last executing test programs: 13.897034631s ago: executing program 0 (id=1098): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, &(0x7f0000000400)={0x20, 0xf, 0xd0, {0xd0, 0x21, "6c5d2b220d9d7e6f1d5fe0f9869d1cb2f97fe60f0a36ebb3508064b5d84ac4541219bee88e0ea774ef26f9fa127e8526fb5bc5607e2360287b01b18e29a9ae28bf9e710fa4c904a67760efbc16a18766b84475714e2d5013a6575837b97f79a2ec66cab4df47d71298d443baee89d5be3464da68460e7bd09bab942842e15d5682c2e7ced76c1d08308baac8a86117a269b06a73c415b82aa111386f53b12f474fa30b0c71c24765de6f46b5b20f494f9de1bd3bc30734a26bf2d272dce1f64dd108a66f7932892dfb958777bbdb"}}, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x140c}}, &(0x7f00000000c0)={0x0, 0xf, 0x30, {0x5, 0xf, 0x30, 0x4, [@generic={0x1a, 0x10, 0x4, "2e319b735e9cbe8dc1497420c3da1af62dc10c9fb16595"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x0, 0x81, 0xe, 0x5, 0x9}, @ptm_cap={0x3}]}}, &(0x7f0000000140)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x1, 0x3, 0x1, "1ec1e9df", "f2e3aed2"}}, &(0x7f0000000180)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xfe, 0x0, 0x8, 0x3, 0xd, 0x8, 0x6}}}, &(0x7f0000000cc0)={0x84, &(0x7f00000005c0)={0x0, 0x17, 0x97, "9fc1e2e11a3ba1dd2b566b79d9aca7c1acea3f7a8011a453d690e492314ef4ba38e031c40c4a7cb1e29b45a4962cc8767defe0c0c787a8609359da5e0a5b02abf6549c8a91df4c336db9819f49e5102318d2335b25761e84cc90bfbeebbf47402fc0f1753b3230ff7d3baa15782478c45c4edae2400056318536cc7225d83e312761698015d3de138076d95e77568aa3cdc4a51cc895f3"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x5a}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000680)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f00000006c0)=ANY=[@ANYBLOB="ec51"], &(0x7f0000000700)={0x40, 0x7, 0x2, 0x2}, &(0x7f0000000780)={0x40, 0x9, 0x1}, &(0x7f0000000940)={0x40, 0xb, 0x2, "1ad8"}, &(0x7f0000000980)={0x40, 0xf, 0x2, 0x32}, &(0x7f00000009c0)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000a00)={0x40, 0x17, 0x6, @local}, &(0x7f0000000a40)={0x40, 0x19, 0x2, "8f1e"}, &(0x7f0000000a80)={0x40, 0x1a, 0x2, 0x79}, &(0x7f0000000ac0)={0x40, 0x1c, 0x1, 0x81}, &(0x7f0000000b00)={0x40, 0x1e, 0x1, 0x8}, &(0x7f0000000b40)={0x40, 0x21, 0x1, 0x2}}) ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x40049366, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x44, 0x0, 0x0, &(0x7f0000000740)={0x0, 0x8, 0x1, 0x1}, 0x0, &(0x7f00000007c0)={0x20, 0x85, 0x4, 0x7}, &(0x7f0000000800)={0x20, 0x83, 0x2}, &(0x7f0000000840)={0x20, 0x87, 0x2, 0x2}, &(0x7f0000000880)={0x20, 0x89, 0x2, 0x1}}) ioctl$HIDIOCGUSAGE(0xffffffffffffffff, 0xc018480b, 0x0) 12.901685803s ago: executing program 3 (id=1100): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f0000000180)={{0x80}, 'port0\x00', 0x7e, 0xa1c07, 0x6, 0x0, 0x100000}) r2 = epoll_create(0x101) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0x40000014}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) setsockopt$sock_int(r0, 0x1, 0x1, &(0x7f0000000700)=0x8, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x5, 0x4, 0x7ffc0002}]}) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00006e3000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r3 = io_uring_setup(0x7f9, &(0x7f0000000040)={0x0, 0xc8df, 0xfc00, 0xa, 0x20002f7}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) 11.841950814s ago: executing program 3 (id=1103): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_encap(r5, 0x11, 0x64, 0x0, 0x0) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x4e24, @empty}, 0x10) syz_emit_ethernet(0x86, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000780068000001889078ac1414bbac1414aafdfe4e2400649078020000740b5621542cf97d02a9ac51000200000004000000a91e619d0e585fa4bfb3df7ec935f8420effb231577a95bf6747e87846e78914c12879e7cdfdddba37eee8e9ed7743104055eb6b"], 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = syz_clone(0xa1302400, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r6) r7 = syz_pidfd_open(r6, 0x0) process_mrelease(r7, 0x700000000000000) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, 0x0, 0x40448d4) r9 = syz_io_uring_setup(0x1d1f, &(0x7f0000000200)={0x0, 0xcd1d, 0x10100, 0x0, 0xaa}, &(0x7f0000000000), &(0x7f0000000140)) eventfd2(0x6, 0x80000) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r9, 0x7, 0x0, 0x1) io_uring_enter(r9, 0x474a, 0xdfffeff8, 0x48, 0x0, 0x0) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) setsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000002c0)={0x2, 0xd, 0xab, 0xfffd}, 0x8) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8) sendto$inet(r1, &(0x7f0000000100)="ab", 0x34000, 0x2000c8d4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10) 10.190976333s ago: executing program 0 (id=1106): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x8080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000001c0)="b9800000c00f3235000400000f30440f20c03508000000440f22c036646665f36526f20f22a5430f01c566ba4000edc4a39979250b00000008b9800000c00f3235010000000f30f245ab48b800000000000000800f23c00f21f83500000b000f23f8c481e57dcd", 0x67}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x300) 9.554898156s ago: executing program 4 (id=1108): bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) timerfd_create(0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r2}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0) brk(0x200000ffc000) 9.508386923s ago: executing program 0 (id=1109): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) unshare(0x4a000200) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) io_uring_setup(0x7d1, &(0x7f0000000580)={0x0, 0xddf9, 0x2, 0xfffffffe, 0x183}) io_setup(0x1, &(0x7f00000004c0)) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x8, 0x3, 0x5a8, 0x250, 0xffffffff, 0xffffffff, 0x250, 0xffffffff, 0x4d8, 0xffffffff, 0xffffffff, 0x4d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x228, 0x250, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit3={{0x158}, {'\x00', {0x4, 0x1, 0x1a, 0x0, 0xdedd, 0x10000000, 0x0, 0x1000, 0x78, 0x20}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x6a, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x608) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1, 0xb, 0x0, 0x0}, 0x94) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x4001, 0x3, 0x208, 0x0, 0x0, 0x148, 0x0, 0x148, 0x170, 0x240, 0x240, 0x170, 0x240, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @local, 0xffffffff, 0xffffffff, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x11, 0x0, 0x22}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@inet=@SYNPROXY={0x28, 'SYNPROXY\x00', 0x0, {0x8, 0x5b, 0x3}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x268) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000cc0)={0x0, 0x21c}}, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f00000002c0), &(0x7f0000000340)=0x4) r6 = accept4(r5, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x111, 0x4}}, 0x20) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]}) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) close_range(r7, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r1, @ANYBLOB="2da52abd7000fbdbdf250300000008000100000000000800010000000000340007800c00018008000100", @ANYRES32], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000) 9.446374051s ago: executing program 1 (id=1110): r0 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, 0x0) setregid(0xffffffffffffffff, r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='bpf\x00', 0x10080, &(0x7f00000000c0)='uid=1\x00nk]e\t\xee\x00\xb5\x91[!\xb1\xe0\xaf\xff\x01T_zf\xd9\xd8\xca\x13\x05\xdb\xddA\xcb\xa1\x03\x03\xd0\xf9ds\x80@\xef\xce<\x8b\xd8|\x85U\xa7\xb3;^U*\x16\xa8\xb4S L\xd3\x8b \x14\x8a\xf6\xf9\x95\x8b*qy4J\xf4\\\xe2\xa5\x04U\xfd\x02G\xa9\x8fD[\xe5\xafE@\xa2\x9e3\x1a`\xa9\xe4\xae\xd49k\xc2\xfc\xadL\xe6EIe\xd4\xea\xed\xa3\b~\xce\x8a\xec\xb3\x89N\x8e=\x12\xc2\"\xf8&C\x93\xd4\x99\xf0') r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') read$FUSE(r3, &(0x7f00000076c0)={0x2020}, 0x2020) 9.336325752s ago: executing program 4 (id=1111): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = getpgrp(0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000) fanotify_mark(0xffffffffffffffff, 0x455, 0x4000000b, r2, 0x0) r7 = syz_create_resource$binfmt(&(0x7f0000000140)='./mnt\x00') r8 = openat$binfmt(0xffffffffffffff9c, r7, 0x42, 0x1ff) close(r8) execveat$binfmt(0xffffffffffffff9c, r7, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) lchown(&(0x7f0000000080)='./file1\x00', 0x0, 0xffffffffffffffff) r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000013000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="0f08b9820400000f32b805000000b9050000000f01d966ba410066ed0fa80f01c40fc72a36f4c4e2fd40db66ba6100b83e9f0000ef", 0x35}], 0x0, 0x2c, 0x0, 0x0) 9.041067449s ago: executing program 1 (id=1112): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) setresuid(0x0, 0x0, 0x0) quotactl_fd$Q_GETFMT(r1, 0xffffffff80000401, 0x0, &(0x7f0000000280)) r2 = socket(0x10, 0x80003, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x80800) r4 = socket$unix(0x1, 0x2, 0x0) bind$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r5 = socket$unix(0x1, 0x2, 0x0) connect$unix(r5, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r5, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000340), 0x10, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) close_range(r2, 0xffffffffffffffff, 0x0) 8.521333381s ago: executing program 1 (id=1113): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x45, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x120002) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x3}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x9, 0x0, 0x40000, 0xffffffff}, 0xfffffc00, 0x0, 0x4, 0x8, 0x9, 0x11, 0x40, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}}}]}, 0x78}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000500)={'erspan0\x00', 0x0}) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) getsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(r6, 0x84, 0x1, 0x0, &(0x7f0000000000)) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0xb02a2000) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc0045540, &(0x7f0000000100)=0x2) 8.455947589s ago: executing program 0 (id=1114): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ustat(0x7f, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x8907, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0xfffffffc}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x9c}}, 0x0) r4 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r6, @ANYBLOB="00000000000000005c001280110001006272696467655f736c6176650000000044000580050005"], 0x7c}}, 0x0) sendmmsg(r4, &(0x7f0000000000), 0x400000000000235, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x28, 0x0, 0x301, 0x70bd2c, 0x25dfdbfe, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x20040000) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r9 = dup(r8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r9, 0x6000) ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) 7.573758799s ago: executing program 1 (id=1115): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) dup2(r0, r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) socket(0x2a, 0x800, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r3, &(0x7f0000009b80)=""/102392, 0x18ff8) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000080)=0x7f) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYRESDEC, @ANYRES8=r2, @ANYBLOB="050026bd7000000000000f00000008000300", @ANYRES32=r2, @ANYRES64], 0x98}, 0x1, 0x0, 0x0, 0x2400c004}, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000e50003000000000085100000fcffffff2500fe008000002a8d1318fccc1141d012ff000000008510"], &(0x7f0000000140)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x8}, 0x94) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r4, 0x84, 0x12, &(0x7f0000000000), &(0x7f0000000040)=0x4) 7.06366411s ago: executing program 2 (id=1116): prlimit64(0x0, 0xe, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005000)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) capset(0x0, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x2000400}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x176}}], 0x400000000000172, 0x4000000) (fail_nth: 1) 6.586748971s ago: executing program 1 (id=1117): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, &(0x7f0000000400)={0x20, 0xf, 0xd0, {0xd0, 0x21, "6c5d2b220d9d7e6f1d5fe0f9869d1cb2f97fe60f0a36ebb3508064b5d84ac4541219bee88e0ea774ef26f9fa127e8526fb5bc5607e2360287b01b18e29a9ae28bf9e710fa4c904a67760efbc16a18766b84475714e2d5013a6575837b97f79a2ec66cab4df47d71298d443baee89d5be3464da68460e7bd09bab942842e15d5682c2e7ced76c1d08308baac8a86117a269b06a73c415b82aa111386f53b12f474fa30b0c71c24765de6f46b5b20f494f9de1bd3bc30734a26bf2d272dce1f64dd108a66f7932892dfb958777bbdb"}}, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x140c}}, &(0x7f00000000c0)={0x0, 0xf, 0x30, {0x5, 0xf, 0x30, 0x4, [@generic={0x1a, 0x10, 0x4, "2e319b735e9cbe8dc1497420c3da1af62dc10c9fb16595"}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x0, 0x81, 0xe, 0x5, 0x9}, @ptm_cap={0x3}]}}, &(0x7f0000000140)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x1, 0x3, 0x1, "1ec1e9df", "f2e3aed2"}}, &(0x7f0000000180)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xfe, 0x0, 0x8, 0x3, 0xd, 0x8, 0x6}}}, &(0x7f0000000cc0)={0x84, &(0x7f00000005c0)={0x0, 0x17, 0x97, "9fc1e2e11a3ba1dd2b566b79d9aca7c1acea3f7a8011a453d690e492314ef4ba38e031c40c4a7cb1e29b45a4962cc8767defe0c0c787a8609359da5e0a5b02abf6549c8a91df4c336db9819f49e5102318d2335b25761e84cc90bfbeebbf47402fc0f1753b3230ff7d3baa15782478c45c4edae2400056318536cc7225d83e312761698015d3de138076d95e77568aa3cdc4a51cc895f3"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x5a}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000680)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f00000006c0)=ANY=[@ANYBLOB="ec51"], &(0x7f0000000700)={0x40, 0x7, 0x2, 0x2}, &(0x7f0000000780)={0x40, 0x9, 0x1}, &(0x7f0000000940)={0x40, 0xb, 0x2, "1ad8"}, &(0x7f0000000980)={0x40, 0xf, 0x2, 0x32}, &(0x7f00000009c0)={0x40, 0x13, 0x6, @broadcast}, &(0x7f0000000a00)={0x40, 0x17, 0x6, @local}, &(0x7f0000000a40)={0x40, 0x19, 0x2, "8f1e"}, &(0x7f0000000a80)={0x40, 0x1a, 0x2, 0x79}, &(0x7f0000000ac0)={0x40, 0x1c, 0x1, 0x81}, &(0x7f0000000b00)={0x40, 0x1e, 0x1, 0x8}, &(0x7f0000000b40)={0x40, 0x21, 0x1, 0x2}}) ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x40049366, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000008c0)={0x44, 0x0, 0x0, &(0x7f0000000740)={0x0, 0x8, 0x1, 0x1}, 0x0, &(0x7f00000007c0)={0x20, 0x85, 0x4, 0x7}, &(0x7f0000000800)={0x20, 0x83, 0x2}, &(0x7f0000000840)={0x20, 0x87, 0x2, 0x2}, &(0x7f0000000880)={0x20, 0x89, 0x2, 0x1}}) ioctl$HIDIOCGUSAGE(0xffffffffffffffff, 0xc018480b, 0x0) 6.239974988s ago: executing program 3 (id=1118): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) readv(r3, 0x0, 0x0) 6.237449891s ago: executing program 4 (id=1119): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b}, [@call={0x85, 0x0, 0x0, 0xe}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffff}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000007c0)={r0, 0xffffffffffffffff, 0x11}, 0xc) 6.120982797s ago: executing program 2 (id=1120): socket$packet(0x11, 0x3, 0x300) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x2, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 5.986497592s ago: executing program 4 (id=1121): bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) timerfd_create(0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r2}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0) brk(0x200000ffc000) 4.914487622s ago: executing program 3 (id=1122): socket(0x10, 0x3, 0x0) ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f0000000040)={&(0x7f0000ffb000/0x3000)=nil, 0x3000}) prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x8) socket$xdp(0x2c, 0x3, 0x0) r0 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r1, &(0x7f00000000c0)={0x0, {'syz1\x00', 'syz1\x00', 'syz1\x00', &(0x7f00000006c0)=""/83, 0x53, 0x0, 0x0, 0x0, 0x43, 0x10000000}}, 0x120) writev(r1, &(0x7f0000000780)=[{&(0x7f00000003c0)="0e000000", 0x4}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x6a) syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f00000002c0), 0x200480, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 4.761229638s ago: executing program 4 (id=1123): write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) socket$netlink(0x10, 0x3, 0x13) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x1000000007, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x7, &(0x7f00000000c0)="fdffffff", 0x4) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7b130000000000001c0012800b00010067656e65766500000c000280060025004e200000"], 0x3c}}, 0x40800) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) 4.757646085s ago: executing program 0 (id=1124): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="280000006800010002000000fcffff78fc4546032d6ae80500000004000b00000000000000000000a4c50e6e8685aca331aaf1ccd6b8f97c4b75f66a8e99ccaf02ad7c277781c9bc501d071e8a18a7c173cc23ad1f07d674a42a833d34d2139816ed31d1bf09086a2e30b208006f1d4dc2426334c03c56a2e2ebe5a67134a441d4e61cebff0c080daca957a410d9efe473163f29260d946336ed67b2cf760089d628dc1b"], 0x28}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_emit_ethernet(0x145, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbb61703ec696ebbbbbbbbbb86dd6a000000010f1100fc010000000000000000000000000000fe8000000000000000000000000000aa4e204e20010f9078e249000100000000b6aaf5030368c127eb1ddbe5d7941dae704265eacd7d97beaf6b47201658e7732b4fc01ab428ea13b6a5a8f2057ec539f58adb15822fdd9eb676b286e70828cf18931df6be1360596d1eea0600125ecdadbc2ca599a3a0a6f7d3614e1ee5e1913ed0992aadcc6c135db792f9c64d8f1f4094204ac5b3e854013e64c6ec8ec8f2805f617799ca452b03bda23d6f9fb9942295e869a5d9f7fb9979d3f78ecd7b850a5259d3a58470e9342c980078efc4573b1c6aff5e2925386a1d338c109d40b44dafd7710ff6deb5c1c5f3eeb60d121e1043d34d20486e0890cb7753b98addb7661d5a092a0e724267e5a31387e3349b2301be061fce049f696ef17a3264329ad3edeb2bb6ce3f1fecab5bbc7708676d0d73adb9db0e8bd3e80a4ecbda48969df743d97629ee3bf28940f22c40070e7518ea270166bf8923da2f7c1dcdf772f6616c1ac41b6682f3fb0f07da5b31f10207a3fd117922d6f436b9bbf55b377a81e4bea6416c07269f02eff7e9a24a19741c00"/461], 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000340)) getgroups(0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) read$FUSE(r2, &(0x7f00000021c0)={0x2020}, 