last executing test programs: 3m7.371362189s ago: executing program 0 (id=1): r0 = timerfd_create(0x7, 0x800) ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f0000000140)={0x6, 0x10, '\x00', 0x1, &(0x7f0000000000)=[0x0, 0x0]}) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000940)) r3 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, 0x0) ioctl$IOMMU_IOAS_COPY(r3, 0x3b83, 0x0) ioctl$IOMMU_HWPT_ALLOC$TEST(0xffffffffffffffff, 0x3b89, &(0x7f0000000240)={0x28, 0x1, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000200)}) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) r6 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) sendfile(r5, r4, &(0x7f00000000c0)=0x58, 0xa) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) close_range(r0, r1, 0x0) 3m5.769323156s ago: executing program 0 (id=8): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6(0x10, 0x80000, 0x3) r3 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r3, 0xc040565e, &(0x7f00000000c0)={0x5, 0x0, 0x0, {0xffff, 0x3, 0xb0c, 0x8}}) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0x40086602, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newchain={0x54, 0x64, 0x800, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x1, 0xfff2}, {0x3, 0xb}, {0x6, 0x5}}, [@TCA_RATE={0x6, 0x5, {0xe, 0x7}}, @TCA_RATE={0x6, 0x5, {0x8, 0x15}}, @TCA_RATE={0x6, 0x5, {0x1, 0x3}}, @filter_kind_options=@f_route={{0xa}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x46}}]}, 0x54}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd3d, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x0, 0x3}, {0x0, 0x2}, {0xc, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x7}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x50}, 0x0) ioctl$LOOP_SET_FD(r4, 0x4c00, r0) ioctl$IOC_PR_PREEMPT_ABORT(r4, 0x401870cc, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r5, @ANYRES16, @ANYRESOCT=r4, @ANYBLOB="f8d348840b32ebf8b0e2ebef"], 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001300)=@newqdisc={0x34, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0x20d7a8a269644c3a}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}, 0x1, 0x0, 0x0, 0x82}, 0x4401c) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xff2e) ioctl$TCSETS(r9, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"}) r10 = syz_open_pts(r9, 0x900) ioctl$FIONREAD(r10, 0x541b, &(0x7f00000003c0)) 3m2.168341197s ago: executing program 0 (id=20): syz_emit_ethernet(0x4a, &(0x7f0000000000)={@remote, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '@\x00', 0x14, 0x6, 0x0, @private0={0xfc, 0x0, '\x00', 0x3}, @local, {[], {{0x4e20, 0x4e21, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x9, 0x0, 0x5}}}}}}}, 0x0) 3m1.699061961s ago: executing program 0 (id=21): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000180)='.\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x45110, 0x0) (async, rerun: 64) r0 = getuid() (rerun: 64) setreuid(0x0, r0) (async) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000000)={[{}], [{@subj_type={'subj_type', 0x3d, 'tmpfs\x00'}}, {@euid_gt={'euid>', r0}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}]}) 2m59.857547373s ago: executing program 0 (id=28): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) mbind(&(0x7f00000a2000/0x4000)=nil, 0x4000, 0x4002, &(0x7f0000000200)=0x2000000000000008, 0x5, 0x3) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0) r3 = syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x2cab, 0x0, 0x2, 0x1f7}, &(0x7f0000000380), &(0x7f0000000340)) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_ENUMOUTPUT(0xffffffffffffffff, 0xc0485630, &(0x7f0000000440)={0x1, "879bebe29049c17bfbc1795964ca8938eb6c98a43b7e7ba3f93098c1d2e44ff9", 0x3, 0x895d, 0x1, 0xf40001, 0x2}) io_uring_enter(r3, 0x251e, 0x8133, 0x58, &(0x7f0000000280)={[0xcc7]}, 0x8) mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[], [], 0x2f}) r4 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r5 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_int(r5, 0x0, 0x13, &(0x7f0000000040)=0x7, 0x4) bind$inet(r5, &(0x7f0000000140)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet(r5, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000200)="08001efbb0", 0x5}, {&(0x7f0000000180)="d0849e99c27f53cd", 0x8}], 0x2, 0x0, 0x0, 0x60000000}, 0x20000004) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000002000000d0000000000005f00edb091554243c2d34926ca0223dd515450a9c98c271fa633e8c0ff62c522edc1a733229b7504"], 0x0, 0x34}, 0x20) unshare(0x22020600) 2m57.710856463s ago: executing program 0 (id=37): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000004080000000000000003000000000000000000000003000000010000000000000000000002000000000000000000000004"], 0x0, 0x56}, 0x28) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$selinux_enforce(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r0, &(0x7f0000000540)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x7}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x40000) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) move_pages(0x0, 0x2, &(0x7f0000000080)=[&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil], &(0x7f0000002640)=[0x1], &(0x7f0000000000), 0x0) writev(r1, &(0x7f0000000ac0)=[{&(0x7f0000002500)='\f7', 0x2}], 0x1) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000005c0), r0) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000740)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, r2, 0x300, 0x70bd25, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004000}, 0x40081) sendmsg$nl_generic(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000330001002bbd7000fedbdb250500"], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x4000000) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x1f2f, 0xb1, 0x0, &(0x7f0000000680)="9f44948721919580684010a486fcd9b32763a24b3e271d60cb95d35408c1173c771355f26c5680e7a446469f208d10794877eb22fa715d17dc329151dba8108f8278ff01cc1bc1b44fb374e9fec42d83783b7f540c614e2f09059376b87bb68fc850e1fd02f3e99ea5308358616b6aaed56aa1302c203a7519d608a0ecb8fcf4a1bfd061e6c3cf1216cfba17c5fd8e7681db816e7146138e0f14c1e9f3e8678970c3bd524e4bdf1cda86fe5b3a3c5336d0", 0x0, 0x241, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50) syz_usb_connect(0x2, 