last executing test programs: 16.361458682s ago: executing program 0 (id=1732): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, 0x0) rseq(&(0x7f0000000180)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0xb, 0xc, &(0x7f0000000040)=ANY=[@ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb709}, 0x94) r3 = socket$packet(0x11, 0x2, 0x300) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000180)=r4, 0x4) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xfd56}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xba7, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) sendmsg(r2, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x8, 0x0, 0xfffffffffffffffb, 0x200009, 0x6, 0x10000, 0x7}, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0xb8, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) syz_open_dev$vim2m(0x0, 0x3, 0x2) creat(&(0x7f00000002c0)='./file0\x00', 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(ecb-aes-aesni)\x00'}, 0x58) r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNDEL(r6, 0x400448c9, &(0x7f0000000480)={@any, 0x4}) pipe2(&(0x7f0000001040), 0x0) gettid() 13.462443289s ago: executing program 0 (id=1737): bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c000000ffffff90950000000000000018100000", @ANYRES32, @ANYBLOB="0000000000000000050000000000000095ee000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x2, &(0x7f00000011c0)=0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb261a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4d8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c952197b0a508c0e16fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d6"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xb) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)="39000000130003474cbb65e1c3e4ff", 0xf}], 0x1) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10) sendmsg$rds(r7, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0xffffff33}], 0x1}}], 0x48}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) prlimit64(0x0, 0xe, 0x0, 0x0) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r9, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000840)={0x0, &(0x7f0000000780)=""/106, &(0x7f0000000380), &(0x7f0000000000), 0x80, r11, 0x0, 0x7}, 0x38) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b000000080003", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) r12 = syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x2) ioctl$VIDIOC_CREATE_BUFS(r12, 0xc100565c, &(0x7f0000000480)={0x1ff, 0x200, 0x2, {0x4, @vbi={0x4, 0x0, 0xec9e, 0x34424752, [0x5, 0x80000001], [0x4, 0x2], 0x1}}, 0x9}) io_submit(r2, 0x2000000000000326, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000001c0)='m', 0xfffffdfc}]) 11.384192305s ago: executing program 0 (id=1744): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000001c0)={0x0, 0x0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) bind$inet6(0xffffffffffffffff, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = socket(0xa, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, 0x0, 0x0) r4 = creat(&(0x7f0000000340)='./file0\x00', 0x101) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) r6 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000744000/0x2000)=nil, 0x2000, 0x100000a, 0x8031, r4, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRES32=r6], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r8}, &(0x7f00000000c0), &(0x7f00000056c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0xfffffffe, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94) 10.145988574s ago: executing program 3 (id=1749): getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) socket$inet(0x2, 0x1, 0x0) r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_uring_setup(0x7fd0, &(0x7f00000004c0)={0x0, 0x3edc, 0x2, 0x1, 0x2fa}) socket$nl_netfilter(0x10, 0x3, 0xc) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) 8.682863207s ago: executing program 3 (id=1752): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000fc0)=@flushpolicy={0x64, 0x1d, 0x2, 0x70bd29, 0x25dfdbfe, "", [@XFRMA_IF_ID={0x8, 0x1f, 0x2}, @XFRMA_IF_ID={0x8, 0x1f, 0x2}, @srcaddr={0x14, 0xd, @in=@dev={0xac, 0x14, 0x14, 0x19}}, @XFRMA_IF_ID={0x8, 0x1f, 0x4}, @sec_ctx={0x25, 0x8, {0x21, 0x8, 0x1, 0x51, 0x19, "74f655d98a71510b3198a708cc486109ab081a0ffa22af1688"}}]}, 0x64}}, 0x80) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x9, 0x20, 0x2, 0x0, 0x2004cc, 0x8000002, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x767], 0xeeef0000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x3) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) r5 = semget(0x3, 0x2, 0x441) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x111) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[]) acct(0x0) semctl$GETVAL(r5, 0x1, 0xc, &(0x7f0000000100)=""/235) shmctl$SHM_INFO(0x0, 0xe, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0xfffffffe, @mcast1, 0x7}, 0x1c) 6.921124119s ago: executing program 4 (id=1755): bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c000000ffffff90950000000000000018100000", @ANYRES32, @ANYBLOB="0000000000000000050000000000000095ee000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x2, &(0x7f00000011c0)=0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb261a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4d8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c952197b0a508c0e16fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d6"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xb) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)="39000000130003474cbb65e1c3e4ff", 0xf}], 0x1) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10) sendmsg$rds(r7, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0xffffff33}], 0x1}}], 0x48}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) prlimit64(0x0, 0xe, 0x0, 0x0) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r9, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000840)={0x0, &(0x7f0000000780)=""/106, &(0x7f0000000380), &(0x7f0000000000), 0x80, r11, 0x0, 0x7}, 0x38) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b000000080003", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) r12 = syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x2) ioctl$VIDIOC_CREATE_BUFS(r12, 0xc100565c, &(0x7f0000000480)={0x1ff, 0x200, 0x2, {0x4, @vbi={0x4, 0x0, 0xec9e, 0x34424752, [0x5, 0x80000001], [0x4, 0x2], 0x1}}, 0x9}) io_submit(r2, 0x2000000000000326, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000001c0)='m', 0xfffffdfc}]) 6.779651552s ago: executing program 3 (id=1757): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000000c0)={0x80000018}) shutdown(r0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x10000, 0x1, 0x8000000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) epoll_create1(0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000"], 0x7c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, 0x0, 0xc000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5) setsockopt$inet_tcp_int(r3, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r3, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed39", 0x10}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r4 = socket$netlink(0x10, 0x3, 0x10) readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000240)=""/50, 0x32}, {&(0x7f0000000280)=""/203, 0xcb}, {&(0x7f0000000380)=""/14, 0xe}, {&(0x7f00000003c0)=""/235, 0xeb}, {&(0x7f00000004c0)=""/226, 0xe2}], 0x5) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r5 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r5, 0x40305652, &(0x7f0000000040)={0x1, 0x1, 0x6e, 0x0, 0xd, 0x80000000, 0x4001}) 5.956213674s ago: executing program 0 (id=1758): r0 = syz_open_procfs(0x0, &(0x7f0000000800)='loginuid\x00') r1 = socket$inet_sctp(0x2, 0x1, 0x84) r2 = request_key(&(0x7f0000000140)='logon\x00', &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000240)='(#?\x00', 0xfffffffffffffffa) r3 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, r3) keyctl$revoke(0x3, r3) keyctl$instantiate(0xc, r2, 0x0, 0x0, r3) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) sendmsg$inet_sctp(r1, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881) r4 = dup(r1) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000300)=0xc6c5, 0x4) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf) setsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f0000000040)=@assoc_value={0x0, 0xcc0}, 0x8) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0xfd87) close_range(r0, 0xffffffffffffffff, 0x0) 5.954289013s ago: executing program 3 (id=1759): bind$isdn(0xffffffffffffffff, &(0x7f0000000000)={0x22, 0x7, 0x8, 0x80, 0x7}, 0x6) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x800}}, './file0\x00'}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r1, 0x8, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x4, 0x48}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x2c}, 0x1, 0x0, 0x0, 0x811}, 0x2000000) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f00000001c0)={r0, 0x4, 0x0, "1211a22f025da3531ebb8c66be1a5edf85ced6ccf614abf8e5909789ae92892ef490a34a97ee007e2d1f18b349b477feb4718350458163225176de71df7c5e3e80be5c22429c046679d2ea47f7bd69258c5bc4dda20c673d1dcd72d0da4b823d6d571b3c963453d5272e77f4832000904b9a013194a6a729b11f2c07d7414d8797d7a687b2c6a67428f093d2150f17d2df86e38902e9866c"}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000018c0)={'ip6_vti0\x00', &(0x7f0000001840)={'ip6gre0\x00', 0x0, 0x29, 0x0, 0x4, 0x1, 0x4, @empty, @local, 0x700, 0x80, 0x2, 0xfffffffb}}) sendmsg$inet(r0, &(0x7f0000001ac0)={&(0x7f0000000280)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000001780)=[{&(0x7f00000002c0)="b9c83dbc32ef19ac754538fdfc6d85cdbc3f46636d4b4a98f075e5035e122dbef6012b1f087a85", 0x27}, {&(0x7f0000000300)="faa1bd6e0cccb786c52a6b0c48a6c89f2e2ac05d2a8608e827a4cab4bfe2b708318f3552a0325f36d2a32dd774ec0a75ec18573a26a4ed3c2be1591e5c618d4a65496b4b33658f82fa75afcbc3aff7cf2a5006493a8039ccaa714b665e67f537630094cb0e41368254681d6d4ed19eb752dd48414c2d0c9e80f773e81a9984be453b2b4752b59608c7fff04e0ed3513c0f8bcb48f1d5228b0fd0b7a0898699ca406f38864f739ef206d968899f39aed8c0af60551290e98609f13c2a2d93c8ea8f65d83a1f4ff3c882c3b7d759f79e7175812a8eb3fe1ef2dc6940cada35eed1c1", 0xe1}, {&(0x7f0000000400)="5e97713d458fc9c7b7fea881f3fd5fc210eb47a62f153142d1ff8cb950f92b58fdb81311607cd273cdc7715ba4fe40eba6bb254f48d1afcf534900ffd74252e8f91d", 0x42}, {&(0x7f0000000480)="adb2367a9500f79a9fa9356ba62aac6afc490e93d92c044638144ccaeb934aee78ecde569a7974e54a436946d2831e39b4733601aa4610692f62476614440e07edaa7b2f2e8c08f5ef924ea7da861fe7bba69b2d696ab0c9f5", 0x59}, {&(0x7f0000000500)="ef802b590d5e31027878098c1c08225bfdae7c995f889fe0980246ccb2d56236f2534faa2883005501844d3bc4bf7d08b396f068e54a4806fd782f961dd1a3f217f66359f43833e897b9554653427a46878d1196f4949222dc340bc891bec1c206d44520535dc4ebdbc6396bc36ed7e906c0225c7296a108048640589a841189b75f7096c3e84652e8d16c4034822d4184243333c0fbca8702b7c9f642d5e2f8d5b9dfdceac711dc6b7aa77d97f2ab0fb3e6c9898c9dcbe3f0db38f4960d2f0227e67110d74894a7844e1208a44a410ac1edbe69f7f272967b7b7316a2b84f36fe594948a5c1bbddca4a753b2a8c8ccd6efd6cb3d2a1695de737be972a413281061158c214931a8738de56c8202f33ef8b2cab0db32bba9390c2de53f8673b88ea7fa8f1482b4c4fd8672c96d2fc10e370befdc0f68ee1684b38e84ecf8fcebf3e35eb5886539819a4b5ca0cdf5f1dd0feb5765accdc53cc6c55fe90719b9430dc8f54118743a2657318449693d9af96e492e315d8f4e74a84a507a9a449be4b88f8c7fbc5fc36dbb7dc47efb9ef97a1733e6861d2ed15da1bd361d1196ea27d354da6f7eb9755c225742d4b20d089e116c796481cb5a146cb3d3be5c0da504281f12b59535354c98b71ce3554591d1a4acd1586411a1993333e9f0b33fd48f91ed24d3a3c6ac03908d72072568e5e0b5b4da11af8751404ddca21b78d1286aa593c571a65081bff5dded15d415facd9acb37b550c2327f4b43c248edd6cfa1f82d51b24fa9281540c04a8289661ae0e0b09b95c647f2df696e9d15bf8196324277ec6eb6b71bd0ff5532dd7e01e37a9465d1ca6fe21800183557ebf192afd0d502a0f83b9fddfcb4576e11b9994f691de5828b49927243b67b9e4f66cf610a1ea343d0b99d84ae8cfd1e0cb69215171e27861ac450e023453e67364c15ce1ae98d6975c9a05d5ac937019b41394b5290b46e39b8b7db932f7313dbf09e19390b55ce7eaa6e0a07c0d05a9fe5398c45703a34d9df0f55c5950ccca68ba65e2d57aba64d86f886d02659f7ed48e613ecc1e52050e3606f2c2f1d2cd6247398633c53a298ce10952807e8547b9aa39223a9023c6e3b730ec0bdb96d3686a7162d4bf1dc3539da1caab42c745c9d91f77bb0c403f12176c29fdcf801a4ae0e697ac6754515e1e205cf7400b25fbe885e7d1229431988cd5cfa447b3eb5818139f3dba9f20313a19a9b9e0da1e9fef4c1a8939fc38c3af73906f8e24c9d983d41ce111874a71dfe676fda3944fb7f27dda805fe8f534997a409521b71fb05b38e190a7cdd1e700de27a7e91ef352c3de2ce0640f316339edd2420292018b50a7c492b960576adf2ee32d4a3bc8d198b87878239972bfdf8d2a242214ae4d4711e34c4fcb9f139a26d0143697bb835851075514e21c37c5856288d5c670984330df731ac449f0a58bc817371f1dee32d11a9dfb5b83454283501dbeba6a0794fb7ca32bbc7c1a370cfa787da9cb27c1888baca2d4a4056eb735fee9e2d378c62219958e597b7c7cd7a631d4f0f271d93ff1f3fa096e49d332253ac162c3b20d6e30410e79ae97a1a7d42d8318112cb7c5ec4bf136f42d54610d5df60468fc0be96b9c5f5420325631c89d74364c603b31e328eacae3aef00cdc0ce774ef48d155a101ff26d360a5578a35e94f8e00cf92e127eec374d00881dfabfd68de0d7dc1ec7c0b7493ea6118b918b8e3ad9a1f4639a3ebe114f192036a4ae72f3135c7a85a62ac60a50b982976f9f603e0186f9983c5c5b178e5219c5a24fba9fb7cdf3a00a02cab3fb73c9b31f6f9ee7b842df859eabafd60d56e5fbebf4974de27d0c661d0f9e3452925e3005d2267b8bd9f58527f47795a6d0f94664a444712868da35e056707ac138ddcb99b9d68b661d905ef37e79367b1826e9a9803a2523aab5f73b62e2396505325b3a4bf081b6dec2fa9c164d55c66c88db3b0c357807c9d1a9aac69b48a92cf1e0d50253bce421b83a578dd9f66389e7f2e981d8f812d46d3de4a7c3c2901cf4d041c180c6fd8ceb827c49631be5f3575fbd1e9d4a7a7136ed09cc60ff5aee9b23ac0851b07cd59974b26794337425df288483c82bd306f3c284a2a3553f4d708000ddf36e624b2a229ba4aa2943f86d9bf98b116b43b5050292a93979978c349444443eefcbf5b0b1a65af5d0f79a40fde3388fa7acc2cf28b124a11683f04518d08fa114577e0483e846a6ba324b750072272d1b500cf83a5a24ae68cf493e0a89ce2ffca6ad895f972e8833e7298ef648f620e01f992b87809fc31840d3d4b86d1b72190840bc5fc6e12b169d8d3a343715e2a10af6868d3d47de1ef9472c30531598f7e420429c73d800db9f84a041cf633f8b39464341933d1581be30f44b1038810005a6c37c7d854eb85fd34f487c57fdbbe7c47fefa363d44c85f070aa37feafa005f6d00bac1d2bb3c4910f61030c4ee1813b7c534aa7a99758d73258ffc7e89e2f962526513150ee44401b315e781cf7fb87a53a429e01d023a96100fa8e73f1683ce327717ee0767a2f9a3f541ac21fb7980478825d9424771915e27971735949913659576f45e03fa426e9c74382c460d203aaaebe50f763b4e2d4afe2553e9249952496b54c2ccae91ee05a346dd7ca9a5d835251e283a7b0ecae65e7dde922ef2eca333065c06f36cfb0bd0469549604a6d96f65157db8fbbd30166d816e8b008bbe71a4ed84efe28d90d49786c160ce5622f2e442d2147d5039fba5fea5a8d99536b00c639099e52aadcb5a5da4aacbae0eef5fcea3cd823e79847ce9a49abacf0bf5e0b9aaa90edbaba66d66b779e7907ac24765d4d0b681d47356b923033965c3d1149e1d2140da2bdad8b00b629cc419de24f3e10b39105d02df3f1a74d70a2183a5a9f7d38b092e2f87d8ee72af29ece3e26e3b6505433637a5db3ef5511cc6e01681085a4631aa66419d56603d63bb0c0ab4852db03437b7baa1e51f8af49f4f58d7a4efc140ec5fc14da8f3a75c37cdc02ed3b90f8d5324892429dd7b5bf3de4822da1df8aecfe6e58f7aabf207dffed456f9b0b44f90306e18b0c29a989f20061f47c92dfc3f674378d16b733ad5d3201dacce2dfd175ef4943d7eea1dfd518b282a0b937399201c860e3ec46125c67324b4647ead97b94d6355f5671b74e00a765c20f7c6659f771df4ab1137fc53d40fa2f1d53f2ec14f655ad7bc840452d312f56971084147a2d1f279567af8f0f6a65c5e159bea546bd8c5b23609419f1cdd43c45a719cb5009b26dee4b6ad8557e23ff84425311cdf37eee542aad60a1f9632cc7476464286975c6a61b4576e89bde9ef8caf31625edfccec8563b4fc6ce908c538f182bfd4a2ad7cb4c5373d51390b4e40d24b7ac3b2b5d5d6cecdb6ae4698f3433ed17df698dbc1e1f3de51727c99e333eb28315a4ed91bd25b6f3f44b486ade79e06d3c3228992d645474d80fd82fcbbf2ac11cc721b2b00a7c19b1f5cd895ed0e475bbcdc5ed7cc7d604f341edfeae831d9710df5b8ed6d8e94563c4393eb342f5a9c22a2096aac408ad9f5882f47ee37ecc320e598f536dfb9a13158ff957f6613b64800c6193def76f895a52762b9baf3f736488adc0e8d3b056497403188b36744b20083815034f8916db09ad5f2c406099ea525d1adf0bc9e3f029b4ec3ffcbae8386a1c675cd7d1d6fe476f94e48e99cfbb9aa85d025957c0ca6df2ac9b88a0a226a3259b09f31d9e05de431e585f461feef177476d648dcd7490c86576f01c343b235550fc3a2b024e9abae3679768749359e3ceea8d3e4e27ac6e014de5169dea0af168f9d6769f3c9e236d22f55b185a83204976584902525dd544d98526d6f6565c277387591b9f305e8133032c07fe6a9da23c05bb8620e2cd889b828bf008891baf54d8d68ad25f4482ad46fb8b4e37494033b7080f93d514d441d9f204bf2410c301cb2e9ceee271d8296c5185a857fb0372b410210cfb0cad652eb108d34874f4d3453be2a28fbbeef107ca4b817f5faacc5150307b9e192ac58638d1793504719aa4480ade1f4608de2b11b13de6e6e5a8a104030654de7f19f909c7efe22f100c9168c226904e4b6a41ce5e2e81c7862f23e4eb734123eb3724b04fd15ce0c3b245ba0cf173140ab888bd10b2297880fd5cdc24657a620147cbc0d1e95afffe136076d92dc6a539f5640a0399b9d347a3489c452fc9f1b2864df2a543324e6d9cea2e5c920742e3689132620253b3c8144ef13d852e65916e4ae39695bb89bce0211ce250bf160b3b1e972fde9a47406547cc22d23c3ebd631b822db3e764ad94a88f18e7c3a1d4ff03f5b92672d51a401a7c246a784042bc9e281f4a95d3c2da76a7510f0aaa90cafd3e9064621f4ddd18a8ff1ce043fee39bc9f46b172923b279f1a8b26f1cfca892b8462a0888716d35b85e99d7773d6a1a8f91be9f79c5dc172b5f567c807a2f596c6e4f9da318e4bde7b2362aa8da82df8cef666796cad5b839bff521a0502c98be9aa12f76bfce7c29aa35a55f53077370f67bcf91d558cf33da6bd40f4790e19b7b6b92b701576a2141461f7240c1950631a7bf54dd3ac1e6a12473e74a12cc6ce197ba79bcd22ab7a2ed5a6cb9d385c56e8657a4b0033f5040d83f11cc29d7bf76ef7889734a1e70448fbfc164f051bb823acf024016dce709c0f6aa60b2be34ddb1d430da06deaae276bc087b5925daec10829948a199351b54c8f97345e9a6278ae7380fc796fdc834dc93451256ed471a7f117325b4a27b5f6063f144de26172bb4575ddabb89857ec7435ed69b97786b3bcb893c9bd1a6400ab0a0aabc9f38e9b9a3ec79ed39375b622ae5a8e0613fb6c491765d20a08942f2189ae24c2a0d6ec511631c25e9b55d0e4b65d6646a37d0a5a11163178608c97cae3d7e1824aedd61b439765cd2392f4a54294099a88b5e9ba3c493c02c47d1956bdd8190f335b26e4583011fac59e3485e1f6fc21b3e3d777e2c028c36a9150165254191967898fed8a10ddf64b6ba3a405998e9a8a9d1ee779dd4c1f89d0a34f8b6c8fb55553b0d16a688b22217d2b2a830ada564770f0041cdc5343b3ce9b8a0710c8c88dc40c44bae9793d7ba4aba5a68be297f3be213a41831e3784e874ae7ce64a986cbe162bf77bbf2d775b89e1ec70cc60cd9ff8f62ec0569d370491f9b4262cc55bdea40560ca3b9bf3b1f804c6d3fd2dbe9cdbd7b7d62203e484205f2f5e2e771c5a2d6116f8f0620bc6a85f0fb35ab41952598e8c4dd0dce9c247a0bf4f88faa944059170e461c7520e040b918580eaae24e57269151a2bc28b5afc58382ac08f82802b387827b7263717a70edbc0e7f5a9c48391b3c3bdea27a83998bb82d5dbd6eb4364da92c366c4f75546c99b287114829d3317040b9cf8bca81d13a3465143b89f0cf07f5023fbd7d74b94bcf2cfd1490eb51676e54468abafdbbfc1a86fb3289bc13f77dd62897567273f6d1fa0e34e4744eede8d3b0fa5c86833f7d9f6eb46c86ee37a128070d49aed81f202cc09be3a2d654a2fb976b62fed08541a4beae2f6a68caaf4c4a2d519af5683cb865408489f8a5d9d5140418f49256e5f966d105cd431360e97224d54a044bd02e8b45b34937243182801cce7735da5cc36c497df5c38066934c6368d8e28f8f0715d00be253a917c3b62a90e163d4f746939bf1439f7f8bd9178ae0956d63e4ecbfbcba7810a72205b4568914523ae61bed1faeab554125f03cb1c6e970ef22642d630fc59a642f3400", 0x1000}, {&(0x7f0000001500)="d384bd606572fc634a8d4279e91adff3c26be3bfc3afde4d8390343dd4d5285bf6493f04de6b5a13ec7013c8378ee9da6c7d1859c472b0b5bf9f2e26ec29fc7cb3048c4a920d0d85822d519e8eeb3ab51f6de826705d2b095bb0303f333c05ff77d3757568ceb2892a8976bacd4a1492ac76eab8b3beeffd2f9c05ec3503cdc3a681f118f9298b32208c7d941fce5e81b2bbd521dc79751efe268cae70bd0ca3afaed29b0fee052b0429fba73a1e3a9583fbe6", 0xb3}, {&(0x7f00000015c0)="ab69fb2d54d6dc6bffab3aafe44cf1552618860d6953e23677fd2036afe11450176ea6c0bdd31b1d7dd57754d4aa8e95ce2a0817c8de703a46854afd7b7c4086087388630fc215b6bdbae1ff99b7a4877a1e0cb6da501440a2150be22ea0afbc998eb5ec4a6b2f99df63766e73dbe8c56266d0ff0298af4e45161704c999a027a57550274fb643bb27759299dbd6c778a8fd5eebd69a75627e6815668c9e92bce03ef6c2e72129596c0cf053d2fc62f94efb1150b26ffcb0b1bf4b46ff728af8ba03f099debc458747cf8fc7fce5eb3c7b03f5ac732e838c7541ba787c004ddd9eda1f08602d8e7b55e1c0305b44d548006455a04f94bcba6ce4c2cf", 0xfc}, {&(0x7f00000016c0)="f390db7fa72493139d1d0b1bc5a0a4e4f2671433ab799e042d06f41477684a8d75de1ebd60e27d57fa2a0954062f15b31a1d5a8206a930", 0x37}, {&(0x7f0000001700)="8121478260ef42de054e399948fb3eb17b5fa6c1e8c6bd7cccf3eff65c257e8f9f497006af87b069cec72479907aa52206e90329c23ba0ff390d40c662f60f2e4dc65a5b3298a33e730ef204b7ee39639750fe20b7b94fd3fbb676188c6709a59864b5fe0939d73e", 0x68}], 0x9, &(0x7f0000001900)=[@ip_retopts={{0xe0, 0x0, 0x7, {[@timestamp_addr={0x44, 0x34, 0xe5, 0x1, 0x4, [{@remote, 0x3}, {@broadcast, 0x6}, {@multicast2, 0x8}, {@empty, 0x4}, {@empty, 0xff}, {@local}]}, @generic={0x83, 0xd, "4da820c0589bf23aa223d3"}, @timestamp_prespec={0x44, 0xc, 0x6b, 0x3, 0x3, [{@multicast2, 0x6}]}, @ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x34, 0x3b, 0x1, 0x0, [{@loopback, 0x16}, {@multicast1, 0x9}, {@dev={0xac, 0x14, 0x14, 0x1a}, 0x3}, {@remote, 0x58db40}, {@dev={0xac, 0x14, 0x14, 0x38}, 0x67a}, {@multicast2, 0x7}]}, @lsrr={0x83, 0x23, 0x3d, [@dev={0xac, 0x14, 0x14, 0xc}, @empty, @dev={0xac, 0x14, 0x14, 0x42}, @rand_addr=0x64010102, @local, @loopback, @remote, @rand_addr=0x64010102]}, @end, @timestamp={0x44, 0x8, 0x54, 0x0, 0x7, [0x3]}, @end, @lsrr={0x83, 0x1b, 0xff, [@remote, @broadcast, @empty, @rand_addr=0x64010100, @private=0xa010100, @broadcast]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x4}}, @ip_tos_int={{0x14}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x4}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x80000001}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x89}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @private=0xa010101, @multicast1}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1}}], 0x190}, 0x8080) syz_genetlink_get_family_id$mptcp(&(0x7f0000001b00), r0) write$UHID_CREATE2(r0, &(0x7f0000001b40)={0xb, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0xe, 0x0, 0x5, 0xee18, 0x0, 0x5, "206efd548f8d8dbdd0a472d45ae9"}}, 0x126) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001e00)={&(0x7f0000001c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x70, 0x70, 0x5, [@float={0xc, 0x0, 0x0, 0x10, 0x10}, @int={0xe, 0x0, 0x0, 0x1, 0x0, 0x19, 0x0, 0x66, 0x4}, @typedef={0x3, 0x0, 0x0, 0x8, 0x2}, @union={0x6, 0x4, 0x0, 0x5, 0x0, 0x8, [{0x7, 0x2, 0x4}, {0x9, 0x5, 0x3ff}, {0x9, 0x3, 0xcc2}, {0x10, 0x1, 0xfffeffff}]}, @typedef={0xb, 0x0, 0x0, 0x8, 0x1}]}, {0x0, [0x2e, 0x30, 0x30]}}, &(0x7f0000001d40)=""/148, 0x8d, 0x94, 0x0, 0x3a}, 0x28) ioctl$VIDIOC_G_STD(r0, 0x80085617, &(0x7f0000001e40)) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=@bloom_filter={0x1e, 0x1, 0xa6e, 0x7ff, 0x800, 0xffffffffffffffff, 0x4, '\x00', r2, r3, 0x5, 0x3, 0x1, 0xa}, 0x50) ioctl$F2FS_IOC_COMPRESS_FILE(r4, 0xf518, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000001f00)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000001f40)={r5, 0x0}) ioctl$EVIOCGABS2F(r0, 0x8018456f, &(0x7f0000001f80)=""/38) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r0, &(0x7f00000020c0)={&(0x7f0000001fc0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000002080)={&(0x7f0000002040)={0x34, r1, 0x2, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x7, 0x63}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x34}}, 0x4080) r8 = openat$autofs(0xffffffffffffff9c, &(0x7f0000002100), 0x400, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r8, 0xc018937e, &(0x7f0000002140)={{0x1, 0x1, 0x18, r4}, '.