last executing test programs: 13.464773222s ago: executing program 0 (id=5280): ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f0000000100)={r0, &(0x7f00000000c0)=""/59}) r1 = socket$inet6(0xa, 0x3, 0x87) utime(&(0x7f0000000000)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x10000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x7, 0x7ff}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(0xffffffffffffffff, 0x0, 0x404c001) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)={0x2c, r5, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x2c}}, 0x20000000) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x1c, r5, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000011}, 0x4000810) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@multicast2, 0x4e23, 0x0, 0x0, 0xfffc, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1fffe0000000}, {0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x1}, {{@in6=@private2, 0x2000000, 0x2b}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x1, 0x3}}, 0xe8) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r6, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) connect$inet6(r1, &(0x7f00000000c0), 0x1c) r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000080)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r7, 0x7ab, &(0x7f0000000280)={0x0}) 11.051534983s ago: executing program 4 (id=5288): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWSET={0x234, 0x9, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_EXPRESSIONS={0x1f0, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @objref={{0xb}, @void}}, {0x40, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x1b}, @NFTA_CMP_SREG={0x8}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_CMP_OP={0x8}]}}}, {0x34, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_REDIR_REG_PROTO_MIN={0x8}, @NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_REDIR_REG_PROTO_MAX={0x8}]}}}, {0x168, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x158, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x4d, 0x3, "871a76eb2977612273fd825eb1e6bd6858695ceef8a7ff516efa73df308cd8e6476bfe230314f18aabc690ee87438d432a3b79f4c9bc4c0079973838a8a7f3c92eb92b25d9d737cfd9"}, @NFTA_TARGET_INFO={0x101, 0x3, "198599218fec4a58cc3d4d358b502e8b25ebf965a5b320d160f9a59d097fdcf985b99ce09aedc7f829562c7c4b2ba3b45e34d4f669927fbafda57c83e05d8568fed090abbbeb625e43165dc0cc38f5fb18cafc665479b294656ae0241065b5c7ec858daf90fd140cada71317e474d45e201a24ae9c1b0dd1e6aec7fafb2351b0390a8ee4e1df17227040c086cc34d6adeaeac58884519060b681e25bd4e88f452063bc7044828f60de41d43172c894226d5d76c097fea6860b388e662725a6c3be132af2dfc8552ad0588fab416af0df080592cd727e5876ae08a32273e818043f650dfde2cd2bf93ec8106b0fad1dd7da09189076f87f0ce9f745226b"}]}}}]}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x11b}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELSET={0x1b4, 0xb, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x5}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x3}, @NFTA_SET_EXPR={0x14, 0x11, 0x0, 0x1, @connlimit={{0xe}, @void}}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_EXPRESSIONS={0x15c, 0x12, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xc}, @NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}}}, {0x2c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x47}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x10}]}}}, {0xcc, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0xc0, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x94, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x44, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0x8, 0x1, "e8383bb3"}]}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x8677e0e84026ac08}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x3}]}}}, {0x1c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x15}]}}}, {0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}, {0x10, 0x1, 0x0, 0x1, @match={{0xa}, @void}}]}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x22}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x410}, 0x1, 0x0, 0x0, 0x8000}, 0x20000854) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x7d}}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000a0000010900020073797a31000000000900010073797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000900)}], 0x4}}, {{0x0, 0x0, &(0x7f0000000600), 0x0, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}], 0x60}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}], 0x3, 0x20000044) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00ef0008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 10.847372162s ago: executing program 4 (id=5289): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', 0x0}) r5 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010029bd7000f9dbdf250100000008000100", @ANYRES32=r6, @ANYBLOB="44000280400001002400010071756575655f696400"/44, @ANYRES32=r4, @ANYBLOB="69be66e17a1daf011c140eaf1aac3a436f798383a0789391"], 0x60}, 0x1, 0x400000000000000, 0x0, 0x90}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000300)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001a40)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x0, 0x1, 0x0, 0xb47, 0x9, 0x0, 0x80000001, 0x3}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x3f00) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000001ac0)=@newtfilter={0x8a4, 0x2c, 0x8, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x10, 0xa}, {0x9, 0x5}, {0x1, 0x3}}, [@filter_kind_options=@f_route={{0xa}, {0x874, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0x9c}, @TCA_ROUTE4_POLICE={0x858, 0x5, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x95a, 0x0, 0x6, 0x6, 0xffff6d2c, 0x81, 0x4, 0x0, 0xfffeffff, 0xcb, 0xe, 0x5b616068, 0xfffffff9, 0x8000, 0x2, 0x6, 0xffffffff, 0xae5, 0x400, 0x1, 0x294c, 0x6, 0x7e12, 0x4, 0x7, 0x0, 0xa, 0x3ff, 0x7, 0x40, 0x26, 0x85d827ea, 0x0, 0x5, 0x6, 0x3ff, 0x10001, 0x40, 0x7, 0x1, 0x9, 0x0, 0x8, 0x9, 0x7, 0x10000, 0x3, 0x7ff, 0x48000000, 0x6, 0x5, 0x2, 0x8, 0x4, 0x31, 0x3, 0x0, 0x0, 0x6, 0xfffff2d8, 0x5, 0x4, 0x0, 0xfa5, 0xfff, 0x5, 0x8001, 0x4, 0x8, 0x2, 0x7fff, 0x6, 0x84, 0x1000, 0x2, 0xffffc865, 0x1, 0x9, 0x0, 0x3, 0x9, 0x4, 0x580, 0x1, 0x1, 0x3, 0x8, 0x8, 0x8, 0x1000, 0x8, 0x952e, 0x7, 0x8, 0x8, 0x401, 0xfffffffc, 0x4, 0x1ff, 0x6416d30f, 0x0, 0x4, 0xeed8, 0x3ff, 0x77, 0x8, 0xe5a, 0x1, 0x1, 0xd, 0x1, 0x8, 0x6, 0x0, 0x3, 0x10, 0xffffffad, 0x7, 0x0, 0x6, 0x2, 0x6, 0xfffff000, 0xeebe, 0x84, 0x4, 0x1, 0x8, 0x6, 0xff, 0x9, 0x0, 0x10000, 0x8, 0x80800000, 0x1, 0x10, 0x400, 0x534, 0x7, 0x0, 0x7, 0xa, 0x8, 0x0, 0x94, 0x8001, 0x8000, 0x9, 0x6, 0x0, 0xd460, 0x200, 0x80000001, 0x10, 0x2, 0x8, 0x7, 0x7, 0x2, 0x7, 0x3, 0xfffffff7, 0xfffffe01, 0x400, 0x122, 0x7, 0x2, 0x9, 0x2, 0x6, 0xbd18, 0x4, 0x4, 0x400, 0x1000, 0x4, 0xfffffff5, 0x1e, 0x544, 0x0, 0x200, 0x80, 0xfffffff9, 0x4, 0xffffffc0, 0x5, 0x6, 0x9, 0x6831, 0x2, 0x6, 0x7fffffff, 0x9, 0x0, 0x9, 0xc, 0x6, 0xffff999f, 0x6, 0x1, 0x7, 0x9, 0x100101, 0x223, 0x1, 0xe, 0x27d2, 0x3, 0x7, 0x8, 0x8, 0x3a, 0x0, 0x6, 0xd, 0x2, 0x7, 0x131bc6ab, 0x4, 0x3, 0x2, 0x10001, 0x709, 0x5, 0x8, 0x0, 0x7, 0x0, 0x9, 0x5, 0x4, 0x25df, 0x5, 0x9, 0xbfe5, 0x6f, 0x80, 0x10, 0x5, 0x8, 0x670b, 0x81, 0x6, 0xfffffff7, 0x8000, 0x5d426144, 0x5, 0x2, 0x10001, 0x9, 0xfffffcc7, 0xb0d, 0x8, 0xa, 0xfffffffe]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x9}, @TCA_POLICE_TBF={0x3c, 0x1, {0x8001, 0x10000000, 0x9, 0x100, 0x9, {0x6, 0x0, 0x8001, 0x5, 0xf33, 0x67e2}, {0x9, 0x2, 0x3, 0x1, 0x6, 0x80}, 0x0, 0x200, 0x5}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x10000}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3, 0x6, 0x80000000, 0x26, 0x7f56, 0x6, 0xf0a0, 0x2, 0x9, 0x80000000, 0x7, 0x101, 0x0, 0x3, 0x80, 0x8, 0x1ff, 0xf, 0x6, 0x2, 0x7, 0x3, 0xde3, 0x7b, 0x10000, 0x5, 0xa2, 0x8, 0x8001, 0x4, 0xffff, 0x672, 0xffff8325, 0x5, 0x4, 0x40, 0x5, 0x401, 0x3, 0x0, 0x2000200, 0x8, 0x3, 0x8, 0x4, 0x4, 0xfffffffb, 0x1, 0x7f, 0x5, 0x7, 0x7, 0x3, 0x1, 0x4db8, 0x589, 0x1ff, 0x100, 0x400, 0x2934, 0x9, 0x7, 0xff, 0x413, 0x7, 0x40, 0x9, 0x7, 0x3e, 0x63f, 0x400, 0x1, 0x3c9, 0xff, 0x9, 0x4, 0x81, 0x913, 0x8, 0x6, 0x0, 0x5, 0x6, 0xffffffff, 0x200, 0x0, 0x3ff, 0x9, 0x5, 0xc727, 0x8001, 0x8, 0x80, 0x143e, 0x8, 0x401, 0x2, 0x1, 0x3f, 0x200, 0x5, 0x1, 0x3, 0x6, 0xa, 0x4, 0x4, 0x401, 0x6, 0x9, 0xfffffffe, 0x0, 0x9, 0xc99, 0x0, 0x4, 0xc87da4, 0x925e, 0x9, 0x10000, 0x7ff, 0x401, 0x3c6, 0x4, 0x7, 0xea75, 0x100, 0x8894, 0x6, 0x7, 0xf7c, 0x9, 0x5, 0xfffffff9, 0xb, 0x3, 0x8, 0x5, 0xfffeffff, 0xb5, 0x0, 0x302, 0x1, 0x5, 0x3, 0x3, 0x401, 0x10001, 0x2, 0x0, 0x8, 0x6b, 0x1, 0x7e, 0xfffffb01, 0x4, 0x6, 0xa, 0x3ab, 0x2, 0xa, 0xfffffffc, 0x5, 0x401, 0x3, 0x80000000, 0x3e8, 0x9381, 0xffff, 0x2, 0x5, 0x6, 0x412, 0x4, 0x10000, 0x5b, 0x9e81, 0x0, 0x80000007, 0x62fa, 0x5, 0xc, 0x7fffffff, 0x80, 0x7, 0x4, 0x80, 0x2, 0x4, 0x8, 0xfffff8b3, 0x2f, 0x8001, 0x6, 0x9, 0x1, 0x8, 0x1, 0x1ff, 0x9, 0x800000, 0x6, 0x2, 0xd09c, 0xe, 0x7, 0x1, 0x2, 0x7fff, 0x80000000, 0xd, 0x1, 0xfff, 0x3, 0x8, 0x3, 0xdce, 0x2, 0x80, 0x3, 0x8, 0xfffffc01, 0x200, 0xdc, 0xde4, 0x9, 0x5, 0x6, 0x9, 0x0, 0x43a, 0xfffffffd, 0x0, 0x5, 0x4, 0x9cb, 0x3, 0xc, 0x80000000, 0xa, 0x1, 0x32b5, 0xb02, 0x1, 0x3, 0x0, 0x8000, 0xd42, 0x4, 0x5, 0x80c, 0x3529, 0xb, 0x1, 0x1ff, 0x2c45ab02]}]}, @TCA_ROUTE4_FROM={0x8, 0x3, 0x8b}, @TCA_ROUTE4_TO={0x8, 0x2, 0x8}]}}]}, 0x8a4}}, 0x800) ioctl$PTP_PIN_GETFUNC(0xffffffffffffffff, 0xc0603d06, &(0x7f0000000380)={'\x00', 0x9, 0x0, 0x7}) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0) r9 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0) writev(r9, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0xff2b}], 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) 10.137271341s ago: executing program 2 (id=5291): openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x181002, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4000000) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) socket$inet(0x2, 0x2, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r2) read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x401, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2c099, 0x6400}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8c1}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) close_range(r6, 0xffffffffffffffff, 0x0) sendmsg$netlink(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="240000002d00010000000067a441856eee05774a88a8f97ae7bf749b6511c33986802faf", @ANYRES32, @ANYBLOB="0b0000800010"], 0x24}], 0x1}, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) 9.644226222s ago: executing program 4 (id=5292): socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x102a02, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000002340)={0xffffffffffffffff, &(0x7f0000002380)="7a1fbe9e57d90e6cd6a2e96c295a29c22b0e69e04c65eb8bf93f2f64ee0cdab276e4154c7a684e896e92045629d98680f6d7d0d571a1080049037caf195b9ed2e971568bd01465f3c33961c91549f25f1387e587fbf6d68b2da726ad313fedacb0ffad785068f81446ac78e9784c8553494afcaf71ce27e8a56e67a2eee9b728cbf90c191d03b8f316bad32e83291881321332b90b0f9900aed37b2879b0faae7e0a28e1e01f45a8b9e59f8783be1c56971cba0985af16bc71cd944367d43d60d6b854297575bcff01d3baa5b6e770efeadbb6", 0x0}, 0x77) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0) r2 = dup(r1) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x520380, 0x10b) write$binfmt_format(r3, &(0x7f0000000100)='0\x00', 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r4, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r3, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x3, &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0], 0x0, 0x3d, &(0x7f00000004c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000500), &(0x7f0000000540), 0x8, 0x64, 0x8, 0x8, &(0x7f0000000580)}}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r6) sendmmsg$inet6(r6, &(0x7f0000005400)=[{{&(0x7f0000000040)={0xa, 0x4e27, 0xfff, @remote, 0x2}, 0xffffff11, 0x0}}], 0x1, 0x1000) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r6}, 0x20) recvmsg$unix(r6, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f00000003c0)=""/199, 0xc7}], 0x1}, 0x20) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x78, '\x00', 0x0, @fallback=0x30, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) write$qrtrtun(r3, &(0x7f0000000300)="ca0e808bb35b", 0x6) process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002600)=""/4096, 0x1000}], 0x1, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x2}}, 0x40) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9) mmap(&(0x7f0000097000/0x1000)=nil, 0x1000, 0x4, 0x28011, r2, 0x0) r9 = dup(r0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r9, 0x89f0, &(0x7f0000000340)={'ip6gre0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x29, 0x2, 0x7, 0x40, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x10, 0x9, 0x6}}) recvfrom$packet(r2, &(0x7f00000000c0)=""/196, 0xc4, 0x40, &(0x7f00000003c0)={0x11, 0x11, r10, 0x1, 0xfd, 0x6, @remote}, 0x14) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r9, &(0x7f0000000200)={0xb, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x5be}}, 0x18) setsockopt$inet_tcp_buf(r9, 0x6, 0x3e, &(0x7f0000000880)="dc8daf8d760c0b8caa98ea19c6a35a1b883775d272c579ff33a6effc0c49320f4ad969561b2c0cf6ead75324a6f632d3ea30fd6e66a6c366d416f80f05da37953f14e79d463a0c79da9eb0f325467f93d75cd0b99918086581eb63d81d7f6014d41cf815c46884f6d53ba424423efd763e5e0ad3a70b6e4894a6b05d3c47fd2806c3772095b59014216c6675e901eacd447136267518f261f386201976392962f43a", 0xa2) 9.614216682s ago: executing program 0 (id=5293): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x3e, 0x301, 0x270bd24, 0x25dfdbfa, {0x1}}, 0x14}}, 0xc004) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000100)='./bus\x00') open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file1\x00') sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24008041, &(0x7f0000000040)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000207d1e512d00000000000109022400010000000009040000010300020009210000000122050009058103"], 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f00000004c0)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) ioctl$TIOCGICOUNT(r1, 0x545d, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r6, @ANYBLOB="00000016010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="60000000100039042cbd7000eaffffff000003e4", @ANYRES32=r6, @ANYBLOB="8300040000000000400012800800010073697400340002"], 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x4040) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x240008c0) 9.595572486s ago: executing program 1 (id=5294): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0) sendfile(r2, r2, 0x0, 0x101) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="280000001c000100000000000200000007000000", @ANYRES32=r3, @ANYBLOB="011042040a0002aacdefd16f3f52fa23ba5ecc3f693b47f6d84860ab50f9f7586764e67952775c23f45198d08ed951c721e019217fde72cdb0b02a72a3c9d1a3447c9baf0ff5ff04e87978f672fe72a5420a91793c013bcc0a55f25d920e41ade6968fe4a36ef2df9a9a132ae529fb83cbadd850766f7faf5f29371d6b214131b7ae8180e48f7b8afd841d0f44927b9f1cd823882e02ca4db7f96e9234603c00f5794297ce431ff296ea0cd99f23588651efc7a1972a47fcf6eff852717d2da658fbe8ff28dd33079d1ba09c75b9dc33254d20b9ae39f34b6c12e58376a4474f8a9170bab01f04df6abbfb5441dea513519ef08a8d1e0423f13a318a64d1bb5a664c2942e39257ac3de6909d69a1fdbd71a490f3a8e0bd804bd5fad3bda90e2a64635b78001fc1e5528b828eba61f8a1091998353b9d098d84e9d529355a4d8800754d03ce4688cc674bbf0791a916a05dfa68216865c1cbe58f86144d5a70b95612eac13220a249583e952c095360d6ef4cdce51b2f1312a473e0b77f639526a0415ccd3a08893f5328a10daef220818eceb389ef56bd5fce6007bfcfc10cf83f77d924297324081e96f7ddebf37cf88cfbff267544c739c6b10040220e6110d324305e6fe7c2c6df2a50da3bb47dfd96534e8a158d109b965faaafe1"], 0x28}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000000)=@getqdisc={0x28, 0x26, 0x100, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x8, 0xfff3}, {0xfff2, 0xd}, {0xfff3, 0xb}}, [{0x4}]}, 0x28}}, 0x80000) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000540)=ANY=[@ANYRESDEC=0x0, @ANYRESHEX=r4, @ANYBLOB='fd=', @ANYBLOB=',group_id=', @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYRES8=r3, @ANYBLOB="6dbc0d0298ce57b7045fe65cad0762ee84653b0599381cc27f28d8e4bfaaf3d344", @ANYRES16=r4]) read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0xdfffffff, 0x5e490420, 0x4, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88}}, 0x50) syz_fuse_handle_req(r4, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x3731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r6, 0xffffffffffffffff, 0x0) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000300)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r8, &(0x7f0000000000)={0x7, 0x8, 0xfa00, {r9, 0x4}}, 0x10) write$RDMA_USER_CM_CMD_REJECT(r7, &(0x7f0000000600)={0x9, 0x108, 0xfa00, {r9, 0x9c, "e5c714", "f37d21b1cdbd673cf0b2ba053a67c0da7c46bf32869598354f397e02f1bd27a05fce7da2ba041c749b8efab53d33f8b3402e3775a1a6ecf2035837737842061791c3f0d0d00fb021d368433462027e1c2751fabe46965135720e4cf13c0fe91c52232d89c3c6a85e5c2ef73ded968b41841da67b8ef630314062249511b538368343453a73a52d490831536ad9fe5a2b70d326a25a58af9d678c01fb0abfa92ef771a0c88973c18f80ea96bccd11fec1014b06cb7bfd2f77d5e061d98f562aad3a88b1d46ef1b2aef38a830edeea00a42c79214df35dd04793ad6de29b6cd336f37382b28c1565082ded9cd592147717b8e2ad0483222d0bc78a17d69adac499"}}, 0x110) socket$packet(0x11, 0x2, 0x300) 9.564876171s ago: executing program 3 (id=5295): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000002180)=[{{&(0x7f0000000280)={0x2, 0x4e20, @private=0xa010101}, 0x10, &(0x7f0000001140)=[{0x0}], 0x1}}, {{&(0x7f0000000180)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000500)="c4", 0x1}], 0x1}}], 0x2, 0x48000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000100), 0xdc, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0xc0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10, 0x0}, 0x30004040) (fail_nth: 3) 9.550818098s ago: executing program 2 (id=5296): socket(0x400000000010, 0x3, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) gettid() r0 = openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x20c03, 0x0) mount(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000800)='9p\x00', 0x0, &(0x7f0000000900)='trans=tcp,') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES64=r1, @ANYRESDEC=r0], 0x50) close(0x3) bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000080)="8301fa", 0x3) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) add_key$user(0x0, &(0x7f0000002340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r5 = socket(0x2, 0x80805, 0x0) r6 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x9, 0x2, 0x6a}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x63}, {@rand_addr=0x64010102, 0x4e20, 0x2, 0x4d, 0x12d5f, 0x3}}, 0x4c) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r4, @ANYBLOB="0000000003120100500012800b0001006272696467650000400002800800050001000000060027"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) 8.702119519s ago: executing program 3 (id=5297): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) getpeername(r2, &(0x7f00000003c0)=@l2tp6={0xa, 0x0, 0x0, @local}, &(0x7f0000000440)=0x80) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x100) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20008811) socket$kcm(0x29, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x50) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x300000b, 0x11, r3, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000440)={@local, @random="429e82211cf8", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x1a, 0x28, 0x66, 0x0, 0x3, 0x6, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x23}}, {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x4ede, 0x0, 0xec6}}}}}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r4, 0x89f6, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_regs={0x4, 0x0, 0xb, "2a16561edfd2f20ab3ed4a"}}) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[], 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0xcc, 0x21, 0x1, 0x70bd27, 0xfffffffe, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@loopback, 0xdffc, 0x0, 0x0, 0x0, 0xa, 0xe0, 0x80}, 0x2}, [@migrate={0x50, 0x11, [{@in6=@dev={0xfe, 0x80, '\x00', 0x15}, @in=@multicast1, @in=@private=0xa010102, @in6=@remote, 0x3c, 0x0, 0x0, 0x0, 0x2, 0xa}]}, @user_kmaddress={0x2c, 0x13, {@in6=@dev={0xfe, 0x80, '\x00', 0x2b}, @in=@private=0xa010100, 0x0, 0x2}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x800}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@dellinkprop={0x40, 0x6d, 0x800, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r7, 0x400}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0x9}, @IFLA_MTU={0x8, 0x4, 0x6}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x5327b}, @IFLA_LINK_NETNSID={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0xa1}, 0x4008000) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) 7.555761431s ago: executing program 4 (id=5298): socket$inet6_tcp(0xa, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2803, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1d00000007"], 0x50) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) 7.524442415s ago: executing program 1 (id=5299): r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r1, 0x0, 0x4000) socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SOUND_OLD_MIXER_INFO(r1, 0x80304d65, 0x0) r5 = socket$netlink(0x10, 0x3, 0x13) writev(r5, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b00090080000efffeffe809000000ffffffffe7ee00000000000000000200"/86, 0x56}, {&(0x7f00000001c0)='\x00\x00', 0x2}], 0x2) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r7 = fcntl$dupfd(r6, 0x0, r6) write$sndseq(r7, &(0x7f0000000180), 0x0) write$sndseq(r7, &(0x7f00000005c0)=[{0x3, 0x4, 0x5, 0x1, @time={0x9, 0x7}, {0x1, 0x10}, {0x4, 0x10}, @raw32={[0x4, 0x1, 0x81]}}, {0x2, 0x7, 0x7f, 0x1, @time={0x40, 0xe69}, {0xe}, {0x7, 0x9}, @ext={0x0, 0x0}}, {0x3, 0x5, 0x7f, 0x0, @time={0x5, 0x80000}, {0x1, 0x2}, {0x9, 0x81}, @connect={{0x62, 0x83}, {0x1, 0x40}}}], 0x54) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe1, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f086dd65e0ffff00121100631177fbac141416e000030a44079f03fe8000000000000000000000000000222f050b038da1880b251810a59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x50) r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x3, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) sendmmsg$inet6(r0, &(0x7f0000003800)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000200)={0xa, 0x4e23, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="2000000000000000290000000400001a3c000000000000000502010000000000"], 0x20}}], 0x2, 0x4000050) 7.514899755s ago: executing program 2 (id=5300): ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)=@newtaction={0x64, 0x30, 0x1, 0x70bd2b, 0xfffffefd, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x9, 0x1, 0x9, 0x7860, 0xfff}, 0x4c}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4084}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32, @ANYBLOB="06001500070000000c001680080001"], 0x38}}, 0x10) r1 = syz_usb_connect(0x2, 0x2d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000c8bd0b20f8061b3039bb0102030109021b0001000000000904"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x70, 0x2, 0x6, 0x301, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x4080}, 0x4000) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000200)={0x2, 'lo\x00', 0x3}, 0x18) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) read$FUSE(r4, &(0x7f0000009780)={0x2020}, 0x2020) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="eeffffffd9a7ffff3f05452fbf309504edfe2c62425ccee3b237412f300c56a010aab57818ea52a81f79e5bf0cd2a390c971596a9a35937266c3d21fa76fc7", @ANYRES64=0x3], 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x4000000000001f2, 0xfff0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) write$P9_RMKDIR(r5, &(0x7f00000001c0)={0x14, 0x49, 0x7ffd, {0x40, 0x4, 0x5}}, 0x14) 6.923142828s ago: executing program 3 (id=5301): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x181002, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @empty}, 0x10) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) socket$inet(0x2, 0x2, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r4) read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, 0x0, 0x0) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) write$uinput_user_dev(r6, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$netlink(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="240000002d00010000000067a441856eee05774a88a8f97ae7bf749b6511c33986802faf", @ANYRES32, @ANYBLOB="0b0000800010"], 0x24}], 0x1}, 0x0) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) 6.459366248s ago: executing program 0 (id=5302): socket(0x400000000010, 0x3, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) gettid() r0 = openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x20c03, 0x0) mount(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000800)='9p\x00', 0x0, &(0x7f0000000900)='trans=tcp,') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES64=r1, @ANYRESDEC=r0], 0x50) close(0x3) bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000080)="8301fa", 0x3) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) add_key$user(0x0, &(0x7f0000002340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x9, 0x2, 0x6a}, 0x2c) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r4, @ANYBLOB="0000000003120100500012800b0001006272696467650000400002800800050001000000060027"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) 6.421481037s ago: executing program 1 (id=5303): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) getpeername(r2, &(0x7f00000003c0)=@l2tp6={0xa, 0x0, 0x0, @local}, &(0x7f0000000440)=0x80) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x100) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20008811) socket$kcm(0x29, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x50) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x300000b, 0x11, r3, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000440)={@local, @random="429e82211cf8", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x1a, 0x28, 0x66, 0x0, 0x3, 0x6, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x23}}, {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x4ede, 0x0, 0xec6}}}}}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r4, 0x89f6, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_regs={0x4, 0x0, 0xb, "2a16561edfd2f20ab3ed4a"}}) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[], 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000ac1414aa00000000000000000000000000000005000000000a00000000000000", @ANYRES32=0x0, @ANYRES32], 0xfc}}, 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0xcc, 0x21, 0x1, 0x70bd27, 0xfffffffe, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@loopback, 0xdffc, 0x0, 0x0, 0x0, 0xa, 0xe0, 0x80}, 0x2}, [@migrate={0x50, 0x11, [{@in6=@dev={0xfe, 0x80, '\x00', 0x15}, @in=@multicast1, @in=@private=0xa010102, @in6=@remote, 0x3c, 0x0, 0x0, 0x0, 0x2, 0xa}]}, @user_kmaddress={0x2c, 0x13, {@in6=@dev={0xfe, 0x80, '\x00', 0x2b}, @in=@private=0xa010100, 0x0, 0x2}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x800}, 0x0) 6.25721961s ago: executing program 4 (id=5304): ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f0000000100)={r0, &(0x7f00000000c0)=""/59}) r1 = socket$inet6(0xa, 0x3, 0x87) utime(&(0x7f0000000000)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x10000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x7, 0x7ff}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(0xffffffffffffffff, 0x0, 0x404c001) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)={0x38, r5, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r6}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x38}}, 0x20000000) sendmsg$NBD_CMD_DISCONNECT(r3, 0x0, 0x4000810) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@multicast2, 0x4e23, 0x0, 0x0, 0xfffc, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1fffe0000000}, {0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x1}, {{@in6=@private2, 0x2000000, 0x2b}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x1, 0x3}}, 0xe8) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r7, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) connect$inet6(r1, &(0x7f00000000c0), 0x1c) r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000080)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r8, 0x7ab, &(0x7f0000000280)={0x0}) 4.811721013s ago: executing program 1 (id=5305): pipe2$watch_queue(0x0, 0x80) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000140), 0x111, 0x8}}, 0x20) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000, 0xf, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x5) r0 = socket$packet(0x11, 0x2, 0x300) bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) syz_emit_ethernet(0x4e, &(0x7f0000001840)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000008100320086dd600a843500140600fe8000000000000000000000000000bbfe8000000000000000000000000000aaffff4e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="72090000bf7fd347"], 0x0) r1 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r1, 0x29, 0x16, &(0x7f0000000040)=0x1, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r4, &(0x7f00000000c0), 0x1011f, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x8) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000270009002abd7000fddbdf250e"], 0x14}, 0x1, 0x0, 0x0, 0x4000002}, 0x4000080) 4.767559333s ago: executing program 0 (id=5306): ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r0, @ANYBLOB="06001500070000000c001680080001"], 0x38}}, 0x10) r1 = syz_usb_connect(0x2, 0x2d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000c8bd0b20f8061b3039bb0102030109021b0001000000000904"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x70, 0x2, 0x6, 0x301, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x70}, 0x1, 0x0, 0x0, 0x4080}, 0x4000) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000200)={0x2, 'lo\x00', 0x3}, 0x18) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) read$FUSE(r4, &(0x7f0000009780)={0x2020}, 0x2020) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="eeffffffd9a7ffff3f05452fbf309504edfe2c62425ccee3b237412f300c56a010aab57818ea52a81f79e5bf0cd2a390c971596a9a35937266c3d21fa76fc7", @ANYRES64=0x3], 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x4000000000001f2, 0xfff0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) write$P9_RMKDIR(r5, &(0x7f00000001c0)={0x14, 0x49, 0x7ffd, {0x40, 0x4, 0x5}}, 0x14) 4.665389207s ago: executing program 3 (id=5307): socket(0x400000000010, 0x3, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) gettid() r0 = openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x20c03, 0x0) mount(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000800)='9p\x00', 0x0, &(0x7f0000000900)='trans=tcp,') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES64=r1, @ANYRESDEC=r0], 0x50) close(0x3) bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000080)="8301fa", 0x3) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) add_key$user(0x0, &(0x7f0000002340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socket(0x2, 0x80805, 0x0) r5 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x9, 0x2, 0x6a}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r4, @ANYBLOB="0000000003120100500012800b0001006272696467650000400002800800050001000000060027"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40) 4.183818287s ago: executing program 3 (id=5308): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') preadv(r0, &(0x7f00000014c0), 0x0, 0x182, 0x20010000) bind$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000008c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x80}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000340)=[{0x0}, {0x0}], 0x2}, 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) setsockopt$XDP_TX_RING(r5, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r5, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r5, &(0x7f0000000100)={0x2c, 0x0, r7}, 0x10) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, 0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mount(&(0x7f0000000140)=@loop={'/dev/loop', 0x0}, &(0x7f0000000280)='./cgroup\x00', &(0x7f0000000000)='minix\x00', 0x2808404, 0x0) 3.222801368s ago: executing program 3 (id=5309): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, 0x3e, 0x301, 0x270bd24, 0x25dfdbfa, {0x1}}, 0x14}}, 0xc004) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000100)='./bus\x00') open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file1\x00') (fail_nth: 3) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24008041, &(0x7f0000000040)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000207d1e512d00000000000109022400010000000009040000010300020009210000000122050009058103"], 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f00000004c0)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) ioctl$TIOCGICOUNT(r1, 0x545d, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r6, @ANYBLOB="00000016010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="60000000100039042cbd7000eaffffff000003e4", @ANYRES32=r6, @ANYBLOB="8300040000000000400012800800010073697400340002"], 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x4040) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x240008c0) 2.928286202s ago: executing program 1 (id=5310): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file2\x00', 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$setperm(0x5, r1, 0x200000) keyctl$describe(0x6, r1, 0x0, 0xffffffffffffff87) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast2}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f6, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000000)={'syztnl0\x00', r6, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @broadcast}}}}) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev(0xffffffffffffffff, &(0x7f00000051c0)=[{&(0x7f0000004100)="32e2146007", 0x5}, {0x0}], 0x2) write$RDMA_USER_CM_CMD_JOIN_MCAST(r7, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {0x0, 0x0, 0xffffffffffffffff, 0x10, 0x1, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0xa0) lseek(r0, 0x5, 0x4) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000080)={'ip6tnl0\x00', {0x2, 0x4e24, @multicast2}}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r8) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r9, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r10, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000"], 0x398}, 0x1, 0x0, 0x0, 0x4094}, 0x0) 2.779871039s ago: executing program 2 (id=5311): r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r1, 0x0, 0x4000) socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$SOUND_OLD_MIXER_INFO(r1, 0x80304d65, 0x0) r5 = socket$netlink(0x10, 0x3, 0x13) writev(r5, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b00090080000efffeffe809000000ffffffffe7ee00000000000000000200"/86, 0x56}, {&(0x7f00000001c0)='\x00\x00', 0x2}], 0x2) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r7 = fcntl$dupfd(r6, 0x0, r6) write$sndseq(r7, &(0x7f0000000180), 0x0) write$sndseq(r7, &(0x7f00000005c0)=[{0x3, 0x4, 0x5, 0x1, @time={0x9, 0x7}, {0x1, 0x10}, {0x4, 0x10}, @raw32={[0x4, 0x1, 0x81]}}, {0x2, 0x7, 0x7f, 0x1, @time={0x40, 0xe69}, {0xe}, {0x7, 0x9}, @ext={0x0, 0x0}}, {0x3, 0x5, 0x7f, 0x0, @time={0x5, 0x80000}, {0x1, 0x2}, {0x9, 0x81}, @connect={{0x62, 0x83}, {0x1, 0x40}}}], 0x54) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe1, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f086dd65e0ffff00121100631177fbac141416e000030a44079f03fe8000000000000000000000000000222f050b038da1880b251810a59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x50) r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x3, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) sendmmsg$inet6(r0, &(0x7f0000003800)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000200)={0xa, 0x4e23, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="2000000000000000290000000400001a3c000000000000000502010000000000"], 0x20}}], 0x2, 0x4000050) 1.916419815s ago: executing program 1 (id=5312): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_ONE_REG(r2, 0x4048aecb, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110009, &(0x7f0000000300)=0xd8}) ioctl$KVM_RUN(r2, 0xae80, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x100}, 0x0) r3 = getpid() sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil) unshare(0x40980) r7 = shmat(r6, &(0x7f0000ffd000/0x2000)=nil, 0x6000) shmat(r6, &(0x7f0000d6f000/0x3000)=nil, 0x6000) shmdt(r7) shmctl$SHM_STAT_ANY(r6, 0xf, &(0x7f0000000240)=""/162) mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='f2fs\x00', 0x10, &(0x7f0000000100)='barrier') r8 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_GET_FEATURES(r8, 0x8008af00, &(0x7f0000000340)) 1.525522046s ago: executing program 2 (id=5313): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x2}, 0x28) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x62) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6000, 0x0) clock_getres(0x8, &(0x7f00000001c0)) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$vim2m(&(0x7f00000001c0), 0x803, 0x2) bind$netlink(0xffffffffffffffff, &(0x7f0000000200)={0x10, 0x0, 0xffffffff, 0x80065c9}, 0xc) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x3ff, 0x181800) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6) fcntl$lock(r0, 0x24, &(0x7f00000000c0)={0x0, 0x3, 0x9, 0x1e, r1}) r2 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000005c0)={r3, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x12, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x8, 0x40000000000000]}}) r4 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88102) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000001280)={r2, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}}) socket$inet6_sctp(0xa, 0x1, 0x84) fsopen(&(0x7f0000000280)='cifs\x00', 0x0) mount$9p_rdma(&(0x7f0000000180), &(0x7f0000001400)='.\x00', &(0x7f0000001440), 0x1008840, &(0x7f0000000840)={'trans=rdma,', {'port', 0x3d, 0x4e24}}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=@bridge_delneigh={0x1b, 0x1c, 0x1, 0x70bd28, 0x0, {0x7, 0x0, 0x0, 0x0, 0x1, 0x64, 0x6}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20040051}, 0x4048080) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) 1.432189254s ago: executing program 4 (id=5314): socket$inet6_tcp(0xa, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2803, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1d00000007"], 0x50) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) 1.414064215s ago: executing program 0 (id=5315): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) getpeername(r2, &(0x7f00000003c0)=@l2tp6={0xa, 0x0, 0x0, @local}, &(0x7f0000000440)=0x80) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x100) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20008811) socket$kcm(0x29, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x50) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x300000b, 0x11, r3, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000440)={@local, @random="429e82211cf8", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x1a, 0x28, 0x66, 0x0, 0x3, 0x6, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x23}}, {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x4ede, 0x0, 0xec6}}}}}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r4, 0x89f6, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_regs={0x4, 0x0, 0xb, "2a16561edfd2f20ab3ed4a"}}) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[], 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000ac1414aa00000000000000000000000000000005000000000a00000000000000", @ANYRES32=0x0, @ANYRES32], 0xfc}}, 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0xcc, 0x21, 0x1, 0x70bd27, 0xfffffffe, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@loopback, 0xdffc, 0x0, 0x0, 0x0, 0xa, 0xe0, 0x80}, 0x2}, [@migrate={0x50, 0x11, [{@in6=@dev={0xfe, 0x80, '\x00', 0x15}, @in=@multicast1, @in=@private=0xa010102, @in6=@remote, 0x3c, 0x0, 0x0, 0x0, 0x2, 0xa}]}, @user_kmaddress={0x2c, 0x13, {@in6=@dev={0xfe, 0x80, '\x00', 0x2b}, @in=@private=0xa010100, 0x0, 0x2}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x800}, 0x0) 182.620042ms ago: executing program 2 (id=5316): openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x24008010) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@local, @in6=@mcast2, 0x0, 0x0, 0xffff, 0x0, 0x2}, {0x0, 0x28c, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x7, 0xfffffffffffffffe}, 0x1, 0x0, 0x1}, {{@in6=@local, 0x4d6, 0x33}, 0x0, @in6=@loopback, 0x2, 0x3, 0x3, 0xb7, 0x0, 0x8000000}}, 0xe8) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x60) 0s ago: executing program 0 (id=5317): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x181002, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e23, @empty}, 0x10) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r2, 0x4018aebd, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) socket$inet(0x2, 0x2, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r4) read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r5, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x401, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2c099, 0x6400}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}]}, 0x40}, 0x1, 0x0, 0x0, 0x8c1}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$netlink(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="240000002d00010000000067a441856eee05774a88a8f97ae7bf749b6511c33986802faf", @ANYRES32, @ANYBLOB="0b0000800010"], 0x24}], 0x1}, 0x0) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1622.122695][ C0] Buffer I/O error on dev