0x2020) syz_fuse_handle_req(r2, &(0x7f0000004200)="0aca6c6a1bafd2989666a6014bd5e9e63945bda64c1239d970f0d349110c18fe029ac3e29dc9ff9ead2ed3cef0fe77ef8348a82d3da186ce2140d53dfeb34dc1e128dca5a5225db8052bd348c2d1a3de224233032fff8b85c85885c90e9d0c205001db3dfc55d17a7dab1761c1733c465113c056d3bcbaf6a52dbda820a1db5e7d777f6c716e5f60b04cc1c6a362d891cb08fa109c5a00e427f8636059d934f255021cf13d2bc9cff93f049018b8e48f6480d324f08eb83655d3eb5a379ec18c861f596db17bcc23ada65f26a02c4c0c9e3167cc582e93661cdd0dc7581ac1958d9cd08104af251d87d8b5d82150b8cc4ca6d23475f259a8b7d69839cf728a6c478eec56135bdfc6428a318cf2b838d16984d0498d33ac41fe67361bdf5752db6a5ae32979463b60ad6b99527affdcb2b4a0f23b2f140c981b00c99cd25d563ff6c3308b048371eb2e599880a2b67ef9a2282947dbb23a3f1944193a801187f206587a52ee7a33032a842b31fcc0db079c554c97a09e3812aea45702099ab648888d08ae48a187a5acee7b9a2edbc320c64514554e540286053dd2acb9f9ec83435f43193b45b324c8406cdf976bc7607cf9385e99bf5f5205110d0c27abcac49e7ec7deef560f953d2c64bfd014ddcb1b2cbccbe401a312436799235807f4fdf52a9f894656fcbe1e971163e8d743450c49875379522df77d5e8910df837701d135f4589d4d15355e1638eff568a18a0d6217a11acf8fdf0fed0216635215d248aff37d85b62edbc989bc6d4757e6347ec971ae2b1e0d194e6c11dd8f7c108219569e157eceb7c14a288aad98a24de9a81f9ba1dd5271c17adfdf41f3393789c30f9345f6ad4ad1a6bf46640f69f7c038c4fec6652853a3f4fece3c3d15bfdea15f37e961a03de54181724801808a3a9030ba4650ce6fa9e6822c794d7b9da548a2eab977ab0c08b2d985957d5cd70ec677637219c6ca7c7c4d0a7a7ca38c1862583735b46b3addfd1c72cf7f63f11bd85ed59b9ba94db5c2fbd48461ab735b439a992e3a4462545e042e3c863199c006ef3a3be4473b24b782f86a3c1dca9848283bc47f4322273681efa1c8c413dc81a459e4e755846a094971708eb7f428aa67d0c81ce7f33d856e13a342b05eb403af7b4cab191c4ab9d650158808ec74d04f4b765e513b94f10345322e48485d29eb8b1408d7776f98e3625a20220e94789476affdbd19b44bac6bd2fa2b0ba10e93582178a3ef4938dcda25bc6245621b1ced780ca089010e8e51493c1ac7747e949b67fe6e3858e60a1e45a657c080fdc0bcbfcac2ba9d027f02ce30cc7440ce71eac66bb2eb264dcb1306a6054fde6640ca51ec4ccaf500a87f073b58ab286daeefd8d3ec7ee882551f7b6a36ab79a8e10d1d3c234ffaa33e95026025cc39a057efe7823dcb689131b1e83572b4dd1f49097580976c046424618fd6047d46928087d483df952738448d164c9288b15a4982493bf7ebc1976d0942846c8310556732b4cabff937a51e926caa37ae54dea339c2a2a8d73be2ca3a39edcb4ef8bd58a3c4c98c48b9f37a1424b6a54919921d4429611d0dd585d1d357c3c1ad1cf68f36907f8d9c28a14ec2cf2510fe54510111ddd7a67fb8d2f449227da397c32b8dca19971ab9d76e1f6ce0c54c9de1cb1daa1936b62f838170b8b6e7f34168a099619a113c83347ce2c0f6086855385062b6e074b68391e59430236f9ec687a265072f7a40efbef3cfe5bc1cfb364d87a597507811d2bf6af59e20fcf4703caa63285decabcc367ccfb8e27efecb14db8b1167938f457d4117c62f440d807b5482bb223b4b14e9526f9ede33631cdf9fcab53b3fbebc9344ab130d793dad610f2fe41ef388acaebd6cf26aedf7c7c6aaee956cf92c14583bd45b189d43f7b44419df1e0adecc8fbedb357656b7649721f81c2207ebb37e3ae21bdce8c982cbbdec012c7fe587161ff741610fb8ea5883c758527873ca2197b5f1058083c40203cc4dbdf7f4f1388f2309d22a6a1767137703296ad3aeabdbb3529a290da9c6cc5631b2f1ad25c766e3cbd8d9f588bafd17495f572bf1cfe1e8b5bb22130963cca8832f846300bb6dc0baec85b500e1a48fdd14cf0442fe4d441821d7e46fb5e2220c96bfb16ab8ca883a4477bc756dfc6622f320a648cfb57f9de9aef33f9986c6517d1a7eb59348541d6d3494ebe7bc1ed4a86f06411491d176da36de8c8a8d8ea28928bda63fe863277e4325b756421d4d2042428250ed526e538fb930671e9ad517aac494a58aecbc908b512016fe4d8f60b576e230b3206a0c7bd4fef717a8cda0029d13ecc3c8f8686f717adc1440353c236aa71f842839c5ce92c83fbfb57b221271aa6f4029219c3c2ed7a3a53d8ff065ce30d403c95cf69e7963d5bfb63bccb5b28ca125f0d7094072273ce3108093d0ff83ab98393b8e9a87117f4933a8c8ecf353931da3b8dacb20685a65dd865bd6031cd2b0b7e237901c782c6e6ea8742e89dbb01eb925dd6e74c53bd28d3c424cee35eb29823f2138b92516075e00342fa4dbc5b27675a651032c8ffb3da6c5349d0f9b2779778d0cfa1c8d4cc34d4fe95fc435e4768e93d56d2c142f25df1b9afa7d103486842372b36261b96b7b3acc0e78ff20a535ed515ace0cf3300168a7ef42d6bd511c019d0ccd7599ba70cbabc95f34a052fe9d6f97b49dc1cde40d5ebf305797d7d572a61cd38a0cf85f28c5d018648b769327bd9559722d5422754f26c9e5439b42bedf34e31bbc845b99ce315eeeb0383fb3ae021084cedcd843b86831c78441ccc0d2c23de528e53cff785816a3a3d99b4a4684df9546a285203bb615eb480fa8385e90226b27b39a7d50c83babf5ba890da1a8848ba372971347dc34b76370544feb183b9292043f2ef072b69bcff45b1917c073222d50bd585f2173bdae673198b95b67f8387f6d2b2934597c5ce165fd420ddcc01d29d71d532b5d127afc98657845230e363cbb9ecc05b247996ecbfce0e8215ec7dc5e9be115de2e7ebe8fe3e191f455d244ad1ce75c828a2adbbe509589f389936e62dfd1ecdef105162d357cfb22412b64570dcb04fe18bbbe5518985d7316a75a19a16a482105b7fac923e1eefd780d036ccc39e3cc53d2002ccd10004be1694be4110fb062110e1a44ba88acfa282d9c7cdae0cb55f48f7caa3c324d9f52265d21606a20779accdc9f69dd0fc49e4bc2c49891e526561569abe5673533c8a9b6a3004c809d3f7452b02787047d4442df3f4cc5d47e5aa73b7994c113541ea312970f2e741d4fd50a83f5a0293fbd56d619aa4bb3b491606642fcb922b5ccd6bedb442e450609343e18f61abb3a4b2fc69e06a72edc7bcba0da06da3e80f59b737f088d01f0dbcad89003b505fe29bdc8118e3fbcdb90a4f464e0e70d20f093790ae1b9f6f8a904a268cb4bb116404de1bd4c3f9522c36893a902a3a90f52670b7ff2074815329f3fe2c8ccfabe2d812394e6b0e34741abece71b7db0fbf0a80e6c13bc7bba89a4ee01cad9dd76e49cd91690db6fe402640db8b3523c49bcf611a9da991123edcb64ef505906d8ab4b8586e631828402105f045cff3681f2f36e3713be5bcb6af157278b194a51f04d04507231aa6f4d77b4065f2a97894c201b23f7b5f79b029c74fc4c57fff87c03e01210674417c1297155ca7a7fbe855fdcf65561619ffca0099fa08ddc8ddd7f713b2b0c6af0fcc4bd4cba9e9f47debdc6d9e6e2dce63fec20efc51e15d013fadba2707a449dbfd025f1a7c329282c797b2071afb37a89f8d58c1e3b4f06586f00a433161373548b699fabd92771346a25ff10789ca89cbf00f92248c6b8468f22aa4cf7ba90aea16a3cc2b1ee598609dfbe75fb8e11c5003ad0c9ac7205cd35552a53703f06e465633f9653cd670952feb9e77db960ea18914235af757e75204d1f74de9829dfac217d87aecc1c80066426f12e52883bfcd982e54bfdae8ef55f3b70f78bae9e6a1e24388c642cba3b3215602294bb7d68bb6f8e0b24c0b6e99df504c30beb2a7f47b02f9af6511eda25407c30dfdee39ec8db32d93e1e09472474883a87b7b4664bef06d5c0a43793237187acaaa9654f74e5d3bf1ce389befc139fba61378e7b66b4b0d87334732592ebd0e4989373ca541b92d003e67e0292256c256344dbf03ad24540f11cdc174b45d3781c1da793a460ba671373a0fa082ba63f5418733c9907d360c9bc54ba0e2b374de7965a87316df1c7af17164e1b6dfe32d71fb5ba641bb8d6cd6299473f37e44a69e90a87cd2f8a486a0db4eb104bf87d9f7cc87dc294e6debec7e5819f3f26bdf4cac91f8ee94a826df99da39a4bd6d476943428e3f5009546ee569d6273f7ecb115538c6ce8fe150249c89452c2f0cf0796208a216fc2cb55e1b6c892778f15e7f8b78e6e97093572a29ca3600c72feb4e1ef42a225da695b3111777f3833e306f2a90b8ed6095127b0f13be495a3321bf8201955d40f6b486904a4e1f4c9965563d30277b30cb0d1ef375338a25314fc5abce41f1e95118e89455af9e786cdc460e4e48fda5f21cece9b4e5276523d6919e165df5efe59aff13067d3ef0e82259305942b5f25e831dcb72f5c7fa67ceba7678078d8311aefdc91916f8c1db2ac61188b46825707dd26d29aec734df8bebd7474277908b2ba9e77daea20c395253b3cc876e5dcac960556072bec36e14da26c335b509a38dbf3037d620f4765e63b946ef8ada1729b1323acc8b5e436f3967ab7cc033ccb7d0c9cc74d3a3faa2ff2afb1cd571e3749cb0203e70756273fc6a4d80cf646d551f3a801ca513ac587f0ddc8c58870d817ea2671b2ef30be91a45dc730c6636e7de2ec235044b837ed9861dc89e4df342cff52a29ae6b8d5817fe31bb3a74d0202efca5d94b4d232f3dff885bf52f8d43097d069ce81220e8578c630d496b01fc60562bfbfda22fce6ce68564ab31d1a3d38af2d7b73a970b9b30f6c48dc38991da402491b2d643e0f5e71bb9c0aa834006ddf24b7dbb180f68751535d8cc34823ba3d1ddfbfeb6a15655118d4e1e11b255b998006906017ad9978d6cf4a45a669eabf653363391e77a82a9da14d184a50f1421eeb61411e859cf6f98ab0846ed5345b63e3ad004d1ffd1e48e6574ba7d832f7ad1345b8df27f7707245b335ddff2e4ca1430ec44af208e633c25678b3cfee96424ca026b159bb18c1bdc51db6c66e8788e5aadce1d3e531c9b02edc65b846763ee64113c0cd0d23824c4baf3516e2c8e5192afb9fcd390e51b3bcdcc0a49f932a6907b38713e2229aaa9abc5305420f50a2016429012e835407dee7d8d0b8404655620c3df407e7be2a5a1e668341dd91224509ffd48db6861f558d098954f83aeb6e426099cc4291da311c37bd46c8d80c3ea975e0db6ce12dbdae9116bf08909431fd5483f7cb3076d33a900d56c26d6f151386abb32ea335f5337683201a1ce5d9df25c5df29a375d2680827e182b1aa0813ee7f9d273d7ce1b86194a8cf48d630a5be0b947245c1ee0a0645500ce2ced6dade1b63c0e7572260cce25636778d79ef11ed5e3c42835c8e53a6d26cf85293050cedee2a116e5f38b9cae91a503ec9e0cf784d9cfdccedf95971540ec37926eb43b27cbff1d96b83f80018e6afec70523b6672111a47f9922db34da15d7ca3cc3a77f1abe7221b72d43d2cb4c23fd2bff6cd5ef6b31b6a4c65babcdc918b0d99fad656e471a20a8f4b66d6e37877da1a8b7fb7a8692d6d578ff953b18deebea1353f915102e4d2064dcf8eb0965a2f4c2eeda70b4177dedd7597797ec76bb72ee422ec4d16e494ed77c9bd843ee01885cc3aba1f77806e8f501b856935494918ef83379ac5ae1e06697606053a8c5c880975d1f085c93f2adb1bd2c6ae07c29bbb245cac4726a20a2f61ded013722eee8878933a90319cc8cab7a2bc69dbc79767ba18fcdd8f9ba7de44e9f0575994b28aa9e3e7b4c1f2ce0eee264dfefe3e1600cd969683551894d28b690122093105133b22ee04a50f4883274cb929beb1bb45444ca5d470c0ac611c4990eefea25526f590b269ad40d23842c5b5996c1cb393dbff28a7e2f7cf04ac30fbc2d29ece6708fad830bc523fa52d2ebbfda27379e8c48d085b260a2dfc2e8d7e1a94a245b518612bfc9ca0260c8fdede5298bf584e5d71fc131f5eb6ad2dd7bfd42a77f523eb0aaa787003fb71b9a64fa783e918595af0413fcc0d7818a514c055a48ba9b1bbc6c974f7cb55c3af3edf117835d169e5e2b31e4278d0419b23625ae004171eb2ef8c231a61331886234b402886b4993ca6376f8664134cead1bea142bbed5d46e3bb71b0f8a4cec0c79a9b5f6c823128d02063967a5363b6bd6e242fa3fd21953fdb57725f1eda22984bcff8e40f2076fc0a462706dc2bd95dc447a2aec2a8a4808f2930ff1353348942e28204af42141fa120c8e5fa9c225d16f3624deb2ce178fdf594db504159bbf475e8bee281e3c8ebb29b404b3fbd13dea76df5aee05ad6a85054b838e149d0ebfabe61dcbda6c3494e170e75633843a01e2458b526ac5424177d6bc4706a09694be1c372cc79cf7c4d82ff4e62489d1fc7819d749710035a6fac239d716b57a1af1346c1e8420dc8ae46fd18245160d43a40c564bf11f0232bfd1fed67ba1aebce120ee93a0a000570b808d9fcd60b622c59ad53ef535c1db7de15b52ed2540708eb5baa7195e1a86990b6611ad5c50127f7e876f8031856e9a2c0566f357d6c75e6ca5f217d428602fa7c8f7fb9f3abbefee76d88b3b08c3be2f0d093ce96c6a00f3a157dc0a05e1fc5d8de583c25e09c77348f5825fcd4631396f3e8c26f5c1432784eb8c377fb520d28aedcaa5addfda6eed11da4d2cc91c2e3c3728c763c9d58283af32d00aa1910011a552adabee99d1387d14e582cf68fea46b729eddd0d3ad8eb9125d5fb060f4d6f70a166cc3ce9b02a7bc65200399fc2a47b90039ac23afb853925195e8079da20cbffea72365158fbd94a6e0a654f6c09a8032fb26df99913c2300e03428ab3cd1b3f7aee15460732d445b4797673b47a93a325b2e5157106ade0959be9c4562d5a4292a9ac94940c66375e559f34e57a1158b5d77a5dc9515bdab63799627301f19398d84c7afde812100a65a1642e9515a30434d344b380a92eeb2013a0f63cba648c37095bfd985c607b120f1769a79f1fd7c03f09f966b72945606ade67f9aaa631948bb82f9ae3f89ecf6db12c02d174f62ad6e1b60f4819ae19f4979e0f9dcf51bedf4b1bd1de73bc2adb1923544ede6dbd40ed4c559cf1f079f5dc8986691540e13f5a2505cc0923ca8fe2608ec92b95dbb5facc320e43b2049b79eb02618f6fab08b7e9dbe00fcd69b338b1bb6a9beae531972e16a19d94bd2273c4d042eca34dd7c5aebfbf16552681ad4e243824a9c5d0d8b8d3aba4c102fb76c216c230c2ec34838a0817b03a04480c61c899b2e442bcf2567d4e73000d9c9d4d0acb712df0183fc288634cfde234b94fdbbc0b7e66ea5b6437f312167b1ea93e2a6b2105308d8198a2d4054ba2ff2855250e0e6c952364056e2d3d09e5a2c578837d6521ffb82780f169d07f2f032b34d62f2712a77a56175017257ea1caea41acbbc520b429bd4e3ec3f9a6eafce46731dd3396f1ce1a6198927fd2dbefb3f77c9173be0934747ca47b98c6548c8cd07249d9715414b8a8ddc8430575d8b8903d3923089282a3ccead6e11044c67f3d5d8ed8cc0c0331f2dc09e1bae77ab55307e6445ad382451eff64faca8a4c0cba7cfa2fc9b087afb040e594115c35ce1dbec69ef1e5af8003339afda5faa1be1a3da7c5cb84273009c32d300fba7d222d2dc783241a9414ee30c8bd7e655c09a7f50dfb249ae9b15284b971503f6ce8866a1b36f993acf28d387da88c8defd323d1cd91d4eb46ff87458269a134675556b067a1b71829b7706ba58c93a919884089dc333c9b5d8279dbcc20071991762d2569c8ff5f21783e2961228b2006f8805750c0f9f4f9dc3df86dae1ab98af22122966a6ba04ccbb2bdf90e91e1f2595b979b6934fe132eda34cec0f83132f3867a197a6dfd0d43528bd56613732704bb62b12f4ede7439b2150384fa04db658fda2ddf97ab571f02d150c50c95009d0aa2e553019ac1cf9bbaf15474bf66d69224913b11080badb47d4a085fa13e965de6e95b7aa6e07bb212774d0240738cc07ccc1670d33c100cead3fb99c3f32fdd97c9b16956b1c22a90cd5c7aa0d920dae9e2b149fb5f9870129a0e97d1edba0dbf8fc4fcca6c65c639dd3eaa8803b1e9e601907e086ed1079ff6bc6de941c91df0634ce3730b8035bfdfa699304666920bfb092354da1f0bdd28c9023bd2e152e931e82eeabb86b0323c789daac94422eb7855f18775917e12feb85019e2e017303002ff8e04513ae0fb03f334a76addd8fcbd69ed25931f44044eeffb5d66cab5a22b21e85324946ab15408dd5d68b17727d2e4779bc378750eaa6ef6e943966c0dc4d066c6b8b8945023a0fc49f81a9c15a35d350e3d741652b8a8014b3649dcfd028f25c0b38b7cc14f7e375acfd3960af2eefc49ac6589f38791c9c0b0ea4e55992274052eed15cb8de213794636c4db2385eb9bcfc28f8a97e7c7ac949cd519ab62d1ab10d855a7ac6acda00b78d35d80a9ab4b7099603782384c461dee90abcc14a539779435cf0677eb0b6ff7e47488667788f9b0fd7d5e0cf53aee5ca0071fa30c062da3c44e79096e24594c6e202b7cdbdc49be2ddac8058c7ded15f07d4c413886fdd7017b9fedb86e39917fd1e81b294675bde06c8fac0dbce7f4b90b3859c66f9f6fec640c6781728a8b347da28b4360924ef68c3c740ed5ddbf013720c6de54d9bce5232864f9e80a652cd778641c327876b2a3e1049355a58fb5054aa17064e97142d64be9daf5d1b162566a009c69133f60e3d4c2a53c153185c659d16236fcc1690eed8c6c2e4f8b172eec457a9407003ddad723e3b183e81b17ddbe46ba368ab3e3ff574d9e3fb82e102ab46d7f608e235d064ea963fdf1622ed7278a27fd8210ad39c3acd9069abba71ca051b64561683068ca6a1be906c196ddde1839b3897d5af8fee51614d73e51511b03a5763f3ed3e64bf7293118dc321cf5e940a2829c6b8550083d66d31680fb55af098d9ccebde9882f818c29f4cbb55c26a97c359d8606bff3744ff3efc22e8d34e67b7c97b567483963c574bd1dac8c46c911c48b6e29e73e52f8c9385729a73b70d2ebba9e744247d9003a962fd607686e6c5972b59616acfe327d8b736f38c703832d7690c6474641bf87538e785353c1fd7df1b5ecb1200eed8c5857abd16c26ae72d0147de475b0c4bc98dbff530b334c9c50607bd46ddbcb1ffebf7513cc842e4cdd6c8c00a284e81cb531a04f75210add4f73db3da9783694fc541cd470368c8776973f02835dc355ef54ca90a580a45a2df6137c43b151ade1e51bc879e7fb43141541bfab79b3eaf0eab323c7147ecce6eb3eb3eb02a204755cdcc7405ad903b91fa4d297262cf77fe395a18e269ec36bd534d4939e78719d7c312ce5205979b2fb92fbf9e1d1effb0f663b9361893fcb11bfd66c92af3394e899876990883e9f5374b5642c68e8468498612e3848d367598c2cb0806b7f0c7f4b004dde2b4cc50161a4d293f2ec89c4cd35a767736f9282f848b9d1cdf405f61abcb3e50ff4092d2afb86fdceeec4791d892546e29495f97876cd8015f193113f1b8584a9ff3f32650e29126b81254961e677b6f67023295567f574364b7320313db988616ac123368179beaabb5a56257f0b6df8f6956324ac31d3e8db83dc994425ad80e235051af62ec79a6dc4bfa36283af72af26136c8f5eeb32e1fa1b9e21a228a2a12aed39e717e8f404334d8367ef3edceab1f3e250ab9dc1e89f9b84e658d38806f4d4a09ff07ca539077a5a496699a9d7d4aafa78120eb90f404c2a6ae00aa1c813b25cb6ff9dab8b66b1dd83c80c1225aa24a47df3cbff7f6842d9486bbcd4179150e1bcad3caa604ac1db71aac913c9d3cbc154182187e2aeb852011b22e40b25f9cb31ab7f458a11b1836085c4a99a633215684e7fc70646ee2158faf8329c320a3bc050cdbbac216a18a88af2dd1bb4d648110c5c90f7f5948128eafbe36c01ea709ca8b5fb8ad9eb7384feb7055220aed45690664b0312052792a5b9dfc90a1248995cf68f80b7822fa577724ad143b1d987d2fae7992d3ad270e6b1fc4f1bb3130f134607e8129a6b1442ac05f114062be3604d7cf1595022f49e7cc55282f0f666ad6ff3b03d692c2a66fc2eb5fd0751e4514229861e2343d43162dcbdec156aa5f2c5f9aafaf470f17e5ed688b3516647b9a1a220e843791ddda20fcc444ef63ba31fc27e62fee4676f097f3fecc625755b26ad48dc7ceec1920443c6c466c7bb36e91082f115f4e563a562af1ce5cf37c45bb2da72ab39ecf00e0349eed7e87994b6670e8bde4f4f9142cb99f6bf36eb41bb4dc72b6c6a6686b63fa21c167b1ba5ff481abcc2ca29905d6b75eff932296d75a90080f3a727690eab0e804aa95b545f55107d308f4cd9884d75c28388151a72e82291f79eb52921718903a8bf029a3e7c0ce28f204926dc221f78711a08834a917a0843d8249ca317c7154b88a5a10a09d7477fcf2d6296725bb6a69c2739964a768cd6ae51d7e7de63bb17fe7fabebb0ee46c285c683a41203d059a5c89024a7f3c59915121921000075ed397d30ada6d56e6caa685cb98cc0bf279fa2d96408611ae7e43c3bf70f73148c6615f20060b5c337c6555a3bdb1870bededac9eff951cf1c7fd4f0046d7661789bcfd56fe6198b502e01f90333ad6e9354db449435d0506526bb0c65595dead87be428eb1b988906de152f9a7f126ede6b933c2de1f7d20ec3e64c7468906fba2bdea8b300bab203542dec13a90e4195b3f7da1b669bfe9e8989440b24807ffd44d9e3d61e098caaa029a7063d25604cbacc5f2b3671a163b80a440948230ae90dc3bd7fd46b667cc7d6dba2f53775e9a2180ced0e1cdc6e1275e741607d6dfe40f91ec81602f9bc7c26c322b82114949fd17a9284dd2918326b7880f42db6e468b80f980db98e31ad57be1f131407a0d099cbad9eff25916048e4210c0eb0b68d4d11cc1545cb46114b3969ad0d7a6570b7571c877ed8060cf8b736f8c82ddb64d19fc29af3453f0efe33c68c21c7c8c054707790cf5c056d0ba408d077fb65cef8fb071398ce35cc95c48ba546230f4dd60ad633f81478c87019736044783599a17d4dafd30cc6f4278cae2384763ff2ef395b8e7265ebf0453cef5c98e62a0e48ad422af17a4eee1acc10a51a3fb6e98594309e4976f71027dfe7a9593cdb6860cba745f2346c8d4868b07f381d3c137b396780545e0ea331e586b176821e45f67761fd8b4c6cbbecfd34b72201f6145a6b06eaa8fa9872a54734acbccad497390ff69f676c496258479aa06d9fd1ecec02a01216fd66554afbd5e728608f4572a4d485e57ff5bfc3df", 0x2000, 0x0) gettid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)) r3 = socket$kcm(0x10, 0x400000002, 0x0) getsockopt$sock_int(r3, 0x1, 0x7, 0x0, &(0x7f0000000100)) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000200)={0x0, 0x10000000, 0x0, 0x3d0, 0xffffffff, 0x8}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r4 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x96b, 0x1f480, 0xffffffff, 0x79b}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x20}}, 0x0) io_uring_enter(r4, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x90}}, 0x0) getpeername$netlink(r5, &(0x7f0000000000), &(0x7f0000000180)=0xc) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) 4.503957524s ago: executing program 2 (id=1125): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4008890) getsockopt$inet_mptcp_buf(0xffffffffffffffff, 0x11c, 0x4, 0x0, &(0x7f0000000080)) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$TIPC_MCAST_BROADCAST(0xffffffffffffffff, 0x10f, 0x85) r1 = socket$inet(0x2, 0x2000000080002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x100000000000000, 0x80, &(0x7f00000001c0)=@broute={'broute\x00', 0x4000, 0x0, 0x90, [], 0x2, 0x0, &(0x7f0000000100)=[{}, {}, {}]}, 0x108) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{0x0}, {&(0x7f0000000d00)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fbc84589ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462a", 0x2ef}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x0) 3.696446067s ago: executing program 4 (id=1126): r0 = syz_open_dev$radio(&(0x7f0000000140), 0x0, 0x2) r1 = dup2(r0, r0) read$proc_mixer(r1, &(0x7f0000000080)=""/8, 0x8) read$msr(r1, 0x0, 0xff63) socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@newnexthop={0x28, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}, @NHA_FDB={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) 3.385740094s ago: executing program 2 (id=1127): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x1c79, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000100)={0x504, 0x8, 0x101, 0x9, 0x4f, "0840950887d026d76d7fcb456b00", 0x9, 0x3}) openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x40300, 0x0) 3.315226035s ago: executing program 3 (id=1128): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = fanotify_init(0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000) ioctl$X86_IOC_RDMSR_REGS(r5, 0xc02063a0, &(0x7f0000000000)=[0x8, 0x8, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1]) fanotify_mark(r0, 0x455, 0x4000000b, r1, 0x0) r6 = syz_create_resource$binfmt(&(0x7f0000000140)='./mnt\x00') r7 = openat$binfmt(0xffffffffffffff9c, r6, 0x42, 0x1ff) close(r7) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='maps\x00') read$FUSE(r8, &(0x7f0000005200)={0x2020}, 0x2020) write$uinput_user_dev(r8, &(0x7f000001b000)={'syz1\x00', {0x0, 0x0, 0x4, 0x9}, 0x52, [0x8, 0x4, 0x1, 0x80, 0x4, 0x6, 0x10, 0xffff, 0x7, 0x2, 0x6, 0x7, 0x9, 0x0, 0x8, 0xf3, 0x9, 0x0, 0xd9, 0x2, 0x9, 0x7fff, 0x9, 0x0, 0x9, 0x0, 0x3, 0x0, 0x7, 0xa, 0x1, 0x7fff, 0xd, 0x6, 0x0, 0x0, 0x4, 0x9, 0x10, 0xd9a, 0x8000, 0xb19, 0x6, 0xf, 0x401, 0x3, 0x401, 0x18, 0x7f, 0x3, 0xd8, 0xc1, 0x751, 0x101, 0x5, 0x80, 0xb, 0x36, 0x66cf, 0x0, 0x0, 0xb, 0x2, 0x4456], [0x22, 0x6, 0x0, 0xe045, 0x2, 0xfffffff9, 0x9, 0xfffff800, 0x1, 0x3, 0x8000, 0x401, 0x3, 0x80010000, 0xa, 0xa, 0x7, 0x2, 0x9, 0x5, 0xfffffffc, 0x8000, 0x5, 0xe4, 0x4, 0x46e, 0x81, 0x8, 0xc548, 0xffffd04f, 0x1, 0x7, 0xe9a, 0xd, 0x8, 0x1, 0x5, 0x3, 0x10c2, 0x3, 0x2400, 0x3, 0x200, 0x3, 0xfffffffb, 0xf415, 0x2, 0x80000000, 0x503, 0x1, 0x7, 0x4, 0x9, 0x7fff, 0x80000000, 0x222, 0x7e0, 0x1, 0x5, 0x0, 0xffffffff, 0x4, 0x9, 0x6], [0x5, 0x81, 0x7f, 0xff, 0xf, 0x1, 0x3, 0x2, 0x8, 0x64, 0x7f, 0x0, 0x1, 0x5, 0xf4, 0xf97, 0x7, 0x4, 0x8, 0xb20f, 0x0, 0x8000, 0x1, 0x7, 0x1, 0xecec, 0x6, 0x3, 0xfffffffa, 0x3e97, 0x4, 0x3, 0x8, 0x4, 0x2, 0x6, 0x4, 0xf, 0x200, 0x1000, 0x4, 0x400, 0x1, 0x10, 0x1, 0x9, 0x4, 0x5, 0x6, 0x1, 0x0, 0x4, 0x0, 0x4, 0xfffffff8, 0x2, 0x2, 0x3, 0xd9, 0x0, 0x0, 0x5, 0x4, 0x7dc7], [0x9, 0x5, 0xb6a, 0x6c, 0x1, 0x2, 0x10000, 0xd, 0x3, 0xa5, 0xf7, 0x7f, 0x80000000, 0xa0d, 0x9, 0x6, 0x4, 0x5, 0x8, 0x0, 0xb, 0x1, 0x7fffffff, 0x5, 0x4, 0x7, 0x1, 0x0, 0x5, 0x9, 0xd9, 0xa, 0x6796, 0xd, 0x7, 0xc691, 0x4554, 0x6, 0x4, 0x7, 0x5, 0x3, 0x1, 0x2b, 0xa, 0x8, 0x80000001, 0xe8, 0x800, 0x3, 0x8, 0x29, 0x0, 0x3, 0x8, 0x6, 0x8, 0x9, 0x0, 0x9, 0x6, 0x178, 0x3, 0x4]}, 0x45c) execveat$binfmt(0xffffffffffffff9c, r6, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) lchown(&(0x7f0000000080)='./file1\x00', 0x0, 0xffffffffffffffff) r9 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000013000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="0f08b9820400000f32b805000000b9050000000f01d966ba410066ed0fa80f01c40fc72a36f4c4e2fd40db66ba6100b83e9f0000ef", 0x35}], 0x0, 0x2c, 0x0, 0x0) 3.100861831s ago: executing program 0 (id=1129): close(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) shmdt(0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000000)=r4) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, &(0x7f0000000380)=""/240, &(0x7f0000000900)=""/103, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000980)=0x1) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f0000000380)={0x0, 0x3, 0xf}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'gre0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x9, 0x100008, 0x8000, 0x0, 0xfe, 0x6, 0x3, 0xfc, 0x9d, 0x1, 0x0, 0x800, 0x1, 0xfa, 0x0, 0xfffffefd, [0x0, 0x2]}}) time(0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) bind$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') r5 = syz_open_dev$vim2m(&(0x7f0000000140), 0x8000008, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000000)=0x1) 2.114033825s ago: executing program 3 (id=1130): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = fanotify_init(0x0, 0x0) r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = getpgrp(0x0) sched_setaffinity(r4, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000002000)=""/102400, 0x19000) ioctl$X86_IOC_RDMSR_REGS(r7, 0xc02063a0, &(0x7f0000000000)=[0x8, 0x8, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1]) fanotify_mark(r2, 0x455, 0x4000000b, r3, 0x0) r8 = syz_create_resource$binfmt(&(0x7f0000000140)='./mnt\x00') r9 = openat$binfmt(0xffffffffffffff9c, r8, 0x42, 0x1ff) close(r9) r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='maps\x00') read$FUSE(r10, &(0x7f0000005200)={0x2020}, 0x2020) write$uinput_user_dev(r10, &(0x7f000001b000)={'syz1\x00', {0x0, 0x0, 0x4, 0x9}, 0x52, [0x8, 0x4, 0x1, 0x80, 0x4, 0x6, 0x10, 0xffff, 0x7, 0x2, 0x6, 0x7, 0x9, 0x0, 0x8, 0xf3, 0x9, 0x0, 0xd9, 