0x36, &(0x7f0000000400)=ANY=[@ANYRESOCT=r1, @ANYRESDEC=r3, @ANYBLOB], 0x0) 2m56.403122928s ago: executing program 32 (id=37): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000004080000000000000003000000000000000000000003000000010000000000000000000002000000000000000000000004"], 0x0, 0x56}, 0x28) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$selinux_enforce(0xffffffffffffff9c, 0x0, 0x1, 0x0) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r0, &(0x7f0000000540)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x58, 0x0, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x7}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x40000) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) move_pages(0x0, 0x2, &(0x7f0000000080)=[&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil], &(0x7f0000002640)=[0x1], &(0x7f0000000000), 0x0) writev(r1, &(0x7f0000000ac0)=[{&(0x7f0000002500)='\f7', 0x2}], 0x1) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000005c0), r0) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000740)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, r2, 0x300, 0x70bd25, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004000}, 0x40081) sendmsg$nl_generic(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000330001002bbd7000fedbdb250500"], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x4000000) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x1f2f, 0xb1, 0x0, &(0x7f0000000680)="9f44948721919580684010a486fcd9b32763a24b3e271d60cb95d35408c1173c771355f26c5680e7a446469f208d10794877eb22fa715d17dc329151dba8108f8278ff01cc1bc1b44fb374e9fec42d83783b7f540c614e2f09059376b87bb68fc850e1fd02f3e99ea5308358616b6aaed56aa1302c203a7519d608a0ecb8fcf4a1bfd061e6c3cf1216cfba17c5fd8e7681db816e7146138e0f14c1e9f3e8678970c3bd524e4bdf1cda86fe5b3a3c5336d0", 0x0, 0x241, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50) syz_usb_connect(0x2, 0x36, &(0x7f0000000400)=ANY=[@ANYRESOCT=r1, @ANYRESDEC=r3, @ANYBLOB], 0x0) 2m10.016521571s ago: executing program 4 (id=194): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x437, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r2, 0x5120b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r2}]}}}]}, 0x3c}}, 0x4000010) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x240, 0x0) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f00000000c0)={'ip6tnl0\x00'}) r4 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r4, 0x0, 0x40, &(0x7f0000000240)={'mangle\x00', 0x0, [0x4, 0x6, 0x1, 0x40, 0x7]}, &(0x7f0000000200)=0x54) 2m8.434952071s ago: executing program 4 (id=199): r0 = socket$inet(0x2, 0x4000000805, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) r2 = gettid() ptrace$ARCH_FORCE_TAGGED_SVA(0x1e, r2, 0x0, 0x4004) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x200e00, 0x0) bind$pptp(r5, &(0x7f0000000040)={0x18, 0x2, {0x0, @multicast2}}, 0x1e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) syz_emit_ethernet(0x2a, &(0x7f0000000100)={@link_local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x22}}, {0x0, 0xe21, 0x8}}}}}, 0x0) ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000400)={0xf0f071, 0x2}) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000012c0)=@nat={'nat\x00', 0x19, 0x5, 0x146, [0x200000000400, 0x0, 0x0, 0x20000000052e, 0x200000000732], 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0000000000000000000000000000d500000000000000000000000000000000000000000000000000fcffffff01000000050000005400000000f969705f7674693000000000000000000076657468315f746f5f626f6e640000006d6163736563300000000000000000007465616d3000bbff000000ff00bbbbbbbbbbbbff00ff00ffff6e0000006e000000b60000004552524f5200000000000000000000000000000000000000000000000000000020000000000000001bcb6bd7759b08ebd620bbe071216d385a18aca0d5cd59be2680d4c42454000000000000000000000000000000000000000000000000000000000000000000000000000001000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffff"]}, 0x1aa) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000000c0)={[{@quota}]}) mmap$xdp(&(0x7f0000544000/0x4000)=nil, 0x4000, 0xc, 0x11, r5, 0x0) chdir(&(0x7f0000000100)='./file0\x00') unlink(0x0) 2m7.358821705s ago: executing program 4 (id=202): socket$unix(0x1, 0x5, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mknodat(0xffffffffffffffff, 0x0, 0x800, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1004000, 0x0, 0xb49, 0x0, 0x6, 0x0, 0x3}, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x111}}, 0x20) syz_emit_ethernet(0x3e, &(0x7f0000001200)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x8, 0x0, 0x0, @local, @local, {[@dstopts]}}}}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x4}, {0xac}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r5, 0xe0, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x8, 0x0, 0x0}}, 0x10) lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000003380)='system.posix_acl_access\x00', &(0x7f0000000540)={{}, {0x1, 0x3}, [{0x2, 0x1}], {}, [], {0x10, 0x5}}, 0x2c, 0x0) lchown(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x0) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x2, 0x0) sendfile(r6, r6, 0x0, 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r7, 0xc4c85513, &(0x7f0000000540)={{0xb, 0x6, 0x0, 0x2, 'syz0\x00', 0x281d}, 0x0, [0x1, 0x4ea3, 0x9, 0x56cd, 0x5, 0x6, 0x0, 0x80000001, 0x201, 0x1, 0x3fb, 0x1, 0x9, 0x7, 0x4, 0x10000, 0x43, 0x49b5e351, 0xfffffffffffffffc, 0xe8de, 0xfffffffffffffff9, 0x9, 0x1ff, 0x9, 0x1, 0x8, 0x80000000, 0x4, 0x2, 0x8000, 0x8, 0xa36, 0x57bf4b04, 0x4, 0x40000000000001, 0x6, 0x8, 0x100000000, 0x8, 0x7ff, 0x6, 0x401, 0x5, 0x1, 0x1ff, 0x10000, 0x2, 0xb7, 0x0, 0x5, 0xbe5, 0xa0000000000, 0x0, 0x1, 0x8, 0x8000000000000000, 0xd3d, 0xbbeb, 0x1, 0x6, 0x4, 0x6, 0x8001, 0x3, 0x1, 0xec7, 0x646, 0xc58e, 0x3, 0x11ad, 0x0, 0x6, 0x8000, 0x100080, 0x7f, 0x9, 0x1, 0x5, 0x8000000000000000, 0x4, 0x7, 0xa5, 0x1b13, 0x4, 0x85, 0x8, 0x4, 0xf75, 0x9, 0xb, 0xffffffffffff66e3, 0xfffffffffffffff9, 0x851a, 0x5e997b8e, 0x0, 0x7, 0xffffffffffffffff, 0x3, 0x100, 0x4, 0x3ff, 0x6, 0x0, 0xffffffffffffff95, 0xa, 0x108000001, 0xcc7e, 0x8, 0x0, 0x6, 0x6, 0xfffffffffffffd96, 0x3f3, 0x1, 0x4, 0x0, 0x7, 0x5, 0x6, 0x1, 0xe1, 0xec2, 0x1, 0x5, 0xfff, 0x0, 0x80]}) 2m5.732298355s ago: executing