [ 499.857826][T10888] ? __pfx_alg_setsockopt+0x10/0x10 [ 499.857850][T10888] ? selinux_socket_setsockopt+0x6a/0x80 [ 499.857879][T10888] ? __pfx_alg_setsockopt+0x10/0x10 [ 499.857911][T10888] do_sock_setsockopt+0xf0/0x1d0 [ 499.857940][T10888] __sys_setsockopt+0x1a0/0x230 [ 499.857966][T10888] __x64_sys_setsockopt+0xbd/0x160 [ 499.857985][T10888] ? do_syscall_64+0x91/0x4c0 [ 499.858005][T10888] ? lockdep_hardirqs_on+0x7c/0x110 [ 499.858026][T10888] do_syscall_64+0xcd/0x4c0 [ 499.858048][T10888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.858067][T10888] RIP: 0033:0x7fddc1f8e9a9 [ 499.858082][T10888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.858099][T10888] RSP: 002b:00007fddbfdd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 499.858117][T10888] RAX: ffffffffffffffda RBX: 00007fddc21b6080 RCX: 00007fddc1f8e9a9 [ 499.858128][T10888] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000006 [ 499.858139][T10888] RBP: 00007fddbfdd5090 R08: 0000000000000000 R09: 0000000000000000 [ 499.858149][T10888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 499.858160][T10888] R13: 0000000000000000 R14: 00007fddc21b6080 R15: 00007ffe874ffa28 [ 499.858184][T10888] [ 499.858561][T10888] DRBG: Continuing without Jitter RNG [ 500.479943][ T92] em28xx 6-1:0.132: Freeing device [ 500.633390][ T5890] pwc: recv_control_msg error -32 req 04 val 1500 [ 500.869115][ T5890] pwc: recv_control_msg error -71 req 02 val 2400 [ 500.883287][ T5890] pwc: recv_control_msg error -71 req 02 val 2600 [ 500.907319][ T5890] pwc: recv_control_msg error -71 req 02 val 2900 [ 500.930488][ T5890] pwc: recv_control_msg error -71 req 02 val 2800 [ 500.963423][ T5890] pwc: recv_control_msg error -71 req 04 val 1100 [ 500.989128][ T5890] pwc: recv_control_msg error -71 req 04 val 1200 [ 501.072798][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.079466][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.095982][ T5890] pwc: Registered as video103. [ 501.124491][ T5890] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input91 [ 501.632996][ T5890] usb 3-1: USB disconnect, device number 32 [ 501.854411][ T5948] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 502.064687][ T5948] usb 1-1: Using ep0 maxpacket: 32 [ 502.125939][ T5948] usb 1-1: config 0 has an invalid interface number: 231 but max is 0 [ 502.183785][ T5948] usb 1-1: config 0 has no interface number 0 [ 502.226059][ T5948] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 502.258672][ T5948] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 502.282507][ T5948] usb 1-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 502.425318][ T5948] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.684482][ T5890] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 502.913227][ T5948] usb 1-1: Product: syz [ 502.917486][ T5948] usb 1-1: Manufacturer: syz [ 502.922111][ T5948] usb 1-1: SerialNumber: syz [ 502.955757][ T5948] usb 1-1: config 0 descriptor?? [ 502.967129][T10902] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 502.975630][T10902] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 502.991010][ T5948] plusb 1-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.0-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 3a:52:a0:bb:69:96 [ 503.129076][ T5890] usb 5-1: Using ep0 maxpacket: 8 [ 503.140176][ T5890] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 503.156268][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.190463][ T5890] usb 5-1: Product: syz [ 503.207770][ T5890] usb 5-1: Manufacturer: syz [ 503.216626][ T5890] usb 5-1: SerialNumber: syz [ 504.095438][T10921] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1101'. [ 504.120584][ T5890] usb 5-1: config 0 descriptor?? [ 504.329611][T10924] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1101'. [ 504.335923][ T5890] gspca_main: sq930x-2.14.0 probing 2770:930c [ 504.410226][ T5818] usb 1-1: USB disconnect, device number 40 [ 504.418910][ T5818] plusb 1-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.0-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 504.574284][ T5890] gspca_sq930x: ucbus_write failed -71 [ 504.991690][T10937] syz.0.1104: attempt to access beyond end of device [ 504.991690][T10937] loop0: rw=0, sector=16, nr_sectors = 2 limit=0 [ 505.759252][T10944] syz.4.1105: attempt to access beyond end of device [ 505.759252][T10944] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 505.773575][T10944] syz.4.1105: attempt to access beyond end of device [ 505.773575][T10944] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 505.837997][T10944] Mount JFS Failure: -5 [ 505.894256][ T5890] gspca_sq930x: Unknown sensor [ 505.899948][ T5890] sq930x 5-1:0.0: probe with driver sq930x failed with error -22 [ 506.425768][ T92] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 506.437782][ T30] audit: type=1401 audit(1753888344.246:1669): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 506.712862][ T5890] usb 5-1: USB disconnect, device number 34 [ 506.844131][ T92] usb 3-1: Using ep0 maxpacket: 32 [ 506.850710][ T92] usb 3-1: config 0 has an invalid interface number: 231 but max is 0 [ 506.860439][ T92] usb 3-1: config 0 has no interface number 0 [ 506.876342][ T92] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 506.914181][ T92] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 507.834842][ T92] usb 3-1: string descriptor 0 read error: -71 [ 507.841214][ T92] usb 3-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 508.486207][ T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.515879][ T92] usb 3-1: config 0 descriptor?? [ 508.525306][ T92] usb 3-1: can't set config #0, error -71 [ 508.540456][ T92] usb 3-1: USB disconnect, device number 33 [ 508.618196][ T30] audit: type=1400 audit(1753888346.426:1670): avc: denied { write } for pid=10962 comm="syz.0.1112" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 508.641561][ C0] vkms_vblank_simulate: vblank timer overrun [ 509.551961][ T5818] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 509.884416][ T5818] usb 3-1: Using ep0 maxpacket: 32 [ 509.895779][ T5818] usb 3-1: config 0 has an invalid interface number: 231 but max is 0 [ 509.949356][ T5818] usb 3-1: config 0 has no interface number 0 [ 510.271419][ T5818] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 510.272217][T10976] syzkaller1: entered promiscuous mode [ 510.314369][T10976] syzkaller1: entered allmulticast mode [ 510.347488][ T5818] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 510.423547][ T5818] usb 3-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 510.454155][ T5818] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.496878][ T5818] usb 3-1: Product: syz [ 510.676082][ T30] audit: type=1401 audit(1753888348.366:1671): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 511.345874][ T5818] usb 3-1: Manufacturer: syz [ 511.357363][ T5818] usb 3-1: SerialNumber: syz [ 511.475215][ T5818] usb 3-1: config 0 descriptor?? [ 511.480829][T10972] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 511.488156][T10972] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 511.547830][ T5818] plusb 3-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 4a:de:a7:62:bd:f4 [ 511.704008][T11000] syz.1.1120: attempt to access beyond end of device [ 511.704008][T11000] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 511.719959][T11000] syz.1.1120: attempt to access beyond end of device [ 511.719959][T11000] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 511.774243][ T5890] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 512.634319][T11000] Mount JFS Failure: -5 [ 512.957099][ T5818] usb 3-1: USB disconnect, device number 34 [ 512.960812][ T5890] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 512.973228][ T5890] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.991290][ T5890] usb 6-1: Product: syz [ 512.994303][ T5818] plusb 3-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 512.995891][ T5890] usb 6-1: Manufacturer: syz [ 513.012163][ T5890] usb 6-1: SerialNumber: syz [ 513.019670][ T5890] usb 6-1: config 0 descriptor?? [ 513.030673][ T5890] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 024 [ 513.101663][T11008] netlink: 'syz.4.1122': attribute type 1 has an invalid length. [ 513.124273][T11008] sctp: [Deprecated]: syz.4.1122 (pid 11008) Use of int in max_burst socket option. [ 513.124273][T11008] Use struct sctp_assoc_value instead [ 513.638463][ T5890] (null): failure reading functionality [ 513.923708][ T5890] i2c i2c-1: connected i2c-tiny-usb device [ 515.158612][ T5818] usb 6-1: USB disconnect, device number 24 [ 515.308085][ T30] audit: type=1401 audit(1753888353.076:1672): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 516.071933][T11022] delete_channel: no stack [ 516.128524][T11026] delete_channel: no stack [ 516.269575][T11041] delete_channel: no stack [ 516.415519][ T5818] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 516.594216][ T5818] usb 6-1: Using ep0 maxpacket: 16 [ 516.600833][ T5818] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 516.612740][ T5818] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 516.672430][T11046] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 516.724852][ T5818] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 516.738446][ T5818] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.767745][ T5818] usb 6-1: Product: syz [ 516.771969][ T5818] usb 6-1: Manufacturer: syz [ 516.824660][ T5818] usb 6-1: SerialNumber: syz [ 516.854518][ T5818] usb 6-1: config 0 descriptor?? [ 517.143184][T11055] FAULT_INJECTION: forcing a failure. [ 517.143184][T11055] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 517.178874][ T5818] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 517.196682][ T5818] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 517.196761][T11049] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 517.218091][T11055] CPU: 1 UID: 0 PID: 11055 Comm: syz.2.1138 