nbd4, logical block 3, async page read [ 1622.131152][ T9496] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1622.144145][ T9496] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1622.159526][T13519] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1622.170933][T13519] Buffer I/O error on dev nbd4, logical block 1, async page read [ 1622.179433][T13519] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1622.189125][T13519] Buffer I/O error on dev nbd4, logical block 2, async page read [ 1622.199514][T13519] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1622.208743][T13519] Buffer I/O error on dev nbd4, logical block 3, async page read [ 1622.216709][T13519] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 1622.225903][T13519] Buffer I/O error on dev nbd4, logical block 0, async page read [ 1622.234278][T13519] Buffer I/O error on dev nbd4, logical block 1, async page read [ 1622.250420][ T9496] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1622.264827][T20900] ldm_validate_partition_table(): Disk read failed. [ 1622.308345][T20900] Dev nbd4: unable to read RDB block 0 [ 1622.343465][T20900] nbd4: unable to read partition table [ 1622.398719][T20900] ldm_validate_partition_table(): Disk read failed. [ 1622.434582][T20900] Dev nbd4: unable to read RDB block 0 [ 1622.461468][T20900] nbd4: unable to read partition table [ 1622.675610][ T5624] Bluetooth: hci2: unexpected event for opcode 0x2060 [ 1623.276788][T23545] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4769'. [ 1623.341010][T23545] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4769'. [ 1623.418184][T23550] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4769'. [ 1623.505792][T23550] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4769'. [ 1624.237799][T23562] netlink: 'syz.3.4773': attribute type 4 has an invalid length. [ 1625.052217][T23564] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4775'. [ 1626.786680][ T5624] Bluetooth: hci1: Malformed LE Event: 0x0b [ 1627.433022][T23601] netlink: 'syz.2.4785': attribute type 4 has an invalid length. [ 1629.754911][T23627] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4793'. [ 1631.324126][ T9] usb 2-1: new high-speed USB device number 120 using dummy_hcd [ 1631.463462][T23645] netlink: 'syz.2.4798': attribute type 4 has an invalid length. [ 1631.964075][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1632.129578][ T9] usb 2-1: config 1 has an invalid descriptor of length 245, skipping remainder of the config [ 1632.201174][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1632.229334][ T9] usb 2-1: New USB device found, idVendor=17cc, idProduct=1011, bcdDevice= 0.40 [ 1632.244257][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1632.258984][ T9] usb 2-1: Product: syz [ 1632.269132][ T9] usb 2-1: Manufacturer: syz [ 1632.275614][ T9] usb 2-1: SerialNumber: syz [ 1632.579159][ T9] usb 2-1: cannot find UAC_HEADER [ 1632.685452][T23656] overlayfs: failed to resolve './file2': -2 [ 1633.916488][ T9] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1633.933157][ T9] usb 2-1: USB disconnect, device number 120 [ 1633.954156][T20900] udevd[20900]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1634.028467][ T5624] Bluetooth: hci1: Malformed LE Event: 0x0b [ 1634.043173][T23663] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1634.050477][T23663] IPv6: NLM_F_CREATE should be set when creating new route [ 1634.584080][ T9] usb 1-1: new full-speed USB device number 115 using dummy_hcd [ 1634.795976][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1634.841130][ T9] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1634.879223][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1634.897144][ T9] usb 1-1: Product: syz [ 1634.923291][ T9] usb 1-1: Manufacturer: syz [ 1634.943430][ T9] usb 1-1: SerialNumber: syz [ 1634.959988][ T9] usb 1-1: config 0 descriptor?? [ 1635.318823][ T9] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1635.402495][T23681] netlink: 'syz.1.4809': attribute type 4 has an invalid length. [ 1635.546201][T23683] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4810'. [ 1636.077291][T23663] IPVS: Error joining to the multicast group [ 1636.091873][ T9] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 1636.108255][ T9] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 1636.134589][ T9] usb 1-1: USB disconnect, device number 115 [ 1636.441414][T23700] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 1636.447961][T23700] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1636.458250][T23700] vhci_hcd vhci_hcd.0: Device attached [ 1636.553563][T23699] loop4: detected capacity change from 0 to 7 [ 1636.577108][T23699] Dev loop4: unable to read RDB block 7 [ 1636.577110][T23703] SET target dimension over the limit! [ 1636.577139][T23699] loop4: unable to read partition table [ 1636.747541][T23699] loop4: partition table beyond EOD, truncated [ 1636.844104][ T5798] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 1636.853163][ T994] usb 41-1: new low-speed USB device number 7 using vhci_hcd [ 1636.901941][T23699] loop_reread_partitions: partition scan of loop4 (3 xC) failed (rc=-5) [ 1637.484091][ T5798] usb 5-1: Using ep0 maxpacket: 16 [ 1637.496543][ T5798] usb 5-1: no configurations [ 1637.507433][ T5798] usb 5-1: can't read configurations, error -22 [ 1637.784175][ T5798] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 1638.984122][ T5798] usb 5-1: Using ep0 maxpacket: 16 [ 1638.999682][ T5798] usb 5-1: no configurations [ 1639.010759][ T5798] usb 5-1: can't read configurations, error -22 [ 1639.035653][ T5798] usb usb5-port1: attempt power cycle [ 1639.392150][ T5798] usb 5-1: new high-speed USB device number 110 using dummy_hcd [ 1639.611940][ T5798] usb 5-1: device descriptor read/8, error -71 [ 1639.621430][T23701] vhci_hcd: connection reset by peer [ 1639.643588][T14294] vhci_hcd vhci_hcd.4: stop threads [ 1639.664459][T14294] vhci_hcd vhci_hcd.4: release socket [ 1639.693956][T14294] vhci_hcd vhci_hcd.4: disconnect device [ 1640.693179][T23744] netlink: 'syz.3.4823': attribute type 4 has an invalid length. [ 1641.429901][T23751] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 1641.436443][T23751] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1641.492849][T23751] vhci_hcd vhci_hcd.0: Device attached [ 1641.546765][T23759] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4828'. [ 1641.734315][ T5798] usb 39-1: new high-speed USB device number 7 using vhci_hcd [ 1641.846707][T23752] vhci_hcd: connection closed [ 1641.849926][ T6593] vhci_hcd vhci_hcd.3: stop threads [ 1641.921976][ T6593] vhci_hcd vhci_hcd.3: release socket [ 1641.939106][ T6593] vhci_hcd vhci_hcd.3: disconnect device [ 1642.014163][ T994] vhci_hcd vhci_hcd.4: vhci_device speed not set [ 1642.385185][T23771] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 1642.391717][T23771] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1642.412823][T23771] vhci_hcd vhci_hcd.0: Device attached [ 1642.714144][T17039] usb 33-1: new low-speed USB device number 8 using vhci_hcd [ 1642.784415][ T24] usb 1-1: new high-speed USB device number 116 using dummy_hcd [ 1643.174170][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 1643.332977][ T24] usb 1-1: no configurations [ 1643.339495][ T24] usb 1-1: can't read configurations, error -22 [ 1643.484362][ T24] usb 1-1: new high-speed USB device number 117 using dummy_hcd [ 1643.934752][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 1643.944785][ T24] usb 1-1: no configurations [ 1643.954406][ T24] usb 1-1: can't read configurations, error -22 [ 1643.961884][ T24] usb usb1-port1: attempt power cycle [ 1644.044775][T23796] netlink: 'syz.2.4836': attribute type 4 has an invalid length. [ 1645.005969][ T24] usb 1-1: new high-speed USB device number 118 using dummy_hcd [ 1645.034700][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 1645.235043][ T24] usb 1-1: device descriptor read/all, error -71 [ 1645.236760][ T5702] usb 2-1: new high-speed USB device number 121 using dummy_hcd [ 1645.258052][T23773] vhci_hcd: connection reset by peer [ 1645.272111][T14293] vhci_hcd vhci_hcd.0: stop threads [ 1645.287012][T14293] vhci_hcd vhci_hcd.0: release socket [ 1645.299897][T14293] vhci_hcd vhci_hcd.0: disconnect device [ 1645.309802][T23806] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 1645.316358][T23806] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1645.328733][T23806] vhci_hcd vhci_hcd.0: Device attached [ 1645.527739][ T5702] usb 2-1: Using ep0 maxpacket: 32 [ 1645.584775][T10008] usb 37-1: new high-speed USB device number 3 using vhci_hcd [ 1645.684049][T23807] vhci_hcd: connection closed [ 1645.685477][T23809] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 1645.699071][T14295] vhci_hcd vhci_hcd.2: stop threads [ 1645.718349][T14295] vhci_hcd vhci_hcd.2: release socket [ 1645.749582][ T5702] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1645.753972][T14295] vhci_hcd vhci_hcd.2: disconnect device [ 1646.034089][ T5702] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1646.086046][ T5702] usb 2-1: config 0 descriptor?? [ 1646.109032][ T5702] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1646.627372][T23794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1646.706790][T23794] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1646.964466][ T5798] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 1647.844198][ T5702] gspca_nw80x: reg_r err -110 [ 1647.844211][T17039] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 1647.859027][ T5702] nw80x 2-1:0.0: probe with driver nw80x failed with error -110 [ 1648.383249][ T5702] usb 2-1: USB disconnect, device number 121 [ 1648.686744][T23838] netlink: 'syz.4.4850': attribute type 4 has an invalid length. [ 1649.753965][ T5624] Bluetooth: hci2: unexpected event for opcode 0x1009 [ 1650.946070][T10008] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 1651.132396][ T29] audit: type=1400 audit(1651.092:877): avc: denied { read } for pid=23855 comm="syz.2.4855" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 1651.656490][T23866] loop4: detected capacity change from 0 to 7 [ 1651.875080][T23866] Dev loop4: unable to read RDB block 7 [ 1651.958003][T23866] loop4: unable to read partition table [ 1652.050806][T23866] loop4: partition table beyond EOD, truncated [ 1652.088334][T17039] usb 4-1: new full-speed USB device number 124 using dummy_hcd [ 1652.181850][T23866] loop_reread_partitions: partition scan of loop4 (3 xC) failed (rc=-5) [ 1652.801662][T17039] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1652.989525][T17039] usb 4-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1653.006695][T17039] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1653.007251][T23866] SET target dimension over the limit! [ 1653.032203][ T4976] Dev loop4: unable to read RDB block 7 [ 1653.039354][ T4976] loop4: unable to read partition table [ 1653.051371][ T4976] loop4: partition table beyond EOD, truncated [ 1653.096129][T17039] usb 4-1: Product: syz [ 1653.113564][T17039] usb 4-1: Manufacturer: syz [ 1653.142594][T17039] usb 4-1: SerialNumber: syz [ 1653.166429][T17039] usb 4-1: config 0 descriptor?? [ 1653.195883][T17039] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1653.220299][ T9] dummy0 speed is unknown, defaulting to 1000 [ 1654.053157][T17039] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 1654.349355][T17039] gspca_pac7302 4-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 1654.421768][T17039] usb 4-1: USB disconnect, device number 124 [ 1655.831061][T14295] Bluetooth: (null): Too short H5 packet [ 1655.848373][T14295] Bluetooth: (null): Invalid header checksum [ 1656.874271][T10008] usb 4-1: new high-speed USB device number 125 using dummy_hcd [ 1657.104066][T10008] usb 4-1: Using ep0 maxpacket: 16 [ 1657.110692][T23925] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4875'. [ 1657.130462][T10008] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1657.160931][T10008] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1657.171197][T23925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4875'. [ 1657.186151][T10008] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= f.89 [ 1657.196143][T10008] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1657.226085][T10008] usb 4-1: SerialNumber: syz [ 1657.491613][T23925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4875'. [ 1657.524606][T10008] usb 4-1: 0:2 : does not exist [ 1658.074230][T10008] usb 1-1: new high-speed USB device number 120 using dummy_hcd [ 1658.588346][T10008] usb 1-1: Using ep0 maxpacket: 32 [ 1658.625855][T10008] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 1658.683930][T10008] usb 1-1: config 0 has no interface number 0 [ 1658.707610][T10008] usb 1-1: config 0 interface 12 has no altsetting 0 [ 1659.029201][T10008] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1659.043727][T10008] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1659.085192][T10008] usb 1-1: Product: syz [ 1659.101994][T10008] usb 1-1: Manufacturer: syz [ 1659.125083][T10008] usb 1-1: SerialNumber: syz [ 1659.152461][T10008] usb 1-1: config 0 descriptor?? [ 1659.594622][ T6593] Bluetooth: (null): Too short H5 packet [ 1659.640160][ T6593] Bluetooth: (null): Invalid header checksum [ 1660.928100][T10008] f81534 1-1:0.12: f81534_set_register: reg: 1002 data: 2f failed: -71 [ 1660.983635][T10008] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 1661.023323][T10008] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1661.119151][ T5702] usb 4-1: USB disconnect, device number 125 [ 1661.120277][T10008] f81534 1-1:0.12: probe with driver f81534 failed with error -71 [ 1661.200373][T23999] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4894'. [ 1661.221316][T10008] usb 1-1: USB disconnect, device number 120 [ 1661.228008][T23999] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4894'. [ 1661.839312][T24011] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 1661.845850][T24011] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1661.964874][T24011] vhci_hcd vhci_hcd.0: Device attached [ 1662.184193][ T5702] usb 1-1: new high-speed USB device number 121 using dummy_hcd [ 1662.214211][ T9] usb 33-1: new low-speed USB device number 9 using vhci_hcd [ 1662.398594][ T5702] usb 1-1: Using ep0 maxpacket: 16 [ 1662.440886][ T5702] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1662.482874][ T5702] usb 1-1: config 0 has no interfaces? [ 1662.522990][ T5702] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00 [ 1662.604170][ T5702] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1662.660770][ T5702] usb 1-1: Product: syz [ 1662.716198][ T5702] usb 1-1: Manufacturer: syz [ 1662.745751][ T5702] usb 1-1: SerialNumber: syz [ 1663.054213][ T5702] usb 1-1: config 0 descriptor?? [ 1663.390507][T24013] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 7 [ 1663.405567][ T5702] usb 1-1: USB disconnect, device number 121 [ 1663.417683][ T6593] vhci_hcd vhci_hcd.0: stop threads [ 1663.448218][ T6593] vhci_hcd vhci_hcd.0: release socket [ 1663.471314][ T6593] vhci_hcd vhci_hcd.0: disconnect device [ 1663.501070][T14293] Bluetooth: (null): Too short H5 packet [ 1663.604968][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 1663.611379][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 1663.826170][T14293] Bluetooth: (null): Invalid header checksum [ 1663.863392][T14293] Bluetooth: (null): Too short H5 packet [ 1664.214389][T14293] Bluetooth: (null): Invalid header checksum [ 1664.238469][T14293] Bluetooth: (null): Invalid header checksum [ 1664.256452][T14293] Bluetooth: (null): Invalid header checksum [ 1664.442862][T24046] overlayfs: invalid origin (00000079007a6b616c6c657231000000000000328c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 1665.116778][T24055] syzkaller0: entered promiscuous mode [ 1665.136583][T24055] syzkaller0: entered allmulticast mode [ 1665.158801][T24055] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 1665.234293][T10008] usb 3-1: new high-speed USB device number 114 using dummy_hcd [ 1665.408390][T10008] usb 3-1: Using ep0 maxpacket: 32 [ 1665.453505][T10008] usb 3-1: config 4 has an invalid interface number: 8 but max is 0 [ 1665.506471][T24063] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1665.513742][T24063] IPv6: NLM_F_CREATE should be set when creating new route [ 1665.533081][T10008] usb 3-1: config 4 has no interface number 0 [ 1665.595362][T10008] usb 3-1: config 4 interface 8 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1665.712867][T10008] usb 3-1: config 4 interface 8 altsetting 1 bulk endpoint 0x8A has invalid maxpacket 0 [ 1666.109406][T10008] usb 3-1: config 4 interface 8 has no altsetting 0 [ 1666.128423][T10008] usb 3-1: New USB device found, idVendor=065a, idProduct=0009, bcdDevice=60.65 [ 1666.148899][T10008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1666.165922][T24060] FAULT_INJECTION: forcing a failure. [ 1666.165922][T24060] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1666.166245][T10008] usb 3-1: Product: syz [ 1666.208637][T10008] usb 3-1: Manufacturer: syz [ 1666.218797][T10008] usb 3-1: SerialNumber: syz [ 1666.247062][T24060] CPU: 1 UID: 0 PID: 24060 Comm: syz.1.4911 Tainted: G L syzkaller #0 PREEMPT(full) [ 1666.247083][T24060] Tainted: [L]=SOFTLOCKUP [ 1666.247087][T24060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/10/2026 [ 1666.247094][T24060] Call Trace: [ 1666.247098][T24060] [ 1666.247105][T24060] dump_stack_lvl+0x100/0x190 [ 1666.247125][T24060] should_fail_ex.cold+0x5/0xa [ 1666.247142][T24060] core_sys_select+0x938/0xbb0 [ 1666.247156][T24060] ? __pfx_core_sys_select+0x10/0x10 [ 1666.247166][T24060] ? hrtimer_start_range_ns_common+0x78e/0x18b0 [ 1666.247188][T24060] ? find_held_lock+0x2b/0x80 [ 1666.247208][T24060] ? __pfx_set_user_sigmask+0x10/0x10 [ 1666.247226][T24060] do_pselect.constprop.0+0x238/0x270 [ 1666.247239][T24060] ? __pfx_do_pselect.constprop.0+0x10/0x10 [ 1666.247252][T24060] ? exit_to_user_mode_loop+0x166/0x6f0 [ 1666.247269][T24060] __x64_sys_pselect6+0x149/0x1c0 [ 1666.247282][T24060] do_syscall_64+0x115/0x870 [ 1666.247299][T24060] ? clear_bhb_loop+0x40/0x90 [ 1666.247312][T24060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1666.247324][T24060] RIP: 0033:0x7f5deff9ce59 [ 1666.247334][T24060] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1666.247345][T24060] RSP: 002b:00007f5df0dd3028 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 1666.247356][T24060] RAX: ffffffffffffffda RBX: 00007f5df0216090 RCX: 00007f5deff9ce59 [ 1666.247363][T24060] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000040 [ 1666.247369][T24060] RBP: 00007f5df0dd3090 R08: 0000000000000000 R09: 0000000000000000 [ 1666.247377][T24060] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 1666.247387][T24060] R13: 00007f5df0216128 R14: 00007f5df0216090 R15: 00007ffd2f6378e8 [ 1666.247408][T24060] [ 1666.614262][T17039] usb 5-1: new full-speed USB device number 112 using dummy_hcd [ 1666.795397][T17039] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1666.896054][T17039] usb 5-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1666.917353][T17039] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1666.927571][T17039] usb 5-1: Product: syz [ 1666.933599][T17039] usb 5-1: Manufacturer: syz [ 1666.939222][T17039] usb 5-1: SerialNumber: syz [ 1666.950721][T17039] usb 5-1: config 0 descriptor?? [ 1666.975546][T17039] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1667.230953][T24075] syzkaller1: entered promiscuous mode [ 1667.236681][T24075] syzkaller1: entered allmulticast mode [ 1667.424901][ T9] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 1667.660586][T10008] opticon 3-1:4.8: opticon converter detected [ 1667.714109][ T5702] usb 4-1: new high-speed USB device number 126 using dummy_hcd [ 1667.734215][T10008] usb 3-1: opticon converter now attached to ttyUSB0 [ 1667.770493][T10008] usb 3-1: USB disconnect, device number 114 [ 1667.825903][T10008] opticon ttyUSB0: opticon converter now disconnected from ttyUSB0 [ 1667.850975][T10008] opticon 3-1:4.8: device disconnected [ 1667.859353][T17039] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 1667.882445][T17039] gspca_pac7302 5-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 1667.924416][ T5702] usb 4-1: Using ep0 maxpacket: 16 [ 1667.924416][T17039] usb 5-1: USB disconnect, device number 112 [ 1668.016280][ T5702] usb 4-1: descriptor type invalid, skip [ 1668.023155][ T5702] usb 4-1: config 2 has an invalid interface number: 250 but max is 1 [ 1668.033546][ T5702] usb 4-1: config 2 has an invalid interface number: 128 but max is 1 [ 1668.062587][ T5702] usb 4-1: config 2 has no interface number 0 [ 1668.080618][ T5702] usb 4-1: config 2 has no interface number 1 [ 1668.111448][ T5702] usb 4-1: config 2 interface 250 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 