0x2, 0x9, 0x7fff, 0x9, 0x0, 0x9, 0x0, 0x3, 0x0, 0x7, 0xa, 0x1, 0x7fff, 0xd, 0x6, 0x0, 0x0, 0x4, 0x9, 0x10, 0xd9a, 0x8000, 0xb19, 0x6, 0xf, 0x401, 0x3, 0x401, 0x18, 0x7f, 0x3, 0xd8, 0xc1, 0x751, 0x101, 0x5, 0x80, 0xb, 0x36, 0x66cf, 0x0, 0x0, 0xb, 0x2, 0x4456], [0x22, 0x6, 0x0, 0xe045, 0x2, 0xfffffff9, 0x9, 0xfffff800, 0x1, 0x3, 0x8000, 0x401, 0x3, 0x80010000, 0xa, 0xa, 0x7, 0x2, 0x9, 0x5, 0xfffffffc, 0x8000, 0x5, 0xe4, 0x4, 0x46e, 0x81, 0x8, 0xc548, 0xffffd04f, 0x1, 0x7, 0xe9a, 0xd, 0x8, 0x1, 0x5, 0x3, 0x10c2, 0x3, 0x2400, 0x3, 0x200, 0x3, 0xfffffffb, 0xf415, 0x2, 0x80000000, 0x503, 0x1, 0x7, 0x4, 0x9, 0x7fff, 0x80000000, 0x222, 0x7e0, 0x1, 0x5, 0x0, 0xffffffff, 0x4, 0x9, 0x6], [0x5, 0x81, 0x7f, 0xff, 0xf, 0x1, 0x3, 0x2, 0x8, 0x64, 0x7f, 0x0, 0x1, 0x5, 0xf4, 0xf97, 0x7, 0x4, 0x8, 0xb20f, 0x0, 0x8000, 0x1, 0x7, 0x1, 0xecec, 0x6, 0x3, 0xfffffffa, 0x3e97, 0x4, 0x3, 0x8, 0x4, 0x2, 0x6, 0x4, 0xf, 0x200, 0x1000, 0x4, 0x400, 0x1, 0x10, 0x1, 0x9, 0x4, 0x5, 0x6, 0x1, 0x0, 0x4, 0x0, 0x4, 0xfffffff8, 0x2, 0x2, 0x3, 0xd9, 0x0, 0x0, 0x5, 0x4, 0x7dc7], [0x9, 0x5, 0xb6a, 0x6c, 0x1, 0x2, 0x10000, 0xd, 0x3, 0xa5, 0xf7, 0x7f, 0x80000000, 0xa0d, 0x9, 0x6, 0x4, 0x5, 0x8, 0x0, 0xb, 0x1, 0x7fffffff, 0x5, 0x4, 0x7, 0x1, 0x0, 0x5, 0x9, 0xd9, 0xa, 0x6796, 0xd, 0x7, 0xc691, 0x4554, 0x6, 0x4, 0x7, 0x5, 0x3, 0x1, 0x2b, 0xa, 0x8, 0x80000001, 0xe8, 0x800, 0x3, 0x8, 0x29, 0x0, 0x3, 0x8, 0x6, 0x8, 0x9, 0x0, 0x9, 0x6, 0x178, 0x3, 0x4]}, 0x45c) execveat$binfmt(0xffffffffffffff9c, r8, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) lchown(&(0x7f0000000080)='./file1\x00', 0x0, 0xffffffffffffffff) r11 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000013000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="0f08b9820400000f32b805000000b9050000000f01d966ba410066ed0fa80f01c40fc72a36f4c4e2fd40db66ba6100b83e9f0000ef", 0x35}], 0x0, 0x2c, 0x0, 0x0) 2.075816739s ago: executing program 1 (id=1131): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = fanotify_init(0x0, 0x0) r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = getpgrp(0x0) sched_setaffinity(r4, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000002000)=""/102400, 0x19000) ioctl$X86_IOC_RDMSR_REGS(r7, 0xc02063a0, &(0x7f0000000000)=[0x8, 0x8, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1]) fanotify_mark(r2, 0x455, 0x4000000b, r3, 0x0) r8 = syz_create_resource$binfmt(&(0x7f0000000140)='./mnt\x00') r9 = openat$binfmt(0xffffffffffffff9c, r8, 0x42, 0x1ff) close(r9) r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='maps\x00') read$FUSE(r10, &(0x7f0000005200)={0x2020}, 0x2020) write$uinput_user_dev(r10, &(0x7f000001b000)={'syz1\x00', {0x0, 0x0, 0x4, 0x9}, 0x52, [0x8, 0x4, 0x1, 0x80, 0x4, 0x6, 0x10, 0xffff, 0x7, 0x2, 0x6, 0x7, 0x9, 0x0, 0x8, 0xf3, 0x9, 0x0, 0xd9, 0x2, 0x9, 0x7fff, 0x9, 0x0, 0x9, 0x0, 0x3, 0x0, 0x7, 0xa, 0x1, 0x7fff, 0xd, 0x6, 0x0, 0x0, 0x4, 0x9, 0x10, 0xd9a, 0x8000, 0xb19, 0x6, 0xf, 0x401, 0x3, 0x401, 0x18, 0x7f, 0x3, 0xd8, 0xc1, 0x751, 0x101, 0x5, 0x80, 0xb, 0x36, 0x66cf, 0x0, 0x0, 0xb, 0x2, 0x4456], [0x22, 0x6, 0x0, 0xe045, 0x2, 0xfffffff9, 0x9, 0xfffff800, 0x1, 0x3, 0x8000, 0x401, 0x3, 0x80010000, 0xa, 0xa, 0x7, 0x2, 0x9, 0x5, 0xfffffffc, 0x8000, 0x5, 0xe4, 0x4, 0x46e, 0x81, 0x8, 0xc548, 0xffffd04f, 0x1, 0x7, 0xe9a, 0xd, 0x8, 0x1, 0x5, 0x3, 0x10c2, 0x3, 0x2400, 0x3, 0x200, 0x3, 0xfffffffb, 0xf415, 0x2, 0x80000000, 0x503, 0x1, 0x7, 0x4, 0x9, 0x7fff, 0x80000000, 0x222, 0x7e0, 0x1, 0x5, 0x0, 0xffffffff, 0x4, 0x9, 0x6], [0x5, 0x81, 0x7f, 0xff, 0xf, 0x1, 0x3, 0x2, 0x8, 0x64, 0x7f, 0x0, 0x1, 0x5, 0xf4, 0xf97, 0x7, 0x4, 0x8, 0xb20f, 0x0, 0x8000, 0x1, 0x7, 0x1, 0xecec, 0x6, 0x3, 0xfffffffa, 0x3e97, 0x4, 0x3, 0x8, 0x4, 0x2, 0x6, 0x4, 0xf, 0x200, 0x1000, 0x4, 0x400, 0x1, 0x10, 0x1, 0x9, 0x4, 0x5, 0x6, 0x1, 0x0, 0x4, 0x0, 0x4, 0xfffffff8, 0x2, 0x2, 0x3, 0xd9, 0x0, 0x0, 0x5, 0x4, 0x7dc7], [0x9, 0x5, 0xb6a, 0x6c, 0x1, 0x2, 0x10000, 0xd, 0x3, 0xa5, 0xf7, 0x7f, 0x80000000, 0xa0d, 0x9, 0x6, 0x4, 0x5, 0x8, 0x0, 0xb, 0x1, 0x7fffffff, 0x5, 0x4, 0x7, 0x1, 0x0, 0x5, 0x9, 0xd9, 0xa, 0x6796, 0xd, 0x7, 0xc691, 0x4554, 0x6, 0x4, 0x7, 0x5, 0x3, 0x1, 0x2b, 0xa, 0x8, 0x80000001, 0xe8, 0x800, 0x3, 0x8, 0x29, 0x0, 0x3, 0x8, 0x6, 0x8, 0x9, 0x0, 0x9, 0x6, 0x178, 0x3, 0x4]}, 0x45c) execveat$binfmt(0xffffffffffffff9c, r8, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) lchown(&(0x7f0000000080)='./file1\x00', 0x0, 0xffffffffffffffff) r11 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000013000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000080)="0f08b9820400000f32b805000000b9050000000f01d966ba410066ed0fa80f01c40fc72a36f4c4e2fd40db66ba6100b83e9f0000ef", 0x35}], 0x0, 0x2c, 0x0, 0x0) 1.93674648s ago: executing program 2 (id=1132): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) readv(r3, &(0x7f0000000800)=[{&(0x7f0000000340)=""/48, 0x30}], 0x1) 0s ago: executing program 2 (id=1133): bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x3c, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) timerfd_create(0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r2}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0) brk(0x200000ffc000) kernel console output (not intermixed with test programs): .623" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x0 [ 343.899734][ T30] audit: type=1326 audit(1767690392.871:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8391 comm="syz.1.623" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fef9cf8f749 code=0x0 [ 344.115613][ T6849] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 344.290299][ T6849] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 344.306138][ T6849] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 344.324229][ T6849] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 344.336008][ T6849] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.659044][ T6849] usb 3-1: usb_control_msg returned -32 [ 344.664656][ T6849] usbtmc 3-1:16.0: can't read capabilities [ 344.873374][ T8406] netlink: 'syz.2.624': attribute type 1 has an invalid length. [ 346.709051][ T5873] usb 3-1: USB disconnect, device number 18 [ 347.743959][ T8422] FAULT_INJECTION: forcing a failure. [ 347.743959][ T8422] name failslab, interval 1, probability 0, space 0, times 0 [ 347.786227][ T8422] CPU: 0 UID: 0 PID: 8422 Comm: syz.0.629 Tainted: G L syzkaller #0 PREEMPT(full) [ 347.786251][ T8422] Tainted: [L]=SOFTLOCKUP [ 347.786255][ T8422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 347.786262][ T8422] Call Trace: [ 347.786266][ T8422] [ 347.786270][ T8422] dump_stack_lvl+0x16c/0x1f0 [ 347.786289][ T8422] should_fail_ex+0x512/0x640 [ 347.786306][ T8422] ? kmem_cache_alloc_noprof+0x62/0x770 [ 347.786319][ T8422] should_failslab+0xc2/0x120 [ 347.786334][ T8422] kmem_cache_alloc_noprof+0x83/0x770 [ 347.786345][ T8422] ? io_submit_one+0x122/0x1e70 [ 347.786359][ T8422] ? io_submit_one+0x122/0x1e70 [ 347.786369][ T8422] io_submit_one+0x122/0x1e70 [ 347.786381][ T8422] ? __lock_acquire+0x436/0x2890 [ 347.786395][ T8422] ? lockdep_hardirqs_on+0x7c/0x110 [ 347.786416][ T8422] ? __pfx_io_submit_one+0x10/0x10 [ 347.786432][ T8422] ? __might_fault+0xe3/0x190 [ 347.786442][ T8422] ? __might_fault+0x13b/0x190 [ 347.786455][ T8422] ? __x64_sys_io_submit+0x1a9/0x370 [ 347.786466][ T8422] __x64_sys_io_submit+0x1a9/0x370 [ 347.786478][ T8422] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 347.786489][ T8422] ? fput+0x70/0xf0 [ 347.786504][ T8422] do_syscall_64+0xcd/0xf80 [ 347.786519][ T8422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.786531][ T8422] RIP: 0033:0x7f691738f749 [ 347.786540][ T8422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.786551][ T8422] RSP: 002b:00007f691815d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 347.786562][ T8422] RAX: ffffffffffffffda RBX: 00007f69175e5fa0 RCX: 00007f691738f749 [ 347.786569][ T8422] RDX: 0000200000000340 RSI: 0000000000000001 RDI: 00007f69155d3000 [ 347.786576][ T8422] RBP: 00007f691815d090 R08: 0000000000000000 R09: 0000000000000000 [ 347.786582][ T8422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 347.786588][ T8422] R13: 00007f69175e6038 R14: 00007f69175e5fa0 R15: 00007ffc968c3c98 [ 347.786603][ T8422] [ 348.938795][ T30] audit: type=1400 audit(1767690397.991:391): avc: denied { shutdown } for pid=8434 comm="syz.2.636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 348.960289][ T8435] FAULT_INJECTION: forcing a failure. [ 348.960289][ T8435] name failslab, interval 1, probability 0, space 0, times 0 [ 348.979005][ T8435] CPU: 1 UID: 0 PID: 8435 Comm: syz.2.636 Tainted: G L syzkaller #0 PREEMPT(full) [ 348.979035][ T8435] Tainted: [L]=SOFTLOCKUP [ 348.979041][ T8435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 348.979052][ T8435] Call Trace: [ 348.979058][ T8435] [ 348.979064][ T8435] dump_stack_lvl+0x16c/0x1f0 [ 348.979092][ T8435] should_fail_ex+0x512/0x640 [ 348.979117][ T8435] ? kmem_cache_alloc_noprof+0x62/0x770 [ 348.979138][ T8435] should_failslab+0xc2/0x120 [ 348.979162][ T8435] kmem_cache_alloc_noprof+0x83/0x770 [ 348.979179][ T8435] ? __pmd_alloc+0xbf/0x9c0 [ 348.979206][ T8435] ? __pmd_alloc+0xbf/0x9c0 [ 348.979227][ T8435] __pmd_alloc+0xbf/0x9c0 [ 348.979247][ T8435] ? __pud_alloc+0x57a/0x760 [ 348.979271][ T8435] __handle_mm_fault+0xbeb/0x2bb0 [ 348.979305][ T8435] ? __pfx___handle_mm_fault+0x10/0x10 [ 348.979345][ T8435] ? find_vma+0xbf/0x140 [ 348.979364][ T8435] ? __pfx_find_vma+0x10/0x10 [ 348.979387][ T8435] handle_mm_fault+0x3fe/0xad0 [ 348.979417][ T8435] do_user_addr_fault+0x7a6/0x1370 [ 348.979442][ T8435] ? rcu_is_watching+0x12/0xc0 [ 348.979462][ T8435] exc_page_fault+0x64/0xc0 [ 348.979483][ T8435] asm_exc_page_fault+0x26/0x30 [ 348.979500][ T8435] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 348.979528][ T8435] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 348.979545][ T8435] RSP: 0018:ffffc9000413fa48 EFLAGS: 00050206 [ 348.979559][ T8435] RAX: 0000000000000001 RBX: 00002000000055c0 RCX: 0000000000000038 [ 348.979570][ T8435] RDX: fffff52000827f5a RSI: 00002000000055c0 RDI: ffffc9000413fa98 [ 348.979582][ T8435] RBP: 0000000000000038 R08: 0000000000000001 R09: fffff52000827f59 [ 348.979592][ T8435] R10: ffffc9000413facf R11: ffff888049a854b0 R12: 0000000000000000 [ 348.979602][ T8435] R13: ffffc9000413fa98 R14: ffffc9000413fb80 R15: ffffc9000413fa98 [ 348.979628][ T8435] _copy_from_user+0x98/0xd0 [ 348.979661][ T8435] copy_msghdr_from_user+0x98/0x160 [ 348.979680][ T8435] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 348.979705][ T8435] ? __lock_acquire+0x436/0x2890 [ 348.979732][ T8435] ___sys_recvmsg+0xdb/0x1a0 [ 348.979750][ T8435] ? __pfx____sys_recvmsg+0x10/0x10 [ 348.979772][ T8435] ? find_held_lock+0x2b/0x80 [ 348.979815][ T8435] do_recvmmsg+0x2fe/0x750 [ 348.979839][ T8435] ? __pfx_do_recvmmsg+0x10/0x10 [ 348.979865][ T8435] ? __mutex_unlock_slowpath+0x161/0x790 [ 348.979898][ T8435] ? __fget_files+0x20e/0x3c0 [ 348.979931][ T8435] __x64_sys_recvmmsg+0x22a/0x280 [ 348.979951][ T8435] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 348.979979][ T8435] do_syscall_64+0xcd/0xf80 [ 348.980003][ T8435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.980020][ T8435] RIP: 0033:0x7f6e72b8f749 [ 348.980034][ T8435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 348.980051][ T8435] RSP: 002b:00007f6e73a4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 348.980066][ T8435] RAX: ffffffffffffffda RBX: 00007f6e72de5fa0 RCX: 00007f6e72b8f749 [ 348.980077][ T8435] RDX: 000000000400023c RSI: 00002000000055c0 RDI: 0000000000000004 [ 348.980088][ T8435] RBP: 00007f6e73a4a090 R08: 0000000000000000 R09: 0000000000000000 [ 348.980099][ T8435] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000001 [ 348.980109][ T8435] R13: 00007f6e72de6038 R14: 00007f6e72de5fa0 R15: 00007ffd4595f5a8 [ 348.980134][ T8435] [ 349.324056][ T30] audit: type=1400 audit(1767690398.031:392): avc: denied { read } for pid=8434 comm="syz.2.636" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 350.486278][ T8444] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 350.501510][ T8444] ALSA: mixer_oss: invalid index 1374389 [ 353.264022][ T8471] sp0: Synchronizing with TNC [ 355.580745][ T8478] netlink: 12 bytes leftover after parsing attributes in process `syz.4.644'. [ 356.205107][ T6849] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 356.940838][ T30] audit: type=1400 audit(1767690405.971:393): avc: denied { firmware_load } for pid=8496 comm="syz.1.648" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 357.076536][ T6849] usb 2-1: config 1 interface 1 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 357.090259][ T6849] usb 2-1: config 1 interface 1 has no altsetting 0 [ 359.190185][ T8502] syz.1.648 (8502) used greatest stack depth: 19320 bytes left [ 359.207092][ T6849] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 359.440886][ T8527] lo speed is unknown, defaulting to 1000 [ 359.455378][ T6849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.465817][ T6849] usb 2-1: Product: syz [ 359.478798][ T8528] No such timeout policy "syz0" [ 359.490276][ T30] audit: type=1326 audit(1767690408.541:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8522 comm="syz.3.654" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29fe38f749 code=0x0 [ 359.521532][ T6849] usb 2-1: Manufacturer: syz [ 359.533196][ T6849] usb 2-1: SerialNumber: syz [ 362.482301][ T8554] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 362.489851][ T8554] ALSA: mixer_oss: invalid index 1374389 [ 364.349489][ T6849] usb 2-1: can't set config #1, error -71 [ 364.434101][ T6849] usb 2-1: USB disconnect, device number 27 [ 364.642720][ T8574] futex_wake_op: syz.1.668 tries to shift op by -1; fix this program [ 364.710287][ T8577] netlink: 68 bytes leftover after parsing attributes in process `syz.1.668'. [ 367.515308][ T30] audit: type=1400 audit(1767690416.561:395): avc: denied { getopt } for pid=8594 comm="syz.1.673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 368.105060][ T5873] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 368.278900][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 368.317307][ T5873] usb 3-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 368.351468][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.390477][ T5873] usb 3-1: config 0 descriptor?? [ 368.920338][ T5873] ntrig 0003:1B96:0009.0008: unknown main item tag 0x0 [ 368.935198][ T5873] ntrig 0003:1B96:0009.0008: unknown main item tag 0x0 [ 368.951625][ T5873] ntrig 0003:1B96:0009.0008: unknown main item tag 0x0 [ 369.002063][ T5873] ntrig 0003:1B96:0009.0008: hidraw0: USB HID v0.00 Device [HID 1b96:0009] on usb-dummy_hcd.2-1/input0 [ 369.398380][ T5873] ntrig 0003:1B96:0009.0008: Firmware version: 1.1.18.2.1 (4672 5940) [ 369.751220][ T6849] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 369.857011][ T5873] usb 3-1: USB disconnect, device number 19 [ 370.014938][ T6849] usb 1-1: Using ep0 maxpacket: 16 [ 370.132070][ T8627] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.682'. [ 370.255592][ T6849] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 370.986144][ T6849] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.999057][ T6849] usb 1-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 371.041670][ T6849] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.065787][ T6849] usb 1-1: config 0 descriptor?? [ 371.412211][ T8639] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 371.419828][ T8639] ALSA: mixer_oss: invalid index 1374389 [ 371.500234][ T6849] hid (null): invalid report_size 1684763247 [ 371.691249][ T6849] input: HID 0458:5015 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5015.0009/input/input20 [ 372.293435][ T6849] input: HID 0458:5015 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5015.0009/input/input21 [ 372.512600][ T6849] input: HID 0458:5015 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5015.0009/input/input22 [ 372.887507][ T6849] kye 0003:0458:5015.0009: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5015] on usb-dummy_hcd.0-1/input0 [ 372.930017][ T6849] usb 1-1: USB disconnect, device number 27 [ 373.254860][ T5873] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 373.287728][ T8653] fido_id[8653]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 373.420324][ T8661] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 373.472085][ T5873] usb 5-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55 [ 373.481796][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.490103][ T5873] usb 5-1: Product: syz [ 373.494427][ T5873] usb 5-1: Manufacturer: syz [ 373.532089][ T5873] usb 5-1: SerialNumber: syz [ 373.560943][ T5873] usb 5-1: config 0 descriptor?? [ 373.604004][ T5873] gspca_main: sonixb-2.14.0 probing 0c45:6005 [ 373.796413][ T6849] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 373.805930][ T6187] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 373.991787][ T5873] sonixb 5-1:0.0: Error writing register 01: -71 [ 374.080594][ T6187] usb 3-1: Using ep0 maxpacket: 32 [ 374.115092][ T5873] sonixb 5-1:0.0: probe with driver sonixb failed with error -71 [ 374.129000][ T6187] usb 3-1: unable to get BOS descriptor or descriptor too short [ 374.149766][ T5873] usb 5-1: USB disconnect, device number 13 [ 374.158065][ T6187] usb 3-1: config 14 has an invalid interface number: 87 but max is 0 [ 374.173479][ T6187] usb 3-1: config 14 has no interface number 0 [ 374.185106][ T6187] usb 3-1: config 14 interface 87 has no altsetting 0 [ 374.198209][ T6187] usb 3-1: New USB device found, idVendor=0b48, idProduct=1009, bcdDevice=2b.d9 [ 374.216687][ T6187] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.230944][ T6187] usb 3-1: Product: syz [ 374.238513][ T6187] usb 3-1: Manufacturer: syz [ 374.244359][ T6187] usb 3-1: SerialNumber: syz [ 374.329317][ T8669] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.695'. [ 374.347646][ T30] audit: type=1400 audit(1767690423.391:396): avc: denied { module_request } for pid=8667 comm="syz.3.695" kmod="net-pf-24-proto-3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 374.644916][ T6849] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 374.678856][ T6187] ttusb_dec_send_command: command bulk message failed: error -22 [ 374.687541][ T6849] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.704758][ T6849] usb 1-1: Product: syz [ 374.714647][ T6849] usb 1-1: Manufacturer: syz [ 374.751086][ T6187] ttusb-dec 3-1:14.87: probe with driver ttusb-dec failed with error -22 [ 374.781019][ T6849] usb 1-1: SerialNumber: syz [ 374.791338][ T30] audit: type=1400 audit(1767690423.841:397): avc: denied { create } for pid=8675 comm="syz.3.698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 374.835058][ T6187] usb 3-1: USB disconnect, device number 20 [ 374.879958][ T6849] usb 1-1: config 0 descriptor?? [ 375.109521][ T8680] netlink: 4 bytes leftover after parsing attributes in process `syz.3.698'. [ 375.141442][ T6849] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 028 [ 375.144844][ T30] audit: type=1400 audit(1767690423.881:398): avc: denied { ioctl } for pid=8675 comm="syz.3.698" path="socket:[30772]" dev="sockfs" ino=30772 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 375.288591][ T30] audit: type=1400 audit(1767690423.881:399): avc: denied { bind } for pid=8675 comm="syz.3.698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 375.324950][ T30] audit: type=1400 audit(1767690424.161:400): avc: denied { setopt } for pid=8675 comm="syz.3.698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 375.622516][ T8690] netlink: 'syz.1.701': attribute type 1 has an invalid length. [ 375.630596][ T8690] netlink: 224 bytes leftover after parsing attributes in process `syz.1.701'. [ 376.156585][ T30] audit: type=1400 audit(1767690425.211:401): avc: denied { write } for pid=8698 comm="syz.1.704" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 376.156608][ T8699] vcan0: tx address claim with dest, not broadcast [ 377.746022][ T6849] (null): failure reading functionality [ 377.884376][ T6849] i2c i2c-1: failure reading functionality [ 377.943439][ T6849] i2c i2c-1: connected i2c-tiny-usb device [ 378.122839][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.133296][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.336548][ T6849] usb 1-1: USB disconnect, device number 28 [ 378.552553][ T8717] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.708'. [ 378.695079][ T6055] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 378.908291][ T30] audit: type=1400 audit(1767690427.961:402): avc: denied { map } for pid=8721 comm="syz.3.710" path="socket:[31042]" dev="sockfs" ino=31042 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 379.139686][ T6055] usb 2-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55 [ 379.156555][ T6055] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.179392][ T6055] usb 2-1: Product: syz [ 379.191511][ T6055] usb 2-1: Manufacturer: syz [ 379.201660][ T6055] usb 2-1: SerialNumber: syz [ 379.222246][ T6055] usb 2-1: config 0 descriptor?? [ 379.237704][ T30] audit: type=1400 audit(1767690427.981:403): avc: denied { setopt } for pid=8721 comm="syz.3.710" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 379.544203][ T6055] gspca_main: sonixb-2.14.0 probing 0c45:6005 [ 379.637147][ T8733] syzkaller0: entered promiscuous mode [ 379.642615][ T8733] syzkaller0: entered allmulticast mode [ 380.400895][ T6055] sonixb 2-1:0.0: Error writing register 01: -110 [ 380.422255][ T6055] sonixb 2-1:0.0: probe with driver sonixb failed with error -110 [ 380.461824][ T6055] usb 2-1: USB disconnect, device number 28 [ 383.570997][ T8761] futex_wake_op: syz.1.723 tries to shift op by -1; fix this program [ 383.945484][ T30] audit: type=1400 audit(1767690433.001:404): avc: denied { connect } for pid=8776 comm="syz.3.726" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 385.987910][ T8798] vcan0: tx address claim with dest, not broadcast [ 387.563549][ T8819] FAULT_INJECTION: forcing a failure. [ 387.563549][ T8819] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 387.590517][ T8819] CPU: 1 UID: 0 PID: 8819 Comm: syz.3.730 Tainted: G L syzkaller #0 PREEMPT(full) [ 387.590547][ T8819] Tainted: [L]=SOFTLOCKUP [ 387.590553][ T8819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 387.590564][ T8819] Call Trace: [ 387.590570][ T8819] [ 387.590577][ T8819] dump_stack_lvl+0x16c/0x1f0 [ 387.590606][ T8819] should_fail_ex+0x512/0x640 [ 387.590635][ T8819] _copy_from_user+0x2e/0xd0 [ 387.590662][ T8819] drm_ioctl+0x4fb/0xc30 [ 387.590691][ T8819] ? __pfx_drm_version+0x10/0x10 [ 387.590716][ T8819] ? __pfx_drm_ioctl+0x10/0x10 [ 387.590750][ T8819] ? selinux_file_ioctl+0x180/0x270 [ 387.590773][ T8819] ? selinux_file_ioctl+0xb4/0x270 [ 387.590797][ T8819] ? __pfx_drm_ioctl+0x10/0x10 [ 387.590823][ T8819] __x64_sys_ioctl+0x18e/0x210 [ 387.590846][ T8819] do_syscall_64+0xcd/0xf80 [ 387.590870][ T8819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.590889][ T8819] RIP: 0033:0x7f29fe38f749 [ 387.590903][ T8819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.590920][ T8819] RSP: 002b:00007f29ff303038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 387.590938][ T8819] RAX: ffffffffffffffda RBX: 00007f29fe5e5fa0 RCX: 00007f29fe38f749 [ 387.590950][ T8819] RDX: 00002000000003c0 RSI: 0000000040946400 RDI: 0000000000000004 [ 387.590961][ T8819] RBP: 00007f29ff303090 R08: 0000000000000000 R09: 0000000000000000 [ 387.590972][ T8819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 387.590982][ T8819] R13: 00007f29fe5e6038 R14: 00007f29fe5e5fa0 R15: 00007ffff330bce8 [ 387.591008][ T8819] [ 387.759873][ T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 388.096210][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 388.107561][ T9] usb 5-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 388.128644][ T8823] netlink: 'syz.3.740': attribute type 39 has an invalid length. [ 388.176310][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.227956][ T8824] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.739'. [ 388.415129][ T9] usb 5-1: config 0 descriptor?? [ 389.614225][ T9] ntrig 0003:1B96:0009.000A: unknown main item tag 0x0 [ 389.640754][ T9] ntrig 0003:1B96:0009.000A: unknown main item tag 0x0 [ 389.677367][ T9] ntrig 0003:1B96:0009.000A: unknown main item tag 0x0 [ 389.778775][ T9] ntrig 0003:1B96:0009.000A: hidraw0: USB HID v0.00 Device [HID 1b96:0009] on usb-dummy_hcd.4-1/input0 [ 389.827831][ T6002] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 389.958088][ T9] ntrig 0003:1B96:0009.000A: Firmware version: 1.1.18.2.1 (4672 5940) [ 390.015089][ T6002] usb 2-1: Using ep0 maxpacket: 8 [ 390.026947][ T6002] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 392.009973][ T6002] usb 2-1: config 179 has no interface number 0 [ 392.024851][ T6002] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 392.036217][ T6002] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 392.047987][ T6002] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 255, changing to 11 [ 392.060167][ T6002] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 59391, setting to 1024 [ 392.071867][ T6002] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 392.085471][ T6002] usb 2-1: config 179 interface 65 has no altsetting 0 [ 392.095011][ T6002] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 392.104054][ T6002] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.115914][ T8831] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 392.132702][ T6002] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input23 [ 392.185077][ T5170] input input23: unable to receive magic message: -110 [ 392.230121][ T5170] input input23: unable to receive magic message: -32 [ 392.306220][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -1 [ 392.321737][ T5170] input input23: unable to receive magic message: -32 [ 392.372929][ T6002] usb 2-1: USB disconnect, device number 29 [ 392.378894][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 392.379063][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 392.397946][ T30] audit: type=1400 audit(1767690441.451:405): avc: denied { setopt } for pid=8847 comm="syz.2.745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 392.397947][ T8848] sock: sock_set_timeout: `syz.2.745' (pid 8848) tries to set negative timeout [ 394.045488][ T30] audit: type=1400 audit(1767690443.101:406): avc: denied { read } for pid=8847 comm="syz.2.745" path="socket:[31791]" dev="sockfs" ino=31791 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 394.372193][ T6055] usb 5-1: USB disconnect, device number 14 [ 399.490493][ T8909] FAULT_INJECTION: forcing a failure. [ 399.490493][ T8909] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 399.503810][ T8909] CPU: 0 UID: 0 PID: 8909 Comm: syz.3.760 Tainted: G L syzkaller #0 PREEMPT(full) [ 399.503838][ T8909] Tainted: [L]=SOFTLOCKUP [ 399.503844][ T8909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 399.503855][ T8909] Call Trace: [ 399.503860][ T8909] [ 399.503865][ T8909] dump_stack_lvl+0x16c/0x1f0 [ 399.503889][ T8909] should_fail_ex+0x512/0x640 [ 399.503915][ T8909] _copy_from_user+0x2e/0xd0 [ 399.503938][ T8909] copy_msghdr_from_user+0x98/0x160 [ 399.503954][ T8909] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 399.503973][ T8909] ? __lock_acquire+0x436/0x2890 [ 399.503995][ T8909] ___sys_recvmsg+0xdb/0x1a0 [ 399.504009][ T8909] ? __pfx____sys_recvmsg+0x10/0x10 [ 399.504026][ T8909] ? find_held_lock+0x2b/0x80 [ 399.504060][ T8909] do_recvmmsg+0x2fe/0x750 [ 399.504077][ T8909] ? __pfx_do_recvmmsg+0x10/0x10 [ 399.504096][ T8909] ? __mutex_unlock_slowpath+0x161/0x790 [ 399.504123][ T8909] ? __fget_files+0x20e/0x3c0 [ 399.504148][ T8909] ? __kvm_handle_async_pf+0x20/0xa0 [ 399.504170][ T8909] __x64_sys_recvmmsg+0x22a/0x280 [ 399.504187][ T8909] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 399.504209][ T8909] do_syscall_64+0xcd/0xf80 [ 399.504229][ T8909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.504244][ T8909] RIP: 0033:0x7f29fe38f749 [ 399.504255][ T8909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.504270][ T8909] RSP: 002b:00007f29ff2e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 399.504284][ T8909] RAX: ffffffffffffffda RBX: 00007f29fe5e6090 RCX: 00007f29fe38f749 [ 399.504293][ T8909] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000005 [ 399.504302][ T8909] RBP: 00007f29ff2e2090 R08: 0000000000000000 R09: 0000000000000000 [ 399.504310][ T8909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 399.504318][ T8909] R13: 00007f29fe5e6128 R14: 00007f29fe5e6090 R15: 00007ffff330bce8 [ 399.504338][ T8909] [ 400.214914][ T6321] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 400.720234][ T6321] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 400.757028][ T6321] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 400.813871][ T6321] usb 3-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 400.848329][ T6321] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.908564][ T6321] usb 3-1: config 0 descriptor?? [ 401.560437][ T6321] hid-led 0003:0FC5:B080.000B: unknown main item tag 0x0 [ 401.680292][ T6321] hid-led 0003:0FC5:B080.000B: unknown main item tag 0x0 [ 401.696569][ T6321] hid-led 0003:0FC5:B080.000B: item fetching failed at offset 2/3 [ 401.708363][ T6321] hid-led 0003:0FC5:B080.000B: probe with driver hid-led failed with error -22 [ 401.786560][ T6321] usb 3-1: USB disconnect, device number 21 [ 403.449669][ T30] audit: type=1400 audit(1767690452.501:407): avc: denied { create } for pid=8936 comm="syz.2.770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 403.583972][ T8948] futex_wake_op: syz.1.772 tries to shift op by -1; fix this program [ 403.875499][ T30] audit: type=1400 audit(1767690452.531:408): avc: denied { ioctl } for pid=8936 comm="syz.2.770" path="socket:[33006]" dev="sockfs" ino=33006 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 406.483958][ T30] audit: type=1400 audit(1767690455.531:409): avc: denied { mounton } for pid=8979 comm="syz.2.777" path="/140/file0" dev="tmpfs" ino=791 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 406.506652][ T8969] syzkaller0: entered promiscuous mode [ 406.524807][ T8969] syzkaller0: entered allmulticast mode [ 407.144872][ T6002] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 407.355235][ T8991] overlay: Unknown parameter 'permit_directio' [ 407.583340][ T6002] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 407.622933][ T6002] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.654870][ T6002] usb 2-1: Product: syz [ 407.659066][ T6002] usb 2-1: Manufacturer: syz [ 407.663652][ T6002] usb 2-1: SerialNumber: syz [ 407.692738][ T30] audit: type=1400 audit(1767690456.741:410): avc: denied { getopt } for pid=8990 comm="syz.3.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 407.955466][ T30] audit: type=1400 audit(1767690456.891:411): avc: denied { bind } for pid=8990 comm="syz.3.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 408.011608][ T6002] usb 2-1: config 0 descriptor?? [ 408.040957][ T6002] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 030 [ 410.609539][ T6002] (null): failure reading functionality [ 410.643817][ T6002] i2c i2c-1: failure reading functionality [ 410.687657][ T6002] i2c i2c-1: connected i2c-tiny-usb device [ 412.726887][ T9021] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.786'. [ 412.849305][ T10] usb 2-1: USB disconnect, device number 30 [ 412.866350][ T30] audit: type=1400 audit(1767690461.921:412): avc: denied { map } for pid=9026 comm="syz.2.788" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 412.941383][ T30] audit: type=1400 audit(1767690461.951:413): avc: denied { execute } for pid=9026 comm="syz.2.788" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 412.971868][ T9034] No such timeout policy "syz0" [ 412.982720][ T9025] lo speed is unknown, defaulting to 1000 [ 413.016630][ T9038] SELinux: ebitmap: truncated map [ 413.031062][ T9038] SELinux: failed to load policy [ 413.280110][ T30] audit: type=1326 audit(1767690462.301:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9024 comm="syz.0.787" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f691738f749 code=0x0 [ 413.757552][ T30] audit: type=1400 audit(1767690462.801:415): avc: denied { map } for pid=9046 comm="syz.1.792" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 414.459951][ T9059] netlink: 'syz.3.795': attribute type 1 has an invalid length. [ 414.467720][ T9059] netlink: 224 bytes leftover after parsing attributes in process `syz.3.795'. [ 415.934834][ T10] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 416.255213][ T5821] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 416.286897][ T10] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 416.319601][ T10] usb 2-1: config 0 has no interfaces? [ 416.326171][ T10] usb 2-1: config 0 has no interfaces? [ 416.345477][ T10] usb 2-1: config 0 has no interfaces? [ 416.352043][ T10] usb 2-1: config 0 has no interfaces? [ 416.364724][ T10] usb 2-1: config 0 has no interfaces? [ 416.378777][ T10] usb 2-1: config 0 has no interfaces? [ 416.385775][ T10] usb 2-1: config 0 has no interfaces? [ 416.392472][ T10] usb 2-1: config 0 has no interfaces? [ 416.406896][ T10] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 416.417829][ T9073] FAULT_INJECTION: forcing a failure. [ 416.417829][ T9073] name failslab, interval 1, probability 0, space 0, times 0 [ 416.431237][ T10] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 416.434113][ T5821] usb 5-1: Using ep0 maxpacket: 32 [ 416.440862][ T10] usb 2-1: Product: syz [ 416.450064][ T9073] CPU: 1 UID: 0 PID: 9073 Comm: syz.3.800 Tainted: G L syzkaller #0 PREEMPT(full) [ 416.450089][ T9073] Tainted: [L]=SOFTLOCKUP [ 416.450095][ T9073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 416.450105][ T9073] Call Trace: [ 416.450111][ T9073] [ 416.450118][ T9073] dump_stack_lvl+0x16c/0x1f0 [ 416.450145][ T9073] should_fail_ex+0x512/0x640 [ 416.450172][ T9073] ? __kmalloc_cache_noprof+0x5f/0x800 [ 416.450204][ T9073] should_failslab+0xc2/0x120 [ 416.450229][ T9073] __kmalloc_cache_noprof+0x80/0x800 [ 416.450257][ T9073] ? mgmt_pending_new+0x5b/0x240 [ 416.450281][ T9073] ? mgmt_pending_new+0x5b/0x240 [ 416.450299][ T9073] mgmt_pending_new+0x5b/0x240 [ 416.450328][ T9073] mgmt_pending_add+0x3a/0x1a0 [ 416.450350][ T9073] set_powered+0x28b/0x5f0 [ 416.450375][ T9073] ? __pfx_set_powered+0x10/0x10 [ 416.450398][ T9073] ? do_raw_read_unlock+0x44/0xe0 [ 416.450425][ T9073] ? _raw_read_unlock+0x28/0x50 [ 416.450445][ T9073] ? __pfx_mgmt_init_hdev+0x10/0x10 [ 416.450468][ T9073] hci_sock_sendmsg+0x1556/0x26b0 [ 416.450494][ T9073] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 416.450523][ T9073] sock_write_iter+0x566/0x610 [ 416.450547][ T9073] ? __pfx_sock_write_iter+0x10/0x10 [ 416.450580][ T9073] ? bpf_lsm_file_permission+0x9/0x10 [ 416.450598][ T9073] ? security_file_permission+0x71/0x210 [ 416.450623][ T9073] ? rw_verify_area+0xcf/0x6c0 [ 416.450645][ T9073] vfs_write+0x7d3/0x11d0 [ 416.450668][ T9073] ? __pfx_sock_write_iter+0x10/0x10 [ 416.450693][ T9073] ? __pfx_vfs_write+0x10/0x10 [ 416.450713][ T9073] ? find_held_lock+0x2b/0x80 [ 416.450757][ T9073] ksys_write+0x1f8/0x250 [ 416.450778][ T9073] ? __pfx_ksys_write+0x10/0x10 [ 416.450807][ T9073] do_syscall_64+0xcd/0xf80 [ 416.450832][ T9073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.450849][ T9073] RIP: 0033:0x7f29fe38f749 [ 416.450864][ T9073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.450881][ T9073] RSP: 002b:00007f29ff303038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 416.450898][ T9073] RAX: ffffffffffffffda RBX: 00007f29fe5e5fa0 RCX: 00007f29fe38f749 [ 416.450910][ T9073] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000004 [ 416.450921][ T9073] RBP: 00007f29ff303090 R08: 0000000000000000 R09: 0000000000000000 [ 416.450931][ T9073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 416.450941][ T9073] R13: 00007f29fe5e6038 R14: 00007f29fe5e5fa0 R15: 00007ffff330bce8 [ 416.450966][ T9073] [ 416.453351][ T10] usb 2-1: Manufacturer: syz [ 416.463530][ T5821] usb 5-1: no configurations [ 416.511930][ T10] usb 2-1: SerialNumber: syz [ 416.747683][ T5821] usb 5-1: can't read configurations, error -22 [ 416.845340][ T10] usb 2-1: config 0 descriptor?? [ 416.964919][ T5821] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 417.086531][ T9055] loop2: detected capacity change from 0 to 7 [ 417.110689][ T5819] Dev loop2: unable to read RDB block 7 [ 417.118861][ T5819] loop2: unable to read partition table [ 417.125023][ T5821] usb 5-1: Using ep0 maxpacket: 32 [ 417.130301][ T5819] loop2: partition table beyond EOD, truncated [ 417.137708][ T5821] usb 5-1: no configurations [ 417.147594][ T5821] usb 5-1: can't read configurations, error -22 [ 417.171725][ T5821] usb usb5-port1: attempt power cycle [ 417.177340][ T9055] Dev loop2: unable to read RDB block 7 [ 417.188139][ T9055] loop2: unable to read partition table [ 417.194026][ T9055] loop2: partition table beyond EOD, truncated [ 417.202363][ T9055] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 417.218030][ T5185] Dev loop2: unable to read RDB block 7 [ 417.224325][ T5185] loop2: unable to read partition table [ 417.232047][ T5185] loop2: partition table beyond EOD, truncated [ 417.239860][ T10] usb 2-1: USB disconnect, device number 31 [ 417.534874][ T5821] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 417.565774][ T5821] usb 5-1: Using ep0 maxpacket: 32 [ 417.576886][ T5821] usb 5-1: no configurations [ 417.581593][ T5821] usb 5-1: can't read configurations, error -22 [ 417.724887][ T5821] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 417.765155][ T5821] usb 5-1: Using ep0 maxpacket: 32 [ 417.773129][ T5821] usb 5-1: no configurations [ 417.778018][ T5821] usb 5-1: can't read configurations, error -22 [ 417.801631][ T5821] usb usb5-port1: unable to enumerate USB device [ 418.155917][ T9096] lo speed is unknown, defaulting to 1000 [ 418.242799][ T9101] syz.1.808 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 418.293490][ T9099] No such timeout policy "syz0" [ 418.308418][ T30] audit: type=1326 audit(1767690467.361:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9095 comm="syz.2.809" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x0 [ 420.206170][ T9112] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 420.465859][ T9112] ALSA: mixer_oss: invalid index 1374389 [ 423.895101][ T6055] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 424.057267][ T30] audit: type=1400 audit(1767690473.111:417): avc: denied { block_suspend } for pid=9154 comm="syz.3.824" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 424.087416][ T6055] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 424.098685][ T6055] usb 2-1: config 0 has no interfaces? [ 424.107658][ T6055] usb 2-1: config 0 has no interfaces? [ 424.114506][ T6055] usb 2-1: config 0 has no interfaces? [ 424.124047][ T6055] usb 2-1: config 0 has no interfaces? [ 424.134221][ T6055] usb 2-1: config 0 has no interfaces? [ 424.148001][ T6055] usb 2-1: config 0 has no interfaces? [ 424.155985][ T6055] usb 2-1: config 0 has no interfaces? [ 424.163322][ T6055] usb 2-1: config 0 has no interfaces? [ 424.173349][ T6055] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 424.198684][ T6055] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 424.220582][ T6055] usb 2-1: Product: syz [ 424.224923][ T6055] usb 2-1: Manufacturer: syz [ 424.229632][ T6055] usb 2-1: SerialNumber: syz [ 424.255471][ T6055] usb 2-1: config 0 descriptor?? [ 424.634192][ T9146] loop2: detected capacity change from 0 to 7 [ 424.642653][ T5819] Dev loop2: unable to read RDB block 7 [ 424.649327][ T5819] loop2: unable to read partition table [ 424.666557][ T5819] loop2: partition table beyond EOD, truncated [ 424.692594][ T9146] Dev loop2: unable to read RDB block 7 [ 424.712865][ T9160] FAULT_INJECTION: forcing a failure. [ 424.712865][ T9160] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 424.784905][ T9146] loop2: unable to read partition table [ 424.806481][ T9146] loop2: partition table beyond EOD, truncated [ 424.816461][ T9146] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 424.857362][ T9160] CPU: 0 UID: 0 PID: 9160 Comm: syz.0.826 Tainted: G L syzkaller #0 PREEMPT(full) [ 424.857393][ T9160] Tainted: [L]=SOFTLOCKUP [ 424.857399][ T9160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 424.857409][ T9160] Call Trace: [ 424.857414][ T9160] [ 424.857421][ T9160] dump_stack_lvl+0x16c/0x1f0 [ 424.857447][ T9160] should_fail_ex+0x512/0x640 [ 424.857476][ T9160] _copy_from_user+0x2e/0xd0 [ 424.857503][ T9160] kstrtouint_from_user+0xd6/0x1d0 [ 424.857523][ T9160] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 424.857541][ T9160] ? __lock_acquire+0x436/0x2890 [ 424.857565][ T9160] ? lock_acquire+0x179/0x330 [ 424.857590][ T9160] proc_fail_nth_write+0x83/0x220 [ 424.857610][ T9160] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 424.857634][ T9160] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 424.857651][ T9160] vfs_write+0x2a0/0x11d0 [ 424.857674][ T9160] ? __pfx___mutex_lock+0x10/0x10 [ 424.857701][ T9160] ? __pfx_vfs_write+0x10/0x10 [ 424.857730][ T9160] ? __fget_files+0x20e/0x3c0 [ 424.857764][ T9160] ksys_write+0x12a/0x250 [ 424.857785][ T9160] ? __pfx_ksys_write+0x10/0x10 [ 424.857815][ T9160] do_syscall_64+0xcd/0xf80 [ 424.857841][ T9160] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.857859][ T9160] RIP: 0033:0x7f691738e1ff [ 424.857875][ T9160] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 424.857892][ T9160] RSP: 002b:00007f691815d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 424.857909][ T9160] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f691738e1ff [ 424.857920][ T9160] RDX: 0000000000000001 RSI: 00007f691815d0a0 RDI: 0000000000000003 [ 424.857931][ T9160] RBP: 00007f691815d090 R08: 0000000000000000 R09: 0000000000000000 [ 424.857941][ T9160] R10: 0000200000004200 R11: 0000000000000293 R12: 0000000000000001 [ 424.857952][ T9160] R13: 00007f69175e6038 R14: 00007f69175e5fa0 R15: 00007ffc968c3c98 [ 424.857979][ T9160] [ 425.086647][ T5185] Dev loop2: unable to read RDB block 7 [ 425.125844][ T5185] loop2: unable to read partition table [ 425.131670][ T5185] loop2: partition table beyond EOD, truncated [ 425.168518][ T9165] syzkaller0: entered promiscuous mode [ 425.174023][ T9165] syzkaller0: entered allmulticast mode [ 425.181814][ T9165] FAULT_INJECTION: forcing a failure. [ 425.181814][ T9165] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 425.199563][ T6321] usb 2-1: USB disconnect, device number 32 [ 425.211267][ T9167] FAULT_INJECTION: forcing a failure. [ 425.211267][ T9167] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 425.224435][ T9167] CPU: 0 UID: 0 PID: 9167 Comm: syz.0.828 Tainted: G L syzkaller #0 PREEMPT(full) [ 425.224463][ T9167] Tainted: [L]=SOFTLOCKUP [ 425.224469][ T9167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 425.224480][ T9167] Call Trace: [ 425.224485][ T9167] [ 425.224492][ T9167] dump_stack_lvl+0x16c/0x1f0 [ 425.224520][ T9167] should_fail_ex+0x512/0x640 [ 425.224552][ T9167] _copy_from_user+0x2e/0xd0 [ 425.224580][ T9167] memdup_user+0x6b/0xe0 [ 425.224600][ T9167] do_vfs_ioctl+0x849/0x14f0 [ 425.224621][ T9167] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 425.224640][ T9167] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 425.224673][ T9167] ? hook_file_ioctl_common+0x144/0x410 [ 425.224707][ T9167] ? selinux_file_ioctl+0x180/0x270 [ 425.224729][ T9167] ? selinux_file_ioctl+0xb4/0x270 [ 425.224759][ T9167] __x64_sys_ioctl+0x114/0x210 [ 425.224780][ T9167] do_syscall_64+0xcd/0xf80 [ 425.224804][ T9167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.224821][ T9167] RIP: 0033:0x7f691738f749 [ 425.224833][ T9167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.224848][ T9167] RSP: 002b:00007f691815d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 425.224863][ T9167] RAX: ffffffffffffffda RBX: 00007f69175e5fa0 RCX: 00007f691738f749 [ 425.224872][ T9167] RDX: 0000200000000500 RSI: 00000000c0189436 RDI: 0000000000000003 [ 425.224881][ T9167] RBP: 00007f691815d090 R08: 0000000000000000 R09: 0000000000000000 [ 425.224890][ T9167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.224898][ T9167] R13: 00007f69175e6038 R14: 00007f69175e5fa0 R15: 00007ffc968c3c98 [ 425.224920][ T9167] [ 425.224930][ T9165] CPU: 1 UID: 0 PID: 9165 Comm: syz.3.829 Tainted: G L syzkaller #0 PREEMPT(full) [ 425.224955][ T9165] Tainted: [L]=SOFTLOCKUP [ 425.224960][ T9165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 425.224969][ T9165] Call Trace: [ 425.224974][ T9165] [ 425.224980][ T9165] dump_stack_lvl+0x16c/0x1f0 [ 425.225001][ T9165] should_fail_ex+0x512/0x640 [ 425.225027][ T9165] _copy_from_iter+0x2a4/0x16c0 [ 425.225056][ T9165] ? __pfx__copy_from_iter+0x10/0x10 [ 425.225080][ T9165] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 425.225104][ T9165] skb_copy_datagram_from_iter+0x124/0x740 [ 425.225129][ T9165] ? dev_get_by_index+0x17c/0x380 [ 425.225151][ T9165] packet_sendmsg+0x2221/0x54a0 [ 425.225182][ T9165] ? sock_has_perm+0x258/0x2f0 [ 425.225199][ T9165] ? __pfx_sock_has_perm+0x10/0x10 [ 425.225219][ T9165] ? __pfx_packet_sendmsg+0x10/0x10 [ 425.225252][ T9165] ____sys_sendmsg+0xa5d/0xc30 [ 425.225273][ T9165] ? copy_msghdr_from_user+0x10a/0x160 [ 425.225289][ T9165] ? __pfx_____sys_sendmsg+0x10/0x10 [ 425.225320][ T9165] ___sys_sendmsg+0x134/0x1d0 [ 425.225337][ T9165] ? __pfx____sys_sendmsg+0x10/0x10 [ 425.225380][ T9165] __sys_sendmsg+0x16d/0x220 [ 425.225397][ T9165] ? __pfx___sys_sendmsg+0x10/0x10 [ 425.225427][ T9165] do_syscall_64+0xcd/0xf80 [ 425.225448][ T9165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.225463][ T9165] RIP: 0033:0x7f29fe38f749 [ 425.225475][ T9165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.225489][ T9165] RSP: 002b:00007f29ff303038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 425.225504][ T9165] RAX: ffffffffffffffda RBX: 00007f29fe5e5fa0 RCX: 00007f29fe38f749 [ 425.225514][ T9165] RDX: 0000000004000804 RSI: 00002000000000c0 RDI: 0000000000000007 [ 425.225524][ T9165] RBP: 00007f29ff303090 R08: 0000000000000000 R09: 0000000000000000 [ 425.225533][ T9165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.225543][ T9165] R13: 00007f29fe5e6038 R14: 00007f29fe5e5fa0 R15: 00007ffff330bce8 [ 425.225565][ T9165] [ 425.535134][ T5923] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 426.096470][ T5923] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 426.106743][ T5923] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 426.180009][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.251159][ T5923] usb 3-1: config 0 descriptor?? [ 426.277868][ T5923] pwc: Askey VC010 type 2 USB webcam detected. [ 426.815674][ T9163] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 426.858232][ T5923] pwc: recv_control_msg error -71 req 02 val 2b00 [ 426.883874][ T5923] pwc: recv_control_msg error -71 req 02 val 2700 [ 426.905353][ T5923] pwc: recv_control_msg error -71 req 02 val 2c00 [ 427.013980][ T5923] pwc: recv_control_msg error -71 req 04 val 1000 [ 427.023361][ T5923] pwc: recv_control_msg error -71 req 04 val 1300 [ 427.042377][ T5923] pwc: recv_control_msg error -71 req 04 val 1400 [ 427.052316][ T5923] pwc: recv_control_msg error -71 req 02 val 2000 [ 427.086803][ T5923] pwc: recv_control_msg error -71 req 02 val 2100 [ 427.120286][ T5923] pwc: recv_control_msg error -71 req 04 val 1500 [ 427.149705][ T5923] pwc: recv_control_msg error -71 req 02 val 2500 [ 427.193916][ T5923] pwc: recv_control_msg error -71 req 02 val 2400 [ 427.221783][ T5923] pwc: recv_control_msg error -71 req 02 val 2600 [ 427.250145][ T5923] pwc: recv_control_msg error -71 req 02 val 2900 [ 427.281239][ T5923] pwc: recv_control_msg error -71 req 02 val 2800 [ 427.312672][ T5923] pwc: recv_control_msg error -71 req 04 val 1100 [ 427.360882][ T5923] pwc: recv_control_msg error -71 req 04 val 1200 [ 427.378400][ T30] audit: type=1400 audit(1767690476.431:418): avc: denied { map } for pid=9197 comm="syz.1.840" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 427.406895][ T9198] netlink: 8 bytes leftover after parsing attributes in process `syz.1.840'. [ 427.465882][ T5923] pwc: Registered as video103. [ 427.549750][ T5923] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input24 [ 427.628156][ T5923] usb 3-1: USB disconnect, device number 22 [ 427.754960][ T6002] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 428.336068][ T30] audit: type=1400 audit(1767690477.391:419): avc: denied { listen } for pid=9202 comm="syz.3.842" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 428.358059][ T9203] FAULT_INJECTION: forcing a failure. [ 428.358059][ T9203] name failslab, interval 1, probability 0, space 0, times 0 [ 428.394897][ T9203] CPU: 0 UID: 0 PID: 9203 Comm: syz.3.842 Tainted: G L syzkaller #0 PREEMPT(full) [ 428.394927][ T9203] Tainted: [L]=SOFTLOCKUP [ 428.394933][ T9203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 428.394944][ T9203] Call Trace: [ 428.394950][ T9203] [ 428.394958][ T9203] dump_stack_lvl+0x16c/0x1f0 [ 428.394986][ T9203] should_fail_ex+0x512/0x640 [ 428.395013][ T9203] ? kmem_cache_alloc_noprof+0x62/0x770 [ 428.395033][ T9203] should_failslab+0xc2/0x120 [ 428.395057][ T9203] kmem_cache_alloc_noprof+0x83/0x770 [ 428.395075][ T9203] ? alloc_empty_file+0x55/0x1e0 [ 428.395097][ T9203] ? alloc_empty_file+0x55/0x1e0 [ 428.395113][ T9203] alloc_empty_file+0x55/0x1e0 [ 428.395131][ T9203] alloc_file_pseudo+0x13a/0x230 [ 428.395151][ T9203] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 428.395175][ T9203] sock_alloc_file+0x50/0x210 [ 428.395196][ T9203] do_accept+0x240/0x530 [ 428.395228][ T9203] ? do_raw_spin_lock+0x12c/0x2b0 [ 428.395255][ T9203] ? __pfx_do_accept+0x10/0x10 [ 428.395297][ T9203] __sys_accept4_file+0xcd/0x210 [ 428.395324][ T9203] ? __pfx___sys_accept4_file+0x10/0x10 [ 428.395358][ T9203] __x64_sys_accept4+0xd5/0x150 [ 428.395386][ T9203] do_syscall_64+0xcd/0xf80 [ 428.395411][ T9203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.395429][ T9203] RIP: 0033:0x7f29fe38f749 [ 428.395445][ T9203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.395462][ T9203] RSP: 002b:00007f29ff303038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 428.395480][ T9203] RAX: ffffffffffffffda RBX: 00007f29fe5e5fa0 RCX: 00007f29fe38f749 [ 428.395491][ T9203] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 428.395502][ T9203] RBP: 00007f29ff303090 R08: 0000000000000000 R09: 0000000000000000 [ 428.395513][ T9203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 428.395523][ T9203] R13: 00007f29fe5e6038 R14: 00007f29fe5e5fa0 R15: 00007ffff330bce8 [ 428.395550][ T9203] [ 428.794115][ T9211] FAULT_INJECTION: forcing a failure. [ 428.794115][ T9211] name failslab, interval 1, probability 0, space 0, times 0 [ 428.807259][ T9211] CPU: 0 UID: 0 PID: 9211 Comm: syz.4.844 Tainted: G L syzkaller #0 PREEMPT(full) [ 428.807287][ T9211] Tainted: [L]=SOFTLOCKUP [ 428.807292][ T9211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 428.807302][ T9211] Call Trace: [ 428.807308][ T9211] [ 428.807315][ T9211] dump_stack_lvl+0x16c/0x1f0 [ 428.807341][ T9211] should_fail_ex+0x512/0x640 [ 428.807368][ T9211] ? kmem_cache_alloc_noprof+0x62/0x770 [ 428.807388][ T9211] should_failslab+0xc2/0x120 [ 428.807407][ T9211] kmem_cache_alloc_noprof+0x83/0x770 [ 428.807418][ T9211] ? security_file_alloc+0x34/0x2b0 [ 428.807437][ T9211] ? security_file_alloc+0x34/0x2b0 [ 428.807451][ T9211] security_file_alloc+0x34/0x2b0 [ 428.807467][ T9211] init_file+0x93/0x4c0 [ 428.807486][ T9211] alloc_empty_file+0x73/0x1e0 [ 428.807497][ T9211] path_openat+0xde/0x3140 [ 428.807517][ T9211] ? __pfx_path_openat+0x10/0x10 [ 428.807532][ T9211] ? __pfx_stack_trace_save+0x10/0x10 [ 428.807546][ T9211] ? stack_depot_save_flags+0x29/0x9b0 [ 428.807567][ T9211] do_filp_open+0x20b/0x470 [ 428.807581][ T9211] ? kmem_cache_alloc_noprof+0x25e/0x770 [ 428.807593][ T9211] ? __pfx_do_filp_open+0x10/0x10 [ 428.807607][ T9211] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.807634][ T9211] do_open_execat+0xf9/0x3a0 [ 428.807648][ T9211] ? __pfx_do_open_execat+0x10/0x10 [ 428.807666][ T9211] alloc_bprm+0x2d/0x710 [ 428.807680][ T9211] do_execveat_common.isra.0+0x1ce/0x610 [ 428.807697][ T9211] __x64_sys_execveat+0xda/0x120 [ 428.807712][ T9211] do_syscall_64+0xcd/0xf80 [ 428.807737][ T9211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.807748][ T9211] RIP: 0033:0x7f8adbb8f749 [ 428.807758][ T9211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.807769][ T9211] RSP: 002b:00007f8adca7c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 428.807780][ T9211] RAX: ffffffffffffffda RBX: 00007f8adbde6090 RCX: 00007f8adbb8f749 [ 428.807787][ T9211] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 428.807793][ T9211] RBP: 00007f8adca7c090 R08: 0000000000001000 R09: 0000000000000000 [ 428.807800][ T9211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 428.807806][ T9211] R13: 00007f8adbde6128 R14: 00007f8adbde6090 R15: 00007ffe719c30b8 [ 428.807820][ T9211] [ 429.071180][ T6002] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 429.087203][ T6002] usb 2-1: config 0 has no interfaces? [ 429.093841][ T6002] usb 2-1: config 0 has no interfaces? [ 429.279693][ T6002] usb 2-1: config 0 has no interfaces? [ 429.286801][ T6002] usb 2-1: config 0 has no interfaces? [ 429.293120][ T6002] usb 2-1: config 0 has no interfaces? [ 429.299665][ T6002] usb 2-1: config 0 has no interfaces? [ 429.307617][ T6002] usb 2-1: config 0 has no interfaces? [ 430.326606][ T6002] usb 2-1: config 0 has no interfaces? [ 430.356384][ T6002] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 430.357968][ T30] audit: type=1400 audit(1767690479.411:420): avc: denied { ioctl } for pid=9217 comm="syz.0.845" path="socket:[34985]" dev="sockfs" ino=34985 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 430.390225][ T6002] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 430.398593][ T6002] usb 2-1: Product: syz [ 430.402725][ T6002] usb 2-1: Manufacturer: syz [ 430.407297][ T6002] usb 2-1: SerialNumber: syz [ 430.418161][ T6002] usb 2-1: config 0 descriptor?? [ 430.649844][ T6002] usb 2-1: USB disconnect, device number 33 [ 430.716618][ T30] audit: type=1400 audit(1767690479.771:421): avc: denied { bind } for pid=9217 comm="syz.0.845" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 430.990826][ T9232] netlink: 20 bytes leftover after parsing attributes in process `syz.3.850'. [ 433.824946][ T6187] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 434.005353][ T6187] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 434.026069][ T6187] usb 1-1: config 0 has no interfaces? [ 434.056191][ T6187] usb 1-1: config 0 has no interfaces? [ 434.167073][ T6187] usb 1-1: config 0 has no interfaces? [ 434.181444][ T6187] usb 1-1: config 0 has no interfaces? [ 434.188381][ T6187] usb 1-1: config 0 has no interfaces? [ 434.195612][ T6187] usb 1-1: config 0 has no interfaces? [ 434.202084][ T6187] usb 1-1: config 0 has no interfaces? [ 434.214287][ T6187] usb 1-1: config 0 has no interfaces? [ 434.292691][ T9266] netlink: 20 bytes leftover after parsing attributes in process `syz.4.862'. [ 434.332533][ T6187] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 434.678307][ T6187] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 434.709181][ T6187] usb 1-1: Product: syz [ 434.741736][ T6187] usb 1-1: Manufacturer: syz [ 434.756778][ T6187] usb 1-1: SerialNumber: syz [ 434.774956][ T6187] usb 1-1: config 0 descriptor?? [ 435.543657][ T9256] loop2: detected capacity change from 0 to 7 [ 435.569085][ T30] audit: type=1400 audit(1767690484.621:422): avc: denied { bind } for pid=9269 comm="syz.1.864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 435.572605][ T9256] Dev loop2: unable to read RDB block 7 [ 435.641760][ T30] audit: type=1400 audit(1767690484.691:423): avc: denied { connect } for pid=9269 comm="syz.1.864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 435.694953][ T9256] loop2: unable to read partition table [ 435.700849][ T9256] loop2: partition table beyond EOD, truncated [ 435.710857][ T9256] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 435.756078][ T6055] usb 1-1: USB disconnect, device number 29 [ 436.060580][ T9283] netlink: 'syz.4.868': attribute type 1 has an invalid length. [ 436.068376][ T9283] netlink: 224 bytes leftover after parsing attributes in process `syz.4.868'. [ 437.557459][ T30] audit: type=1400 audit(1767690486.611:424): avc: denied { append } for pid=9292 comm="syz.4.871" name="nbd4" dev="devtmpfs" ino=683 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 438.753015][ T9309] netlink: 20 bytes leftover after parsing attributes in process `syz.4.875'. [ 440.003813][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.012746][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.193724][ T9320] 9p: Bad value for 'rfdno' [ 440.395371][ T9322] FAULT_INJECTION: forcing a failure. [ 440.395371][ T9322] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 440.396622][ T9324] vcan0: tx address claim with dest, not broadcast [ 440.494873][ T9322] CPU: 1 UID: 0 PID: 9322 Comm: syz.2.870 Tainted: G L syzkaller #0 PREEMPT(full) [ 440.494905][ T9322] Tainted: [L]=SOFTLOCKUP [ 440.494916][ T9322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 440.494926][ T9322] Call Trace: [ 440.494933][ T9322] [ 440.494940][ T9322] dump_stack_lvl+0x16c/0x1f0 [ 440.494968][ T9322] should_fail_ex+0x512/0x640 [ 440.494997][ T9322] _copy_from_user+0x2e/0xd0 [ 440.495024][ T9322] kstrtouint_from_user+0xd6/0x1d0 [ 440.495044][ T9322] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 440.495064][ T9322] ? __lock_acquire+0x436/0x2890 [ 440.495090][ T9322] ? lock_acquire+0x179/0x330 [ 440.495117][ T9322] proc_fail_nth_write+0x83/0x220 [ 440.495137][ T9322] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 440.495163][ T9322] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 440.495180][ T9322] vfs_write+0x2a0/0x11d0 [ 440.495205][ T9322] ? __pfx___mutex_lock+0x10/0x10 [ 440.495232][ T9322] ? __pfx_vfs_write+0x10/0x10 [ 440.495262][ T9322] ? __fget_files+0x20e/0x3c0 [ 440.495294][ T9322] ksys_write+0x12a/0x250 [ 440.495316][ T9322] ? __pfx_ksys_write+0x10/0x10 [ 440.495346][ T9322] do_syscall_64+0xcd/0xf80 [ 440.495371][ T9322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.495389][ T9322] RIP: 0033:0x7f6e72b8e1ff [ 440.495403][ T9322] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 440.495420][ T9322] RSP: 002b:00007f6e73a4a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 440.495436][ T9322] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6e72b8e1ff [ 440.495447][ T9322] RDX: 0000000000000001 RSI: 00007f6e73a4a0a0 RDI: 0000000000000005 [ 440.495457][ T9322] RBP: 00007f6e73a4a090 R08: 0000000000000000 R09: 0000000000000000 [ 440.495467][ T9322] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 440.495477][ T9322] R13: 00007f6e72de6038 R14: 00007f6e72de5fa0 R15: 00007ffd4595f5a8 [ 440.495504][ T9322] [ 440.767571][ T9327] tipc: Started in network mode [ 440.772568][ T9327] tipc: Node identity 2ef9a005c84, cluster identity 4711 [ 440.780645][ T9327] tipc: Enabled bearer , priority 0 [ 440.787682][ T9327] syzkaller0: entered promiscuous mode [ 440.793613][ T9327] syzkaller0: entered allmulticast mode [ 440.966783][ T5923] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 441.005435][ T9328] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1514) ! [ 441.021891][ T9329] FAULT_INJECTION: forcing a failure. [ 441.021891][ T9329] name failslab, interval 1, probability 0, space 0, times 0 [ 441.777334][ T5923] usb 4-1: device descriptor read/64, error -71 [ 441.788879][ T9329] CPU: 0 UID: 0 PID: 9329 Comm: syz.1.879 Tainted: G L syzkaller #0 PREEMPT(full) [ 441.788899][ T9329] Tainted: [L]=SOFTLOCKUP [ 441.788903][ T9329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 441.788909][ T9329] Call Trace: [ 441.788913][ T9329] [ 441.788917][ T9329] dump_stack_lvl+0x16c/0x1f0 [ 441.788935][ T9329] should_fail_ex+0x512/0x640 [ 441.788952][ T9329] ? kmem_cache_alloc_node_noprof+0x65/0x800 [ 441.788966][ T9329] should_failslab+0xc2/0x120 [ 441.788981][ T9329] kmem_cache_alloc_node_noprof+0x86/0x800 [ 441.788993][ T9329] ? __alloc_skb+0x156/0x410 [ 441.789012][ T9329] ? __alloc_skb+0x156/0x410 [ 441.789028][ T9329] __alloc_skb+0x156/0x410 [ 441.789043][ T9329] ? __alloc_skb+0x35d/0x410 [ 441.789058][ T9329] ? __pfx___alloc_skb+0x10/0x10 [ 441.789075][ T9329] ? rtnl_prop_list_size+0x295/0x2d0 [ 441.789087][ T9329] ? if_nlmsg_size+0x4a7/0xb30 [ 441.789101][ T9329] rtmsg_ifinfo_build_skb+0x81/0x280 [ 441.789118][ T9329] rtnetlink_event+0xf3/0x1f0 [ 441.789133][ T9329] notifier_call_chain+0xbc/0x3e0 [ 441.789152][ T9329] ? __pfx_rtnetlink_event+0x10/0x10 [ 441.789168][ T9329] call_netdevice_notifiers_info+0xbe/0x110 [ 441.789185][ T9329] netif_set_mtu_ext+0x563/0x7a0 [ 441.789198][ T9329] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 441.789212][ T9329] ? __lock_acquire+0x436/0x2890 [ 441.789229][ T9329] netif_set_mtu+0x98/0x140 [ 441.789239][ T9329] ? __pfx_netif_set_mtu+0x10/0x10 [ 441.789255][ T9329] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 441.789268][ T9329] ? full_name_hash+0xbc/0x110 [ 441.789287][ T9329] dev_set_mtu+0xb2/0x260 [ 441.789301][ T9329] dev_ifsioc+0xd28/0x1f70 [ 441.789313][ T9329] ? __pfx_dev_ifsioc+0x10/0x10 [ 441.789323][ T9329] ? __pfx___mutex_lock+0x10/0x10 [ 441.789343][ T9329] ? dev_load+0x8e/0x240 [ 441.789356][ T9329] dev_ioctl+0x223/0x10e0 [ 441.789368][ T9329] sock_do_ioctl+0x19d/0x280 [ 441.789383][ T9329] ? __pfx_sock_do_ioctl+0x10/0x10 [ 441.789400][ T9329] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 441.789414][ T9329] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 441.789432][ T9329] sock_ioctl+0x227/0x6b0 [ 441.789448][ T9329] ? __pfx_sock_ioctl+0x10/0x10 [ 441.789461][ T9329] ? hook_file_ioctl_common+0x144/0x410 [ 441.789483][ T9329] ? selinux_file_ioctl+0x180/0x270 [ 441.789497][ T9329] ? selinux_file_ioctl+0xb4/0x270 [ 441.789511][ T9329] ? __pfx_sock_ioctl+0x10/0x10 [ 441.789527][ T9329] __x64_sys_ioctl+0x18e/0x210 [ 441.789540][ T9329] do_syscall_64+0xcd/0xf80 [ 441.789556][ T9329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.789567][ T9329] RIP: 0033:0x7fef9cf8f749 [ 441.789576][ T9329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.789587][ T9329] RSP: 002b:00007fef9de4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 441.789599][ T9329] RAX: ffffffffffffffda RBX: 00007fef9d1e6180 RCX: 00007fef9cf8f749 [ 441.789605][ T9329] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000005 [ 441.789612][ T9329] RBP: 00007fef9de4a090 R08: 0000000000000000 R09: 0000000000000000 [ 441.789618][ T9329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 441.789624][ T9329] R13: 00007fef9d1e6218 R14: 00007fef9d1e6180 R15: 00007fff81c23d38 [ 441.789638][ T9329] [ 441.792179][ T9329] tipc: Resetting bearer [ 442.165130][ T9326] tipc: Resetting bearer [ 442.280985][ T9326] tipc: Disabling bearer [ 442.294838][ T5923] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 442.387588][ T91] tipc: Node number set to 3870924805 [ 442.689811][ T9341] lo speed is unknown, defaulting to 1000 [ 442.737636][ T9342] No such timeout policy "syz0" [ 442.772717][ T30] audit: type=1326 audit(1767690491.821:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9340 comm="syz.3.885" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29fe38f749 code=0x0 [ 442.804868][ T6187] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 443.043173][ T6187] usb 2-1: device descriptor read/64, error -71 [ 443.050306][ T30] audit: type=1400 audit(1767690492.031:426): avc: denied { cmd } for pid=9346 comm="syz.0.887" path="socket:[35389]" dev="sockfs" ino=35389 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 443.474852][ T6187] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 443.625217][ T6187] usb 2-1: device descriptor read/64, error -71 [ 443.784534][ T9364] netlink: 'syz.3.889': attribute type 1 has an invalid length. [ 443.792256][ T9364] netlink: 224 bytes leftover after parsing attributes in process `syz.3.889'. [ 443.845322][ T6187] usb usb2-port1: attempt power cycle [ 444.427211][ T6187] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 444.507891][ T6187] usb 2-1: device descriptor read/8, error -71 [ 444.571031][ T9372] vcan0: tx address claim with dest, not broadcast [ 444.804458][ T6187] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 445.416868][ T6187] usb 2-1: device descriptor read/8, error -71 [ 445.525960][ T6187] usb usb2-port1: unable to enumerate USB device [ 445.909274][ T9384] futex_wake_op: syz.0.893 tries to shift op by -1; fix this program [ 446.225591][ T30] audit: type=1400 audit(1767690495.281:427): avc: denied { shutdown } for pid=9380 comm="syz.3.894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 446.275905][ T6017] libceph: connect (1)[c::]:6789 error -101 [ 446.282295][ T6017] libceph: mon0 (1)[c::]:6789 connect error [ 446.345702][ T9387] ceph: No mds server is up or the cluster is laggy [ 446.595285][ T5923] libceph: connect (1)[c::]:6789 error -101 [ 446.604982][ T5923] libceph: mon0 (1)[c::]:6789 connect error [ 446.711999][ T9391] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 447.861369][ T9415] vcan0: tx address claim with dest, not broadcast [ 448.211824][ T30] audit: type=1400 audit(1767690497.141:428): avc: denied { remount } for pid=9416 comm="syz.3.906" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 448.252801][ T9413] v: renamed from vlan0 [ 453.006258][ T6187] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 453.167215][ T9476] vcan0: tx address claim with dest, not broadcast [ 453.191416][ T6187] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 453.247193][ T6187] usb 3-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 453.298513][ T6187] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.339715][ T6187] usb 3-1: config 0 descriptor?? [ 454.200502][ T6187] ntrig 0003:1B96:0009.000C: unknown main item tag 0x0 [ 454.286033][ T6187] ntrig 0003:1B96:0009.000C: unknown main item tag 0x0 [ 454.318201][ T6187] ntrig 0003:1B96:0009.000C: unknown main item tag 0x0 [ 454.350615][ T6187] ntrig 0003:1B96:0009.000C: hidraw0: USB HID v0.00 Device [HID 1b96:0009] on usb-dummy_hcd.2-1/input0 [ 454.375107][ T6187] ntrig 0003:1B96:0009.000C: Firmware version: 1.1.18.2.1 (4672 5940) [ 455.376259][ T5923] usb 3-1: USB disconnect, device number 23 [ 455.394856][ T6187] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 455.814875][ T6187] usb 2-1: Using ep0 maxpacket: 32 [ 455.911273][ T6187] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 455.942654][ T6187] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 455.962378][ T6187] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 455.986297][ T6187] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.047547][ T6187] usb 2-1: config 0 descriptor?? [ 456.078799][ T9522] FAULT_INJECTION: forcing a failure. [ 456.078799][ T9522] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 456.088713][ T6187] hub 2-1:0.0: USB hub found [ 456.299940][ T9522] CPU: 1 UID: 0 PID: 9522 Comm: syz.3.927 Tainted: G L syzkaller #0 PREEMPT(full) [ 456.299972][ T9522] Tainted: [L]=SOFTLOCKUP [ 456.299978][ T9522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 456.299989][ T9522] Call Trace: [ 456.299995][ T9522] [ 456.300001][ T9522] dump_stack_lvl+0x16c/0x1f0 [ 456.300028][ T9522] should_fail_ex+0x512/0x640 [ 456.300056][ T9522] _copy_from_user+0x2e/0xd0 [ 456.300082][ T9522] sk_getsockopt+0x1521/0x3a00 [ 456.300103][ T9522] ? avc_has_perm_noaudit+0x117/0x3b0 [ 456.300134][ T9522] ? __pfx_sk_getsockopt+0x10/0x10 [ 456.300155][ T9522] ? avc_has_perm+0x144/0x1f0 [ 456.300171][ T9522] ? __pfx_avc_has_perm+0x10/0x10 [ 456.300200][ T9522] ? __lock_acquire+0x436/0x2890 [ 456.300222][ T9522] ? sock_has_perm+0x258/0x2f0 [ 456.300247][ T9522] ? find_held_lock+0x2b/0x80 [ 456.300273][ T9522] ? __might_fault+0xe3/0x190 [ 456.300288][ T9522] ? __might_fault+0xe3/0x190 [ 456.300302][ T9522] ? __might_fault+0x13b/0x190 [ 456.300327][ T9522] do_sock_getsockopt+0x37a/0x410 [ 456.300353][ T9522] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 456.300373][ T9522] ? __fget_files+0x204/0x3c0 [ 456.300409][ T9522] __sys_getsockopt+0x12f/0x260 [ 456.300431][ T9522] __x64_sys_getsockopt+0xbd/0x160 [ 456.300448][ T9522] ? do_syscall_64+0x91/0xf80 [ 456.300468][ T9522] ? lockdep_hardirqs_on+0x7c/0x110 [ 456.300490][ T9522] do_syscall_64+0xcd/0xf80 [ 456.300512][ T9522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.300529][ T9522] RIP: 0033:0x7f29fe38f749 [ 456.300544][ T9522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.300559][ T9522] RSP: 002b:00007f29ff303038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 456.300583][ T9522] RAX: ffffffffffffffda RBX: 00007f29fe5e5fa0 RCX: 00007f29fe38f749 [ 456.300596][ T9522] RDX: 000000000000001c RSI: 0000000000000001 RDI: 0000000000000003 [ 456.300606][ T9522] RBP: 00007f29ff303090 R08: 0000200000000100 R09: 0000000000000000 [ 456.300617][ T9522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 456.300627][ T9522] R13: 00007f29fe5e6038 R14: 00007f29fe5e5fa0 R15: 00007ffff330bce8 [ 456.300648][ T9522] [ 456.734860][ T6187] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 456.791244][ T9535] vcan0: tx address claim with dest, not broadcast [ 457.147725][ T6187] hid-generic 0003:046D:C31C.000D: unknown main item tag 0x0 [ 457.261161][ T6187] hid-generic 0003:046D:C31C.000D: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.1-1/input0 [ 457.721581][ T10] usb 2-1: USB disconnect, device number 38 [ 459.708568][ T9568] program syz.3.941 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 459.718599][ T9568] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 459.729135][ T6017] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 459.838260][ T6017] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 459.850342][ T6017] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 459.858972][ T6017] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 460.015661][ T6017] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 460.042394][ T6017] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 460.056005][ T6017] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 460.069195][ T6017] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 460.084844][ T6017] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 460.101577][ T6017] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 461.068470][ T9580] lo speed is unknown, defaulting to 1000 [ 461.153400][ T9578] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 461.153881][ T118] IPVS: starting estimator thread 0... [ 461.355684][ T9585] IPVS: using max 47 ests per chain, 112800 per kthread [ 461.767344][ T6017] hid-generic 0000:0000:0000.000E: hidraw1: HID v0.43 Device [syz1] on syz1 [ 462.013926][ T9592] fido_id[9592]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 462.118064][ T9595] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 462.134520][ T9595] ALSA: mixer_oss: invalid index 1374389 [ 464.285963][ T6017] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 466.044852][ T6321] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 466.234806][ T6321] usb 2-1: Using ep0 maxpacket: 8 [ 466.385649][ T6321] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 466.508686][ T9628] syzkaller0: entered promiscuous mode [ 466.820076][ T9631] FAULT_INJECTION: forcing a failure. [ 466.820076][ T9631] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 466.862873][ T6321] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 466.885406][ T9628] syzkaller0: entered allmulticast mode [ 466.994146][ T9631] CPU: 1 UID: 0 PID: 9631 Comm: syz.3.958 Tainted: G L syzkaller #0 PREEMPT(full) [ 466.994165][ T9631] Tainted: [L]=SOFTLOCKUP [ 466.994169][ T9631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 466.994176][ T9631] Call Trace: [ 466.994179][ T9631] [ 466.994183][ T9631] dump_stack_lvl+0x16c/0x1f0 [ 466.994202][ T9631] should_fail_ex+0x512/0x640 [ 466.994222][ T9631] _copy_from_user+0x2e/0xd0 [ 466.994239][ T9631] kstrtouint_from_user+0xd6/0x1d0 [ 466.994252][ T9631] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 466.994267][ T9631] ? __lock_acquire+0x436/0x2890 [ 466.994291][ T9631] ? lock_acquire+0x179/0x330 [ 466.994316][ T9631] proc_fail_nth_write+0x83/0x220 [ 466.994336][ T9631] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 466.994362][ T9631] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 466.994378][ T9631] vfs_write+0x2a0/0x11d0 [ 466.994403][ T9631] ? __pfx___mutex_lock+0x10/0x10 [ 466.994430][ T9631] ? __pfx_vfs_write+0x10/0x10 [ 466.994460][ T9631] ? __fget_files+0x20e/0x3c0 [ 466.994490][ T9631] ksys_write+0x12a/0x250 [ 466.994513][ T9631] ? __pfx_ksys_write+0x10/0x10 [ 466.994542][ T9631] do_syscall_64+0xcd/0xf80 [ 466.994566][ T9631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.994584][ T9631] RIP: 0033:0x7f29fe38e1ff [ 466.994599][ T9631] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 466.994615][ T9631] RSP: 002b:00007f29ff2c1030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 466.994632][ T9631] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f29fe38e1ff [ 466.994643][ T9631] RDX: 0000000000000001 RSI: 00007f29ff2c10a0 RDI: 000000000000000a [ 466.994654][ T9631] RBP: 00007f29ff2c1090 R08: 0000000000000000 R09: 0000000000000000 [ 466.994664][ T9631] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 466.994674][ T9631] R13: 00007f29fe5e6218 R14: 00007f29fe5e6180 R15: 00007ffff330bce8 [ 466.994701][ T9631] [ 468.849609][ T30] audit: type=1326 audit(1767690516.941:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9640 comm="syz.1.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 468.939005][ T6321] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.065434][ T30] audit: type=1326 audit(1767690516.941:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9640 comm="syz.1.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 469.179692][ T30] audit: type=1326 audit(1767690516.941:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9640 comm="syz.1.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 469.294819][ T6187] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 469.392438][ T30] audit: type=1326 audit(1767690516.941:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9640 comm="syz.1.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 469.494809][ T6187] usb 1-1: device descriptor read/64, error -71 [ 469.691533][ T6321] usb 2-1: config 0 descriptor?? [ 469.694816][ T30] audit: type=1326 audit(1767690516.941:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9640 comm="syz.1.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 469.727419][ T30] audit: type=1326 audit(1767690516.941:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9640 comm="syz.1.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 469.730161][ T6321] usb 2-1: can't set config #0, error -71 [ 469.854841][ T6187] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 469.874430][ T30] audit: type=1326 audit(1767690516.941:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9640 comm="syz.1.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 469.905724][ T6321] usb 2-1: USB disconnect, device number 39 [ 469.981610][ T30] audit: type=1326 audit(1767690516.941:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9640 comm="syz.1.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 470.043756][ T6187] usb 1-1: device descriptor read/64, error -71 [ 470.168151][ T6187] usb usb1-port1: attempt power cycle [ 470.344618][ T30] audit: type=1326 audit(1767690516.941:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9640 comm="syz.1.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 470.505021][ T30] audit: type=1326 audit(1767690517.901:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9640 comm="syz.1.962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 470.514824][ T6187] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 470.535975][ T118] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 470.665584][ T6187] usb 1-1: device descriptor read/8, error -71 [ 470.709189][ T118] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 470.740839][ T118] usb 5-1: config 0 has no interfaces? [ 470.784918][ T118] usb 5-1: config 0 has no interfaces? [ 470.805172][ T118] usb 5-1: config 0 has no interfaces? [ 470.884080][ T118] usb 5-1: config 0 has no interfaces? [ 470.929602][ T118] usb 5-1: config 0 has no interfaces? [ 470.961804][ T118] usb 5-1: config 0 has no interfaces? [ 471.914914][ T118] usb 5-1: config 0 has no interfaces? [ 471.941826][ T118] usb 5-1: config 0 has no interfaces? [ 472.194968][ T118] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 472.205352][ T118] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 472.213695][ T118] usb 5-1: Product: syz [ 472.223624][ T118] usb 5-1: Manufacturer: syz [ 472.234598][ T118] usb 5-1: SerialNumber: syz [ 472.287801][ T9685] sp0: Synchronizing with TNC [ 472.325536][ T118] usb 5-1: config 0 descriptor?? [ 472.973546][ T9696] netlink: 12 bytes leftover after parsing attributes in process `syz.1.970'. [ 473.129670][ T9668] loop2: detected capacity change from 0 to 7 [ 473.257967][ T5819] Dev loop2: unable to read RDB block 7 [ 473.282482][ T5819] loop2: unable to read partition table [ 473.316890][ T5819] loop2: partition table beyond EOD, truncated [ 473.398270][ T9668] Dev loop2: unable to read RDB block 7 [ 473.403866][ T9668] loop2: unable to read partition table [ 473.435668][ T9668] loop2: partition table beyond EOD, truncated [ 473.476496][ T9668] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 473.543461][ T5185] Dev loop2: unable to read RDB block 7 [ 473.549276][ T5185] loop2: unable to read partition table [ 473.557394][ T5185] loop2: partition table beyond EOD, truncated [ 473.586011][ T118] usb 5-1: USB disconnect, device number 20 [ 473.740476][ T9707] FAULT_INJECTION: forcing a failure. [ 473.740476][ T9707] name failslab, interval 1, probability 0, space 0, times 0 [ 473.856838][ T30] kauditd_printk_skb: 73 callbacks suppressed [ 473.856854][ T30] audit: type=1326 audit(1767690522.901:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9711 comm="syz.2.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 473.868139][ T9707] CPU: 1 UID: 0 PID: 9707 Comm: syz.3.973 Tainted: G L syzkaller #0 PREEMPT(full) [ 473.868164][ T9707] Tainted: [L]=SOFTLOCKUP [ 473.868169][ T9707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 473.868179][ T9707] Call Trace: [ 473.868185][ T9707] [ 473.868191][ T9707] dump_stack_lvl+0x16c/0x1f0 [ 473.868215][ T9707] should_fail_ex+0x512/0x640 [ 473.868238][ T9707] ? __kvmalloc_node_noprof+0x129/0xa40 [ 473.868260][ T9707] should_failslab+0xc2/0x120 [ 473.868281][ T9707] __kvmalloc_node_noprof+0x14a/0xa40 [ 473.868301][ T9707] ? bpf_test_run_xdp_live+0x139/0x770 [ 473.868323][ T9707] ? bpf_test_run_xdp_live+0x139/0x770 [ 473.868339][ T9707] bpf_test_run_xdp_live+0x139/0x770 [ 473.868357][ T9707] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 473.868377][ T9707] ? preempt_schedule_thunk+0x16/0x30 [ 473.868397][ T9707] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 473.868428][ T9707] ? bpf_dispatcher_xdp+0x800/0x1000 [ 473.868444][ T9707] ? bpf_dispatcher_xdp+0x800/0x1000 [ 473.868458][ T9707] ? bpf_dispatcher_xdp+0x800/0x1000 [ 473.868471][ T9707] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 473.868498][ T9707] bpf_prog_test_run_xdp+0xd3d/0x1660 [ 473.868520][ T9707] ? __fget_files+0x204/0x3c0 [ 473.868543][ T9707] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 473.868562][ T9707] ? __might_fault+0x60/0x190 [ 473.868582][ T9707] ? fput+0x70/0xf0 [ 473.868595][ T9707] ? __bpf_prog_get+0x97/0x2a0 [ 473.868613][ T9707] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 473.868631][ T9707] __sys_bpf+0x1035/0x4980 [ 473.868656][ T9707] ? __pfx___sys_bpf+0x10/0x10 [ 473.868677][ T9707] ? find_held_lock+0x2b/0x80 [ 473.868704][ T9707] ? find_held_lock+0x2b/0x80 [ 473.868738][ T9707] ? __mutex_unlock_slowpath+0x161/0x790 [ 473.868772][ T9707] ? fput+0x70/0xf0 [ 473.868785][ T9707] ? ksys_write+0x1ac/0x250 [ 473.868804][ T9707] ? __pfx_ksys_write+0x10/0x10 [ 473.868827][ T9707] __x64_sys_bpf+0x78/0xc0 [ 473.868848][ T9707] ? lockdep_hardirqs_on+0x7c/0x110 [ 473.868868][ T9707] do_syscall_64+0xcd/0xf80 [ 473.868890][ T9707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.868905][ T9707] RIP: 0033:0x7f29fe38f749 [ 473.868918][ T9707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 473.868933][ T9707] RSP: 002b:00007f29ff303038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 473.868948][ T9707] RAX: ffffffffffffffda RBX: 00007f29fe5e5fa0 RCX: 00007f29fe38f749 [ 473.868959][ T9707] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 473.868968][ T9707] RBP: 00007f29ff303090 R08: 0000000000000000 R09: 0000000000000000 [ 473.868978][ T9707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 473.868987][ T9707] R13: 00007f29fe5e6038 R14: 00007f29fe5e5fa0 R15: 00007ffff330bce8 [ 473.869008][ T9707] [ 474.457017][ T30] audit: type=1326 audit(1767690522.901:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9711 comm="syz.2.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 474.867567][ T30] audit: type=1326 audit(1767690522.901:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9711 comm="syz.2.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 474.976310][ T30] audit: type=1326 audit(1767690523.071:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9711 comm="syz.2.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 476.921598][ T30] audit: type=1326 audit(1767690523.071:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9711 comm="syz.2.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 477.036376][ T30] audit: type=1326 audit(1767690523.071:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9711 comm="syz.2.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 477.153612][ T9737] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 477.161324][ T9737] ALSA: mixer_oss: invalid index 1374389 [ 477.179454][ T30] audit: type=1326 audit(1767690523.071:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9711 comm="syz.2.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 477.264268][ T30] audit: type=1326 audit(1767690523.071:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9711 comm="syz.2.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 477.342241][ T30] audit: type=1326 audit(1767690523.071:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9711 comm="syz.2.