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 517.218115][T11055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 517.218124][T11055] Call Trace: [ 517.218128][T11055] [ 517.218133][T11055] dump_stack_lvl+0x16c/0x1f0 [ 517.218150][T11055] should_fail_ex+0x512/0x640 [ 517.218168][T11055] _copy_from_user+0x2e/0xd0 [ 517.218186][T11055] copy_msghdr_from_user+0x98/0x160 [ 517.218200][T11055] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 517.218220][T11055] ___sys_sendmsg+0xfe/0x1d0 [ 517.218233][T11055] ? __pfx____sys_sendmsg+0x10/0x10 [ 517.218245][T11055] ? __lock_acquire+0x622/0x1c90 [ 517.218274][T11055] ? __mutex_unlock_slowpath+0x80/0x800 [ 517.218292][T11055] __sys_sendmsg+0x16d/0x220 [ 517.218306][T11055] ? __pfx___sys_sendmsg+0x10/0x10 [ 517.218328][T11055] do_syscall_64+0xcd/0x4c0 [ 517.218342][T11055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.218353][T11055] RIP: 0033:0x7f255dd8e9a9 [ 517.218362][T11055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 517.218374][T11055] RSP: 002b:00007f255eba8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 517.218385][T11055] RAX: ffffffffffffffda RBX: 00007f255dfb6080 RCX: 00007f255dd8e9a9 [ 517.218392][T11055] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000005 [ 517.218398][T11055] RBP: 00007f255eba8090 R08: 0000000000000000 R09: 0000000000000000 [ 517.218404][T11055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.218410][T11055] R13: 0000000000000000 R14: 00007f255dfb6080 R15: 00007ffdc57ad0a8 [ 517.218424][T11055] [ 517.682300][T11057] xt_l2tp: missing protocol rule (udp|l2tpip) [ 517.747629][T11058] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1139'. [ 518.117865][ T5818] em28xx 6-1:0.0: chip ID is em2870 [ 518.304226][ T5867] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 518.477460][ T5867] usb 1-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 518.514860][ T5867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.550516][ T5867] usb 1-1: Product: syz [ 518.622243][T11071] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1143'. [ 518.652561][T11071] SELinux: Context system_u:object_r:ssh_agent_exec_t:s0 is not valid (left unmapped). [ 518.685563][T11073] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1142'. [ 518.702549][T11073] FAULT_INJECTION: forcing a failure. [ 518.702549][T11073] name failslab, interval 1, probability 0, space 0, times 0 [ 518.715676][T11073] CPU: 0 UID: 0 PID: 11073 Comm: syz.2.1142 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 518.715702][T11073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 518.715713][T11073] Call Trace: [ 518.715724][T11073] [ 518.715736][T11073] dump_stack_lvl+0x16c/0x1f0 [ 518.715762][T11073] should_fail_ex+0x512/0x640 [ 518.715786][T11073] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 518.715809][T11073] should_failslab+0xc2/0x120 [ 518.715829][T11073] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 518.715850][T11073] ? security_context_to_sid_core+0xc1/0x860 [ 518.715876][T11073] kmemdup_nul+0x49/0xf0 [ 518.715895][T11073] security_context_to_sid_core+0xc1/0x860 [ 518.715915][T11073] ? __pfx___schedule+0x10/0x10 [ 518.715936][T11073] ? __pfx_security_context_to_sid_core+0x10/0x10 [ 518.715965][T11073] ? evm_protected_xattr_common+0x188/0x1f0 [ 518.715990][T11073] selinux_inode_setsecurity+0x1b3/0x3f0 [ 518.716021][T11073] ? evm_protect_xattr.isra.0+0x1bd/0x710 [ 518.716046][T11073] ? __pfx_selinux_inode_setsecurity+0x10/0x10 [ 518.716073][T11073] ? __pfx_evm_protect_xattr.isra.0+0x10/0x10 [ 518.716101][T11073] security_inode_setsecurity+0xe7/0x2e0 [ 518.716130][T11073] __vfs_setxattr_noperm+0x18a/0x660 [ 518.716155][T11073] __vfs_setxattr_locked+0x182/0x260 [ 518.716174][T11073] ? __lock_acquire+0xb8a/0x1c90 [ 518.716204][T11073] vfs_setxattr+0x145/0x360 [ 518.716223][T11073] ? lock_acquire+0x179/0x350 [ 518.716240][T11073] ? __pfx_vfs_setxattr+0x10/0x10 [ 518.716259][T11073] ? mnt_get_write_access+0x54/0x300 [ 518.716284][T11073] ? mnt_get_write_access+0x54/0x300 [ 518.716311][T11073] do_setxattr+0x145/0x180 [ 518.716336][T11073] file_setxattr+0x139/0x1b0 [ 518.716352][T11073] ? fdget+0x176/0x210 [ 518.716369][T11073] path_setxattrat+0x247/0x2a0 [ 518.716388][T11073] ? __pfx_path_setxattrat+0x10/0x10 [ 518.716414][T11073] ? ksys_write+0x190/0x250 [ 518.716454][T11073] ? fput+0x70/0xf0 [ 518.716475][T11073] ? ksys_write+0x1ac/0x250 [ 518.716491][T11073] ? __pfx_ksys_write+0x10/0x10 [ 518.716515][T11073] __x64_sys_fsetxattr+0xc5/0x140 [ 518.716533][T11073] ? do_syscall_64+0x91/0x4c0 [ 518.716553][T11073] ? lockdep_hardirqs_on+0x7c/0x110 [ 518.716573][T11073] do_syscall_64+0xcd/0x4c0 [ 518.716596][T11073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.716619][T11073] RIP: 0033:0x7f255dd8e9a9 [ 518.716634][T11073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 518.716651][T11073] RSP: 002b:00007f255eba8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 518.716668][T11073] RAX: ffffffffffffffda RBX: 00007f255dfb6080 RCX: 00007f255dd8e9a9 [ 518.716680][T11073] RDX: 0000200000000040 RSI: 00002000000000c0 RDI: 0000000000000008 [ 518.716691][T11073] RBP: 00007f255eba8090 R08: 0000000000000000 R09: 0000000000000000 [ 518.716702][T11073] R10: 000000000000001e R11: 0000000000000246 R12: 0000000000000001 [ 518.716712][T11073] R13: 0000000000000000 R14: 00007f255dfb6080 R15: 00007ffdc57ad0a8 [ 518.716737][T11073] [ 519.022118][ C0] vkms_vblank_simulate: vblank timer overrun [ 519.288829][ T30] audit: type=1400 audit(1753888356.456:1673): avc: denied { relabelfrom } for pid=11067 comm="syz.1.1143" name="" dev="pipefs" ino=26868 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 519.319931][ T30] audit: type=1400 audit(1753888356.476:1674): avc: denied { relabelto } for pid=11067 comm="syz.1.1143" name="" dev="pipefs" ino=26868 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:ssh_agent_exec_t:s0" [ 519.347161][ C0] vkms_vblank_simulate: vblank timer overrun [ 520.943421][ T5867] usb 1-1: Manufacturer: syz [ 520.948196][ T5867] usb 1-1: SerialNumber: syz [ 520.955569][ T5867] usb 1-1: config 0 descriptor?? [ 521.058744][ T5867] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 521.074290][ T5867] asix 1-1:0.0: probe with driver asix failed with error -71 [ 521.103324][ T5867] usb 1-1: USB disconnect, device number 41 [ 521.402429][ T30] audit: type=1401 audit(1753888359.056:1675): op=security_bounded_transition seresult=denied oldcontext=root:sysadm_r:sysadm_t newcontext=system_u:object_r:hugetlbfs_t [ 522.216269][T11089] delete_channel: no stack [ 522.426020][T11094] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1146'. [ 522.535104][T11087] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1146'. [ 522.622698][ T5867] usb 6-1: USB disconnect, device number 25 [ 522.637266][ T5867] em28xx 6-1:0.0: Disconnecting em28xx [ 522.688309][ T5867] em28xx 6-1:0.0: Freeing device [ 522.918506][T11103] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1151'. [ 523.124455][ T5867] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 523.352649][ T5867] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 523.414207][ T5883] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 523.442312][ T5867] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 523.476722][T11100] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 523.486818][ T5867] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.508808][ T30] audit: type=1400 audit(1753888361.296:1676): avc: denied { append } for pid=11077 comm="syz.1.1146" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 523.597649][ T5867] usb 6-1: config 0 descriptor?? [ 523.676059][ T5867] pwc: Askey VC010 type 2 USB webcam detected. [ 523.688781][ T5883] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 523.700570][ T5883] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 523.723394][ T5883] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.772532][ T5883] usb 3-1: config 0 descriptor?? [ 523.783172][ T5883] pwc: Askey VC010 type 2 USB webcam detected. [ 524.131846][ T5867] pwc: recv_control_msg error -32 req 02 val 2b00 [ 524.139407][ T5867] pwc: recv_control_msg error -32 req 02 val 2700 [ 524.146525][ T5867] pwc: recv_control_msg error -32 req 02 val 2c00 [ 524.172252][ T5867] pwc: recv_control_msg error -32 req 04 val 1000 [ 524.212273][ T5883] pwc: recv_control_msg error -32 req 02 val 2b00 [ 524.253649][ T5883] pwc: recv_control_msg error -32 req 02 val 2700 [ 524.255861][ T5867] pwc: recv_control_msg error -32 req 04 val 1300 [ 524.268946][ T5867] pwc: recv_control_msg error -32 req 04 val 1400 [ 524.278712][ T5883] pwc: recv_control_msg error -32 req 02 val 2c00 [ 524.285930][ T5867] pwc: recv_control_msg error -32 req 02 val 2000 [ 524.293387][ T5867] pwc: recv_control_msg error -32 req 02 val 2100 [ 524.301784][ T5867] pwc: recv_control_msg error -32 req 04 val 1500 [ 524.310995][ T5883] pwc: recv_control_msg error -32 req 04 val 1000 [ 524.321192][ T5883] pwc: recv_control_msg error -32 req 04 val 1300 [ 524.329225][ T5883] pwc: recv_control_msg error -32 req 04 val 1400 [ 524.336974][ T5883] pwc: recv_control_msg error -32 req 02 val 2000 [ 524.344326][ T5883] pwc: recv_control_msg error -32 req 02 val 2100 [ 524.510732][ T5867] pwc: recv_control_msg error -71 req 02 val 2400 [ 524.519978][ T5867] pwc: recv_control_msg error -71 req 02 val 2600 [ 524.530182][ T5867] pwc: recv_control_msg error -71 req 02 val 2900 [ 524.537100][ T5867] pwc: recv_control_msg error -71 req 02 val 2800 [ 524.544482][ T5867] pwc: recv_control_msg error -71 req 04 val 1100 [ 524.551258][ T5867] pwc: recv_control_msg error -71 req 04 val 1200 [ 524.553057][ T5883] pwc: recv_control_msg error -71 req 02 val 2500 [ 524.567372][ T5883] pwc: recv_control_msg error -71 req 02 val 2400 [ 524.574751][ T5883] pwc: recv_control_msg error -71 req 02 val 2600 [ 524.577813][ T5948] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 524.592361][ T5867] pwc: Registered as video103. [ 