last executing test programs: 14.054111999s ago: executing program 4 (id=768): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a3b370086d04ae08581101020301090212000d000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_disconnect(r0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$BTRFS_IOC_SET_FEATURES(r2, 0x40309439, &(0x7f0000000080)={0x0, 0x1, 0xb}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r4, &(0x7f0000000440)=ANY=[@ANYBLOB="00000000ffffffffffffaaaaaaaaaabb08004500452c0000000000e49078ac1e0001e0000001000065580018907804000000000000006558000000000000"], 0xfdef) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CLOCK(r3, 0x4030ae7b, &(0x7f0000000040)={0x3a6f, 0x8, 0x20000008, 0x80000001}) ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f0000000040)) 13.955172385s ago: executing program 2 (id=771): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) request_key(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0xfffffffffffffffe) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000c00), 0x71, 0x2081) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000020000000000040000000000", @ANYRES64=0x0, @ANYRES32=0x0, @ANYRES32, @ANYRESOCT=r2], 0x50) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r6, 0x0, 0x7, 0x0) close(r5) write$cgroup_int(r6, &(0x7f0000000040)=0x1ff, 0x12) writev(r4, &(0x7f0000000100)=[{&(0x7f0000000140)='Y', 0x1}], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x3d, 0x300, 0x0, 0x1, 0x0, 0x37a0}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_usb_connect(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="5db300005d2904202404019957c2010fb8040203010902240001000010000904430002317d5500090502020002020034099c96b271ef8a000031e196cd86acf8ecd4e7"], 0x0) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_control_io$uac1(r7, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000001c0)=ANY=[@ANYBLOB="0013040000f8ada37f66"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r7, 0x0, &(0x7f0000000440)={0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/10], 0x0, 0x0}) read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102392, 0x18ff8) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) 13.20861353s ago: executing program 0 (id=772): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$xdp(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_freezer_state(r6, &(0x7f00000002c0), 0x2, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000040), 0x12) write$cgroup_freezer_state(r7, &(0x7f0000000400)='FROZEN\x00', 0x7) write$cgroup_freezer_state(r7, &(0x7f0000000080)='THAWED\x00', 0x7) sendmsg$NET_DM_CMD_START(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r1, 0x1}, 0x14}}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef64bd465b9780e2bbe408ccc58187feb0e3d43347f98e1a298327e6f9b312ecb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259620618c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a30536455bb774f7f154263178151ea93f5774b56a7142047326f940e95b8489e1c5650f5c61299a295f79c88456521cffdef93e29f10f4a11f0ca134a375a7ecfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d9823659d1945258fc668950e5aacfa06e1a212661b3f57a266c90e64efc8d8f730867202a9ee94e6a1f851337c2c9671d98a19bdc132c153b3ad843bdd308a07ba8f50a20cfd2c8b94e86ea0af0a9e0e9789ffd38f9b86da101e2266700"/441], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r8, 0x0, 0x0}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000600)=@security={'security\x00', 0xe, 0x4, 0x5d8, 0xffffffff, 0x0, 0x1f8, 0x310, 0xffffffff, 0xffffffff, 0x508, 0x508, 0x508, 0xffffffff, 0x4, &(0x7f00000000c0), {[{{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, [0xffffffff, 0xffffffff, 0x0, 0xffffff00], [0xff, 0xffffffff, 0xff000000, 0xff], 'erspan0\x00', 'vcan0\x00', {0xff}, {0xff}, 0x2e, 0xb, 0x0, 0x1}, 0x0, 0x1c8, 0x1f8, 0x0, {}, [@common=@unspec=@comment={{0x120}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x400, 0x9, 0x7, 0x2}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x14}, [0xff, 0xff000000, 0xff, 0xffffff00], [0xff000000, 0xff, 0xffffff00, 0xffffffff], 'nicvf0\x00', 'netpci0\x00', {0xff}, {0xff}, 0x3b, 0x8, 0x0, 0x3}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x3}}}}, {{@uncond, 0x0, 0xd0, 0x1f8, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0x5}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x3f, 'system_u:object_r:mouse_device_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x638) 12.193636075s ago: executing program 0 (id=774): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c) (fail_nth: 2) 11.451304867s ago: executing program 0 (id=775): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000080)={0x19}) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ee222}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, &(0x7f00000002c0)={0x48, 0x6, r2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7b}) 11.304572597s ago: executing program 0 (id=776): r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000340)={0x1c, &(0x7f0000000380)=ANY=[@ANYBLOB="200b98000000c96a6401cba6760d815fc0bc7719039576f54c397a725b0bad1019a058c108d3bfaf784d70d159fdd8bf0b69bf7adc21dbd01e25f976d2d72b9ff5af28071c7e9b3fd15cb04bc1f565a92e9bb5225a8850c0209c00666486cce5de49a22ed54e944581d84d8a36b11a07d18b06a733e0e74bedd5dc96e20d568063e3a03d2022bc51789235883a09bd5073072cba5301b7611831e7a59f06"], 0x0, 0x0}) openat2(0xffffffffffffff9c, &(0x7f0000000700)='./file0/file0\x00', &(0x7f0000000740)={0x10000, 0x40, 0x7d}, 0x18) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000480)={0x14, &(0x7f00000002c0)={0x40, 0x21, 0x78, {0x78, 0x23, "33682b57cc5e42aa6d5ae2aa7d357b1d14f2a0d09081bb06e8cd3cfd8641481f52f0d25448dffc9c2dcd4ce64d70f05134e81ff7bfa8d0fee1da2b3480380185f24cd59c44e78db2b43fef30da63135531567e77314e688ac7667ab2959edd45a62cb4fc39234ea6f3bfc60b2181ad2bfe9f4af20902"}}, &(0x7f0000000440)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000006c0)={0x1c, &(0x7f00000005c0)={0x0, 0xa, 0xd0, "fe70f778a3c01a399b6cfc8cfb267c936753dcb0860851c3d6b03ea69fe380b5f34cfa9276ae0da46839169a959435dd20557ecd44319cda5c7f08d55ae78b70f583639007ab9fb43f4e784baf738cdec339371cc10ae4e31c4823ef9751b1c07f6dc38cf1a3db9b61906473d61dd3f271fc84ac22fe913d3de84c7493f6a5d3b77a4d52d5014a881acb693737a1558f2b3be1afead503ba4a3c2f2924863329ce064ea52ebf303202a3d459946d8e76d900380396a79aacb59d824502c6fc3c97a4f63e748d6216789ceee2d79cd6d5"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x1a}}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs2/custom0\x00', 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) r3 = dup3(r2, r1, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r4 = getpid() sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x3, r4, 0x2, &(0x7f0000000080)) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000080)=ANY=[]) syz_usb_connect(0x4, 0xbd4, 0x0, 0x0) mknodat(r3, &(0x7f0000000200)='./file0\x00', 0x80, 0x4) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) epoll_create1(0x0) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r5, 0x7005) syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') socket$inet_smc(0x2b, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000380)={0x3ff}, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000280), 0x40002, 0x0) mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000140)='f2fs\x00', 0x0, 0x0) 11.235017716s ago: executing program 3 (id=778): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x3a, 0x40, 0x0, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000680)=@IORING_OP_ASYNC_CANCEL={0xe, 0x1c, 0x0, 0x0, 0x0, 0x1}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) sched_setscheduler(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) ioctl$sock_qrtr_TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000280)) chroot(0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)=@secondary) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x3c1, 0x3, 0x520, 0x340, 0x9403, 0x0, 0x0, 0x2c0, 0x450, 0x3d8, 0x3d8, 0x450, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@hashlimit3={{0x158}, {'syz_tun\x00', {0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0, 0x1, 0x6}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x580) 10.24148542s ago: executing program 3 (id=779): getsockopt$nfc_llcp(0xffffffffffffffff, 0x113, 0x0, 0x0, 0xffffffffffffff33) 9.728070555s ago: executing program 3 (id=781): openat$sndseq(0xffffffffffffff9c, 0x0, 0x76680) socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, 0x0, &(0x7f0000000200)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000440)={0x29, 0x4, 0x0, {0x3, 0x2d0063ce, 0x1, 0x0, [0x0]}}, 0x29) preadv(r4, &(0x7f0000000340)=[{&(0x7f0000000080)=""/82, 0x52}], 0x1, 0x0, 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000000, 0x12, r6, 0x0) socket$kcm(0x2, 0xa, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000300)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@access_uid}], [], 0x6b}}) ioctl$IOMMU_TEST_OP_ACCESS_RW(0xffffffffffffffff, 0x3ba0, &(0x7f0000000240)={0x48, 0x8, r6, 0x0, 0x2000000, 0xfa0, &(0x7f00000017c0)="265eb258e5f4a0ee3e1f2562f7d5a48c598cd83619c2770e69de67c305f0251b24ad90c10d01165b7ad345598e93da8b683a2dd56b258df1dc2823c3b243fab35bbf82d32db76bea30580591b56d33c86f068605ef500d1a647498eca212a24aa8a3edbb7c9e4009f216ed144231d87ed33fbe539885f14de952f76fbc7ca4ded34ea365ac41017988e72ec3f09fba75c7609f6bfc0a24c81eeaf967f942529156505d41d1736262057d9733bca1706f078cb667b34003665b429da448d14e37904b0f4fb8cb4fbfb1669a56b50a954904d857029f5a353624957258a83727b294c3a2ce8db8132df9e6245cd1f931d1fe5b208f215b0b17b2e80d34baf401d89c7080b2b7a930e0c9fd6becedcee72682ad44fb2eebd28302bbca42dd2ce24b516f3fc81975ff379b7b24e575fcbf7a84786525628458e146a34c5505944036d8d690a3de84543109d0427ad44477eb42e59a2a47e72ae9198aa7e9514ad4271d3a20788dce4f8af885260b2524676cd15e0871df6a0d2a2e712a7831d9c4e703a9bb594ef9ca8e1395850251d71211df9b030717e4c31b468ecbb72e35704d5dddd40364353811d6b71d24801b2a370b286c4aafe8795ea6244982aa4658283b77a9a9c7f0eecf3fce982d0f0db3dbb6cda0530904352c901fbace42bea25e8d2183c49da73b266e50e0ba949f758e237f5c937030204d1000b7bce3d4427f4140b0506d25500cd5feb27d9b1423966add83a153bcf519b3f16c8ba510f6735e5f7b7d7deb00e5f69749970a56431385abbdc90b52c49fd6202dbd991b9fb128fae02540926f25d7b63850c8c4128f1a8dc0c42532ce25c28e3ed77dd0339e4af53d7f1fe7d668093fed9fbef5d62db4f671393a05dcb96860482cfc4a408b19611f1673f5c687fe74cab80c0b652d21307e277edbeaa7b7375937454c8b6dd1626f30be83cef4734b20812562fee054e4e3c45471509c866fa3c0372266d2daf9e3e9e9eff26c7493388cb383c52c68f9ca412eb83ed821363e54a9b3eb872959334d950b7dbe13bfe3aa6efc346abe2d8d7fcec26f591167b8d9fde630ccdf80c12e07d29326caa734735e5343490cf8a86391708bab4f72a3fb4fe94bb3e1792c3b6da37ba6804d4721963b5afb4cb5611bd7b221257b68eff1ce3109d7d727794b821e80be85fb7dffb7cbec9e0d488901804ba9220de5eaf244ca9dafff9a3f776e551398222d7b2ca564f6b54c8ef06c6af16bd823d381cacba141279df3be8aae3a3c78348d45bd28bcc4c4047e86819bccd60d2b4ac9d04d4c413d04b1d45dabd30df477fab12d7bbd38cd526b8cb618e86de77f1b3471cbf98a1c1a745d7092a3fb4822ac7bc8e49e8f3730e36ac354f61a20dd9f0c6965786ac8d52352183bf947516da6388f2bbbc5cb232c614b315826c34ddf7711e0de4a92489330f1b407d446112f8c38f5281d3bf44ccb701680303a4a142adfbab67c7ec0b5a16f547f3fcb7ae79fb20902c4018182cd3540a2cf0bc63a1c8ae03999e71ccf7affc313d990765b23839144c02d5634bbe97ba26b90bf3db861d3f94a2edfbd98f627d1587e21c06285076760078d833b9333636fc68a8eb9203c9bd85415c80b6e586bd7616f6d6b8b210eb5c7d35abdc9dc73da1399624bdfd9c86eedbee4a4c7140bf1aec3639a92945fdc5bcbc476fa8f7af8d083b6d12efeaf5c82c390ebac9dee5176266cbbf366a2273f128bae97766e5c64a86bd97713242aa99950f9deb81a7e1994a8581874cba68cf9534ad1f426a1fe88c7de7edcb729962d925d20ceff4d9a0e6d609c74debf9f772b57846305a45ab5b5efc35b5bfaf734d835b56008eda5ce83a0dd627fe2e4788bf7d02792576101b83c4966f589ee5bb4cf6240bd61e3cba9e58a8714a35715a94f49c2326debf72f352069c1109fae1762c3bc0fc93638f3b116b51643562687212a67b27da7f1c4bcb16f521b4181b9bea836af09ef13d2b04f5b9696240a77e4e3207a9152c95f5f3abd2be58cef4da53fe85c315f0e166102aac6667b3647e62412bd2eff93ad56de5c310fdbf50b3ce44fa2131bfefee37793f464a810b4fd569d08c67549a8378694a8cac432d0155dd2b2e790f2ed290134d8e92e281fd195aa8e27a9635e78a565b608aa3dceb0f6a4021a19f93af45a3b14857b02ba4875093ce7ccb643df2b96fefbd914d49cea275e4dc607307dd462ea932bda9f9b8aab7b29cb45daec0656cd48b707caa432ca6ee3c5083a4868052bc0ac1bbd0000bb6780afc242bac568d2a7ebeb459a045196797e1a83682a4887fd05eb79887943ed49134a62d36bcd3195040cc8f675a9a77ef78f9177c5b434549cc34eeffe4b06bacf2a2f5d9088f47eb2f48577a7f7fa0a08adece2f07e7d583cc1aa3721e254edf19dc67734fcf5f44639ce3e0df66b3c50c0f5335d46bc399c5e319e6f48be699daab71f1f136c4979711c2255c2746a36e3b5335894496f9d1ff09af2d0acc580f23ecd02c9a2c6a813cce6e5a19c3deb0cfef00d054111d46fb4c840709dd39ecfca69f3099796480ced66e6645ab20e39713646cebd3d0d65c26c125984c3f632e0a891f98c942c7bd47e54a42994be739df261d1fc59420b519c98586b6d6c8ce6b9241f2ec1ee3f78ddcf0008028f1d22df2fa428711e1742cafd09f5f12f330946c386437e32dd212fe98231921797ea3f36eaaf150d8f03981e07000880afcbdaddba3e22b05192b130bcade986780fbae4a42c4c945c43cf39da64e50137e30d4cb28f1c0653246df330ab8a25e54edd2d4b404b1bcd5af8a5c073122e147ca7a2b062fdba561ddad41e52ae7c705a077bb6a99054f0550043d054c7339542eff0847ad65eeac42f834f020cd496534177c8301efceffaf1f9a3cf9bd09963dc4c3e151c07dfab9917e384b9d19cb242fce86d40a7fc094404ef2ad0fcb670f8caee988270de7b203ec44015b6e35be1dd6ae2bbbc4c4d6a29e3ccd3f81cec435718daa79710bc47409b738566a68141f538a4a9c4a887eee70be8d5b8d2fc4e752d9f0185f3b42cf25c56bcf85fb1dea9ae196e59d279abda65abfcd8f184f0960333671cd83335638cebc610bbf733df087aeb3e6d52936c973d5dacc833d522b74c1737d9f64720d053e300849f0d56d3b0940880dc9eb1e079bfd587b8baaa5ee04457e3c4d0a24c3e6aa2bf8c415bd704fec109451c26dad922d9accdea8f70355c84d967fcf73dda5c752078336d6ddcb6970921e512d73cf4a99a0e883d6cbd7658ca2e08e764e01f5cc6ccc0230878b17b397d1be1d64c216389bcd2556831e7b1c31f5e06795961b3b1e9c98c145e36a161796ef1eb8ac007f4b15dab7f308ace8833330bc520b8dff60cf9489829ae164cd9fdb8de6f1154310f744a8ccfedb6b20f6e5242bef60e2a09421d336bac67485fc68576204ceed80843d7354246ea2e51cd5004fa6a6f76e4e5c1925d75736e74cc8ecffa5752f7741c530dca692ab64b21947599cc7bcea862794b286a2f7aa4f45015c2821609cb63939a52e37229afc520e2739056bfc7eea45973eed45a7be2d7a355bf1a6e9969fc9afab45054ba75d8d3c3609be966b18fbcbdc9b8c8a8a1d65b23db94582ec4e6fc8ae30abc771516bd6261d9f7783cd37db8d844b2c3d3c85a770f34d86d6f70850632089914523a3485c992be903789fff985d706c3622e5a408df6f6a0da4d07eabd206691fcbdf3f75e575b352826dc9e2c7ac8792cd7db61f05142d359385db5318ec2e5f0e03c9740ae07730c5cb8cd77eabff6145d7c12baac7f22d331b5b5dc8ae3689e8bc68bd63049bae5adb9f1fe9237987ab01cd7f2865cb93bfd9b3af5862fb6b568025460fed3386955f7b78f12b2a4332d7c4b529f771d1e90184cae5de3a79651a7d1bae2c8e77411ad08acb6ebd58a2accde4b82dab05df2d8c190c60790df6fc369667a12a2797277853822a2e8270d16316f29cebe8969dbd3f4a3af0fc8722a3e23603465859897919363e65a29f58f7c37e991b1229ab4c210bb0883662007c51acec01ac9477584c83b4db53a2c14565f765fa920a8be5b7e5f3f03bba009b7b5ae6f2a0e482abe82c7424ca3d3fae8a0f966e47395e353f6f7a8d06091b7fabeb61d03f662b00f316b0cddc7c72d5efbca6bdac8758ea07e3b091efd8db7dec66c9648afe790eb573d04515989168693cae1a76665de44bf87c66aa340d0d5b7e8935502d4274a50415f2c6f93d714a8910e4883f625e56d412120f675eb725a7ca8ba3a51fcc5b4f6bdaa2d0c71f4bf93eb0cbfaa54f3f2da07b8258f24364ec166c072f0504d34fe3bd41fae691abb5dee2ef5873de0b0ef6ec47c9da7e2ac3ed13137d59146036e47a460de34ad552d2c97f81feb7a03bd12ab7b0c6820d3f6b080567c0ea2966b37eb5b0975c7df88682a1763412ad41cf6c38e0ef074f148dd1138dc6588144607e0da16c3e54b0ddc34100bd20dc83e3f576260355cc19871a2b7f14dbb97a9bb7c99bb08c62f96248d747b69e217ca7f5e17fb4df7f0ba5ba263c76f137884ff6c4d57cd44d4bd0d7096b6d24d0cbdcf000f4d8174deee000acd42040bbf8800f2417ea2c026fabbed8e608a59d81227500dac2b18c2b0041aa43cc39ccf2d37357e7388a61fd99e7cecf007d94f975e5c36f3974724094ed1ba789b53862a728268426617bdaa7ba2be0e2a45d364b5f03c2102c9198f965783ed3eccf26293a1f2f8e8fa82245cefc2502140a4e616ddf508afee8f1e15a1a9a5279830ee929dd647ebb4a3ada70d732f3d9e699efb165a1e72db41f12ae19d8ee9794d77051dd1a43f609dc006677a14b0592cc456d0520455e6467f7361cca79c6671af99684df2dd6c455349933c6cb35e76a02c219ca1802295f0b1edd4e900311e657fb98b2b51ac6d50637b4b2223ed72b788ba0c560f83f343e71bb8c07554144e0972d40a35216e44d373a0b195fa0268586184f979607744feb24f3e70bbc4e4f0ee173a0b27e22d8acc9033dc41d7d94b34c336514e13b5224e647cdb5e1754e8b8e64c792b1206b0b43698bd5bdb4c9416c339171e0050007e76e6587b86339124841435ab5b27d7194ea8d2ac0d14838a16dd6b43762bde9741bf15d636629143ea66fc6f827a2ad44cfe991a7238a7b72cfb7d3a760a6e19fdc37c729da5721bc4c4392d392f1f1f68db6f9969bb3c81ba7887ec9f6ef13e3c0c5ab4c87369b7ae87b1ab1472176c81b8229f23845a1475b612b063f5d3a00f4a0f4ac9ae8b872a12685fabfd1bc8511514d54e14290ec87b9f43f44b619c58b0ab38347a9762d1d03c5a91cf77f8268bcd3d9354a66bd20966f6b9dfe68b64ee6c2da4bde4f21c8cc0a9f79bd1722eb8218886444307ea6432fce13dd0ee94ff4654c6d645988c907a260b2025b80436c9e71be654f80567c1581912117ef73ba37de3db3fd69565fa3d19bc3e8ede013f318eae839ed1b02cf85b60427c551145a2d9454a01fe9e848a1d15a7cb874898656d95bec73682ae2078d04be44de8511f44e5bb10f993123be4f2ac2c27280950d65296af3dc78e52bdcf87a30da7a761fcfc5d2e7aa3720a10fb5eb48e5e4cfe9bde", 0x4}) write(r5, 0x0, 0x0) syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) 8.628497523s ago: executing program 3 (id=782): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) io_setup(0x3, &(0x7f0000000180)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x5453, 0x0) r1 = socket(0x10, 0x400000000080803, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x0, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000900)={'bridge0\x00', @broadcast}) 8.401664934s ago: executing program 1 (id=783): r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) fsync(r0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r1) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, 0xffffffffffffffff, 0x1}) 8.288604284s ago: executing program 4 (id=784): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$xdp(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_freezer_state(r6, &(0x7f00000002c0), 0x2, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000040), 0x12) write$cgroup_freezer_state(r7, &(0x7f0000000400)='FROZEN\x00', 0x7) write$cgroup_freezer_state(r7, &(0x7f0000000080)='THAWED\x00', 0x7) sendmsg$NET_DM_CMD_START(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r1, 0x1}, 0x14}}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef64bd465b9780e2bbe408ccc58187feb0e3d43347f98e1a298327e6f9b312ecb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259620618c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a30536455bb774f7f154263178151ea93f5774b56a7142047326f940e95b8489e1c5650f5c61299a295f79c88456521cffdef93e29f10f4a11f0ca134a375a7ecfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d9823659d1945258fc668950e5aacfa06e1a212661b3f57a266c90e64efc8d8f730867202a9ee94e6a1f851337c2c9671d98a19bdc132c153b3ad843bdd308a07ba8f50a20cfd2c8b94e86ea0af0a9e0e9789ffd38f9b86da101e2266700"/441], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r8, 0x0, 0x0}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000600)=@security={'security\x00', 0xe, 0x4, 0x5d8, 0xffffffff, 0x0, 0x1f8, 0x310, 0xffffffff, 0xffffffff, 0x508, 0x508, 0x508, 0xffffffff, 0x4, &(0x7f00000000c0), {[{{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, [0xffffffff, 