1668.134046][ T5702] usb 4-1: config 2 interface 250 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 1668.167916][ T5702] usb 4-1: config 2 interface 250 altsetting 8 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 1668.200441][ T5702] usb 4-1: config 2 interface 128 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 1668.218634][ T5702] usb 4-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1668.243759][ T5702] usb 4-1: config 2 interface 128 altsetting 9 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 1668.261563][ T5702] usb 4-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1668.276248][T14294] Bluetooth: (null): Too short H5 packet [ 1668.282176][ T182] Bluetooth: (null): Invalid header checksum [ 1668.290274][ T5702] usb 4-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1668.304205][ T5702] usb 4-1: config 2 interface 250 has no altsetting 0 [ 1668.315091][ T5702] usb 4-1: config 2 interface 128 has no altsetting 0 [ 1668.326555][ T5702] usb 4-1: New USB device found, idVendor=1b3d, idProduct=0160, bcdDevice=31.46 [ 1668.336745][ T5702] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1668.347280][ T5702] usb 4-1: Product: 鲿剹疔㟎뽽㢇斉㑴娭ᇼ攵폪釫룡鯗翚珍᎜획畭銶มኸ؀䣠쑰䐋鯼簉㼵费ᳫ僡⠇卶⡴뛳嗫찤ﶁ煩혅粁ꀴ梅﵆딩ꖨ茙盹瓴ߜှᇘ঎縧胍瑛⺁ℝӞ퓆敷쫮焏됬괺벵ञ烣簶첸Ʃ㒸휩젢泖莨ၽ呓⢫ﮅඟ祓툌똙恥맫꒹抅ೋ駢摸霏⚌馴죨谵ᬊ槭 [ 1668.401448][ T5702] usb 4-1: Manufacturer: ࡠ [ 1668.407916][ T5702] usb 4-1: SerialNumber: 倊 [ 1669.464197][ T9] usb 5-1: new high-speed USB device number 113 using dummy_hcd [ 1669.503227][ T5702] ftdi_sio 4-1:2.250: FTDI USB Serial Device converter detected [ 1669.531151][ T5702] ftdi_sio ttyUSB0: unknown device type: 0x3146 [ 1669.572177][ T5702] ftdi_sio 4-1:2.128: FTDI USB Serial Device converter detected [ 1669.583699][ T5702] ftdi_sio ttyUSB1: unknown device type: 0x3146 [ 1669.613469][ T5702] usb 4-1: USB disconnect, device number 126 [ 1669.671151][ T5702] ftdi_sio 4-1:2.250: device disconnected [ 1669.680706][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1669.699797][ T5702] ftdi_sio 4-1:2.128: device disconnected [ 1669.707331][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1669.738233][ T9] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1669.748012][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1669.770991][ T9] usb 5-1: config 0 descriptor?? [ 1669.787090][T17039] usb 1-1: new high-speed USB device number 122 using dummy_hcd [ 1669.978302][T17039] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1669.989535][T17039] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1670.051485][T17039] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1670.081653][T17039] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1670.113270][T17039] usb 1-1: config 0 descriptor?? [ 1670.334770][T24104] FAULT_INJECTION: forcing a failure. [ 1670.334770][T24104] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1670.347875][T24104] CPU: 1 UID: 0 PID: 24104 Comm: syz.2.4924 Tainted: G L syzkaller #0 PREEMPT(full) [ 1670.347894][T24104] Tainted: [L]=SOFTLOCKUP [ 1670.347898][T24104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/10/2026 [ 1670.347904][T24104] Call Trace: [ 1670.347911][T24104] [ 1670.347916][T24104] dump_stack_lvl+0x100/0x190 [ 1670.347936][T24104] should_fail_ex.cold+0x5/0xa [ 1670.347952][T24104] strncpy_from_user+0x3b/0x2d0 [ 1670.347966][T24104] ? get_pid_task+0x106/0x250 [ 1670.347981][T24104] path_setxattrat+0x127/0x3b0 [ 1670.347996][T24104] ? __pfx_path_setxattrat+0x10/0x10 [ 1670.348010][T24104] ? ksys_write+0x190/0x250 [ 1670.348027][T24104] ? ksys_write+0x190/0x250 [ 1670.348047][T24104] ? fput+0x79/0x100 [ 1670.348059][T24104] ? ksys_write+0x1ac/0x250 [ 1670.348068][T24104] ? __pfx_ksys_write+0x10/0x10 [ 1670.348087][T24104] __x64_sys_lsetxattr+0xc9/0x140 [ 1670.348100][T24104] ? do_syscall_64+0x90/0x870 [ 1670.348117][T24104] ? lockdep_hardirqs_on+0x78/0x100 [ 1670.348133][T24104] do_syscall_64+0x115/0x870 [ 1670.348148][T24104] ? clear_bhb_loop+0x40/0x90 [ 1670.348162][T24104] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1670.348174][T24104] RIP: 0033:0x7f1f36d9ce59 [ 1670.348185][T24104] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1670.348195][T24104] RSP: 002b:00007f1f37c2e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 1670.348207][T24104] RAX: ffffffffffffffda RBX: 00007f1f37016090 RCX: 00007f1f36d9ce59 [ 1670.348214][T24104] RDX: 0000200000000340 RSI: 0000200000000300 RDI: 00002000000002c0 [ 1670.348220][T24104] RBP: 00007f1f37c2e090 R08: 0000000000000002 R09: 0000000000000000 [ 1670.348227][T24104] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 1670.348233][T24104] R13: 00007f1f37016128 R14: 00007f1f37016090 R15: 00007ffcf7581858 [ 1670.348247][T24104] [ 1670.580995][ T9] usb 5-1: language id specifier not provided by device, defaulting to English [ 1671.111254][T17039] usb 1-1: language id specifier not provided by device, defaulting to English [ 1671.230189][ T9] uclogic 0003:256C:006D.0042: failed retrieving string descriptor #200: -71 [ 1671.250089][ T9] uclogic 0003:256C:006D.0042: failed retrieving pen parameters: -71 [ 1671.258601][ T9] uclogic 0003:256C:006D.0042: failed probing pen v2 parameters: -71 [ 1671.268434][ T9] uclogic 0003:256C:006D.0042: failed probing parameters: -71 [ 1671.276372][ T9] uclogic 0003:256C:006D.0042: probe with driver uclogic failed with error -71 [ 1671.643018][ T9] usb 5-1: USB disconnect, device number 113 [ 1671.805647][T17039] uclogic 0003:256C:006D.0043: failed retrieving string descriptor #200: -71 [ 1671.832283][T17039] uclogic 0003:256C:006D.0043: failed retrieving pen parameters: -71 [ 1671.858266][T17039] uclogic 0003:256C:006D.0043: failed probing pen v2 parameters: -71 [ 1671.883723][T17039] uclogic 0003:256C:006D.0043: failed probing parameters: -71 [ 1671.906338][T17039] uclogic 0003:256C:006D.0043: probe with driver uclogic failed with error -71 [ 1671.981818][T17039] usb 1-1: USB disconnect, device number 122 [ 1672.347246][ T182] Bluetooth: (null): Too short H5 packet [ 1672.511872][ T182] Bluetooth: (null): Invalid header checksum [ 1672.726960][ T182] Bluetooth: (null): Too short H5 packet [ 1672.833133][ T182] Bluetooth: (null): Invalid header checksum [ 1672.878561][ T182] Bluetooth: (null): Invalid header checksum [ 1673.335755][T17039] usb 4-1: new high-speed USB device number 127 using dummy_hcd [ 1673.404512][ T9] usb 1-1: new high-speed USB device number 123 using dummy_hcd [ 1673.494170][T17039] usb 4-1: Using ep0 maxpacket: 16 [ 1673.506525][T17039] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1673.533212][T17039] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1673.564087][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 1673.564159][T17039] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= f.89 [ 1673.588985][T17039] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1673.594302][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1673.628851][T17039] usb 4-1: SerialNumber: syz [ 1673.660186][T17039] usb 4-1: 0:2 : does not exist [ 1673.664077][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1673.679242][ T9] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1673.795111][ T9] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1673.822328][ T9] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1673.918936][ T9] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 1674.043767][ T9] usb 1-1: string descriptor 0 read error: -71 [ 1674.050153][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1674.095707][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1674.121946][ T9] usb 1-1: rejected 1 configuration due to insufficient available bus power [ 1674.144182][ T9] usb 1-1: no configuration chosen from 1 choice [ 1674.177802][ T9] usb 1-1: USB disconnect, device number 123 [ 1674.525048][T24160] netlink: 'syz.4.4938': attribute type 4 has an invalid length. [ 1675.506202][T24169] FAULT_INJECTION: forcing a failure. [ 1675.506202][T24169] name failslab, interval 1, probability 0, space 0, times 0 [ 1675.518904][T24169] CPU: 0 UID: 0 PID: 24169 Comm: syz.0.4941 Tainted: G L syzkaller #0 PREEMPT(full) [ 1675.518923][T24169] Tainted: [L]=SOFTLOCKUP [ 1675.518927][T24169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/10/2026 [ 1675.518934][T24169] Call Trace: [ 1675.518938][T24169] [ 1675.518942][T24169] dump_stack_lvl+0x100/0x190 [ 1675.518962][T24169] should_fail_ex.cold+0x5/0xa [ 1675.518978][T24169] should_failslab+0xc2/0x120 [ 1675.518993][T24169] kmem_cache_alloc_noprof+0x91/0x6a0 [ 1675.519006][T24169] ? do_getname+0x35/0x390 [ 1675.519028][T24169] do_getname+0x35/0x390 [ 1675.519043][T24169] do_sys_openat2+0xc7/0x1e0 [ 1675.519057][T24169] ? __pfx_do_sys_openat2+0x10/0x10 [ 1675.519071][T24169] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1675.519089][T24169] ? __fget_files+0x21f/0x3d0 [ 1675.519102][T24169] __x64_sys_openat+0x12d/0x210 [ 1675.519116][T24169] ? __pfx___x64_sys_openat+0x10/0x10 [ 1675.519129][T24169] ? ksys_write+0x1ac/0x250 [ 1675.519143][T24169] do_syscall_64+0x115/0x870 [ 1675.519159][T24169] ? clear_bhb_loop+0x40/0x90 [ 1675.519172][T24169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1675.519183][T24169] RIP: 0033:0x7f040419ce59 [ 1675.519193][T24169] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1675.519204][T24169] RSP: 002b:00007f04023f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1675.519215][T24169] RAX: ffffffffffffffda RBX: 00007f0404415fa0 RCX: 00007f040419ce59 [ 1675.519222][T24169] RDX: 0000000000000101 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1675.519229][T24169] RBP: 00007f04023f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1675.519235][T24169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1675.519241][T24169] R13: 00007f0404416038 R14: 00007f0404415fa0 R15: 00007ffe47301c98 [ 1675.519255][T24169] [ 1675.783390][T24171] 9pnet_fd: Insufficient options for proto=fd [ 1676.016621][T24179] overlayfs: failed to resolve './file2': -2 [ 1677.482232][ T5702] usb 4-1: USB disconnect, device number 127 [ 1677.629037][ T9] usb 5-1: new high-speed USB device number 114 using dummy_hcd [ 1677.866408][ T29] audit: type=1400 audit(1677.832:878): avc: denied { create } for pid=24184 comm="syz.1.4947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1677.993732][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 1678.073313][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1678.117228][T24191] block nbd2: NBD_DISCONNECT [ 1678.250069][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1678.456118][ T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= f.89 [ 1678.578251][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1678.666744][ T9] usb 5-1: SerialNumber: syz [ 1678.746178][T24193] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1678.775230][ T9] usb 5-1: 0:2 : does not exist [ 1678.925545][T24193] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1679.736992][T24199] netlink: 'syz.0.4950': attribute type 4 has an invalid length. [ 1679.756657][T24193] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1680.320461][ T5624] Bluetooth: hci1: command 0x0c1a tx timeout [ 1680.362916][T24193] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1681.014208][ T5624] Bluetooth: hci2: command 0x0c1a tx timeout [ 1681.156847][T24220] overlayfs: failed to resolve './file2': -2 [ 1682.075397][ T5624] Bluetooth: hci3: command 0x0c1a tx timeout [ 1682.424557][ T5624] Bluetooth: hci4: command 0x0c1a tx timeout [ 1682.472330][ T9] usb 5-1: USB disconnect, device number 114 [ 1684.509133][T24240] set match dimension is over the limit! [ 1686.073383][ T47] Bluetooth: (null): Too short H5 packet [ 1686.087957][ T47] Bluetooth: (null): Invalid header checksum [ 1686.094602][ T47] Bluetooth: (null): Invalid header checksum [ 1686.346149][ T47] Bluetooth: (null): Invalid header checksum [ 1686.372123][ T6711] Bluetooth: (null): Too short H5 packet [ 1686.428377][ T6711] Bluetooth: (null): Invalid header checksum [ 1686.442513][ T6711] Bluetooth: (null): Invalid header checksum [ 1686.451833][T24256] syzkaller0: entered promiscuous mode [ 1686.457594][ T6711] Bluetooth: (null): Invalid header checksum [ 1686.470731][T24256] syzkaller0: entered allmulticast mode [ 1686.480449][ T6711] Bluetooth: (null): Too short H5 packet [ 1686.499457][ T6711] Bluetooth: (null): Invalid header checksum [ 1686.540578][T24255] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 1687.262172][T24264] overlayfs: failed to resolve './file2': -2 [ 1689.296247][T24284] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1689.989376][ T9] usb 1-1: new full-speed USB device number 124 using dummy_hcd [ 1690.121884][T24287] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1690.140440][T24287] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1690.165984][T24287] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1690.188544][T24287] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1690.226852][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1690.243717][ T9] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1690.258914][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1690.270404][ T9] usb 1-1: Product: syz [ 1690.276856][ T9] usb 1-1: Manufacturer: syz [ 1690.300854][ T9] usb 1-1: SerialNumber: syz [ 1690.323522][ T9] usb 1-1: config 0 descriptor?? [ 1690.348382][ T9] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1690.694621][T17039] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 1690.855697][T17039] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1690.902073][T17039] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1690.944747][T17039] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1690.974269][T17039] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1691.031544][T17039] usb 4-1: config 0 descriptor?? [ 1691.370239][T24284] IPVS: Error joining to the multicast group [ 1691.418447][ T9] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 1691.454197][ T9] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 1691.481627][ T9] usb 1-1: USB disconnect, device number 124 [ 1691.789251][T24303] overlayfs: failed to resolve './file2': -2 [ 1692.184266][ T5624] Bluetooth: hci3: command 0x0c1a tx timeout [ 1692.190769][ T5624] Bluetooth: hci2: command 0x0c1a tx timeout [ 1692.197144][ T5624] Bluetooth: hci1: command 0x0c1a tx timeout [ 1692.264212][ T5624] Bluetooth: hci4: command 0x0c1a tx timeout [ 1692.651143][T17039] usb 4-1: language id specifier not provided by device, defaulting to English [ 1692.879962][T17039] uclogic 0003:256C:006D.0044: failed retrieving string descriptor #200: -71 [ 1692.907910][T17039] uclogic 0003:256C:006D.0044: failed retrieving pen parameters: -71 [ 1692.916573][T17039] uclogic 0003:256C:006D.0044: failed probing pen v2 parameters: -71 [ 1692.927980][T17039] uclogic 0003:256C:006D.0044: failed probing parameters: -71 [ 1692.936593][T17039] uclogic 0003:256C:006D.0044: probe with driver uclogic failed with error -71 [ 1692.974425][T17039] usb 4-1: USB disconnect, device number 2 [ 1692.996839][T24310] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1693.022092][T24312] Bluetooth: (null): Non-link packet received in non-active state [ 1693.034956][ T35] Bluetooth: (null): Invalid header checksum [ 1694.327704][T24327] overlayfs: missing 'lowerdir' [ 1694.987017][ T29] audit: type=1326 audit(1694.952:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24306 comm="syz.0.4982" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f040419ce59 code=0x0 [ 1695.884669][ T9] usb 1-1: new high-speed USB device number 125 using dummy_hcd [ 1696.127337][T24351] overlayfs: failed to resolve './file2': -2 [ 1697.194054][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 1697.543127][ T9] usb 1-1: device descriptor read/all, error -71 [ 1697.631522][T24358] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 1697.638064][T24358] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1697.654249][T24358] vhci_hcd vhci_hcd.0: Device attached [ 1697.824394][T17039] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 1697.924312][T10008] usb 33-1: new low-speed USB device number 10 using vhci_hcd [ 1698.005796][ T9] usb 1-1: new high-speed USB device number 126 using dummy_hcd [ 1698.006733][T17039] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1698.207425][T17039] usb 4-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1698.231060][T17039] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1698.252091][T17039] usb 4-1: Product: syz [ 1698.263367][T17039] usb 4-1: Manufacturer: syz [ 1698.301822][T17039] usb 4-1: SerialNumber: syz [ 1698.424755][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 1698.550910][ T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 8 [ 1698.820640][T17039] usb 4-1: config 0 descriptor?? [ 1698.843876][ T9] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00 [ 1698.872264][T17039] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1698.904244][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1698.921904][ T9] usb 1-1: Product: syz [ 1698.927971][ T9] usb 1-1: Manufacturer: syz [ 1698.935878][ T9] usb 1-1: SerialNumber: syz [ 1698.955749][ T9] usb 1-1: config 0 descriptor?? [ 1699.120795][T24374] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1699.151008][T24374] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1699.180414][ T9] usb 1-1: USB disconnect, device number 126 [ 1699.186718][T24359] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 8 [ 1699.276083][T24374] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1699.291620][ T6711] vhci_hcd vhci_hcd.0: stop threads [ 1699.297619][ T6711] vhci_hcd vhci_hcd.0: release socket [ 1699.305829][ T6711] vhci_hcd vhci_hcd.0: disconnect device [ 1699.317294][T24374] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1700.283540][T17039] gspca_pac7302: reg_w() failed i: 78 v: 00 error -110 [ 1700.775467][T17039] gspca_pac7302 4-1:0.0: probe with driver gspca_pac7302 failed with error -110 [ 1701.095676][T24390] overlayfs: failed to resolve './file2': -2 [ 1701.134170][T24304] Bluetooth: hci1: command 0x0c1a tx timeout [ 1701.224357][T24304] Bluetooth: hci2: command 0x0c1a tx timeout [ 1701.294196][T24304] Bluetooth: hci3: command 0x0c1a tx timeout [ 1701.384250][T24304] Bluetooth: hci4: command 0x0c1a tx timeout [ 1702.235633][ T9] usb 4-1: USB disconnect, device number 3 [ 1702.834694][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1703.014138][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1703.037758][ T9] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1703.044086][T10008] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 1703.086774][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1703.262677][ T9] usb 4-1: config 0 descriptor?? [ 1703.273647][ T9] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1704.000098][ T9] gspca_nw80x: reg_r err -110 [ 1704.013060][ T9] nw80x 4-1:0.0: probe with driver nw80x failed with error -110 [ 1704.024283][T24404] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1704.087748][T24404] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1704.544051][T10008] usb 5-1: new high-speed USB device number 115 using dummy_hcd [ 1704.766909][T10008] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1704.776182][T10008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1704.931367][T24424] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1706.914760][T10008] usb 5-1: config 0 descriptor?? [ 1707.527516][T17039] usb 4-1: USB disconnect, device number 4 [ 1708.115406][T24416] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5012'. [ 1708.403298][T24446] overlayfs: failed to resolve './file2': -2 [ 1709.689954][T24453] loop4: detected capacity change from 0 to 7 [ 1709.768165][T24453] Dev loop4: unable to read RDB block 7 [ 1709.780650][T10008] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1709.791458][T24453] loop4: unable to read partition table [ 1709.801823][T10008] [drm:udl_init] *ERROR* Selecting channel failed [ 1710.119916][T24453] loop4: partition table beyond EOD, truncated [ 1710.164362][T24453] loop_reread_partitions: partition scan of loop4 (3 xC) failed (rc=-5) [ 1710.501658][T10008] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 1710.542409][T10008] [drm] Initialized udl on minor 2 [ 1710.628138][T10008] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1710.648360][T24453] SET target dimension over the limit! [ 1710.879577][T10008] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 1711.208122][T10008] usb 5-1: USB disconnect, device number 115 [ 1711.234123][T17039] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1711.247647][T17039] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 1712.676543][T24483] overlayfs: failed to resolve './file2': -2 [ 1715.585477][T24515] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 1715.592003][T24515] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1715.626869][T24515] vhci_hcd