524.613918][ T5883] pwc: recv_control_msg error -71 req 02 val 2900 [ 524.621072][ T5867] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input92 [ 524.631699][ T5883] pwc: recv_control_msg error -71 req 02 val 2800 [ 524.645489][ T5883] pwc: recv_control_msg error -71 req 04 val 1100 [ 524.658826][ T5883] pwc: recv_control_msg error -71 req 04 val 1200 [ 524.669463][ T5883] videodev: could not get a free minor [ 524.887363][T11128] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1157'. [ 524.934964][ T5948] usb 2-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 524.936640][ T5883] pwc: Failed to register as video device (-23). [ 524.944203][ T5948] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.944229][ T5948] usb 2-1: Product: syz [ 524.944242][ T5948] usb 2-1: Manufacturer: syz [ 524.964865][ T5883] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -23 [ 524.979914][ T5867] usb 6-1: USB disconnect, device number 26 [ 525.055707][ T5883] usb 3-1: USB disconnect, device number 35 [ 525.142635][ T5948] usb 2-1: SerialNumber: syz [ 525.164670][ T5948] usb 2-1: config 0 descriptor?? [ 525.764583][T11122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 525.832365][T11122] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 525.895564][T11122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 525.905687][T11135] bond5 (unregistering): Released all slaves [ 526.874509][T11122] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 527.020050][ T5948] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 527.032033][ T5948] asix 2-1:0.0: probe with driver asix failed with error -32 [ 527.047869][T11141] sctp: [Deprecated]: syz.1.1156 (pid 11141) Use of struct sctp_assoc_value in delayed_ack socket option. [ 527.047869][T11141] Use struct sctp_sack_info instead [ 527.202520][T11144] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 527.249113][T11151] netlink: 'syz.0.1163': attribute type 1 has an invalid length. [ 528.637590][T11170] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1167'. [ 528.781136][ T5942] usb 2-1: USB disconnect, device number 27 [ 531.150835][T11204] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1171'. [ 531.819502][T11213] delete_channel: no stack [ 533.024957][ T5948] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 533.210589][ T5948] usb 3-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 533.225070][ T5948] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.233195][ T5948] usb 3-1: Product: syz [ 533.238041][ T5948] usb 3-1: Manufacturer: syz [ 533.242764][ T5948] usb 3-1: SerialNumber: syz [ 533.257839][ T5948] usb 3-1: config 0 descriptor?? [ 533.257955][T11228] netlink: 'syz.5.1180': attribute type 1 has an invalid length. [ 533.299699][T11228] sctp: [Deprecated]: syz.5.1180 (pid 11228) Use of int in max_burst socket option. [ 533.299699][T11228] Use struct sctp_assoc_value instead [ 533.677332][T11223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 533.726881][T11223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 533.759754][T11223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 533.791493][T11223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 533.909126][T11233] sctp: [Deprecated]: syz.2.1179 (pid 11233) Use of struct sctp_assoc_value in delayed_ack socket option. [ 533.909126][T11233] Use struct sctp_sack_info instead [ 533.910543][ T5948] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 534.017080][ T5948] asix 3-1:0.0: probe with driver asix failed with error -32 [ 534.541400][T11239] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 535.572771][T11254] syz.1.1186: attempt to access beyond end of device [ 535.572771][T11254] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 535.587872][T11254] syz.1.1186: attempt to access beyond end of device [ 535.587872][T11254] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 535.601056][T11254] Mount JFS Failure: -5 [ 535.780901][ T5890] usb 3-1: USB disconnect, device number 36 [ 536.228458][T11249] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 536.740640][T11269] xt_l2tp: missing protocol rule (udp|l2tpip) [ 536.929846][T11263] delete_channel: no stack [ 537.021276][T11270] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1192'. [ 537.463978][T11274] xt_l2tp: missing protocol rule (udp|l2tpip) [ 537.591984][T11280] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1194'. [ 538.832382][T11293] tipc: Started in network mode [ 538.837487][T11293] tipc: Node identity 080211000001, cluster identity 4711 [ 538.844928][T11293] tipc: Enabled bearer , priority 0 [ 538.853565][T11293] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode [ 538.861265][T11293] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode [ 538.913705][T11294] netlink: 'syz.4.1196': attribute type 1 has an invalid length. [ 538.956120][T11294] sctp: [Deprecated]: syz.4.1196 (pid 11294) Use of int in max_burst socket option. [ 538.956120][T11294] Use struct sctp_assoc_value instead [ 539.184214][ T5890] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 539.334260][ T5890] usb 3-1: Using ep0 maxpacket: 32 [ 539.348295][ T5890] usb 3-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 539.374178][ T5890] usb 3-1: config 0 interface 0 has no altsetting 0 [ 539.410645][ T5890] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 539.443437][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.494341][ T5890] usb 3-1: config 0 descriptor?? [ 539.634191][ T5818] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 539.789425][ T5818] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 539.798818][ T5818] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 539.810435][ T5818] usb 1-1: Product: syz [ 539.815175][ T5818] usb 1-1: Manufacturer: syz [ 539.820196][ T5818] usb 1-1: SerialNumber: syz [ 539.865534][ T5818] usb 1-1: config 0 descriptor?? [ 539.892064][ T5818] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 042 [ 539.908069][ T5890] corsair-cpro 0003:1B1C:0C10.0009: unknown main item tag 0x0 [ 539.924325][ T5890] corsair-cpro 0003:1B1C:0C10.0009: unknown main item tag 0x0 [ 539.932313][ T5890] corsair-cpro 0003:1B1C:0C10.0009: unknown main item tag 0x0 [ 539.942394][ T5890] corsair-cpro 0003:1B1C:0C10.0009: unknown main item tag 0x0 [ 539.950419][ T5890] corsair-cpro 0003:1B1C:0C10.0009: unknown main item tag 0x0 [ 539.966703][ T5883] tipc: Node number set to 134418688 [ 539.974383][ T92] usb 6-1: new full-speed USB device number 27 using dummy_hcd [ 539.992220][ T5890] corsair-cpro 0003:1B1C:0C10.0009: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.2-1/input0 [ 540.113335][ T5890] corsair-cpro 0003:1B1C:0C10.0009: probe with driver corsair-cpro failed with error -38 [ 540.155619][ T92] usb 6-1: config 0 has an invalid interface number: 128 but max is 0 [ 540.163833][ T92] usb 6-1: config 0 has no interface number 0 [ 540.176309][ T92] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 540.186873][ T92] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.199650][ T92] usb 6-1: Product: syz [ 540.210575][ T5890] usb 3-1: USB disconnect, device number 37 [ 540.229541][ T92] usb 6-1: Manufacturer: syz [ 540.249757][ T92] usb 6-1: SerialNumber: syz [ 540.276969][ T92] usb 6-1: config 0 descriptor?? [ 540.303399][T11305] fido_id[11305]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 540.319485][ T5818] (null): failure reading functionality [ 540.352414][ T5818] i2c i2c-1: connected i2c-tiny-usb device [ 540.943087][ T92] usb 6-1: Firmware: major: 230, minor: 61, hardware type: UNKNOWN (237) [ 540.954266][T11310] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 540.976455][T11310] netlink: 'syz.1.1204': attribute type 4 has an invalid length. [ 541.053362][T11314] can0: slcan on ttyS3. [ 541.065681][ T92] usb 6-1: no permanent extended address found, random address set [ 541.074183][ T92] usb 6-1: atusb_probe: initialization failed, error = -524 [ 541.082936][ T92] atusb 6-1:0.128: probe with driver atusb failed with error -524 [ 541.146134][T11315] can0 (unregistered): slcan off ttyS3. [ 541.288495][ T92] usb 6-1: USB disconnect, device number 27 [ 541.352471][ T30] audit: type=1400 audit(1753888379.096:1677): avc: denied { connect } for pid=11300 comm="iou-wrk-11301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 541.683553][T11328] xt_l2tp: missing protocol rule (udp|l2tpip) [ 541.770109][T11331] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1208'. [ 541.783350][ T5890] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 542.062444][ T5883] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 542.260760][ T5818] usb 1-1: USB disconnect, device number 42 [ 542.275924][ T5890] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 543.190135][T11337] netlink: 'syz.0.1211': attribute type 1 has an invalid length. [ 543.212220][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 543.227890][ T5890] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 543.263398][ T5883] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 543.273444][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.284474][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.295903][ T5883] usb 2-1: config 0 descriptor?? [ 543.302368][ T5890] usb 3-1: config 0 descriptor?? [ 543.346948][ T5890] pwc: Askey VC010 type 2 USB webcam detected. [ 543.355765][ T5883] pwc: Askey VC010 type 2 USB webcam detected. [ 543.595269][T11350] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.767450][ T5883] pwc: recv_control_msg error -32 req 02 val 2b00 [ 543.780383][ T5890] pwc: recv_control_msg error -32 req 02 val 2b00 [ 543.937437][ T5883] pwc: recv_control_msg error -32 req 02 val 2700 [ 544.024500][ T5890] pwc: recv_control_msg error -32 req 02 val 2700 [ 544.031214][ T5883] pwc: recv_control_msg error -32 req 02 val 2c00 [ 544.039799][ T5890] pwc: recv_control_msg error -32 req 02 val 2c00 [ 544.055223][ T5890] pwc: recv_control_msg error -32 req 04 val 1000 [ 