0xffffffff, 0x0, 0xffffff00], [0xff, 0xffffffff, 0xff000000, 0xff], 'erspan0\x00', 'vcan0\x00', {0xff}, {0xff}, 0x2e, 0xb, 0x0, 0x1}, 0x0, 0x1c8, 0x1f8, 0x0, {}, [@common=@unspec=@comment={{0x120}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x400, 0x9, 0x7, 0x2}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x14}, [0xff, 0xff000000, 0xff, 0xffffff00], [0xff000000, 0xff, 0xffffff00, 0xffffffff], 'nicvf0\x00', 'netpci0\x00', {0xff}, {0xff}, 0x3b, 0x8, 0x0, 0x3}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x3}}}}, {{@uncond, 0x0, 0xd0, 0x1f8, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0x5}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x3f, 'system_u:object_r:mouse_device_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x638) 7.915815251s ago: executing program 3 (id=785): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000680)={0x1f, 0x1, @none}, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000540)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) sendmsg$inet6(r5, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x2d}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000290049"], 0x18}, 0x0) inotify_init1(0x0) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) r6 = add_key$keyring(0x0, &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000600)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x35, 0x0, "679f672c00b69e65b0934066fc7c3406caf2c09e33bd50116312e2b00fee650af69b2150ccaa762a3db7ad752fe616e085e991c0436e7e7111238865d27b4e82dcc94700ddd1878b088736009d15f1fa"}, 0xd8) keyctl$describe(0x6, r6, &(0x7f0000000080)=""/72, 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000004e40), 0x4) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x880) write$P9_RAUTH(r7, &(0x7f0000000300)={0x14, 0x67, 0x1, {0x8, 0x1, 0x7}}, 0x14) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000003000000610200000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r1, @ANYRES32, @ANYBLOB='\x00'/14], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000feffffff18110000", @ANYRES32=r8, @ANYRES8=r5], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 7.707125033s ago: executing program 1 (id=786): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000080)={0x19}) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ee222}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, &(0x7f00000002c0)={0x48, 0x6, r2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7b}) 7.044375861s ago: executing program 2 (id=787): r0 = socket(0x2, 0x3, 0xc) bind$inet(r0, &(0x7f0000000080)={0x2, 0xfffc, @private=0xa010100}, 0x8) 6.947563678s ago: executing program 4 (id=788): r0 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xff, 0x80, 0x8, [{{0x9, 0x4, 0x0, 0xfd, 0x1, 0x7, 0x1, 0x1, 0x1, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x4, 0x0, 0xb}}}}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r0, &(0x7f00000015c0)={0x2c, 0x0, &(0x7f0000001480)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40b}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000003d00)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000003a00)={0x20, 0x0, 0x4, {0x2, 0x10}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x80000000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000240)={0xffffffffffffffff}) close_range(r2, 0xffffffffffffffff, 0xfd) 6.804552276s ago: executing program 1 (id=789): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x103042, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x0, 0x0) quotactl$Q_SETQUOTA(0xffffffff80000800, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001240), 0x0, 0x20000004) r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) getsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f00000000c0)=0x3, &(0x7f0000000140)=0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x8, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x20000000, 0x0, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x8ec25ee0caa685dd}}}}]}]}, 0x70}}, 0x20040000) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3000003, 0x200000006c832, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000100)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) 6.729095058s ago: executing program 2 (id=790): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000680)={0x1, 0x0, {0xfffffffe, 0x0, 0x0, 0xa, 0x0, 0x61, 0x0, 0x4}}) 6.171085169s ago: executing program 2 (id=791): bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1a0000000400000000000000010000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000160f"], 0x48) 6.15234163s ago: executing program 0 (id=792): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000040)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff080045000028000000009f06907800"/38, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50200dff90780000"], 0x0) 6.135049025s ago: executing program 1 (id=793): ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000080)={0x2, @output={0x0, 0xf4084f40ce420f03, {0x4}, 0xd9, 0x10cc}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) syz_open_dev$evdev(0x0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x1, 0x0, 0xa}, {}, {0x0, 0x2}, 0x0, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7}}, 0xe8) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) 6.038463744s ago: executing program 0 (id=794): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000006b40)=[{{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f0000000600)="4db67df5689e2125a2162cfb7fcd57d08e760c80a4f3c9a0ab4d22cc326d3f032787cd8316b398c57aa4", 0x2a}, {0x0}], 0x2}}], 0x1, 0x4c814) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x60000400, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = getpgid(0x0) r2 = syz_pidfd_open(r1, 0x0) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) pidfd_send_signal(r2, 0x21, 0x0, 0x4) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[], 0x120}, 0x1, 0x0, 0x0, 0x90}, 0x0) 5.952559305s ago: executing program 2 (id=795): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) io_setup(0x3, &(0x7f0000000180)) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r0, 0x5453, 0x0) r1 = socket(0x10, 0x400000000080803, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x0, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000900)={'bridge0\x00', @broadcast}) 5.482584838s ago: executing program 2 (id=796): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x103042, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) syz_open_dev$midi(0x0, 0x3, 0x88c02) mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='xfs\x00', 0x0, 0x0) 5.136997377s ago: executing program 1 (id=797): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) request_key(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0xfffffffffffffffe) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000c00), 0x71, 0x2081) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000020000000000040000000000", @ANYRES64=0x0, @ANYRES32=0x0, @ANYRES32, @ANYRESOCT=r2], 0x50) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r6, 0x0, 0x7, 0x0) close(r5) write$cgroup_int(r6, &(0x7f0000000040)=0x1ff, 0x12) writev(r4, &(0x7f0000000100)=[{&(0x7f0000000140)='Y', 0x1}], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x3d, 0x300, 0x0, 0x1, 0x0, 0x37a0}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_usb_connect(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="5db300005d2904202404019957c2010fb8040203010902240001000010000904430002317d5500090502020002020034099c96b271ef8a000031e196cd86acf8ecd4e7"], 0x0) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_control_io$uac1(r7, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000001c0)=ANY=[@ANYBLOB="0013040000f8ada37f66"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r7, 0x0, &(0x7f0000000440)={0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/10], 0x0, 0x0}) read$msr(0xffffffffffffffff, &(0x7f0000032680)=""/102392, 0x18ff8) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) 5.124730155s ago: executing program 3 (id=798): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x3a, 0x40, 0x0, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000928d43ee35c4ecfaec8e0a4edbfe80b2049df06d92f449975ed4c071a8d83d92d02496800184398a001f908f078622c9e31607ff929b62bded4c0bb2cbadddffc4b74ebb4a8ad17674010000003d4c90a1c01a18ad67aa8a9580fc789b7222f3e2ff1a5390e2b9137088898087a41e7a5a67c6a41c436f7db0369c846055c8b28fbbc22e10d413087db065f918e2cc600ff19311524f9a2cbe32c3cfacb4fce3d83ff3d8637aa961f0d2ec74d6b69541c6ae69fb84ca109b02a85491704a96addc183b9568fc3c2d3f3b7cee104619a8925ac6066dc20fd1f2e9248c5f0bf4"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000680)=@IORING_OP_ASYNC_CANCEL={0xe, 0x1c, 0x0, 0x0, 0x0, 0x1}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) ioctl$sock_qrtr_TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000280)) chroot(0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)=@secondary) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x3c1, 0x3, 0x520, 0x340, 0x9403, 0x0, 0x0, 0x2c0, 0x450, 0x3d8, 0x3d8, 0x450, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@hashlimit3={{0x158}, {'syz_tun\x00', {0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0, 0x1, 0x6}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x580) 4.287490086s ago: executing program 4 (id=799): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000080)={0x19}) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ee222}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, &(0x7f00000002c0)={0x48, 0x6, r2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7b}) 3.996490359s ago: executing program 4 (id=800): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() socket$inet6_tcp(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$xdp(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x13, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_freezer_state(r6, &(0x7f00000002c0), 0x2, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000040), 0x12) write$cgroup_freezer_state(r7, &(0x7f0000000400)='FROZEN\x00', 0x7) write$cgroup_freezer_state(r7, &(0x7f0000000080)='THAWED\x00', 0x7) sendmsg$NET_DM_CMD_START(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r1, 0x1}, 0x14}}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef64bd465b9780e2bbe408ccc58187feb0e3d43347f98e1a298327e6f9b312ecb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259620618c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a30536455bb774f7f154263178151ea93f5774b56a7142047326f940e95b8489e1c5650f5c61299a295f79c88456521cffdef93e29f10f4a11f0ca134a375a7ecfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d9823659d1945258fc668950e5aacfa06e1a212661b3f57a266c90e64efc8d8f730867202a9ee94e6a1f851337c2c9671d98a19bdc132c153b3ad843bdd308a07ba8f50a20cfd2c8b94e86ea0af0a9e0e9789ffd38f9b86da101e2266700"/441], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r8, 0x0, 0x0}, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000600)=@security={'security\x00', 0xe, 0x4, 0x5d8, 0xffffffff, 0x0, 0x1f8, 0x310, 0xffffffff, 0xffffffff, 0x508, 0x508, 0x508, 0xffffffff, 0x4, &(0x7f00000000c0), {[{{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, [0xffffffff, 0xffffffff, 0x0, 0xffffff00], [0xff, 0xffffffff, 0xff000000, 0xff], 'erspan0\x00', 'vcan0\x00', {0xff}, {0xff}, 0x2e, 0xb, 0x0, 0x1}, 0x0, 0x1c8, 0x1f8, 0x0, {}, [@common=@unspec=@comment={{0x120}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x400, 0x9, 0x7, 0x2}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @dev={0xfe, 0x80, '\x00', 0x14}, [0xff, 0xff000000, 0xff, 0xffffff00], [0xff000000, 0xff, 0xffffff00, 0xffffffff], 'nicvf0\x00', 'netpci0\x00', {0xff}, {0xff}, 0x3b, 0x8, 0x0, 0x3}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@eui64={{0x28}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x3}}}}, {{@uncond, 0x0, 0xd0, 0x1f8, 0x0, {}, [@common=@hl={{0x28}, {0x3, 0x5}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x3f, 'system_u:object_r:mouse_device_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x638) 2.997046347s ago: executing program 4 (id=801): r0 = dup(0xffffffffffffffff) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x20) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket(0x2a, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff08000900fc000000080011000000000008000e00800000000800", @ANYRES64=r3], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000500)=ANY=[@ANYRES64=r2, @ANYBLOB='v:'], 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x4, 0xfffffffffffff04f, 0x7, 0x400000080000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x6, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8}) clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0xe, 0xf, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x2, 0x4, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x7, 0x3, 0x8, 0xfffffffffffffffa, 0x0, 0x5, 0x8, 0x7, 0x3, 0x6}) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0) r7 = eventfd(0x4) ioctl$VHOST_SET_VRING_BASE(r6, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r7) ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r7}) r8 = userfaultfd(0x80001) ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000380)) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) 0s ago: executing program 1 (id=802): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) r5 = syz_io_uring_setup(0x748d, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) openat$cgroup(0xffffffffffffffff, &(0x7f0000000400)='syz1\x00', 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2cc8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e046e513b3177e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff70307d77ecc9769fcd1ac101f8fbb598b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r8 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) syz_io_uring_submit(r6, r7, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x4004, @fd=r8, 0xfffffffffffffffe, &(0x7f00000001c0)=[{0x0}], 0x1}) setsockopt$rose(0xffffffffffffffff, 0x104, 0x6, &(0x7f0000000080), 0x4) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0xf1, {0x0, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_uring_enter(r5, 0x27e2, 0x0, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000004bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) kernel console output (not intermixed with test programs): or wq "xfs-blockgc/loop4": -EINTR [ 187.562079][ T901] vhci_hcd: vhci_device speed not set [ 187.584815][ T29] audit: type=1400 audit(1733181581.557:359): avc: denied { connect } for pid=7248 comm="syz.1.328" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 188.661944][ T29] audit: type=1400 audit(1733181582.677:360): avc: denied { map } for pid=7262 comm="syz.3.334" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 188.705457][ T29] audit: type=1400 audit(1733181582.677:361): avc: denied { execute } for pid=7262 comm="syz.3.334" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 189.757225][ T7273] netlink: 28 bytes leftover after parsing attributes in process `syz.0.331'. [ 189.768690][ T7273] netlink: 'syz.0.331': attribute type 7 has an invalid length. [ 189.778309][ T7273] netlink: 'syz.0.331': attribute type 8 has an invalid length. [ 189.788540][ T7273] netlink: 4 bytes leftover after parsing attributes in process `syz.0.331'. [ 190.060395][ T7280] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 190.066940][ T7280] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 190.082950][ T7280] vhci_hcd vhci_hcd.0: Device attached [ 190.118882][ T7283] capability: warning: `syz.4.337' uses 32-bit capabilities (legacy support in use) [ 190.261562][ T5871] vhci_hcd: vhci_device speed not set [ 190.455461][ T8] usb 2-1: new low-speed USB device number 23 using dummy_hcd [ 190.463326][ T5871] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 190.555858][ T7292] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 191.127595][ T8] usb 2-1: config 0 has no interfaces? [ 191.135308][ T8] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 191.186484][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.214880][ T8] usb 2-1: config 0 descriptor?? [ 191.362959][ T7302] binder: 7300:7302 ioctl 541b 0 returned -22 [ 191.823046][ T7297] overlayfs: missing 'workdir' [ 192.331648][ T29] audit: type=1400 audit(1733181586.357:362): avc: denied { append } for pid=7306 comm="syz.0.344" name="userio" dev="devtmpfs" ino=914 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 193.151577][ T7320] bridge0: port 3(erspan0) entered blocking state [ 193.159248][ T7320] bridge0: port 3(erspan0) entered disabled state [ 193.169046][ T7320] erspan0: entered allmulticast mode [ 193.189911][ T7320] erspan0: entered promiscuous mode [ 193.201013][ T7320] bridge0: port 3(erspan0) entered blocking state [ 193.207818][ T7320] bridge0: port 3(erspan0) entered forwarding state [ 193.507374][ T25] usb 2-1: USB disconnect, device number 23 [ 193.545283][ T7281] vhci_hcd: connection reset by peer [ 193.575343][ T7319] bridge0: entered promiscuous mode [ 193.580606][ T7319] bridge0: entered allmulticast mode [ 193.616565][ T35] vhci_hcd: stop threads [ 193.621155][ T35] vhci_hcd: release socket [ 193.626090][ T35] vhci_hcd: disconnect device [ 193.732670][ T7326] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 193.774273][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 193.782423][ T5822] Bluetooth: hci3: command 0x0406 tx timeout [ 193.792525][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 193.816770][ T7326] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 193.906620][ T901] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 194.341953][ T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 195.181492][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 195.188716][ T9] usb 3-1: config 0 has an invalid interface number: 68 but max is 0 [ 195.220943][ T9] usb 3-1: config 0 has no interface number 0 [ 195.249619][ T901] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 195.260176][ T901] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 195.372151][ T7346] binder: 7339:7346 ioctl 541b 0 returned -22 [ 195.403784][ T901] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 195.413316][ T901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.454514][ T901] usb 4-1: Product: syz [ 195.458825][ T901] usb 4-1: Manufacturer: syz [ 195.471005][ T9] usb 3-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023 [ 195.480903][ T901] usb 4-1: SerialNumber: syz [ 195.611574][ T5871] vhci_hcd: vhci_device speed not set [ 195.630598][ T9] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 195.642231][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.651440][ T9] usb 3-1: Product: syz [ 195.656804][ T9] usb 3-1: Manufacturer: syz [ 195.661785][ T9] usb 3-1: SerialNumber: syz [ 195.742407][ T9] usb 3-1: config 0 descriptor?? [ 195.755652][ T7331] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 195.985186][ T901] usb 4-1: config 0 descriptor?? [ 195.990939][ T7327] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 195.998370][ T7327] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 