program 4 (id=204): readv(0xffffffffffffffff, &(0x7f0000000580), 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x10) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) syz_usb_connect(0x4, 0x24, &(0x7f0000000080)=ANY=[], 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1400, 0xfffffffe, 0x1d) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0a056020"], 0xd) write$UHID_CREATE2(r0, &(0x7f0000000740)=ANY=[@ANYRESHEX], 0x119) mkdir(&(0x7f0000000080)='./file1\x00', 0x40) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000040)='./bus\x00') name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x400) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000300)={{&(0x7f0000a0a000/0x2000)=nil, 0x2000}, 0x2}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, r1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x20401, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000040)={'geneve1\x00', 0x200}) syz_open_dev$hidraw(&(0x7f00000004c0), 0xcf2, 0x14a042) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') socket$inet_sctp(0x2, 0x5, 0x84) 2m3.507900714s ago: executing program 4 (id=212): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NFC_CMD_LLC_SET_PARAMS(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x34, r1, 0x300, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_LLC_PARAM_RW={0x5, 0x10, 0xf}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x8e}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x468}, @NFC_ATTR_LLC_PARAM_MIUX={0x6, 0x11, 0x63d}]}, 0x34}, 0x1, 0x0, 0x0, 0x4004091}, 0x8800) syz_usb_connect(0x3, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12011000ca1a604004230f02de3b010c03010902120001000000000904"], 0x0) syz_usb_connect$cdc_ncm(0x4, 0xad, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9b, 0x2, 0x1, 0x3, 0xb0, 0xf1, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "f54b81c1ea"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x1, 0x7, 0x2}, {0x6, 0x24, 0x1a, 0x4, 0xb}, [@mbim={0xc, 0x24, 0x1b, 0x5c5e, 0x6, 0x5, 0x7, 0x4, 0xb}, @country_functional={0x12, 0x24, 0x7, 0x7, 0x9, [0x2, 0x4c0, 0x6, 0x6, 0x82, 0x9]}, @call_mgmt={0x5, 0x24, 0x1, 0x0, 0xfa}, @acm={0x4, 0x24, 0x2, 0x1}, @network_terminal={0x7, 0x24, 0xa, 0x1, 0x7, 0x3, 0x8}, @mbim={0xc, 0x24, 0x1b, 0x4a, 0x0, 0x7, 0x3, 0x9, 0xc}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x2, 0x5, 0x3}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0x7, 0x8, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x8, 0x2, 0xf8}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x201, 0x3, 0x0, 0x6, 0x8, 0x4}, 0xbb, &(0x7f0000000140)={0x5, 0xf, 0xbb, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x10, "4dcba8f5b274f50ee5a1e2c8902a8c86"}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x8, 0x3, 0x5}, @ssp_cap={0x10, 0x10, 0xa, 0x1, 0x1, 0xc, 0xff00, 0xc3, [0x3f00]}, @ptm_cap={0x3}, @generic={0x88, 0x10, 0x4, "06eaf44fa97defef043eff230034e3d27ca3ac5f6a3a70b05cd954073e1244557409a8a3f4b533b263a11ba4b25024abd74d067306cffc66284a40d4805d4fc6dbb6c5a06a7c7f2d8b7c683c1a9172c7cfce90e5b2bd6adfe9d32945add6a1e9908f6089d6a8d357033a24772f938c20ac200d68f48c05e7bcf64fc995b10b7e561509d182"}]}, 0x2, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0xc0c}}, {0x71, &(0x7f0000000240)=@string={0x71, 0x3, "4b35bd95893f1fe55b181705e679b56d7d7fbede763fe0356a2ba03457ef765d8823c82c544fae3f3b6bc0aa3758babe3588f5f399c9bab82c5263595d98e4c2a8ceeb7bc42074c0305ffdb221d8c102b9af3c091062f3cfb0af88d5fb85f97ecee32511e786a8ab1e234cdd942edf"}}]}) 2m2.935050877s ago: executing program 5 (id=214): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x9, 0x100008b}, 0x0) (async) sched_setscheduler(0x0, 0x1, 0x0) (async) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0) (async) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0x5}, 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r4}, 0xc) (async) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001200)=ANY=[@ANYBLOB="b57f0cfa18000100fefcffef00d2b0003604625c522e346b8e719d385f02000000fc00000900380008800c000180caf00200010de4cf66e074c78ae0caf6a4a04246b67507d33622dc1c3fbb88182e89cf107068fdeabe9e8e651172583c2af3942235a1d7132ee4a951b493b674e033378fbc5e9e402447dbb1e23459903f133f0f"], 0x38}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) (async) syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x17da, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000180)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x10001}) (async) r8 = syz_io_uring_setup(0x48be, &(0x7f0000001300)={0x0, 0x0, 0x0, 0x3}, &(0x7f00000011c0), &(0x7f0000001180)) io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f0000002300)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x3100) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async) r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8) (async) r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) (async) userfaultfd(0x80001) (async) r11 = userfaultfd(0x801) ioctl$UFFDIO_API(r11, 0xc018aa3f, &(0x7f0000000600)) (async) ioctl$UFFDIO_REGISTER(r11, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_io_uring_submit(r10, 0x0, 0x0) 2m2.734880345s ago: executing program 5 (id=215): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x6) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) setresuid(r3, r3, 0x0) pivot_root(0x0, 0x0) read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket(0x2c, 0x3, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x2982, 0x0) r5 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x101202, 0x0) r6 = gettid() rt_sigtimedwait(&(0x7f0000000080)={[0x3ff]}, 0xffffffffffffffff, 0x0, 0x8) setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000200)=@bpq0, 0x10) tkill(r6, 0x7) read$nci(r5, &(0x7f0000000100)=""/107, 0x6b) write$nci(r5, &(0x7f0000000100)=ANY=[], 0x4) writev(r5, &(0x7f00000000c0)=[{&(0x7f00000003c0)="8610cfd9fad36b27a4e9e4ba9801f716c3ea60f843fdd28a51e452cd99ecda2a9e5463a2d0fd879887ceb44147eefc", 0x2f}], 0x1) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) sendfile(r4, r7, 0x0, 0x20000023896) r8 = socket$inet6(0xa, 0x3, 0xff) close(r8) 2m2.227362168s ago: executing program 4 (id=216): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x4) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r3, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r5 = socket(0x10, 0x3, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x68, 0x28, 0xd27, 0x1004001, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x4, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_sample={0x30, 0x15, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x810}, 0x404c0c0) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r8 = openat$nci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) writev(r8, &(0x7f0000002500)=[{&(0x7f0000001500)="a8138cdf6c2c299855427ddd33edc86c", 0x10}], 0x1) dup(r8) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x9, 0xfff2}, {0x0, 0xfff1}}}, 0x24}}, 0x0) 2m1.447428997s ago: executing program 33 (id=216): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x4) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r3, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r5 = socket(0x10, 0x3, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x68, 0x28, 0xd27, 0x1004001, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x4, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_sample={0x30, 0x15, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x810}, 0x404c0c0) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20088814}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r8 = openat$nci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) writev(r8, &(0x7f0000002500)=[{&(0x7f0000001500)="a8138cdf6c2c299855427ddd33edc86c", 0x10}], 0x1) dup(r8) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0x9, 0xfff2}, {0x0, 0xfff1}}}, 0x24}}, 0x0) 2m1.443958811s ago: executing program 5 (id=218): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, &(0x7f0000000100)=0x2, 0x4) pipe2$9p(&(0x7f0000000f80)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) write$binfmt_register(r3, &(0x7f0000000100)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x7, 0x3a, '*.-*', 0x3a, '', 0x3a, './file0'}, 0x2b) open$dir(&(0x7f0000000200)='./file0\x00', 0x1e9240, 0x180) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r4 = dup(r2) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000200)=ANY=[], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) ioctl$AUTOFS_DEV_IOCTL_READY(r4, 0xc0189376, &(0x7f0000000180)={{0x1, 0x1, 0x18, r2, {0xfff}}, './file0/file0\x00'}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r5, &(0x7f0000000200)=[{&(0x7f0000000080)='/', 0x1}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r5, 0x0) r6 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) getsockopt$llc_int(r6, 0x10c, 0x9, 0x0, &(0x7f0000000280)) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x68942, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="170000000100000000000000dd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) socket$xdp(0x2c, 0x3, 0x0) bind$xdp(r8, 0x0, 0x0) write$binfmt_script(r8, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r8, 0x0) preadv(r8, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) 2m1.050091697s ago: executing program 5 (id=222): readv(0xffffffffffffffff, &(0x7f0000000580), 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x10) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) syz_usb_connect(0x4, 0x24, &(0x7f0000000080)=ANY=[], 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1400, 0xfffffffe, 0x1d) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0a056020"], 0xd) write$UHID_CREATE2(r0, &(0x7f0000000740)=ANY=[@ANYRESHEX], 0x119) mkdir(&(0x7f0000000080)='./file1\x00', 0x40) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000040)='./bus\x00') name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x400) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000300)={{&(0x7f0000a0a000/0x2000)=nil, 0x2000}, 0x2}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, r1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x20401, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000040)={'geneve1\x00', 0x200}) syz_open_dev$hidraw(&(0x7f00000004c0), 0xcf2, 0x14a042) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') 1m59.681460558s ago: executing program 5 (id=226): read(0xffffffffffffffff, &(0x7f0000000840)=""/40, 0x28) openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0), 0xfef85154c7902b6e) syz_open_dev$video4linux(&(0x7f00000000c0), 0x400, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x4000, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) 1m58.866804218s ago: executing program 5 (id=228): connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = syz_clone3(&(0x7f0000000600)={0x21a1000, &(0x7f0000000400), &(0x7f0000000480), &(0x7f0000000500), {0x3c}, &(0x7f0000000880)=""/220, 0xdc, &(0x7f0000000980)=""/4096, &(0x7f0000000540)=[0x0], 0x1}, 0x58) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x9, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, 0x0, 0x0) mmap(&(0x7f0000516000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) socket(0x28, 0xa, 0x8000) socket$unix(0x1, 0x1, 0x0) r2 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r3 = add_key$user(&(0x7f0000000380), &(0x7f0000000340)={'syz', 0x0}, &(0x7f00000006c0)='Z', 0x1, r2) r4 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r3, r4, r4}, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x20}, 0x94) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') lseek(r5, 0x289e0cb5, 0x100000000000000) 1m58.633696128s ago: executing program 34 (id=228): connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = syz_clone3(&(0x7f0000000600)={0x21a1000, &(0x7f0000000400), &(0x7f0000000480), &(0x7f0000000500), {0x3c}, &(0x7f0000000880)=""/220, 0xdc, &(0x7f0000000980)=""/4096, &(0x7f0000000540)=[0x0], 0x1}, 0x58) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x9, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x18, 0x0, 0x0) mmap(&(0x7f0000516000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) socket(0x28, 0xa, 0x8000) socket$unix(0x1, 0x1, 0x0) r2 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r3 = add_key$user(&(0x7f0000000380), &(0x7f0000000340)={'syz', 0x0}, &(0x7f00000006c0)='Z', 0x1, r2) r4 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r3, r4, r4}, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x20}, 