vhci_hcd.0: Device attached [ 1715.864117][ T9] usb 39-1: new low-speed USB device number 8 using vhci_hcd [ 1715.935747][T10008] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1716.154186][T10008] usb 4-1: Using ep0 maxpacket: 16 [ 1716.273869][T10008] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 8 [ 1716.760250][T10008] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00 [ 1716.891247][T10008] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1716.910564][T10008] usb 4-1: Product: syz [ 1716.921354][T10008] usb 4-1: Manufacturer: syz [ 1716.929304][T10008] usb 4-1: SerialNumber: syz [ 1716.955976][T10008] usb 4-1: config 0 descriptor?? [ 1717.114085][ T5701] usb 3-1: new high-speed USB device number 115 using dummy_hcd [ 1717.389379][ T5702] usb 4-1: USB disconnect, device number 5 [ 1717.397135][T24516] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 7 [ 1717.416539][ T6593] vhci_hcd vhci_hcd.3: stop threads [ 1717.422083][ T6593] vhci_hcd vhci_hcd.3: release socket [ 1717.428122][ T6593] vhci_hcd vhci_hcd.3: disconnect device [ 1717.605748][ T5701] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1717.617508][ T5701] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1717.647174][ T5701] usb 3-1: config 0 descriptor?? [ 1718.165407][T24525] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5040'. [ 1718.715938][T24525] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=24525 comm=syz.2.5040 [ 1718.821905][ T5701] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1718.891172][T24548] overlayfs: missing 'lowerdir' [ 1719.144274][ T5701] [drm:udl_init] *ERROR* Selecting channel failed [ 1719.231626][ T5701] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 1719.260885][ T5701] [drm] Initialized udl on minor 2 [ 1719.281429][ T5701] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1719.318051][ T5701] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 1719.353939][ T5702] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1719.365392][ T5701] usb 3-1: USB disconnect, device number 115 [ 1719.376837][ T5702] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 1719.584488][T10008] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 1719.814105][T10008] usb 4-1: Using ep0 maxpacket: 32 [ 1719.840826][T10008] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1719.870405][T10008] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 1719.895625][T10008] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1719.916729][T10008] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1719.949662][T10008] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1719.970443][T10008] usb 4-1: Product: syz [ 1719.979699][T10008] usb 4-1: Manufacturer: syz [ 1720.022774][T10008] usb 4-1: SerialNumber: syz [ 1720.126304][T10008] usb 4-1: config 0 descriptor?? [ 1720.295529][ T5701] usb 5-1: new high-speed USB device number 116 using dummy_hcd [ 1720.566888][T24571] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5055'. [ 1720.602403][ T5701] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1720.647604][T10008] gs_usb 4-1:0.0: Couldn't get device config: (err=-71) [ 1720.767437][T10008] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -71 [ 1720.777486][ T5701] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1720.882557][T10008] usb 4-1: USB disconnect, device number 6 [ 1720.903650][ T5701] usb 5-1: config 0 descriptor?? [ 1720.923890][T24573] syzkaller0: entered promiscuous mode [ 1720.957179][T24573] syzkaller0: entered allmulticast mode [ 1720.974889][ T9] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 1721.122984][T24577] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 1721.198894][T24558] xt_nfacct: accounting object `syz1' does not exist [ 1721.216542][T24558] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=24558 comm=syz.4.5052 [ 1721.243135][ T5701] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1721.254500][ T5701] [drm:udl_init] *ERROR* Selecting channel failed [ 1721.313945][ T5701] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 1721.330108][ T5701] [drm] Initialized udl on minor 2 [ 1721.347438][ T5701] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1721.363352][ T5701] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 1721.378906][ T5702] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1721.390421][ T5701] usb 5-1: USB disconnect, device number 116 [ 1721.411075][ T5702] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 1721.501809][T24584] netlink: 'syz.3.5060': attribute type 1 has an invalid length. [ 1721.574224][T17039] usb 3-1: new high-speed USB device number 116 using dummy_hcd [ 1721.688625][T24590] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5061'. [ 1721.844372][T17039] usb 3-1: Using ep0 maxpacket: 16 [ 1721.984324][T17039] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1722.002101][T17039] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1722.017390][T24588] netlink: 'syz.3.5060': attribute type 12 has an invalid length. [ 1722.031354][T17039] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1722.051501][T17039] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1722.092122][T17039] usb 3-1: No eUSB2 isoc ep 0x81 companion for config 1 interface 0 altsetting 0 [ 1722.390342][T17039] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1722.406879][T17039] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1722.436747][T17039] usb 3-1: Product: syz [ 1722.448031][T17039] usb 3-1: Manufacturer: syz [ 1722.593834][T17039] usb 3-1: SerialNumber: syz [ 1722.666349][ T9] usb 1-1: new high-speed USB device number 127 using dummy_hcd [ 1722.912065][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 1723.193859][ T9] usb 1-1: descriptor type invalid, skip [ 1723.196267][T24580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1723.210657][ T9] usb 1-1: config 2 has an invalid interface number: 250 but max is 1 [ 1723.221059][T24580] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1723.244068][ T9] usb 1-1: config 2 has an invalid interface number: 128 but max is 1 [ 1723.268816][T17039] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 1723.275948][ T9] usb 1-1: config 2 has no interface number 0 [ 1723.281578][T17039] cdc_ncm 3-1:1.0: bind() failure [ 1723.292433][ T9] usb 1-1: config 2 has no interface number 1 [ 1723.299323][T17039] usb 3-1: USB disconnect, device number 116 [ 1723.309952][ T9] usb 1-1: config 2 interface 250 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 1723.331112][ T9] usb 1-1: config 2 interface 250 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 1723.350640][ T9] usb 1-1: config 2 interface 250 altsetting 8 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 1723.363445][ T9] usb 1-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1723.389445][ T9] usb 1-1: config 2 interface 128 altsetting 9 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 1723.434015][ T9] usb 1-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1723.463175][ T9] usb 1-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1723.755564][ T9] usb 1-1: config 2 interface 128 altsetting 9 has a duplicate endpoint with address 0x9, skipping [ 1723.797663][ T9] usb 1-1: config 2 interface 250 has no altsetting 0 [ 1723.839218][ T9] usb 1-1: config 2 interface 128 has no altsetting 0 [ 1723.862098][T24618] nbd: must specify at least one socket [ 1723.874850][ T9] usb 1-1: New USB device found, idVendor=1b3d, idProduct=0160, bcdDevice=31.46 [ 1723.917665][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1723.962482][ T9] usb 1-1: Product: 鲿剹疔㟎뽽㢇斉㑴娭ᇼ攵폪釫룡鯗翚珍᎜획畭銶มኸ؀䣠쑰䐋鯼簉㼵费ᳫ僡⠇卶⡴뛳嗫찤ﶁ煩혅粁ꀴ梅﵆딩ꖨ茙盹瓴ߜှᇘ঎縧胍瑛⺁ℝӞ퓆敷쫮焏됬괺벵ञ烣簶첸Ʃ㒸휩젢泖莨ၽ呓⢫ﮅඟ祓툌똙恥맫꒹抅ೋ駢摸霏⚌馴죨谵ᬊ槭 [ 1724.404818][ T9] usb 1-1: Manufacturer: ࡠ [ 1724.450915][ T9] usb 1-1: SerialNumber: 倊 [ 1724.774713][ T9] ftdi_sio 1-1:2.250: FTDI USB Serial Device converter detected [ 1724.804977][ T9] ftdi_sio ttyUSB0: unknown device type: 0x3146 [ 1724.870366][ T9] ftdi_sio 1-1:2.128: FTDI USB Serial Device converter detected [ 1724.893309][ T9] ftdi_sio ttyUSB1: unknown device type: 0x3146 [ 1724.932748][ T9] usb 1-1: USB disconnect, device number 127 [ 1724.944284][T10008] usb 3-1: new high-speed USB device number 117 using dummy_hcd [ 1724.975296][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 1724.981918][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 1725.020221][ T9] ftdi_sio 1-1:2.250: device disconnected [ 1725.060539][ T9] ftdi_sio 1-1:2.128: device disconnected [ 1725.134129][T10008] usb 3-1: Using ep0 maxpacket: 16 [ 1725.148828][T10008] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1725.166076][T10008] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1725.195373][T10008] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= f.89 [ 1725.216806][T10008] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1725.228269][T10008] usb 3-1: SerialNumber: syz [ 1725.260720][T10008] usb 3-1: 0:2 : does not exist [ 1725.590579][T24642] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5077'. [ 1727.157485][T24672] nbd: must specify a size in bytes for the device [ 1728.496039][T10008] usb 3-1: 5:0: cannot get min/max values for control 5 (id 5) [ 1728.505116][T24683] syzkaller0: entered promiscuous mode [ 1728.516257][T24683] syzkaller0: entered allmulticast mode [ 1728.532983][T24683] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 1728.564944][T10008] usb 3-1: 5:0: cannot get min/max values for control 5 (id 5) [ 1728.671171][T10008] usb 3-1: 5:0: cannot get min/max values for control 5 (id 5) [ 1728.840068][T10008] usb 3-1: USB disconnect, device number 117 [ 1729.044265][T24695] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5088'. [ 1729.080899][T24695] bridge0: port 3(syz_tun) entered disabled state [ 1729.089518][T24695] bridge0: port 2(bridge_slave_1) entered disabled state [ 1729.097768][T24695] bridge0: port 1(bridge_slave_0) entered disabled state [ 1729.227805][T24699] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5089'. [ 1729.240506][T24699] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5089'. [ 1730.137607][ T9] usb 5-1: new high-speed USB device number 117 using dummy_hcd [ 1730.535680][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1730.547059][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 1730.571623][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1730.605320][ T9] usb 5-1: config 0 descriptor?? [ 1730.616799][T24722] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5094'. [ 1730.626519][T24722] bridge0: port 3(syz_tun) entered disabled state [ 1730.633119][T24722] bridge0: port 2(bridge_slave_1) entered disabled state [ 1730.640523][T24722] bridge0: port 1(bridge_slave_0) entered disabled state [ 1730.669772][ T9] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 1731.296591][ T5798] usb 3-1: new full-speed USB device number 118 using dummy_hcd [ 1731.752829][ T9] usb 5-1: USB disconnect, device number 117 [ 1731.765382][ T5798] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1731.832176][ T5798] usb 3-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1731.856727][ T5798] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1731.899562][ T5798] usb 3-1: Product: syz [ 1731.915673][ T5798] usb 3-1: Manufacturer: syz [ 1731.948805][ T5798] usb 3-1: SerialNumber: syz [ 1731.971636][ T5798] usb 3-1: config 0 descriptor?? [ 1732.014887][ T5798] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1732.179611][T24739] FAULT_INJECTION: forcing a failure. [ 1732.179611][T24739] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.193105][T24739] CPU: 0 UID: 0 PID: 24739 Comm: syz.1.5099 Tainted: G L syzkaller #0 PREEMPT(full) [ 1732.193143][T24739] Tainted: [L]=SOFTLOCKUP [ 1732.193150][T24739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/10/2026 [ 1732.193161][T24739] Call Trace: [ 1732.193167][T24739] [ 1732.193174][T24739] dump_stack_lvl+0x100/0x190 [ 1732.193205][T24739] should_fail_ex.cold+0x5/0xa [ 1732.193231][T24739] should_failslab+0xc2/0x120 [ 1732.193256][T24739] kmem_cache_alloc_noprof+0x91/0x6a0 [ 1732.193279][T24739] ? do_getname+0x35/0x390 [ 1732.193304][T24739] do_getname+0x35/0x390 [ 1732.193326][T24739] do_sys_openat2+0xc7/0x1e0 [ 1732.193347][T24739] ? __pfx_do_sys_openat2+0x10/0x10 [ 1732.193370][T24739] ? __x64_sys_openat+0x1a5/0x210 [ 1732.193397][T24739] __x64_sys_openat+0x12d/0x210 [ 1732.193417][T24739] ? __pfx___x64_sys_openat+0x10/0x10 [ 1732.193438][T24739] ? ksys_write+0x1ac/0x250 [ 1732.193460][T24739] do_syscall_64+0x115/0x870 [ 1732.193484][T24739] ? clear_bhb_loop+0x40/0x90 [ 1732.193504][T24739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1732.193522][T24739] RIP: 0033:0x7f5deff9ce59 [ 1732.193537][T24739] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1732.193554][T24739] RSP: 002b:00007f5df0dd3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1732.193571][T24739] RAX: ffffffffffffffda RBX: 00007f5df0216090 RCX: 00007f5deff9ce59 [ 1732.193582][T24739] RDX: 0000000000000101 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1732.193593][T24739] RBP: 00007f5df0dd3090 R08: 0000000000000000 R09: 0000000000000000 [ 1732.193603][T24739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1732.193613][T24739] R13: 00007f5df0216128 R14: 00007f5df0216090 R15: 00007ffd2f6378e8 [ 1732.193636][T24739] [ 1732.201266][T24741] binder: 24740:24741 ioctl 541b 0 returned -22 [ 1732.666826][ T5798] gspca_pac7302: reg_w() failed i: ff v: 01 error -110 [ 1732.690902][ T5798] gspca_pac7302 3-1:0.0: probe with driver gspca_pac7302 failed with error -110 [ 1732.833424][ T29] audit: type=1800 audit(1732.792:880): pid=24747 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.5102" name="file0" dev="overlay" ino=5533 res=0 errno=0 [ 1732.878568][T24753] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 1732.885133][T24753] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1732.902886][T24753] vhci_hcd vhci_hcd.0: Device attached [ 1733.124221][ T5798] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1733.125222][ T9] usb 2-1: new high-speed USB device number 123 using dummy_hcd [ 1733.356087][ T5702] usb 39-1: new low-speed USB device number 9 using vhci_hcd [ 1733.363582][ T5701] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1733.371134][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 1733.385234][ T9] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 1733.394783][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1733.405408][ T9] usb 2-1: config 0 descriptor?? [ 1733.405731][T24763] IPVS: Error joining to the multicast group [ 1733.414361][ T9] gspca_main: sq930x-2.14.0 probing 041e:403c [ 1733.524428][ T5701] usb 4-1: Using ep0 maxpacket: 16 [ 1733.544247][ T5701] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1733.718775][ T5701] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00 [ 1733.731413][ T5701] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1733.741776][ T5701] usb 4-1: Product: syz [ 1733.793935][ T5701] usb 4-1: Manufacturer: syz [ 1733.802189][ T5701] usb 4-1: SerialNumber: syz [ 1733.892004][ T5701] usb 4-1: config 0 descriptor?? [ 1733.901598][ T5701] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1733.920740][T24750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1733.939490][ T5701] usb 4-1: Detected FT232B [ 1733.948055][T24750] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1733.990261][ T9] gspca_sq930x: ucbus_write failed -71 [ 1733.999998][ T9] sq930x 2-1:0.0: probe with driver sq930x failed with error -71 [ 1734.017763][ T9] usb 2-1: USB disconnect, device number 123 [ 1734.134774][ T5701] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1734.143023][T24754] vhci_hcd: connection reset by peer [ 1734.151229][ T5701] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1734.158792][T12328] vhci_hcd vhci_hcd.3: stop threads [ 1734.165003][ T5701] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1734.173700][T12328] vhci_hcd vhci_hcd.3: release socket [ 1734.181973][T24774] loop4: detected capacity change from 0 to 7 [ 1734.188961][T12328] vhci_hcd vhci_hcd.3: disconnect device [ 1734.199971][T24774] Dev loop4: unable to read RDB block 7 [ 1734.207291][ T5701] usb 4-1: USB disconnect, device number 7 [ 1734.222712][T24774] loop4: unable to read partition table [ 1734.240180][ T5701] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1734.251959][ T5701] ftdi_sio 4-1:0.0: device disconnected [ 1734.259258][T24774] loop4: partition table beyond EOD, truncated [ 1734.276790][T24774] loop_reread_partitions: partition scan of loop4 (3 xC) failed (rc=-5) [ 1734.323680][T24774] SET target dimension over the limit! [ 1734.492706][ T5798] usb 3-1: USB disconnect, device number 118 [ 1734.675994][T24779] syzkaller0: entered promiscuous mode [ 1734.681988][T24779] syzkaller0: entered allmulticast mode [ 1734.698001][T24779] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 1735.891490][ T29] audit: type=1400 audit(1735.842:881): avc: denied { accept } for pid=24797 comm="syz.4.5118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 1735.937320][T24798] dummy0 speed is unknown, defaulting to 1000 [ 1737.185808][T24821] loop4: detected capacity change from 0 to 7 [ 1737.234150][T24821] Dev loop4: unable to read RDB block 7 [ 1737.259748][T24821] loop4: unable to read partition table [ 1737.305465][T24821] loop4: partition table beyond EOD, truncated [ 1737.306124][T24824] SET target dimension over the limit! [ 1737.393108][T24821] loop_reread_partitions: partition scan of loop4 (3 xC) failed (rc=-5) [ 1737.494311][ T29] audit: type=1400 audit(1737.462:882): avc: denied { getopt } for pid=24814 comm="syz.3.5122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 1737.637615][T24830] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1737.673288][T24830] IPVS: Error joining to the multicast group [ 1738.050435][ T4976] Dev loop4: unable to read RDB block 7 [ 1738.069529][ T4976] loop4: unable to read partition table [ 1738.100662][ T4976] loop4: partition table beyond EOD, truncated [ 1738.104133][T24837] netlink: 'syz.4.5129': attribute type 4 has an invalid length. [ 1738.405979][T24833] syzkaller1: entered promiscuous mode [ 1738.411465][T24833] syzkaller1: entered allmulticast mode [ 1738.498653][ T5702] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 1738.684289][ T5798] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 1738.954033][ T5798] usb 4-1: Using ep0 maxpacket: 16 [ 1738.976424][ T5798] usb 4-1: descriptor type invalid, skip [ 1738.997239][ T5798] usb 4-1: config 2 has an invalid interface number: 250 but max is 1 [ 1739.042631][ T5798] usb 4-1: config 2 has an invalid interface number: 128 but max is 1 [ 1739.079473][ T5798] usb 4-1: config 2 has no interface number 0 [ 1739.100569][ T5798] usb 4-1: config 2 has no interface number 1 [ 1739.130814][ T5798] usb 4-1: config 2 interface 250 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 1739.202389][ T5798] usb 4-1: config 2 interface 250 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 1739.237571][ T5798] usb 4-1: config 2 interface 250 altsetting 8 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 1739.254114][ T5798] usb 4-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1739.305795][ T5798] usb 4-1: config 2 interface 128 altsetting 9 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 1739.352311][ T5798] usb 4-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1739.410963][ T5798] usb 4-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1739.577161][T24855] syzkaller1: entered promiscuous mode [ 1739.582778][T24855] syzkaller1: entered allmulticast mode [ 1739.752118][T24851] kAFS: unable to lookup cell '' [ 1739.765606][ T5798] usb 4-1: config 2 interface 128 altsetting 9 has a duplicate endpoint with address 0x9, skipping [ 1739.785849][T24851] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5133'. [ 1739.815436][ T5798] usb 4-1: config 2 interface 250 has no altsetting 0 [ 1739.836494][ T5798] usb 4-1: config 2 interface 128 has no altsetting 0 [ 1739.964606][ T5701] usb 3-1: new high-speed USB device number 119 using dummy_hcd [ 1739.982324][ T5798] usb 4-1: New USB device found, idVendor=1b3d, idProduct=0160, bcdDevice=31.46 [ 1740.005695][ T5798] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1740.016764][T24859] /dev/nullb0: Can't open blockdev [ 1740.038191][ T5798] usb 4-1: Product: 鲿剹疔㟎뽽㢇斉㑴娭ᇼ攵폪釫룡鯗翚珍᎜획畭銶มኸ؀䣠쑰䐋鯼簉㼵费ᳫ僡⠇卶⡴뛳嗫찤ﶁ煩혅粁ꀴ梅﵆딩ꖨ茙盹瓴ߜှᇘ঎縧胍瑛⺁ℝӞ퓆敷쫮焏됬괺벵ञ烣簶첸Ʃ㒸휩젢泖莨ၽ呓⢫ﮅඟ祓툌똙恥맫꒹抅ೋ駢摸霏⚌馴죨谵ᬊ槭 [ 1740.086143][ T5798] usb 4-1: Manufacturer: ࡠ [ 1740.091020][ T5798] usb 4-1: SerialNumber: 倊 [ 1740.154100][ T5701] usb 3-1: Using ep0 maxpacket: 16 [ 1740.165392][ T5701] usb 3-1: descriptor type invalid, skip [ 1740.180513][ T5701] usb 3-1: config 2 has an invalid interface number: 128 but max is 0 [ 1740.189716][ T5701] usb 3-1: config 2 has no interface number 