544.062319][ T5883] pwc: recv_control_msg error -32 req 04 val 1000 [ 544.069001][ T5890] pwc: recv_control_msg error -32 req 04 val 1300 [ 544.083734][ T5890] pwc: recv_control_msg error -32 req 04 val 1400 [ 544.091427][ T5883] pwc: recv_control_msg error -32 req 04 val 1300 [ 544.098953][ T5890] pwc: recv_control_msg error -32 req 02 val 2000 [ 544.110156][ T5890] pwc: recv_control_msg error -32 req 02 val 2100 [ 544.125004][ T5890] pwc: recv_control_msg error -32 req 04 val 1500 [ 544.131590][ T5883] pwc: recv_control_msg error -32 req 04 val 1400 [ 544.408697][ T5883] pwc: recv_control_msg error -32 req 02 val 2000 [ 544.454832][ T5883] pwc: recv_control_msg error -32 req 02 val 2100 [ 544.477909][ T5883] pwc: recv_control_msg error -32 req 04 val 1500 [ 544.493874][ T30] audit: type=1400 audit(1753888382.296:1678): avc: denied { write } for pid=11368 comm="syz.0.1217" name="sg0" dev="devtmpfs" ino=762 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 544.547173][ T30] audit: type=1400 audit(1753888382.296:1679): avc: denied { watch } for pid=11368 comm="syz.0.1217" path="/250/file1" dev="tmpfs" ino=1371 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 544.650507][ T5890] pwc: recv_control_msg error -71 req 02 val 2400 [ 544.774308][ T5883] pwc: recv_control_msg error -71 req 02 val 2400 [ 544.794346][ T5890] pwc: recv_control_msg error -71 req 02 val 2600 [ 544.804913][ T5883] pwc: recv_control_msg error -71 req 02 val 2600 [ 544.814043][ T5890] pwc: recv_control_msg error -71 req 02 val 2900 [ 544.822606][ T30] audit: type=1400 audit(1753888382.296:1680): avc: denied { watch_sb watch_reads } for pid=11368 comm="syz.0.1217" path="/250/file1" dev="tmpfs" ino=1371 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 544.856975][ T5883] pwc: recv_control_msg error -71 req 02 val 2900 [ 544.871466][ T5890] pwc: recv_control_msg error -71 req 02 val 2800 [ 544.958442][ T5890] pwc: recv_control_msg error -71 req 04 val 1100 [ 544.965236][ T5883] pwc: recv_control_msg error -71 req 02 val 2800 [ 544.985249][ T5890] pwc: recv_control_msg error -71 req 04 val 1200 [ 544.991907][ T5883] pwc: recv_control_msg error -71 req 04 val 1100 [ 545.846384][ T5883] pwc: recv_control_msg error -71 req 04 val 1200 [ 545.856928][ T5890] pwc: Registered as video103. [ 545.863377][ T5890] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input93 [ 545.906237][ T5883] videodev: could not get a free minor [ 545.949150][ T5883] pwc: Failed to register as video device (-23). [ 545.991315][ T5883] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -23 [ 546.008528][ T5890] usb 3-1: USB disconnect, device number 38 [ 546.047966][T11380] netlink: 'syz.4.1221': attribute type 1 has an invalid length. [ 546.080228][ T5883] usb 2-1: USB disconnect, device number 28 [ 546.973940][ T30] audit: type=1400 audit(1753888384.746:1681): avc: denied { setopt } for pid=11381 comm="syz.2.1223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 547.044447][T11397] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1224'. [ 547.534345][ T30] audit: type=1326 audit(1753888384.846:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11381 comm="syz.2.1223" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f255dd8e9a9 code=0x0 [ 547.595620][ T30] audit: type=1400 audit(1753888385.326:1683): avc: denied { connect } for pid=11381 comm="syz.2.1223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 550.468937][ T30] audit: type=1400 audit(1753888387.776:1684): avc: denied { getopt } for pid=11426 comm="syz.2.1233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 551.512901][T11439] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1235'. [ 552.096636][T11408] syz.1.1226 (11408): drop_caches: 2 [ 552.107068][T11433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 552.377019][ T30] audit: type=1400 audit(1753888390.136:1685): avc: denied { watch } for pid=11444 comm="syz.0.1239" path="/258/control" dev="tmpfs" ino=1415 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 552.446542][T11453] sctp: [Deprecated]: syz.0.1239 (pid 11453) Use of struct sctp_assoc_value in delayed_ack socket option. [ 552.446542][T11453] Use struct sctp_sack_info instead [ 552.467504][ T30] audit: type=1326 audit(1753888390.276:1686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4742f8e9a9 code=0x7ffc0000 [ 552.824745][ T30] audit: type=1326 audit(1753888390.276:1687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4742f8e9a9 code=0x7ffc0000 [ 552.848266][ C1] vkms_vblank_simulate: vblank timer overrun [ 552.906126][T11451] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 552.913803][T11451] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 552.921739][T11451] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 552.935017][T11451] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 552.941654][T11451] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 553.147115][ T30] audit: type=1326 audit(1753888390.276:1688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f4742f8e9a9 code=0x7ffc0000 [ 553.173589][ T30] audit: type=1326 audit(1753888390.276:1689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4742f8e9a9 code=0x7ffc0000 [ 553.197072][ C1] vkms_vblank_simulate: vblank timer overrun [ 553.237369][ T30] audit: type=1326 audit(1753888390.276:1690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4742f8e9a9 code=0x7ffc0000 [ 553.261677][ T92] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 553.286090][ T30] audit: type=1326 audit(1753888390.276:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f4742f8e9a9 code=0x7ffc0000 [ 553.310977][ T30] audit: type=1326 audit(1753888390.536:1692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4742f8e9a9 code=0x7ffc0000 [ 553.338217][ T30] audit: type=1326 audit(1753888390.536:1693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11455 comm="syz.1.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4742f8e9a9 code=0x7ffc0000 [ 553.364171][ T30] audit: type=1400 audit(1753888390.936:1694): avc: denied { create } for pid=11462 comm="syz.5.1241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 553.434287][ T92] usb 2-1: Using ep0 maxpacket: 32 [ 553.484238][ T92] usb 2-1: config 0 has an invalid interface number: 225 but max is 0 [ 553.499652][ T92] usb 2-1: config 0 has no interface number 0 [ 553.530782][ T92] usb 2-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=7e.79 [ 553.540527][ T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 553.548837][ T92] usb 2-1: Product: syz [ 553.553099][ T92] usb 2-1: Manufacturer: syz [ 553.558299][ T92] usb 2-1: SerialNumber: syz [ 553.581945][ T92] usb 2-1: config 0 descriptor?? [ 554.560305][ T92] mos7840 2-1:0.225: required endpoints missing [ 554.597597][ T92] usb 2-1: USB disconnect, device number 29 [ 554.713222][T11476] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 554.975258][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout [ 554.988737][ T5824] Bluetooth: hci5: command 0x0405 tx timeout [ 555.001275][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 555.009846][T11461] Bluetooth: hci3: command 0x0c1a tx timeout [ 555.044445][T11485] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1247'. [ 555.383733][T11490] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1249'. [ 555.451123][T11489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 555.601374][ T92] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 555.802437][T11491] delete_channel: no stack [ 555.916274][ T92] usb 6-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 555.926765][ T92] usb 6-1: config 0 interface 0 has no altsetting 0 [ 555.934318][ T92] usb 6-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 555.943540][ T92] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.960799][ T92] usb 6-1: config 0 descriptor?? [ 556.074180][ T5883] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 556.209830][ T92] usbhid 6-1:0.0: can't add hid device: -71 [ 556.217835][ T92] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 556.228699][ T5883] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 556.243902][ T92] usb 6-1: USB disconnect, device number 28 [ 556.254408][ T5883] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 556.275856][ T5883] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.296512][ T5883] usb 1-1: config 0 descriptor?? [ 556.309322][ T5883] pwc: Askey VC010 type 2 USB webcam detected. [ 556.374152][ T5818] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 556.536446][ T5818] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 556.548434][ T5818] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 556.558915][ T5818] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 556.568140][ T5818] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.586767][T11500] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 556.599967][ T5818] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 556.713893][ T5883] pwc: recv_control_msg error -32 req 02 val 2b00 [ 556.736982][ T5883] pwc: recv_control_msg error -32 req 02 val 2700 [ 556.754138][ T5867] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 556.779456][ T5883] pwc: recv_control_msg error -32 req 02 val 2c00 [ 556.787797][ T5883] pwc: recv_control_msg error -32 req 04 val 1000 [ 556.796326][ T5883] pwc: recv_control_msg error -32 req 04 val 1300 [ 556.803747][ T5883] pwc: recv_control_msg error -32 req 04 val 1400 [ 556.811295][ T5883] pwc: recv_control_msg error -32 req 02 val 2000 [ 556.819168][ T5883] pwc: recv_control_msg error -32 req 02 val 2100 [ 556.827215][ T5883] pwc: recv_control_msg error -32 req 04 val 1500 [ 557.024141][ T5867] usb 6-1: Using ep0 maxpacket: 32 [ 557.031925][ T5867] usb 6-1: config 0 has an invalid interface number: 231 but max is 0 [ 557.040050][ T5883] pwc: recv_control_msg error -71 req 02 val 2400 [ 557.048249][ T5883] pwc: recv_control_msg error -71 req 02 val 2600 [ 557.051953][ T5867] usb 6-1: config 0 has no