\x00'}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r9, 0x89f3, &(0x7f0000002200)={'syztnl2\x00', &(0x7f0000002180)={'erspan0\x00', r2, 0x7800, 0x8000, 0x0, 0x6, {{0xc, 0x4, 0x2, 0x13, 0x30, 0x67, 0x0, 0xf, 0x2f, 0x0, @empty, @private=0xa010100, {[@end, @ssrr={0x89, 0xb, 0x1e, [@multicast2, @remote]}, @rr={0x7, 0xf, 0xa5, [@dev={0xac, 0x14, 0x14, 0x30}, @rand_addr=0x64010100, @broadcast]}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f00000022c0)={'syztnl1\x00', &(0x7f0000002240)={'erspan0\x00', r10, 0x7, 0x7800, 0x4, 0x5, {{0xb, 0x4, 0x0, 0x2, 0x2c, 0x68, 0x0, 0x0, 0x2f, 0x0, @multicast2, @rand_addr=0x64010101, {[@lsrr={0x83, 0x17, 0xf, [@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @multicast1, @local, @remote]}]}}}}}) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r9, &(0x7f00000023c0)={&(0x7f0000002300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000002380)={&(0x7f0000002340)={0x18, 0x1407, 0x300, 0x70bd2c, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x20040010}, 0x4c000) r11 = syz_genetlink_get_family_id$l2tp(&(0x7f0000002440), r0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r9, &(0x7f0000002540)={&(0x7f0000002400)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002500)={&(0x7f0000002480)={0x54, r11, 0x100, 0x70bd2c, 0x25dfdbfe, {}, [@L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'syzkaller1\x00'}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x9}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @private0}]}, 0x54}, 0x1, 0x0, 0x0, 0x24014060}, 0x24000080) sendmsg$NL80211_CMD_STOP_NAN(r9, &(0x7f0000002640)={&(0x7f0000002580)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000002600)={&(0x7f00000025c0)={0x14, r1, 0x100, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x40) r12 = creat(&(0x7f0000002680)='./file0\x00', 0x4) recvfrom$l2tp6(r0, &(0x7f00000026c0)=""/92, 0x5c, 0x2, &(0x7f0000002740)={0xa, 0x0, 0x0, @mcast2}, 0x20) getpeername$packet(r12, &(0x7f0000002780)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000027c0)=0x14) ioctl$DRM_IOCTL_GEM_FLINK(r4, 0xc008640a, &(0x7f0000002800)={r6}) 5.859576196s ago: executing program 4 (id=1761): capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x6}) (async) capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x6}) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000000), 0x2, 0x1a9882) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000040)={0x0, 0x7ff, 0x41, 0x0, 0x6}) (async) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000040)={0x0, 0x7ff, 0x41, 0x0, 0x6}) r2 = socket$inet6(0xa, 0x80001, 0x8) getsockopt$inet_int(r2, 0x0, 0x32, 0x0, &(0x7f00000000c0)) getpid() (async) r3 = getpid() read$FUSE(0xffffffffffffffff, &(0x7f0000004000)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) setpgid(r3, r4) close_range(r0, 0xffffffffffffffff, 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0xf4, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x3}, 0x50) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x1, @ANYBLOB='1\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000300c080ba22000000000000000000000000fffffff30000"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000200)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x1b, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x746f}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}, @map_fd={0x18, 0x4, 0x1, 0x0, r6}, @generic={0x0, 0x9, 0x4, 0xb91, 0x7}, @tail_call={{0x18, 0x2, 0x1, 0x0, r7}}, @map_fd={0x18, 0x6, 0x1, 0x0, r6}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) 5.743270194s ago: executing program 3 (id=1764): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x12, 0xffffffffffffffff, 0xf2c22000) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x4) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mount$overlay(0x0, 0x0, 0x0, 0x80, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000280)=0x15) io_submit(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0xfffffffffffffc31, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x1c, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x3, 0x0, 0x1}}, @TCA_GRED_LIMIT={0x8, 0x5, 0x401}, @TCA_GRED_PARMS={0x0, 0x1, {0x9, 0xb, 0x1, 0xc, 0x2, 0x6, 0x7, 0x7, 0x10, 0x8, 0x1d, 0xf, 0x2, 0xd, 0x7, 0x7}}, @TCA_GRED_MAX_P={0x0, 0x4, 0x4}, @TCA_GRED_STAB={0x0, 0x2, "b2ddae15a9ca2e72d8bd3a68c7960eb9aaf1e02f1c4014f6ff469ce1d03ebb0023398979bfa4f74160fcfdbe7b7af0b2518cf0803faff9d0eb5a7f0778cd8dfaf80127ee413790385a0227c4a2e99f79047951949714ed674e5c08250d770b45033149bb48fdd0a6450480a97fa5b39272f6684b70dd69feeaa31d0b2f6e1fa7710bbab151144baf58c8e58aa403819132591b3543c4d52d10234019568c7765dcc88afbb5cfa9d39189c944e073d0eda51f27a6b87e80a5d2ec7e608b5795e56f4374374daa18bf3629d193bfa9b1c508dc8cef2bdf05b13975dce4fa6616cae8de194dbe093c9aaa3327def7a6fe60eb8bc56e9370622b38d772b6c07b7dde"}, @TCA_GRED_PARMS={0x0, 0x1, {0x4, 0xbaa, 0x8, 0xa, 0xb988, 0x0, 0x1, 0xe149, 0xa, 0x8, 0xa, 0x1c, 0xf, 0x0, 0x9, 0x32}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x51}, 0x20000) 5.708321156s ago: executing program 0 (id=1765): setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x8) r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'veth0_vlan\x00', &(0x7f00000002c0)=@ethtool_sfeatures={0x3b, 0x2, [{0x3ff, 0x2}, {0xffffffff, 0x3}]}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=@base={0xf, 0x4, 0x4, 0x16, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r6}, &(0x7f00000006c0), &(0x7f0000000700)=r5}, 0x20) sendmsg$inet(r4, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) 4.735175801s ago: executing program 4 (id=1767): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x801, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="2c00000007000000000002001df80066000000000000000000000000000000000300cb09000000002541270025ea1752e6d9364560c7bfc6b82b47e6d33f3f32a1d07c"], 0x2c) syz_open_procfs(0x0, 0x0) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x8) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) open(&(0x7f0000000040)='./file0\x00', 0x551083, 0x28) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) unlinkat(r2, 0x0, 0x200) lseek(r2, 0x100, 0x0) 4.375329349s ago: executing program 2 (id=1769): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000000c0)={0x80000018}) shutdown(r0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x10000, 0x1, 0x8000000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) epoll_create1(0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000"], 0x7c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, 0x0, 0xc000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5) setsockopt$inet_tcp_int(r3, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r3, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed39", 0x10}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r4 = socket$netlink(0x10, 0x3, 0x10) readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000240)=""/50, 0x32}, {&(0x7f0000000280)=""/203, 0xcb}, {&(0x7f0000000380)=""/14, 0xe}, {&(0x7f00000003c0)=""/235, 0xeb}, {&(0x7f00000004c0)=""/226, 0xe2}], 0x5) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r5 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r5, 0x40305652, &(0x7f0000000040)={0x1, 0x1, 0x6e, 0x0, 0xd, 0x80000000, 0x4001}) 4.375044562s ago: executing program 4 (id=1770): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x8) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) open(&(0x7f0000000040)='./file0\x00', 0x551083, 0x28) r2 = open(0x0, 0x0, 0x0) unlinkat(r2, &(0x7f0000000280)='./file0\x00', 0x200) lseek(r2, 0x100, 0x0) 3.333952217s ago: executing program 1 (id=1771): socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_open_dev$tty20(0xc, 0x4, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500), 0x42, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x53, 0x3, 0x8, 0x2, 0xb, 0x0, 0x1}, 0x0, &(0x7f0000000280)={0x3fd, 0x252c, 0x2000000000000, 0x2, 0x0, 0x9, 0x466}, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x200000000000000) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sendmsg$nl_generic(r2, 0x0, 0x4000000) 3.333484358s ago: executing program 4 (id=1772): bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c000000ffffff90950000000000000018100000", @ANYRES32, @ANYBLOB="0000000000000000050000000000000095ee000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x2, &(0x7f00000011c0)=0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb261a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4d8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c952197b0a508c0e16fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d6"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xb) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)="39000000130003474cbb65e1c3e4ff", 0xf}], 0x1) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10) sendmsg$rds(r6, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0xffffff33}], 0x1}}], 0x48}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) prlimit64(0x0, 0xe, 0x0, 0x0) r7 = getpid() sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000840)={0x0, &(0x7f0000000780)=""/106, &(0x7f0000000380), &(0x7f0000000000), 0x80, r10, 0x0, 0x7}, 0x38) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) r11 = syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x2) ioctl$VIDIOC_CREATE_BUFS(r11, 0xc100565c, &(0x7f0000000480)={0x1ff, 0x200, 0x2, {0x4, @vbi={0x4, 0x0, 0xec9e, 0x34424752, [0x5, 0x80000001], [0x4, 0x2], 0x1}}, 0x9}) io_submit(r2, 0x2000000000000326, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000001c0)='m', 0xfffffdfc}]) 3.246860552s ago: executing program 2 (id=1773): r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0xc42, 0x0) write$fb(r0, &(0x7f0000000140), 0x0) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) kexec_load(0x0, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0xff600000, 0x1000000}], 0x0) socket(0x200000000000011, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$key(0xffffffffffffffff, 0x0, 0x8890) 2.247832631s ago: executing program 0 (id=1774): syz_usb_connect(0x0, 0x36, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x7f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x0, 0x4000) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYRES16, @ANYRES32=0x1, @ANYBLOB='<}\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=0x0], 0x50) r4 = syz_open_procfs(r0, &(0x7f00000003c0)='statm\x00') read$FUSE(r4, &(0x7f0000004180)={0x2020}, 0x2020) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000001c0)='ext4_allocate_inode\x00'}, 0x18) syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r5 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r5, 0x29, 0x4a, &(0x7f0000000000)=0x9, 0x4) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, r6, 0x9c3fa077fa966179, 0xfffffffd, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x916d, 0x15}}}}}, 0x20}}, 0x4000054) 2.195336353s ago: executing program 1 (id=1775): socket$nl_generic(0x10, 0x3, 0x10) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_open_dev$tty20(0xc, 0x4, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500), 0x42, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x53, 0x3, 0x8, 0x2, 0xb, 0x0, 0x1}, 0x0, &(0x7f0000000280)={0x3fd, 0x252c, 0x2000000000000, 0x2, 0x0, 0x9, 0x466}, 0x0, 0x0) (fail_nth: 1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x200000000000000) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) sendmsg$nl_generic(r2, 0x0, 0x4000000) 2.078067569s ago: executing program 4 (id=1776): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x4e, 0x0, 0x0) r3 = epoll_create(0x101) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000040)) setresuid(0xee01, 0xffffffffffffffff, 0xffffffffffffffff) setresuid(0xffffffffffffffff, 0xffffffffffffffff, 0xee01) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/rt6_stats\x00') ioctl$VIDIOC_SUBDEV_S_FMT(r5, 0xc0585605, &(0x7f0000000200)={0x1, 0x0, {0x4, 0x7f, 0x2025, 0x7, 0x9, 0xff0f57813fd9cb3e, 0x1, 0x5}}) r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) syz_usb_control_io$rtl8150(r6, 0x0, 0x0) syz_usb_control_io$uac1(r6, 0x0, 0x0) syz_usb_control_io$printer(r6, 0x0, 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000140)={0x0, 0x2, 0x4}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="0f080fae04a200400f01c426660f3a15e6160fc76bdbf08666350f2170260fed9c000066b9230b00000f32", 0x2b}], 0x1, 0x21, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) getpeername$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000280)=0x1c) 1.678563463s ago: executing program 2 (id=1777): getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) socket$inet(0x2, 0x1, 0x0) r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_io_uring_setup(0x495, &(0x7f0000000740)={0x0, 0x7079, 0x400, 0x3, 0xef}, &(0x7f0000000340)=0x0, &(0x7f00000000c0)=0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) 710.920886ms ago: executing program 1 (id=1778): r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000140)=[{0x1, 0xffff, 0x3000}], 0x1, 0x0) semctl$SETVAL(r0, 0x1, 0x10, &(0x7f0000000040)=0x3) r1 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000)) writev(r1, &(0x7f00000004c0)=[{&(0x7f0000000080)="93fb52fec482961d1c0dbb95f13b923e81ad16c3608e19f8133349edb2ac4b972447cf86c69da757ab3753696785c63c2a4e599f7b0fd9041314a457cb45b71437ab4f59a8d768e902ed5671778fbecccf0231596baf1c346f102cf21aca881fdd66f820f7504ca05b430ec8d82497c85b14b03d8566254012da772327f86582fec411de40a8e2522d51450dfaf13e598088bf2be828f4e05e87ad7cb7a2", 0x9e}, {&(0x7f0000000180)="f701af40e6acb618a5a4eab39fb2fa58dc506352010e1e4b4d405eb184e82ce3af11a357506d7ef11aedd77fccca42c3ab7f57c50177a66975ed7e9e1e4e2a110b3a255805deb6c767d4aa58922057804504347d070ecb899ae08b9a1fbf0e6e061fab3cbf80e62c803830f11ef40c7a590fb1e907a5bb3b7d90f9ef7d9383f6d3f3ed6c86c395d092463295df5d1af04c97544875e76bbb3b09c3a09823e3e63358153463c75ee1cc", 0xa9}, {&(0x7f0000000240)="8e410189d7e704bad937a54efd92baf169be6b82dfb154a834860c35346106c43e6cde59de68425e54a5bf97ce7d70986000c243d36159df6ff20a2b33c00e86d7ec18bfd0eceb524f05850b0d5b01b92bf2488ffe1cb23a690f0e41b3", 0x5d}, {&(0x7f00000002c0)="c7ad2b9f9cf63e26b0e3548c08b49d93d51cfc1f28c6d0b821ffba9abe089307fecef75cd84b", 0x26}, {&(0x7f0000000300)="3fb2c2c1688608f6c8232538c3db683d83c857ece4a163fd4c1d04f047d9f4c7c369faeee1ce777faf87851aeed8e2838d3b3a1696e581bf7321698aaeaaaac49e7ab7b454a4537c0ac3d328729f7672171a98b232e18ccc4e2103a374ee6c6acb1d5a7bb4a66de94bcfbe3282cd56935796ad34e2654aad9acf2584d9da89f02df49241acc50de92cd4fcdcd5ab8651f753b3099384f583a83f1898a211e3c22d99407e2113b30fd6902628642fe005ac50f6eb37e5f65e9d2a119d73dd69b974051ecf8a8c543deb23c40e2995c3ba390772617fd29178f7c24bc0588862579e7f1f6ea601d6aee78a", 0xea}, {&(0x7f0000000400)="ed8f73503f989ad08cc12b9e7811d0654b36dd61119411e1308b6d80ccbb6db68bb10b3c6c0307cf6277475049abe463ac035d1de15004699b44569cf614059f87bfa17edc0f9fd8956e2a790864d67e40d9f1a2d9887b7447696aeb56d07a2d06fb18429094a58cd3711ebecd6e528038a1ed1880908530d000daf7602d3dc9cdf44a2192842f260d398d41cb15c26600d4655ee0318ebf7d8509bc09d5442f159909d75974cb719de302f5a62e0c8ebeb22b0c32d1430382028906", 0xbc}], 0x6) 656.404444ms ago: executing program 2 (id=1779): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) set_mempolicy(0x2, &(0x7f0000000080)=0x4716, 0x3) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x408, 0x7) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 534.3601ms ago: executing program 1 (id=1780): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r1, 0x400, 0x1) (async) close(r1) (async) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x32) (async) write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000000), 0x2) setsockopt(r0, 0x84, 0x80, &(0x7f0000000280)="1a00000002000000", 0x8) (async) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 390.698236ms ago: executing program 2 (id=1781): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) connect$llc(0xffffffffffffffff, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10) 383.480269ms ago: executing program 1 (id=1782): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x8) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) open(&(0x7f0000000040)='./file0\x00', 0x551083, 0x28) r2 = open(0x0, 0x0, 0x0) unlinkat(r2, &(0x7f0000000280)='./file0\x00', 0x200) lseek(r2, 0x100, 0x0) 25.725372ms ago: executing program 3 (id=1783): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f00000000c0)={0x80000018}) shutdown(r0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x10000, 0x1, 0x8000000, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) epoll_create1(0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000"], 0x7c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, 0x0, 0xc000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5) setsockopt$inet_tcp_int(r3, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r3, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a7", 0x13}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r4 = socket$netlink(0x10, 0x3, 0x10) readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000240)=""/50, 0x32}, {&(0x7f0000000280)=""/203, 0xcb}, {&(0x7f0000000380)=""/14, 0xe}, {&(0x7f00000003c0)=""/235, 0xeb}, {&(0x7f00000004c0)=""/226, 0xe2}], 0x5) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r5 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r5, 0x40305652, &(0x7f0000000040)={0x1, 0x1, 0x6e, 0x0, 0xd, 0x80000000, 0x4001}) 891.225µs ago: executing program 1 (id=1784): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000fc0)=@flushpolicy={0x64, 0x1d, 0x2, 0x70bd29, 0x25dfdbfe, "", [@XFRMA_IF_ID={0x8, 0x1f, 0x2}, @XFRMA_IF_ID={0x8, 0x1f, 0x2}, @srcaddr={0x14, 0xd, @in=@dev={0xac, 0x14, 0x14, 0x19}}, @XFRMA_IF_ID={0x8, 0x1f, 0x4}, @sec_ctx={0x25, 0x8, {0x21, 0x8, 0x1, 0x51, 0x19, "74f655d98a71510b3198a708cc486109ab081a0ffa22af1688"}}]}, 0x64}}, 0x80) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x9, 0x20, 0x2, 0x0, 0x2004cc, 0x8000002, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x767], 0xeeef0000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x3) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) r5 = semget(0x3, 0x2, 0x441) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x111) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[]) acct(0x0) semctl$GETVAL(r5, 0x1, 0xc, &(0x7f0000000100)=""/235) shmctl$SHM_INFO(0x0, 0xe, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0xfffffffe, @mcast1, 0x7}, 0x1c) 0s ago: executing program 2 (id=1785): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000380)={@val={0x1c, 0xf5}, @val={0x0, 0x0, 0x3, 0xf12, 0x26, 0x1000}, @mpls={[{}], @ipv6=@gre_packet={0x4, 0x6, "ace260", 0x44, 0x2f, 0x1, @loopback, @rand_addr=' \x01\x00', {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x2}, {}, {0x0, 0x0, 0x1, 0x1}, {0x8, 0x88be, 0x2, {{0x0, 0x1, 0x23, 0x0, 0x0, 0x1, 0x0, 0x2}, 0x1, {0x3e}}}, {0x8, 0x22eb, 0x3, {{0x2, 0x2, 0x48, 0x1, 0x1, 0x0, 0x1, 0x61}, 0x2, {0xfffffffb, 0xf587, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7e) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prlimit64(0x0, 0xe, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = socket$inet6_icmp(0xa, 0x2, 0x3a) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000005280)={'vcan0\x00'}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) r7 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000000000)={0x0, 0x0, 0x7, 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x3, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0xfff2, 0xfff2}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x2, 0x2f61, 0x81}}}}]}, 0x44}}, 0x4000010) connect$can_j1939(r4, &(0x7f00000053c0)={0x1d, r6, 0x0, {0x1, 0xff}, 0xff}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = mq_open(&(0x7f0000000100)='tunl0\x00', 0x2, 0x4, &(0x7f0000000180)={0x7, 0xe3, 0x6, 0xe63a}) mq_timedreceive(r8, &(0x7f0000000200)=""/29, 0x1d, 0x6, &(0x7f0000000280)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r10, 0x1, 0x1a, &(0x7f0000000240)={0x3, &(0x7f0000000000)=[{0x30, 0x0, 0xfd, 0x5ae9}, {0x20, 0x7f, 0x6, 0xfefff010}, {0x6, 0x0, 0x9f, 0x1000}]}, 0x10) sendmmsg$inet(r9, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0) kernel console output (not intermixed with test programs): ss=tipc_socket permissive=1 [ 220.108667][ T30] audit: type=1400 audit(2000000059.560:386): avc: denied { listen } for pid=7935 comm="syz.3.548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 221.252546][ T30] audit: type=1400 audit(2000000060.750:387): avc: denied { mount } for pid=7952 comm="syz.2.552" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 221.261782][ T7950] netlink: 28 bytes leftover after parsing attributes in process `syz.4.551'. [ 221.314948][ T7950] netlink: 28 bytes leftover after parsing attributes in process `syz.4.551'. [ 221.417990][ T30] audit: type=1400 audit(2000000060.750:388): avc: denied { ioctl } for pid=7948 comm="syz.4.551" path="/dev/usbmon0" dev="devtmpfs" ino=716 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 221.785150][ T30] audit: type=1400 audit(2000000061.290:389): avc: denied { unmount } for pid=5844 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 221.979925][ T7970] netlink: 9896 bytes leftover after parsing attributes in process `syz.2.555'. [ 223.126807][ T7981] FAULT_INJECTION: forcing a failure. [ 223.126807][ T7981] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 223.144360][ T7981] CPU: 1 UID: 0 PID: 7981 Comm: syz.2.559 Not tainted syzkaller #0 PREEMPT(full) [ 223.144384][ T7981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 223.144392][ T7981] Call Trace: [ 223.144395][ T7981] [ 223.144399][ T7981] dump_stack_lvl+0x16c/0x1f0 [ 223.144417][ T7981] should_fail_ex+0x512/0x640 [ 223.144433][ T7981] _copy_from_user+0x2e/0xd0 [ 223.144449][ T7981] drm_ioctl+0x4fb/0xc30 [ 223.144466][ T7981] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 223.144480][ T7981] ? __pfx_drm_ioctl+0x10/0x10 [ 223.144500][ T7981] ? selinux_file_ioctl+0x180/0x270 [ 223.144515][ T7981] ? selinux_file_ioctl+0xb4/0x270 [ 223.144530][ T7981] ? __pfx_drm_ioctl+0x10/0x10 [ 223.144545][ T7981] __x64_sys_ioctl+0x18b/0x210 [ 223.144562][ T7981] do_syscall_64+0xcd/0x4e0 [ 223.144577][ T7981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 223.144588][ T7981] RIP: 0033:0x7f0a9898eec9 [ 223.144596][ T7981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.144607][ T7981] RSP: 002b:00007f0a99810038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 223.144618][ T7981] RAX: ffffffffffffffda RBX: 00007f0a98be5fa0 RCX: 00007f0a9898eec9 [ 223.144624][ T7981] RDX: 00002000000011c0 RSI: 00000000c06864a2 RDI: 0000000000000003 [ 223.144630][ T7981] RBP: 00007f0a99810090 R08: 0000000000000000 R09: 0000000000000000 [ 223.144636][ T7981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.144642][ T7981] R13: 00007f0a98be6038 R14: 00007f0a98be5fa0 R15: 00007ffd48cba858 [ 223.144654][ T7981] [ 223.313056][ C1] vkms_vblank_simulate: vblank timer overrun [ 224.239058][ T30] audit: type=1400 audit(2000000063.740:390): avc: denied { ioctl } for pid=7993 comm="syz.0.564" path="socket:[18082]" dev="sockfs" ino=18082 ioctlcmd=0x8b19 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 224.901552][ T8005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.568'. [ 224.910484][ T8005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.568'. [ 227.684907][ T8032] netlink: 48 bytes leftover after parsing attributes in process `syz.3.575'. [ 227.728292][ T8032] netlink: 4 bytes leftover after parsing attributes in process `syz.3.575'. [ 227.890797][ T30] audit: type=1400 audit(2000000067.390:391): avc: denied { connect } for pid=8037 comm="syz.0.576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 228.014518][ T5982] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 228.272086][ T8032] hsr_slave_1 (unregistering): left promiscuous mode [ 228.621694][ T5982] usb 2-1: device descriptor read/64, error -71 [ 229.045212][ T5982] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 229.167282][ T8064] netlink: 8 bytes leftover after parsing attributes in process `syz.0.582'. [ 229.176499][ T8064] netlink: 8 bytes leftover after parsing attributes in process `syz.0.582'. [ 229.199826][ T5982] usb 2-1: device descriptor read/64, error -71 [ 229.372790][ T5982] usb usb2-port1: attempt power cycle [ 229.458508][ T8070] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8070 comm=syz.3.584 [ 233.286613][ T8116] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8116 comm=syz.4.597 [ 233.774557][ T43] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 233.969269][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 234.003659][ T43] usb 2-1: New USB device found, idVendor=1286, idProduct=1fa4, bcdDevice=fb.16 [ 234.032506][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.052747][ T43] usb 2-1: Product: syz [ 234.073020][ T43] usb 2-1: Manufacturer: syz [ 234.078943][ T43] usb 2-1: SerialNumber: syz [ 234.100333][ T43] usb 2-1: config 0 descriptor?? [ 234.136816][ T43] mvusb_mdio 2-1:0.0: probe with driver mvusb_mdio failed with error -5 [ 234.375244][ T5922] usb 2-1: USB disconnect, device number 9 [ 234.496236][ T5860] Bluetooth: hci3: unexpected cc 0x2039 length: 9 > 1 [ 234.503830][ T5860] Bluetooth: hci3: unexpected event for opcode 0x2039 [ 234.939554][ T8143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.606'. [ 234.948901][ T8143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.606'. [ 236.207692][ T8161] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8161 comm=syz.2.611 [ 240.476832][ T8204] netlink: 8 bytes leftover after parsing attributes in process `syz.4.626'. [ 240.539343][ T8204] netlink: 8 bytes leftover after parsing attributes in process `syz.4.626'. [ 243.374404][ T24] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 243.977165][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 244.481849][ T24] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 244.499510][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 244.585284][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 244.595678][ T24] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 244.610959][ T24] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 244.620063][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.066870][ T8282] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8282 comm=syz.4.647 [ 245.108919][ T5860] Bluetooth: hci1: unexpected cc 0x2039 length: 9 > 1 [ 245.116453][ T5860] Bluetooth: hci1: unexpected event for opcode 0x2039 [ 245.276160][ T24] usb 2-1: GET_CAPABILITIES returned 0 [ 245.343281][ T24] usbtmc 2-1:16.0: can't read capabilities [ 245.519227][ T5985] usb 2-1: USB disconnect, device number 10 [ 249.145480][ T5860] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 249.154142][ T5860] Bluetooth: hci1: Injecting HCI hardware error event [ 249.162997][ T5859] Bluetooth: hci1: hardware error 0x00 [ 249.980000][ T8344] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8344 comm=syz.2.665 [ 250.417205][ T8343] netlink: 8 bytes leftover after parsing attributes in process `syz.3.666'. [ 250.436711][ T8343] netlink: 8 bytes leftover after parsing attributes in process `syz.3.666'. [ 250.481973][ T5985] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 250.539717][ T8348] Invalid source name [ 250.543847][ T8348] UBIFS error (pid: 8348): cannot open "./file0", error -22 [ 250.828716][ T8350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.669'. [ 250.974888][ T5985] usb 5-1: Using ep0 maxpacket: 8 [ 250.989138][ T5985] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 251.008147][ T5985] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 251.020281][ T5985] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 251.046750][ T5985] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 251.108632][ T5985] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 251.183406][ T5985] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.272348][ T5859] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 251.739562][ T5985] usb 5-1: GET_CAPABILITIES returned 0 [ 251.745905][ T5985] usbtmc 5-1:16.0: can't read capabilities [ 251.932645][ T43] usb 5-1: USB disconnect, device number 10 [ 252.761221][ T8380] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8380 comm=syz.0.678 [ 253.736738][ T8390] Invalid source name [ 253.740819][ T8390] UBIFS error (pid: 8390): cannot open "./file0", error -22 [ 254.926034][ T8404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.685'. [ 255.233447][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.260491][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.141849][ T8417] netlink: 8 bytes leftover after parsing attributes in process `syz.0.687'. [ 256.151464][ T8417] netlink: 8 bytes leftover after parsing attributes in process `syz.0.687'. [ 256.371293][ T8422] tipc: Started in network mode [ 256.404904][ T8422] tipc: Node identity 56e58ed45a23, cluster identity 4711 [ 256.416987][ T8422] tipc: Enabled bearer , priority 0 [ 256.475195][ T8421] tipc: Disabling bearer [ 256.484463][ T5982] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 256.664402][ T5982] usb 4-1: Using ep0 maxpacket: 8 [ 256.904019][ T5982] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 256.914169][ T5982] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 256.929779][ T5982] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 257.037427][ T5982] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 257.066774][ T5982] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 257.497896][ T5982] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.225175][ T5982] usb 4-1: GET_CAPABILITIES returned 0 [ 258.230676][ T5982] usbtmc 4-1:16.0: can't read capabilities [ 258.317579][ T5982] usb 4-1: USB disconnect, device number 8 [ 259.074196][ T8452] netlink: 4 bytes leftover after parsing attributes in process `syz.3.697'. [ 260.330496][ T8464] netlink: 'syz.2.701': attribute type 11 has an invalid length. [ 260.338257][ T8464] netlink: 64 bytes leftover after parsing attributes in process `syz.2.701'. [ 261.008377][ T8471] syzkaller0: entered promiscuous mode [ 261.013985][ T8471] syzkaller0: entered allmulticast mode [ 261.863207][ T5985] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 262.062748][ T5985] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 262.136328][ T5985] usb 5-1: New USB device found, idVendor=1286, idProduct=1fa4, bcdDevice=fb.16 [ 262.153445][ T5985] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.168213][ T5985] usb 5-1: Product: syz [ 262.172527][ T5985] usb 5-1: Manufacturer: syz [ 262.178246][ T5985] usb 5-1: SerialNumber: syz [ 262.243803][ T5985] usb 5-1: config 0 descriptor?? [ 262.289422][ T5985] mvusb_mdio 5-1:0.0: probe with driver mvusb_mdio failed with error -5 [ 262.398283][ T5922] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 262.526024][ T8495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.710'. [ 262.542265][ T8495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.710'. [ 262.564616][ T5982] usb 5-1: USB disconnect, device number 11 [ 262.644341][ T5922] usb 4-1: Using ep0 maxpacket: 8 [ 262.739762][ T5922] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 262.815788][ T5922] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 262.845872][ T5922] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 262.861290][ T5922] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 262.895467][ T5922] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 262.946997][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.192195][ T5922] usb 4-1: usb_control_msg returned -71 [ 263.199484][ T5922] usbtmc 4-1:16.0: can't read capabilities [ 263.231077][ T5922] usb 4-1: USB disconnect, device number 9 [ 264.965370][ T8527] netlink: 4 bytes leftover after parsing attributes in process `syz.0.716'. [ 267.114420][ T43] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 267.328682][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 267.538599][ T43] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 267.554004][ T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 267.573072][ T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 267.593103][ T8557] netlink: 8 bytes leftover after parsing attributes in process `syz.1.727'. [ 267.602174][ T8557] netlink: 8 bytes leftover after parsing attributes in process `syz.1.727'. [ 267.643385][ T43] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 267.659312][ T43] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 267.668516][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.894006][ T43] usb 4-1: usb_control_msg returned -71 [ 267.909757][ T8564] netlink: 4 bytes leftover after parsing attributes in process `'. [ 267.915713][ T43] usbtmc 4-1:16.0: can't read capabilities [ 267.958004][ T43] usb 4-1: USB disconnect, device number 10 [ 270.883720][ T8603] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8603 comm=syz.3.741 [ 272.405340][ T8613] Invalid source name [ 272.409430][ T8613] UBIFS error (pid: 8613): cannot open "./file0", error -22 [ 273.144474][ T5982] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 273.304329][ T5982] usb 5-1: Using ep0 maxpacket: 32 [ 273.369354][ T5982] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 273.406286][ T5982] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 273.888846][ T5982] usb 5-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 273.933795][ T5982] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.969881][ T5982] usb 5-1: config 0 descriptor?? [ 275.050875][ T5982] samsung 0003:0419:0600.0009: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.4-1/input0 [ 275.583027][ T8645] netlink: 8 bytes leftover after parsing attributes in process `syz.0.755'. [ 275.593827][ T8645] netlink: 8 bytes leftover after parsing attributes in process `syz.0.755'. [ 276.159536][ T5985] usb 5-1: USB disconnect, device number 12 [ 279.065738][ T8678] Invalid source name [ 279.069856][ T8678] UBIFS error (pid: 8678): cannot open "./file0", error -22 [ 279.352680][ T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 279.755953][ T5922] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 279.844429][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 279.868173][ T9] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.903345][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 279.920453][ T5922] usb 4-1: Using ep0 maxpacket: 32 [ 279.930733][ T9] usb 5-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 280.010755][ T5922] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 280.024802][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.034469][ T5922] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 280.049007][ T9] usb 5-1: config 0 descriptor?? [ 280.058279][ T5922] usb 4-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 280.086557][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.112076][ T5922] usb 4-1: config 0 descriptor?? [ 280.394412][ T5982] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 280.405612][ T10] libceph: connect (1)[c::]:6789 error -101 [ 280.417546][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 280.433071][ T10] libceph: connect (1)[c::]:6789 error -101 [ 280.442541][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 280.544429][ T5982] usb 3-1: Using ep0 maxpacket: 32 [ 280.554159][ T5982] usb 3-1: config 0 has no interfaces? [ 280.562187][ T5982] usb 3-1: New USB device found, idVendor=061d, idProduct=c140, bcdDevice=ce.6f [ 280.573805][ T5982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.639628][ T5982] usb 3-1: Product: syz [ 280.645868][ T5922] samsung 0003:0419:0600.000A: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.3-1/input0 [ 280.709268][ T5982] usb 3-1: Manufacturer: syz [ 280.709590][ T5922] libceph: connect (1)[c::]:6789 error -101 [ 280.730350][ T5922] libceph: mon0 (1)[c::]:6789 connect error [ 280.763388][ T5982] usb 3-1: SerialNumber: syz [ 280.838691][ T5982] usb 3-1: config 0 descriptor?? [ 281.204152][ T5922] usb 3-1: USB disconnect, device number 11 [ 281.264757][ T10] libceph: connect (1)[c::]:6789 error -101 [ 281.270955][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 281.655118][ T8696] ceph: No mds server is up or the cluster is laggy [ 281.704022][ T5922] usb 4-1: USB disconnect, device number 11 [ 281.738609][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 281.785101][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 282.050695][ T9] usb 5-1: USB disconnect, device number 13 [ 283.128298][ T8716] syzkaller0: entered promiscuous mode [ 283.133784][ T8716] syzkaller0: entered allmulticast mode [ 284.060123][ T8730] Invalid source name [ 284.064210][ T8730] UBIFS error (pid: 8730): cannot open "./file0", error -22 [ 285.526239][ T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 285.725758][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 285.746733][ T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 285.767290][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 285.789011][ T9] usb 4-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 285.799199][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.813738][ T9] usb 4-1: config 0 descriptor?? [ 286.325353][ T9] samsung 0003:0419:0600.000B: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.3-1/input0 [ 287.151403][ T5922] usb 4-1: USB disconnect, device number 12 [ 289.242175][ T8793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.800'. [ 289.251910][ T8793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.800'. [ 289.531277][ T8796] syzkaller0: entered promiscuous mode [ 289.540600][ T8796] syzkaller0: entered allmulticast mode [ 291.358849][ T1215] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 291.515739][ T1215] usb 3-1: Using ep0 maxpacket: 32 [ 291.526455][ T1215] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 291.538802][ T1215] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 291.560452][ T1215] usb 3-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 291.570363][ T1215] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.581079][ T1215] usb 3-1: config 0 descriptor?? [ 291.618812][ T5922] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 291.680410][ T8827] lo: entered allmulticast mode [ 291.686536][ T8827] netlink: 4 bytes leftover after parsing attributes in process `syz.3.812'. [ 291.707437][ T8826] lo: left allmulticast mode [ 291.794790][ T5922] usb 1-1: Using ep0 maxpacket: 8 [ 291.826813][ T5922] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 291.844021][ T8833] Invalid source name [ 291.848116][ T8833] UBIFS error (pid: 8833): cannot open "./file0", error -22 [ 291.849363][ T5922] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 291.870390][ T5922] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 292.464676][ T1215] samsung 0003:0419:0600.000C: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.2-1/input0 [ 292.486627][ T5922] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 292.493903][ T1215] usb 3-1: USB disconnect, device number 12 [ 292.564604][ T5922] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 292.584905][ T5922] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.680944][ T8837] fido_id[8837]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 292.771054][ T8847] netlink: 8 bytes leftover after parsing attributes in process `syz.4.818'. [ 292.786759][ T8847] netlink: 8 bytes leftover after parsing attributes in process `syz.4.818'. [ 292.833965][ T5922] usb 1-1: GET_CAPABILITIES returned 0 [ 292.840206][ T5922] usbtmc 1-1:16.0: can't read capabilities [ 293.115581][ T5922] usb 1-1: USB disconnect, device number 7 [ 293.751445][ T8856] syzkaller0: entered promiscuous mode [ 293.757536][ T8856] syzkaller0: entered allmulticast mode [ 295.535117][ T8886] Invalid source name [ 295.540082][ T8886] UBIFS error (pid: 8886): cannot open "./file0", error -22 [ 295.756596][ T8887] Invalid source name [ 295.768682][ T8887] UBIFS error (pid: 8887): cannot open "./file0", error -22 [ 296.863321][ T8908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.834'. [ 296.882297][ T8908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.834'. [ 298.578117][ T8941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.843'. [ 300.424579][ T8983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.855'. [ 300.433400][ T8983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.855'. [ 301.041833][ T8993] Invalid source name [ 301.045938][ T8993] UBIFS error (pid: 8993): cannot open "./file0", error -22 [ 301.793302][ T5922] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 302.031162][ T5922] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 302.128319][ T5922] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 302.138448][ T5922] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 302.220044][ T5922] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 302.243740][ T5922] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.276645][ T5922] usb 1-1: config 0 descriptor?? [ 302.777182][ T5922] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 302.957175][ T9002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 303.057615][ T9002] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 303.256569][ T9002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 303.268996][ T9002] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 303.522846][ T9030] netlink: 4 bytes leftover after parsing attributes in process `'. [ 303.818260][ T9036] netlink: 52 bytes leftover after parsing attributes in process `syz.0.863'. [ 303.887084][ T30] audit: type=1400 audit(2000000143.390:392): avc: denied { connect } for pid=9001 comm="syz.0.863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 304.989721][ T9036] delete_channel: no stack [ 305.808874][ T5985] usb 1-1: USB disconnect, device number 8 [ 305.842138][ T9064] Invalid source name [ 305.846264][ T9064] UBIFS error (pid: 9064): cannot open "./file0", error -22 [ 307.014706][ T9073] syz_tun: entered allmulticast mode [ 307.100519][ T9073] netlink: 4 bytes leftover after parsing attributes in process `syz.2.884'. [ 307.269503][ T9073] syz_tun (unregistering): left allmulticast mode [ 313.236580][ T9137] Invalid source name [ 313.240639][ T9137] UBIFS error (pid: 9137): cannot open "./file0", error -22 [ 313.376460][ T9138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.900'. [ 313.392867][ T9138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.900'. [ 314.515423][ T5922] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 315.254513][ T5922] usb 4-1: Using ep0 maxpacket: 32 [ 315.273788][ T5922] usb 4-1: config 0 has no interfaces? [ 315.298855][ T5922] usb 4-1: New USB device found, idVendor=061d, idProduct=c140, bcdDevice=ce.6f [ 315.328780][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.348977][ T5922] usb 4-1: Product: syz [ 315.353163][ T5922] usb 4-1: Manufacturer: syz [ 315.380078][ T5922] usb 4-1: SerialNumber: syz [ 315.424185][ T5922] usb 4-1: config 0 descriptor?? [ 315.623641][ T9167] lo: entered allmulticast mode [ 315.694871][ T9170] netlink: 4 bytes leftover after parsing attributes in process `syz.0.913'. [ 316.292319][ T9165] lo: left allmulticast mode [ 316.709639][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.724754][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.955149][ T1215] usb 4-1: USB disconnect, device number 13 [ 317.931125][ T5859] Bluetooth: hci3: unexpected cc 0x2039 length: 9 > 1 [ 317.938320][ T5859] Bluetooth: hci3: unexpected event for opcode 0x2039 [ 318.077563][ T9202] lo: entered allmulticast mode [ 318.164560][ T9204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.921'. [ 318.240340][ T9201] lo: left allmulticast mode [ 320.001662][ T9224] netlink: 8 bytes leftover after parsing attributes in process `syz.2.926'. [ 320.010964][ T9224] netlink: 8 bytes leftover after parsing attributes in process `syz.2.926'. [ 322.755739][ T5922] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 323.154938][ T5922] usb 1-1: Using ep0 maxpacket: 32 [ 323.162172][ T5922] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 323.174447][ T5922] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 323.188695][ T5922] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 323.198003][ T5922] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.213618][ T5922] usb 1-1: config 0 descriptor?? [ 323.660860][ T5922] samsung 0003:0419:0600.000E: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.0-1/input0 [ 323.863590][ T5922] usb 1-1: USB disconnect, device number 9 [ 323.889136][ T9276] fido_id[9276]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 325.175601][ T9304] netlink: 8 bytes leftover after parsing attributes in process `syz.2.951'. [ 325.184802][ T9304] netlink: 8 bytes leftover after parsing attributes in process `syz.2.951'. [ 325.749003][ T9311] lo: entered allmulticast mode [ 325.862853][ T9315] netlink: 4 bytes leftover after parsing attributes in process `syz.0.954'. [ 325.985784][ T9310] lo: left allmulticast mode [ 327.084307][ T10] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 327.245434][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 327.260360][ T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 327.277498][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 327.316188][ T10] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 327.342101][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.672102][ T10] usb 2-1: config 0 descriptor?? [ 328.386300][ T10] samsung 0003:0419:0600.000F: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.1-1/input0 [ 328.587296][ T24] usb 2-1: USB disconnect, device number 11 [ 328.860781][ T9346] fido_id[9346]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 329.434690][ T9360] lo: entered allmulticast mode [ 329.526092][ T9364] netlink: 4 bytes leftover after parsing attributes in process `syz.3.968'. [ 330.258311][ T9359] lo: left allmulticast mode [ 330.387950][ T9381] sp0: Synchronizing with TNC [ 330.394446][ T9381] [U] è [ 330.641283][ T9390] netlink: 4 bytes leftover after parsing attributes in process `syz.1.974'. [ 330.716457][ T1215] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 330.944543][ T1215] usb 4-1: Using ep0 maxpacket: 16 [ 330.951648][ T1215] usb 4-1: too many configurations: 139, using maximum allowed: 8 [ 331.096403][ T1215] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 331.104099][ T1215] usb 4-1: can't read configurations, error -61 [ 331.206666][ T5855] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 331.374390][ T5855] usb 2-1: Using ep0 maxpacket: 32 [ 331.382122][ T5855] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 331.404960][ T1215] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 331.406809][ T5855] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 331.476697][ T5855] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 331.495908][ T5855] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.517402][ T5855] usb 2-1: config 0 descriptor?? [ 331.576221][ T1215] usb 4-1: Using ep0 maxpacket: 16 [ 331.591653][ T1215] usb 4-1: too many configurations: 139, using maximum allowed: 8 [ 331.611896][ T1215] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 331.644348][ T1215] usb 4-1: can't read configurations, error -61 [ 331.668274][ T1215] usb usb4-port1: attempt power cycle [ 332.046018][ T1215] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 332.076548][ T1215] usb 4-1: Using ep0 maxpacket: 16 [ 332.084173][ T1215] usb 4-1: too many configurations: 139, using maximum allowed: 8 [ 332.095491][ T5855] samsung 0003:0419:0600.0010: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.1-1/input0 [ 332.108890][ T1215] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 332.175734][ T1215] usb 4-1: can't read configurations, error -61 [ 332.271793][ T5855] usb 2-1: USB disconnect, device number 12 [ 332.314505][ T1215] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 332.355173][ T1215] usb 4-1: Using ep0 maxpacket: 16 [ 332.405338][ T1215] usb 4-1: too many configurations: 139, using maximum allowed: 8 [ 332.507222][ T1215] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 332.522139][ T1215] usb 4-1: can't read configurations, error -61 [ 332.530044][ T1215] usb usb4-port1: unable to enumerate USB device [ 332.691977][ T9413] lo: entered allmulticast mode [ 332.755300][ T9415] netlink: 4 bytes leftover after parsing attributes in process `syz.4.983'. [ 332.940027][ T9412] lo: left allmulticast mode [ 332.988006][ T9419] FAULT_INJECTION: forcing a failure. [ 332.988006][ T9419] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 332.988093][ T9419] CPU: 0 UID: 0 PID: 9419 Comm: syz.1.984 Not tainted syzkaller #0 PREEMPT(full) [ 332.988113][ T9419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 332.988123][ T9419] Call Trace: [ 332.988128][ T9419] [ 332.988135][ T9419] dump_stack_lvl+0x16c/0x1f0 [ 332.988163][ T9419] should_fail_ex+0x512/0x640 [ 332.988188][ T9419] _copy_to_iter+0x463/0x1710 [ 332.988220][ T9419] ? __pfx__copy_to_iter+0x10/0x10 [ 332.988243][ T9419] ? fib_trie_get_next+0x26d/0x710 [ 332.988265][ T9419] ? find_held_lock+0x2b/0x80 [ 332.988287][ T9419] ? fib_trie_seq_stop+0x31/0xb0 [ 332.988305][ T9419] ? fib_trie_seq_next+0xbd/0x3d0 [ 332.988329][ T9419] seq_read_iter+0xcf8/0x12c0 [ 332.988364][ T9419] seq_read+0x3a3/0x570 [ 332.988381][ T9419] ? __pfx_seq_read+0x10/0x10 [ 332.988408][ T9419] ? avc_policy_seqno+0x9/0x20 [ 332.988431][ T9419] ? __pfx_seq_read+0x10/0x10 [ 332.988446][ T9419] proc_reg_read+0x23d/0x330 [ 332.988471][ T9419] ? __pfx_proc_reg_read+0x10/0x10 [ 332.988495][ T9419] vfs_read+0x1e4/0xcf0 [ 332.988519][ T9419] ? __pfx_vfs_read+0x10/0x10 [ 332.988533][ T9419] ? find_held_lock+0x2b/0x80 [ 332.988554][ T9419] ? __fget_files+0x204/0x3c0 [ 332.988577][ T9419] ? __fget_files+0x20e/0x3c0 [ 332.988603][ T9419] __x64_sys_pread64+0x1eb/0x250 [ 332.988622][ T9419] ? __pfx___x64_sys_pread64+0x10/0x10 [ 332.988648][ T9419] do_syscall_64+0xcd/0x4e0 [ 332.988673][ T9419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.988690][ T9419] RIP: 0033:0x7f45c158eec9 [ 332.988704][ T9419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.988720][ T9419] RSP: 002b:00007f45c24c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 332.988737][ T9419] RAX: ffffffffffffffda RBX: 00007f45c17e6090 RCX: 00007f45c158eec9 [ 332.988748][ T9419] RDX: 0000000000018fd3 RSI: 0000200000019180 RDI: 0000000000000004 [ 332.988758][ T9419] RBP: 00007f45c24c5090 R08: 0000000000000000 R09: 0000000000000000 [ 332.988768][ T9419] R10: 0000000000000c2a R11: 0000000000000246 R12: 0000000000000001 [ 332.988778][ T9419] R13: 00007f45c17e6128 R14: 00007f45c17e6090 R15: 00007ffcd8e92c98 [ 332.988802][ T9419] [ 334.555685][ T9442] Invalid source name [ 334.555716][ T9442] UBIFS error (pid: 9442): cannot open "./file0", error -22 [ 334.834571][ T5922] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 334.991066][ T5922] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 334.991104][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 334.991125][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 334.991137][ T5922] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 334.992038][ T5922] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 334.992052][ T5922] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 334.992063][ T5922] usb 5-1: Manufacturer: syz [ 334.993281][ T5922] usb 5-1: config 0 descriptor?? [ 335.351945][ T9450] FAULT_INJECTION: forcing a failure. [ 335.351945][ T9450] name failslab, interval 1, probability 0, space 0, times 0 [ 335.351987][ T9450] CPU: 0 UID: 0 PID: 9450 Comm: syz.4.991 Not tainted syzkaller #0 PREEMPT(full) [ 335.352007][ T9450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 335.352017][ T9450] Call Trace: [ 335.352023][ T9450] [ 335.352029][ T9450] dump_stack_lvl+0x16c/0x1f0 [ 335.352056][ T9450] should_fail_ex+0x512/0x640 [ 335.352074][ T9450] ? __kmalloc_noprof+0xbf/0x510 [ 335.352088][ T9450] ? do_handle_open+0x545/0xc50 [ 335.352098][ T9450] should_failslab+0xc2/0x120 [ 335.352111][ T9450] __kmalloc_noprof+0xd2/0x510 [ 335.352121][ T9450] ? bpf_lsm_capable+0x9/0x10 [ 335.352139][ T9450] do_handle_open+0x545/0xc50 [ 335.352151][ T9450] ? __pfx_do_handle_open+0x10/0x10 [ 335.352165][ T9450] ? __pfx___rdmsr_safe_on_cpu+0x10/0x10 [ 335.352177][ T9450] ? __pfx___rdmsr_safe_on_cpu+0x10/0x10 [ 335.352191][ T9450] ? do_syscall_64+0xcd/0x4e0 [ 335.352204][ T9450] do_syscall_64+0xcd/0x4e0 [ 335.352218][ T9450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.352229][ T9450] RIP: 0033:0x7fa35098eec9 [ 335.352238][ T9450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.352248][ T9450] RSP: 002b:00007fa351883038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 335.352258][ T9450] RAX: ffffffffffffffda RBX: 00007fa350be6090 RCX: 00007fa35098eec9 [ 335.352267][ T9450] RDX: 00000000001c7041 RSI: 0000200000000040 RDI: 0000000000000006 [ 335.352273][ T9450] RBP: 00007fa351883090 R08: 0000000000000000 R09: 0000000000000000 [ 335.352279][ T9450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 335.352285][ T9450] R13: 00007fa350be6128 R14: 00007fa350be6090 R15: 00007fff6bc2fe18 [ 335.352298][ T9450] [ 335.565572][ T5922] rc_core: IR keymap rc-hauppauge not found [ 335.565585][ T5922] Registered IR keymap rc-empty [ 335.565850][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.585419][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.606412][ T5922] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 335.608147][ T5922] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input9 [ 335.613442][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.625196][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.634824][ T9457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.995'. [ 335.649463][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.664645][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.684551][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.705127][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.726309][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.744434][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.764450][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.785299][ T5922] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 335.919766][ T5922] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 335.919780][ T5922] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 338.580081][ T9482] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1001'. [ 339.425208][ T43] usb 5-1: USB disconnect, device number 14 [ 340.956252][ T9516] Invalid source name [ 340.956281][ T9516] UBIFS error (pid: 9516): cannot open "./file0", error -22 [ 341.269457][ T30] audit: type=1400 audit(2000000180.760:393): avc: denied { map } for pid=9501 comm="syz.1.1008" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 342.361356][ T9535] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1016'. [ 342.822206][ T9542] fuse: Bad value for 'fd' [ 342.964548][ T9544] dlm: non-version read from control device 36 [ 343.413801][ T9562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1024'. [ 344.423953][ T9580] Invalid source name [ 344.429021][ T9580] UBIFS error (pid: 9580): cannot open "./file0", error -22 [ 344.896477][ T9584] fuse: Bad value for 'fd' [ 345.071211][ T9589] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=219 sclass=netlink_route_socket pid=9589 comm=syz.3.1030 [ 345.145855][ T30] audit: type=1400 audit(2000000184.650:394): avc: denied { read } for pid=9588 comm="syz.3.1030" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 345.577002][ T30] audit: type=1400 audit(2000000184.650:395): avc: denied { open } for pid=9588 comm="syz.3.1030" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 345.623610][ T30] audit: type=1400 audit(2000000184.680:396): avc: denied { ioctl } for pid=9588 comm="syz.3.1030" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0x556c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 345.693212][ T9597] lo: entered allmulticast mode [ 345.759126][ T9597] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1033'. [ 345.852557][ T9592] lo: left allmulticast mode [ 346.462693][ T9625] Invalid source name [ 346.468472][ T9625] UBIFS error (pid: 9625): cannot open "./file0", error -22 [ 347.998602][ T30] audit: type=1400 audit(2000000187.500:397): avc: denied { write } for pid=9630 comm="syz.4.1044" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 348.059071][ T9643] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1044'. [ 349.251878][ T5922] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 349.500341][ T5922] usb 5-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05 [ 349.511391][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.611236][ T5922] usb 5-1: Product: syz [ 349.624142][ T5922] usb 5-1: Manufacturer: syz [ 349.634542][ T5922] usb 5-1: SerialNumber: syz [ 349.676125][ T5922] usb 5-1: config 0 descriptor?? [ 349.712457][ T5922] go7007 5-1:0.0: probe with driver go7007 failed with error -12 [ 349.724499][ T1215] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 349.924302][ T1215] usb 4-1: Using ep0 maxpacket: 16 [ 349.926312][ T9653] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1050'. [ 349.941868][ T1215] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.953233][ T1215] usb 4-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 349.962846][ T1215] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.999701][ T1215] usb 4-1: config 0 descriptor?? [ 350.025266][ T10] usb 5-1: USB disconnect, device number 15 [ 350.210911][ T9677] Invalid source name [ 350.215079][ T9677] UBIFS error (pid: 9677): cannot open "./file0", error -22 [ 350.714451][ T1215] mcp2200 0003:04D8:00DF.0011: USB HID v0.05 Device [HID 04d8:00df] on usb-dummy_hcd.3-1/input0 [ 351.234375][ T43] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 351.528101][ T43] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 351.540191][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.680689][ T43] usb 1-1: config 0 descriptor?? [ 352.876439][ T43] pegasus 1-1:0.0: probe with driver pegasus failed with error -32 [ 353.003918][ T9705] lo: entered allmulticast mode [ 353.090297][ T9709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1066'. [ 353.156705][ T9704] lo: left allmulticast mode [ 353.159290][ T43] usb 4-1: USB disconnect, device number 18 [ 354.216983][ T1215] usb 1-1: USB disconnect, device number 10 [ 354.996916][ T9733] Invalid source name [ 355.001009][ T9733] UBIFS error (pid: 9733): cannot open "./file0", error -22 [ 355.752753][ T9747] lo: entered allmulticast mode [ 355.823334][ T9751] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1080'. [ 355.934159][ T9755] Invalid source name [ 355.938171][ T9755] UBIFS error (pid: 9755): cannot open "./file0", error -22 [ 355.983936][ T9745] lo: left allmulticast mode [ 356.670704][ T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 356.944832][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 356.960505][ T10] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 357.009847][ T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 357.069153][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.246523][ T9783] Invalid source name [ 357.250594][ T9783] UBIFS error (pid: 9783): cannot open "./file0", error -22 [ 359.214096][ T9802] Invalid source name [ 359.225515][ T9802] UBIFS error (pid: 9802): cannot open "./file0", error -22 [ 359.433181][ T24] usb 2-1: USB disconnect, device number 13 [ 361.369421][ T9841] Invalid source name [ 361.373544][ T9841] UBIFS error (pid: 9841): cannot open "./file0", error -22 [ 361.855316][ T1215] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 362.014498][ T24] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 362.044396][ T1215] usb 4-1: Using ep0 maxpacket: 32 [ 362.109569][ T1215] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 362.146754][ T1215] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 362.209346][ T1215] usb 4-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 362.218669][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 362.224413][ T1215] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.233594][ T24] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 362.273920][ T1215] usb 4-1: config 0 descriptor?? [ 362.279835][ T24] usb 3-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 362.436837][ T24] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 362.452523][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.489228][ T24] usbtmc 3-1:16.0: bulk endpoints not found [ 363.065505][ T1215] usbhid 4-1:0.0: can't add hid device: -71 [ 363.082962][ T1215] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 363.103615][ T1215] usb 4-1: USB disconnect, device number 19 [ 364.838889][ T1215] usb 3-1: USB disconnect, device number 13 [ 365.048494][ T9885] Invalid source name [ 365.052488][ T9885] UBIFS error (pid: 9885): cannot open "./file0", error -22 [ 367.354296][ T9919] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9919 comm=syz.2.1128 [ 367.854574][ T10] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 368.024312][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 368.031417][ T10] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 368.057225][ T10] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 368.142803][ T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 368.179002][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.216840][ T10] usbtmc 5-1:16.0: bulk endpoints not found [ 368.504905][ T9939] lo: entered allmulticast mode [ 368.569183][ T9942] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1137'. [ 369.987290][ T24] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 370.175683][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 370.204611][ T24] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 370.284610][ T10] usb 5-1: USB disconnect, device number 16 [ 370.388719][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 370.463182][ T24] usb 3-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 370.608665][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.648630][ T24] usb 3-1: config 0 descriptor?? [ 371.130051][ T9986] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1149'. [ 372.067268][ T24] usbhid 3-1:0.0: can't add hid device: -71 [ 372.176581][ T24] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 372.203343][ T24] usb 3-1: USB disconnect, device number 14 [ 373.014684][ T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 373.174548][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 373.218172][ T10] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 373.276319][ T10] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 373.320887][ T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 373.363191][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.462320][ T10] usbtmc 1-1:16.0: bulk endpoints not found [ 375.626132][T10036] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1163'. [ 376.020139][ T10] usb 1-1: USB disconnect, device number 11 [ 377.601080][T10059] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1169'. [ 378.116181][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.122514][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.727174][ T5859] Bluetooth: hci3: unexpected cc 0x2039 length: 9 > 1 [ 380.733986][ T5859] Bluetooth: hci3: unexpected event for opcode 0x2039 [ 381.804666][ T5922] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 382.324353][ T5922] usb 4-1: Using ep0 maxpacket: 8 [ 382.340843][ T5922] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 382.376907][ T5922] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 382.411193][ T5922] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 382.447517][ T5922] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 382.480988][ T5922] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 382.504297][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.585615][ T5922] usbtmc 4-1:16.0: bulk endpoints not found [ 382.783810][T10126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1189'. [ 382.889921][T10131] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1187'. [ 383.280097][T10140] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1191'. [ 383.826280][T10144] Invalid source name [ 383.830399][T10144] UBIFS error (pid: 10144): cannot open "./file0", error -22 [ 384.718910][ T1215] usb 4-1: USB disconnect, device number 20 [ 384.761093][ T5859] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 384.770990][ T5859] Bluetooth: hci3: Injecting HCI hardware error event [ 384.784693][ T5859] Bluetooth: hci3: hardware error 0x00 [ 384.822483][T10159] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1197'. [ 385.034512][ T5860] Bluetooth: hci3: unexpected cc 0x2039 length: 9 > 1 [ 385.041530][ T5860] Bluetooth: hci3: unexpected event for opcode 0x2039 [ 385.068079][T10163] hugetlbfs: syz.0.1197 (10163): Using mlock ulimits for SHM_HUGETLB is obsolete [ 385.830251][T10173] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1200'. [ 386.284056][T10173] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1200'. [ 386.914282][ T5859] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 387.776491][T10190] Invalid source name [ 387.780558][T10190] UBIFS error (pid: 10190): cannot open "./file0", error -22 [ 388.134129][T10196] Invalid source name [ 388.147039][T10196] UBIFS error (pid: 10196): cannot open "./file0", error -22 [ 388.626408][ T43] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 389.147026][T10215] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1213'. [ 389.234309][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 389.241506][ T43] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 389.253451][ T43] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 389.335508][ T43] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 389.437166][ T43] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 389.523716][ T43] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 389.552839][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.609001][ T43] usbtmc 1-1:16.0: bulk endpoints not found [ 390.586396][T10239] Invalid source name [ 390.590449][T10239] UBIFS error (pid: 10239): cannot open "./file0", error -22 [ 391.220541][ T43] usb 1-1: USB disconnect, device number 12 [ 395.064342][ T10] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 395.080992][T10285] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1234'. [ 395.219675][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 395.242301][ T10] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 395.335825][ T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 395.377447][ T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 395.404596][ T10] usb 2-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 395.434693][ T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 395.454125][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.496661][ T43] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 395.496969][ T10] usbtmc 2-1:16.0: bulk endpoints not found [ 395.654658][ T43] usb 3-1: Using ep0 maxpacket: 32 [ 395.661893][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 395.680197][ T43] usb 3-1: New USB device found, idVendor=05ac, idProduct=029a, bcdDevice= 0.00 [ 395.730227][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.755213][ T43] usb 3-1: config 0 descriptor?? [ 396.181275][ T43] usb 3-1: string descriptor 0 read error: -71 [ 396.191351][ T43] usbhid 3-1:0.0: can't add hid device: -71 [ 396.198091][ T43] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 396.222206][ T43] usb 3-1: USB disconnect, device number 15 [ 397.516656][ T5982] usb 2-1: USB disconnect, device number 14 [ 398.755322][T10339] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1250'. [ 399.673571][ T43] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 399.708797][T10363] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1259'. [ 399.932862][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 399.971781][ T43] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 400.022353][ T43] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 400.167064][ T43] usb 2-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 400.182666][ T43] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 400.206112][ T43] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 400.222269][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.303773][ T43] usbtmc 2-1:16.0: bulk endpoints not found [ 402.519471][ T5982] usb 2-1: USB disconnect, device number 15 [ 402.563170][T10386] Invalid source name [ 402.567211][T10386] UBIFS error (pid: 10386): cannot open "./file0", error -22 [ 402.929842][T10405] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1271'. [ 403.854312][ T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 404.287054][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 404.293927][ T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 404.315374][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 404.328708][ T10] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 404.338788][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.352557][ T10] usb 1-1: config 0 descriptor?? [ 404.414308][ T5855] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 404.564437][ T5855] usb 2-1: Using ep0 maxpacket: 8 [ 404.575039][ T5855] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 404.590006][ T5855] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 404.643009][ T5855] usb 2-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 404.644528][T10431] Invalid source name [ 404.653993][ T5855] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 404.671964][T10431] UBIFS error (pid: 10431): cannot open "./file0", error -22 [ 404.674483][ T5855] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 404.691172][ T5855] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.096117][ T10] samsung 0003:0419:0600.0012: item fetching failed at offset 4/5 [ 405.113451][ T5855] usbtmc 2-1:16.0: bulk endpoints not found [ 405.120334][ T10] samsung 0003:0419:0600.0012: parse failed [ 405.163400][ T10] samsung 0003:0419:0600.0012: probe with driver samsung failed with error -22 [ 405.203310][ T10] usb 1-1: USB disconnect, device number 13 [ 406.990864][ T43] usb 2-1: USB disconnect, device number 16 [ 406.998599][T10462] fuse: Bad value for 'group_id' [ 407.012056][T10462] fuse: Bad value for 'group_id' [ 408.838457][T10489] Invalid source name [ 408.842514][T10489] UBIFS error (pid: 10489): cannot open "./file0", error -22 [ 409.842220][T10501] fuse: Bad value for 'group_id' [ 409.857875][T10501] fuse: Bad value for 'group_id' [ 410.421714][ T10] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 410.584405][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 410.597432][ T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 410.610381][ T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 410.627383][ T10] usb 2-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 410.640852][ T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 410.682407][ T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 410.708511][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.793356][ T10] usbtmc 2-1:16.0: bulk endpoints not found [ 411.582518][T10522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1310'. [ 412.004376][ T43] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 412.184326][ T43] usb 3-1: Using ep0 maxpacket: 32 [ 412.220434][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.359492][ T43] usb 3-1: New USB device found, idVendor=05ac, idProduct=029a, bcdDevice= 0.00 [ 412.485081][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.514720][ T43] usb 3-1: config 0 descriptor?? [ 412.830333][ T5855] usb 2-1: USB disconnect, device number 17 [ 413.248584][T10532] Invalid source name [ 413.252695][T10532] UBIFS error (pid: 10532): cannot open "./file0", error -22 [ 413.295579][ T43] usb 3-1: string descriptor 0 read error: -71 [ 413.332877][ T43] usbhid 3-1:0.0: can't add hid device: -71 [ 413.345683][ T43] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 413.392191][ T43] usb 3-1: USB disconnect, device number 16 [ 413.495054][ T30] audit: type=1400 audit(2000000252.980:398): avc: denied { read append } for pid=10540 comm="syz.1.1316" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 413.590836][ T30] audit: type=1400 audit(2000000253.020:399): avc: denied { open } for pid=10540 comm="syz.1.1316" path="/248/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 414.477716][T10559] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1320'. [ 415.124180][ T30] audit: type=1400 audit(2000000254.620:400): avc: denied { unmount } for pid=6214 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 418.294330][ T1215] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 418.484413][ T1215] usb 3-1: Using ep0 maxpacket: 8 [ 418.490733][ T1215] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 418.500757][ T1215] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 418.530514][ T1215] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 418.565771][ T1215] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 418.594544][ T1215] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 418.624312][ T1215] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 418.654264][ T1215] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.681837][ T1215] usbtmc 3-1:16.0: probe with driver usbtmc failed with error -22 [ 418.684669][ T10] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 418.886167][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 418.965094][ T10] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 419.082315][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 419.195217][ T10] usb 5-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 419.748822][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.759388][ T10] usb 5-1: config 0 descriptor?? [ 420.192491][T10601] lo: entered allmulticast mode [ 420.461600][ T10] samsung 0003:0419:0600.0013: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.4-1/input0 [ 420.476493][T10605] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1331'. [ 420.648760][ T10] usb 5-1: USB disconnect, device number 17 [ 420.733300][T10600] lo: left allmulticast mode [ 420.824790][ T1215] usb 3-1: USB disconnect, device number 17 [ 421.994323][ T10] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 422.144335][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 422.506471][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 422.530394][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 422.552885][ T10] usb 3-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 422.580267][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.591405][ T10] usb 3-1: config 0 descriptor?? [ 423.606360][ T10] samsung 0003:0419:0600.0014: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.2-1/input0 [ 424.318521][ T5855] usb 3-1: USB disconnect, device number 18 [ 424.355757][ T10] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 424.604327][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 424.611359][ T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 424.621581][ T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 424.635756][ T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 424.657889][ T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 424.671863][ T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 424.688546][ T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 424.698230][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.718262][ T10] usbtmc 2-1:16.0: probe with driver usbtmc failed with error -22 [ 427.327669][ T24] usb 2-1: USB disconnect, device number 18 [ 428.278956][T10704] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1358'. [ 428.554288][ T10] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 428.744641][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 428.755735][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 428.772785][ T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=029a, bcdDevice= 0.00 [ 428.785555][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.843625][ T10] usb 3-1: config 0 descriptor?? [ 429.291658][ T10] usb 3-1: string descriptor 0 read error: -71 [ 429.302167][ T10] usbhid 3-1:0.0: can't add hid device: -71 [ 429.384758][ T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 429.396678][ T10] usb 3-1: USB disconnect, device number 19 [ 430.139838][T10733] Invalid source name [ 430.143829][T10733] UBIFS error (pid: 10733): cannot open "./file0", error -22 [ 430.224307][ T43] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 430.410007][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 430.430670][ T43] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 430.455724][ T43] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 430.499268][ T43] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 430.723655][ T43] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 430.739570][ T43] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 430.775843][ T43] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 430.788714][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.838785][ T43] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22 [ 431.142400][T10743] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1369'. [ 431.643812][T10757] lo: entered allmulticast mode [ 431.707179][T10760] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1375'. [ 431.716198][ T1215] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 431.789245][T10756] lo: left allmulticast mode [ 431.884318][ T1215] usb 4-1: Using ep0 maxpacket: 32 [ 431.890866][ T1215] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 431.904185][ T1215] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 431.918476][ T1215] usb 4-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 431.930349][ T1215] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.951818][ T1215] usb 4-1: config 0 descriptor?? [ 432.239021][T10769] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1378'. [ 432.651465][ T10] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 432.707098][ T1215] samsung 0003:0419:0600.0015: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.3-1/input0 [ 432.732830][ T1215] usb 4-1: USB disconnect, device number 21 [ 432.914857][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 432.932225][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 432.949297][ T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=029a, bcdDevice= 0.00 [ 432.969770][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.059723][T10772] fido_id[10772]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 433.107935][ T5855] usb 1-1: USB disconnect, device number 14 [ 433.593342][ T10] usb 5-1: config 0 descriptor?? [ 433.944676][ T5855] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 434.637095][ T10] usb 5-1: string descriptor 0 read error: -71 [ 434.664386][ T5855] usb 1-1: Using ep0 maxpacket: 32 [ 434.670737][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 434.683020][T10792] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1384'. [ 434.690141][ T5855] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 434.707225][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 434.718383][ T10] usb 5-1: USB disconnect, device number 18 [ 434.733199][T10794] fuse: Unknown parameter 'grou00000000000000000000' [ 434.833910][ T5855] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 434.887915][ T5855] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 434.917105][ T5855] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.944772][ T5855] usb 1-1: config 0 descriptor?? [ 435.134328][ T1215] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 435.274656][ T5922] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 435.294293][ T1215] usb 4-1: Using ep0 maxpacket: 32 [ 435.300948][ T1215] usb 4-1: no configurations [ 435.305813][ T1215] usb 4-1: can't read configurations, error -22 [ 435.453118][ T1215] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 435.455306][ T5855] samsung 0003:0419:0600.0016: item fetching failed at offset 4/5 [ 435.694967][ T5922] usb 3-1: Using ep0 maxpacket: 8 [ 435.724125][ T5922] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 435.737266][ T5855] samsung 0003:0419:0600.0016: parse failed [ 435.743347][ T5922] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 435.753222][ T5855] samsung 0003:0419:0600.0016: probe with driver samsung failed with error -22 [ 435.766957][ T5922] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 435.784086][ T5922] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 435.801622][ T5922] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 435.814164][ T5855] usb 1-1: USB disconnect, device number 15 [ 435.825334][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.844309][ T1215] usb 4-1: Using ep0 maxpacket: 32 [ 435.851806][ T1215] usb 4-1: no configurations [ 435.859611][ T1215] usb 4-1: can't read configurations, error -22 [ 436.154636][ T5922] usb 3-1: GET_CAPABILITIES returned 0 [ 436.168622][ T5922] usbtmc 3-1:16.0: can't read capabilities [ 436.177922][ T1215] usb usb4-port1: attempt power cycle [ 436.528006][ T5855] usb 3-1: USB disconnect, device number 20 [ 436.584796][ T1215] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 436.625323][ T1215] usb 4-1: Using ep0 maxpacket: 32 [ 436.631082][ T1215] usb 4-1: no configurations [ 436.636350][ T1215] usb 4-1: can't read configurations, error -22 [ 436.764419][ T1215] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 436.880425][ T1215] usb 4-1: Using ep0 maxpacket: 32 [ 436.888800][ T1215] usb 4-1: no configurations [ 436.893424][ T1215] usb 4-1: can't read configurations, error -22 [ 436.901650][ T1215] usb usb4-port1: unable to enumerate USB device [ 437.265692][ T1215] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 437.454408][ T1215] usb 1-1: Using ep0 maxpacket: 32 [ 437.587646][ T1215] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 437.599391][ T1215] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 437.619088][ T1215] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 437.628366][ T1215] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.651645][ T1215] usb 1-1: config 0 descriptor?? [ 438.076485][T10841] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1398'. [ 438.470404][ T1215] samsung 0003:0419:0600.0017: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.0-1/input0 [ 438.683758][ T5922] usb 1-1: USB disconnect, device number 16 [ 438.700799][T10848] fido_id[10848]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 438.951537][T10855] Invalid source name [ 438.955637][T10855] UBIFS error (pid: 10855): cannot open "./file0", error -22 [ 439.555089][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.584311][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.984378][ T1215] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 441.164352][ T1215] usb 5-1: Using ep0 maxpacket: 32 [ 441.177294][ T1215] usb 5-1: no configurations [ 441.191126][ T1215] usb 5-1: can't read configurations, error -22 [ 441.344358][ T1215] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 441.544400][ T1215] usb 5-1: Using ep0 maxpacket: 32 [ 441.563985][ T1215] usb 5-1: no configurations [ 441.582382][ T1215] usb 5-1: can't read configurations, error -22 [ 441.602017][ T1215] usb usb5-port1: attempt power cycle [ 441.964543][ T1215] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 442.004979][ T1215] usb 5-1: Using ep0 maxpacket: 32 [ 442.010665][ T1215] usb 5-1: no configurations [ 442.016412][T10891] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1412'. [ 442.026500][ T1215] usb 5-1: can't read configurations, error -22 [ 442.174901][ T1215] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 442.224821][ T1215] usb 5-1: Using ep0 maxpacket: 32 [ 442.234560][ T1215] usb 5-1: no configurations [ 442.239178][ T1215] usb 5-1: can't read configurations, error -22 [ 442.330714][ T1215] usb usb5-port1: unable to enumerate USB device [ 442.341734][T10896] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1413'. [ 442.653441][T10902] fuse: Unknown parameter 'grou00000000000000000000' [ 443.124303][ T5922] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 443.294362][ T5922] usb 4-1: Using ep0 maxpacket: 32 [ 443.302926][ T5922] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 443.325551][ T5922] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 443.352755][ T5922] usb 4-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 443.376418][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.403283][ T5922] usb 4-1: config 0 descriptor?? [ 444.404809][ T5922] samsung 0003:0419:0600.0018: hidraw0: USB HID v10.00 Device [HID 0419:0600] on usb-dummy_hcd.3-1/input0 [ 445.184966][ T5922] usb 4-1: USB disconnect, device number 26 [ 445.346760][T10925] fido_id[10925]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 447.650372][ T30] audit: type=1400 audit(2000000287.150:401): avc: denied { write } for pid=10947 comm="syz.4.1429" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 449.476460][T10972] lo: entered allmulticast mode [ 449.547711][T10975] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1435'. [ 449.600060][T10970] lo: left allmulticast mode [ 452.624969][T11015] lo: entered allmulticast mode [ 452.774970][T11020] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1447'. [ 452.795391][T11014] lo: left allmulticast mode [ 452.944277][ T5922] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 453.228867][ T5922] usb 1-1: Using ep0 maxpacket: 32 [ 453.306455][ T5922] usb 1-1: no configurations [ 453.311077][ T5922] usb 1-1: can't read configurations, error -22 [ 453.366841][T11027] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1451'. [ 453.464870][ T5922] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 454.371747][ T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 454.404549][ T5922] usb 1-1: Using ep0 maxpacket: 32 [ 454.410380][ T5922] usb 1-1: no configurations [ 454.415349][ T5922] usb 1-1: can't read configurations, error -22 [ 454.423364][ T5922] usb usb1-port1: attempt power cycle [ 454.544976][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 454.552145][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 454.604977][ T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=029a, bcdDevice= 0.00 [ 454.644520][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.904598][ T5922] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 455.654810][ T5922] usb 1-1: Using ep0 maxpacket: 32 [ 455.660521][ T5922] usb 1-1: no configurations [ 455.665472][ T5922] usb 1-1: can't read configurations, error -22 [ 455.673246][ T9] usb 5-1: config 0 descriptor?? [ 455.794310][ T5922] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 456.014265][ T5922] usb 1-1: device not accepting address 20, error -71 [ 456.031503][ T5922] usb usb1-port1: unable to enumerate USB device [ 456.130111][ T9] usb 5-1: string descriptor 0 read error: -71 [ 456.394332][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 456.400578][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 456.429136][ T9] usb 5-1: USB disconnect, device number 23 [ 458.031602][ T30] audit: type=1400 audit(2000000297.530:402): avc: denied { create } for pid=11070 comm="syz.3.1462" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 458.053552][T11074] CUSE: info not properly terminated [ 458.060642][T11074] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 459.282895][ T30] audit: type=1400 audit(2000000298.780:403): avc: denied { module_request } for pid=11086 comm="syz.2.1467" kmod="netdev-syz_tun" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 459.334690][T11090] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1467'. [ 459.718565][T11102] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1470'. [ 460.004307][ T9] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 460.174579][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 460.192669][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 460.250462][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=029a, bcdDevice= 0.00 [ 460.278397][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.317457][ T9] usb 3-1: config 0 descriptor?? [ 461.787270][ T9] usb 3-1: string descriptor 0 read error: -71 [ 461.805434][ T9] usbhid 3-1:0.0: can't add hid device: -71 [ 461.815218][ T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 461.842853][ T9] usb 3-1: USB disconnect, device number 21 [ 463.594676][T11130] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1478'. [ 463.700885][T11135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1479'. [ 465.027469][T11149] Invalid source name [ 465.031480][T11149] UBIFS error (pid: 11149): cannot open "./file0", error -22 [ 466.034275][ T24] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 466.505019][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 466.562081][ T24] usb 1-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 466.589883][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.688561][ T24] usb 1-1: Product: syz [ 466.733096][T11191] Invalid source name [ 466.737107][T11191] UBIFS error (pid: 11191): cannot open "./file0", error -22 [ 466.771850][ T24] usb 1-1: Manufacturer: syz [ 466.940060][ T24] usb 1-1: SerialNumber: syz [ 467.011214][ T24] usb 1-1: config 0 descriptor?? [ 467.040150][ T24] gspca_main: sq905-2.14.0 probing 2770:9120 [ 467.648789][T11155] netlink: del zone limit has 4 unknown bytes [ 467.678687][ T24] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 467.708767][ T24] sq905 1-1:0.0: probe with driver sq905 failed with error -71 [ 467.747645][ T24] usb 1-1: USB disconnect, device number 21 [ 467.904017][ T30] audit: type=1400 audit(2000000307.370:404): avc: denied { ioctl } for pid=11198 comm="syz.1.1499" path="socket:[32169]" dev="sockfs" ino=32169 ioctlcmd=0x7459 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 467.997291][ T30] audit: type=1400 audit(2000000307.500:405): avc: denied { accept } for pid=11198 comm="syz.1.1499" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 468.062578][ T30] audit: type=1400 audit(2000000307.500:406): avc: denied { ioctl } for pid=11198 comm="syz.1.1499" path="socket:[32166]" dev="sockfs" ino=32166 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 468.087239][ C0] vkms_vblank_simulate: vblank timer overrun [ 469.147724][T11224] Invalid source name [ 469.151730][T11224] UBIFS error (pid: 11224): cannot open "./file0", error -22 [ 469.952449][T11241] mmap: syz.3.1513 (11241): VmData 37474304 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 469.994509][ T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 470.156867][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 470.169245][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.394302][ T30] audit: type=1400 audit(2000000309.800:407): avc: denied { watch } for pid=11244 comm="syz.0.1515" path="/316/control" dev="tmpfs" ino=1678 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 470.527408][ T9] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 470.624712][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.704186][ T9] usb 2-1: config 0 descriptor?? [ 472.884987][ T30] audit: type=1400 audit(2000000312.380:408): avc: denied { mounton } for pid=11273 comm="syz.4.1522" path="/bus" dev="ramfs" ino=32340 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 473.221800][T11279] bridge0: port 3(veth0_to_bridge) entered blocking state [ 473.239515][T11279] bridge0: port 3(veth0_to_bridge) entered disabled state [ 473.314610][T11279] veth0_to_bridge: entered allmulticast mode [ 473.391211][T11279] veth0_to_bridge: entered promiscuous mode [ 473.442390][T11279] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 473.487181][T11280] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1523'. [ 473.511372][T11279] bridge0: port 3(veth0_to_bridge) entered blocking state [ 473.518919][T11279] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 473.551258][ T30] audit: type=1400 audit(2000000313.040:409): avc: denied { getopt } for pid=11278 comm="syz.0.1523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 473.735170][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 473.741175][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 473.902654][ T9] usb 2-1: USB disconnect, device number 19 [ 477.964356][ T30] audit: type=1400 audit(2000000317.440:410): avc: denied { setopt } for pid=11320 comm="syz.3.1534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 479.034326][ T30] audit: type=1400 audit(2000000318.520:411): avc: denied { mounton } for pid=11320 comm="syz.3.1534" path="/proc/954/task" dev="proc" ino=33066 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 479.131349][ T30] audit: type=1400 audit(2000000318.630:412): avc: denied { listen } for pid=11334 comm="syz.4.1537" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 479.431536][T11342] FAULT_INJECTION: forcing a failure. [ 479.431536][T11342] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 479.556430][T11344] evm: overlay not supported [ 479.592123][T11342] CPU: 1 UID: 0 PID: 11342 Comm: syz.0.1540 Not tainted syzkaller #0 PREEMPT(full) [ 479.592147][T11342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 479.592156][T11342] Call Trace: [ 479.592161][T11342] [ 479.592167][T11342] dump_stack_lvl+0x16c/0x1f0 [ 479.592201][T11342] should_fail_ex+0x512/0x640 [ 479.592226][T11342] _copy_from_user+0x2e/0xd0 [ 479.592251][T11342] arp_ioctl+0x185/0xcd0 [ 479.592270][T11342] ? __pfx_arp_ioctl+0x10/0x10 [ 479.592297][T11342] ? avc_has_extended_perms+0x47c/0x1090 [ 479.592319][T11342] inet_ioctl+0x362/0x3f0 [ 479.592345][T11342] ? __pfx_inet_ioctl+0x10/0x10 [ 479.592383][T11342] ? tomoyo_path_number_perm+0x18d/0x580 [ 479.592412][T11342] sock_do_ioctl+0x118/0x280 [ 479.592437][T11342] ? __pfx_sock_do_ioctl+0x10/0x10 [ 479.592466][T11342] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 479.592493][T11342] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 479.592522][T11342] sock_ioctl+0x227/0x6b0 [ 479.592538][T11342] ? __pfx_sock_ioctl+0x10/0x10 [ 479.592552][T11342] ? hook_file_ioctl_common+0x145/0x410 [ 479.592576][T11342] ? selinux_file_ioctl+0x180/0x270 [ 479.592598][T11342] ? selinux_file_ioctl+0xb4/0x270 [ 479.592623][T11342] ? __pfx_sock_ioctl+0x10/0x10 [ 479.592639][T11342] __x64_sys_ioctl+0x18b/0x210 [ 479.592666][T11342] do_syscall_64+0xcd/0x4e0 [ 479.592690][T11342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.592707][T11342] RIP: 0033:0x7fb03838eec9 [ 479.592720][T11342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.592736][T11342] RSP: 002b:00007fb039279038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 479.592753][T11342] RAX: ffffffffffffffda RBX: 00007fb0385e5fa0 RCX: 00007fb03838eec9 [ 479.592764][T11342] RDX: 0000200000000300 RSI: 0000000000008953 RDI: 0000000000000003 [ 479.592775][T11342] RBP: 00007fb039279090 R08: 0000000000000000 R09: 0000000000000000 [ 479.592784][T11342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 479.592794][T11342] R13: 00007fb0385e6038 R14: 00007fb0385e5fa0 R15: 00007ffd201a2d88 [ 479.592817][T11342] [ 479.866042][ T10] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 480.104429][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 480.113986][ T10] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 480.132035][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.142019][ T10] usb 2-1: Product: syz [ 480.146777][ T10] usb 2-1: Manufacturer: syz [ 480.151426][ T10] usb 2-1: SerialNumber: syz [ 480.158679][ T10] usb 2-1: config 0 descriptor?? [ 480.364382][ T1215] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 480.527830][ T1215] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 480.575405][ T1215] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 480.761964][ T1215] usb 1-1: config 220 has no interface number 2 [ 480.834837][ T1215] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 480.872173][ T1215] usb 1-1: config 220 interface 0 has no altsetting 0 [ 480.889716][ T1215] usb 1-1: config 220 interface 76 has no altsetting 0 [ 480.906520][ T1215] usb 1-1: config 220 interface 1 has no altsetting 0 [ 480.926339][ T1215] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 480.937755][ T1215] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.958485][ T1215] usb 1-1: Product: syz [ 480.967148][ T1215] usb 1-1: Manufacturer: syz [ 480.981833][ T1215] usb 1-1: SerialNumber: syz [ 483.945123][ T1215] usb 1-1: selecting invalid altsetting 0 [ 483.964666][ T1215] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 483.984864][ T1215] usb 1-1: No valid video chain found. [ 484.004348][ T5922] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 484.026500][ T1215] usb 1-1: selecting invalid altsetting 0 [ 484.034170][ T1215] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 484.058354][ T10] peak_usb 2-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 484.060413][ T1215] usb 1-1: USB disconnect, device number 22 [ 484.126796][ T10] peak_usb 2-1:0.0: unable to read PCAN-USB Pro firmware info (err -71) [ 484.325555][ T5922] usb 4-1: Using ep0 maxpacket: 8 [ 484.344896][ T5922] usb 4-1: unable to get BOS descriptor or descriptor too short [ 484.361812][ T5922] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 484.476307][ T5922] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 484.486226][ T5922] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 484.995938][ T5922] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 485.005914][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.037703][ T5922] usb 4-1: Product: syz [ 485.044967][ T10] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -71 [ 485.061256][ T10] usb 2-1: USB disconnect, device number 20 [ 485.091471][ T5922] usb 4-1: Manufacturer: syz [ 485.118281][ T5922] usb 4-1: SerialNumber: syz [ 485.355906][ T5922] cdc_ncm 4-1:1.0: bind() failure [ 487.282462][ T5922] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 487.335301][ T5922] cdc_ncm 4-1:1.1: bind() failure [ 487.440442][ T5922] usb 4-1: USB disconnect, device number 27 [ 487.916712][T11418] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1559'. [ 488.087935][ T5922] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 488.329294][T11421] overlayfs: conflicting lowerdir path [ 488.341613][T11398] ISOFS: Unable to identify CD-ROM format. [ 488.366613][T11421] netlink: 'syz.4.1561': attribute type 10 has an invalid length. [ 488.381155][T11421] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 488.485894][ T5922] usb 4-1: Using ep0 maxpacket: 32 [ 488.492644][ T5922] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 488.514304][ T5922] usb 4-1: can't read configurations, error -61 [ 488.624343][ C0] hrtimer: interrupt took 86374 ns [ 488.809232][ T5922] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 489.054952][ T5922] usb 4-1: Using ep0 maxpacket: 32 [ 489.277176][ T5922] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 489.298303][ T30] audit: type=1400 audit(2000000328.790:413): avc: denied { ioctl } for pid=11424 comm="syz.2.1562" path="socket:[34290]" dev="sockfs" ino=34290 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 489.325467][ T5922] usb 4-1: can't read configurations, error -61 [ 489.338417][ T5922] usb usb4-port1: attempt power cycle [ 490.014288][ T5922] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 490.065105][ T5922] usb 4-1: Using ep0 maxpacket: 32 [ 490.091676][T11446] FAULT_INJECTION: forcing a failure. [ 490.091676][T11446] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 490.105606][T11446] CPU: 0 UID: 0 PID: 11446 Comm: syz.2.1566 Not tainted syzkaller #0 PREEMPT(full) [ 490.105629][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 490.105639][T11446] Call Trace: [ 490.105645][T11446] [ 490.105651][T11446] dump_stack_lvl+0x16c/0x1f0 [ 490.105678][T11446] should_fail_ex+0x512/0x640 [ 490.105703][T11446] _copy_from_user+0x2e/0xd0 [ 490.105728][T11446] copy_msghdr_from_user+0x98/0x160 [ 490.105751][T11446] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 490.105770][T11446] ? trace_sched_exit_tp+0xd1/0x120 [ 490.105801][T11446] ___sys_sendmsg+0xfe/0x1d0 [ 490.105823][T11446] ? __pfx____sys_sendmsg+0x10/0x10 [ 490.105843][T11446] ? lockdep_hardirqs_on+0x7c/0x110 [ 490.105888][T11446] ? fdget+0x176/0x210 [ 490.105910][T11446] __sys_sendmmsg+0x200/0x420 [ 490.105934][T11446] ? __pfx___sys_sendmmsg+0x10/0x10 [ 490.105961][T11446] ? lockdep_hardirqs_on+0x7c/0x110 [ 490.105981][T11446] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 490.106014][T11446] ? fput+0x9b/0xd0 [ 490.106037][T11446] ? xfd_validate_state+0x61/0x180 [ 490.106061][T11446] ? __pfx_ksys_write+0x10/0x10 [ 490.106088][T11446] __x64_sys_sendmmsg+0x9c/0x100 [ 490.106108][T11446] ? lockdep_hardirqs_on+0x7c/0x110 [ 490.106129][T11446] do_syscall_64+0xcd/0x4e0 [ 490.106153][T11446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.106170][T11446] RIP: 0033:0x7f0a9898eec9 [ 490.106183][T11446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.106199][T11446] RSP: 002b:00007f0a997ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 