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 477.389768][ T30] audit: type=1326 audit(1767690523.071:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9711 comm="syz.2.974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 478.377945][ T9749] Cannot find set identified by id 3 to match [ 479.558562][ T9751] netlink: 'syz.2.985': attribute type 1 has an invalid length. [ 479.566222][ T9751] netlink: 224 bytes leftover after parsing attributes in process `syz.2.985'. [ 479.711589][ T9751] workqueue: Failed to create a rescuer kthread for wq "phy10": -EINTR [ 479.844463][ T30] kauditd_printk_skb: 44 callbacks suppressed [ 479.844474][ T30] audit: type=1326 audit(1767690528.881:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9758 comm="syz.1.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 479.916010][ T30] audit: type=1326 audit(1767690528.881:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9758 comm="syz.1.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 479.948663][ T30] audit: type=1326 audit(1767690528.881:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9758 comm="syz.1.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 479.974960][ T30] audit: type=1326 audit(1767690528.881:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9758 comm="syz.1.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 479.998352][ T30] audit: type=1326 audit(1767690528.881:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9758 comm="syz.1.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 480.021568][ T30] audit: type=1326 audit(1767690528.881:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9758 comm="syz.1.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 480.074896][ T24] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 480.079854][ T30] audit: type=1326 audit(1767690528.881:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9758 comm="syz.1.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 480.150688][ T9761] vcan0: tx address claim with dest, not broadcast [ 480.217084][ T30] audit: type=1326 audit(1767690528.881:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9758 comm="syz.1.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 480.285001][ T30] audit: type=1326 audit(1767690528.881:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9758 comm="syz.1.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef9cf8f749 code=0x7ffc0000 [ 480.347560][ T30] audit: type=1326 audit(1767690528.881:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9758 comm="syz.1.988" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fef9cf8df90 code=0x7ffc0000 [ 480.544987][ T5923] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 480.555002][ T24] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 480.699268][ T24] usb 4-1: config 0 has no interfaces? [ 480.714808][ T5923] usb 3-1: Using ep0 maxpacket: 16 [ 480.729670][ T24] usb 4-1: config 0 has no interfaces? [ 480.734808][ T118] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 480.774301][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 480.796359][ T5923] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 480.831291][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.833998][ T24] usb 4-1: config 0 has no interfaces? [ 480.865819][ T5923] usb 3-1: config 0 descriptor?? [ 480.881305][ T24] usb 4-1: config 0 has no interfaces? [ 480.901633][ T118] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 480.923428][ T118] usb 1-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 480.945189][ T24] usb 4-1: config 0 has no interfaces? [ 480.954939][ T118] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.984026][ T118] usb 1-1: config 0 descriptor?? [ 481.012723][ T24] usb 4-1: config 0 has no interfaces? [ 481.039019][ T24] usb 4-1: config 0 has no interfaces? [ 481.118113][ T9771] ======================================================= [ 481.118113][ T9771] WARNING: The mand mount option has been deprecated and [ 481.118113][ T9771] and is ignored by this kernel. Remove the mand [ 481.118113][ T9771] option from the mount to silence this warning. [ 481.118113][ T9771] ======================================================= [ 481.357408][ T24] usb 4-1: config 0 has no interfaces? [ 481.381190][ T24] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 481.437080][ T24] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 481.502726][ T24] usb 4-1: Product: syz [ 481.547104][ T24] usb 4-1: Manufacturer: syz [ 481.561847][ T5923] hid_parser_main: 73 callbacks suppressed [ 481.561865][ T5923] mcp2221 0003:04D8:00DD.000F: unknown main item tag 0x0 [ 481.577052][ T24] usb 4-1: SerialNumber: syz [ 481.586189][ T5923] mcp2221 0003:04D8:00DD.000F: unknown main item tag 0x0 [ 481.613784][ T5923] mcp2221 0003:04D8:00DD.000F: unknown main item tag 0x0 [ 481.618045][ T118] ntrig 0003:1B96:0009.0010: unknown main item tag 0x0 [ 481.630221][ T118] ntrig 0003:1B96:0009.0010: unknown main item tag 0x0 [ 481.639329][ T24] usb 4-1: config 0 descriptor?? [ 481.644431][ T118] ntrig 0003:1B96:0009.0010: unknown main item tag 0x0 [ 481.695938][ T5923] mcp2221 0003:04D8:00DD.000F: unknown main item tag 0x0 [ 481.703142][ T5923] mcp2221 0003:04D8:00DD.000F: unknown main item tag 0x0 [ 481.707004][ T118] ntrig 0003:1B96:0009.0010: hidraw0: USB HID v0.00 Device [HID 1b96:0009] on usb-dummy_hcd.0-1/input0 [ 481.912210][ T5923] mcp2221 0003:04D8:00DD.000F: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 481.926119][ C1] usb 3-1: input irq status -75 received [ 482.152220][ T9784] netlink: 'syz.1.996': attribute type 1 has an invalid length. [ 482.159896][ T9784] netlink: 224 bytes leftover after parsing attributes in process `syz.1.996'. [ 482.351540][ T118] ntrig 0003:1B96:0009.0010: Firmware version: 1.1.18.2.1 (4672 5940) [ 482.429074][ T9757] loop2: detected capacity change from 0 to 7 [ 483.043559][ T9757] Dev loop2: unable to read RDB block 7 [ 483.082296][ T9757] loop2: AHDI p2 [ 483.086972][ T5923] usb 1-1: USB disconnect, device number 34 [ 483.105897][ T9757] loop2: partition table partially beyond EOD, truncated [ 483.143363][ T24] usb 4-1: USB disconnect, device number 22 [ 484.882467][ T6849] usb 3-1: USB disconnect, device number 24 [ 484.934792][ T9804] netlink: 'syz.4.1000': attribute type 1 has an invalid length. [ 484.942655][ T9804] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1000'. [ 485.257134][ T9804] workqueue: Failed to create a rescuer kthread for wq "phy12": -EINTR [ 486.528788][ T6849] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 486.630571][ T9826] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 486.638142][ T9826] ALSA: mixer_oss: invalid index 1374389 [ 486.729642][ T9828] vcan0: tx address claim with dest, not broadcast [ 486.824824][ T6849] usb 3-1: Using ep0 maxpacket: 16 [ 487.764500][ T6849] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 488.010851][ T6849] usb 3-1: config 0 has no interface number 0 [ 488.045337][ T6849] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 488.065573][ T6849] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.073651][ T6849] usb 3-1: Product: syz [ 488.086701][ T6849] usb 3-1: Manufacturer: syz [ 488.091673][ T6849] usb 3-1: SerialNumber: syz [ 488.130016][ T6849] usb 3-1: config 0 descriptor?? [ 488.144886][ T118] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 488.146697][ T6849] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 488.254975][ T9] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 488.316273][ T118] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 488.340950][ T118] usb 5-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 488.361170][ T118] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.381979][ T118] usb 5-1: config 0 descriptor?? [ 488.415823][ T9] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 488.436348][ T9] usb 1-1: config 0 has no interfaces? [ 488.442676][ T9] usb 1-1: config 0 has no interfaces? [ 488.459231][ T9] usb 1-1: config 0 has no interfaces? [ 488.475955][ T9] usb 1-1: config 0 has no interfaces? [ 488.492881][ T9] usb 1-1: config 0 has no interfaces? [ 488.502799][ T9] usb 1-1: config 0 has no interfaces? [ 488.512850][ T9] usb 1-1: config 0 has no interfaces? [ 488.580599][ T9] usb 1-1: config 0 has no interfaces? [ 488.593576][ T9] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 488.628956][ T9] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 488.643333][ T9] usb 1-1: Product: syz [ 488.647617][ T9] usb 1-1: Manufacturer: syz [ 488.675232][ T9] usb 1-1: SerialNumber: syz [ 488.684448][ T9] usb 1-1: config 0 descriptor?? [ 488.854338][ T118] ntrig 0003:1B96:0009.0011: unknown main item tag 0x0 [ 488.866096][ T118] ntrig 0003:1B96:0009.0011: unknown main item tag 0x0 [ 488.875455][ T118] ntrig 0003:1B96:0009.0011: unknown main item tag 0x0 [ 488.890830][ T118] ntrig 0003:1B96:0009.0011: hidraw0: USB HID v0.00 Device [HID 1b96:0009] on usb-dummy_hcd.4-1/input0 [ 488.913149][ T9842] netlink: 'syz.3.1013': attribute type 1 has an invalid length. [ 488.921055][ T9842] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1013'. [ 488.931214][ T9837] loop2: detected capacity change from 0 to 7 [ 488.945431][ T9837] Dev loop2: unable to read RDB block 7 [ 488.951000][ T9837] loop2: AHDI p2 [ 488.954667][ T9837] loop2: partition table partially beyond EOD, truncated [ 488.969339][ T9] usb 1-1: USB disconnect, device number 35 [ 489.118179][ T118] ntrig 0003:1B96:0009.0011: Firmware version: 1.1.18.2.1 (4672 5940) [ 489.901935][ T6849] gspca_spca1528: reg_w err -110 [ 489.917698][ T6849] spca1528 3-1:0.1: probe with driver spca1528 failed with error -110 [ 490.006226][ T118] usb 5-1: USB disconnect, device number 21 [ 490.066898][ T9853] syzkaller0: entered promiscuous mode [ 490.072411][ T9853] syzkaller0: entered allmulticast mode [ 490.085452][ T9853] TC_ACT_REPEAT abuse ? [ 490.097149][ T9854] capability: warning: `syz.3.1014' uses 32-bit capabilities (legacy support in use) [ 490.955015][ T6849] usb 3-1: USB disconnect, device number 25 [ 491.103131][ T9868] vcan0: tx address claim with dest, not broadcast [ 493.471204][ T9888] lo speed is unknown, defaulting to 1000 [ 493.518232][ T9891] No such timeout policy "syz0" [ 493.536759][ T9889] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 493.544249][ T9889] ALSA: mixer_oss: invalid index 1374389 [ 494.264324][ T9891] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1027'. [ 494.273392][ T9891] block nbd0: not configured, cannot reconfigure [ 494.718969][ T9900] netlink: 'syz.3.1025': attribute type 1 has an invalid length. [ 494.726783][ T9900] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1025'. [ 495.325529][ T30] kauditd_printk_skb: 45 callbacks suppressed [ 495.325541][ T30] audit: type=1400 audit(1767690544.381:621): avc: denied { map } for pid=9908 comm="syz.0.1030" path="socket:[39654]" dev="sockfs" ino=39654 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 495.357637][ T30] audit: type=1400 audit(1767690544.411:622): avc: denied { read accept } for pid=9908 comm="syz.0.1030" path="socket:[39654]" dev="sockfs" ino=39654 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 495.925061][ T8842] IPVS: starting estimator thread 0... [ 496.025702][ T9917] IPVS: using max 77 ests per chain, 184800 per kthread [ 496.036711][ T9916] FAULT_INJECTION: forcing a failure. [ 496.036711][ T9916] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 496.874410][ T9916] CPU: 1 UID: 0 PID: 9916 Comm: syz.3.1031 Tainted: G L syzkaller #0 PREEMPT(full) [ 496.874433][ T9916] Tainted: [L]=SOFTLOCKUP [ 496.874437][ T9916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 496.874444][ T9916] Call Trace: [ 496.874448][ T9916] [ 496.874452][ T9916] dump_stack_lvl+0x16c/0x1f0 [ 496.874472][ T9916] should_fail_ex+0x512/0x640 [ 496.874492][ T9916] core_sys_select+0x4c5/0xc20 [ 496.874511][ T9916] ? __pfx_core_sys_select+0x10/0x10 [ 496.874539][ T9916] ? set_user_sigmask+0x21b/0x2b0 [ 496.874554][ T9916] ? __pfx_set_user_sigmask+0x10/0x10 [ 496.874572][ T9916] do_pselect.constprop.0+0x19f/0x1e0 [ 496.874588][ T9916] ? __pfx_do_pselect.constprop.0+0x10/0x10 [ 496.874610][ T9916] __x64_sys_pselect6+0x182/0x240 [ 496.874626][ T9916] ? __pfx___x64_sys_pselect6+0x10/0x10 [ 496.874645][ T9916] do_syscall_64+0xcd/0xf80 [ 496.874661][ T9916] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.874672][ T9916] RIP: 0033:0x7f29fe38f749 [ 496.874681][ T9916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 496.874692][ T9916] RSP: 002b:00007f29ff2e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 496.874702][ T9916] RAX: ffffffffffffffda RBX: 00007f29fe5e6090 RCX: 00007f29fe38f749 [ 496.874709][ T9916] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000040 [ 496.874715][ T9916] RBP: 00007f29ff2e2090 R08: 0000000000000000 R09: 0000000000000000 [ 496.874722][ T9916] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 496.874733][ T9916] R13: 00007f29fe5e6128 R14: 00007f29fe5e6090 R15: 00007ffff330bce8 [ 496.874756][ T9916] [ 497.068009][ T9927] loop6: detected capacity change from 0 to 2640 [ 497.085804][ T9927] Buffer I/O error on dev loop6, logical block 0, async page read [ 497.093638][ T9927] Buffer I/O error on dev loop6, logical block 0, async page read [ 497.188569][ T9927] Buffer I/O error on dev loop6, logical block 0, async page read [ 497.240172][ T9927] Buffer I/O error on dev loop6, logical block 0, async page read [ 497.279686][ T30] audit: type=1400 audit(1767690546.331:623): avc: denied { listen } for pid=9930 comm="syz.3.1034" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 497.300141][ T9927] Buffer I/O error on dev loop6, logical block 0, async page read [ 497.319502][ T9927] Buffer I/O error on dev loop6, logical block 0, async page read [ 497.402835][ T9927] Buffer I/O error on dev loop6, logical block 0, async page read [ 497.454813][ T9927] Buffer I/O error on dev loop6, logical block 0, async page read [ 497.462725][ T9927] ldm_validate_partition_table(): Disk read failed. [ 497.484233][ T9927] Buffer I/O error on dev loop6, logical block 0, async page read [ 497.507300][ T9927] Buffer I/O error on dev loop6, logical block 0, async page read [ 497.529191][ T9927] Dev loop6: unable to read RDB block 0 [ 497.546228][ T9927] loop6: unable to read partition table [ 497.577323][ T9927] loop_reread_partitions: partition scan of loop6 (3„ ¾‚³˜) failed (rc=-5) [ 499.016542][ T9927] block nbd0: server does not support multiple connections per device. [ 499.029634][ T9927] block nbd0: shutting down sockets [ 499.487769][ T30] audit: type=1400 audit(1767690548.521:624): avc: denied { ioctl } for pid=9952 comm="syz.0.1042" path="socket:[37771]" dev="sockfs" ino=37771 ioctlcmd=0x8915 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 499.760751][ T30] audit: type=1400 audit(1767690548.531:625): avc: denied { ioctl } for pid=9952 comm="syz.0.1042" path="socket:[37769]" dev="sockfs" ino=37769 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 500.238770][ T30] audit: type=1400 audit(1767690549.281:626): avc: denied { set_context_mgr } for pid=9959 comm="syz.1.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 500.273273][ T9962] binder: BINDER_SET_CONTEXT_MGR already set [ 500.297408][ T9962] binder: 9959:9962 ioctl 4018620d 200000004a80 returned -16 [ 500.747322][ T9974] netlink: 'syz.2.1048': attribute type 1 has an invalid length. [ 500.755377][ T9974] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1048'. [ 500.998456][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.009095][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.134841][ T91] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 501.462664][ T91] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 501.482105][ T91] usb 4-1: config 0 has no interfaces? [ 501.499856][ T91] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 501.511101][ T91] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.534933][ T91] usb 4-1: Product: syz [ 501.539132][ T91] usb 4-1: Manufacturer: syz [ 501.546058][ T91] usb 4-1: SerialNumber: syz [ 501.563099][ T9990] No such timeout policy "syz0" [ 501.575829][ T91] usb 4-1: config 0 descriptor?? [ 501.686710][ T9987] lo speed is unknown, defaulting to 1000 [ 501.785535][ T118] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 501.814145][ T9986] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1051'. [ 501.864218][ T9986] block nbd0: not configured, cannot reconfigure [ 501.994878][ T118] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 502.006851][ T118] usb 3-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 502.043222][ T118] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.117117][ T118] usb 3-1: config 0 descriptor?? [ 502.571735][ T118] ntrig 0003:1B96:0009.0012: unknown main item tag 0x0 [ 502.629141][ T118] ntrig 0003:1B96:0009.0012: unknown main item tag 0x0 [ 502.662421][ T118] ntrig 0003:1B96:0009.0012: unknown main item tag 0x0 [ 502.693315][ T118] ntrig 0003:1B96:0009.0012: hidraw0: USB HID v0.00 Device [HID 1b96:0009] on usb-dummy_hcd.2-1/input0 [ 502.797468][ T118] ntrig 0003:1B96:0009.0012: Firmware version: 1.1.18.2.1 (4672 5940) [ 503.248641][T10010] FAULT_INJECTION: forcing a failure. [ 503.248641][T10010] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 503.264568][T10010] CPU: 0 UID: 0 PID: 10010 Comm: syz.0.1056 Tainted: G L syzkaller #0 PREEMPT(full) [ 503.264603][T10010] Tainted: [L]=SOFTLOCKUP [ 503.264610][T10010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 503.264621][T10010] Call Trace: [ 503.264627][T10010] [ 503.264634][T10010] dump_stack_lvl+0x16c/0x1f0 [ 503.264661][T10010] should_fail_ex+0x512/0x640 [ 503.264692][T10010] strncpy_from_user+0x3b/0x2e0 [ 503.264720][T10010] getname_flags.part.0+0x8f/0x550 [ 503.264744][T10010] getname_flags+0x93/0xf0 [ 503.264765][T10010] __x64_sys_rename+0x65/0xa0 [ 503.264782][T10010] do_syscall_64+0xcd/0xf80 [ 503.264805][T10010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.264823][T10010] RIP: 0033:0x7f691738f749 [ 503.264838][T10010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.264855][T10010] RSP: 002b:00007f69155d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 503.264873][T10010] RAX: ffffffffffffffda RBX: 00007f69175e6180 RCX: 00007f691738f749 [ 503.264885][T10010] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000200000000100 [ 503.264896][T10010] RBP: 00007f69155d5090 R08: 0000000000000000 R09: 0000000000000000 [ 503.264906][T10010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 503.264917][T10010] R13: 00007f69175e6218 R14: 00007f69175e6180 R15: 00007ffc968c3c98 [ 503.264942][T10010] [ 503.549258][ T5923] usb 3-1: USB disconnect, device number 26 [ 503.714060][ T30] audit: type=1400 audit(1767690552.761:627): avc: denied { ioctl } for pid=10011 comm="syz.1.1057" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0x5600 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 503.881311][ T30] audit: type=1326 audit(1767690552.931:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.0.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f691738f749 code=0x7ffc0000 [ 504.428854][ T30] audit: type=1326 audit(1767690552.931:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.0.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f691738f749 code=0x7ffc0000 [ 504.502930][ T118] usb 4-1: USB disconnect, device number 23 [ 504.640038][ T30] audit: type=1326 audit(1767690552.931:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.0.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f691738f749 code=0x7ffc0000 [ 505.126879][ T30] audit: type=1326 audit(1767690552.961:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.0.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f691738f749 code=0x7ffc0000 [ 505.150749][ T30] audit: type=1326 audit(1767690552.961:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.0.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f691738f749 code=0x7ffc0000 [ 505.216295][ T30] audit: type=1326 audit(1767690552.961:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.0.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f691738f749 code=0x7ffc0000 [ 505.718659][ T30] audit: type=1326 audit(1767690552.961:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.0.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f691738f749 code=0x7ffc0000 [ 505.862386][T10043] No such timeout policy "syz0" [ 505.982156][T10042] lo speed is unknown, defaulting to 1000 [ 505.988675][T10040] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1064'. [ 505.997734][T10040] block nbd0: not configured, cannot reconfigure [ 507.055529][ T30] audit: type=1326 audit(1767690552.961:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.0.