interface number 0 [ 557.061940][ T5838] Bluetooth: hci5: command 0x0405 tx timeout [ 557.068141][ T5867] usb 6-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 557.071355][ T5883] pwc: recv_control_msg error -71 req 02 val 2900 [ 557.078427][ T5867] usb 6-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 557.084567][ T5867] usb 6-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 557.188726][ T5867] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 557.580034][ T5883] pwc: recv_control_msg error -71 req 02 val 2800 [ 557.580825][ T5867] usb 6-1: Product: syz [ 557.591250][ T5883] pwc: recv_control_msg error -71 req 04 val 1100 [ 557.602417][ T5883] pwc: recv_control_msg error -71 req 04 val 1200 [ 557.602913][ T5867] usb 6-1: Manufacturer: syz [ 557.615071][ T5883] pwc: Registered as video103. [ 557.627401][ T5883] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input94 [ 557.641073][ T5867] usb 6-1: SerialNumber: syz [ 557.653298][ T5883] usb 1-1: USB disconnect, device number 43 [ 557.662805][ T5867] usb 6-1: config 0 descriptor?? [ 557.682481][T11507] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 557.724408][T11507] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 557.747817][ T5867] plusb 6-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.5-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 82:70:91:e6:c9:43 [ 557.922587][T11519] xt_l2tp: missing protocol rule (udp|l2tpip) [ 558.024684][T11520] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1258'. [ 558.866548][T11528] netlink: 'syz.2.1261': attribute type 1 has an invalid length. [ 558.884925][ T5931] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 559.066281][ T5931] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 559.072656][T11531] netlink: 'syz.1.1262': attribute type 1 has an invalid length. [ 559.696989][ T5931] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 559.708966][ T5931] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.124174][ T92] usb 5-1: USB disconnect, device number 35 [ 560.227058][ T5931] usb 1-1: config 0 descriptor?? [ 560.256452][ T5883] usb 6-1: USB disconnect, device number 29 [ 560.263934][ T5883] plusb 6-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.5-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 560.318832][ T5931] pwc: Askey VC010 type 2 USB webcam detected. [ 560.322555][T11528] bond0 (unregistering): Released all slaves [ 560.554011][T11535] workqueue: Failed to create a rescuer kthread for wq "bond23": -EINTR [ 560.757901][ T5931] pwc: recv_control_msg error -32 req 02 val 2b00 [ 560.811490][ T5931] pwc: recv_control_msg error -32 req 02 val 2700 [ 560.824532][ T5931] pwc: recv_control_msg error -32 req 02 val 2c00 [ 560.844979][ T5931] pwc: recv_control_msg error -32 req 04 val 1000 [ 560.862249][ T5931] pwc: recv_control_msg error -32 req 04 val 1300 [ 560.884499][ T5931] pwc: recv_control_msg error -32 req 04 val 1400 [ 560.900288][ T5931] pwc: recv_control_msg error -32 req 02 val 2000 [ 560.981051][ T5931] pwc: recv_control_msg error -32 req 02 val 2100 [ 560.984670][T11549] xt_l2tp: missing protocol rule (udp|l2tpip) [ 561.524834][T11553] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1265'. [ 561.834950][ T5931] pwc: recv_control_msg error -71 req 02 val 2500 [ 561.846359][ T5931] pwc: recv_control_msg error -71 req 02 val 2400 [ 561.885150][ T5931] pwc: recv_control_msg error -71 req 02 val 2600 [ 562.046067][ T5883] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 562.055911][ T5931] pwc: recv_control_msg error -71 req 02 val 2900 [ 562.066124][ T5931] pwc: recv_control_msg error -71 req 02 val 2800 [ 562.107527][T11559] netlink: 'syz.4.1267': attribute type 1 has an invalid length. [ 562.119147][T11559] sctp: [Deprecated]: syz.4.1267 (pid 11559) Use of int in max_burst socket option. [ 562.119147][T11559] Use struct sctp_assoc_value instead [ 562.145579][ T5931] pwc: recv_control_msg error -71 req 04 val 1100 [ 562.161481][ T5931] pwc: recv_control_msg error -71 req 04 val 1200 [ 562.186290][ T5931] pwc: Registered as video103. [ 562.206559][ T5931] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input95 [ 562.224553][ T5883] usb 6-1: Using ep0 maxpacket: 32 [ 562.241751][ T5883] usb 6-1: config 0 has an invalid interface number: 231 but max is 0 [ 562.268147][ T5931] usb 1-1: USB disconnect, device number 44 [ 562.276456][ T5883] usb 6-1: config 0 has no interface number 0 [ 562.300646][ T5883] usb 6-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 562.339265][ T5883] usb 6-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 562.373056][ T5883] usb 6-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 562.409029][ T5883] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 562.429237][ T5883] usb 6-1: Product: syz [ 562.440335][ T5883] usb 6-1: Manufacturer: syz [ 562.456252][ T5883] usb 6-1: SerialNumber: syz [ 562.489762][ T5883] usb 6-1: config 0 descriptor?? [ 562.502008][T11552] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 562.513745][T11552] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 562.522002][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.530182][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.596908][ T5883] plusb 6-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.5-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, e2:9f:7d:bd:9d:f7 [ 562.844903][T11569] xt_l2tp: missing protocol rule (udp|l2tpip) [ 562.916392][T11570] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1271'. [ 563.436952][T11577] netlink: 'syz.0.1273': attribute type 3 has an invalid length. [ 564.274659][T11579] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1274'. [ 564.290361][T11577] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1273'. [ 564.299925][ T5883] usb 6-1: USB disconnect, device number 30 [ 564.317820][ T5883] plusb 6-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.5-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 564.732907][T11578] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 566.680118][T11594] /dev/loop0: Can't open blockdev [ 567.984858][ T30] audit: type=1400 audit(1753888405.666:1695): avc: denied { ioctl } for pid=11606 comm="syz.0.1281" path="socket:[28157]" dev="sockfs" ino=28157 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 568.391973][ T5838] Bluetooth: hci5: unexpected event for opcode 0x080d [ 568.794183][ T5931] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 569.010219][ T5931] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 569.316604][ T5931] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 569.325827][ T5931] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.346284][ T5931] usb 1-1: config 0 descriptor?? [ 569.387036][ T5931] pwc: Askey VC010 type 2 USB webcam detected. [ 569.465692][ T30] audit: type=1400 audit(1753888407.266:1696): avc: denied { create } for pid=11626 comm="syz.4.1288" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 569.784437][ T5890] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 569.800157][ T5931] pwc: recv_control_msg error -32 req 02 val 2b00 [ 569.808613][ T5931] pwc: recv_control_msg error -32 req 02 val 2700 [ 569.818531][ T5931] pwc: recv_control_msg error -32 req 02 val 2c00 [ 569.831219][ T5931] pwc: recv_control_msg error -32 req 04 val 1000 [ 569.849603][ T5931] pwc: recv_control_msg error -32 req 04 val 1300 [ 569.867276][ T5931] pwc: recv_control_msg error -32 req 04 val 1400 [ 569.887269][ T5931] pwc: recv_control_msg error -32 req 02 val 2000 [ 569.905304][ T5931] pwc: recv_control_msg error -32 req 02 val 2100 [ 569.944472][ T5890] usb 5-1: Using ep0 maxpacket: 16 [ 569.952072][ T5890] usb 5-1: config 251 has an invalid interface number: 117 but max is 0 [ 569.984943][ T5890] usb 5-1: config 251 has no interface number 0 [ 570.007618][ T5890] usb 5-1: config 251 interface 117 has no altsetting 0 [ 570.018085][T11638] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1291'. [ 570.072375][ T5890] usb 5-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice= d.3e [ 570.104319][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.134589][ T5931] pwc: recv_control_msg error -71 req 02 val 2500 [ 570.174670][ T5890] usb 5-1: Product: syz [ 570.178936][ T5890] usb 5-1: Manufacturer: syz [ 570.193281][ T5931] pwc: recv_control_msg error -71 req 02 val 2400 [ 570.204979][ T5890] usb 5-1: SerialNumber: syz [ 570.215747][ T5931] pwc: recv_control_msg error -71 req 02 val 2600 [ 570.251029][ T5931] pwc: recv_control_msg error -71 req 02 val 2900 [ 570.277115][ T5931] pwc: recv_control_msg error -71 req 02 val 2800 [ 570.312617][ T5931] pwc: recv_control_msg error -71 req 04 val 1100 [ 570.319745][ T5931] pwc: recv_control_msg error -71 req 04 val 1200 [ 570.327419][ T5931] pwc: Registered as video103. [ 570.333181][ T5931] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input96 [ 570.457569][T11627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 570.479777][T11627] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 570.514861][ T5890] gspca_main: spca500-2.14.0 probing 046d:0900 [ 570.591365][ T5931] usb 1-1: USB disconnect, device number 45 [ 570.614123][ T5890] gspca_spca500: reg write: error -71 [ 570.716191][ T5890] gspca_spca500: reg write: error -71 [ 570.724170][ T5890] gspca_spca500: reg write: error -71 [ 570.759404][ T5890] gspca_spca500: reg write: error -71 [ 570.919572][ T5890] gspca_spca500: reg write: error -71 [ 570.935286][ T5890] gspca_spca500: reg write: error -71 [ 570.981403][ T5890] gspca_spca500: reg write: error -71 [ 571.005250][ T5890] gspca_spca500: reg write: error -71 [ 571.011026][ T5890] gspca_spca500: reg write: error -71 [ 571.017014][ T5890] gspca_spca500: reg write: error -71 [ 571.023925][ T5890] gspca_spca500: reg write: error -71 [ 571.029721][ T5890] gspca_spca500: reg write: error -71 [ 571.035458][ T5890] gspca_spca500: reg write: error -71 [ 571.041204][ T5890] gspca_spca500: reg write: error -71 [ 