0x94) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') lseek(r5, 0x289e0cb5, 0x100000000000000) 11.990906778s ago: executing program 1 (id=623): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000f40)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESDEC=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000004c0)) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RTC_AIE_ON(r1, 0x7001) ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000240)={0x1c, 0x8, 0xe, 0x1f, 0x3, 0x0, 0x5, 0x90, 0xffffffffffffffff}) r2 = syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000000140)=ANY=[], 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x13}, [@ldst={0x4, 0x0, 0x4, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000440)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x80, 0x1c, {0x3bc3, 0x6, 0x2, 0x2007, 0x55, 0xfffe, 0x9, 0x4, 0x40, 0x1, 0x1ff, 0x6}}, 0x0, 0x0, 0x0, 0x0}) r3 = socket(0x10, 0x802, 0x0) write(r3, &(0x7f0000000140)="fc00000018000703ab092500090007000a070000000000060000369321000700ff2500000005d00000000000000398996c92773411419da79bb94b46fe000000bc00020000036c6c256f1a272f2e117c22ebc205214000000000008934d07302ad031720d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70c9ddefefe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f6f0000080548deac270e33429fd3000175e63fb8d38a873cf1587c3b41", 0xfc) syz_usb_control_io(r2, 0x0, 0x0) 10.770697183s ago: executing program 6 (id=633): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0xb9) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x100000}], 0x2, 0x0, 0x0, 0xb) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) close(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRESHEX, @ANYBLOB="2c7766646e6f3d9abc7dd093d20500000000000000cc6109a5217ead997fb43beec7722aaf6264059ebcba63834ef7d74bea86aef1", @ANYRESHEX]) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x20000003, @loopback, 0x60502e42}, 0x1c) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r4 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000001380)) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r5, 0x8008f511, &(0x7f0000000300)) socket$netlink(0x10, 0x3, 0x2) syz_open_dev$hidraw(&(0x7f0000002300), 0x1, 0x14a042) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000005c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000240)=""/44, 0x2c}, {&(0x7f00000007c0)=""/252, 0xfc}, {&(0x7f0000000700)=""/129, 0x81}], 0x3, &(0x7f00000004c0)=""/238, 0xee}, 0x1}], 0x1, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x50) sendmsg$alg(0xffffffffffffffff, 0x0, 0x0) r6 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r6, &(0x7f0000000180)={0x28, 0x0, 0x0, @local}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) 10.018103091s ago: executing program 6 (id=635): r0 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0) ioctl$I2C_PEC(r0, 0x708, 0x7) ioctl$I2C_SMBUS(r0, 0x720, &(0x7f00000000c0)={0x0, 0x0, 0x5, &(0x7f0000000000)={0x7, "a3dd982d0ba2d984c335f78f76704978a2f62f39d29c31372205cd39c53f80d4be"}}) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB="2c726f60746d0000000030303030303030303030303030303030300032303030302c757365725f69643d2f0539fca8fc5324ece49e43af90dd18d4e35d723f992afe304eef059b4a8419c0c169320685dc77c07d84721bcc98b5b4aa3ced617db67196e16c93f2654fdbc941ffa8b5b1139ffa9497278eae2108e66e7271e7280d4c3cb6af29357e48fca48338c7c8bb5002af725a475b003249cb74ab1f7f8db50a8b6ada17bc79caa9ac7574a4", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES32=r1]) syz_usb_connect(0x3, 0x3d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x4000) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r5, 0xffffffffffffffff, 0x0) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r7 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setgroups(0x0, 0x0) setregid(0xffffffffffffffff, r8) writev(r6, &(0x7f0000000000)=[{&(0x7f0000000140)="82", 0x1}], 0x1) 8.58270641s ago: executing program 1 (id=639): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[], 0x48) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB], 0x50}, 0x1, 0x0, 0x0, 0x10000003}, 0x80) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r6, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={0xa0, r7, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x79, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @device_b, @device_a, @initial, {0xf, 0x5}}, 0xffffffffffffffff, @default, 0x1000, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x1ff}, @val={0x5, 0x8, {0x5, 0x97, 0x5, "840713d363"}}, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x2, 0x5, 0x0, {0x2, 0xb7b, 0x0, 0x347, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x100, 0x1}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0x69, 0x0, 0x1, 0x0, 0xfd, 0x7, 0x20}}, @val={0x76, 0x6, {0x3, 0x0, 0x2f, 0x6}}}}]}, 0xa0}, 0x1, 0x0, 0x0, 0xc0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r8, &(0x7f0000002000)=""/102400, 0x19000) socket$nl_generic(0x10, 0x3, 0x10) 7.646188727s ago: executing program 1 (id=641): r0 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0xe2a01) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000480)={0x0, 0x1b}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r1, &(0x7f0000000200)={0x14, &(0x7f0000000100)={0x0, 0x22, 0xe9, {0xe9, 0x32, "5c717ea2aa74ed7f87014778a1ff84c731af3f8a20a72aadf173c5f7d5d9e4489cff2082f8db1480bb4a3c982e4cb0ea6ec2c3b1bb94eefa4e92f8a30a2108da98615e2a040dd10968291156e63acc75e40b9b5df4d366288b94de0f36ae108d2cb92e33483da4354c1c8cce9b4af9eb92379cf0143909258dfcce55ca4e60935e24f0503321d53f135c895f0f3110e9f9e3bd81ada33885dcd9aae730c336daeba7d2319ba48c6757fbd1622a713b40fe82874fc4f742b36295f331b84dbba74dc80061b3c7e7df8237e49e1365fffcb8df6cc52543b3959012732eacecdeb951575589a2ea76"}}, &(0x7f00000002c0)={0x0, 0x3, 0xb2, @string={0xb2, 0x3, "70f2c23df42ab0c8965dec92023517c8325211bb6493d4947fd491645c6703db0b34998358b398157ff63c505d536139400e95695465d900a9fff779dc1dcf1fa1447c7badfd9571ae63ea41c089c57b8b0e9160e1e45edf7b5c2b1995cb66382069c823c8246d3456df4c70681fa0bcd0b566da610d523aa2c9024f64b6dba619bf43fd1b204d05863e64bc9864feca6ec5e43d4d998ed86d3453ffab3498ab4e6ba45f6ef59b3f2ab083a2233e62ae"}}}, &(0x7f00000005c0)={0x34, &(0x7f0000000380)={0x0, 0x12, 