0 [ 1740.196426][ T5701] usb 3-1: config 2 interface 128 altsetting 9 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 1740.208106][ T5701] usb 3-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1740.220216][ T5701] usb 3-1: config 2 interface 128 altsetting 9 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 1740.232102][ T5701] usb 3-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1740.243504][ T5701] usb 3-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1740.254975][ T5701] usb 3-1: config 2 interface 128 altsetting 9 has a duplicate endpoint with address 0x9, skipping [ 1740.266274][ T5701] usb 3-1: config 2 interface 128 has no altsetting 0 [ 1740.279707][ T5701] usb 3-1: New USB device found, idVendor=1b3d, idProduct=0160, bcdDevice=31.46 [ 1740.289309][ T5701] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1740.297787][ T5701] usb 3-1: Product: 鲿剹疔㟎뽽㢇斉㑴娭ᇼ攵폪釫룡鯗翚珍᎜획畭銶มኸ؀䣠쑰䐋鯼簉㼵费ᳫ僡⠇卶⡴뛳嗫찤ﶁ煩혅粁ꀴ梅﵆딩ꖨ茙盹瓴ߜှᇘ঎縧胍瑛⺁ℝӞ퓆敷쫮焏됬괺벵ञ烣簶첸Ʃ㒸휩젢泖莨ၽ呓⢫ﮅඟ祓툌똙恥맫꒹抅ೋ駢摸霏⚌馴죨谵ᬊ槭 [ 1740.337399][ T5701] usb 3-1: Manufacturer: ࡠ [ 1740.346560][ T5701] usb 3-1: SerialNumber: 倊 [ 1740.349306][ T5798] ftdi_sio 4-1:2.250: FTDI USB Serial Device converter detected [ 1740.425440][ T5798] ftdi_sio ttyUSB0: unknown device type: 0x3146 [ 1740.472483][ T5798] ftdi_sio 4-1:2.128: FTDI USB Serial Device converter detected [ 1740.501067][ T5798] ftdi_sio ttyUSB1: unknown device type: 0x3146 [ 1740.534363][ T5798] usb 4-1: USB disconnect, device number 8 [ 1740.566989][ T5798] ftdi_sio 4-1:2.250: device disconnected [ 1740.598327][ T5798] ftdi_sio 4-1:2.128: device disconnected [ 1740.625189][ T5701] ftdi_sio 3-1:2.128: FTDI USB Serial Device converter detected [ 1740.679828][T24858] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1740.685925][T24858] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1740.691927][T24858] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1740.698069][T24858] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1741.066711][ T5701] ftdi_sio ttyUSB0: unknown device type: 0x3146 [ 1741.095713][ T5701] usb 3-1: USB disconnect, device number 119 [ 1741.107276][ T5701] ftdi_sio 3-1:2.128: device disconnected [ 1742.254122][T24304] Bluetooth: hci1: command 0x0c1a tx timeout [ 1742.640044][T24882] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5140'. [ 1742.784309][T24304] Bluetooth: hci4: command 0x0c1a tx timeout [ 1742.790511][T24304] Bluetooth: hci3: command 0x0c1a tx timeout [ 1742.801241][T19599] Bluetooth: hci2: command 0x0c1a tx timeout [ 1742.884155][T24886] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1742.971356][T24890] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 3, id = 0 [ 1745.754822][T24917] syzkaller1: entered promiscuous mode [ 1745.760301][T24917] syzkaller1: entered allmulticast mode [ 1746.034639][ T5798] usb 2-1: new high-speed USB device number 124 using dummy_hcd [ 1746.225233][ T994] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 1746.248018][ T5798] usb 2-1: Using ep0 maxpacket: 16 [ 1746.886054][ T5798] usb 2-1: descriptor type invalid, skip [ 1746.961512][ T5798] usb 2-1: config 2 has an invalid interface number: 128 but max is 0 [ 1746.995911][ T5798] usb 2-1: config 2 has no interface number 0 [ 1747.003339][ T5798] usb 2-1: config 2 interface 128 altsetting 9 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 1747.017948][ T5798] usb 2-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1747.030087][ T5798] usb 2-1: config 2 interface 128 altsetting 9 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 1747.043757][ T5798] usb 2-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1747.059237][ T5798] usb 2-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1747.071171][ T5798] usb 2-1: config 2 interface 128 altsetting 9 has a duplicate endpoint with address 0x9, skipping [ 1747.082607][ T5798] usb 2-1: config 2 interface 128 has no altsetting 0 [ 1747.093171][ T5798] usb 2-1: New USB device found, idVendor=1b3d, idProduct=0160, bcdDevice=31.46 [ 1747.103047][ T5798] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1747.123341][ T5798] usb 2-1: Product: 鲿剹疔㟎뽽㢇斉㑴娭ᇼ攵폪釫룡鯗翚珍᎜획畭銶มኸ؀䣠쑰䐋鯼簉㼵费ᳫ僡⠇卶⡴뛳嗫찤ﶁ煩혅粁ꀴ梅﵆딩ꖨ茙盹瓴ߜှᇘ঎縧胍瑛⺁ℝӞ퓆敷쫮焏됬괺벵ञ烣簶첸Ʃ㒸휩젢泖莨ၽ呓⢫ﮅඟ祓툌똙恥맫꒹抅ೋ駢摸霏⚌馴죨谵ᬊ槭 [ 1747.189632][ T5798] usb 2-1: Manufacturer: ࡠ [ 1747.195336][ T5798] usb 2-1: SerialNumber: 倊 [ 1747.501669][ T5702] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 1747.513048][ T5798] ftdi_sio 2-1:2.128: FTDI USB Serial Device converter detected [ 1747.540250][ T5798] ftdi_sio ttyUSB0: unknown device type: 0x3146 [ 1747.623160][ T5798] usb 2-1: USB disconnect, device number 124 [ 1747.678403][ T5798] ftdi_sio 2-1:2.128: device disconnected [ 1747.705621][ T5702] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1747.731194][ T5702] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1747.748921][ T5702] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1747.765893][ T5702] usb 1-1: Product: syz [ 1747.782750][ T5702] usb 1-1: Manufacturer: syz [ 1747.796185][ T5702] usb 1-1: SerialNumber: syz [ 1747.810744][ T5702] usb 1-1: config 0 descriptor?? [ 1747.824163][ T5702] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1748.948351][ T5701] usb 5-1: new high-speed USB device number 118 using dummy_hcd [ 1748.963833][T24943] IPVS: Error joining to the multicast group [ 1748.980666][ T5702] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 1748.996278][T24961] nbd: must specify a size in bytes for the device [ 1748.998929][ T5702] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 1749.029419][ T5702] usb 1-1: USB disconnect, device number 3 [ 1749.116391][ T5701] usb 5-1: Using ep0 maxpacket: 8 [ 1749.136410][ T5701] usb 5-1: config 0 has an invalid interface number: 111 but max is 12 [ 1749.149977][ T5701] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 1749.159721][ T5701] usb 5-1: config 0 has no interface number 0 [ 1749.168123][ T5701] usb 5-1: too many endpoints for config 0 interface 111 altsetting 114: 107, using maximum allowed: 30 [ 1749.180999][ T5701] usb 5-1: config 0 interface 111 altsetting 114 has 0 endpoint descriptors, different from the interface descriptor's value: 107 [ 1749.194225][ T5798] usb 2-1: new high-speed USB device number 125 using dummy_hcd [ 1749.194946][ T5701] usb 5-1: config 0 interface 111 has no altsetting 0 [ 1749.211799][ T5701] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 1749.223400][ T5701] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1749.238787][ T5701] usb 5-1: Product: syz [ 1749.244175][ T5701] usb 5-1: Manufacturer: syz [ 1749.248888][ T5701] usb 5-1: SerialNumber: syz [ 1749.262096][ T5701] usb 5-1: config 0 descriptor?? [ 1749.375785][ T5798] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1749.395708][ T5798] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1749.410769][ T5798] usb 2-1: New USB device found, idVendor=046d, idProduct=0990, bcdDevice= 0.40 [ 1749.421712][ T5798] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1749.430002][ T5798] usb 2-1: Product: syz [ 1749.434660][ T5798] usb 2-1: Manufacturer: syz [ 1749.439429][ T5798] usb 2-1: SerialNumber: syz [ 1749.561034][ T5701] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 1749.601152][ T5701] gspca_zc3xx: reg_w_i err -71 [ 1749.807146][T24967] loop3: detected capacity change from 0 to 7 [ 1749.840820][T24967] Dev loop3: unable to read RDB block 7 [ 1749.871790][T24967] loop3: unable to read partition table [ 1749.906617][T24967] loop3: partition table beyond EOD, truncated [ 1749.919454][T24967] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 1749.989864][ T5798] usb 2-1: 0:1 : does not exist [ 1750.021623][ T5798] usb 2-1: unit 6 not found! [ 1750.040760][ T5798] usb 2-1: unit 2 not found! [ 1750.120761][ T5798] usb 2-1: USB disconnect, device number 125 [ 1750.166307][ T29] audit: type=1400 audit(1750.132:883): avc: denied { create } for pid=24979 comm="syz.2.5171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1750.205515][ T5701] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 1750.217327][ T5701] gspca_zc3xx 5-1:0.111: probe with driver gspca_zc3xx failed with error -71 [ 1750.265810][ T5701] usb 5-1: USB disconnect, device number 118 [ 1750.626252][ T29] audit: type=1400 audit(1750.592:884): avc: denied { append } for pid=24987 comm="syz.4.5175" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 1751.803674][ T5798] usb 2-1: new full-speed USB device number 126 using dummy_hcd [ 1752.552981][T24885] Bluetooth: hci2: Malformed LE Event: 0x0b [ 1752.612381][T25008] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 1752.618949][T25008] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1752.637347][T25008] vhci_hcd vhci_hcd.0: Device attached [ 1752.775544][ T5798] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1752.804216][ T5798] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 1752.824443][ T5798] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 1752.835969][ T5798] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1752.847879][ T5798] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1752.872190][ T5798] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 1753.066892][T25015] bridge0: port 3(syz_tun) entered blocking state [ 1753.073442][T25015] bridge0: port 3(syz_tun) entered listening state [ 1753.090579][T25015] bond0: left promiscuous mode [ 1753.117135][T25015] bond_slave_0: left promiscuous mode [ 1753.128337][T25015] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1753.141389][T25015] 8021q: adding VLAN 0 to HW filter on device team0 [ 1753.170080][T25015] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1753.251932][ T5798] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 1753.264052][ T5701] usb 33-1: new low-speed USB device number 11 using vhci_hcd [ 1753.271158][T25015] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1753.271797][ T5702] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1753.281337][T25015] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1753.298358][T25015] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1753.309113][T25015] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1753.325793][T25015] veth0_vlan: left promiscuous mode [ 1753.332544][T25015] veth0_vlan: entered promiscuous mode [ 1753.343157][T25015] veth1_macvtap: left promiscuous mode [ 1753.349660][T25015] veth0_macvtap: left promiscuous mode [ 1753.356407][T25015] veth0_macvtap: entered promiscuous mode [ 1753.362953][T25015] veth1_macvtap: entered promiscuous mode [ 1753.373395][T25015] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1753.381235][T25015] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1753.389848][T25015] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1753.398102][T25015] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1753.432687][T25015] veth0_to_batadv: entered promiscuous mode [ 1753.438684][T25015] veth0_to_batadv: entered allmulticast mode [ 1753.444992][T25015] macsec1: left promiscuous mode [ 1753.450071][T25015] macsec1: left allmulticast mode [ 1753.455557][T25015] veth0_to_batadv: left allmulticast mode [ 1753.462154][T25015] macsec2: left promiscuous mode [ 1753.553997][ T24] dummy0 speed is unknown, defaulting to 1000 [ 1753.560122][ T24] syz1: Port: 1 Link ACTIVE [ 1753.564876][ T5798] usb 2-1: Product: syz [ 1753.570791][ T5798] usb 2-1: Manufacturer: syz [ 1753.577564][ T5798] usb 2-1: SerialNumber: syz [ 1753.584683][ T5798] usb 2-1: config 0 descriptor?? [ 1753.592044][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 1753.599272][ T47] bridge0: port 1(bridge_slave_0) entered listening state [ 1753.689482][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 1753.696676][ T47] bridge0: port 2(bridge_slave_1) entered listening state [ 1753.764352][ T5702] usb 1-1: Using ep0 maxpacket: 16 [ 1753.789497][ T5702] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1753.817661][ T5702] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00 [ 1753.835277][ T5702] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1753.851472][ T5702] usb 1-1: Product: syz [ 1753.851541][T14295] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1753.856117][ T5702] usb 1-1: Manufacturer: syz [ 1753.865752][T14295] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1753.869987][ T5702] usb 1-1: SerialNumber: syz [ 1753.881686][T10008] dummy0 speed is unknown, defaulting to 1000 [ 1753.889413][T25023] overlayfs: failed to resolve './file1': -2 [ 1753.898243][ T5798] radio-si470x 2-1:0.0: DeviceID=0x39fb ChipID=0xed05 [ 1753.904850][T12328] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1753.923863][ T5702] usb 1-1: config 0 descriptor?? [ 1753.957055][ T5702] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 1753.971188][ T9] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1753.993591][T12328] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1754.006648][ T5702] usb 1-1: Detected FT232B [ 1754.025326][T10008] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 1754.033231][T14295] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1754.060648][T14295] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1754.078455][ T9] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1754.086452][T14295] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1754.099199][ T5798] radio-si470x 2-1:0.0: software version 57, hardware version 251 [ 1754.107191][T14295] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1754.118248][T14295] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1754.127527][T14295] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1754.158664][ T5702] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1754.167803][T25010] usbip_core: unknown command [ 1754.176790][ T5702] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1754.183774][T25010] vhci_hcd: unknown pdu 302055424 [ 1754.190888][T25010] usbip_core: unknown command [ 1754.199138][T12328] vhci_hcd vhci_hcd.0: stop threads [ 1754.205444][ T5702] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1754.214588][T12328] vhci_hcd vhci_hcd.0: release socket [ 1754.217452][T10008] usb 3-1: Using ep0 maxpacket: 32 [ 1754.225653][T12328] vhci_hcd vhci_hcd.0: disconnect device [ 1754.231833][ T5702] usb 1-1: USB disconnect, device number 4 [ 1754.252311][ T5702] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1754.266588][T10008] usb 3-1: config index 0 descriptor too short (expected 539, got 27) [ 1754.267268][ T5702] ftdi_sio 1-1:0.0: device disconnected [ 1754.294120][ T24] usb 5-1: new high-speed USB device number 119 using dummy_hcd [ 1754.305879][T10008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 255, changing to 11 [ 1754.319440][T10008] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 59391, setting to 1024 [ 1754.335004][T10008] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 1754.347326][T10008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1754.355858][T10008] usb 3-1: Product: syz [ 1754.360203][T10008] usb 3-1: Manufacturer: syz [ 1754.365573][T10008] usb 3-1: SerialNumber: syz [ 1754.377348][T10008] usb 3-1: config 0 descriptor?? [ 1754.390526][T25022] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1754.399999][T10008] hub 3-1:0.0: bad descriptor, ignoring hub [ 1754.406970][T10008] hub 3-1:0.0: probe with driver hub failed with error -5 [ 1754.435806][T10008] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input118 [ 1754.466050][ T24] usb 5-1: config 127 has an invalid interface number: 57 but max is 0 [ 1754.489613][ T24] usb 5-1: config 127 has no interface number 0 [ 1754.502252][ T24] usb 5-1: config 127 interface 57 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1754.513171][ T24] usb 5-1: config 127 interface 57 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1023 [ 1754.514678][ T188] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1754.541441][ T24] usb 5-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=d2.4b [ 1754.566385][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1754.581666][ T24] usb 5-1: Product: syz [ 1754.586910][ T24] usb 5-1: Manufacturer: syz [ 1754.591765][ T24] usb 5-1: SerialNumber: syz [ 1754.625340][ T5798] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -110 [ 1754.665913][ T5798] radio-si470x 2-1:0.0: submitting int urb failed (-90) [ 1754.679807][ T5798] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -32 [ 1754.698457][T25026] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 1754.733607][T25026] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 1754.776389][ T5798] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -22 [ 1754.915392][ T188] usb 3-1: USB disconnect, device number 120 [ 1754.915426][ C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 1755.295131][ T24] asix 5-1:127.57: probe with driver asix failed with error -71 [ 1755.328602][ T188] usb 2-1: USB disconnect, device number 126 [ 1755.351990][ T24] usb 5-1: USB disconnect, device number 119 [ 1755.827937][T14293] Bluetooth: (null): Too short H5 packet [ 1755.853765][T14293] Bluetooth: (null): Invalid header checksum [ 1755.937697][ T47] Bluetooth: (null): Too short H5 packet [ 1755.946693][ T47] Bluetooth: (null): Invalid header checksum [ 1757.271114][T25068] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5195'. [ 1757.288940][T25068] overlayfs: failed to resolve './file2': -2 [ 1757.694158][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1758.416256][ T5701] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 1758.470743][T25072] tipc: Enabling of bearer rejected, failed to enable media [ 1758.640513][T25078] binder_alloc: 25077: binder_alloc_buf, no vma [ 1758.968151][T25081] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5200'. [ 1759.094051][ T188] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1759.256130][ T188] usb 1-1: Using ep0 maxpacket: 16 [ 1759.380317][ T188] usb 1-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 16 [ 1759.566855][ T188] usb 1-1: config 1 interface 0 altsetting 9 bulk endpoint 0x82 has invalid maxpacket 64 [ 1759.595309][ T188] usb 1-1: config 1 interface 0 has no altsetting 0 [ 1759.628634][ T188] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1759.641953][ T188] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1759.676699][ T188] usb 1-1: Product: ఇ [ 1759.698921][ T188] usb 1-1: Manufacturer:  [ 1759.726256][ T188] usb 1-1: SerialNumber: syz [ 1759.753593][T25078] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1759.771230][T25078] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1759.964602][ T24] usb 2-1: new high-speed USB device number 127 using dummy_hcd [ 1760.027234][ T29] audit: type=1400 audit(1759.862:885): avc: denied { write } for pid=25091 comm="syz.4.5204" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 1760.101385][ T188] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 9 proto 1 vid 0x0525 pid 0xA4A8 [ 1760.137282][ T188] usb 1-1: USB disconnect, device number 5 [ 1760.217328][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1760.238773][ T188] usblp0: removed [ 1760.261502][T25078] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5199'. [ 1760.274411][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1760.367051][ T24] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1760.400429][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1760.430147][ T24] usb 2-1: config 0 descriptor?? [ 1761.744628][ T24] usb 2-1: language id specifier not provided by device, defaulting to English [ 1761.986784][ T24] uclogic 0003:256C:006D.0045: failed retrieving string descriptor #200: -71 [ 1762.046118][ T24] uclogic 0003:256C:006D.0045: failed retrieving pen parameters: -71 [ 1762.073762][ T24] uclogic 0003:256C:006D.0045: failed probing pen v2 parameters: -71 [ 1762.097941][ T24] uclogic 0003:256C:006D.0045: failed probing parameters: -71 [ 1762.099903][ T29] audit: type=1326 audit(1762.062:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25120 comm="syz.0.5212" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f040419ce59 code=0x0 [ 1762.105899][ T24] uclogic 0003:256C:006D.0045: probe with driver uclogic failed with error -71 [ 1762.274194][T17039] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1762.360108][ T24] usb 2-1: USB disconnect, device number 127 [ 1762.362227][ T29] audit: type=1326 audit(1762.292:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25120 comm="syz.0.5212" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040419ce59 code=0x7ffc0000 [ 1762.419687][ T29] audit: type=1326 audit(1762.292:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25120 comm="syz.0.5212" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040419ce59 code=0x7ffc0000 [ 1762.456856][ T29] audit: type=1326 audit(1762.302:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25120 comm="syz.0.5212" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040419ce59 code=0x7ffc0000 [ 