571.115344][T11636] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 571.163550][T11645] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1292'. [ 571.194759][ T5890] usb 5-1: USB disconnect, device number 36 [ 571.793824][ T30] audit: type=1400 audit(1753888409.596:1697): avc: denied { write } for pid=11655 comm="syz.2.1295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 572.039136][ T5890] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 572.064175][T11663] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1297'. [ 572.176631][ T30] audit: type=1400 audit(1753888409.966:1698): avc: denied { map } for pid=11658 comm="syz.0.1296" path="socket:[29026]" dev="sockfs" ino=29026 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 572.199752][ C0] vkms_vblank_simulate: vblank timer overrun [ 572.227335][ T5890] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 572.238586][ T5890] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid maxpacket 50660, setting to 1024 [ 572.252039][T11662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 572.261246][ T5890] usb 5-1: config 0 interface 0 has no altsetting 0 [ 572.270333][ T5890] usb 5-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 572.280002][ T5890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 572.290858][ T5890] usb 5-1: config 0 descriptor?? [ 572.416119][ T5838] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 572.426059][ T5838] Bluetooth: hci5: Injecting HCI hardware error event [ 572.435293][T11461] Bluetooth: hci5: hardware error 0x00 [ 572.527878][ T30] audit: type=1400 audit(1753888410.316:1699): avc: denied { map } for pid=11668 comm="syz.1.1298" path="socket:[29034]" dev="sockfs" ino=29034 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 572.555778][ T30] audit: type=1400 audit(1753888410.316:1700): avc: denied { accept } for pid=11668 comm="syz.1.1298" path="socket:[29034]" dev="sockfs" ino=29034 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 572.579184][ C0] vkms_vblank_simulate: vblank timer overrun [ 572.614297][T11653] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 572.647741][T11653] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 574.684254][T11461] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 574.733419][ T5890] nintendo 0003:057E:200E.000A: unknown main item tag 0x0 [ 574.936379][ T5890] nintendo 0003:057E:200E.000A: unknown main item tag 0x0 [ 574.943747][ T5890] nintendo 0003:057E:200E.000A: item fetching failed at offset 2/5 [ 574.952750][ T5890] nintendo 0003:057E:200E.000A: HID parse failed [ 575.036814][ T5890] nintendo 0003:057E:200E.000A: probe - fail = -22 [ 575.065307][ T5890] nintendo 0003:057E:200E.000A: probe with driver nintendo failed with error -22 [ 575.129943][ T5890] usb 5-1: USB disconnect, device number 37 [ 575.240392][T11694] syz.2.1302: attempt to access beyond end of device [ 575.240392][T11694] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 575.301395][T11694] syz.2.1302: attempt to access beyond end of device [ 575.301395][T11694] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 575.314866][ T5867] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 575.596499][ T5867] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 575.610250][ T5867] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 575.656954][ T5867] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.665321][T11694] Mount JFS Failure: -5 [ 575.679282][T11697] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 575.734692][ T5867] usb 6-1: config 0 descriptor?? [ 575.749675][ T5867] pwc: Askey VC010 type 2 USB webcam detected. [ 576.395209][ T5867] pwc: recv_control_msg error -32 req 02 val 2b00 [ 576.403102][ T5867] pwc: recv_control_msg error -32 req 02 val 2700 [ 576.418583][ T5867] pwc: recv_control_msg error -32 req 02 val 2c00 [ 576.427005][ T5867] pwc: recv_control_msg error -32 req 04 val 1000 [ 576.462828][ T5867] pwc: recv_control_msg error -32 req 04 val 1300 [ 576.483174][ T5867] pwc: recv_control_msg error -32 req 04 val 1400 [ 576.495159][ T5867] pwc: recv_control_msg error -32 req 02 val 2000 [ 576.519112][ T5867] pwc: recv_control_msg error -32 req 02 val 2100 [ 576.771563][ T5867] pwc: recv_control_msg error -71 req 02 val 2500 [ 576.903151][ T5867] pwc: recv_control_msg error -71 req 02 val 2400 [ 577.474083][ T5867] pwc: recv_control_msg error -71 req 02 val 2600 [ 577.623961][ T5867] pwc: recv_control_msg error -71 req 02 val 2900 [ 577.645530][ T5867] pwc: recv_control_msg error -71 req 02 val 2800 [ 577.674911][T11711] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1306'. [ 577.740427][ T5867] pwc: recv_control_msg error -71 req 04 val 1100 [ 577.838279][ T5890] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 577.951635][ T5867] pwc: recv_control_msg error -71 req 04 val 1200 [ 578.004392][ T5867] pwc: Registered as video103. [ 578.007629][ T5890] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 578.051467][ T5867] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input97 [ 578.059642][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.931686][ T5890] usb 2-1: Product: syz [ 578.936274][ T5890] usb 2-1: Manufacturer: syz [ 578.941535][ T5890] usb 2-1: SerialNumber: syz [ 578.947581][ T5890] usb 2-1: config 0 descriptor?? [ 578.955256][ T5890] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 030 [ 578.994371][ T5867] usb 6-1: USB disconnect, device number 31 [ 579.455853][ T5890] (null): failure reading functionality [ 579.487688][ T5890] i2c i2c-1: connected i2c-tiny-usb device [ 579.822273][T11725] syz.4.1310: attempt to access beyond end of device [ 579.822273][T11725] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 582.744195][ T30] audit: type=1326 audit(1753888418.566:1701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11736 comm="syz.0.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc1f8e9a9 code=0x7ffc0000 [ 582.797777][ T5883] usb 2-1: USB disconnect, device number 30 [ 582.814162][ T30] audit: type=1326 audit(1753888418.566:1702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11736 comm="syz.0.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc1f8e9a9 code=0x7ffc0000 [ 582.911150][ T30] audit: type=1326 audit(1753888418.576:1703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11736 comm="syz.0.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7fddc1f8e9a9 code=0x7ffc0000 [ 583.727734][ T30] audit: type=1326 audit(1753888418.576:1704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11736 comm="syz.0.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc1f8e9a9 code=0x7ffc0000 [ 583.874145][ T5948] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 583.920135][ T30] audit: type=1326 audit(1753888418.576:1705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11736 comm="syz.0.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc1f8e9a9 code=0x7ffc0000 [ 583.944033][ T30] audit: type=1326 audit(1753888418.586:1706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11736 comm="syz.0.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fddc1f8e9a9 code=0x7ffc0000 [ 583.967750][ T30] audit: type=1326 audit(1753888418.586:1707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11736 comm="syz.0.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc1f8e9a9 code=0x7ffc0000 [ 583.992073][ T30] audit: type=1326 audit(1753888418.586:1708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11736 comm="syz.0.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc1f8e9a9 code=0x7ffc0000 [ 584.036790][ T30] audit: type=1326 audit(1753888418.586:1709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11736 comm="syz.0.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7fddc1f8e9a9 code=0x7ffc0000 [ 584.129830][T11758] FAULT_INJECTION: forcing a failure. [ 584.129830][T11758] name failslab, interval 1, probability 0, space 0, times 0 [ 584.142811][T11758] CPU: 1 UID: 0 PID: 11758 Comm: syz.5.1320 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 584.142837][T11758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 584.142847][T11758] Call Trace: [ 584.142853][T11758] [ 584.142860][T11758] dump_stack_lvl+0x16c/0x1f0 [ 584.142886][T11758] should_fail_ex+0x512/0x640 [ 584.142909][T11758] ? __kmalloc_noprof+0xbf/0x510 [ 584.142928][T11758] ? sock_kmalloc+0x111/0x170 [ 584.142950][T11758] should_failslab+0xc2/0x120 [ 584.142970][T11758] __kmalloc_noprof+0xd2/0x510 [ 584.142984][T11758] ? do_raw_spin_lock+0x12c/0x2b0 [ 584.143010][T11758] sock_kmalloc+0x111/0x170 [ 584.143035][T11758] hash_alloc_result+0xd7/0x150 [ 584.143060][T11758] hash_sendmsg+0x6df/0xfb0 [ 584.143095][T11758] sock_sendmsg+0x3c9/0x470 [ 584.143122][T11758] ? __pfx_sock_sendmsg+0x10/0x10 [ 584.143145][T11758] ? rcu_is_watching+0x12/0xc0 [ 584.143178][T11758] ? sock_from_file+0x5b/0x90 [ 584.143202][T11758] splice_to_socket+0xaf6/0x1110 [ 584.143220][T11758] ? find_held_lock+0x2b/0x80 [ 584.143253][T11758] ? __pfx_splice_to_socket+0x10/0x10 [ 584.143270][T11758] ? current_time+0x11d/0x1a0 [ 584.143298][T11758] ? atime_needs_update+0x8b/0x710 [ 584.143341][T11758] ? __pfx_shmem_file_splice_read+0x10/0x10 [ 584.143371][T11758] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 584.143389][T11758] ? __pfx_splice_to_socket+0x10/0x10 [ 584.143408][T11758] direct_splice_actor+0x18f/0x6c0 [ 584.143428][T11758] splice_direct_to_actor+0x342/0xa30 [ 584.143462][T11758] ? __pfx_direct_splice_actor+0x10/0x10 [ 584.143485][T11758] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 584.143512][T11758] ? __pfx_file_has_perm+0x10/0x10 [ 584.143542][T11758] do_splice_direct+0x174/0x240 [ 584.143569][T11758] ? __pfx_do_splice_direct+0x10/0x10 [ 584.143597][T11758] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 584.143626][T11758] ? bpf_lsm_file_permission+0x9/0x10 [ 584.143646][T11758] ? security_file_permission+0x71/0x210 [ 584.143667][T11758] ? rw_verify_area+0xcf/0x680 [ 584.143694][T11758] do_sendfile+0xb06/0xe50 [ 