0x74, "17e87e56e3fc690bb0ac3c315cb2c95b3540b883598e0c07355523ad739d24d016c3ebc6ec6001ed358f512d17c252386ba5fe20324212591f88f71d652ce43fbbd4e97f34b3f1a0d55aa3ebd1c3966d2ab4e4c1d98e6c0d33d7c1bb3d4ef27f3eb67ae33615e075df6dea10823b3e1426ae0fec"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0xf9}, &(0x7f00000004c0)={0x20, 0x0, 0x7e, {0x7c, "7a68ba228ed36d0b9e4b3c6406524026b3ebcd47880c4b66a5f47c8cea0377b1f4e104b13b31abf4a08a84ce9847071b60747f259547c617a8445fd472af9742bb547c978aa09872e2cc76f4c229adb080fd07e0fd3ca246e19abe1f07d5fc2d171fb052ff104a496d5b2fa191a4d7a3cc57463cc0cc1fa04dfbb9eb"}}, &(0x7f0000000440)={0x20, 0x1, 0x1, 0xf7}, &(0x7f0000000580)={0x20, 0x0, 0x1, 0x2}}) ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000d40)={0x10000000000000, 0x60b, 0x3, 0xfffffff9, 0x0, 0x7, "57c1169b6664ea61326ac71ae7213059", 0x0, 0x2, 0x4, 0xbd, 0x5, 0x1}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) 6.843921936s ago: executing program 3 (id=642): r0 = socket$inet6(0xa, 0x3, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in=@rand_addr=0x64010101, @in6=@mcast2, 0x0, 0x0, 0x0, 0x4, 0xa, 0x0, 0x0, 0x2b}, {0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x895a}, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1}, {{@in6=@mcast1, 0x0, 0x6c}, 0x2, @in=@multicast1, 0x0, 0x4, 0x0, 0x0, 0x40000000, 0x5}}, 0xe4) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97000288c19e9ace00400000000000002100000002ff020000000000000000000000000001"], 0x0) 6.582922602s ago: executing program 3 (id=644): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x437, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r2, 0x5120b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r2}]}}}]}, 0x3c}}, 0x4000010) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0) 6.504587221s ago: executing program 2 (id=645): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x5, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@map_idx={0x18, 0x3, 0x5, 0x0, 0x9}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x9, 0x0, 0x100000, {}, [{0x90, 0x1, [@m_ct={0x44, 0x19, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffe, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x8871b000) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000000)=0x1, 0x4) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) sendmmsg$inet6(r4, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0) r5 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x1000, 0x2, 0x3bc}) r6 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r6, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) listen(r6, 0x4) close_range(r5, r6, 0x0) r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) ioctl$USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x5, 0x6, 0x0, 0x5, 0x0}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b0000000000000000000000008000", @ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x48) 6.47224026s ago: executing program 7 (id=646): sendmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000a40)="118db76e8efb27d530b26a8302bad647e35540226c4052b6d573165d39ad8ead67632e8fe108cf55473bc22914286359c3bb3decf99ed04d34d1a73ae48dae0e69ee69fe", 0x44}], 0x4}}], 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001000)={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x48) mmap(&(0x7f00005b1000/0x4000)=nil, 0x4000, 0x0, 0x21011, r0, 0x0) syz_clone(0x4020440, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket(0x10, 0x80002, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x80003, 0x0) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r2, 0x3b72, &(0x7f0000000240)={0xc8, 0x7, 0x2, 0x9, "2831aa978f5bf9760affe84d9aae132ea61e3c8f5e8baf4f418b043ccf7c2585badf21cf679445df72648e7c1014b069db54b31ee89dcb0376fa440f2c34e84c56f2ee4703fc26cf2b2475fad58dc33d6ec810647036805de665b749a9705fcf7400bc18e5e059dd8e3a09409d1de6b38a5528332fc808e0b581e7cbc0a85b55fc2a79d7327dbc4be903ba8046ad82565e1d0bc0e538166c520688a71725c81771c487b505d1c434a71839e6d2677f12"}) sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) 6.310726512s ago: executing program 6 (id=647): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0xfffffff6, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x8000, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 6.087025072s ago: executing program 7 (id=648): r0 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0xe2a01) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000480)={0x0, 0x1b}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r1, &(0x7f0000000200)={0x14, &(0x7f0000000100)={0x0, 0x22, 0xe9, {0xe9, 0x32, "5c717ea2aa74ed7f87014778a1ff84c731af3f8a20a72aadf173c5f7d5d9e4489cff2082f8db1480bb4a3c982e4cb0ea6ec2c3b1bb94eefa4e92f8a30a2108da98615e2a040dd10968291156e63acc75e40b9b5df4d366288b94de0f36ae108d2cb92e33483da4354c1c8cce9b4af9eb92379cf0143909258dfcce55ca4e60935e24f0503321d53f135c895f0f3110e9f9e3bd81ada33885dcd9aae730c336daeba7d2319ba48c6757fbd1622a713b40fe82874fc4f742b36295f331b84dbba74dc80061b3c7e7df8237e49e1365fffcb8df6cc52543b3959012732eacecdeb951575589a2ea76"}}, &(0x7f00000002c0)={0x0, 0x3, 0xb2, @string={0xb2, 0x3, "70f2c23df42ab0c8965dec92023517c8325211bb6493d4947fd491645c6703db0b34998358b398157ff63c505d536139400e95695465d900a9fff779dc1dcf1fa1447c7badfd9571ae63ea41c089c57b8b0e9160e1e45edf7b5c2b1995cb66382069c823c8246d3456df4c70681fa0bcd0b566da610d523aa2c9024f64b6dba619bf43fd1b204d05863e64bc9864feca6ec5e43d4d998ed86d3453ffab3498ab4e6ba45f6ef59b3f2ab083a2233e62ae"}}}, &(0x7f00000005c0)={0x34, &(0x7f0000000380)={0x0, 0x12, 0x74, "17e87e56e3fc690bb0ac3c315cb2c95b3540b883598e0c07355523ad739d24d016c3ebc6ec6001ed358f512d17c252386ba5fe20324212591f88f71d652ce43fbbd4e97f34b3f1a0d55aa3ebd1c3966d2ab4e4c1d98e6c0d33d7c1bb3d4ef27f3eb67ae33615e075df6dea10823b3e1426ae0fec"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0xf9}, &(0x7f00000004c0)={0x20, 0x0, 0x7e, {0x7c, "7a68ba228ed36d0b9e4b3c6406524026b3ebcd47880c4b66a5f47c8cea0377b1f4e104b13b31abf4a08a84ce9847071b60747f259547c617a8445fd472af9742bb547c978aa09872e2cc76f4c229adb080fd07e0fd3ca246e19abe1f07d5fc2d171fb052ff104a496d5b2fa191a4d7a3cc57463cc0cc1fa04dfbb9eb"}}, &(0x7f0000000440)={0x20, 0x1, 0x1, 0xf7}, &(0x7f0000000580)={0x20, 0x0, 0x1, 0x2}}) ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000d40)={0x10000000000000, 