490.106216][T11446] RAX: ffffffffffffffda RBX: 00007f0a98be6090 RCX: 00007f0a9898eec9 [ 490.106226][T11446] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000004 [ 490.106236][T11446] RBP: 00007f0a997ef090 R08: 0000000000000000 R09: 0000000000000000 [ 490.106246][T11446] R10: 0000000004001c00 R11: 0000000000000246 R12: 0000000000000001 [ 490.106256][T11446] R13: 00007f0a98be6128 R14: 00007f0a98be6090 R15: 00007ffd48cba858 [ 490.106279][T11446] [ 490.593545][ T5922] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 490.601225][ T5922] usb 4-1: can't read configurations, error -71 [ 492.010992][T11469] ptrace attach of "./syz-executor exec"[5852] was attempted by "./syz-executor exec"[11469] [ 492.021632][T11473] fuse: Bad value for 'fd' [ 492.129259][ T30] audit: type=1400 audit(2000000331.630:414): avc: denied { write } for pid=11453 comm="syz.0.1569" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 492.230551][T11480] lo: entered allmulticast mode [ 492.405537][T11479] lo: left allmulticast mode [ 493.746475][T11517] fuse: Bad value for 'fd' [ 494.199475][T11525] lo: entered allmulticast mode [ 494.305164][T11524] lo: left allmulticast mode [ 494.424428][ T5982] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 494.594348][ T5982] usb 4-1: Using ep0 maxpacket: 8 [ 494.607770][ T5982] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 494.625276][ T5982] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.643681][ T5982] usb 4-1: Product: syz [ 494.651995][ T5982] usb 4-1: Manufacturer: syz [ 494.661758][ T5982] usb 4-1: SerialNumber: syz [ 494.668973][ T5982] usb 4-1: config 0 descriptor?? [ 494.946984][ T5982] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 496.010983][T11557] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1598'. [ 497.403482][ T5982] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 497.722431][ T5855] usb 4-1: USB disconnect, device number 32 [ 499.541190][T11601] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1609'. [ 499.789339][T11601] netlink: 'syz.0.1609': attribute type 5 has an invalid length. [ 499.909658][ T30] audit: type=1400 audit(2000000339.400:415): avc: denied { lock } for pid=11593 comm="syz.0.1609" path="socket:[34586]" dev="sockfs" ino=34586 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 500.270385][T11601] netlink: 220 bytes leftover after parsing attributes in process `syz.0.1609'. [ 500.279897][T11601] netlink: 220 bytes leftover after parsing attributes in process `syz.0.1609'. [ 500.350884][ T30] audit: type=1400 audit(2000000339.850:416): avc: denied { getopt } for pid=11610 comm="syz.2.1613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 501.164053][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.170768][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.385793][T11588] overlayfs: missing 'workdir' [ 501.514056][ T30] audit: type=1400 audit(2000000340.980:417): avc: denied { connect } for pid=11587 comm="syz.3.1607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 501.828452][ T30] audit: type=1400 audit(2000000341.000:418): avc: denied { getopt } for pid=11587 comm="syz.3.1607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 503.784260][ T1215] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 503.944406][ T1215] usb 4-1: Using ep0 maxpacket: 32 [ 503.992095][ T1215] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 504.000693][ T1215] usb 4-1: config 0 has no interface number 0 [ 504.007806][ T1215] usb 4-1: config 0 interface 12 has no altsetting 0 [ 504.020685][ T1215] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 504.031005][ T1215] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.039202][ T1215] usb 4-1: Product: syz [ 504.043336][ T1215] usb 4-1: Manufacturer: syz [ 504.051890][ T1215] usb 4-1: SerialNumber: syz [ 504.095275][ T1215] usb 4-1: config 0 descriptor?? [ 504.111833][ T30] audit: type=1400 audit(2000000343.610:419): avc: denied { read } for pid=11660 comm="syz.4.1626" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 504.143490][ T30] audit: type=1400 audit(2000000343.610:420): avc: denied { open } for pid=11660 comm="syz.4.1626" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 504.344633][ T5922] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 504.394256][ T5982] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 504.504351][ T5922] usb 1-1: Using ep0 maxpacket: 32 [ 504.528518][ T5922] usb 1-1: config 0 has no interfaces? [ 504.573806][ T5922] usb 1-1: New USB device found, idVendor=061d, idProduct=c140, bcdDevice=ce.6f [ 504.584289][ T5982] usb 5-1: Using ep0 maxpacket: 16 [ 504.586280][ T5922] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.605217][ T5982] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 504.607263][ T5922] usb 1-1: Product: syz [ 504.634248][ T5922] usb 1-1: Manufacturer: syz [ 504.639159][ T5922] usb 1-1: SerialNumber: syz [ 504.707471][ T1215] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 504.715217][ T5982] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 504.728759][ T5922] usb 1-1: config 0 descriptor?? [ 504.754481][ T1215] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 504.761793][ T1215] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 504.761878][ T5982] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.778597][ T1215] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 504.794359][ T1215] usb 4-1: USB disconnect, device number 33 [ 504.808620][ T5982] usb 5-1: config 0 descriptor?? [ 504.841730][ T5982] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input10 [ 506.264754][ T1215] usb 1-1: USB disconnect, device number 23 [ 507.472955][ T30] audit: type=1400 audit(2000000346.970:421): avc: denied { create } for pid=11692 comm="syz.1.1635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 507.624854][ T5205] bcm5974 5-1:0.0: could not read from device [ 507.736954][ T5205] bcm5974 5-1:0.0: could not read from device [ 507.828809][ T5982] bcm5974 5-1:0.0: could not read from device [ 507.959882][ T5205] bcm5974 5-1:0.0: could not read from device [ 508.101768][ T5982] input: failed to attach handler mousedev to device input10, error: -5 [ 508.287081][ T5205] bcm5974 5-1:0.0: could not read from device [ 508.363351][ T5982] usb 5-1: USB disconnect, device number 24 [ 508.447528][ T5205] bcm5974 5-1:0.0: could not read from device [ 508.675610][T11713] netlink: 'syz.4.1639': attribute type 9 has an invalid length. [ 508.693914][T11713] netlink: 'syz.4.1639': attribute type 9 has an invalid length. [ 509.290957][T11713] tipc: Enabling of bearer rejected, failed to enable media [ 510.152059][T11740] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.1644'. [ 511.547581][ T5982] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 511.974246][ T5982] usb 5-1: Using ep0 maxpacket: 32 [ 512.527297][ T5982] usb 5-1: config 0 has no interfaces? [ 512.534362][ T5982] usb 5-1: New USB device found, idVendor=061d, idProduct=c140, bcdDevice=ce.6f [ 512.543393][ T5982] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.551371][ T5982] usb 5-1: Product: syz [ 512.555552][ T5982] usb 5-1: Manufacturer: syz [ 512.560145][ T5982] usb 5-1: SerialNumber: syz [ 512.591220][ T5982] usb 5-1: config 0 descriptor?? [ 512.773652][T11761] syzkaller0: entered promiscuous mode [ 512.786268][T11761] syzkaller0: entered allmulticast mode [ 513.064251][ T9] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 513.285097][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 513.295680][ T9] usb 3-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 513.305548][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.329611][ T9] usb 3-1: config 0 descriptor?? [ 513.474057][ T5922] usb 5-1: USB disconnect, device number 25 [ 513.559358][ T9] usb 3-1: language id specifier not provided by device, defaulting to English [ 513.778553][ T9] usb 3-1: Found UVC 0.00 device (2833:0201) [ 513.788957][ T9] usb 3-1: No valid video chain found. [ 513.805094][ T9] usb 3-1: USB disconnect, device number 22 [ 514.422094][T11790] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1658'. [ 514.624357][ T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 514.846391][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 514.853856][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 514.991762][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 515.017039][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 515.047784][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 515.083598][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 515.105159][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.340626][ T9] usb 3-1: usb_control_msg returned -32 [ 515.355627][ T9] usbtmc 3-1:16.0: can't read capabilities [ 515.388139][ T9] usb 3-1: USB disconnect, device number 23 [ 515.474147][T11779] lo: entered allmulticast mode [ 515.479346][T11779] lo: left allmulticast mode [ 515.962821][T11809] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.1662'. [ 516.136800][ T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 516.602731][ T30] audit: type=1400 audit(2000000356.100:422): avc: denied { ioctl } for pid=11818 comm="syz.3.1668" path="socket:[35211]" dev="sockfs" ino=35211 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 516.730076][ T30] audit: type=1400 audit(2000000356.230:423): avc: denied { create } for pid=11821 comm="syz.3.1669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 516.764499][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 516.777448][T11822] Process accounting resumed [ 516.778158][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 516.783898][ T30] audit: type=1400 audit(2000000356.250:424): avc: denied { connect } for pid=11821 comm="syz.3.1669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 516.792386][ T9] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 8.00 [ 516.792409][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.797252][ T9] usb 1-1: config 0 descriptor?? [ 516.854471][ T5922] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 516.922687][T11828] netlink: 4 bytes leftover after parsing attributes in process `'. [ 517.004585][ T5922] usb 2-1: Using ep0 maxpacket: 32 [ 517.017931][ T5922] usb 2-1: config 0 has no interfaces? [ 517.033065][ T5922] usb 2-1: New USB device found, idVendor=061d, idProduct=c140, bcdDevice=ce.6f [ 517.043209][ T5922] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 517.063622][ T5922] usb 2-1: Product: syz [ 517.068393][ T5922] usb 2-1: Manufacturer: syz [ 517.073288][ T5922] usb 2-1: SerialNumber: syz [ 517.095771][ T5922] usb 2-1: config 0 descriptor?? [ 517.284867][ T9] hid-steam 0003:28DE:1142.0019: unknown main item tag 0x0 [ 517.296712][ T9] hid-steam 0003:28DE:1142.0019: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0 [ 517.364951][ T9] hid-steam 0003:28DE:1142.0019: Steam wireless receiver connected [ 517.704557][ T9] hid-steam 0003:28DE:1142.0019: No HID_FEATURE_REPORT submitted - nothing to read [ 517.741025][ T9] hid-steam 0003:28DE:1142.001A: unknown main item tag 0x0 [ 517.777109][ T9] hid-steam 0003:28DE:1142.001A: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0 [ 518.300818][ T5982] usb 2-1: USB disconnect, device number 21 [ 518.584407][ T9] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 518.592068][ T5922] usb 1-1: reset high-speed USB device number 24 using dummy_hcd [ 518.754257][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 518.797016][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 518.821235][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 518.852546][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 518.990277][T11859] netlink: 'syz.2.1678': attribute type 72 has an invalid length. [ 519.755079][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 519.836598][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 520.014266][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.218911][ T10] usb 1-1: USB disconnect, device number 24 [ 520.260764][ T10] hid-steam 0003:28DE:1142.0019: Steam wireless receiver disconnected [ 520.273361][ T9] usb 4-1: usb_control_msg returned -32 [ 520.280702][ T9] usbtmc 4-1:16.0: can't read capabilities [ 520.294400][ T9] usb 4-1: USB disconnect, device number 34 [ 523.415374][T11907] netlink: 'syz.0.1693': attribute type 12 has an invalid length. [ 523.420241][ T30] audit: type=1400 audit(2000000362.820:425): avc: denied { create } for pid=11902 comm="syz.4.1692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 523.428789][T11907] netlink: 'syz.0.1693': attribute type 29 has an invalid length. [ 523.456585][ T30] audit: type=1400 audit(2000000362.830:426): avc: denied { getopt } for pid=11902 comm="syz.4.1692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 523.458091][T11907] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1693'. [ 523.485968][T11907] netlink: 'syz.0.1693': attribute type 2 has an invalid length. [ 523.494801][T11907] netlink: 23 bytes leftover after parsing attributes in process `syz.0.1693'. [ 523.575204][T11909] netlink: 'syz.3.1691': attribute type 72 has an invalid length. [ 524.684366][ T1215] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 525.594599][ T1215] usb 3-1: Using ep0 maxpacket: 8 [ 525.617502][ T1215] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 526.653594][ T1215] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 526.734652][ T1215] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 526.908775][ T1215] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 526.924506][ T1215] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 526.938136][ T1215] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.037103][ T10] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 527.228983][ T1215] usb 3-1: usb_control_msg returned -71 [ 527.253328][ T1215] usbtmc 3-1:16.0: can't read capabilities [ 527.322041][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 527.334023][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 527.337115][ T1215] usb 3-1: USB disconnect, device number 24 [ 527.356563][ T10] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 527.408710][T11949] FAULT_INJECTION: forcing a failure. [ 527.408710][T11949] name failslab, interval 1, probability 0, space 0, times 0 [ 527.422097][ T30] audit: type=1400 audit(2000000366.910:427): avc: denied { connect } for pid=11946 comm="syz.2.1705" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 527.442049][T11949] CPU: 1 UID: 0 PID: 11949 Comm: syz.2.1705 Not tainted syzkaller #0 PREEMPT(full) [ 527.442073][T11949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 527.442083][T11949] Call Trace: [ 527.442089][T11949] [ 527.442096][T11949] dump_stack_lvl+0x16c/0x1f0 [ 527.442124][T11949] should_fail_ex+0x512/0x640 [ 527.442146][T11949] ? __kmalloc_noprof+0xbf/0x510 [ 527.442166][T11949] ? io_cache_alloc_new+0x45/0xf0 [ 527.442187][T11949] should_failslab+0xc2/0x120 [ 527.442208][T11949] __kmalloc_noprof+0xd2/0x510 [ 527.442232][T11949] io_cache_alloc_new+0x45/0xf0 [ 527.442256][T11949] __io_prep_rw+0x21d/0x1090 [ 527.442275][T11949] ? __pfx___io_prep_rw+0x10/0x10 [ 527.442292][T11949] ? mark_held_locks+0x49/0x80 [ 527.442317][T11949] ? __pfx___io_alloc_req_refill+0x10/0x10 [ 527.442352][T11949] io_prep_rw+0x24/0x220 [ 527.442369][T11949] io_prep_writev+0x23/0xa0 [ 527.442387][T11949] io_submit_sqes+0x850/0x25c0 [ 527.442420][T11949] __do_sys_io_uring_enter+0xd6a/0x1630 [ 527.442444][T11949] ? __fget_files+0x20e/0x3c0 [ 527.442470][T11949] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 527.442493][T11949] ? fput+0x9b/0xd0 [ 527.442516][T11949] ? ksys_write+0x1ac/0x250 [ 527.442533][T11949] ? __pfx_ksys_write+0x10/0x10 [ 527.442558][T11949] do_syscall_64+0xcd/0x4e0 [ 527.442578][T11949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.442588][T11949] RIP: 0033:0x7f0a9898eec9 [ 527.442597][T11949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 527.442607][T11949] RSP: 002b:00007f0a997ce038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 527.442618][T11949] RAX: ffffffffffffffda RBX: 00007f0a98be6180 RCX: 00007f0a9898eec9 [ 527.442624][T11949] RDX: 0000000000000217 RSI: 00000000000040f9 RDI: 000000000000000a [ 527.442631][T11949] RBP: 00007f0a997ce090 R08: 0000000000000000 R09: 0000000000000000 [ 527.442637][T11949] R10: 00000000000000a5 R11: 0000000000000246 R12: 0000000000000001 [ 527.442642][T11949] R13: 00007f0a98be6218 R14: 00007f0a98be6180 R15: 00007ffd48cba858 [ 527.442656][T11949] [ 527.795361][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.918529][ T10] usb 2-1: config 0 descriptor?? [ 528.375785][ T10] mcp2221 0003:04D8:00DD.001B: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 528.671502][T11960] netlink: 'syz.2.1708': attribute type 72 has an invalid length. [ 529.240042][T11942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 529.264942][T11942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 529.286340][ T10] usb 2-1: USB disconnect, device number 22 [ 530.064423][ T30] audit: type=1400 audit(2000000369.200:428): avc: denied { read write } for pid=11967 comm="syz.4.1713" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 530.201807][ T30] audit: type=1400 audit(2000000369.200:429): avc: denied { open } for pid=11967 comm="syz.4.1713" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 530.424443][T11974] 9pnet_virtio: no channels available for device 127.0.0.1 [ 530.436651][T11974] CUSE: info not properly terminated [ 530.519271][ T30] audit: type=1400 audit(2000000370.020:430): avc: denied { read write } for pid=11976 comm="syz.0.1716" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 531.014667][ T30] audit: type=1400 audit(2000000370.020:431): avc: denied { open } for pid=11976 comm="syz.0.1716" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 531.041713][T11988] FAULT_INJECTION: forcing a failure. [ 531.041713][T11988] name failslab, interval 1, probability 0, space 0, times 0 [ 531.060683][T11988] CPU: 0 UID: 0 PID: 11988 Comm: syz.2.1719 Not tainted syzkaller #0 PREEMPT(full) [ 531.060703][T11988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 531.060709][T11988] Call Trace: [ 531.060713][T11988] [ 531.060717][T11988] dump_stack_lvl+0x16c/0x1f0 [ 531.060735][T11988] should_fail_ex+0x512/0x640 [ 531.060749][T11988] ? __kmalloc_noprof+0xbf/0x510 [ 531.060761][T11988] ? sk_prot_alloc+0x1a8/0x2a0 [ 531.060776][T11988] should_failslab+0xc2/0x120 [ 531.060788][T11988] __kmalloc_noprof+0xd2/0x510 [ 531.060801][T11988] sk_prot_alloc+0x1a8/0x2a0 [ 531.060817][T11988] sk_alloc+0x36/0xc20 [ 531.060829][T11988] bpf_prog_test_run_skb+0x330/0x2280 [ 531.060844][T11988] ? __fget_files+0x204/0x3c0 [ 531.060858][T11988] ? __fget_files+0x20e/0x3c0 [ 531.060869][T11988] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 531.060883][T11988] ? fput+0x9b/0xd0 [ 531.060898][T11988] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 531.060911][T11988] __sys_bpf+0x1050/0x4de0 [ 531.060927][T11988] ? __pfx___sys_bpf+0x10/0x10 [ 531.060941][T11988] ? ksys_write+0x190/0x250 [ 531.060953][T11988] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 531.060975][T11988] ? fput+0x9b/0xd0 [ 531.060988][T11988] ? ksys_write+0x1ac/0x250 [ 531.060998][T11988] ? __pfx_ksys_write+0x10/0x10 [ 531.061011][T11988] __x64_sys_bpf+0x78/0xc0 [ 531.061024][T11988] ? lockdep_hardirqs_on+0x7c/0x110 [ 531.061037][T11988] do_syscall_64+0xcd/0x4e0 [ 531.061052][T11988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.061063][T11988] RIP: 0033:0x7f0a9898eec9 [ 531.061072][T11988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.061082][T11988] RSP: 002b:00007f0a99810038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 531.061092][T11988] RAX: ffffffffffffffda RBX: 00007f0a98be5fa0 RCX: 00007f0a9898eec9 [ 531.061098][T11988] RDX: 0000000000000048 RSI: 00002000000002c0 RDI: 000000000000000a [ 531.061104][T11988] RBP: 00007f0a99810090 R08: 0000000000000000 R09: 0000000000000000 [ 531.061110][T11988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 531.061116][T11988] R13: 00007f0a98be6038 R14: 00007f0a98be5fa0 R15: 00007ffd48cba858 [ 531.061129][T11988] [ 531.404345][ T10] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 531.564321][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 531.575603][ T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 531.625168][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 531.728183][ T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 531.912173][ T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 533.204261][ T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 533.213481][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 533.463936][ T10] usb 5-1: GET_CAPABILITIES returned 0 [ 