1762.476359][T17039] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1762.500898][T17039] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1762.512643][ T29] audit: type=1326 audit(1762.302:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25120 comm="syz.0.5212" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040419ce59 code=0x7ffc0000 [ 1762.544086][T17039] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1762.553157][T17039] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1762.608147][ T5701] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1762.646184][T17039] usb 4-1: config 0 descriptor?? [ 1762.831563][ T29] audit: type=1326 audit(1762.302:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25120 comm="syz.0.5212" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f040419ce59 code=0x7ffc0000 [ 1762.990429][ T5701] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1763.002660][ T5701] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1763.019156][ T29] audit: type=1326 audit(1762.302:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25120 comm="syz.0.5212" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040419ce59 code=0x7ffc0000 [ 1763.051519][ T5701] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1763.062739][ T5701] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1763.076693][ T29] audit: type=1326 audit(1762.302:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25120 comm="syz.0.5212" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040419ce59 code=0x7ffc0000 [ 1763.103203][ T5701] usb 1-1: SerialNumber: syz [ 1763.140261][ T29] audit: type=1326 audit(1762.302:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25120 comm="syz.0.5212" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f040419ce59 code=0x7ffc0000 [ 1763.234253][ T24] usb 3-1: new full-speed USB device number 121 using dummy_hcd [ 1763.622099][T25138] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5218'. [ 1763.651437][T25138] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5218'. [ 1763.661400][T25138] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5218'. [ 1763.782478][T17039] usb 4-1: language id specifier not provided by device, defaulting to English [ 1763.822291][ T24] usb 3-1: not running at top speed; connect to a high speed hub [ 1763.833928][ T24] usb 3-1: config 4 has an invalid interface number: 189 but max is 0 [ 1763.843074][ T24] usb 3-1: config 4 has no interface number 0 [ 1763.849604][ T24] usb 3-1: config 4 interface 189 has no altsetting 0 [ 1764.456089][T25145] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5220'. [ 1764.681588][ T24] usb 3-1: New USB device found, idVendor=19d2, idProduct=ff61, bcdDevice=b0.89 [ 1764.778712][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1764.850553][T17039] uclogic 0003:256C:006D.0046: failed retrieving string descriptor #200: -71 [ 1764.914028][ T24] usb 3-1: Product: syz [ 1764.925648][T17039] uclogic 0003:256C:006D.0046: failed retrieving pen parameters: -71 [ 1764.944785][ T24] usb 3-1: Manufacturer: syz [ 1764.954006][ T24] usb 3-1: SerialNumber: syz [ 1764.960469][T17039] uclogic 0003:256C:006D.0046: failed probing pen v2 parameters: -71 [ 1764.981456][T17039] uclogic 0003:256C:006D.0046: failed probing parameters: -71 [ 1764.989825][T17039] uclogic 0003:256C:006D.0046: probe with driver uclogic failed with error -71 [ 1765.045022][ T29] kauditd_printk_skb: 302 callbacks suppressed [ 1765.045037][ T29] audit: type=1326 audit(1765.002:1197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25120 comm="syz.0.5212" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f040415d68e code=0x7ffc0000 [ 1765.134186][T17039] usb 4-1: USB disconnect, device number 10 [ 1765.294899][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1765.569172][T25153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1765.592249][ T5701] usb 1-1: 0:2 : does not exist [ 1765.654800][T25153] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1765.703645][T25132] loop2: detected capacity change from 0 to 7 [ 1765.718078][ T5701] usb 1-1: USB disconnect, device number 6 [ 1765.739581][T25132] Dev loop2: unable to read RDB block 7 [ 1765.775179][T25132] loop2: AHDI p1 p2 p3 [ 1765.785956][T20900] udevd[20900]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1765.808122][T25132] loop2: partition table partially beyond EOD, truncated [ 1765.837111][T25132] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1765.857988][T25132] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1766.263663][T25166] FAULT_INJECTION: forcing a failure. [ 1766.263663][T25166] name failslab, interval 1, probability 0, space 0, times 0 [ 1766.455020][T25166] CPU: 0 UID: 0 PID: 25166 Comm: syz.3.5226 Tainted: G L syzkaller #0 PREEMPT(full) [ 1766.455054][T25166] Tainted: [L]=SOFTLOCKUP [ 1766.455061][T25166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/10/2026 [ 1766.455072][T25166] Call Trace: [ 1766.455080][T25166] [ 1766.455088][T25166] dump_stack_lvl+0x100/0x190 [ 1766.455121][T25166] should_fail_ex.cold+0x5/0xa [ 1766.455148][T25166] should_failslab+0xc2/0x120 [ 1766.455172][T25166] __kmalloc_noprof+0xfc/0x820 [ 1766.455196][T25166] ? genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 1766.455234][T25166] genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 1766.455270][T25166] genl_family_rcv_msg_doit+0xc7/0x300 [ 1766.455300][T25166] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1766.455338][T25166] ? bpf_lsm_capable+0x9/0x10 [ 1766.455357][T25166] ? security_capable+0x80/0x260 [ 1766.455381][T25166] ? ns_capable+0xd2/0xf0 [ 1766.455408][T25166] genl_rcv_msg+0x560/0x800 [ 1766.455428][T25166] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1766.455446][T25166] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1766.455473][T25166] ? __pfx_nl80211_set_cqm+0x10/0x10 [ 1766.455495][T25166] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1766.455526][T25166] ? __lock_acquire+0x49f/0x1a40 [ 1766.455553][T25166] netlink_rcv_skb+0x159/0x420 [ 1766.455577][T25166] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1766.455599][T25166] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1766.455635][T25166] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1766.455664][T25166] genl_rcv+0x28/0x40 [ 1766.455690][T25166] netlink_unicast+0x585/0x850 [ 1766.455718][T25166] ? __pfx_netlink_unicast+0x10/0x10 [ 1766.455751][T25166] netlink_sendmsg+0x8b0/0xda0 [ 1766.455782][T25166] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1766.455806][T25166] ? __might_fault+0x60/0x140 [ 1766.455833][T25166] ____sys_sendmsg+0xa4d/0xbe0 [ 1766.455862][T25166] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1766.455890][T25166] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1766.455926][T25166] ___sys_sendmsg+0x190/0x1e0 [ 1766.455953][T25166] ? __pfx____sys_sendmsg+0x10/0x10 [ 1766.455975][T25166] ? __lock_acquire+0x49f/0x1a40 [ 1766.455998][T25166] ? get_pid_task+0x106/0x250 [ 1766.456044][T25166] __sys_sendmsg+0x160/0x210 [ 1766.456065][T25166] ? __pfx___sys_sendmsg+0x10/0x10 [ 1766.456098][T25166] do_syscall_64+0x115/0x870 [ 1766.456124][T25166] ? clear_bhb_loop+0x40/0x90 [ 1766.456147][T25166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1766.456166][T25166] RIP: 0033:0x7faff8d9ce59 [ 1766.456183][T25166] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1766.456200][T25166] RSP: 002b:00007faff9cab028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1766.456219][T25166] RAX: ffffffffffffffda RBX: 00007faff9015fa0 RCX: 00007faff8d9ce59 [ 1766.456231][T25166] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 1766.456241][T25166] RBP: 00007faff9cab090 R08: 0000000000000000 R09: 0000000000000000 [ 1766.456252][T25166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1766.456263][T25166] R13: 00007faff9016038 R14: 00007faff9015fa0 R15: 00007fff2fc34328 [ 1766.456288][T25166] [ 1767.451223][ T24] rndis_host 3-1:4.189: rndis: master #0/0000000000000000 slave #1/0000000000000000 [ 1767.594228][ T29] audit: type=1400 audit(1767.542:1198): avc: denied { shutdown } for pid=25174 comm="syz.4.5229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1767.656305][ T24] usb 3-1: USB disconnect, device number 121 [ 1767.711661][ T29] audit: type=1400 audit(1767.672:1199): avc: denied { setopt } for pid=25174 comm="syz.4.5229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1768.253085][ T29] audit: type=1400 audit(1767.672:1200): avc: denied { write } for pid=25174 comm="syz.4.5229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1768.511217][ C1] bridge0: port 3(syz_tun) entered learning state [ 1769.134761][ C0] bridge0: port 2(bridge_slave_1) entered learning state [ 1769.142031][ C0] bridge0: port 1(bridge_slave_0) entered learning state [ 1769.144027][ T29] audit: type=1400 audit(1768.962:1201): avc: denied { map } for pid=25192 comm="syz.1.5233" path="socket:[122465]" dev="sockfs" ino=122465 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 1769.336402][T25202] FAULT_INJECTION: forcing a failure. [ 1769.336402][T25202] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1769.349574][T25202] CPU: 0 UID: 0 PID: 25202 Comm: syz.4.5234 Tainted: G L syzkaller #0 PREEMPT(full) [ 1769.349605][T25202] Tainted: [L]=SOFTLOCKUP [ 1769.349613][T25202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/10/2026 [ 1769.349626][T25202] Call Trace: [ 1769.349635][T25202] [ 1769.349644][T25202] dump_stack_lvl+0x100/0x190 [ 1769.349679][T25202] should_fail_ex.cold+0x5/0xa [ 1769.349709][T25202] _copy_from_iter+0x1f4/0x1690 [ 1769.349739][T25202] ? __asan_memset+0x23/0x50 [ 1769.349761][T25202] ? __pfx__copy_from_iter+0x10/0x10 [ 1769.349787][T25202] ? __pfx___alloc_skb+0x10/0x10 [ 1769.349826][T25202] netlink_sendmsg+0x808/0xda0 [ 1769.349861][T25202] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1769.349900][T25202] ____sys_sendmsg+0xa4d/0xbe0 [ 1769.349932][T25202] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1769.349963][T25202] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1769.349996][T25202] ? __lock_acquire+0x49f/0x1a40 [ 1769.350027][T25202] ___sys_sendmsg+0x190/0x1e0 [ 1769.350057][T25202] ? __pfx____sys_sendmsg+0x10/0x10 [ 1769.350082][T25202] ? find_held_lock+0x2b/0x80 [ 1769.350101][T25202] ? rcu_preempt_deferred_qs_irqrestore+0x4fd/0xb90 [ 1769.350142][T25202] ? __rcu_read_unlock+0x26a/0x5e0 [ 1769.350186][T25202] __sys_sendmsg+0x160/0x210 [ 1769.350209][T25202] ? __pfx___sys_sendmsg+0x10/0x10 [ 1769.350238][T25202] ? trace_hardirqs_off+0x70/0x170 [ 1769.350273][T25202] do_syscall_64+0x115/0x870 [ 1769.350302][T25202] ? clear_bhb_loop+0x40/0x90 [ 1769.350327][T25202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1769.350348][T25202] RIP: 0033:0x7f4c69f9ce59 [ 1769.350365][T25202] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1769.350384][T25202] RSP: 002b:00007f4c6ae05028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1769.350405][T25202] RAX: ffffffffffffffda RBX: 00007f4c6a216180 RCX: 00007f4c69f9ce59 [ 1769.350419][T25202] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000004 [ 1769.350431][T25202] RBP: 00007f4c6ae05090 R08: 0000000000000000 R09: 0000000000000000 [ 1769.350444][T25202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1769.350456][T25202] R13: 00007f4c6a216218 R14: 00007f4c6a216180 R15: 00007fffd4cc0a78 [ 1769.350484][T25202] [ 1769.723493][T25206] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 1769.730027][T25206] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1769.754601][T25206] vhci_hcd vhci_hcd.0: Device attached [ 1770.453258][ T24] usb 35-1: new low-speed USB device number 9 using vhci_hcd [ 1770.644139][T17039] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1770.814960][T17039] usb 2-1: Using ep0 maxpacket: 16 [ 1770.879465][T17039] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1770.939496][ T5798] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 1771.071908][T17039] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00 [ 1771.229967][T17039] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1771.318981][ T5798] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1771.370441][T17039] usb 2-1: Product: syz [ 1771.419445][T17039] usb 2-1: Manufacturer: syz [ 1771.439164][ T5798] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1771.493319][T17039] usb 2-1: SerialNumber: syz [ 1771.545486][ T5798] usb 4-1: Product: syz [ 1771.611190][ T5798] usb 4-1: Manufacturer: syz [ 1771.641880][T17039] usb 2-1: config 0 descriptor?? [ 1771.701327][ T5798] usb 4-1: SerialNumber: syz [ 1771.809255][T17039] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 1771.916181][ T5798] usb 4-1: config 0 descriptor?? [ 1771.952288][T17039] usb 2-1: Detected FT232B [ 1771.961195][T25209] vhci_hcd: cannot find a urb of seqnum 3799595792 max seqnum 8 [ 1771.979594][ T47] vhci_hcd vhci_hcd.1: stop threads [ 1771.989505][T17039] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1772.011706][ T47] vhci_hcd vhci_hcd.1: release socket [ 1772.025869][T17039] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1772.043403][ T47] vhci_hcd vhci_hcd.1: disconnect device [ 1772.065143][T17039] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1772.125795][T17039] usb 2-1: USB disconnect, device number 2 [ 1772.161155][T17039] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1772.198681][T25225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1772.208582][T17039] ftdi_sio 2-1:0.0: device disconnected [ 1772.239895][T25225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1772.520938][ T5798] usb 4-1: Firmware version (0.0) predates our first public release. [ 1772.546212][ T5798] usb 4-1: Please update to version 0.2 or newer [ 1773.806312][ T5798] usb 4-1: USB disconnect, device number 11 [ 1774.227591][T25265] syzkaller1: entered promiscuous mode [ 1774.233217][T25265] syzkaller1: entered allmulticast mode [ 1774.524319][ T5701] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 1774.749078][ T5701] usb 3-1: Using ep0 maxpacket: 16 [ 1775.014870][ T5701] usb 3-1: descriptor type invalid, skip [ 1775.032968][ T5701] usb 3-1: config 2 has an invalid interface number: 250 but max is 1 [ 1775.044054][ T5701] usb 3-1: config 2 has an invalid interface number: 128 but max is 1 [ 1775.055055][ T5701] usb 3-1: config 2 has no interface number 0 [ 1775.070644][ T5701] usb 3-1: config 2 has no interface number 1 [ 1775.384245][ T5701] usb 3-1: config 2 interface 250 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 1775.422597][ T5701] usb 3-1: config 2 interface 250 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 1775.469954][ T5701] usb 3-1: config 2 interface 250 altsetting 8 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 1775.488643][ T5701] usb 3-1: config 2 interface 128 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 1775.503437][ T5701] usb 3-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1775.518410][ T5701] usb 3-1: config 2 interface 128 altsetting 9 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 1775.530539][ T5701] usb 3-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1775.574412][ T5701] usb 3-1: config 2 interface 128 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1775.595884][ T5701] usb 3-1: config 2 interface 128 altsetting 9 has a duplicate endpoint with address 0x9, skipping [ 1775.614300][ T24] vhci_hcd vhci_hcd.1: vhci_device speed not set [ 1775.619950][ T5701] usb 3-1: config 2 interface 250 has no altsetting 0 [ 1775.639744][ T5701] usb 3-1: config 2 interface 128 has no altsetting 0 [ 1775.679890][ T5701] usb 3-1: New USB device found, idVendor=1b3d, idProduct=0160, bcdDevice=31.46 [ 1775.727658][ T5701] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1775.754302][ T5701] usb 3-1: Product: 鲿剹疔㟎뽽㢇斉㑴娭ᇼ攵폪釫룡鯗翚珍᎜획畭銶มኸ؀䣠쑰䐋鯼簉㼵费ᳫ僡⠇卶⡴뛳嗫찤ﶁ煩혅粁ꀴ梅﵆딩ꖨ茙盹瓴ߜှᇘ঎縧胍瑛⺁ℝӞ퓆敷쫮焏됬괺벵ञ烣簶첸Ʃ㒸휩젢泖莨ၽ呓⢫ﮅඟ祓툌똙恥맫꒹抅ೋ駢摸霏⚌馴죨谵ᬊ槭 [ 1775.971559][ T5701] usb 3-1: Manufacturer: ࡠ [ 1775.984084][ T5701] usb 3-1: SerialNumber: 倊 [ 1776.067070][T25290] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5256'. [ 1776.088415][T25290] overlayfs: failed to resolve './file2': -2 [ 1777.203624][ T5701] ftdi_sio 3-1:2.250: FTDI USB Serial Device converter detected [ 1777.317429][ T5701] ftdi_sio ttyUSB0: unknown device type: 0x3146 [ 1777.428677][ T5701] ftdi_sio 3-1:2.128: FTDI USB Serial Device converter detected [ 1777.466666][ T5701] ftdi_sio ttyUSB1: unknown device type: 0x3146 [ 1777.529381][ T5701] usb 3-1: USB disconnect, device number 122 [ 1777.622466][ T5701] ftdi_sio 3-1:2.250: device disconnected [ 1777.706323][ T5701] ftdi_sio 3-1:2.128: device disconnected [ 1777.846854][T25305] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5260'. [ 1778.075442][ T5701] usb 3-1: new high-speed USB device number 123 using dummy_hcd [ 1778.325840][ T5701] usb 3-1: Using ep0 maxpacket: 32 [ 1778.389977][ T5701] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1778.428013][ T5701] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1778.501261][ T5701] usb 3-1: config 0 descriptor?? [ 1778.577457][ T5701] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1779.104407][T25303] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1779.137337][T25303] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1779.264280][ T5701] gspca_nw80x: reg_r err -110 [ 1779.350192][ T5701] nw80x 3-1:0.0: probe with driver nw80x failed with error -110 [ 1780.654194][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 1781.384414][T25344] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1781.497739][ T5701] usb 3-1: USB disconnect, device number 123 [ 1781.538800][T25344] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5262'. [ 1781.554313][T25344] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5262'. [ 1782.483700][T25356] syz_tun: left promiscuous mode [ 1782.497043][T25356] bridge0: port 1(syz_tun) entered disabled state [ 1782.603404][T25356] bond0: (slave bond_slave_0): Releasing backup interface [ 1783.854033][ C1] bridge0: port 3(syz_tun) entered forwarding state [ 1783.860681][ C1] bridge0: topology change detected, propagating [ 1783.894121][T25370] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5268'. [ 1784.259525][T25370] overlayfs: failed to resolve './file2': -2 [ 1784.494039][ C0] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1784.501285][ C0] bridge0: topology change detected, propagating [ 1784.507834][ C0] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1784.515076][ C0] bridge0: topology change detected, propagating [ 1784.547549][T25356] team0: Port device team_slave_0 removed [ 1784.597178][T25356] team0: Port device team_slave_1 removed [ 1784.604660][T25356] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1784.627830][T25356] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1784.647064][T25356] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1784.669340][T25359] team0: Device xfrm0 is of different type [ 1785.226129][T25390] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5271'. [ 1785.345212][T25392] bridge0: port 1(syz_tun) entered blocking state [ 1785.352007][T25392] bridge0: port 1(syz_tun) entered disabled state [ 1785.367414][T25392] syz_tun: entered promiscuous mode [ 1786.418425][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 1786.425113][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 1786.904970][ T5701] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 1787.222872][T25409] FAULT_INJECTION: forcing a failure. [ 1787.222872][T25409] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1787.237658][ T5701] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1787.254150][ T5701] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1787.265219][T25409] CPU: 0 UID: 0 PID: 25409 Comm: syz.1.5275 Tainted: G L syzkaller #0 PREEMPT(full) [ 1787.265238][T25409] Tainted: [L]=SOFTLOCKUP [ 1787.265242][T25409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/10/2026 [ 1787.265249][T25409] Call Trace: [ 1787.265254][T25409] [ 1787.265258][T25409] dump_stack_lvl+0x100/0x190 [ 1787.265281][T25409] should_fail_ex.cold+0x5/0xa [ 1787.265297][T25409] copy_fpstate_to_sigframe+0x82d/0xae0 [ 1787.265314][T25409] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 1787.265330][T25409] ? posixtimer_deliver_signal+0x19d/0x6e0 [ 1787.265349][T25409] ? x86_task_fpu+0x5f/0x90 [ 1787.265361][T25409] get_sigframe+0x3fb/0x940 [ 1787.265376][T25409] ? __pfx_get_sigframe+0x10/0x10 [ 1787.265387][T25409] ? rcu_is_watching+0x12/0xc0 [ 1787.265405][T25409] ? siginfo_layout+0x156/0x290 [ 1787.265421][T25409] x64_setup_rt_frame+0x12f/0xce0 [ 1787.265437][T25409] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 1787.265458][T25409] ? __pfx_vfs_read+0x10/0x10 [ 1787.265478][T25409] ? find_held_lock+0x2b/0x80 [ 1787.265491][T25409] arch_do_signal_or_restart+0x5ee/0x7e0 [ 1787.265504][T25409] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1787.265521][T25409] ? fput+0x79/0x100 [ 1787.265536][T25409] exit_to_user_mode_loop+0x139/0x6f0 [ 1787.265554][T25409] ? rcu_is_watching+0x12/0xc0 [ 1787.265572][T25409] do_syscall_64+0x666/0x870 [ 1787.265589][T25409] ? clear_bhb_loop+0x40/0x90 [ 1787.265602][T25409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1787.265614][T25409] RIP: 0033:0x7f5deff5d68c [ 1787.265625][T25409] Code: f6 07 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 <0f> 05 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 [ 1787.265636][T25409] RSP: 002b:00007f5df0dd2f68 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1787.265647][T25409] RAX: 0000000000000000 RBX: 00007f5df0dd36c0 RCX: 00007f5deff5d68e [ 1787.265654][T25409] RDX: 0000000000002000 RSI: 00002000000083c0 RDI: 0000000000000003 [ 1787.265660][T25409] RBP: 00007f5df0dd3090 R08: 0000000000000000 R09: 0000000000000000 [ 1787.265667][T25409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1787.265673][T25409] R13: 00002000000004c0 R14: 00007f5df0216090 R15: 00007ffd2f6378e8 [ 1787.265686][T25409] [ 1787.492159][ T5701] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 1787.501327][ T5701] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1787.511718][ T5701] usb 4-1: config 0 descriptor?? [ 1787.761898][T25414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1787.788063][T25414] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1787.821585][T25414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1787.832233][T25412] fuse: Unknown parameter '' [ 1787.842364][T25414] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1787.970702][ T5701] usbhid 4-1:0.0: can't add hid device: -71 [ 1787.977354][ T5701] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1788.013044][ T5701] usb 4-1: USB disconnect, device number 12 [ 1788.042974][T25419] block nbd0: NBD_DISCONNECT [ 1788.090569][T25421] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5281'. [ 1788.321688][T25428] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5282'. [ 1788.338042][T25428] overlayfs: failed to resolve './file2': -2 [ 1789.314302][ T5701] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 1789.700010][ T5701] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1789.722417][ T5701] usb 4-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1789.741459][ T5701] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1789.760007][ T5701] usb 4-1: Product: syz [ 1789.772188][ T5701] usb 4-1: Manufacturer: syz [ 1789.786171][ T5701] usb 4-1: SerialNumber: syz [ 1789.804797][ T5701] usb 4-1: config 0 descriptor?? [ 1789.822648][ T5701] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1790.504976][T25443] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5289'. [ 1790.515507][T25443] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5289'. [ 1790.815954][T25425] IPVS: Error joining to the multicast group [ 1790.832031][ T5701] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 1790.841845][ T5701] gspca_pac7302 4-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 1790.900870][ T5701] usb 4-1: USB disconnect, device number 13 [ 1791.718050][T25462] fuse: Unknown parameter '000000000000000000000x0000000000000006fd' [ 1791.772172][T25466] FAULT_INJECTION: forcing a failure. [ 1791.772172][T25466] name failslab, interval 1, probability 0, space 0, times 0 [ 1791.785088][T25466] CPU: 0 UID: 0 PID: 25466 Comm: syz.3.5295 Tainted: G L syzkaller #0 PREEMPT(full) [ 1791.785108][T25466] Tainted: [L]=SOFTLOCKUP [ 1791.785112][T25466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/10/2026 [ 1791.785119][T25466] Call Trace: [ 1791.785124][T25466] [ 1791.785130][T25466] dump_stack_lvl+0x100/0x190 [ 1791.785151][T25466] should_fail_ex.cold+0x5/0xa [ 1791.785167][T25466] should_failslab+0xc2/0x120 [ 1791.785183][T25466] kmem_cache_alloc_lru_noprof+0x8d/0x6a0 [ 1791.785197][T25466] ? check_noncircular+0x97/0x160 [ 1791.785210][T25466] ? sock_alloc_inode+0x26/0x2c0 [ 1791.785225][T25466] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1791.785239][T25466] sock_alloc_inode+0x26/0x2c0 [ 1791.785252][T25466] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1791.785264][T25466] alloc_inode+0x68/0x250 [ 1791.785280][T25466] sock_alloc+0x44/0x280 [ 1791.785292][T25466] ? security_socket_create+0x7f/0x250 [ 1791.785308][T25466] __sock_create+0xc2/0x860 [ 1791.785324][T25466] mptcp_subflow_create_socket+0xec/0xa30 [ 1791.785339][T25466] ? avc_has_perm_noaudit+0x11e/0x3b0 [ 1791.785352][T25466] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 1791.785369][T25466] __mptcp_nmpc_sk+0x17f/0x880 [ 1791.785384][T25466] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 1791.785400][T25466] ? __local_bh_enable_ip+0x9e/0x120 [ 1791.785416][T25466] mptcp_sendmsg+0x17d9/0x2210 [ 1791.785434][T25466] ? sock_has_perm+0x25a/0x2f0 [ 1791.785447][T25466] ? __pfx_sock_has_perm+0x10/0x10 [ 1791.785462][T25466] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 1791.785480][T25466] ? iovec_from_user+0xda/0x140 [ 1791.785495][T25466] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 1791.785514][T25466] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 1791.785531][T25466] inet_sendmsg+0x11c/0x140 [ 1791.785543][T25466] ____sys_sendmsg+0x9c9/0xbe0 [ 1791.785557][T25466] ? __pfx_inet_sendmsg+0x10/0x10 [ 1791.785569][T25466] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1791.785589][T25466] ___sys_sendmsg+0x190/0x1e0 [ 1791.785605][T25466] ? __pfx____sys_sendmsg+0x10/0x10 [ 1791.785618][T25466] ? __lock_acquire+0x49f/0x1a40 [ 1791.785632][T25466] ? get_pid_task+0x106/0x250 [ 1791.785657][T25466] __sys_sendmsg+0x160/0x210 [ 1791.785668][T25466] ? __pfx___sys_sendmsg+0x10/0x10 [ 1791.785686][T25466] do_syscall_64+0x115/0x870 [ 1791.785702][T25466] ? clear_bhb_loop+0x40/0x90 [ 1791.785715][T25466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1791.785727][T25466] RIP: 0033:0x7faff8d9ce59 [ 1791.785737][T25466] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1791.785748][T25466] RSP: 002b:00007faff9cab028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1791.785759][T25466] RAX: ffffffffffffffda RBX: 00007faff9015fa0 RCX: 00007faff8d9ce59 [ 1791.785766][T25466] RDX: 0000000030004040 RSI: 0000200000000080 RDI: 0000000000000006 [ 1791.785773][T25466] RBP: 00007faff9cab090 R08: 0000000000000000 R09: 0000000000000000 [ 1791.785779][T25466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1791.785785][T25466] R13: 00007faff9016038 R14: 00007faff9015fa0 R15: 00007fff2fc34328 [ 1791.785799][T25466] [ 1791.785807][T25466] socket: no more sockets [ 1792.200839][T25469] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5296'. [ 1792.211502][T25469] bridge0: port 3(syz_tun) entered disabled state [ 1792.218497][T25469] bridge0: port 2(bridge_slave_1) entered disabled state [ 1792.226307][T25469] bridge0: port 1(bridge_slave_0) entered disabled state [ 1793.642790][ T5702] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1794.339061][ T24] usb 3-1: new full-speed USB device number 124 using dummy_hcd [ 1794.806820][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1794.836130][ T24] usb 3-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1794.859245][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1794.877605][ T24] usb 3-1: Product: syz [ 1794.889737][ T24] usb 3-1: Manufacturer: syz [ 1794.901728][ T24] usb 3-1: SerialNumber: syz [ 1794.969750][ T5702] usb 1-1: device not accepting address 7, error -71 [ 1795.024665][T25496] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5302'. [ 1795.053604][ T24] usb 3-1: config 0 descriptor?? [ 1795.087783][ T24] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1795.166828][T25499] netlink: 68 bytes leftover after parsing attributes in process `syz.1.5303'. [ 1796.545371][T25500] nbd4: detected capacity change from 0 to 63 [ 1796.660269][T25508] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5307'. [ 1796.939698][T24885] block nbd4: Receive control failed (result -104) [ 1797.094030][ T5702] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 1797.241258][T25478] IPVS: Error joining to the multicast group [ 1797.566305][ T24] gspca_pac7302: reg_w() failed i: 78 v: 40 error -110 [ 1797.576707][ T5702] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1797.602183][ T24] gspca_pac7302 3-1:0.0: probe with driver gspca_pac7302 failed with error -110 [ 1797.626949][ T5702] usb 1-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39 [ 1797.656977][ T5702] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1797.658729][ T24] usb 3-1: USB disconnect, device number 124 [ 1797.676297][ T5702] usb 1-1: Product: syz [ 1797.682548][ T5702] usb 1-1: Manufacturer: syz [ 1797.688287][ T5702] usb 1-1: SerialNumber: syz [ 1797.713473][ T5702] usb 1-1: config 0 descriptor?? [ 1797.742993][ T5702] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b [ 1798.090349][T25518] FAULT_INJECTION: forcing a failure. [ 1798.090349][T25518] name failslab, interval 1, probability 0, space 0, times 0 [ 1798.103477][T25518] CPU: 1 UID: 0 PID: 25518 Comm: syz.3.5309 Tainted: G L syzkaller #0 PREEMPT(full) [ 1798.103504][T25518] Tainted: [L]=SOFTLOCKUP [ 1798.103510][T25518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/10/2026 [ 1798.103572][T25518] Call Trace: [ 1798.103587][T25518] [ 1798.103595][T25518] dump_stack_lvl+0x100/0x190 [ 1798.103625][T25518] should_fail_ex.cold+0x5/0xa [ 1798.103652][T25518] should_failslab+0xc2/0x120 [ 1798.103676][T25518] kmem_cache_alloc_noprof+0x91/0x6a0 [ 1798.103699][T25518] ? do_getname+0x35/0x390 [ 1798.103726][T25518] do_getname+0x35/0x390 [ 1798.103751][T25518] __x64_sys_rename+0x66/0xb0 [ 1798.103773][T25518] do_syscall_64+0x115/0x870 [ 1798.103797][T25518] ? clear_bhb_loop+0x40/0x90 [ 1798.103817][T25518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1798.103834][T25518] RIP: 0033:0x7faff8d9ce59 [ 1798.103849][T25518] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1798.103865][T25518] RSP: 002b:00007faff9cab028 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 1798.103895][T25518] RAX: ffffffffffffffda RBX: 00007faff9015fa0 RCX: 00007faff8d9ce59 [ 1798.103908][T25518] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000200000000180 [ 1798.103918][T25518] RBP: 00007faff9cab090 R08: 0000000000000000 R09: 0000000000000000 [ 1798.103928][T25518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1798.103941][T25518] R13: 00007faff9016038 R14: 00007faff9015fa0 R15: 00007fff2fc34328 [ 1798.103963][T25518] [ 1798.520411][T25524] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5310'. [ 1798.534287][ T188] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1798.710679][T25504] IPVS: Error joining to the multicast group [ 1798.734382][ T188] usb 4-1: Using ep0 maxpacket: 32 [ 1798.851717][ T188] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1798.876239][ T5702] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 1798.892724][ T5702] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 1798.911318][ T188] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1798.940108][ T5702] usb 1-1: USB disconnect, device number 8 [ 1798.947541][ T188] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 1798.971229][ T188] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1799.015725][ T188] usb 4-1: config 0 descriptor?? [ 1799.965756][ T188] koneplus 0003:1E7D:2D51.0047: item fetching failed at offset 0/5 [ 1800.084518][T25542] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5315'. [ 1800.960048][ T188] koneplus 0003:1E7D:2D51.0047: parse failed [ 1800.969276][T25518] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5309'. [ 1800.974037][ T188] koneplus 0003:1E7D:2D51.0047: probe with driver koneplus failed with error -22 [ 1801.095935][ T24] usb 4-1: USB disconnect, device number 14 [ 1801.394568][T25543] ================================================================== [ 1801.402692][T25543] BUG: KASAN: use-after-free in kvm_setup_guest_pvclock+0x5bf/0x660 [ 1801.410700][T25543] Read of size 4 at addr ffff88804c505320 by task syz.1.5312/25543 [ 1801.418607][T25543] [ 1801.420929][T25543] CPU: 1 UID: 0 PID: 25543 Comm: syz.1.5312 Tainted: G L syzkaller #0 PREEMPT(full) [ 1801.420953][T25543] Tainted: [L]=SOFTLOCKUP [ 1801.420958][T25543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/10/2026 [ 1801.420967][T25543] Call Trace: [ 1801.420974][T25543] [ 1801.420980][T25543] dump_stack_lvl+0x100/0x190 [ 1801.421008][T25543] print_report+0x13d/0x4b0 [ 1801.421029][T25543] ? __virt_addr_valid+0x239/0x430 [ 1801.421052][T25543] ? kvm_setup_guest_pvclock+0x5bf/0x660 [ 1801.421073][T25543] kasan_report+0xdf/0x1c0 [ 1801.421093][T25543] ? kvm_setup_guest_pvclock+0x5bf/0x660 [ 1801.421116][T25543] kvm_setup_guest_pvclock+0x5bf/0x660 [ 1801.421135][T25543] ? __pfx_kvm_setup_guest_pvclock+0x10/0x10 [ 1801.421156][T25543] kvm_guest_time_update+0xa11/0x10b0 [ 1801.421184][T25543] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 1801.421210][T25543] ? vcpu_run+0x1cf1/0x5d50 [ 1801.421232][T25543] vcpu_run+0x1cf1/0x5d50 [ 1801.421256][T25543] ? __pfx_vcpu_run+0x10/0x10 [ 1801.421281][T25543] ? rcu_is_watching+0x12/0xc0 [ 1801.421305][T25543] ? kvm_arch_vcpu_ioctl_run+0x5b6/0x1890 [ 1801.421319][T25543] kvm_arch_vcpu_ioctl_run+0x5b6/0x1890 [ 1801.421335][T25543] kvm_vcpu_ioctl+0x730/0x1700 [ 1801.421354][T25543] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1801.421372][T25543] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1801.421391][T25543] ? do_vfs_ioctl+0x226/0x13e0 [ 1801.421412][T25543] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1801.421435][T25543] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 1801.421461][T25543] ? __fget_files+0x215/0x3d0 [ 1801.421474][T25543] ? hook_file_ioctl_common+0x140/0x440 [ 1801.421492][T25543] ? selinux_file_ioctl+0x13b/0x290 [ 1801.421513][T25543] ? selinux_file_ioctl+0xb6/0x290 [ 1801.421533][T25543] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1801.421552][T25543] __x64_sys_ioctl+0x18e/0x210 [ 1801.421573][T25543] do_syscall_64+0x115/0x870 [ 1801.421601][T25543] ? clear_bhb_loop+0x40/0x90 [ 1801.421618][T25543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1801.421633][T25543] RIP: 0033:0x7f5deff9ce59 [ 1801.421648][T25543] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1801.421663][T25543] RSP: 002b:00007f5df0dd3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1801.421679][T25543] RAX: ffffffffffffffda RBX: 00007f5df0216090 RCX: 00007f5deff9ce59 [ 1801.421691][T25543] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1801.421702][T25543] RBP: 00007f5df0032e6f R08: 0000000000000000 R09: 0000000000000000 [ 1801.421712][T25543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1801.421722][T25543] R13: 00007f5df0216128 R14: 00007f5df0216090 R15: 00007ffd2f6378e8 [ 1801.421738][T25543] [ 1801.421743][T25543] [ 1801.689843][T25543] The buggy address belongs to the physical page: [ 1801.696240][T25543] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x200000000 pfn:0x4c505 [ 1801.705687][T25543] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1801.712780][T25543] raw: 00fff00000000000 ffffea000145ba48 ffff8880b85414b0 0000000000000000 [ 1801.721358][T25543] raw: 0000000200000000 0000000000000000 00000000ffffffff 0000000000000000 [ 1801.729918][T25543] page dumped because: kasan: bad access detected [ 1801.736310][T25543] page_owner tracks the page as freed [ 1801.741653][T25543] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|__GFP_COMP), pid 25531, tgid 25531 (syz.1.5312), ts 1799784670966, free_ts 1801394089155 [ 1801.760644][T25543] post_alloc_hook+0xfd/0x120 [ 1801.765312][T25543] get_page_from_freelist+0xf48/0x3530 [ 1801.770753][T25543] __alloc_frozen_pages_noprof+0x299/0x2dc0 [ 1801.776642][T25543] alloc_pages_mpol+0x1fb/0x540 [ 1801.781481][T25543] folio_alloc_mpol_noprof+0x36/0x260 [ 1801.786838][T25543] vma_alloc_folio_noprof+0xed/0x1d0 [ 1801.792109][T25543] do_anonymous_page+0xb2b/0x2080 [ 1801.797120][T25543] __handle_mm_fault+0x1d2c/0x2a00 [ 1801.802215][T25543] handle_mm_fault+0x37b/0xa30 [ 1801.806963][T25543] do_user_addr_fault+0x5a3/0x12f0 [ 1801.812063][T25543] exc_page_fault+0x6f/0xd0 [ 1801.816553][T25543] asm_exc_page_fault+0x26/0x30 [ 1801.821407][T25543] page last free pid 25532 tgid 25531 stack trace: [ 1801.827985][T25543] __free_frozen_pages+0x79f/0x1090 [ 1801.833174][T25543] __folio_put+0x3b4/0x5f0 [ 1801.837596][T25543] kvm_release_page_clean+0x1dc/0x250 [ 1801.842963][T25543] __kvm_gpc_refresh+0x1a63/0x22d0 [ 1801.848058][T25543] __kvm_gpc_activate+0x2ab/0x490 [ 1801.853069][T25543] kvm_gpc_activate_hva+0x73/0xa0 [ 1801.858094][T25543] kvm_xen_vcpu_set_attr+0xfa0/0x1350 [ 1801.863449][T25543] kvm_arch_vcpu_ioctl+0xf98/0x5730 [ 1801.868639][T25543] kvm_vcpu_ioctl+0x8a0/0x1700 [ 1801.873398][T25543] __x64_sys_ioctl+0x18e/0x210 [ 1801.878153][T25543] do_syscall_64+0x115/0x870 [ 1801.882734][T25543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1801.888608][T25543] [ 1801.890928][T25543] Memory state around the buggy address: [ 1801.896555][T25543] ffff88804c505200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1801.904601][T25543] ffff88804c505280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1801.912643][T25543] >ffff88804c505300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1801.920699][T25543] ^ [ 1801.926489][T25543] ffff88804c505380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1801.934532][T25543] ffff88804c505400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1801.942570][T25543] ================================================================== [ 1801.950625][T25543] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1801.957811][T25543] CPU: 1 UID: 0 PID: 25543 Comm: syz.1.5312 Tainted: G L syzkaller #0 PREEMPT(full) [ 1801.968744][T25543] Tainted: [L]=SOFTLOCKUP [ 1801.973050][T25543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/10/2026 [ 1801.983113][T25543] Call Trace: [ 1801.986382][T25543] [ 1801.989300][T25543] dump_stack_lvl+0x100/0x190 [ 1801.993969][T25543] vpanic+0x552/0x970 [ 1801.997936][T25543] ? __pfx_vpanic+0x10/0x10 [ 1802.002418][T25543] ? __pfx_vprintk_emit+0x10/0x10 [ 1802.007424][T25543] ? kvm_setup_guest_pvclock+0x5bf/0x660 [ 1802.013051][T25543] panic+0xd1/0xe0 [ 1802.016766][T25543] ? __pfx_panic+0x10/0x10 [ 1802.021177][T25543] ? end_report.part.0+0x23/0x90 [ 1802.026103][T25543] ? rcu_is_watching+0x12/0xc0 [ 1802.030894][T25543] ? end_report.part.0+0x23/0x90 [ 1802.035850][T25543] check_panic_on_warn.cold+0x19/0x34 [ 1802.041404][T25543] end_report.part.0+0x3a/0x90 [ 1802.046179][T25543] kasan_report.cold+0xe/0x18 [ 1802.050885][T25543] ? kvm_setup_guest_pvclock+0x5bf/0x660 [ 1802.056539][T25543] kvm_setup_guest_pvclock+0x5bf/0x660 [ 1802.062022][T25543] ? __pfx_kvm_setup_guest_pvclock+0x10/0x10 [ 1802.068009][T25543] kvm_guest_time_update+0xa11/0x10b0 [ 1802.073423][T25543] ? __pfx_kvm_guest_time_update+0x10/0x10 [ 1802.079264][T25543] ? vcpu_run+0x1cf1/0x5d50 [ 1802.083772][T25543] vcpu_run+0x1cf1/0x5d50 [ 1802.088107][T25543] ? __pfx_vcpu_run+0x10/0x10 [ 1802.092804][T25543] ? rcu_is_watching+0x12/0xc0 [ 1802.097593][T25543] ? kvm_arch_vcpu_ioctl_run+0x5b6/0x1890 [ 1802.103332][T25543] kvm_arch_vcpu_ioctl_run+0x5b6/0x1890 [ 1802.108865][T25543] kvm_vcpu_ioctl+0x730/0x1700 [ 1802.113614][T25543] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1802.118806][T25543] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1802.124695][T25543] ? do_vfs_ioctl+0x226/0x13e0 [ 1802.129492][T25543] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1802.134520][T25543] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 1802.141383][T25543] ? __fget_files+0x215/0x3d0 [ 1802.146076][T25543] ? hook_file_ioctl_common+0x140/0x440 [ 1802.151638][T25543] ? selinux_file_ioctl+0x13b/0x290 [ 1802.156840][T25543] ? selinux_file_ioctl+0xb6/0x290 [ 1802.161944][T25543] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1802.167127][T25543] __x64_sys_ioctl+0x18e/0x210 [ 1802.171883][T25543] do_syscall_64+0x115/0x870 [ 1802.176467][T25543] ? clear_bhb_loop+0x40/0x90 [ 1802.181144][T25543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1802.187058][T25543] RIP: 0033:0x7f5deff9ce59 [ 1802.191468][T25543] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1802.211081][T25543] RSP: 002b:00007f5df0dd3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1802.219508][T25543] RAX: ffffffffffffffda RBX: 00007f5df0216090 RCX: 00007f5deff9ce59 [ 1802.227494][T25543] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1802.235470][T25543] RBP: 00007f5df0032e6f R08: 0000000000000000 R09: 0000000000000000 [ 1802.243434][T25543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1802.251399][T25543] R13: 00007f5df0216128 R14: 00007f5df0216090 R15: 00007ffd2f6378e8 [ 1802.259375][T25543] [ 1802.262606][T25543] Kernel Offset: disabled [ 1802.266903][T25543] Rebooting in 86400 seconds..