0x60b, 0x3, 0xfffffff9, 0x0, 0x7, "57c1169b6664ea61326ac71ae7213059", 0x0, 0x2, 0x4, 0xbd, 0x5, 0x1}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) 6.086703475s ago: executing program 6 (id=649): r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fstat(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@mcast1, @in=@private=0xa010100, 0x4e24, 0xc000, 0x4e21, 0x8, 0xa, 0xa0, 0xa0, 0xaa2453b8d718011, 0x0, r1}, {0x4, 0x1, 0x8, 0x9, 0xfffffffffffffff7, 0x1, 0x2}, {0x10, 0x4, 0x71, 0x10000}, 0x2, 0x0, 0x2, 0x0, 0x3, 0x1}, {{@in6=@local, 0x4d5, 0xff}, 0x2, @in=@loopback, 0x0, 0x1, 0x2, 0x5, 0x40, 0xc}}, 0xe8) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x40000003, 0x0, 0x1}]}) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x3, 0x86, &(0x7f0000000580)=ANY=[@ANYBLOB="1201010296a59c20d21951003bdd01020301"], &(0x7f0000000700)={0xa, &(0x7f0000000440)={0xa, 0x6, 0x300, 0x6, 0x68, 0x81, 0x8}, 0x1d, &(0x7f0000000480)=ANY=[@ANYBLOB="050f1d00030a100302020aeb00000710020014780a07100208fa070000"], 0x2, [{0x1c, &(0x7f0000000640)=ANY=[@ANYBLOB="ffff5639e2ca790896914d9d5b8a6f5d2f5574d106a4c3b291fca16b"]}, {0x45, &(0x7f00000007c0)=ANY=[@ANYBLOB="4503f2354c4aa0fd8c553e7195833e7a94f69941d8ea5d7b3c401ea3a549f4b9e8f46f45f8e094ee0978222e7dbfa2ca9fec11aad1a763d38bfd1214a9655994df0f8e1354c83ec6789324242b2cafb8f5a92e422b40181cdddfba203e40362cbd8a9435e1123afbff885632004d2cac88e8d8c848c2bba060a9c23c27ead945adb7ef498f934e893a0c2ed1888b20c2a229411c2fa1485930d906a0ab510a1209f943a3f3a0096edda98a6f1232f4274b8ed1c8ae343bb031db5e24afc86fe4e7b7106c476fe2cdb2290772ec81b20fd017b83a14da78f4f5da465cde77e723e3a88ae1811721a12a19c6ffc2fa64a396d3197df545b8776081d85ea8b308ab8b2beef56bfc2725aa5c8d5e8fef8a19dd251a47e7b83a6ca1f5e067ca601601c458bedb33574aec79f1"]}]}) r5 = io_uring_setup(0x2104, &(0x7f0000000300)={0x0, 0x80000001, 0x2, 0x3, 0x2}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0x19, 0x20000000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) 5.681996779s ago: executing program 3 (id=650): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x3, @dev={0xfe, 0x80, '\x00', 0x16}, 0x4}, 0x1c) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, &(0x7f0000001940)) bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0xea, 0x0, 0x1, 0x1}, 0x14) 5.41979806s ago: executing program 2 (id=651): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) r3 = socket$igmp6(0xa, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000600)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000f000000050030000000000005002f00a005000008000300", @ANYRES32=r4], 0x2c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) socket(0x2, 0x4, 0x93dd) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_dump={0x3e, 0x7, 0x0, 0x22, "258252cdda0cf23596ba487a785d5f46b9f1b0a8ad91e205792bdce35ce7ab6e106f"}}) syz_usb_connect$hid(0x6, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000010ac0100000001000000010902240001000000000904000001030000000921ffff000122050009058103"], 0x0) syz_usb_connect(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000dae11c105e048402"], 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000e100"]) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000006c0)={0x24, 0x0, 0x1, 0x80, 0x25dfdbfe, {0xf, 0x0, 0x2d}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6b32}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x2805}, 0x0) sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="0c030000", @ANYRES16, @ANYBLOB="00082abd7000fedbdf250b000000e40004800900010073797a31000000005400078008000300f7ffffff08000200000000000800020005000000080004000100000008000100110000000800030027eb000008000200fe0200000800040001000000080001001b00000008000200704200001300010062726f6164636173742d6c696e6b00001300010062726f6164636173742d6c696e6b00000c00078008000200fbffffff1300010062726f6164636173742d6c696e6b000024000780080001001c0000000800030000200000080001001600000008000200fcffffff1300010062726f6164636173742d6c696e6b9a005801018044000400200001000a004e2300000004ff010000000000000000000000000001db000000200002000a004e240000000220010000000000000000000000000002000000001500010069623a76657468315f776f5f626f6e64000000000d0001007564703a73797a300000000034000280080001001f0000000800040009000000080002000400000008000100000000000800020001000000080001001000000008000300010000000800030000080000380004001400010002004e21000000000000000000000000200002000a004e200000801dfe8000000000000000000000000000aa0d0000002c00028008000200007f0000080001001c000000080001001a000000080002000300000008000300050000000800030009000000380004001400010002004e20e00000010000000000000000200002000a004e2000000008fe8000000000000000000000000000bb080000003c0007800c000300fbffffffffffffff08000100040000000c00030000000000000000000c00030004000000000000000c000400be240000000000003c0007800c0004002d000000000000000c0003000e000000000000000c00040003000000000000000c0003000100000000000000080002007d7800000c0003800800010007000000380001803400028008000200ffff00000800030008000000080001000d00000008000400ffffff7f080004000900000008000200a0000000"], 0x30c}, 0x1, 0x0, 0x0, 0x8000}, 0x4804) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x28, &(0x7f0000000000)={@local, @remote, @loopback}, 0xc) 4.779660049s ago: executing program 3 (id=652): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)}) ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000000, 0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f00000006c0)=ANY=[@ANYBLOB="0300000000000000000000c0010000000300000004000000100000007a2f000009000000000000000000000000000000190000800f000000000000000500000000000080030000000000000000000000000000000000000000000000040000000200000009000000ffffff7f0700000002000000000000000000000000000000f6250ecc926dde50cee1e8898b78f25c74821ab517bcf66450872728fb46b05a6f0c4160fcbdea32925ba7b47cd821dfc8a7fbd5f25a5d72bb127935f04fa9e762ea929a27d0118ca0f46adf31f5976c4effad53e608d8ef9c71aebd85b9e039038ee92df42a3ed86a700792b5c527bf008ceeff3ed9c55d91f6b9c5f1874e587664ade16d4a4d816054bdd143d6001c9df67a8a34134f69eaf72ceae8dff30fdfeccd8f9a"]) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019c09000f01c2", 0x69}], 0x1, 0x1c, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r4, 0x0) connect$unix(r3, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000440)={'syzkaller0\x00', 