196.923469][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 196.931856][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.979002][ T901] dm9601 4-1:0.0: probe with driver dm9601 failed with error -71 [ 197.222993][ T901] usb 4-1: USB disconnect, device number 10 [ 197.272766][ T9] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 197.284153][ T1157] usb 3-1: Failed to submit usb control message: -71 [ 197.291082][ T1157] usb 3-1: unable to send the bmi data to the device: -71 [ 197.312053][ T9] usb 3-1: USB disconnect, device number 9 [ 197.400267][ T1157] usb 3-1: unable to get target info from device [ 197.411742][ T1157] usb 3-1: could not get target info (-71) [ 197.472221][ T1157] usb 3-1: could not probe fw (-71) [ 198.311494][ T7376] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 198.318029][ T7376] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 198.332399][ T7376] vhci_hcd vhci_hcd.0: Device attached [ 198.571480][ T970] usb 4-1: new low-speed USB device number 11 using dummy_hcd [ 199.139872][ T5871] vhci_hcd: vhci_device speed not set [ 199.212582][ T5871] usb 39-1: new full-speed USB device number 3 using vhci_hcd [ 199.296608][ T9] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 199.322827][ T970] usb 4-1: config 0 has no interfaces? [ 199.328373][ T970] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 199.341456][ T970] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.356347][ T970] usb 4-1: config 0 descriptor?? [ 199.441488][ T5909] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 199.461717][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 199.472662][ T9] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 199.480936][ T9] usb 5-1: config 0 has no interface number 0 [ 199.492279][ T9] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 199.504062][ T9] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 199.516306][ T9] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 199.530106][ T9] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 199.538677][ T9] usb 5-1: Product: syz [ 199.547978][ T9] usb 5-1: SerialNumber: syz [ 199.572959][ T9] usb 5-1: config 0 descriptor?? [ 199.592280][ T9] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 199.600933][ T9] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input26 [ 199.611261][ T5909] usb 3-1: Using ep0 maxpacket: 16 [ 199.659709][ T5909] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 199.674136][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.697165][ T5909] usb 3-1: Product: syz [ 199.725371][ T5909] usb 3-1: Manufacturer: syz [ 199.743401][ T5909] usb 3-1: SerialNumber: syz [ 199.813871][ C0] cm109_urb_ctl_callback: 49 callbacks suppressed [ 199.813897][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.831611][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.838917][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.847931][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.856376][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.863557][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.871512][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.878663][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.885823][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 199.892982][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 200.718453][ T9] usb 5-1: USB disconnect, device number 22 [ 200.718505][ C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 200.846511][ T5909] usb 3-1: config 0 descriptor?? [ 200.880090][ T5909] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 200.895820][ T9] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 201.075137][ T7377] vhci_hcd: connection reset by peer [ 201.139811][ T62] vhci_hcd: stop threads [ 201.144177][ T62] vhci_hcd: release socket [ 201.149964][ T62] vhci_hcd: disconnect device [ 201.191664][ T970] usb 4-1: USB disconnect, device number 11 [ 201.275935][ T5909] ssu100 3-1:0.0: probe with driver ssu100 failed with error -110 [ 201.378660][ T7408] netlink: 28 bytes leftover after parsing attributes in process `syz.1.366'. [ 201.396168][ T7408] netlink: 'syz.1.366': attribute type 7 has an invalid length. [ 201.406339][ T7408] netlink: 'syz.1.366': attribute type 8 has an invalid length. [ 201.415119][ T7408] netlink: 4 bytes leftover after parsing attributes in process `syz.1.366'. [ 201.453226][ T7399] syz.1.366: attempt to access beyond end of device [ 201.453226][ T7399] loop1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 201.621179][ T7399] XFS (loop1): SB validate failed with error -5. [ 201.907830][ T7417] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 201.952160][ T7417] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 201.973715][ T7417] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 201.985280][ T7417] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 202.006724][ T7417] geneve2: entered promiscuous mode [ 202.019273][ T7417] geneve2: entered allmulticast mode [ 202.071457][ T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 202.241615][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 202.268419][ T9] usb 5-1: config 0 has an invalid interface number: 68 but max is 0 [ 202.300276][ T9] usb 5-1: config 0 has no interface number 0 [ 202.328669][ T9] usb 5-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023 [ 202.371311][ T9] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 202.931941][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.940849][ T9] usb 5-1: Product: syz [ 202.945102][ T9] usb 5-1: Manufacturer: syz [ 202.949814][ T9] usb 5-1: SerialNumber: syz [ 202.967902][ T9] usb 5-1: config 0 descriptor?? [ 203.076600][ T7413] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 203.177412][ T9] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 203.734424][ T7435] tty tty20: ldisc open failed (-12), clearing slot 19 [ 203.802238][ T7437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 203.810845][ T7437] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 203.891519][ T5925] usb 3-1: USB disconnect, device number 10 [ 204.187464][ T29] audit: type=1400 audit(1733181598.217:363): avc: denied { view } for pid=7411 comm="syz.4.368" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 205.251955][ T5871] vhci_hcd: vhci_device speed not set [ 205.294967][ T62] usb 5-1: Failed to submit usb control message: -110 [ 205.302197][ T62] usb 5-1: unable to send the bmi data to the device: -110 [ 205.309478][ T62] usb 5-1: unable to get target info from device [ 205.439319][ T62] usb 5-1: could not get target info (-110) [ 205.445380][ T62] usb 5-1: could not probe fw (-110) [ 205.454626][ T970] usb 5-1: USB disconnect, device number 23 [ 206.012997][ T7458] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 206.641027][ T7462] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 206.647589][ T7462] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 206.671574][ T7462] vhci_hcd vhci_hcd.0: Device attached [ 206.851618][ T5925] vhci_hcd: vhci_device speed not set [ 206.911589][ T5925] usb 41-1: new full-speed USB device number 3 using vhci_hcd [ 206.911749][ T970] usb 5-1: new low-speed USB device number 24 using dummy_hcd [ 206.972734][ T7470] netlink: 60 bytes leftover after parsing attributes in process `syz.0.378'. [ 207.030986][ T25] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 207.262972][ T25] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 207.282323][ T25] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 207.321540][ T25] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 207.345542][ T970] usb 5-1: config 0 has no interfaces? [ 207.348373][ T25] usb 4-1: config 1 has no interface number 1 [ 207.355282][ T970] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 207.366707][ T25] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 207.398172][ T970] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.428434][ T25] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 207.438546][ T970] usb 5-1: config 0 descriptor?? [ 207.444730][ T25] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 207.457224][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.498174][ T25] usb 4-1: Product: syz [ 207.516703][ T25] usb 4-1: Manufacturer: syz [ 207.521344][ T25] usb 4-1: SerialNumber: syz [ 207.572020][ T29] audit: type=1400 audit(1733181601.607:364): avc: denied { read } for pid=7475 comm="syz.1.380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 207.856969][ T25] usb 4-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 207.878924][ T25] usb 4-1: MIDIStreaming interface descriptor not found [ 208.020258][ T25] usb 4-1: USB disconnect, device number 12 [ 208.368934][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 210.349622][ T7463] vhci_hcd: connection reset by peer [ 210.378363][ T2988] vhci_hcd: stop threads [ 210.385099][ T5909] usb 5-1: USB disconnect, device number 24 [ 210.401356][ T2988] vhci_hcd: release socket [ 210.442584][ T2988] vhci_hcd: disconnect device [ 211.198867][ T970] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 211.641683][ T7517] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/loop2": -EINTR [ 211.712355][ T970] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 211.742454][ T970] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 211.887021][ T970] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 212.103135][ T7532] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 212.395341][ T5925] vhci_hcd: vhci_device speed not set [ 212.902053][ T970] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 212.913098][ T970] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 213.013906][ T7509] pim6reg: entered allmulticast mode [ 213.021915][ T7509] pim6reg: left allmulticast mode [ 213.171559][ T970] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 213.181069][ T970] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 213.189651][ T970] usb 4-1: Product: syz [ 213.193900][ T970] usb 4-1: Manufacturer: syz [ 213.224254][ T970] cdc_wdm 4-1:1.0: skipping garbage [ 213.229501][ T970] cdc_wdm 4-1:1.0: skipping garbage [ 213.249819][ T970] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 213.256558][ T970] cdc_wdm 4-1:1.0: Unknown control protocol [ 213.391111][ T970] usb 4-1: USB disconnect, device number 13 [ 213.476026][ T29] audit: type=1400 audit(1733181607.507:365): avc: denied { setopt } for pid=7540 comm="syz.2.395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 213.671732][ T7553] capability: warning: `syz.0.398' uses deprecated v2 capabilities in a way that may be insecure [ 213.769545][ T7556] overlayfs: missing 'lowerdir' [ 213.781909][ T7553] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 213.880083][ T7559] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 215.035892][ T29] audit: type=1326 audit(1733181609.067:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7573 comm="syz.2.408" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f029937ff19 code=0x0 [ 215.625351][ T970] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 215.650871][ T29] audit: type=1400 audit(1733181609.177:367): avc: denied { bind } for pid=7565 comm="syz.0.402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 215.682153][ T29] audit: type=1400 audit(1733181609.187:368): avc: denied { write } for pid=7565 comm="syz.0.402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 215.701913][ T29] audit: type=1400 audit(1733181609.197:369): avc: denied { name_bind } for pid=7565 comm="syz.0.402" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 215.723371][ T29] audit: type=1400 audit(1733181609.297:370): avc: denied { append } for pid=7565 comm="syz.0.402" name="001" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 215.747453][ T5915] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 215.799553][ T7585] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 215.813956][ T29] audit: type=1400 audit(1733181609.847:371): avc: denied { getopt } for pid=7586 comm="syz.0.409" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 215.834553][ T970] usb 5-1: Using ep0 maxpacket: 16 [ 215.920590][ T970] usb 5-1: config 0 has an invalid interface number: 68 but max is 0 [ 215.934425][ T970] usb 5-1: config 0 has no interface number 0 [ 215.940549][ T970] usb 5-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023 [ 215.957308][ T970] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 215.970258][ T5915] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 215.981224][ T5915] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 216.001784][ T970] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.025309][ T970] usb 5-1: Product: syz [ 216.030087][ T5915] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 216.046131][ T970] usb 5-1: Manufacturer: syz [ 216.050765][ T970] usb 5-1: SerialNumber: syz [ 216.056678][ T5915] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 216.075393][ T970] usb 5-1: config 0 descriptor?? [ 216.085494][ T7572] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 216.095669][ T5915] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 216.391634][ T901] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 216.531722][ T901] usb 3-1: device descriptor read/64, error -71 [ 216.601984][ T5915] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 216.611069][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 216.619465][ T5915] usb 2-1: Product: syz [ 216.623889][ T5915] usb 2-1: Manufacturer: syz [ 216.650951][ T7572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.660875][ T970] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 216.675146][ T7572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.715122][ T5915] cdc_wdm 2-1:1.0: skipping garbage [ 216.720368][ T5915] cdc_wdm 2-1:1.0: skipping garbage [ 216.760192][ T5915] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 216.768172][ T5915] cdc_wdm 2-1:1.0: Unknown control protocol [ 216.791596][ T901] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 216.810135][ T29] audit: type=1400 audit(1733181610.837:372): avc: denied { write } for pid=7604 comm="syz.0.413" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 216.840463][ T7605] FAULT_INJECTION: forcing a failure. [ 216.840463][ T7605] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 216.866867][ T7605] CPU: 0 UID: 0 PID: 7605 Comm: syz.0.413 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 216.868765][ T25] usb 5-1: USB disconnect, device number 25 [ 216.877472][ T7605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 216.877488][ T7605] Call Trace: [ 216.877495][ T7605] [ 216.877503][ T7605] dump_stack_lvl+0x16c/0x1f0 [ 216.877540][ T7605] should_fail_ex+0x497/0x5b0 [ 216.877573][ T7605] _copy_from_user+0x2e/0xd0 [ 216.913629][ T7605] fb_sys_write+0x24d/0x3f0 [ 216.918152][ T7605] drm_fbdev_shmem_defio_write+0x48/0x90 [ 216.923808][ T7605] ? __pfx_drm_fbdev_shmem_defio_write+0x10/0x10 [ 216.930151][ T7605] fb_write+0x199/0x2a0 [ 216.934328][ T7605] ? __pfx_fb_write+0x10/0x10 [ 216.939016][ T7605] vfs_writev+0x6da/0xdd0 [ 216.942837][ T901] usb 3-1: device descriptor read/64, error -71 [ 216.943340][ T7605] ? __pfx___lock_acquire+0x10/0x10 [ 216.954763][ T7605] ? find_held_lock+0x2d/0x110 [ 216.959548][ T7605] ? __pfx_vfs_writev+0x10/0x10 [ 216.964410][ T7605] ? __fget_files+0x1fc/0x3a0 [ 216.969098][ T7605] ? __pfx_lock_release+0x10/0x10 [ 216.974149][ T7605] ? __fget_files+0x206/0x3a0 [ 216.978850][ T7605] ? do_pwritev+0x1b1/0x270 [ 216.983367][ T7605] do_pwritev+0x1b1/0x270 [ 216.987702][ T7605] ? __pfx_do_pwritev+0x10/0x10 [ 216.992565][ T7605] do_syscall_64+0xcd/0x250 [ 216.997090][ T7605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.002998][ T7605] RIP: 0033:0x7f737277ff19 [ 217.007393][ T7605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.027000][ T7605] RSP: 002b:00007f7373651058 EFLAGS: 00000246 ORIG_RAX: 0000000000000128 [ 217.035422][ T7605] RAX: ffffffffffffffda RBX: 00007f7372945fa0 RCX: 00007f737277ff19 [ 217.043380][ T7605] RDX: 0000000000000300 RSI: 00000000200000c0 RDI: 0000000000000003 [ 217.051337][ T7605] RBP: 00007f73736510a0 R08: 0000000000000000 R09: 0000000000000000 [ 217.051764][ T901] usb usb3-port1: attempt power cycle [ 217.059295][ T7605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.059312][ T7605] R13: 0000000000000000 R14: 00007f7372945fa0 R15: 00007ffe68398828 [ 217.059337][ T7605] [ 217.061584][ T1106] usb 5-1: Failed to submit usb control message: -71 [ 217.136452][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 217.143322][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 217.156112][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 217.162746][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 217.170342][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 217.176974][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 217.181479][ T1106] usb 5-1: unable to send the bmi data to the device: -71 [ 217.184763][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 217.196750][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 217.198346][ T1106] usb 5-1: unable to get target info from device [ 217.203577][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 217.216246][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 217.235278][ T1106] usb 5-1: could not get target info (-71) [ 217.239509][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 217.247727][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 217.256837][ T1106] usb 5-1: could not probe fw (-71) [ 217.256956][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 217.268663][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 217.291470][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 217.298094][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 217.309599][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 217.316219][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 217.328747][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 217.335364][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 217.349461][ T5915] usb 2-1: USB disconnect, device number 24 [ 217.355439][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 217.561816][ T901] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 217.637620][ T901] usb 3-1: device descriptor read/8, error -71 [ 218.637774][ T901] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 218.663534][ T901] usb 3-1: device descriptor read/8, error -71 [ 219.435497][ T5915] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 219.472721][ T901] usb usb3-port1: unable to enumerate USB device [ 219.496944][ T7626] SELinux: failed to load policy [ 219.503211][ T29] audit: type=1400 audit(1733181613.527:373): avc: denied { load_policy } for pid=7591 comm="syz.2.411" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 219.608847][ T7626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.620720][ T7626] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.993123][ T7629] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 221.276589][ T7648] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 223.259313][ T7643] syz.1.423: attempt to access beyond end of device [ 223.259313][ T7643] loop1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 223.926966][ T7643] XFS (loop1): SB validate failed with error -5. [ 224.861543][ T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 224.945987][ T7688] overlayfs: conflicting options: userxattr,redirect_dir=on [ 225.021924][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 225.062108][ T9] usb 3-1: config 0 has an invalid interface number: 68 but max is 0 [ 225.070227][ T9] usb 3-1: config 0 has no interface number 0 [ 225.089602][ T9] usb 3-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023 [ 225.127185][ T9] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 225.138062][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.150816][ T9] usb 3-1: Product: syz [ 225.162082][ T9] usb 3-1: Manufacturer: syz [ 225.166707][ T9] usb 3-1: SerialNumber: syz [ 225.177702][ T9] usb 3-1: config 0 descriptor?? [ 225.185330][ T7662] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 225.231255][ T7698] netlink: 5 bytes leftover after parsing attributes in process `syz.1.438'. [ 225.241558][ T970] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 225.257301][ T7698] 0ªÃøÂFNð¡: renamed from bond_slave_0 (while UP) [ 225.280837][ T7698] 0ªÃøÂFNð¡: entered allmulticast mode [ 225.285394][ T9] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 225.428416][ T970] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 225.451684][ T5909] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 225.560406][ T970] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 225.587593][ T7662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.611733][ T5909] usb 4-1: Using ep0 maxpacket: 8 [ 225.646024][ T5909] usb 4-1: config 0 has no interfaces? [ 225.679169][ T5909] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 225.697713][ T7662] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.721094][ T970] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 225.794303][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.829765][ T970] usb 5-1: config 1 has no interface number 1 [ 225.867263][ T12] usb 3-1: Failed to submit usb control message: -71 [ 225.867443][ T5871] usb 3-1: USB disconnect, device number 15 [ 225.874894][ T12] usb 3-1: unable to send the bmi data to the device: -71 [ 225.887594][ T12] usb 3-1: unable to get target info from device [ 225.894012][ T12] usb 3-1: could not get target info (-71) [ 225.899954][ T12] usb 3-1: could not probe fw (-71) [ 225.904235][ T970] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 225.918893][ T5909] usb 4-1: config 0 descriptor?? [ 225.946942][ T970] usb 5-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 226.005814][ T970] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 226.025082][ T970] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.037678][ T970] usb 5-1: Product: syz [ 226.046150][ T970] usb 5-1: Manufacturer: syz [ 226.050771][ T970] usb 5-1: SerialNumber: syz [ 226.392707][ T29] audit: type=1400 audit(1733181620.367:374): avc: denied { remount } for pid=7710 comm="syz.0.441" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 226.578583][ T29] audit: type=1400 audit(1733181620.407:375): avc: denied { bind } for pid=7710 comm="syz.0.441" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 226.816503][ T970] usb 5-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 226.824003][ T970] usb 5-1: MIDIStreaming interface descriptor not found [ 226.894758][ T970] usb 5-1: USB disconnect, device number 26 [ 226.898228][ T29] audit: type=1400 audit(1733181620.407:376): avc: denied { listen } for pid=7710 comm="syz.0.441" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 227.041639][ T29] audit: type=1400 audit(1733181620.997:377): avc: denied { setopt } for pid=7710 comm="syz.0.441" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 227.843246][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 228.060064][ T7732] overlayfs: missing 'lowerdir' [ 228.799315][ T5871] usb 4-1: USB disconnect, device number 14 [ 230.458239][ T7753] binder: 7746:7753 ioctl 541b 0 returned -22 [ 232.396032][ T7743] syz.1.450: attempt to access beyond end of device [ 232.396032][ T7743] loop1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 232.409234][ T7743] XFS (loop1): SB validate failed with error -5. [ 232.861230][ T7790] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 233.011706][ T5865] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 233.522122][ T5865] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 233.530853][ T5865] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 233.606596][ T5865] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 233.753718][ T5865] usb 3-1: config 1 has no interface number 1 [ 233.760798][ T5865] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 233.780578][ T5865] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 233.799863][ T5865] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 233.809002][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.817100][ T5865] usb 3-1: Product: syz [ 233.821474][ T5865] usb 3-1: Manufacturer: syz [ 233.826313][ T5865] usb 3-1: SerialNumber: syz [ 233.928109][ T7798] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 234.386105][ T5865] usb 3-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 234.397753][ T5865] usb 3-1: MIDIStreaming interface descriptor not found [ 234.422813][ T7800] overlayfs: missing 'lowerdir' [ 234.543004][ T5865] usb 3-1: USB disconnect, device number 16 [ 234.556651][ T29] audit: type=1400 audit(1733181628.587:378): avc: denied { write } for pid=5174 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 234.659498][ T29] audit: type=1400 audit(1733181628.587:379): avc: denied { remove_name } for pid=5174 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 234.869002][ T29] audit: type=1400 audit(1733181628.587:380): avc: denied { add_name } for pid=5174 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 234.882918][ T7808] FAULT_INJECTION: forcing a failure. [ 234.882918][ T7808] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 234.918129][ T7808] CPU: 0 UID: 0 PID: 7808 Comm: syz.3.464 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 234.928763][ T7808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 234.938836][ T7808] Call Trace: [ 234.942126][ T7808] [ 234.945069][ T7808] dump_stack_lvl+0x16c/0x1f0 [ 234.949770][ T7808] should_fail_ex+0x497/0x5b0 [ 234.954474][ T7808] _copy_to_user+0x32/0xd0 [ 234.958914][ T7808] simple_read_from_buffer+0xd0/0x160 [ 234.964313][ T7808] proc_fail_nth_read+0x198/0x270 [ 234.969379][ T7808] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 234.974948][ T7808] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 234.980515][ T7808] vfs_read+0x1df/0xbe0 [ 234.984684][ T7808] ? __fget_files+0x1fc/0x3a0 [ 234.989382][ T7808] ? __pfx___mutex_lock+0x10/0x10 [ 234.994431][ T7808] ? __pfx_vfs_read+0x10/0x10 [ 234.999130][ T7808] ? __fget_files+0x206/0x3a0 [ 235.003827][ T7808] ksys_read+0x12b/0x250 [ 235.008083][ T7808] ? __pfx_ksys_read+0x10/0x10 [ 235.012867][ T7808] do_syscall_64+0xcd/0x250 [ 235.017392][ T7808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 235.023306][ T7808] RIP: 0033:0x7f906117e92c [ 235.027727][ T7808] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 235.047346][ T7808] RSP: 002b:00007f9061ef4050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 235.055778][ T7808] RAX: ffffffffffffffda RBX: 00007f9061345fa0 RCX: 00007f906117e92c [ 235.063758][ T7808] RDX: 000000000000000f RSI: 00007f9061ef40b0 RDI: 0000000000000005 [ 235.071739][ T7808] RBP: 00007f9061ef40a0 R08: 0000000000000000 R09: 0000000000000000 [ 235.079716][ T7808] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 235.087696][ T7808] R13: 0000000000000000 R14: 00007f9061345fa0 R15: 00007fff3f21ba18 [ 235.095690][ T7808] [ 235.183401][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 235.219178][ T29] audit: type=1400 audit(1733181629.247:381): avc: denied { read write } for pid=7814 comm="syz.1.466" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 235.313238][ T29] audit: type=1400 audit(1733181629.297:382): avc: denied { open } for pid=7814 comm="syz.1.466" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 237.787658][ T29] audit: type=1400 audit(1733181631.807:383): avc: denied { ioctl } for pid=7844 comm="syz.0.474" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 238.418073][ T29] audit: type=1400 audit(1733181632.437:384): avc: denied { bind } for pid=7844 comm="syz.0.474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 238.449037][ T25] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 239.213171][ T7855] bridge0: left allmulticast mode [ 239.311454][ T29] audit: type=1400 audit(1733181633.227:385): avc: denied { audit_write } for pid=7853 comm="syz.1.475" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 239.364988][ T7855] 0ªÃøÂFNð¡: left allmulticast mode [ 239.376178][ T29] audit: type=1400 audit(1733181633.407:386): avc: denied { write } for pid=7868 comm="syz.4.478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 239.562285][ T7874] Cannot find add_set index 0 as target [ 239.884873][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 240.057760][ T25] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 240.065911][ T25] usb 4-1: config 0 has no interface number 0 [ 240.072185][ T25] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 240.083797][ T25] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 241.542640][ T25] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 241.555998][ T25] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 241.587324][ T7888] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 241.591852][ T25] usb 4-1: Product: syz [ 241.651514][ T7888] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 241.670097][ T7888] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 241.710333][ T29] audit: type=1400 audit(1733181635.717:387): avc: denied { read append } for pid=7887 comm="syz.0.482" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 241.738154][ T29] audit: type=1400 audit(1733181635.717:388): avc: denied { open } for pid=7887 comm="syz.0.482" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 241.762863][ T29] audit: type=1326 audit(1733181635.737:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7884 comm="syz.1.480" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f349477ff19 code=0x0 [ 241.850710][ T25] usb 4-1: config 0 descriptor?? [ 241.856628][ T25] usb 4-1: can't set config #0, error -71 [ 241.904388][ T25] usb 4-1: USB disconnect, device number 15 [ 243.244576][ T29] audit: type=1400 audit(1733181637.277:390): avc: denied { set_context_mgr } for pid=7884 comm="syz.1.480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 243.333196][ T29] audit: type=1400 audit(1733181637.327:391): avc: denied { map } for pid=7884 comm="syz.1.480" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 244.052632][ T5915] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 244.464630][ T7920] 9pnet_fd: Insufficient options for proto=fd [ 244.498089][ T5915] usb 3-1: config 3 has an invalid interface number: 24 but max is 0 [ 244.541446][ T5915] usb 3-1: config 3 contains an unexpected descriptor of type 0x2, skipping [ 244.550168][ T5915] usb 3-1: config 3 has no interface number 0 [ 244.577256][ T5915] usb 3-1: config 3 interface 24 altsetting 0 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 244.590412][ T5915] usb 3-1: config 3 interface 24 altsetting 0 endpoint 0xD has invalid maxpacket 1600, setting to 64 [ 244.607375][ T5915] usb 3-1: config 3 interface 24 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 244.631548][ T5915] usb 3-1: config 3 interface 24 altsetting 0 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 244.643929][ T5915] usb 3-1: New USB device found, idVendor=16d8, idProduct=6003, bcdDevice=3e.65 [ 244.658752][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.708947][ T5915] option 3-1:3.24: GSM modem (1-port) converter detected [ 245.327058][ T7929] netlink: 4 bytes leftover after parsing attributes in process `syz.3.490'. [ 245.893615][ T25] usb 3-1: USB disconnect, device number 17 [ 245.916742][ T25] option 3-1:3.24: device disconnected [ 246.233078][ T901] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 246.572610][ T901] usb 1-1: Using ep0 maxpacket: 16 [ 246.589294][ T901] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 246.791093][ T901] usb 1-1: config 0 has no interface number 0 [ 246.797365][ T901] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 246.808314][ T901] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 247.462378][ T901] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 247.474984][ T901] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 247.485503][ T901] usb 1-1: Product: syz [ 247.489954][ T901] usb 1-1: SerialNumber: syz [ 247.503609][ T901] usb 1-1: config 0 descriptor?? [ 247.511805][ T7956] smc: net device bond0 applied user defined pnetid SYZ0 [ 247.514361][ T901] cm109 1-1:0.8: invalid payload size 0, expected 4 [ 247.567796][ T7956] smc: net device bond0 erased user defined pnetid SYZ0 [ 247.578380][ T901] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input28 [ 247.590572][ T29] audit: type=1400 audit(1733181641.597:392): avc: denied { connect } for pid=7960 comm="syz.2.501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 247.688451][ T7962] bridge0: port 3(erspan0) entered blocking state [ 247.695069][ T7962] bridge0: port 3(erspan0) entered forwarding state [ 247.702013][ T7962] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.709162][ T7962] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.716887][ T7962] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.724100][ T7962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.737714][ T7962] bridge0: entered promiscuous mode [ 247.744092][ T7962] bridge0: entered allmulticast mode [ 247.850147][ C1] cm109_urb_ctl_callback: 5000 callbacks suppressed [ 247.850175][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 247.864040][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 247.871145][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 247.878229][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 247.885328][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 247.901703][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 247.909158][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 247.916335][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 247.923462][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 247.930563][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 247.988887][ C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 247.998003][ T901] usb 1-1: USB disconnect, device number 22 [ 248.086699][ T29] audit: type=1400 audit(1733181642.037:393): avc: denied { create } for pid=7963 comm="syz.0.503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 248.125825][ T29] audit: type=1400 audit(1733181642.037:394): avc: denied { ioctl } for pid=7963 comm="syz.0.503" path="socket:[14678]" dev="sockfs" ino=14678 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 248.447556][ T901] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 248.797778][ T29] audit: type=1400 audit(1733181642.827:395): avc: denied { listen } for pid=7975 comm="syz.1.506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 248.830765][ T7976] netlink: 16 bytes leftover after parsing attributes in process `syz.1.506'. [ 250.004124][ T901] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 252.101584][ T901] usb 3-1: Using ep0 maxpacket: 16 [ 252.122076][ T901] usb 3-1: device descriptor read/all, error -71 [ 253.123431][ T5871] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 253.150779][ T8007] syz.3.512: attempt to access beyond end of device [ 253.150779][ T8007] loop3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 253.181596][ T8007] XFS (loop3): SB validate failed with error -5. [ 253.388925][ T5871] usb 2-1: Using ep0 maxpacket: 16 [ 253.997896][ T29] audit: type=1400 audit(1733181648.017:396): avc: denied { ioctl } for pid=8016 comm="syz.4.517" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 254.024990][ T5871] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 254.033213][ T5871] usb 2-1: config 0 has no interface number 0 [ 254.040751][ T5871] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 254.071430][ T5871] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 254.083643][ T29] audit: type=1400 audit(1733181648.117:397): avc: denied { setopt } for pid=8030 comm="syz.0.518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 254.261340][ T5871] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 254.272876][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 254.282744][ T5871] usb 2-1: Product: syz [ 254.286932][ T5871] usb 2-1: SerialNumber: syz [ 254.298168][ T5871] usb 2-1: config 0 descriptor?? [ 254.324297][ T5871] cm109 2-1:0.8: invalid payload size 0, expected 4 [ 254.337844][ T5871] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input29 [ 254.354174][ T46] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 255.457870][ C0] cm109_urb_ctl_callback: 285 callbacks suppressed [ 255.457901][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 255.472248][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 255.474646][ T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.479762][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 255.490164][ T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.497602][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 255.506840][ T46] usb 1-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 255.514294][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 255.522949][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.531458][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 255.539964][ T46] usb 1-1: config 0 descriptor?? [ 255.547263][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 255.556888][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 255.564034][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 255.571839][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 255.584727][ T5915] usb 2-1: USB disconnect, device number 26 [ 255.590665][ C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 255.743630][ T5915] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 255.773864][ T29] audit: type=1400 audit(1733181649.807:398): avc: denied { bind } for pid=8051 comm="syz.2.525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 257.030190][ T8052] FAULT_INJECTION: forcing a failure. [ 257.030190][ T8052] name failslab, interval 1, probability 0, space 0, times 0 [ 257.367158][ T8052] CPU: 0 UID: 0 PID: 8052 Comm: syz.2.525 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 257.377796][ T8052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 257.387868][ T8052] Call Trace: [ 257.391149][ T8052] [ 257.394144][ T8052] dump_stack_lvl+0x16c/0x1f0 [ 257.398851][ T8052] should_fail_ex+0x497/0x5b0 [ 