584.143724][T11758] ? __pfx_do_sendfile+0x10/0x10 [ 584.143750][T11758] ? __fget_files+0x20e/0x3c0 [ 584.143776][T11758] __x64_sys_sendfile64+0x1d8/0x220 [ 584.143795][T11758] ? ksys_write+0x1ac/0x250 [ 584.143810][T11758] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 584.143839][T11758] do_syscall_64+0xcd/0x4c0 [ 584.143862][T11758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.143880][T11758] RIP: 0033:0x7f9f11f8e9a9 [ 584.143896][T11758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.143913][T11758] RSP: 002b:00007f9f12d6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 584.143931][T11758] RAX: ffffffffffffffda RBX: 00007f9f121b6160 RCX: 00007f9f11f8e9a9 [ 584.143943][T11758] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000007 [ 584.143953][T11758] RBP: 00007f9f12d6d090 R08: 0000000000000000 R09: 0000000000000000 [ 584.143963][T11758] R10: 0000000002000081 R11: 0000000000000246 R12: 0000000000000001 [ 584.143975][T11758] R13: 0000000000000000 R14: 00007f9f121b6160 R15: 00007fffa2f38cc8 [ 584.143999][T11758] [ 584.487832][ T5948] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 584.498804][ T5948] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 584.508989][ T5948] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.535481][ T5948] usb 1-1: config 0 descriptor?? [ 584.574330][ T5948] pwc: Askey VC010 type 2 USB webcam detected. [ 585.074561][ T30] audit: type=1326 audit(1753888418.586:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11736 comm="syz.0.1315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc1f8e9a9 code=0x7ffc0000 [ 585.167413][ T5948] pwc: recv_control_msg error -32 req 02 val 2b00 [ 585.797752][ T5948] pwc: recv_control_msg error -32 req 02 val 2700 [ 585.816730][ T5948] pwc: recv_control_msg error -32 req 02 val 2c00 [ 585.833418][ T5948] pwc: recv_control_msg error -32 req 04 val 1000 [ 585.901300][ T5948] pwc: recv_control_msg error -32 req 04 val 1300 [ 586.136903][ T5948] pwc: recv_control_msg error -32 req 04 val 1400 [ 586.163773][ T5948] pwc: recv_control_msg error -32 req 02 val 2000 [ 586.202059][ T5948] pwc: recv_control_msg error -32 req 02 val 2100 [ 586.529123][ T5948] pwc: recv_control_msg error -71 req 02 val 2500 [ 586.535419][ T5948] pwc: recv_control_msg error -71 req 02 val 2400 [ 586.774609][ T5948] pwc: recv_control_msg error -71 req 02 val 2600 [ 586.781819][ T5948] pwc: recv_control_msg error -71 req 02 val 2900 [ 586.788918][ T5948] pwc: recv_control_msg error -71 req 02 val 2800 [ 586.797241][ T5948] pwc: recv_control_msg error -71 req 04 val 1100 [ 586.844206][ T5948] pwc: recv_control_msg error -71 req 04 val 1200 [ 586.864294][ T5948] pwc: Registered as video103. [ 586.876036][ T5948] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input98 [ 586.904249][ T5818] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 586.944657][ T5948] usb 1-1: USB disconnect, device number 46 [ 587.099388][T11791] SELinux: ebitmap start bit (2099205) is not a multiple of the map unit size (64) [ 587.179753][T11791] SELinux: failed to load policy [ 587.240006][ T5818] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 587.259575][ T5818] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.270087][ T5818] usb 6-1: Product: syz [ 587.274395][ T5818] usb 6-1: Manufacturer: syz [ 587.278999][ T5818] usb 6-1: SerialNumber: syz [ 587.289640][T11797] binder: 11792:11797 ioctl c0306201 2000000004c0 returned -22 [ 587.308605][ T5818] usb 6-1: config 0 descriptor?? [ 587.319505][ T5818] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 032 [ 587.439565][T11803] delete_channel: no stack [ 587.725830][ T5818] (null): failure reading functionality [ 587.747332][ T5818] i2c i2c-1: connected i2c-tiny-usb device [ 587.857731][T11802] 9pnet: Could not find request transport: Qd [ 589.664971][ T5948] usb 6-1: USB disconnect, device number 32 [ 590.567378][T11832] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1335'. [ 591.130567][T11839] FAULT_INJECTION: forcing a failure. [ 591.130567][T11839] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 591.145517][T11839] CPU: 0 UID: 0 PID: 11839 Comm: syz.5.1340 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 591.145535][T11839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 591.145542][T11839] Call Trace: [ 591.145546][T11839] [ 591.145552][T11839] dump_stack_lvl+0x16c/0x1f0 [ 591.145569][T11839] should_fail_ex+0x512/0x640 [ 591.145587][T11839] _copy_from_user+0x2e/0xd0 [ 591.145610][T11839] wext_handle_ioctl+0xc2/0x2a0 [ 591.145625][T11839] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 591.145642][T11839] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 591.145658][T11839] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 591.145674][T11839] sock_ioctl+0x3a1/0x6b0 [ 591.145692][T11839] ? __pfx_sock_ioctl+0x10/0x10 [ 591.145711][T11839] ? hook_file_ioctl_common+0x145/0x410 [ 591.145730][T11839] ? selinux_file_ioctl+0x180/0x270 [ 591.145741][T11839] ? selinux_file_ioctl+0xb4/0x270 [ 591.145753][T11839] ? __pfx_sock_ioctl+0x10/0x10 [ 591.145771][T11839] __x64_sys_ioctl+0x18e/0x210 [ 591.145787][T11839] do_syscall_64+0xcd/0x4c0 [ 591.145802][T11839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.145814][T11839] RIP: 0033:0x7f9f11f8e9a9 [ 591.145824][T11839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 591.145835][T11839] RSP: 002b:00007f9f12daf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 591.145846][T11839] RAX: ffffffffffffffda RBX: 00007f9f121b5fa0 RCX: 00007f9f11f8e9a9 [ 591.145853][T11839] RDX: 0000200000000280 RSI: 0000000000008b26 RDI: 0000000000000003 [ 591.145860][T11839] RBP: 00007f9f12daf090 R08: 0000000000000000 R09: 0000000000000000 [ 591.145866][T11839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 591.145873][T11839] R13: 0000000000000000 R14: 00007f9f121b5fa0 R15: 00007fffa2f38cc8 [ 591.145886][T11839] [ 591.338044][ C0] vkms_vblank_simulate: vblank timer overrun [ 591.537590][T11847] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1341'. [ 592.576034][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 592.576046][ T30] audit: type=1400 audit(1753888430.386:1724): avc: denied { mount } for pid=11853 comm="syz.4.1345" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 592.700097][ T30] audit: type=1400 audit(1753888430.466:1725): avc: denied { mounton } for pid=11853 comm="syz.4.1345" path="/274/file0/file0" dev="afs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1 [ 592.802549][T11461] Bluetooth: hci3: Malformed Event: 0x2f [ 593.126208][T11865] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 593.490100][ T30] audit: type=1400 audit(1753888431.296:1726): avc: denied { getopt } for pid=11866 comm="syz.1.1347" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 593.527560][ T30] audit: type=1400 audit(1753888431.316:1727): avc: denied { unmount } for pid=5822 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 593.529927][T11867] netlink: 'syz.1.1347': attribute type 1 has an invalid length. [ 593.597140][ T30] audit: type=1400 audit(1753888431.406:1728): avc: denied { bind } for pid=11870 comm="syz.2.1349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 593.621741][T11873] ------------[ cut here ]------------ [ 593.627394][T11873] WARNING: CPU: 0 PID: 11873 at kernel/kcov.c:872 kcov_remote_start+0xf7/0x6d0 [ 593.636377][T11873] Modules linked in: [ 593.640365][T11873] CPU: 0 UID: 0 PID: 11873 Comm: syz.1.1347 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 593.652065][T11873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 593.662124][T11873] RIP: 0010:kcov_remote_start+0xf7/0x6d0 [ 593.667749][T11873] Code: 65 4c 8b 3d 23 28 14 12 4d 89 7c 24 28 8b 95 18 16 00 00 65 8b 05 29 28 14 12 a9 00 01 ff 00 75 53 81 e2 ff ff ff bf 74 4b 90 <0f> 0b 90 e8 f1 fc ce 09 44 8b 1d 5a 98 23 19 89 c0 48 03 1c c5 20 [ 593.687363][T11873] RSP: 0018:ffffc90013ace9c0 EFLAGS: 00010002 [ 593.693432][T11873] RAX: 0000000080000200 RBX: ffffffff93d06968 RCX: 0000000000000001 [ 593.701422][T11873] RDX: 0000000000000002 RSI: ffffffff8dde96b2 RDI: ffffffff8c15ed80 [ 593.709403][T11873] RBP: ffff888036fd2440 R08: 9f8ca618369a0a17 R09: 0000000000000041 [ 593.717372][T11873] R10: ffffc90013ace880 R11: 0000000000000001 R12: ffff8880b8428968 [ 593.725329][T11873] R13: 0000000000000200 R14: 0000000000000000 R15: ffff888036fd2440 [ 593.733284][T11873] FS: 00007f4743ea16c0(0000) GS:ffff888124722000(0000) knlGS:0000000000000000 [ 593.742207][T11873] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 593.748781][T11873] CR2: 0000001b2f619ff8 CR3: 00000000750b5000 CR4: 00000000003526f0 [ 593.756761][T11873] Call Trace: [ 593.760027][T11873] [ 593.762949][T11873] ieee80211_rx_list+0x45f/0x2980 [ 593.767986][T11873] ? __lock_acquire+0x622/0x1c90 [ 593.772923][T11873] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 593.778377][T11873] ? __lock_acquire+0xb8a/0x1c90 [ 593.783318][T11873] ? lock_acquire+0x179/0x350 [ 593.787978][T11873] ieee80211_rx_napi+0xdc/0x410 [ 593.792814][T11873] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 593.798256][T11873] ? lockdep_hardirqs_on+0x7c/0x110 [ 593.803441][T11873] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 593.809238][T11873] ieee80211_handle_queued_frames+0xd5/0x130 [ 593.815205][T11873] ? ieee80211_stop_device+0x14/0x110 [ 593.820560][T11873] ieee80211_stop_device+0x32/0x110 [ 593.825744][T11873] ieee80211_do_stop+0x1ac3/0x2520 [ 593.830841][T11873] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 593.836281][T11873] ? do_raw_spin_lock+0x12c/0x2b0 [ 593.841301][T11873] ? mark_held_locks+0x49/0x80 [ 593.846049][T11873] ? __pfx_ieee80211_stop+0x10/0x10 [ 593.851250][T11873] ieee80211_stop+0x165/0x300 [ 593.855924][T11873] ? __pfx_ieee80211_stop+0x10/0x10 [ 593.861102][T11873] __dev_close_many+0x298/0x770 [ 593.865940][T11873] ? __pfx___dev_close_many+0x10/0x10 [ 593.871311][T11873] __dev_change_flags+0x4d8/0x720 [ 593.876328][T11873] ? __pfx___dev_change_flags+0x10/0x10 [ 