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f691738f749 code=0x7ffc0000 [ 507.178229][ T30] audit: type=1326 audit(1767690552.961:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10020 comm="syz.0.1059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f691738f749 code=0x7ffc0000 [ 507.861631][ T118] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 508.120295][ T118] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 508.244801][ T118] usb 1-1: config 0 has no interfaces? [ 508.284858][ T118] usb 1-1: config 0 has no interfaces? [ 508.310858][ T118] usb 1-1: config 0 has no interfaces? [ 508.335901][ T118] usb 1-1: config 0 has no interfaces? [ 508.366170][ T118] usb 1-1: config 0 has no interfaces? [ 508.395089][ T118] usb 1-1: config 0 has no interfaces? [ 508.405679][ T118] usb 1-1: config 0 has no interfaces? [ 508.421908][ T118] usb 1-1: config 0 has no interfaces? [ 508.455101][ T118] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 508.464288][ T118] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 508.497119][ T118] usb 1-1: Product: syz [ 508.514932][ T8842] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 508.524215][ T118] usb 1-1: Manufacturer: syz [ 508.542907][ T118] usb 1-1: SerialNumber: syz [ 508.576759][ T118] usb 1-1: config 0 descriptor?? [ 508.668837][ T8842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 508.685568][ T8842] usb 2-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 508.896536][ T8842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.961266][ T8842] usb 2-1: config 0 descriptor?? [ 509.012133][T10057] loop2: detected capacity change from 0 to 7 [ 509.022937][T10068] vcan0: tx address claim with dest, not broadcast [ 509.066121][T10057] Dev loop2: unable to read RDB block 7 [ 509.074843][T10057] loop2: AHDI p2 [ 509.088664][T10057] loop2: partition table partially beyond EOD, truncated [ 509.143032][ T24] usb 1-1: USB disconnect, device number 36 [ 509.214074][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 509.214099][ T30] audit: type=1326 audit(1767690558.261:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10072 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 509.257306][ T30] audit: type=1326 audit(1767690558.301:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10072 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 509.300045][ T30] audit: type=1326 audit(1767690558.301:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10072 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 509.342937][ T30] audit: type=1326 audit(1767690558.301:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10072 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 509.380026][ T8842] ntrig 0003:1B96:0009.0013: unknown main item tag 0x0 [ 509.389444][ T8842] ntrig 0003:1B96:0009.0013: unknown main item tag 0x0 [ 509.409636][ T8842] ntrig 0003:1B96:0009.0013: unknown main item tag 0x0 [ 509.433814][ T30] audit: type=1326 audit(1767690558.301:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10072 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 509.459482][ T8842] ntrig 0003:1B96:0009.0013: hidraw0: USB HID v0.00 Device [HID 1b96:0009] on usb-dummy_hcd.1-1/input0 [ 509.492938][ T30] audit: type=1326 audit(1767690558.301:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10072 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 509.520944][ T30] audit: type=1326 audit(1767690558.301:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10072 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 509.625801][ T30] audit: type=1326 audit(1767690558.301:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10072 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 509.655414][ T8842] ntrig 0003:1B96:0009.0013: Firmware version: 1.1.18.2.1 (4672 5940) [ 509.665061][ T30] audit: type=1326 audit(1767690558.311:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10072 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 509.862845][ T30] audit: type=1326 audit(1767690558.311:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10072 comm="syz.2.1076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e72b8f749 code=0x7ffc0000 [ 510.263287][ T6321] usb 2-1: USB disconnect, device number 40 [ 510.319284][T10089] lo speed is unknown, defaulting to 1000 [ 510.337705][T10091] No such timeout policy "syz0" [ 510.478503][T10095] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10095 comm=syz.3.1080 [ 512.211073][T10109] overlayfs: missing 'lowerdir' [ 515.422111][ T30] kauditd_printk_skb: 94 callbacks suppressed [ 515.428350][ T30] audit: type=1400 audit(1767690564.451:781): avc: denied { setattr } for pid=10135 comm="syz.2.1089" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 516.218232][T10146] lo speed is unknown, defaulting to 1000 [ 516.314216][T10149] No such timeout policy "syz0" [ 516.713368][ T30] audit: type=1326 audit(1767690565.751:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10145 comm="syz.4.1094" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8adbb8f749 code=0x0 [ 516.758650][T10151] mac80211_hwsim hwsim9 4: renamed from wlan1 [ 518.279652][ T6849] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 518.345815][ T30] audit: type=1400 audit(1767690567.351:783): avc: denied { read write } for pid=10171 comm="syz.4.1099" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 518.403904][ T30] audit: type=1400 audit(1767690567.391:784): avc: denied { open } for pid=10171 comm="syz.4.1099" path="/219/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 518.437591][ T30] audit: type=1400 audit(1767690567.451:785): avc: denied { ioctl } for pid=10171 comm="syz.4.1099" path="/219/file0/file0" dev="fuse" ino=64 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 getty: ttyS0: read error: Resource temporarily unavailable [ 518.546185][ T6849] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 518.556370][ T6849] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 518.625061][ T6849] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 518.692589][ T6849] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.755668][ T6849] usb 1-1: config 0 descriptor?? [ 518.784385][ T6849] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 518.923824][ T30] audit: type=1326 audit(1767690567.971:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10175 comm="syz.3.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29fe38f749 code=0x7ffc0000 [ 519.035867][ T30] audit: type=1326 audit(1767690567.971:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10175 comm="syz.3.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29fe38f749 code=0x7ffc0000 [ 519.159160][ T30] audit: type=1326 audit(1767690568.081:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10175 comm="syz.3.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f29fe38f749 code=0x7ffc0000 [ 519.261502][ T118] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 519.284223][ T30] audit: type=1326 audit(1767690568.081:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10175 comm="syz.3.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29fe38f749 code=0x7ffc0000 [ 519.345113][ T30] audit: type=1326 audit(1767690568.081:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10175 comm="syz.3.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29fe38f749 code=0x7ffc0000 [ 519.456863][ T118] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 519.478846][ T118] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 519.520391][ T118] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 519.555716][ T118] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 519.604789][ T118] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 519.624842][ T118] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.656224][ T118] usb 5-1: config 0 descriptor?? [ 519.674195][T10178] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 519.907141][ T118] plantronics 0003:047F:FFFF.0014: reserved main item tag 0xd [ 519.972010][ T118] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 520.296833][ T118] usb 5-1: USB disconnect, device number 22 [ 520.417341][T10189] fido_id[10189]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 521.053257][ T24] usb 1-1: USB disconnect, device number 37 [ 521.887760][T10209] lo speed is unknown, defaulting to 1000 [ 521.956838][T10213] No such timeout policy "syz0" [ 522.004828][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 522.004843][ T30] audit: type=1326 audit(1767690571.051:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10208 comm="syz.0.1109" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f691738f749 code=0x0 [ 522.162645][ T30] audit: type=1400 audit(1767690571.121:849): avc: denied { mount } for pid=10211 comm="syz.1.1110" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 522.204815][ T30] audit: type=1400 audit(1767690571.241:850): avc: denied { unmount } for pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 524.091966][T10237] netlink: 'syz.0.1114': attribute type 2 has an invalid length. [ 524.148539][ T30] audit: type=1400 audit(1767690573.201:851): avc: denied { map } for pid=10231 comm="syz.0.1114" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 524.515776][T10246] FAULT_INJECTION: forcing a failure. [ 524.515776][T10246] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 524.712506][T10246] CPU: 1 UID: 0 PID: 10246 Comm: syz.2.1116 Tainted: G L syzkaller #0 PREEMPT(full) [ 524.712530][T10246] Tainted: [L]=SOFTLOCKUP [ 524.712534][T10246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 524.712541][T10246] Call Trace: [ 524.712545][T10246] [ 524.712549][T10246] dump_stack_lvl+0x16c/0x1f0 [ 524.712568][T10246] should_fail_ex+0x512/0x640 [ 524.712587][T10246] _copy_from_user+0x2e/0xd0 [ 524.712604][T10246] copy_msghdr_from_user+0x98/0x160 [ 524.712616][T10246] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 524.712630][T10246] ? __pfx__kstrtoull+0x10/0x10 [ 524.712645][T10246] ___sys_sendmsg+0xfe/0x1d0 [ 524.712656][T10246] ? __pfx____sys_sendmsg+0x10/0x10 [ 524.712674][T10246] ? find_held_lock+0x2b/0x80 [ 524.712699][T10246] __sys_sendmmsg+0x200/0x420 [ 524.712713][T10246] ? __pfx___sys_sendmmsg+0x10/0x10 [ 524.712728][T10246] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 524.712750][T10246] ? fput+0x70/0xf0 [ 524.712759][T10246] ? ksys_write+0x1ac/0x250 [ 524.712777][T10246] ? __pfx_ksys_write+0x10/0x10 [ 524.712793][T10246] __x64_sys_sendmmsg+0x9c/0x100 [ 524.712804][T10246] ? lockdep_hardirqs_on+0x7c/0x110 [ 524.712818][T10246] do_syscall_64+0xcd/0xf80 [ 524.712833][T10246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.712845][T10246] RIP: 0033:0x7f6e72b8f749 [ 524.712853][T10246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.712864][T10246] RSP: 002b:00007f6e73a4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 524.712875][T10246] RAX: ffffffffffffffda RBX: 00007f6e72de5fa0 RCX: 00007f6e72b8f749 [ 524.712882][T10246] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000003 [ 524.712889][T10246] RBP: 00007f6e73a4a090 R08: 0000000000000000 R09: 0000000000000000 [ 524.712895][T10246] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000001 [ 524.712902][T10246] R13: 00007f6e72de6038 R14: 00007f6e72de5fa0 R15: 00007ffd4595f5a8 [ 524.712915][T10246] [ 525.264915][ T8842] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 525.459612][ T8842] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 525.764844][ T8842] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 525.796918][ T8842] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 525.820396][ T8842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.858933][ T8842] usb 2-1: config 0 descriptor?? [ 526.373433][ T8842] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 526.573143][ T6849] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 526.603910][ T6849] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 526.607033][T10264] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1124'. [ 526.785197][ T6849] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 527.278654][ T6849] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 527.298141][ T6849] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 527.672027][ T6849] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 527.742959][ T6849] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 527.788110][ T6849] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 527.847056][ T6849] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 527.866695][ T6849] hid-generic 0000:0000:0000.0015: unknown main item tag 0x0 [ 527.911432][ T6849] hid-generic 0000:0000:0000.0015: hidraw0: HID v0.43 Device [syz1] on syz1 [ 528.002966][T10281] fido_id[10281]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 529.185109][ T118] usb 2-1: USB disconnect, device number 41 [ 529.354086][T10290] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 635.324703][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 635.331665][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6542/1:b..l [ 635.339943][ C1] rcu: (detected by 1, t=10502 jiffies, g=33373, q=973 ncpus=2) [ 635.347647][ C1] task:syz-executor state:R running task stack:23160 pid:6542 tgid:6542 ppid:6532 task_flags:0x400140 flags:0x00080000 [ 635.361566][ C1] Call Trace: [ 635.364837][ C1] [ 635.367758][ C1] ? __schedule+0x10b9/0x6150 [ 635.372430][ C1] __schedule+0x1139/0x6150 [ 635.376924][ C1] ? __lock_acquire+0x436/0x2890 [ 635.381871][ C1] ? __pfx___schedule+0x10/0x10 [ 635.386719][ C1] ? mark_held_locks+0x49/0x80 [ 635.391476][ C1] preempt_schedule_irq+0x51/0x90 [ 635.396494][ C1] irqentry_exit+0x1d8/0x8c0 [ 635.401083][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 635.407060][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 [ 635.413122][ C1] Code: f6 63 58 00 48 89 df 5b e9 3d 16 5e 00 be 03 00 00 00 5b e9 92 e5 ed 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 34 24 65 48 8b 15 58 c7 f3 11 65 8b 05 69 c7 f3 [ 635.432719][ C1] RSP: 0018:ffffc9000c5975e0 EFLAGS: 00000282 [ 635.438774][ C1] RAX: ffff88801d0b4be0 RBX: ffff88801d0b4be0 RCX: ffffffff8234e64f [ 635.446733][ C1] RDX: ffff88803520c980 RSI: ffffffff8234ea79 RDI: 0000000000000007 [ 635.454691][ C1] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 635.462648][ C1] R10: 0000000000000000 R11: ffff88803520d4b0 R12: ffffea0000e90980 [ 635.470606][ C1] R13: 0000007b41c9b10e R14: 0000000000000000 R15: 0000000000000000 [ 635.478572][ C1] ? lookup_page_ext+0x9f/0x100 [ 635.483417][ C1] ? page_ext_get+0x69/0x1a0 [ 635.488001][ C1] __reset_page_owner+0x3c/0x1a0 [ 635.492936][ C1] free_unref_folios+0xa22/0x1610 [ 635.497958][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 635.503760][ C1] folios_put_refs+0x4be/0x750 [ 635.508518][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 635.513797][ C1] ? folio_batch_remove_exceptionals+0x115/0x1a0 [ 635.520119][ C1] shmem_undo_range+0x58f/0x1140 [ 635.525055][ C1] ? __pfx_shmem_undo_range+0x10/0x10 [ 635.530441][ C1] ? arch_stack_walk+0xa6/0x100 [ 635.535307][ C1] ? kasan_save_stack+0x33/0x60 [ 635.540155][ C1] ? kasan_record_aux_stack+0xa7/0xc0 [ 635.545522][ C1] ? __call_rcu_common.constprop.0+0xa5/0xa10 [ 635.551584][ C1] ? dentry_free+0xc2/0x160 [ 635.556082][ C1] ? __dentry_kill+0x498/0x600 [ 635.560842][ C1] ? finish_dput+0x76/0x480 [ 635.565336][ C1] ? dput+0x1f/0x30 [ 635.569139][ C1] shmem_evict_inode+0x39e/0xbe0 [ 635.574068][ C1] ? inode_wait_for_writeback+0x170/0x390 [ 635.579789][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 635.585240][ C1] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 635.591305][ C1] ? find_held_lock+0x2b/0x80 [ 635.595977][ C1] ? evict+0x37e/0xad0 [ 635.600039][ C1] ? __pfx_shmem_evict_inode+0x10/0x10 [ 635.605485][ C1] evict+0x3c2/0xad0 [ 635.609371][ C1] ? __pfx_evict+0x10/0x10 [ 635.613783][ C1] ? iput.part.0+0x619/0x1190 [ 635.618453][ C1] iput.part.0+0x621/0x1190 [ 635.622950][ C1] iput+0x35/0x40 [ 635.626571][ C1] do_unlinkat+0x3d2/0x660 [ 635.630986][ C1] ? __pfx_do_unlinkat+0x10/0x10 [ 635.635935][ C1] ? getname_flags.part.0+0x1c5/0x550 [ 635.641302][ C1] __x64_sys_unlink+0xc5/0x110 [ 635.646062][ C1] do_syscall_64+0xcd/0xf80 [ 635.650568][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.656448][ C1] RIP: 0033:0x7f29fe38ecf7 [ 635.660853][ C1] RSP: 002b:00007ffff330af78 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 635.669258][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f29fe38ecf7 [ 635.677218][ C1] RDX: 00007ffff330afa0 RSI: 00007ffff330b030 RDI: 00007ffff330b030 [ 635.685175][ C1] RBP: 00007ffff330b030 R08: 0000000000000000 R09: 0000000000000000 [ 635.693135][ C1] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffff330c0c0 [ 635.701098][ C1] R13: 00007f29fe413d7d R14: 0000000000080f0b R15: 00007ffff330c100 [ 635.709070][ C1] [ 635.712082][ C1] rcu: rcu_preempt kthread starved for 10155 jiffies! g33373 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 635.723267][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 635.733220][ C1] rcu: RCU grace-period kthread stack dump: [ 635.739091][ C1] task:rcu_preempt state:R running task stack:28864 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 635.752574][ C1] Call Trace: [ 635.755841][ C1] [ 635.758763][ C1] ? __schedule+0x10b9/0x6150 [ 635.763431][ C1] __schedule+0x1139/0x6150 [ 635.767939][ C1] ? __pfx___schedule+0x10/0x10 [ 635.772777][ C1] ? find_held_lock+0x2b/0x80 [ 635.777455][ C1] ? schedule+0x2d7/0x3a0 [ 635.781788][ C1] schedule+0xe7/0x3a0 [ 635.785886][ C1] schedule_timeout+0x123/0x290 [ 635.790740][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 635.796113][ C1] ? __pfx_process_timeout+0x10/0x10 [ 635.801396][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 635.807215][ C1] ? prepare_to_swait_event+0xf5/0x480 [ 635.812697][ C1] rcu_gp_fqs_loop+0x1ea/0xaf0 [ 635.817478][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 635.822763][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 635.827963][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 635.832895][ C1] ? rcu_gp_cleanup+0x7c1/0xe90 [ 635.837755][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 635.843581][ C1] rcu_gp_kthread+0x26d/0x380 [ 635.848270][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 635.853467][ C1] ? rcu_is_watching+0x12/0xc0 [ 635.858222][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 635.863414][ C1] ? __kthread_parkme+0x19e/0x250 [ 635.868429][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 635.873624][ C1] kthread+0x3c5/0x780 [ 635.877688][ C1] ? __pfx_kthread+0x10/0x10 [ 635.882272][ C1] ? rcu_is_watching+0x12/0xc0 [ 635.887027][ C1] ? __pfx_kthread+0x10/0x10 [ 635.891609][ C1] ret_from_fork+0x983/0xb10 [ 635.896191][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 635.901299][ C1] ? __switch_to+0x7af/0x10d0 [ 635.905971][ C1] ? __pfx_kthread+0x10/0x10 [ 635.910640][ C1] ret_from_fork_asm+0x1a/0x30 [ 635.915417][ C1] [ 635.918425][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 635.924735][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G L syzkaller #0 PREEMPT(full) [ 635.935223][ C1] Tainted: [L]=SOFTLOCKUP [ 635.939531][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 635.949570][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 635.955195][ C1] Code: b6 5f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 39 12 00 fb f4 cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 635.974790][ C1] RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6 [ 635.980854][ C1] RAX: 0000000002b1d819 RBX: 0000000000000001 RCX: ffffffff8b7826d9 [ 635.988811][ C1] RDX: 0000000000000000 RSI: ffffffff8dace4f3 RDI: ffffffff8bf2b480 [ 635.996774][ C1] RBP: ffffed1003b58498 R08: 0000000000000001 R09: ffffed10170a673d [ 636.004733][ C1] R10: ffff8880b85339eb R11: ffff88801dac2ff0 R12: 0000000000000001 [ 636.012692][ C1] R13: ffff88801dac24c0 R14: ffffffff9088bad0 R15: 0000000000000000 [ 636.020649][ C1] FS: 0000000000000000(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000 [ 636.029567][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 636.036142][ C1] CR2: 00007f8dac50de25 CR3: 0000000035404000 CR4: 00000000003526f0 [ 636.044103][ C1] Call Trace: [ 636.047371][ C1] [ 636.050291][ C1] default_idle+0x13/0x20 [ 636.054617][ C1] default_idle_call+0x6c/0xb0 [ 636.059374][ C1] do_idle+0x38d/0x510 [ 636.063442][ C1] ? __pfx_do_idle+0x10/0x10 [ 636.068033][ C1] cpu_startup_entry+0x4f/0x60 [ 636.072802][ C1] start_secondary+0x21d/0x2d0 [ 636.077559][ C1] ? __pfx_start_secondary+0x10/0x10 [ 636.082851][ C1] common_startup_64+0x13e/0x148 [ 636.087795][ C1]