257.403559][ T8052] should_failslab+0xc2/0x120 [ 257.408254][ T8052] kmem_cache_alloc_node_noprof+0x72/0x3c0 [ 257.414082][ T8052] ? __alloc_skb+0x2b1/0x380 [ 257.418716][ T8052] __alloc_skb+0x2b1/0x380 [ 257.423152][ T8052] ? __pfx___alloc_skb+0x10/0x10 [ 257.428120][ T8052] ? find_held_lock+0x2d/0x110 [ 257.432914][ T8052] __pskb_copy_fclone+0xef/0xdf0 [ 257.437864][ T8052] ? trace_lock_acquire+0x14e/0x1f0 [ 257.443088][ T8052] tipc_msg_reassemble+0x26d/0x520 [ 257.448215][ T8052] ? __pfx_tipc_msg_reassemble+0x10/0x10 [ 257.453854][ T8052] ? __might_fault+0x154/0x190 [ 257.458643][ T8052] tipc_mcast_xmit+0x546/0xdc0 [ 257.463438][ T8052] ? __pfx_tipc_mcast_xmit+0x10/0x10 [ 257.468736][ T8052] ? __check_object_size+0x31/0x710 [ 257.473965][ T8052] ? __pfx_lock_release+0x10/0x10 [ 257.479035][ T8052] ? tipc_sk_filtering+0x420/0x520 [ 257.484165][ T8052] tipc_sendmcast+0x88b/0xba0 [ 257.488868][ T8052] ? kasan_save_stack+0x33/0x60 [ 257.493743][ T8052] ? __pfx_tipc_sendmcast+0x10/0x10 [ 257.498963][ T8052] ? hlock_class+0x4e/0x130 [ 257.503478][ T8052] ? mark_lock+0xb5/0xc60 [ 257.507820][ T8052] ? __pfx_woken_wake_function+0x10/0x10 [ 257.513467][ T8052] ? process_measurement+0x521/0x2370 [ 257.518877][ T8052] __tipc_sendmsg+0x135d/0x1990 [ 257.523757][ T8052] ? __pfx___tipc_sendmsg+0x10/0x10 [ 257.528974][ T8052] ? __pfx_register_lock_class+0x10/0x10 [ 257.534621][ T8052] ? __pfx_register_lock_class+0x10/0x10 [ 257.540265][ T8052] ? __pfx_lock_release+0x10/0x10 [ 257.545298][ T8052] ? trace_lock_acquire+0x14e/0x1f0 [ 257.550520][ T8052] ? hlock_class+0x4e/0x130 [ 257.553109][ T46] holtek_kbd 0003:04D9:A055.0007: unknown main item tag 0x0 [ 257.555026][ T8052] ? __lock_acquire+0x15a9/0x3c40 [ 257.562380][ T46] holtek_kbd 0003:04D9:A055.0007: unknown main item tag 0x0 [ 257.567285][ T8052] ? hlock_class+0x4e/0x130 [ 257.579056][ T8052] ? __pfx___lock_acquire+0x10/0x10 [ 257.584288][ T8052] __tipc_sendstream+0xe30/0x1190 [ 257.589352][ T8052] ? __pfx___tipc_sendstream+0x10/0x10 [ 257.594841][ T8052] ? tipc_send_packet+0x5e/0xa0 [ 257.599716][ T8052] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 257.605117][ T8052] ? mark_held_locks+0x9f/0xe0 [ 257.609902][ T8052] ? __local_bh_enable_ip+0xa4/0x120 [ 257.615219][ T8052] tipc_send_packet+0x6c/0xa0 [ 257.619939][ T8052] ____sys_sendmsg+0xaaf/0xc90 [ 257.624727][ T8052] ? copy_msghdr_from_user+0x10b/0x160 [ 257.630202][ T8052] ? __pfx_____sys_sendmsg+0x10/0x10 [ 257.635507][ T8052] ___sys_sendmsg+0x135/0x1e0 [ 257.640173][ T8052] ? __pfx____sys_sendmsg+0x10/0x10 [ 257.645380][ T8052] ? __pfx_lock_release+0x10/0x10 [ 257.650423][ T8052] ? trace_lock_acquire+0x14e/0x1f0 [ 257.651922][ T46] holtek_kbd 0003:04D9:A055.0007: hidraw0: USB HID v0.00 Device [HID 04d9:a055] on usb-dummy_hcd.0-1/input0 [ 257.655632][ T8052] ? __fget_files+0x206/0x3a0 [ 257.671758][ T8052] __sys_sendmsg+0x16e/0x220 [ 257.676428][ T8052] ? __pfx___sys_sendmsg+0x10/0x10 [ 257.681570][ T8052] do_syscall_64+0xcd/0x250 [ 257.686088][ T8052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.691990][ T8052] RIP: 0033:0x7f029937ff19 [ 257.696397][ T8052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.716005][ T8052] RSP: 002b:00007f029a0b3058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 257.724426][ T8052] RAX: ffffffffffffffda RBX: 00007f0299545fa0 RCX: 00007f029937ff19 [ 257.732394][ T8052] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000005 [ 257.740357][ T8052] RBP: 00007f029a0b30a0 R08: 0000000000000000 R09: 0000000000000000 [ 257.748319][ T8052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 257.756285][ T8052] R13: 0000000000000000 R14: 00007f0299545fa0 R15: 00007fff49b2fc48 [ 257.764271][ T8052] [ 257.811301][ T29] audit: type=1400 audit(1733181651.837:399): avc: denied { connect } for pid=8030 comm="syz.0.518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 257.871493][ T29] audit: type=1400 audit(1733181651.837:400): avc: denied { name_connect } for pid=8030 comm="syz.0.518" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1 [ 258.560188][ T29] audit: type=1400 audit(1733181652.137:401): avc: denied { create } for pid=8068 comm="syz.3.530" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 258.663448][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 258.669744][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.747350][ T8067] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/loop4": -EINTR [ 258.852529][ T8085] FAULT_INJECTION: forcing a failure. [ 258.852529][ T8085] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 258.875094][ T8085] CPU: 1 UID: 0 PID: 8085 Comm: syz.2.529 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 258.885689][ T8085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 258.895737][ T8085] Call Trace: [ 258.899007][ T8085] [ 258.901938][ T8085] dump_stack_lvl+0x16c/0x1f0 [ 258.906624][ T8085] should_fail_ex+0x497/0x5b0 [ 258.911304][ T8085] _copy_to_user+0x32/0xd0 [ 258.915716][ T8085] ksys_msgctl.constprop.0+0x257/0x330 [ 258.921168][ T8085] ? __pfx_ksys_msgctl.constprop.0+0x10/0x10 [ 258.927225][ T8085] ? find_held_lock+0x2d/0x110 [ 258.932007][ T8085] ? rcu_is_watching+0x12/0xc0 [ 258.936773][ T8085] do_syscall_64+0xcd/0x250 [ 258.941273][ T8085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.947160][ T8085] RIP: 0033:0x7f029937ff19 [ 258.951571][ T8085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.971180][ T8085] RSP: 002b:00007f02971d5058 EFLAGS: 00000246 ORIG_RAX: 0000000000000047 [ 258.979586][ T8085] RAX: ffffffffffffffda RBX: 00007f0299546160 RCX: 00007f029937ff19 [ 258.987549][ T8085] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 258.995509][ T8085] RBP: 00007f02971d50a0 R08: 0000000000000000 R09: 0000000000000000 [ 259.003469][ T8085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 259.011429][ T8085] R13: 0000000000000000 R14: 00007f0299546160 R15: 00007fff49b2fc48 [ 259.019401][ T8085] [ 259.723229][ T5915] usb 1-1: USB disconnect, device number 23 [ 261.602230][ T5909] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 261.973388][ T8109] netlink: 16 bytes leftover after parsing attributes in process `syz.0.536'. [ 263.720495][ T5909] usb 4-1: device descriptor read/64, error -71 [ 265.901485][ T29] audit: type=1400 audit(1733181659.577:402): avc: denied { map } for pid=8116 comm="syz.1.540" path="socket:[14203]" dev="sockfs" ino=14203 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 267.233157][ T8140] syz.4.546: attempt to access beyond end of device [ 267.233157][ T8140] loop4: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 267.276420][ T8140] XFS (loop4): SB validate failed with error -5. [ 268.263184][ T8155] 9pnet_fd: Insufficient options for proto=fd [ 269.840844][ T8171] FAULT_INJECTION: forcing a failure. [ 269.840844][ T8171] name failslab, interval 1, probability 0, space 0, times 0 [ 269.920110][ T8171] CPU: 1 UID: 0 PID: 8171 Comm: syz.0.554 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 269.930753][ T8171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 269.940820][ T8171] Call Trace: [ 269.944089][ T8171] [ 269.947017][ T8171] dump_stack_lvl+0x16c/0x1f0 [ 269.951682][ T8171] should_fail_ex+0x497/0x5b0 [ 269.956347][ T8171] should_failslab+0xc2/0x120 [ 269.961003][ T8171] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 269.966362][ T8171] ? skb_clone+0x190/0x3f0 [ 269.970760][ T8171] skb_clone+0x190/0x3f0 [ 269.974987][ T8171] netlink_deliver_tap+0xabd/0xd30 [ 269.980102][ T8171] netlink_unicast+0x5e1/0x7f0 [ 269.984848][ T8171] ? __pfx_netlink_unicast+0x10/0x10 [ 269.990119][ T8171] netlink_sendmsg+0x8b8/0xd70 [ 269.994870][ T8171] ? __pfx_netlink_sendmsg+0x10/0x10 [ 270.000141][ T8171] ____sys_sendmsg+0xaaf/0xc90 [ 270.004886][ T8171] ? copy_msghdr_from_user+0x10b/0x160 [ 270.010327][ T8171] ? __pfx_____sys_sendmsg+0x10/0x10 [ 270.015607][ T8171] ___sys_sendmsg+0x135/0x1e0 [ 270.020263][ T8171] ? __pfx____sys_sendmsg+0x10/0x10 [ 270.025455][ T8171] ? __pfx_lock_release+0x10/0x10 [ 270.030479][ T8171] ? trace_lock_acquire+0x14e/0x1f0 [ 270.035674][ T8171] ? __fget_files+0x206/0x3a0 [ 270.040336][ T8171] __sys_sendmsg+0x16e/0x220 [ 270.044906][ T8171] ? __pfx___sys_sendmsg+0x10/0x10 [ 270.050001][ T8171] do_syscall_64+0xcd/0x250 [ 270.054487][ T8171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.060376][ T8171] RIP: 0033:0x7f737277ff19 [ 270.064771][ T8171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.084359][ T8171] RSP: 002b:00007f7373651058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 270.092752][ T8171] RAX: ffffffffffffffda RBX: 00007f7372945fa0 RCX: 00007f737277ff19 [ 270.100706][ T8171] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 270.108654][ T8171] RBP: 00007f73736510a0 R08: 0000000000000000 R09: 0000000000000000 [ 270.116612][ T8171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 270.124575][ T8171] R13: 0000000000000000 R14: 00007f7372945fa0 R15: 00007ffe68398828 [ 270.132564][ T8171] [ 270.174241][ T8164] syz.1.551: attempt to access beyond end of device [ 270.174241][ T8164] loop1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 270.197960][ T8171] netlink: 8 bytes leftover after parsing attributes in process `syz.0.554'. [ 270.797643][ T8164] XFS (loop1): SB validate failed with error -5. [ 274.881542][ T5909] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 275.051491][ T5909] usb 3-1: Using ep0 maxpacket: 16 [ 275.078283][ T5909] usb 3-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 275.090101][ T5909] usb 3-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96 [ 275.104859][ T5909] usb 3-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8 [ 275.116633][ T5909] usb 3-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 275.134665][ T5909] usb 3-1: config 1 interface 0 has no altsetting 0 [ 275.141735][ T8211] xt_l2tp: wrong L2TP version: 0 [ 275.143343][ T5909] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 275.158444][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 275.168749][ T5909] usb 3-1: SerialNumber: syz [ 275.178233][ T8200] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 275.185765][ T8200] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 275.201526][ T970] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 275.351460][ T970] usb 4-1: Using ep0 maxpacket: 16 [ 275.359573][ T970] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 275.376028][ T970] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 275.389150][ T970] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 275.410609][ T8200] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 275.420882][ T970] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.429382][ T8200] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 275.445696][ T970] usb 4-1: Product: syz [ 275.458058][ T970] usb 4-1: Manufacturer: syz [ 275.467240][ T970] usb 4-1: SerialNumber: syz [ 275.531525][ T25] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 275.614029][ T8217] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 275.724649][ T25] usb 1-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 275.758066][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.960421][ T5820] Bluetooth: hci4: command 0x0406 tx timeout [ 276.114417][ T970] usb 4-1: 0:2 : does not exist [ 276.122954][ T970] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 276.137043][ T25] usb 1-1: config 0 descriptor?? [ 276.155405][ T970] usb 4-1: 5:0: cannot get min/max values for control 4 (id 5) [ 276.271992][ T5909] cdc_ether 3-1:1.0 eth1: register 'cdc_ether' at usb-dummy_hcd.2-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 276.321749][ T970] usb 4-1: USB disconnect, device number 18 [ 276.425305][ T29] audit: type=1400 audit(1733181670.457:403): avc: denied { search } for pid=5486 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 276.446718][ T29] audit: type=1400 audit(1733181670.457:404): avc: denied { read } for pid=5486 comm="dhcpcd" name="n100" dev="tmpfs" ino=4149 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 276.468814][ T29] audit: type=1400 audit(1733181670.457:405): avc: denied { open } for pid=5486 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=4149 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 276.492331][ T29] audit: type=1400 audit(1733181670.457:406): avc: denied { getattr } for pid=5486 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=4149 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 276.493638][ T6737] udevd[6737]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 276.592407][ T25] gs_usb 1-1:0.0: Couldn't get device config: (err=-121) [ 276.599601][ T25] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -121 [ 276.689799][ T29] audit: type=1400 audit(1733181670.717:407): avc: denied { read } for pid=8232 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 276.721605][ T29] audit: type=1400 audit(1733181670.747:408): avc: denied { open } for pid=8232 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 276.771170][ T29] audit: type=1400 audit(1733181670.747:409): avc: denied { getattr } for pid=8232 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 278.208435][ T29] audit: type=1400 audit(1733181672.237:410): avc: denied { map } for pid=8210 comm="syz.0.567" path="/dev/sg0" dev="devtmpfs" ino=744 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 278.261142][ T29] audit: type=1400 audit(1733181672.267:411): avc: denied { execute } for pid=8210 comm="syz.0.567" path="/dev/sg0" dev="devtmpfs" ino=744 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 278.314470][ T29] audit: type=1400 audit(1733181672.317:412): avc: denied { write } for pid=8231 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1705 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 278.428234][ T25] usb 3-1: USB disconnect, device number 20 [ 278.501625][ T901] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 278.542096][ T25] cdc_ether 3-1:1.0 eth1: unregister 'cdc_ether' usb-dummy_hcd.2-1, CDC Ethernet Device [ 278.722024][ T901] usb 4-1: Using ep0 maxpacket: 16 [ 278.749544][ T901] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 278.810071][ T901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.080124][ T901] usb 4-1: Product: syz [ 279.109406][ T901] usb 4-1: Manufacturer: syz [ 279.128417][ T901] usb 4-1: SerialNumber: syz [ 279.234106][ T901] r8152-cfgselector 4-1: Unknown version 0x0000 [ 279.516956][ T901] r8152-cfgselector 4-1: config 0 descriptor?? [ 279.873647][ T970] usb 1-1: USB disconnect, device number 24 [ 280.117393][ T901] r8152-cfgselector 4-1: Unknown version 0x0000 [ 280.148185][ T901] r8152-cfgselector 4-1: bad CDC descriptors [ 280.194237][ T901] r8152-cfgselector 4-1: USB disconnect, device number 19 [ 281.150996][ T8315] netlink: 12 bytes leftover after parsing attributes in process `syz.4.587'. [ 281.501583][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 281.501603][ T29] audit: type=1400 audit(1733181675.177:420): avc: denied { create } for pid=8305 comm="syz.4.587" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 283.166960][ T8326] 9pnet_fd: Insufficient options for proto=fd [ 283.464553][ T5871] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 285.084587][ T5871] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 285.096499][ T5871] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 285.152148][ T5871] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 285.180271][ T8329] input: syz0 as /devices/virtual/input/input30 [ 285.218086][ T5871] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 285.476413][ T5871] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 286.342774][ T8349] syz.3.597: attempt to access beyond end of device [ 286.342774][ T8349] loop3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 286.361434][ T8349] XFS (loop3): SB validate failed with error -5. [ 286.531616][ T5871] usb 5-1: string descriptor 0 read error: -71 [ 286.538591][ T5871] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 286.547714][ T5871] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 286.684120][ T5871] usb 5-1: can't set config #1, error -71 [ 286.692549][ T5871] usb 5-1: USB disconnect, device number 27 [ 287.381183][ T8363] IPv6: NLM_F_CREATE should be specified when creating new route [ 287.453205][ T8363] netlink: 12 bytes leftover after parsing attributes in process `syz.2.598'. [ 287.510166][ T8372] PKCS7: Unknown OID: [4] (bad) [ 287.591210][ T8372] PKCS7: Only support pkcs7_signedData type [ 287.664082][ T29] audit: type=1400 audit(1733181681.697:421): avc: denied { create } for pid=8374 comm="syz.3.601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 287.687999][ T8380] FAULT_INJECTION: forcing a failure. [ 287.687999][ T8380] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 287.710102][ T29] audit: type=1400 audit(1733181681.717:422): avc: denied { bind } for pid=8374 comm="syz.3.601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 287.731247][ T8380] CPU: 1 UID: 0 PID: 8380 Comm: syz.0.602 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 287.741863][ T8380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 287.751926][ T8380] Call Trace: [ 287.755211][ T8380] [ 287.758123][ T8380] dump_stack_lvl+0x16c/0x1f0 [ 287.762791][ T8380] should_fail_ex+0x497/0x5b0 [ 287.767455][ T8380] _copy_from_user+0x2e/0xd0 [ 287.772025][ T8380] memdup_user+0x71/0xd0 [ 287.776247][ T8380] strndup_user+0x78/0xe0 [ 287.780562][ T8380] __x64_sys_mount+0x181/0x320 [ 287.785318][ T8380] ? __pfx___x64_sys_mount+0x10/0x10 [ 287.790612][ T8380] do_syscall_64+0xcd/0x250 [ 287.795118][ T8380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.801006][ T8380] RIP: 0033:0x7f737277ff19 [ 287.805410][ T8380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.825007][ T8380] RSP: 002b:00007f7373651058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 287.833421][ T8380] RAX: ffffffffffffffda RBX: 00007f7372945fa0 RCX: 00007f737277ff19 [ 287.841385][ T8380] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000020000040 [ 287.849354][ T8380] RBP: 00007f73736510a0 R08: 0000000000000000 R09: 0000000000000000 [ 287.857363][ T8380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 287.865348][ T8380] R13: 0000000000000000 R14: 00007f7372945fa0 R15: 00007ffe68398828 [ 287.873364][ T8380] [ 287.950474][ T8382] 9pnet_fd: Insufficient options for proto=fd [ 288.021874][ T29] audit: type=1400 audit(1733181682.037:423): avc: denied { connect } for pid=8383 comm="syz.0.