533.473423][ T10] usbtmc 5-1:16.0: can't read capabilities [ 533.724452][ T10] usb 5-1: USB disconnect, device number 26 [ 535.028564][T12023] ISOFS: Unable to identify CD-ROM format. [ 535.095450][T12025] Invalid logical block size (55998) [ 535.218839][ T5922] usb 5-1: new low-speed USB device number 27 using dummy_hcd [ 535.270487][ T30] audit: type=1400 audit(2000000374.760:432): avc: denied { connect } for pid=12016 comm="syz.1.1727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 535.387391][ T30] audit: type=1400 audit(2000000374.760:433): avc: denied { write } for pid=12016 comm="syz.1.1727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 535.682139][ T5922] usb 5-1: device descriptor read/64, error -71 [ 536.259643][ T30] audit: type=1400 audit(2000000374.800:434): avc: denied { read } for pid=12016 comm="syz.1.1727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 536.494277][ T5922] usb 5-1: new low-speed USB device number 28 using dummy_hcd [ 536.624290][ T5922] usb 5-1: device descriptor read/64, error -71 [ 536.734567][ T5922] usb usb5-port1: attempt power cycle [ 537.461870][ T5922] usb 5-1: new low-speed USB device number 29 using dummy_hcd [ 537.924528][ T5922] usb 5-1: device descriptor read/8, error -71 [ 539.444530][T12067] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1737'. [ 539.645240][ T5922] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 540.088853][ T5922] usb 5-1: Using ep0 maxpacket: 8 [ 540.131304][ T5922] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 540.279297][ T5922] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 540.302107][ T5922] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 540.320113][ T5922] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 540.384958][ T5922] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 540.467066][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 541.045807][ T5922] usb 5-1: GET_CAPABILITIES returned 0 [ 541.061484][ T5922] usbtmc 5-1:16.0: can't read capabilities [ 541.248374][ T5982] usb 5-1: USB disconnect, device number 30 [ 541.320832][T12094] netlink: 'syz.1.1748': attribute type 10 has an invalid length. [ 541.336323][T12094] batman_adv: batadv0: Adding interface: team0 [ 541.352700][T12094] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 541.384692][ T5922] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 542.554798][ T5922] usb 3-1: Using ep0 maxpacket: 16 [ 542.599636][ T5922] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 542.614273][ T5922] usb 3-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 542.624415][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.644225][ T5922] usb 3-1: config 0 descriptor?? [ 542.644924][T12094] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 544.487358][ T5922] usbhid 3-1:0.0: can't add hid device: -71 [ 544.493357][ T5922] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 544.576574][ T5922] usb 3-1: USB disconnect, device number 25 [ 544.843174][T12124] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1755'. [ 545.639417][ T30] audit: type=1400 audit(2000000385.090:435): avc: denied { append } for pid=12129 comm="syz.3.1759" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 545.744703][ T30] audit: type=1400 audit(2000000385.090:436): avc: denied { ioctl } for pid=12129 comm="syz.3.1759" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 545.890151][T12141] netlink: 'syz.1.1763': attribute type 10 has an invalid length. [ 545.949684][ T30] audit: type=1400 audit(2000000385.140:437): avc: denied { write } for pid=12128 comm="syz.1.1760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 547.016367][T12141] team0: Port device netdevsim0 added [ 549.529112][T12188] FAULT_INJECTION: forcing a failure. [ 549.529112][T12188] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 549.542342][T12188] CPU: 0 UID: 0 PID: 12188 Comm: syz.1.1775 Not tainted syzkaller #0 PREEMPT(full) [ 549.542367][T12188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 549.542377][T12188] Call Trace: [ 549.542382][T12188] [ 549.542394][T12188] dump_stack_lvl+0x16c/0x1f0 [ 549.542422][T12188] should_fail_ex+0x512/0x640 [ 549.542447][T12188] _copy_from_user+0x2e/0xd0 [ 549.542473][T12188] core_sys_select+0x2c8/0xc10 [ 549.542498][T12188] ? __pfx_core_sys_select+0x10/0x10 [ 549.542546][T12188] ? set_user_sigmask+0x21b/0x2b0 [ 549.542568][T12188] ? __pfx_set_user_sigmask+0x10/0x10 [ 549.542593][T12188] do_pselect.constprop.0+0x19f/0x1e0 [ 549.542614][T12188] ? __pfx_do_pselect.constprop.0+0x10/0x10 [ 549.542643][T12188] __x64_sys_pselect6+0x182/0x240 [ 549.542663][T12188] ? __pfx___x64_sys_pselect6+0x10/0x10 [ 549.542691][T12188] do_syscall_64+0xcd/0x4e0 [ 549.542716][T12188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.542733][T12188] RIP: 0033:0x7f45c158eec9 [ 549.542748][T12188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 549.542765][T12188] RSP: 002b:00007f45c24c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 549.542782][T12188] RAX: ffffffffffffffda RBX: 00007f45c17e6090 RCX: 00007f45c158eec9 [ 549.542793][T12188] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000040 [ 549.542804][T12188] RBP: 00007f45c24c5090 R08: 0000000000000000 R09: 0000000000000000 [ 549.542814][T12188] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001 [ 549.542824][T12188] R13: 00007f45c17e6128 R14: 00007f45c17e6090 R15: 00007ffcd8e92c98 [ 549.542847][T12188] [ 550.014265][ T9] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 550.424589][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 550.674275][ T9] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 550.683574][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.707302][ T9] usb 5-1: Product: syz [ 550.718604][ T9] usb 5-1: Manufacturer: syz [ 550.733671][ T9] usb 5-1: SerialNumber: syz [ 550.764699][ T9] usb 5-1: config 0 descriptor?? [ 550.780557][ T9] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 552.184235][ C1] ================================================================== [ 552.192326][ C1] BUG: KASAN: slab-use-after-free in rose_send_frame+0x29a/0x2c0 [ 552.200051][ C1] Read of size 8 at addr ffff8880580b4c20 by task syz.1.1784/12213 [ 552.207928][ C1] [ 552.210231][ C1] CPU: 1 UID: 0 PID: 12213 Comm: syz.1.1784 Not tainted syzkaller #0 PREEMPT(full) [ 552.210245][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 552.210251][ C1] Call Trace: [ 552.210256][ C1] [ 552.210260][ C1] dump_stack_lvl+0x116/0x1f0 [ 552.210284][ C1] print_report+0xcd/0x630 [ 552.210304][ C1] ? __virt_addr_valid+0x81/0x610 [ 552.210326][ C1] ? __phys_addr+0xe8/0x180 [ 552.210347][ C1] ? rose_send_frame+0x29a/0x2c0 [ 552.210361][ C1] kasan_report+0xe0/0x110 [ 552.210373][ C1] ? rose_send_frame+0x29a/0x2c0 [ 552.210387][ C1] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 552.210400][ C1] rose_send_frame+0x29a/0x2c0 [ 552.210424][ C1] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 552.210446][ C1] rose_transmit_restart_request+0x1b8/0x240 [ 552.210470][ C1] rose_t0timer_expiry+0x1d/0x150 [ 552.210491][ C1] call_timer_fn+0x19a/0x620 [ 552.210508][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 552.210525][ C1] ? rcu_is_watching+0x12/0xc0 [ 552.210538][ C1] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 552.210552][ C1] __run_timers+0x6ef/0x960 [ 552.210577][ C1] ? __pfx___run_timers+0x10/0x10 [ 552.210608][ C1] run_timer_base+0x114/0x190 [ 552.210623][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 552.210637][ C1] ? rcu_is_watching+0x12/0xc0 [ 552.210650][ C1] run_timer_softirq+0x1a/0x40 [ 552.210658][ C1] handle_softirqs+0x219/0x8e0 [ 552.210672][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 552.210685][ C1] __irq_exit_rcu+0x109/0x170 [ 552.210697][ C1] irq_exit_rcu+0x9/0x30 [ 552.210716][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 552.210738][ C1] [ 552.210743][ C1] [ 552.210750][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 552.210769][ C1] RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10 [ 552.210791][ C1] Code: fb 09 00 00 44 8b 05 09 8c 22 0f 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 4f 65 3a 00 fb 65 48 8b 1d ae c3 4d 12 <48> 8d bb 18 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 [ 552.210808][ C1] RSP: 0018:ffffc90003a3f810 EFLAGS: 00000206 [ 552.210817][ C1] RAX: 000000000004ea6f RBX: ffff888067830000 RCX: ffffffff81c380af [ 552.210824][ C1] RDX: 0000000000000000 RSI: ffffffff8de52fc1 RDI: ffffffff8c163380 [ 552.210833][ C1] RBP: ffffc90003a3f858 R08: 0000000000000001 R09: 0000000000000001 [ 552.210844][ C1] R10: ffffffff90ab7697 R11: 0000000000000000 R12: ffff8880b853a300 [ 552.210855][ C1] R13: ffff88801ea92440 R14: ffff8880b843a300 R15: ffff8880b853b130 [ 552.210870][ C1] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 552.210894][ C1] ? __switch_to+0x7a5/0x11a0 [ 552.210915][ C1] __schedule+0x1198/0x5de0 [ 552.210940][ C1] ? __pfx___schedule+0x10/0x10 [ 552.210953][ C1] ? find_held_lock+0x2b/0x80 [ 552.210966][ C1] ? schedule+0x2d7/0x3a0 [ 552.210977][ C1] schedule+0xe7/0x3a0 [ 552.210991][ C1] schedule_timeout+0x123/0x290 [ 552.211008][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 552.211025][ C1] ? __pfx_process_timeout+0x10/0x10 [ 552.211048][ C1] ? rcu_is_watching+0x12/0xc0 [ 552.211067][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 552.211078][ C1] snd_rawmidi_write+0x496/0xc10 [ 552.211092][ C1] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 552.211101][ C1] ? __import_iovec+0x1dd/0x650 [ 552.211116][ C1] ? avc_policy_seqno+0x9/0x20 [ 552.211127][ C1] ? selinux_file_permission+0x126/0x660 [ 552.211150][ C1] ? __pfx_default_wake_function+0x10/0x10 [ 552.211172][ C1] ? bpf_lsm_file_permission+0x9/0x10 [ 552.211193][ C1] ? security_file_permission+0x71/0x210 [ 552.211216][ C1] ? rw_verify_area+0xcf/0x6c0 [ 552.211232][ C1] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 552.211241][ C1] vfs_writev+0x5df/0xde0 [ 552.211252][ C1] ? __pfx_vfs_writev+0x10/0x10 [ 552.211261][ C1] ? kmem_cache_free+0x2d1/0x4d0 [ 552.211276][ C1] ? __fget_files+0x20e/0x3c0 [ 552.211298][ C1] ? do_writev+0x28c/0x340 [ 552.211313][ C1] do_writev+0x28c/0x340 [ 552.211328][ C1] ? __pfx_do_writev+0x10/0x10 [ 552.211342][ C1] ? xfd_validate_state+0x61/0x180 [ 552.211364][ C1] do_syscall_64+0xcd/0x4e0 [ 552.211377][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.211387][ C1] RIP: 0033:0x7f45c158eec9 [ 552.211395][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 552.211409][ C1] RSP: 002b:00007f45c24e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 552.211421][ C1] RAX: ffffffffffffffda RBX: 00007f45c17e5fa0 RCX: 00007f45c158eec9 [ 552.211433][ C1] RDX: 0000000000000002 RSI: 0000200000000840 RDI: 0000000000000004 [ 552.211443][ C1] RBP: 00007f45c1611f91 R08: 0000000000000000 R09: 0000000000000000 [ 552.211454][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 552.211464][ C1] R13: 00007f45c17e6038 R14: 00007f45c17e5fa0 R15: 00007ffcd8e92c98 [ 552.211481][ C1] [ 552.211487][ C1] [ 552.688439][ C1] Allocated by task 9931: [ 552.692735][ C1] kasan_save_stack+0x33/0x60 [ 552.697409][ C1] kasan_save_track+0x14/0x30 [ 552.702084][ C1] __kasan_kmalloc+0xaa/0xb0 [ 552.706667][ C1] rose_rt_ioctl+0x880/0x2580 [ 552.711335][ C1] rose_ioctl+0x64d/0x7d0 [ 552.715654][ C1] sock_do_ioctl+0x118/0x280 [ 552.720228][ C1] sock_ioctl+0x227/0x6b0 [ 552.724543][ C1] __x64_sys_ioctl+0x18b/0x210 [ 552.729289][ C1] do_syscall_64+0xcd/0x4e0 [ 552.733772][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.739655][ C1] [ 552.741964][ C1] Freed by task 12221: [ 552.746004][ C1] kasan_save_stack+0x33/0x60 [ 552.750657][ C1] kasan_save_track+0x14/0x30 [ 552.755315][ C1] kasan_save_free_info+0x3b/0x60 [ 552.760332][ C1] __kasan_slab_free+0x60/0x70 [ 552.765077][ C1] kfree+0x2b4/0x4d0 [ 552.768973][ C1] rose_timer_expiry+0x53f/0x630 [ 552.773893][ C1] call_timer_fn+0x19a/0x620 [ 552.778459][ C1] __run_timers+0x6ef/0x960 [ 552.782935][ C1] run_timer_base+0x114/0x190 [ 552.787584][ C1] run_timer_softirq+0x1a/0x40 [ 552.792328][ C1] handle_softirqs+0x219/0x8e0 [ 552.797066][ C1] __irq_exit_rcu+0x109/0x170 [ 552.801741][ C1] irq_exit_rcu+0x9/0x30 [ 552.805965][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 552.811574][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 552.817543][ C1] [ 552.819852][ C1] The buggy address belongs to the object at ffff8880580b4c00 [ 552.819852][ C1] which belongs to the cache kmalloc-512 of size 512 [ 552.833890][ C1] The buggy address is located 32 bytes inside of [ 552.833890][ C1] freed 512-byte region [ffff8880580b4c00, ffff8880580b4e00) [ 552.847582][ C1] [ 552.849889][ C1] The buggy address belongs to the physical page: [ 552.856281][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880580b6400 pfn:0x580b4 [ 552.866312][ C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 552.874779][ C1] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 552.883264][ C1] page_type: f5(slab) [ 552.887235][ C1] raw: 00fff00000000240 ffff88801b841c80 ffffea0001614310 ffffea000160f210 [ 552.895807][ C1] raw: ffff8880580b6400 0000000000100004 00000000f5000000 0000000000000000 [ 552.904380][ C1] head: 00fff00000000240 ffff88801b841c80 ffffea0001614310 ffffea000160f210 [ 552.913029][ C1] head: ffff8880580b6400 0000000000100004 00000000f5000000 0000000000000000 [ 552.921678][ C1] head: 00fff00000000002 ffffea0001602d01 00000000ffffffff 00000000ffffffff [ 552.930322][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 552.938968][ C1] page dumped because: kasan: bad access detected [ 552.945356][ C1] page_owner tracks the page as allocated [ 552.951038][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5844, tgid 5844 (syz-executor), ts 65141152580, free_ts 15939071105 [ 552.970291][ C1] post_alloc_hook+0x1c0/0x230 [ 552.975046][ C1] get_page_from_freelist+0x132b/0x38e0 [ 552.980582][ C1] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 552.986449][ C1] alloc_pages_mpol+0x1fb/0x550 [ 552.991282][ C1] new_slab+0x247/0x330 [ 552.995441][ C1] ___slab_alloc+0xcf2/0x1750 [ 553.000136][ C1] __slab_alloc.constprop.0+0x56/0xb0 [ 553.005501][ C1] __kmalloc_noprof+0x2f2/0x510 [ 553.010341][ C1] fib6_info_alloc+0x40/0x160 [ 553.015004][ C1] ip6_route_info_create+0x14c/0x870 [ 553.020267][ C1] ip6_route_add.part.0+0x22/0x1d0 [ 553.025361][ C1] ip6_route_add+0x45/0x60 [ 553.029847][ C1] addrconf_prefix_route+0x2fd/0x510 [ 553.035110][ C1] addrconf_add_linklocal+0x329/0x500 [ 553.040458][ C1] addrconf_addr_gen+0x364/0x3b0 [ 553.045372][ C1] addrconf_init_auto_addrs+0x2ba/0x810 [ 553.050903][ C1] page last free pid 1 tgid 1 stack trace: [ 553.056697][ C1] __free_frozen_pages+0x7d5/0x10f0 [ 553.061883][ C1] free_contig_range+0x183/0x4b0 [ 553.066799][ C1] destroy_args+0x794/0xc10 [ 553.071294][ C1] debug_vm_pgtable+0x1a32/0x3640 [ 553.076315][ C1] do_one_initcall+0x120/0x6e0 [ 553.081076][ C1] kernel_init_freeable+0x5c2/0x910 [ 553.086265][ C1] kernel_init+0x1c/0x2b0 [ 553.090582][ C1] ret_from_fork+0x56a/0x730 [ 553.095142][ C1] ret_from_fork_asm+0x1a/0x30 [ 553.099880][ C1] [ 553.102182][ C1] Memory state around the buggy address: [ 553.107787][ C1] ffff8880580b4b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 553.115820][ C1] ffff8880580b4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 553.123858][ C1] >ffff8880580b4c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 553.131905][ C1] ^ [ 553.136985][ C1] ffff8880580b4c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 553.145018][ C1] ffff8880580b4d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 553.153056][ C1] ================================================================== [ 553.163558][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 553.170730][ C1] CPU: 1 UID: 0 PID: 12213 Comm: syz.1.1784 Not tainted syzkaller #0 PREEMPT(full) [ 553.180080][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 553.190124][ C1] Call Trace: [ 553.193386][ C1] [ 553.196213][ C1] dump_stack_lvl+0x3d/0x1f0 [ 553.200789][ C1] vpanic+0x6e8/0x7a0 [ 553.204750][ C1] ? __pfx_vpanic+0x10/0x10 [ 553.209229][ C1] ? rose_send_frame+0x29a/0x2c0 [ 553.214148][ C1] panic+0xca/0xd0 [ 553.217846][ C1] ? __pfx_panic+0x10/0x10 [ 553.222242][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 553.227329][ C1] check_panic_on_warn+0xab/0xb0 [ 553.232244][ C1] end_report+0x107/0x170 [ 553.236552][ C1] kasan_report+0xee/0x110 [ 553.240946][ C1] ? rose_send_frame+0x29a/0x2c0 [ 553.245866][ C1] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 553.251478][ C1] rose_send_frame+0x29a/0x2c0 [ 553.256223][ C1] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 553.261834][ C1] rose_transmit_restart_request+0x1b8/0x240 [ 553.267794][ C1] rose_t0timer_expiry+0x1d/0x150 [ 553.272799][ C1] call_timer_fn+0x19a/0x620 [ 553.277374][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 553.282470][ C1] ? rcu_is_watching+0x12/0xc0 [ 553.287215][ C1] ? __pfx_rose_t0timer_expiry+0x10/0x10 [ 553.292828][ C1] __run_timers+0x6ef/0x960 [ 553.297315][ C1] ? __pfx___run_timers+0x10/0x10 [ 553.302332][ C1] run_timer_base+0x114/0x190 [ 553.306987][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 553.312163][ C1] ? rcu_is_watching+0x12/0xc0 [ 553.316908][ C1] run_timer_softirq+0x1a/0x40 [ 553.321648][ C1] handle_softirqs+0x219/0x8e0 [ 553.326397][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 553.331663][ C1] __irq_exit_rcu+0x109/0x170 [ 553.336320][ C1] irq_exit_rcu+0x9/0x30 [ 553.340546][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 553.346157][ C1] [ 553.349075][ C1] [ 553.351987][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 553.357947][ C1] RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10 [ 553.364344][ C1] Code: fb 09 00 00 44 8b 05 09 8c 22 0f 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 4f 65 3a 00 fb 65 48 8b 1d ae c3 4d 12 <48> 8d bb 18 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 [ 553.383927][ C1] RSP: 0018:ffffc90003a3f810 EFLAGS: 00000206 [ 553.389971][ C1] RAX: 000000000004ea6f RBX: ffff888067830000 RCX: ffffffff81c380af [ 553.397918][ C1] RDX: 0000000000000000 RSI: ffffffff8de52fc1 RDI: ffffffff8c163380 [ 553.405865][ C1] RBP: ffffc90003a3f858 R08: 0000000000000001 R09: 0000000000000001 [ 553.413810][ C1] R10: ffffffff90ab7697 R11: 0000000000000000 R12: ffff8880b853a300 [ 553.421758][ C1] R13: ffff88801ea92440 R14: ffff8880b843a300 R15: ffff8880b853b130 [ 553.429708][ C1] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 553.435669][ C1] ? __switch_to+0x7a5/0x11a0 [ 553.440331][ C1] __schedule+0x1198/0x5de0 [ 553.444820][ C1] ? __pfx___schedule+0x10/0x10 [ 553.449660][ C1] ? find_held_lock+0x2b/0x80 [ 553.454315][ C1] ? schedule+0x2d7/0x3a0 [ 553.458625][ C1] schedule+0xe7/0x3a0 [ 553.462670][ C1] schedule_timeout+0x123/0x290 [ 553.467498][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 553.472849][ C1] ? __pfx_process_timeout+0x10/0x10 [ 553.478117][ C1] ? rcu_is_watching+0x12/0xc0 [ 553.482862][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 553.488048][ C1] snd_rawmidi_write+0x496/0xc10 [ 553.493024][ C1] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 553.498469][ C1] ? __import_iovec+0x1dd/0x650 [ 553.503311][ C1] ? avc_policy_seqno+0x9/0x20 [ 553.508056][ C1] ? selinux_file_permission+0x126/0x660 [ 553.513676][ C1] ? __pfx_default_wake_function+0x10/0x10 [ 553.519468][ C1] ? bpf_lsm_file_permission+0x9/0x10 [ 553.524820][ C1] ? security_file_permission+0x71/0x210 [ 553.530436][ C1] ? rw_verify_area+0xcf/0x6c0 [ 553.535183][ C1] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 553.540619][ C1] vfs_writev+0x5df/0xde0 [ 553.544932][ C1] ? __pfx_vfs_writev+0x10/0x10 [ 553.549760][ C1] ? kmem_cache_free+0x2d1/0x4d0 [ 553.554682][ C1] ? __fget_files+0x20e/0x3c0 [ 553.559338][ C1] ? do_writev+0x28c/0x340 [ 553.563730][ C1] do_writev+0x28c/0x340 [ 553.567949][ C1] ? __pfx_do_writev+0x10/0x10 [ 553.572691][ C1] ? xfd_validate_state+0x61/0x180 [ 553.577806][ C1] do_syscall_64+0xcd/0x4e0 [ 553.582291][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.588162][ C1] RIP: 0033:0x7f45c158eec9 [ 553.592555][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 553.612138][ C1] RSP: 002b:00007f45c24e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 553.620530][ C1] RAX: ffffffffffffffda RBX: 00007f45c17e5fa0 RCX: 00007f45c158eec9 [ 553.628483][ C1] RDX: 0000000000000002 RSI: 0000200000000840 RDI: 0000000000000004 [ 553.636431][ C1] RBP: 00007f45c1611f91 R08: 0000000000000000 R09: 0000000000000000 [ 553.644381][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 553.652328][ C1] R13: 00007f45c17e6038 R14: 00007f45c17e5fa0 R15: 00007ffcd8e92c98 [ 553.660279][ C1] [ 553.663488][ C1] Kernel Offset: disabled [ 553.667786][ C1] Rebooting in 86400 seconds..