593.881870][T11873] ? find_held_lock+0x2b/0x80 [ 593.886550][T11873] ? __pfx_validate_linkmsg+0x10/0x10 [ 593.891904][T11873] netif_change_flags+0x8d/0x160 [ 593.896826][T11873] do_setlink.constprop.0+0xb53/0x4380 [ 593.902277][T11873] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 593.908174][T11873] ? stack_trace_save+0x8e/0xc0 [ 593.913024][T11873] ? __lock_acquire+0xb8a/0x1c90 [ 593.917953][T11873] ? find_held_lock+0x2b/0x80 [ 593.922614][T11873] ? __mutex_trylock_common+0xe9/0x250 [ 593.928065][T11873] ? __pfx___mutex_trylock_common+0x10/0x10 [ 593.933936][T11873] ? __pfx___might_resched+0x10/0x10 [ 593.939204][T11873] ? rcu_is_watching+0x12/0xc0 [ 593.943962][T11873] ? trace_contention_end+0xdd/0x130 [ 593.949238][T11873] ? __mutex_lock+0x1c2/0x1070 [ 593.954000][T11873] ? __pfx___mutex_lock+0x10/0x10 [ 593.959010][T11873] ? cap_capable+0xb3/0x250 [ 593.963519][T11873] rtnl_newlink+0x1446/0x2000 [ 593.968183][T11873] ? __pfx_rtnl_newlink+0x10/0x10 [ 593.973195][T11873] ? find_held_lock+0x2b/0x80 [ 593.977852][T11873] ? avc_has_perm_noaudit+0x117/0x3b0 [ 593.983222][T11873] ? avc_has_perm_noaudit+0x149/0x3b0 [ 593.988589][T11873] ? __lock_acquire+0x622/0x1c90 [ 593.993527][T11873] ? find_held_lock+0x2b/0x80 [ 593.998186][T11873] ? __pfx_rtnl_newlink+0x10/0x10 [ 594.003191][T11873] ? __pfx_rtnl_newlink+0x10/0x10 [ 594.008216][T11873] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 594.013334][T11873] ? __pfx_rtnl_newlink+0x10/0x10 [ 594.018364][T11873] rtnetlink_rcv_msg+0x95e/0xe90 [ 594.023291][T11873] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 594.028739][T11873] ? ref_tracker_free+0x37c/0x830 [ 594.033763][T11873] netlink_rcv_skb+0x155/0x420 [ 594.038539][T11873] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 594.043987][T11873] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 594.049265][T11873] ? netlink_deliver_tap+0x1ae/0xd30 [ 594.054547][T11873] netlink_unicast+0x58d/0x850 [ 594.059314][T11873] ? __pfx_netlink_unicast+0x10/0x10 [ 594.064595][T11873] netlink_sendmsg+0x8d1/0xdd0 [ 594.069374][T11873] ? __pfx_netlink_sendmsg+0x10/0x10 [ 594.074660][T11873] ____sys_sendmsg+0xa98/0xc70 [ 594.079415][T11873] ? copy_msghdr_from_user+0x10a/0x160 [ 594.084862][T11873] ? __pfx_____sys_sendmsg+0x10/0x10 [ 594.090142][T11873] ___sys_sendmsg+0x134/0x1d0 [ 594.094798][T11873] ? futex_private_hash_put+0x176/0x300 [ 594.100325][T11873] ? __pfx____sys_sendmsg+0x10/0x10 [ 594.105500][T11873] ? __lock_acquire+0x622/0x1c90 [ 594.110441][T11873] __sys_sendmsg+0x16d/0x220 [ 594.115022][T11873] ? __pfx___sys_sendmsg+0x10/0x10 [ 594.120111][T11873] ? __x64_sys_futex+0x1e0/0x4c0 [ 594.125042][T11873] do_syscall_64+0xcd/0x4c0 [ 594.129529][T11873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.135405][T11873] RIP: 0033:0x7f4742f8e9a9 [ 594.139796][T11873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 594.159397][T11873] RSP: 002b:00007f4743ea1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 594.167791][T11873] RAX: ffffffffffffffda RBX: 00007f47431b6080 RCX: 00007f4742f8e9a9 [ 594.175741][T11873] RDX: 0000000000008000 RSI: 0000200000000280 RDI: 000000000000000b [ 594.183687][T11873] RBP: 00007f4743010d69 R08: 0000000000000000 R09: 0000000000000000 [ 594.191720][T11873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 594.199685][T11873] R13: 0000000000000000 R14: 00007f47431b6080 R15: 00007ffd816ce5b8 [ 594.207652][T11873] [ 594.210676][T11873] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 594.217950][T11873] CPU: 0 UID: 0 PID: 11873 Comm: syz.1.1347 Not tainted 6.16.0-syzkaller-04405-g4b290aae788e #0 PREEMPT(full) [ 594.229725][T11873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 594.239760][T11873] Call Trace: [ 594.243027][T11873] [ 594.245949][T11873] dump_stack_lvl+0x3d/0x1f0 [ 594.250520][T11873] panic+0x71c/0x800 [ 594.254413][T11873] ? __pfx_panic+0x10/0x10 [ 594.258836][T11873] ? show_trace_log_lvl+0x29b/0x3e0 [ 594.264037][T11873] ? kcov_remote_start+0xf7/0x6d0 [ 594.269145][T11873] check_panic_on_warn+0xab/0xb0 [ 594.274076][T11873] __warn+0xf6/0x3c0 [ 594.277962][T11873] ? kcov_remote_start+0xf7/0x6d0 [ 594.282963][T11873] report_bug+0x3c3/0x580 [ 594.287277][T11873] ? kcov_remote_start+0xf7/0x6d0 [ 594.292289][T11873] handle_bug+0x184/0x210 [ 594.296609][T11873] exc_invalid_op+0x17/0x50 [ 594.301093][T11873] asm_exc_invalid_op+0x1a/0x20 [ 594.305920][T11873] RIP: 0010:kcov_remote_start+0xf7/0x6d0 [ 594.311531][T11873] Code: 65 4c 8b 3d 23 28 14 12 4d 89 7c 24 28 8b 95 18 16 00 00 65 8b 05 29 28 14 12 a9 00 01 ff 00 75 53 81 e2 ff ff ff bf 74 4b 90 <0f> 0b 90 e8 f1 fc ce 09 44 8b 1d 5a 98 23 19 89 c0 48 03 1c c5 20 [ 594.331132][T11873] RSP: 0018:ffffc90013ace9c0 EFLAGS: 00010002 [ 594.337178][T11873] RAX: 0000000080000200 RBX: ffffffff93d06968 RCX: 0000000000000001 [ 594.345139][T11873] RDX: 0000000000000002 RSI: ffffffff8dde96b2 RDI: ffffffff8c15ed80 [ 594.353098][T11873] RBP: ffff888036fd2440 R08: 9f8ca618369a0a17 R09: 0000000000000041 [ 594.361046][T11873] R10: ffffc90013ace880 R11: 0000000000000001 R12: ffff8880b8428968 [ 594.369004][T11873] R13: 0000000000000200 R14: 0000000000000000 R15: ffff888036fd2440 [ 594.377050][T11873] ieee80211_rx_list+0x45f/0x2980 [ 594.382059][T11873] ? __lock_acquire+0x622/0x1c90 [ 594.386984][T11873] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 594.392473][T11873] ? __lock_acquire+0xb8a/0x1c90 [ 594.397484][T11873] ? lock_acquire+0x179/0x350 [ 594.402166][T11873] ieee80211_rx_napi+0xdc/0x410 [ 594.407018][T11873] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 594.412462][T11873] ? lockdep_hardirqs_on+0x7c/0x110 [ 594.417645][T11873] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 594.423429][T11873] ieee80211_handle_queued_frames+0xd5/0x130 [ 594.429393][T11873] ? ieee80211_stop_device+0x14/0x110 [ 594.434746][T11873] ieee80211_stop_device+0x32/0x110 [ 594.439926][T11873] ieee80211_do_stop+0x1ac3/0x2520 [ 594.445021][T11873] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 594.450460][T11873] ? do_raw_spin_lock+0x12c/0x2b0 [ 594.455484][T11873] ? mark_held_locks+0x49/0x80 [ 594.460237][T11873] ? __pfx_ieee80211_stop+0x10/0x10 [ 594.465412][T11873] ieee80211_stop+0x165/0x300 [ 594.470068][T11873] ? __pfx_ieee80211_stop+0x10/0x10 [ 594.475240][T11873] __dev_close_many+0x298/0x770 [ 594.480082][T11873] ? __pfx___dev_close_many+0x10/0x10 [ 594.485446][T11873] __dev_change_flags+0x4d8/0x720 [ 594.490450][T11873] ? __pfx___dev_change_flags+0x10/0x10 [ 594.495975][T11873] ? find_held_lock+0x2b/0x80 [ 594.500633][T11873] ? __pfx_validate_linkmsg+0x10/0x10 [ 594.505998][T11873] netif_change_flags+0x8d/0x160 [ 594.511021][T11873] do_setlink.constprop.0+0xb53/0x4380 [ 594.516472][T11873] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 594.522362][T11873] ? stack_trace_save+0x8e/0xc0 [ 594.527199][T11873] ? __lock_acquire+0xb8a/0x1c90 [ 594.532121][T11873] ? find_held_lock+0x2b/0x80 [ 594.536796][T11873] ? __mutex_trylock_common+0xe9/0x250 [ 594.542230][T11873] ? __pfx___mutex_trylock_common+0x10/0x10 [ 594.548101][T11873] ? __pfx___might_resched+0x10/0x10 [ 594.553368][T11873] ? rcu_is_watching+0x12/0xc0 [ 594.558110][T11873] ? trace_contention_end+0xdd/0x130 [ 594.563367][T11873] ? __mutex_lock+0x1c2/0x1070 [ 594.568128][T11873] ? __pfx___mutex_lock+0x10/0x10 [ 594.573128][T11873] ? cap_capable+0xb3/0x250 [ 594.577628][T11873] rtnl_newlink+0x1446/0x2000 [ 594.582297][T11873] ? __pfx_rtnl_newlink+0x10/0x10 [ 594.587299][T11873] ? find_held_lock+0x2b/0x80 [ 594.591953][T11873] ? avc_has_perm_noaudit+0x117/0x3b0 [ 594.597322][T11873] ? avc_has_perm_noaudit+0x149/0x3b0 [ 594.602698][T11873] ? __lock_acquire+0x622/0x1c90 [ 594.607645][T11873] ? find_held_lock+0x2b/0x80 [ 594.612317][T11873] ? __pfx_rtnl_newlink+0x10/0x10 [ 594.617334][T11873] ? __pfx_rtnl_newlink+0x10/0x10 [ 594.622347][T11873] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 594.627457][T11873] ? __pfx_rtnl_newlink+0x10/0x10 [ 594.632470][T11873] rtnetlink_rcv_msg+0x95e/0xe90 [ 594.637390][T11873] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 594.642832][T11873] ? ref_tracker_free+0x37c/0x830 [ 594.647848][T11873] netlink_rcv_skb+0x155/0x420 [ 594.652594][T11873] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 594.658039][T11873] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 594.663313][T11873] ? netlink_deliver_tap+0x1ae/0xd30 [ 594.668580][T11873] netlink_unicast+0x58d/0x850 [ 594.673383][T11873] ? __pfx_netlink_unicast+0x10/0x10 [ 594.678669][T11873] netlink_sendmsg+0x8d1/0xdd0 [ 594.683442][T11873] ? __pfx_netlink_sendmsg+0x10/0x10 [ 594.688724][T11873] ____sys_sendmsg+0xa98/0xc70 [ 594.693490][T11873] ? copy_msghdr_from_user+0x10a/0x160 [ 594.698941][T11873] ? __pfx_____sys_sendmsg+0x10/0x10 [ 594.704218][T11873] ___sys_sendmsg+0x134/0x1d0 [ 594.708879][T11873] ? futex_private_hash_put+0x176/0x300 [ 594.714409][T11873] ? __pfx____sys_sendmsg+0x10/0x10 [ 594.719592][T11873] ? __lock_acquire+0x622/0x1c90 [ 594.724543][T11873] __sys_sendmsg+0x16d/0x220 [ 594.729112][T11873] ? __pfx___sys_sendmsg+0x10/0x10 [ 594.734210][T11873] ? __x64_sys_futex+0x1e0/0x4c0 [ 594.739130][T11873] do_syscall_64+0xcd/0x4c0 [ 594.743631][T11873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.749515][T11873] RIP: 0033:0x7f4742f8e9a9 [ 594.753921][T11873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 594.773517][T11873] RSP: 002b:00007f4743ea1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 594.781927][T11873] RAX: ffffffffffffffda RBX: 00007f47431b6080 RCX: 00007f4742f8e9a9 [ 594.789883][T11873] RDX: 0000000000008000 RSI: 0000200000000280 RDI: 000000000000000b [ 594.797830][T11873] RBP: 00007f4743010d69 R08: 0000000000000000 R09: 0000000000000000 [ 594.805775][T11873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 594.813719][T11873] R13: 0000000000000000 R14: 00007f47431b6080 R15: 00007ffd816ce5b8 [ 594.821676][T11873] [ 594.824870][T11873] Kernel Offset: disabled [ 594.829173][T11873] Rebooting in 86400 seconds..