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 288.065185][ T29] audit: type=1400 audit(1733181682.037:424): avc: denied { wake_alarm } for pid=8383 comm="syz.0.603" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 288.101519][ T8388] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 288.108080][ T8388] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 288.133111][ T8388] vhci_hcd vhci_hcd.0: Device attached [ 288.332667][ T5871] vhci_hcd: vhci_device speed not set [ 288.344566][ T8398] FAULT_INJECTION: forcing a failure. [ 288.344566][ T8398] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.382684][ T8398] CPU: 0 UID: 0 PID: 8398 Comm: syz.0.609 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 288.393309][ T8398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 288.403363][ T8398] Call Trace: [ 288.406634][ T8398] [ 288.409561][ T8398] dump_stack_lvl+0x16c/0x1f0 [ 288.414243][ T8398] should_fail_ex+0x497/0x5b0 [ 288.418925][ T8398] _copy_from_iter+0x2a1/0x1560 [ 288.423790][ T8398] ? trace_lock_acquire+0x14e/0x1f0 [ 288.429001][ T8398] ? __alloc_skb+0x1fe/0x380 [ 288.433617][ T8398] ? __pfx__copy_from_iter+0x10/0x10 [ 288.438911][ T8398] ? __virt_addr_valid+0x1a4/0x590 [ 288.444055][ T8398] ? __virt_addr_valid+0x5e/0x590 [ 288.449147][ T8398] ? __phys_addr_symbol+0x30/0x80 [ 288.454177][ T8398] ? __check_object_size+0x488/0x710 [ 288.459556][ T8398] netlink_sendmsg+0x813/0xd70 [ 288.464447][ T8398] ? __pfx_netlink_sendmsg+0x10/0x10 [ 288.469820][ T8398] ____sys_sendmsg+0xaaf/0xc90 [ 288.474653][ T8398] ? copy_msghdr_from_user+0x10b/0x160 [ 288.480124][ T8398] ? __pfx_____sys_sendmsg+0x10/0x10 [ 288.485430][ T8398] ___sys_sendmsg+0x135/0x1e0 [ 288.490119][ T8398] ? __pfx____sys_sendmsg+0x10/0x10 [ 288.495329][ T8398] ? __pfx_lock_release+0x10/0x10 [ 288.500354][ T8398] ? trace_lock_acquire+0x14e/0x1f0 [ 288.505557][ T8398] ? __fget_files+0x206/0x3a0 [ 288.510233][ T8398] __sys_sendmsg+0x16e/0x220 [ 288.514836][ T8398] ? __pfx___sys_sendmsg+0x10/0x10 [ 288.519959][ T8398] do_syscall_64+0xcd/0x250 [ 288.524466][ T8398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.530366][ T8398] RIP: 0033:0x7f737277ff19 [ 288.534772][ T8398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.554377][ T8398] RSP: 002b:00007f7373651058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 288.562788][ T8398] RAX: ffffffffffffffda RBX: 00007f7372945fa0 RCX: 00007f737277ff19 [ 288.570751][ T8398] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003 [ 288.578718][ T8398] RBP: 00007f73736510a0 R08: 0000000000000000 R09: 0000000000000000 [ 288.586679][ T8398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.594651][ T8398] R13: 0000000000000000 R14: 00007f7372945fa0 R15: 00007ffe68398828 [ 288.602631][ T8398] [ 288.628975][ T5871] usb 39-1: new full-speed USB device number 4 using vhci_hcd [ 288.713040][ T970] usb 4-1: new low-speed USB device number 20 using dummy_hcd [ 288.878679][ T970] usb 4-1: config 0 has no interfaces? [ 288.886544][ T970] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 288.904951][ T970] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.944861][ T970] usb 4-1: config 0 descriptor?? [ 289.663198][ T8409] process 'syz.0.613' launched './file1' with NULL argv: empty string added [ 289.680562][ T29] audit: type=1400 audit(1733181683.707:425): avc: denied { execute_no_trans } for pid=8408 comm="syz.0.613" path="/130/file1" dev="tmpfs" ino=717 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 289.922384][ T901] usb 4-1: USB disconnect, device number 20 [ 290.474488][ T8389] vhci_hcd: connection reset by peer [ 290.491519][ T29] audit: type=1400 audit(1733181683.947:426): avc: denied { ioctl } for pid=8411 comm="syz.4.614" path="socket:[15897]" dev="sockfs" ino=15897 ioctlcmd=0xf50d scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 290.578318][ T7921] vhci_hcd: stop threads [ 290.600750][ T7921] vhci_hcd: release socket [ 290.625610][ T7921] vhci_hcd: disconnect device [ 290.690780][ T8419] FAULT_INJECTION: forcing a failure. [ 290.690780][ T8419] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 290.750918][ T29] audit: type=1400 audit(1733181684.777:427): avc: denied { listen } for pid=8416 comm="syz.2.616" lport=49866 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 290.774798][ T8419] CPU: 0 UID: 0 PID: 8419 Comm: syz.0.615 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 290.785420][ T8419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 290.795486][ T8419] Call Trace: [ 290.798756][ T8419] [ 290.801672][ T8419] dump_stack_lvl+0x16c/0x1f0 [ 290.806345][ T8419] should_fail_ex+0x497/0x5b0 [ 290.811008][ T8419] _copy_to_user+0x32/0xd0 [ 290.815408][ T8419] scsi_cdrom_send_packet+0x3a1/0x640 [ 290.820773][ T8419] ? __pfx_scsi_cdrom_send_packet+0x10/0x10 [ 290.826682][ T8419] ? lock_acquire+0x2f/0xb0 [ 290.831199][ T8419] ? avc_has_extended_perms+0x1f4/0xf70 [ 290.836775][ T8419] ? avc_has_extended_perms+0x902/0xf70 [ 290.842332][ T8419] ? find_held_lock+0x2d/0x110 [ 290.847101][ T8419] scsi_ioctl+0x146/0x1840 [ 290.851528][ T8419] ? __pfx___might_resched+0x10/0x10 [ 290.856811][ T8419] ? __pfx_scsi_ioctl+0x10/0x10 [ 290.861665][ T8419] ? scsi_block_when_processing_errors+0x2c1/0x380 [ 290.868172][ T8419] ? __pfx_scsi_block_when_processing_errors+0x10/0x10 [ 290.875031][ T8419] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 290.881371][ T8419] ? do_vfs_ioctl+0x513/0x1990 [ 290.886148][ T8419] sg_ioctl+0xb70/0x2750 [ 290.890394][ T8419] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 290.896913][ T8419] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 290.903767][ T8419] ? __pfx_sg_ioctl+0x10/0x10 [ 290.908447][ T8419] ? __pfx_lock_release+0x10/0x10 [ 290.913501][ T8419] ? selinux_file_ioctl+0x180/0x270 [ 290.918699][ T8419] ? selinux_file_ioctl+0xb4/0x270 [ 290.923808][ T8419] ? __pfx_sg_ioctl+0x10/0x10 [ 290.928483][ T8419] __x64_sys_ioctl+0x190/0x200 [ 290.933247][ T8419] do_syscall_64+0xcd/0x250 [ 290.937749][ T8419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.943637][ T8419] RIP: 0033:0x7f737277ff19 [ 290.948044][ T8419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.967644][ T8419] RSP: 002b:00007f7373651058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 290.976058][ T8419] RAX: ffffffffffffffda RBX: 00007f7372945fa0 RCX: 00007f737277ff19 [ 290.984020][ T8419] RDX: 0000000020000000 RSI: 0000000000005393 RDI: 0000000000000004 [ 290.991980][ T8419] RBP: 00007f73736510a0 R08: 0000000000000000 R09: 0000000000000000 [ 290.999939][ T8419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.007920][ T8419] R13: 0000000000000000 R14: 00007f7372945fa0 R15: 00007ffe68398828 [ 291.015895][ T8419] [ 291.047556][ T29] audit: type=1400 audit(1733181685.067:428): avc: denied { accept } for pid=8416 comm="syz.2.616" lport=49866 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 291.458408][ T8433] infiniband syz2: set active [ 291.463488][ T8433] infiniband syz2: added team_slave_1 [ 291.504226][ T8433] RDS/IB: syz2: added [ 291.508658][ T8433] smc: adding ib device syz2 with port count 1 [ 291.515582][ T8433] smc: ib device syz2 port 1 has pnetid [ 291.927187][ T5909] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 292.381436][ T5909] usb 3-1: Using ep0 maxpacket: 16 [ 292.388574][ T5909] usb 3-1: config 0 has an invalid interface number: 68 but max is 0 [ 292.402470][ T5909] usb 3-1: config 0 has no interface number 0 [ 292.443310][ T5909] usb 3-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023 [ 292.471202][ T5909] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 292.483374][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.806071][ T5909] usb 3-1: Product: syz [ 292.810383][ T5909] usb 3-1: Manufacturer: syz [ 292.816399][ T5909] usb 3-1: SerialNumber: syz [ 293.179218][ T5909] usb 3-1: config 0 descriptor?? [ 293.184863][ T8435] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 293.245956][ T5909] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 293.449841][ T8435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 293.470443][ T8435] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 293.520298][ T1106] usb 3-1: Failed to submit usb control message: -71 [ 293.520566][ T5915] usb 3-1: USB disconnect, device number 21 [ 293.527369][ T1106] usb 3-1: unable to send the bmi data to the device: -71 [ 293.527420][ T1106] usb 3-1: unable to get target info from device [ 293.527437][ T1106] usb 3-1: could not get target info (-71) [ 293.527471][ T1106] usb 3-1: could not probe fw (-71) [ 294.341464][ T5909] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 294.351554][ T5871] vhci_hcd: vhci_device speed not set [ 294.528878][ T5909] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 294.538443][ T5909] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 294.554826][ T5909] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 294.571844][ T5909] usb 4-1: config 1 has no interface number 1 [ 294.578193][ T5909] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 294.592864][ T5909] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 294.608229][ T5909] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 294.618136][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.627269][ T5909] usb 4-1: Product: syz [ 294.633252][ T5909] usb 4-1: Manufacturer: syz [ 294.637954][ T5909] usb 4-1: SerialNumber: syz [ 294.677948][ T29] audit: type=1400 audit(1733181688.707:429): avc: denied { read } for pid=8471 comm="syz.0.628" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 294.708130][ T29] audit: type=1400 audit(1733181688.737:430): avc: denied { open } for pid=8471 comm="syz.0.628" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 294.911589][ T8482] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 295.539069][ T5909] usb 4-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 295.546611][ T5909] usb 4-1: MIDIStreaming interface descriptor not found [ 295.592036][ T5909] usb 4-1: USB disconnect, device number 21 [ 295.912110][ T5963] udevd[5963]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 296.025283][ T8498] netlink: 8 bytes leftover after parsing attributes in process `syz.4.631'. [ 296.031469][ T29] audit: type=1400 audit(1733181690.057:431): avc: denied { create } for pid=8489 comm="syz.4.631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 296.039035][ T8498] netlink: 12 bytes leftover after parsing attributes in process `syz.4.631'. [ 296.062632][ T29] audit: type=1400 audit(1733181690.057:432): avc: denied { bind } for pid=8489 comm="syz.4.631" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 296.812272][ T5130] Bluetooth: hci0: command 0x0406 tx timeout [ 297.321097][ T8472] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 297.459490][ T8472] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 297.475010][ T8472] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 297.482098][ T8472] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 297.491331][ T8472] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 297.497673][ T8472] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 297.506978][ T8472] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 297.513983][ T8472] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 297.694701][ T29] audit: type=1400 audit(1733181691.727:433): avc: denied { mount } for pid=8512 comm="syz.4.636" name="/" dev="pstore" ino=4111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 297.753799][ T29] audit: type=1400 audit(1733181691.787:434): avc: denied { unmount } for pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 297.851647][ T970] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 298.201652][ T970] usb 4-1: Using ep0 maxpacket: 32 [ 298.222131][ T970] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 298.230512][ T970] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 299.314181][ T970] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 299.324493][ T970] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 299.333521][ T970] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 299.343231][ T970] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 299.352979][ T970] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 299.366012][ T970] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 299.375216][ T5820] Bluetooth: hci0: command 0x0406 tx timeout [ 299.375910][ T970] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.396501][ T29] audit: type=1400 audit(1733181692.467:435): avc: denied { shutdown } for pid=8521 comm="syz.0.640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 299.459011][ T970] usb 4-1: config 0 descriptor?? [ 299.557292][ T5820] Bluetooth: hci4: command 0x0406 tx timeout [ 299.565273][ T5820] Bluetooth: hci3: command 0x0406 tx timeout [ 299.572722][ T5820] Bluetooth: hci1: command 0x0406 tx timeout [ 300.181418][ T970] usb 4-1: can't set config #0, error -71 [ 300.195369][ T970] usb 4-1: USB disconnect, device number 22 [ 300.698533][ T8551] FAULT_INJECTION: forcing a failure. [ 300.698533][ T8551] name failslab, interval 1, probability 0, space 0, times 0 [ 300.716384][ T8551] CPU: 0 UID: 0 PID: 8551 Comm: syz.0.648 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 300.727009][ T8551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 300.737253][ T8551] Call Trace: [ 300.740541][ T8551] [ 300.743482][ T8551] dump_stack_lvl+0x16c/0x1f0 [ 300.744351][ T8553] 9pnet_fd: Insufficient options for proto=fd [ 300.748168][ T8551] should_fail_ex+0x497/0x5b0 [ 300.748212][ T8551] should_failslab+0xc2/0x120 [ 300.763630][ T8551] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 300.769020][ T8551] ? skb_clone+0x190/0x3f0 [ 300.773464][ T8551] skb_clone+0x190/0x3f0 [ 300.777726][ T8551] netlink_deliver_tap+0xabd/0xd30 [ 300.782864][ T8551] netlink_unicast+0x5e1/0x7f0 [ 300.787656][ T8551] ? __pfx_netlink_unicast+0x10/0x10 [ 300.792967][ T8551] netlink_sendmsg+0x8b8/0xd70 [ 300.797753][ T8551] ? __pfx_netlink_sendmsg+0x10/0x10 [ 300.803065][ T8551] ____sys_sendmsg+0xaaf/0xc90 [ 300.807852][ T8551] ? copy_msghdr_from_user+0x10b/0x160 [ 300.813326][ T8551] ? __pfx_____sys_sendmsg+0x10/0x10 [ 300.818654][ T8551] ___sys_sendmsg+0x135/0x1e0 [ 300.823346][ T8551] ? __pfx____sys_sendmsg+0x10/0x10 [ 300.828570][ T8551] ? __pfx_lock_release+0x10/0x10 [ 300.833606][ T8551] ? trace_lock_acquire+0x14e/0x1f0 [ 300.838834][ T8551] ? __fget_files+0x206/0x3a0 [ 300.843534][ T8551] __sys_sendmsg+0x16e/0x220 [ 300.848143][ T8551] ? __pfx___sys_sendmsg+0x10/0x10 [ 300.853291][ T8551] do_syscall_64+0xcd/0x250 [ 300.857819][ T8551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.863732][ T8551] RIP: 0033:0x7f737277ff19 [ 300.868156][ T8551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.887861][ T8551] RSP: 002b:00007f7373651058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 300.896273][ T8551] RAX: ffffffffffffffda RBX: 00007f7372945fa0 RCX: 00007f737277ff19 [ 300.904238][ T8551] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 300.912208][ T8551] RBP: 00007f73736510a0 R08: 0000000000000000 R09: 0000000000000000 [ 300.920169][ T8551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 300.928248][ T8551] R13: 0000000000000000 R14: 00007f7372945fa0 R15: 00007ffe68398828 [ 300.936230][ T8551] [ 301.770207][ T5130] Bluetooth: hci1: command 0x0406 tx timeout [ 301.777229][ T5130] Bluetooth: hci3: command 0x0406 tx timeout [ 301.783491][ T5130] Bluetooth: hci4: command 0x0406 tx timeout [ 301.892533][ T970] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 302.623996][ T8584] bridge0: port 3(erspan0) entered blocking state [ 302.630480][ T8584] bridge0: port 3(erspan0) entered disabled state [ 302.637132][ T8584] erspan0: entered allmulticast mode [ 302.643382][ T8584] erspan0: entered promiscuous mode [ 302.649322][ T8584] bridge0: port 3(erspan0) entered blocking state [ 302.655817][ T8584] bridge0: port 3(erspan0) entered forwarding state [ 302.713611][ T8584] bridge0: entered promiscuous mode [ 302.718821][ T8584] bridge0: entered allmulticast mode [ 302.823226][ T8594] FAULT_INJECTION: forcing a failure. [ 302.823226][ T8594] name failslab, interval 1, probability 0, space 0, times 0 [ 302.839800][ T970] usb 3-1: New USB device found, idVendor=0403, idProduct=0000, bcdDevice= 4.00 [ 302.886011][ T970] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.909676][ T970] usb 3-1: config 0 descriptor?? [ 302.933964][ T970] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 302.941451][ T8594] CPU: 1 UID: 0 PID: 8594 Comm: syz.4.658 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 302.941480][ T8594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 302.941491][ T8594] Call Trace: [ 302.941498][ T8594] [ 302.941506][ T8594] dump_stack_lvl+0x16c/0x1f0 [ 302.941538][ T8594] should_fail_ex+0x497/0x5b0 [ 302.941571][ T8594] should_failslab+0xc2/0x120 [ 302.941607][ T8594] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 302.941632][ T8594] ? skb_clone+0x190/0x3f0 [ 302.941659][ T8594] skb_clone+0x190/0x3f0 [ 302.941681][ T8594] netlink_deliver_tap+0xabd/0xd30 [ 303.001546][ T8594] netlink_unicast+0x5e1/0x7f0 [ 303.006328][ T8594] ? __pfx_netlink_unicast+0x10/0x10 [ 303.011637][ T8594] netlink_sendmsg+0x8b8/0xd70 [ 303.016423][ T8594] ? __pfx_netlink_sendmsg+0x10/0x10 [ 303.021739][ T8594] ____sys_sendmsg+0xaaf/0xc90 [ 303.026539][ T8594] ? copy_msghdr_from_user+0x10b/0x160 [ 303.032023][ T8594] ? __pfx_____sys_sendmsg+0x10/0x10 [ 303.037335][ T8594] ___sys_sendmsg+0x135/0x1e0 [ 303.042012][ T8594] ? __pfx____sys_sendmsg+0x10/0x10 [ 303.047225][ T8594] ? __pfx_lock_release+0x10/0x10 [ 303.052245][ T8594] ? trace_lock_acquire+0x14e/0x1f0 [ 303.057456][ T8594] ? __fget_files+0x206/0x3a0 [ 303.062133][ T8594] __sys_sendmsg+0x16e/0x220 [ 303.066719][ T8594] ? __pfx___sys_sendmsg+0x10/0x10 [ 303.071841][ T8594] do_syscall_64+0xcd/0x250 [ 303.076347][ T8594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.082240][ T8594] RIP: 0033:0x7fbb5277ff19 [ 303.086651][ T8594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.106322][ T8594] RSP: 002b:00007fbb535a7058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 303.114745][ T8594] RAX: ffffffffffffffda RBX: 00007fbb52945fa0 RCX: 00007fbb5277ff19 [ 303.122718][ T8594] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 303.131030][ T8594] RBP: 00007fbb535a70a0 R08: 0000000000000000 R09: 0000000000000000 [ 303.138994][ T8594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.146977][ T8594] R13: 0000000000000000 R14: 00007fbb52945fa0 R15: 00007ffe0272bd78 [ 303.154971][ T8594] [ 303.158034][ C1] vkms_vblank_simulate: vblank timer overrun [ 303.177060][ T970] usb 3-1: Detected FT232B [ 303.188295][ T970] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 303.198620][ T970] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 303.206961][ T970] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 303.235931][ T970] usb 3-1: USB disconnect, device number 22 [ 303.290482][ T970] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 303.316212][ T970] ftdi_sio 3-1:0.0: device disconnected [ 303.348161][ T5871] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 303.420985][ T8611] rdma_rxe: rxe_newlink: failed to add team_slave_1 [ 303.741880][ T5871] usb 4-1: Using ep0 maxpacket: 16 [ 303.791133][ T5871] usb 4-1: config 0 has an invalid interface number: 68 but max is 0 [ 303.864790][ T5871] usb 4-1: config 0 has no interface number 0 [ 303.909323][ T5817] Bluetooth: hci4: command 0x0406 tx timeout [ 304.001527][ T5871] usb 4-1: config 0 interface 68 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1023 [ 304.025445][ T5871] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4 [ 304.035300][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.043720][ T5871] usb 4-1: Product: syz [ 304.047967][ T5871] usb 4-1: Manufacturer: syz [ 304.053758][ T5871] usb 4-1: SerialNumber: syz [ 304.063776][ T5871] usb 4-1: config 0 descriptor?? [ 304.072708][ T8596] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 304.089281][ T8617] FAULT_INJECTION: forcing a failure. [ 304.089281][ T8617] name failslab, interval 1, probability 0, space 0, times 0 [ 304.104175][ T8617] CPU: 1 UID: 0 PID: 8617 Comm: syz.2.664 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 304.114802][ T8617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 304.124874][ T8617] Call Trace: [ 304.128175][ T8617] [ 304.131138][ T8617] dump_stack_lvl+0x16c/0x1f0 [ 304.135846][ T8617] should_fail_ex+0x497/0x5b0 [ 304.140555][ T8617] should_failslab+0xc2/0x120 [ 304.145262][ T8617] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 304.150664][ T8617] ? skb_clone+0x190/0x3f0 [ 304.155105][ T8617] skb_clone+0x190/0x3f0 [ 304.159371][ T8617] netlink_deliver_tap+0xabd/0xd30 [ 304.164513][ T8617] netlink_unicast+0x5e1/0x7f0 [ 304.169300][ T8617] ? __pfx_netlink_unicast+0x10/0x10 [ 304.174602][ T8617] netlink_sendmsg+0x8b8/0xd70 [ 304.179372][ T8617] ? __pfx_netlink_sendmsg+0x10/0x10 [ 304.184662][ T8617] ____sys_sendmsg+0xaaf/0xc90 [ 304.189440][ T8617] ? copy_msghdr_from_user+0x10b/0x160 [ 304.194933][ T8617] ? __pfx_____sys_sendmsg+0x10/0x10 [ 304.200223][ T8617] ___sys_sendmsg+0x135/0x1e0 [ 304.204894][ T8617] ? __pfx____sys_sendmsg+0x10/0x10 [ 304.210102][ T8617] ? __pfx_lock_release+0x10/0x10 [ 304.215131][ T8617] ? trace_lock_acquire+0x14e/0x1f0 [ 304.220338][ T8617] ? __fget_files+0x206/0x3a0 [ 304.225016][ T8617] __sys_sendmsg+0x16e/0x220 [ 304.229602][ T8617] ? __pfx___sys_sendmsg+0x10/0x10 [ 304.234807][ T8617] do_syscall_64+0xcd/0x250 [ 304.239323][ T8617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.245223][ T8617] RIP: 0033:0x7f029937ff19 [ 304.249636][ T8617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.269250][ T8617] RSP: 002b:00007f029a0b3058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 304.277663][ T8617] RAX: ffffffffffffffda RBX: 00007f0299545fa0 RCX: 00007f029937ff19 [ 304.285626][ T8617] RDX: 0000000000000014 RSI: 0000000020000180 RDI: 0000000000000003 [ 304.293587][ T8617] RBP: 00007f029a0b30a0 R08: 0000000000000000 R09: 0000000000000000 [ 304.301549][ T8617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.309510][ T8617] R13: 0000000000000000 R14: 00007f0299545fa0 R15: 00007fff49b2fc48 [ 304.317490][ T8617] [ 304.320540][ C1] vkms_vblank_simulate: vblank timer overrun [ 304.423969][ T8596] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 304.443531][ T8596] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 305.482581][ T5871] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 305.496879][ T5871] usb 4-1: USB disconnect, device number 23 [ 306.511966][ T8640] bridge0: port 1(erspan0) entered blocking state [ 306.518443][ T8640] bridge0: port 1(erspan0) entered disabled state [ 306.525082][ T8640] erspan0: entered allmulticast mode [ 306.531051][ T8640] erspan0: entered promiscuous mode [ 306.539805][ T8640] bridge0: port 1(erspan0) entered blocking state [ 306.546338][ T8640] bridge0: port 1(erspan0) entered forwarding state [ 306.553490][ T8640] bridge0: entered promiscuous mode [ 309.141094][ T29] audit: type=1400 audit(1733181703.167:436): avc: denied { read } for pid=8669 comm="syz.4.681" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 309.235758][ T29] audit: type=1400 audit(1733181703.167:437): avc: denied { open } for pid=8669 comm="syz.4.681" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 310.443433][ T5871] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 310.748356][ T8688] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 311.016314][ T5871] usb 1-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 311.030322][ T5871] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.063266][ T5871] usb 1-1: config 0 descriptor?? [ 311.070227][ T8683] syz.4.682: attempt to access beyond end of device [ 311.070227][ T8683] loop4: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 311.274396][ T8683] XFS (loop4): SB validate failed with error -5. [ 311.869107][ T5871] hackrf 1-1:0.0: Board ID: 00 [ 311.874055][ T5871] hackrf 1-1:0.0: Firmware version: [ 311.878994][ T8708] FAULT_INJECTION: forcing a failure. [ 311.878994][ T8708] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.920918][ T8708] CPU: 1 UID: 0 PID: 8708 Comm: syz.2.687 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 311.931545][ T8708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 311.941608][ T8708] Call Trace: [ 311.944892][ T8708] [ 311.947832][ T8708] dump_stack_lvl+0x16c/0x1f0 [ 311.952520][ T8708] should_fail_ex+0x497/0x5b0 [ 311.957191][ T8708] _copy_from_user+0x2e/0xd0 [ 311.961771][ T8708] kstrtouint_from_user+0xd7/0x1c0 [ 311.966869][ T8708] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 311.972584][ T8708] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 311.978209][ T8708] proc_fail_nth_write+0x84/0x250 [ 311.983229][ T8708] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 311.988865][ T8708] ? ksys_write+0x12b/0x250 [ 311.993358][ T8708] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 311.998996][ T8708] vfs_write+0x24c/0x1150 [ 312.003313][ T8708] ? __fget_files+0x1fc/0x3a0 [ 312.007980][ T8708] ? __pfx___mutex_lock+0x10/0x10 [ 312.012999][ T8708] ? __pfx_vfs_write+0x10/0x10 [ 312.017756][ T8708] ? __fget_files+0x206/0x3a0 [ 312.022426][ T8708] ksys_write+0x12b/0x250 [ 312.026750][ T8708] ? __pfx_ksys_write+0x10/0x10 [ 312.031586][ T8708] do_syscall_64+0xcd/0x250 [ 312.036078][ T8708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.042057][ T8708] RIP: 0033:0x7f029937e9cf [ 312.046474][ T8708] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 312.066102][ T8708] RSP: 002b:00007f029a0b3050 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 312.074533][ T8708] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f029937e9cf [ 312.082528][ T8708] RDX: 0000000000000001 RSI: 00007f029a0b30b0 RDI: 0000000000000004 [ 312.090916][ T8708] RBP: 00007f029a0b30a0 R08: 0000000000000000 R09: 0000000000000000 [ 312.098876][ T8708] R10: 0000000000000006 R11: 0000000000000293 R12: 0000000000000001 [ 312.106837][ T8708] R13: 0000000000000000 R14: 00007f0299545fa0 R15: 00007fff49b2fc48 [ 312.114803][ T8708] [ 312.161097][ T5871] hackrf 1-1:0.0: Registered as swradio24 [ 312.167415][ T5871] videodev: could not get a free minor [ 312.185976][ T5871] hackrf 1-1:0.0: Failed to register as video device (-23) [ 312.192566][ T29] audit: type=1400 audit(1733181706.217:438): avc: denied { getopt } for pid=8670 comm="syz.0.680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 312.216773][ T5871] hackrf 1-1:0.0: probe with driver hackrf failed with error -23 [ 312.269156][ T5871] usb 1-1: USB disconnect, device number 25 [ 312.395024][ T8713] netlink: 8 bytes leftover after parsing attributes in process `syz.4.689'. [ 313.411548][ T29] audit: type=1400 audit(1733181707.437:439): avc: denied { map } for pid=8721 comm="syz.4.692" path="socket:[16363]" dev="sockfs" ino=16363 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 314.201789][ T5871] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 314.202390][ T29] audit: type=1400 audit(1733181707.437:440): avc: denied { read } for pid=8721 comm="syz.4.692" path="socket:[16363]" dev="sockfs" ino=16363 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 314.232602][ C1] vkms_vblank_simulate: vblank timer overrun [ 314.361484][ T5871] usb 2-1: Using ep0 maxpacket: 16 [ 314.370473][ T5871] usb 2-1: New USB device found, idVendor=0456, idProduct=f000, bcdDevice=f3.7f [ 314.620905][ T8736] syz.3.694: attempt to access beyond end of device [ 314.620905][ T8736] loop3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 314.635963][ T8736] XFS (loop3): SB validate failed with error -5. [ 314.691481][ T25] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 314.851487][ T25] usb 3-1: device descriptor read/64, error -71 [ 314.922252][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.930334][ T5871] usb 2-1: Product: syz [ 314.934738][ T5871] usb 2-1: Manufacturer: syz [ 314.939335][ T5871] usb 2-1: SerialNumber: syz [ 314.946384][ T5871] usb 2-1: config 0 descriptor?? [ 314.955745][ T5871] ftdi_sio 2-1:0.0: Ignoring interface reserved for JTAG [ 315.274802][ T5871] usb 2-1: USB disconnect, device number 27 [ 315.487202][ T8750] kernel read not supported for file /eth0 (pid: 8750 comm: syz.4.696) [ 315.509866][ T29] audit: type=1800 audit(1733181709.527:441): pid=8750 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.696" name="eth0" dev="mqueue" ino=17413 res=0 errno=0 [ 315.530703][ C1] vkms_vblank_simulate: vblank timer overrun [ 315.533248][ T8750] 9pnet_fd: Insufficient options for proto=fd [ 317.119042][ T8761] syzkaller0: entered promiscuous mode [ 317.125186][ T8761] syzkaller0: entered allmulticast mode [ 317.132618][ T8765] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 317.138576][ T8765] syzkaller0: Linktype set failed because interface is up [ 317.146567][ T1106] syzkaller0: tun_net_xmit 48 [ 318.092324][ T29] audit: type=1400 audit(1733181712.127:442): avc: denied { setopt } for pid=8769 comm="syz.2.703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 318.479086][ T5871] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 318.656308][ T5871] usb 4-1: Using ep0 maxpacket: 16 [ 318.663193][ T5871] usb 4-1: config index 0 descriptor too short (expected 37, got 36) [ 318.671584][ T5871] usb 4-1: config 0 has an invalid interface number: 142 but max is 0 [ 318.680116][ T5871] usb 4-1: config 0 has no interface number 0 [ 318.765585][ T5871] usb 4-1: New USB device found, idVendor=1943, idProduct=2255, bcdDevice=91.0d [ 318.777735][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.785847][ T5871] usb 4-1: Product: syz [ 318.790391][ T5871] usb 4-1: Manufacturer: syz [ 318.797948][ T5871] usb 4-1: SerialNumber: syz [ 319.375846][ T5871] usb 4-1: config 0 descriptor?? [ 320.210341][ T5871] s2255 4-1:0.142: Could not find bulk-in endpoint [ 320.222912][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 320.229223][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.235599][ T5871] Sensoray 2255 driver load failed: 0xfffffff4 [ 320.242733][ T5871] s2255 4-1:0.142: probe with driver s2255 failed with error -12 [ 320.283581][ T970] usb 4-1: USB disconnect, device number 24 [ 321.672749][ T8804] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 322.011718][ T25] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 322.498176][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 322.509368][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 322.519430][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 322.532591][ T25] usb 3-1: New USB device found, idVendor=0c70, idProduct=f00d, bcdDevice= 0.00 [ 322.543709][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.568883][ T25] usb 3-1: config 0 descriptor?? [ 324.066961][ T970] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 324.207721][ T970] usb 2-1: device descriptor read/64, error -71 [ 324.451531][ T970] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 325.491668][ T970] usb 2-1: device descriptor read/64, error -71 [ 325.648012][ T970] usb usb2-port1: attempt power cycle [ 325.991986][ T970] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 326.030989][ T970] usb 2-1: device descriptor read/8, error -71 [ 326.285990][ T970] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 326.318562][ T970] usb 2-1: device descriptor read/8, error -71 [ 326.435947][ T970] usb usb2-port1: unable to enumerate USB device [ 327.783087][ T25] usbhid 3-1:0.0: can't add hid device: -71 [ 327.789394][ T25] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 327.799795][ T25] usb 3-1: USB disconnect, device number 25 [ 327.914051][ T8835] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 329.061824][ T8842] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 329.070138][ T8842] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 329.148142][ T8842] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 329.159983][ T8842] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 331.292948][ T8862] netlink: 4 bytes leftover after parsing attributes in process `syz.2.727'. [ 331.451716][ T8872] FAULT_INJECTION: forcing a failure. [ 331.451716][ T8872] name failslab, interval 1, probability 0, space 0, times 0 [ 331.464474][ T8872] CPU: 0 UID: 0 PID: 8872 Comm: syz.0.726 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 331.475083][ T8872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 331.485152][ T8872] Call Trace: [ 331.488445][ T8872] [ 331.491387][ T8872] dump_stack_lvl+0x16c/0x1f0 [ 331.496096][ T8872] should_fail_ex+0x497/0x5b0 [ 331.500800][ T8872] should_failslab+0xc2/0x120 [ 331.505505][ T8872] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 331.510901][ T8872] ? skb_clone+0x190/0x3f0 [ 331.515338][ T8872] skb_clone+0x190/0x3f0 [ 331.519604][ T8872] netlink_deliver_tap+0xabd/0xd30 [ 331.524739][ T8872] netlink_unicast+0x5e1/0x7f0 [ 331.529526][ T8872] ? __pfx_netlink_unicast+0x10/0x10 [ 331.534839][ T8872] netlink_sendmsg+0x8b8/0xd70 [ 331.539625][ T8872] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.544922][ T8872] ____sys_sendmsg+0xaaf/0xc90 [ 331.549684][ T8872] ? copy_msghdr_from_user+0x10b/0x160 [ 331.555142][ T8872] ? __pfx_____sys_sendmsg+0x10/0x10 [ 331.560437][ T8872] ___sys_sendmsg+0x135/0x1e0 [ 331.565113][ T8872] ? __pfx____sys_sendmsg+0x10/0x10 [ 331.570332][ T8872] ? __pfx_lock_release+0x10/0x10 [ 331.575357][ T8872] ? trace_lock_acquire+0x14e/0x1f0 [ 331.580561][ T8872] ? __fget_files+0x206/0x3a0 [ 331.585243][ T8872] __sys_sendmsg+0x16e/0x220 [ 331.589826][ T8872] ? __pfx___sys_sendmsg+0x10/0x10 [ 331.594946][ T8872] do_syscall_64+0xcd/0x250 [ 331.599452][ T8872] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.605346][ T8872] RIP: 0033:0x7f737277ff19 [ 331.609754][ T8872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.629357][ T8872] RSP: 002b:00007f7373651058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 331.637767][ T8872] RAX: ffffffffffffffda RBX: 00007f7372945fa0 RCX: 00007f737277ff19 [ 331.645729][ T8872] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000005 [ 331.653730][ T8872] RBP: 00007f73736510a0 R08: 0000000000000000 R09: 0000000000000000 [ 331.661695][ T8872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 331.669656][ T8872] R13: 0000000000000000 R14: 00007f7372945fa0 R15: 00007ffe68398828 [ 331.677632][ T8872] [ 332.635975][ T5909] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 333.257352][ T5909] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 333.266138][ T5909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 333.276526][ T5909] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 333.285695][ T5909] usb 2-1: config 1 has no interface number 1 [ 333.291830][ T5909] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 333.306112][ T5909] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 333.455169][ T5909] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 334.661217][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.720303][ T5909] usb 2-1: Product: syz [ 334.724584][ T5909] usb 2-1: Manufacturer: syz [ 334.730084][ T5909] usb 2-1: SerialNumber: syz [ 334.787030][ T5909] usb 2-1: can't set config #1, error -71 [ 334.793193][ T970] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 334.816106][ T5909] usb 2-1: USB disconnect, device number 32 [ 336.051507][ T29] audit: type=1400 audit(1733181730.077:443): avc: denied { read } for pid=5177 comm="acpid" name="event9" dev="devtmpfs" ino=3114 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 336.080234][ T29] audit: type=1400 audit(1733181730.077:444): avc: denied { open } for pid=5177 comm="acpid" path="/dev/input/event9" dev="devtmpfs" ino=3114 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 336.111798][ T29] audit: type=1400 audit(1733181730.077:445): avc: denied { ioctl } for pid=5177 comm="acpid" path="/dev/input/event9" dev="devtmpfs" ino=3114 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 336.501837][ T5909] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 336.711436][ T5909] usb 4-1: Using ep0 maxpacket: 16 [ 336.719183][ T5909] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 336.744719][ T5909] usb 4-1: config 0 has no interface number 0 [ 336.770673][ T5909] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 336.822340][ T5909] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 336.877239][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 336.922286][ T5909] usb 4-1: Product: syz [ 336.936829][ T5909] usb 4-1: SerialNumber: syz [ 336.950209][ T5909] usb 4-1: config 0 descriptor?? [ 336.977839][ T5909] usbhid 4-1:0.8: couldn't find an input interrupt endpoint [ 337.305821][ T5909] usb 4-1: USB disconnect, device number 25 [ 341.771455][ T970] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 342.550106][ T8973] FAULT_INJECTION: forcing a failure. [ 342.550106][ T8973] name failslab, interval 1, probability 0, space 0, times 0 [ 342.596967][ T8973] CPU: 1 UID: 0 PID: 8973 Comm: syz.1.751 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 342.607603][ T8973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 342.617673][ T8973] Call Trace: [ 342.620945][ T8973] [ 342.623872][ T8973] dump_stack_lvl+0x16c/0x1f0 [ 342.628551][ T8973] should_fail_ex+0x497/0x5b0 [ 342.633235][ T8973] should_failslab+0xc2/0x120 [ 342.637910][ T8973] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 342.643283][ T8973] ? skb_clone+0x190/0x3f0 [ 342.647701][ T8973] skb_clone+0x190/0x3f0 [ 342.651991][ T8973] netlink_deliver_tap+0xabd/0xd30 [ 342.657107][ T8973] netlink_unicast+0x5e1/0x7f0 [ 342.661877][ T8973] ? __pfx_netlink_unicast+0x10/0x10 [ 342.667168][ T8973] netlink_sendmsg+0x8b8/0xd70 [ 342.671936][ T8973] ? __pfx_netlink_sendmsg+0x10/0x10 [ 342.677230][ T8973] ____sys_sendmsg+0xaaf/0xc90 [ 342.681992][ T8973] ? copy_msghdr_from_user+0x10b/0x160 [ 342.687444][ T8973] ? __pfx_____sys_sendmsg+0x10/0x10 [ 342.692737][ T8973] ___sys_sendmsg+0x135/0x1e0 [ 342.697411][ T8973] ? __pfx____sys_sendmsg+0x10/0x10 [ 342.702612][ T8973] ? __pfx_lock_release+0x10/0x10 [ 342.707639][ T8973] ? trace_lock_acquire+0x14e/0x1f0 [ 342.712855][ T8973] ? __fget_files+0x206/0x3a0 [ 342.717538][ T8973] __sys_sendmsg+0x16e/0x220 [ 342.722124][ T8973] ? __pfx___sys_sendmsg+0x10/0x10 [ 342.727246][ T8973] do_syscall_64+0xcd/0x250 [ 342.731753][ T8973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.737646][ T8973] RIP: 0033:0x7f349477ff19 [ 342.742051][ T8973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 342.761648][ T8973] RSP: 002b:00007f349555b058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 342.770059][ T8973] RAX: ffffffffffffffda RBX: 00007f3494945fa0 RCX: 00007f349477ff19 [ 342.778022][ T8973] RDX: 0000000000000800 RSI: 0000000020003700 RDI: 0000000000000003 [ 342.785983][ T8973] RBP: 00007f349555b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 342.793949][ T8973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 342.801910][ T8973] R13: 0000000000000000 R14: 00007f3494945fa0 R15: 00007ffe89eed078 [ 342.809884][ T8973] [ 342.812998][ C1] vkms_vblank_simulate: vblank timer overrun [ 343.311737][ T901] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 344.965401][ T8994] FAULT_INJECTION: forcing a failure. [ 344.965401][ T8994] name failslab, interval 1, probability 0, space 0, times 0 [ 344.979959][ T8994] CPU: 0 UID: 0 PID: 8994 Comm: syz.3.760 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 344.990543][ T8994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 345.000580][ T8994] Call Trace: [ 345.003858][ T8994] [ 345.006772][ T8994] dump_stack_lvl+0x16c/0x1f0 [ 345.011436][ T8994] should_fail_ex+0x497/0x5b0 [ 345.016106][ T8994] should_failslab+0xc2/0x120 [ 345.020764][ T8994] kmem_cache_alloc_noprof+0x6e/0x3d0 [ 345.026118][ T8994] ? skb_clone+0x190/0x3f0 [ 345.030515][ T8994] skb_clone+0x190/0x3f0 [ 345.034752][ T8994] netlink_deliver_tap+0xabd/0xd30 [ 345.039853][ T8994] netlink_unicast+0x5e1/0x7f0 [ 345.044602][ T8994] ? __pfx_netlink_unicast+0x10/0x10 [ 345.049874][ T8994] netlink_sendmsg+0x8b8/0xd70 [ 345.054628][ T8994] ? __pfx_netlink_sendmsg+0x10/0x10 [ 345.059906][ T8994] ____sys_sendmsg+0xaaf/0xc90 [ 345.064653][ T8994] ? copy_msghdr_from_user+0x10b/0x160 [ 345.070125][ T8994] ? __pfx_____sys_sendmsg+0x10/0x10 [ 345.075402][ T8994] ___sys_sendmsg+0x135/0x1e0 [ 345.080060][ T8994] ? __pfx____sys_sendmsg+0x10/0x10 [ 345.085245][ T8994] ? __pfx_lock_release+0x10/0x10 [ 345.090249][ T8994] ? trace_lock_acquire+0x14e/0x1f0 [ 345.095436][ T8994] ? __fget_files+0x206/0x3a0 [ 345.100097][ T8994] __sys_sendmsg+0x16e/0x220 [ 345.104668][ T8994] ? __pfx___sys_sendmsg+0x10/0x10 [ 345.109767][ T8994] do_syscall_64+0xcd/0x250 [ 345.114255][ T8994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.120132][ T8994] RIP: 0033:0x7f906117ff19 [ 345.124525][ T8994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.144126][ T8994] RSP: 002b:00007f9061ef4058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 345.152520][ T8994] RAX: ffffffffffffffda RBX: 00007f9061345fa0 RCX: 00007f906117ff19 [ 345.160473][ T8994] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 345.168682][ T8994] RBP: 00007f9061ef40a0 R08: 0000000000000000 R09: 0000000000000000 [ 345.176642][ T8994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 345.184596][ T8994] R13: 0000000000000000 R14: 00007f9061345fa0 R15: 00007fff3f21ba18 [ 345.192570][ T8994] [ 345.215783][ T901] usb 5-1: device descriptor read/64, error -71 [ 345.422889][ T29] audit: type=1400 audit(1733181739.457:446): avc: denied { mounton } for pid=8999 comm="syz.4.761" path="/162/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 345.450496][ T9003] overlayfs: missing 'workdir' [ 346.881958][ T29] audit: type=1400 audit(1733181740.917:447): avc: denied { unmount } for pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 347.084199][ T5909] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 347.585617][ T5909] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 347.824433][ T5909] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 347.921637][ T5909] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 347.930890][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 347.961748][ T5865] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 347.992962][ T5909] usb 4-1: SerialNumber: syz [ 348.894756][ T9046] sit0: entered promiscuous mode [ 348.900152][ T9046] vlan2: entered promiscuous mode [ 348.910673][ T5865] usb 5-1: Using ep0 maxpacket: 8 [ 348.944218][ T5865] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 348.955157][ T5865] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 348.964989][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.973150][ T5865] usb 5-1: Product: syz [ 348.977327][ T5865] usb 5-1: Manufacturer: syz [ 348.981979][ T5865] usb 5-1: SerialNumber: syz [ 348.988726][ T5865] usb 5-1: config 0 descriptor?? [ 348.993801][ T901] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 349.003665][ T29] audit: type=1400 audit(1733181742.977:448): avc: denied { read } for pid=9045 comm="syz.1.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 349.073426][ T9046] sit0: left promiscuous mode [ 349.090486][ T5865] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 349.120391][ T5909] usb 4-1: 0:2 : does not exist [ 349.147182][ T9053] FAULT_INJECTION: forcing a failure. [ 349.147182][ T9053] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 349.162001][ T5909] usb 4-1: unit 255 not found! [ 349.211475][ T901] usb 3-1: device descriptor read/64, error -71 [ 349.213347][ T9053] CPU: 0 UID: 0 PID: 9053 Comm: syz.0.774 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 349.228327][ T9053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 349.238392][ T9053] Call Trace: [ 349.241680][ T9053] [ 349.244622][ T9053] dump_stack_lvl+0x16c/0x1f0 [ 349.249318][ T9053] should_fail_ex+0x497/0x5b0 [ 349.254018][ T9053] _copy_to_user+0x32/0xd0 [ 349.258453][ T9053] simple_read_from_buffer+0xd0/0x160 [ 349.263856][ T9053] proc_fail_nth_read+0x198/0x270 [ 349.268904][ T9053] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 349.274478][ T9053] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 349.280044][ T9053] vfs_read+0x1df/0xbe0 [ 349.284208][ T9053] ? __fget_files+0x1fc/0x3a0 [ 349.288901][ T9053] ? __pfx___mutex_lock+0x10/0x10 [ 349.293942][ T9053] ? __pfx_vfs_read+0x10/0x10 [ 349.298637][ T9053] ? __fget_files+0x206/0x3a0 [ 349.303328][ T9053] ksys_read+0x12b/0x250 [ 349.307578][ T9053] ? __pfx_ksys_read+0x10/0x10 [ 349.312357][ T9053] do_syscall_64+0xcd/0x250 [ 349.316882][ T9053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.322798][ T9053] RIP: 0033:0x7f737277e92c [ 349.327221][ T9053] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 349.346843][ T9053] RSP: 002b:00007f7373651050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 349.355278][ T9053] RAX: ffffffffffffffda RBX: 00007f7372945fa0 RCX: 00007f737277e92c [ 349.363264][ T9053] RDX: 000000000000000f RSI: 00007f73736510b0 RDI: 0000000000000004 [ 349.371247][ T9053] RBP: 00007f73736510a0 R08: 0000000000000000 R09: 0000000000000000 [ 349.379228][ T9053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.387205][ T9053] R13: 0000000000000000 R14: 00007f7372945fa0 R15: 00007ffe68398828 [ 349.395203][ T9053] [ 349.404159][ T5909] usb 4-1: USB disconnect, device number 27 [ 349.908524][ T901] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 350.036451][ T9065] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 350.491649][ T5915] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 350.515346][ T5865] gspca_zc3xx: reg_w_i err -110 [ 350.663331][ T901] usb 3-1: device descriptor read/64, error -71 [ 350.733303][ T5915] usb 1-1: Using ep0 maxpacket: 16 [ 350.783620][ T901] usb usb3-port1: attempt power cycle [ 350.789685][ T5915] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 350.905207][ T5915] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 350.924399][ T5915] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 350.971942][ T5915] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 350.984342][ T5915] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 351.056130][ T5915] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 351.065483][ T5915] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 351.073640][ T5915] usb 1-1: Manufacturer: syz [ 351.099839][ T5915] usb 1-1: config 0 descriptor?? [ 351.141488][ T901] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 351.191609][ T5865] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 351.201171][ T5865] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -110 [ 351.225589][ T5865] usb 5-1: USB disconnect, device number 30 [ 351.462282][ T901] usb 3-1: device not accepting address 29, error -71 [ 352.324316][ T5915] rc_core: IR keymap rc-hauppauge not found [ 352.337202][ T5915] Registered IR keymap rc-empty [ 352.343271][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 352.368031][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 352.449960][ T5915] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 352.463986][ T5915] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input32 [ 352.497209][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 352.531672][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 352.571664][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 352.597407][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 352.642219][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 353.001528][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 353.162760][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 353.191762][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 353.843866][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 353.871502][ T5915] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 354.015082][ T5915] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 354.071698][ T5915] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 354.281544][ T5925] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 354.474760][ T9107] syz.1.789: attempt to access beyond end of device [ 354.474760][ T9107] loop1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 354.497927][ T9107] XFS (loop1): SB validate failed with error -5. [ 354.568905][ T5925] usb 5-1: config 1 interface 0 has no altsetting 0 [ 354.599845][ T5925] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 354.629623][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.686737][ T5925] usb 5-1: Product: syz [ 354.705604][ T5925] usb 5-1: Manufacturer: syz [ 354.710251][ T5925] usb 5-1: SerialNumber: syz [ 354.743912][ T5865] usb 1-1: USB disconnect, device number 26 [ 355.609624][ T5925] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 31 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 355.738981][ T9134] syz.2.796: attempt to access beyond end of device [ 355.738981][ T9134] loop2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 355.806210][ T9134] XFS (loop2): SB validate failed with error -5. [ 355.821601][ T5925] usb 5-1: USB disconnect, device number 31 [ 355.887978][ T5925] usblp0: removed [ 356.298935][ T9149] xt_hashlimit: overflow, try lower: 18446744073709551615/7 [ 359.667572][ T5925] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 360.361895][ T5925] usb 2-1: device descriptor read/64, error -71 [ 360.966882][ T5925] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 463.311481][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 463.319126][ C1] rcu: 0-...!: (0 ticks this GP) idle=e244/1/0x4000000000000000 softirq=26511/26511 fqs=0 [ 463.331503][ C1] rcu: (detected by 1, t=10505 jiffies, g=23165, q=3496 ncpus=2) [ 463.339416][ C1] Sending NMI from CPU 1 to CPUs 0: [ 463.339644][ C0] NMI backtrace for cpu 0 [ 463.339776][ C0] CPU: 0 UID: 0 PID: 9129 Comm: syz.0.794 Not tainted 6.13.0-rc1-syzkaller-00001-ge70140ba0d2b #0 [ 463.339821][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 463.339834][ C0] RIP: 0010:check_preemption_disabled+0x3/0xe0 [ 463.339935][ C0] Code: 65 8b 05 cc b9 d8 74 85 c0 74 04 90 0f 0b 90 e9 53 fc ff ff 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 54 55 <53> 48 83 ec 08 65 8b 1d 1d 0a da 74 65 8b 05 12 0a da 74 a9 ff ff [ 463.339951][ C0] RSP: 0018:ffffc90000007cc0 EFLAGS: 00000007 [ 463.340013][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff8175ceec [ 463.340025][ C0] RDX: fffffbfff20be083 RSI: ffffffff8bd1b3e0 RDI: ffffffff8bd1b420 [ 463.340037][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff20be082 [ 463.340060][ C0] R10: ffffffff905f0417 R11: 0000000000000004 R12: 0000000000000000 [ 463.340072][ C0] R13: 000000000003d90c R14: 0000000000000000 R15: 0000000000000000 [ 463.340104][ C0] FS: 00007f73736306c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 463.340123][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 463.340134][ C0] CR2: 0000000000000000 CR3: 000000005ec5e000 CR4: 00000000003526f0 [ 463.340145][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 463.340155][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 463.340167][ C0] Call Trace: [ 463.340173][ C0] [ 463.340182][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 463.340222][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 463.340292][ C0] ? nmi_handle+0x1ac/0x5d0 [ 463.340336][ C0] ? check_preemption_disabled+0x3/0xe0 [ 463.340358][ C0] ? default_do_nmi+0x6a/0x160 [ 463.340374][ C0] ? exc_nmi+0x170/0x1e0 [ 463.340389][ C0] ? end_repeat_nmi+0xf/0x53 [ 463.340415][ C0] ? trace_lock_acquire+0x3c/0x1f0 [ 463.340469][ C0] ? check_preemption_disabled+0x3/0xe0 [ 463.340490][ C0] ? check_preemption_disabled+0x3/0xe0 [ 463.340512][ C0] ? check_preemption_disabled+0x3/0xe0 [ 463.340534][ C0] [ 463.340539][ C0] [ 463.340545][ C0] rcu_is_watching+0x12/0xc0 [ 463.340616][ C0] trace_lock_acquire+0x14e/0x1f0 [ 463.340653][ C0] ? advance_sched+0x679/0xc60 [ 463.340705][ C0] lock_acquire+0x2f/0xb0 [ 463.340723][ C0] ? advance_sched+0x679/0xc60 [ 463.340741][ C0] advance_sched+0x67f/0xc60 [ 463.340779][ C0] ? advance_sched+0x679/0xc60 [ 463.340802][ C0] ? __pfx_advance_sched+0x10/0x10 [ 463.340819][ C0] __hrtimer_run_queues+0x20a/0xae0 [ 463.340877][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 463.340899][ C0] ? read_tsc+0x9/0x20 [ 463.340948][ C0] hrtimer_interrupt+0x392/0x8e0 [ 463.340975][ C0] __sysvec_apic_timer_interrupt+0x10f/0x400 [ 463.341009][ C0] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 463.341030][ C0] [ 463.341043][ C0] [ 463.341049][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 463.341072][ C0] RIP: 0010:lock_acquire.part.0+0x155/0x380 [ 463.341097][ C0] Code: b8 ff ff ff ff 65 0f c1 05 f0 cf 8b 7e 83 f8 01 0f 85 d0 01 00 00 9c 58 f6 c4 02 0f 85 e5 01 00 00 48 85 ed 0f 85 b6 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7 [ 463.341114][ C0] RSP: 0018:ffffc9001c1173b8 EFLAGS: 00000206 [ 463.341128][ C0] RAX: 0000000000000046 RBX: 1ffff92003822e78 RCX: 000000009c12069b [ 463.341140][ C0] RDX: 0000000000000001 RSI: ffffffff8b6cdb40 RDI: ffffffff8bd1b460 [ 463.341152][ C0] RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff2dca598 [ 463.341164][ C0] R10: ffffffff96e52cc7 R11: 0000000000000003 R12: 0000000000000000 [ 463.341176][ C0] R13: ffffffff8e1bb440 R14: 0000000000000000 R15: 0000000000000000 [ 463.341195][ C0] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 463.341214][ C0] ? rcu_is_watching+0x12/0xc0 [ 463.341235][ C0] ? trace_lock_acquire+0x14e/0x1f0 [ 463.341259][ C0] ? __page_table_check_pte_clear+0x1ba/0x580 [ 463.341298][ C0] ? lock_acquire+0x2f/0xb0 [ 463.341315][ C0] ? __page_table_check_pte_clear+0x1ba/0x580 [ 463.341337][ C0] __page_table_check_pte_clear+0x1c0/0x580 [ 463.341358][ C0] ? __page_table_check_pte_clear+0x1ba/0x580 [ 463.341378][ C0] ? __pfx___page_table_check_pte_clear+0x10/0x10 [ 463.341399][ C0] ? const_folio_flags+0x71/0x1f0 [ 463.341429][ C0] ? __tlb_remove_folio_pages_size.constprop.0+0x162/0x560 [ 463.341468][ C0] unmap_page_range+0x22f6/0x3d60 [ 463.341505][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 463.341522][ C0] ? mas_next_slot+0x12d3/0x21b0 [ 463.341557][ C0] ? uprobe_munmap+0x20/0x5c0 [ 463.341621][ C0] unmap_single_vma+0x194/0x2b0 [ 463.341638][ C0] unmap_vmas+0x22f/0x490 [ 463.341657][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 463.341676][ C0] ? __pfx_lock_release+0x10/0x10 [ 463.341695][ C0] ? lock_acquire+0x2f/0xb0 [ 463.341712][ C0] ? mlock_drain_local+0x6f/0x4f0 [ 463.341735][ C0] exit_mmap+0x1c6/0xb20 [ 463.341754][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 463.341784][ C0] __mmput+0x12a/0x4c0 [ 463.341830][ C0] mmput+0x62/0x70 [ 463.341848][ C0] copy_process+0x2b24/0x8df0 [ 463.341879][ C0] ? __pfx_copy_process+0x10/0x10 [ 463.341901][ C0] ? __pfx_futex_wake_mark+0x10/0x10 [ 463.341964][ C0] ? futex_wait+0x121/0x380 [ 463.341985][ C0] kernel_clone+0xfd/0x960 [ 463.342007][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 463.342031][ C0] ? do_futex+0x123/0x350 [ 463.342047][ C0] ? __pfx_do_futex+0x10/0x10 [ 463.342065][ C0] __do_sys_clone+0xba/0x100 [ 463.342091][ C0] ? __pfx___do_sys_clone+0x10/0x10 [ 463.342121][ C0] do_syscall_64+0xcd/0x250 [ 463.342143][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.342193][ C0] RIP: 0033:0x7f737277ff19 [ 463.342227][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.342244][ C0] RSP: 002b:00007f7373630008 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 463.342260][ C0] RAX: ffffffffffffffda RBX: 00007f7372946080 RCX: 00007f737277ff19 [ 463.342272][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 463.342283][ C0] RBP: 00007f73727f3986 R08: 0000000000000000 R09: 0000000000000000 [ 463.342293][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 463.342304][ C0] R13: 0000000000000000 R14: 00007f7372946080 R15: 00007ffe68398828 [ 463.342321][ C0] [ 463.342568][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10504 jiffies! g23165 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 463.976709][ C1] rcu: Possible timer handling issue on cpu=0 timer-softirq=17288 [ 463.984596][ C1] rcu: rcu_preempt kthread starved for 10505 jiffies! g23165 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 463.995963][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 464.005983][ C1] rcu: RCU grace-period kthread stack dump: [ 464.011940][ C1] task:rcu_preempt state:I stack:27600 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 464.022215][ C1] Call Trace: [ 464.025489][ C1] [ 464.028421][ C1] __schedule+0xe58/0x5ad0 [ 464.032852][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 464.038066][ C1] ? __pfx___schedule+0x10/0x10 [ 464.042919][ C1] ? schedule+0x298/0x350 [ 464.047253][ C1] ? __pfx_lock_release+0x10/0x10 [ 464.052280][ C1] ? lock_acquire+0x2f/0xb0 [ 464.056782][ C1] ? schedule+0x1fd/0x350 [ 464.061118][ C1] schedule+0xe7/0x350 [ 464.065189][ C1] schedule_timeout+0x124/0x280 [ 464.070075][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 464.075450][ C1] ? __pfx_process_timeout+0x10/0x10 [ 464.080747][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 464.086556][ C1] ? prepare_to_swait_event+0xf3/0x470 [ 464.092026][ C1] rcu_gp_fqs_loop+0x1eb/0xb00 [ 464.096831][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 464.102116][ C1] ? rcu_gp_init+0xc82/0x1630 [ 464.106799][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 464.112037][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 464.117852][ C1] rcu_gp_kthread+0x271/0x380 [ 464.122534][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 464.127751][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 464.132954][ C1] ? __kthread_parkme+0x148/0x220 [ 464.138034][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 464.143237][ C1] kthread+0x2c1/0x3a0 [ 464.147611][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 464.152812][ C1] ? __pfx_kthread+0x10/0x10 [ 464.157411][ C1] ret_from_fork+0x45/0x80 [ 464.161825][ C1] ? __pfx_kthread+0x10/0x10 [ 464.166418][ C1] ret_from_fork_asm+0x1a/0x30 [ 464.171319][ C1]