0x100}) dup(0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0x0, 0xffff}, {0x9, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300)="23074051ab6f9014f0b79334173fba925714044045ac5303dbf5afb4bf4b930996322734d5ba36ea3f5abcc0d7d3c049872c55ad096f64307f6ad95c55cce22c39babb262cdca5e56024836806d132405728f241460ce653648f08f06fd62ef80471b58011989ad28d98481f841643475753589420f077de2b4c739d46d344c263ea06e298a94c1b9c5df7080868b63e1ddfd3d26b", 0x95, 0x8004, &(0x7f0000000180)={0xa, 0x4e23, 0xf395, @private2={0xfc, 0x2, '\x00', 0x1}, 0x48000000}, 0x1c) r6 = syz_open_dev$video4linux(&(0x7f00000060c0), 0x5, 0x440400) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r6, 0xc0085666, &(0x7f0000000080)={0x2, 0x3}) 4.603119884s ago: executing program 1 (id=653): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x40085203, 0x0) r0 = syz_open_procfs(0x0, 0x0) write$cgroup_pid(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xa) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_sctp(0xa, 0x801, 0x84) r2 = syz_io_uring_setup(0x82e, 0x0, &(0x7f0000000100), 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x30}, @printk={@lld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000040)='syzkaller\x00'}, 0xce) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, 0x0, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x36}, 0x4, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155b, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x372c6fbf, 0xa2b9, 0x6, 0x9, 0xe4, 0x9, 0x2, 0x3, 0xbbf, 0x10, 0x8, 0x9, 0xc277, 0x2, 0x12a3, 0x6, 0x3, 0x2, 0x4, 0x7, 0x81, 0x8a, 0xfffffff8, 0x558e0d2f, 0x4, 0xfffeffff, 0x91, 0x5, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x0, 0x4a7, 0x81, 0x6, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x0, 0x4, 0xc66, 0xfffffff7, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0xf, 0x8, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x3, 0x2, 0x1c, 0xa, 0x1, 0x2, 0x54f5bad8, 0x8, 0xeffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x104, 0x5, 0x7, 0x401, 0x4a, 0xf1, 0x24, 0xab00000, 0x5, 0xb, 0x2, 0x401, 0x5, 0x1ff, 0x1, 0x7fff, 0x7, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x2, 0x4, 0x5, 0xfffffffb, 0x200004, 0x1000, 0x4, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e63f783, 0x80000001, 0xfffffffd, 0x1, 0x491, 0x6, 0x206, 0x108, 0x402, 0x2, 0x400, 0x3d, 0x6, 0x7, 0x0, 0x5, 0x0, 0x5, 0x7, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0x4, 0xd3, 0x7, 0x3435, 0x5, 0x7, 0xfd, 0x401, 0x101, 0x7ff, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x0, 0x2, 0x6, 0x8000, 0xf45, 0x0, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0xa, 0x4, 0x1ff, 0x82, 0x3, 0x9d86, 0x9, 0xfefffff5, 0x6, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0x1, 0x1, 0x4, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0xfffffffe, 0xfffffffb, 0xffffffff, 0x0, 0x8001, 0x7fff, 0x1020, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x9, 0xfffffff9, 0x4, 0xfffffff7, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x14000, 0x1, 0x1b18]}, 0x45c) r4 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000002080)={0x2020}, 0x2020) 3.938881376s ago: executing program 1 (id=654): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x58}}, 0x8000) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98000000100001002abd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="a009000000000000140003006e657464657673696d3000000000000008002800babc00005c0016805800018054000c"], 0x98}, 0x1, 0x0, 0x0, 0x24040854}, 0x40000) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$vcsu(0x0, 0x1, 0x20800) read$msr(0xffffffffffffffff, 0x0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x1) sendmsg$nl_generic(r2, 0x0, 0x4010) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000680)={0x44, &(0x7f00000003c0)={0x20, 0x1, 0x3, "c674fc"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 3.79192099s ago: executing program 3 (id=655): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x895c}}, './file0\x00'}) r2 = msgget$private(0x0, 0x0) r3 = io_uring_setup(0x5cf8, &(0x7f0000000000)={0x0, 0xdc8, 0x10000, 0x3, 0x3df}) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000002c0)=0x14) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xcd, 0xcd, 0x7, [@datasec={0x1, 0x5, 0x0, 0xf, 0x1, [{0x2, 0x2, 0x3}, {0x2, 0x80, 0x1}, {0x2, 0xfffffff6, 0x6}, {0x3, 0x0, 0xfff}, {0x3, 0x8000, 0xfffffff2}], "c0"}, @enum64={0xd, 0x9, 0x0, 0x13, 0x0, 0x8, [{0x9, 0xfffffeff}, {0x5, 0x9, 0x8}, {0x9, 0x8, 0x6}, {0xd, 0x10000, 0x8}, {0xb, 0x3, 0x7a8}, {0x7, 0x1}, {0x9, 0x93a}, {0x4, 0x5, 0x3d10}, {0x7, 0xf, 0x5}]}, @type_tag={0xc, 0x0, 0x0, 0x12, 0x3}]}, {0x0, [0x5f, 0x2e, 0x2e, 0x61, 0x5f]}}, &(0x7f0000000400)=""/233, 0xef, 0xe9, 0x1, 0x3ff, 0x10000, @value=r1}, 0x28) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) mq_timedreceive(r4, 0x0, 0x0, 0x200000000004, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1d, 0xfe20, 0x8, 0x10, 0x200, r1, 0x5, '\x00', 0x0, r4, 0x3, 0x0, 0x5}, 0x50) msgrcv(r2, 0x0, 0x0, 0x3, 0x0) close(r3) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20}, 0x94) r6 = syz_io_uring_setup(0x80000239, &(0x7f0000000080)={0x0, 0x9906, 0x10100, 0xffffffff}, &(0x7f0000000180)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400}}) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r6, 0xc, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00'}, 0x10) io_uring_enter(r6, 0x2def, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='rpc_stats_latency\x00', r5, 0x0, 0x8001}, 0x18) r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r9, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) ioctl$sock_bt_hci(r0, 0x400448e0, &(0x7f0000000200)="e2c8ec045682831d44c93c1c72f4828f8fe9cc0a04acd8e3cf7de6de2f1f88d9416b95ccd4963b5f3e535db97d5f5cb690c4d0e48fa0ab47a5113a6ec2535a1eca7404eebe89939d8463e8118943e612c3917fc418c59520224cb1954b0aa87a57b6ab428b26b468276080d2438919a99298784c") ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x831d}}, './file0\x00'}) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, 0x0) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r11, 0x20, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0x2, 0x5d}}}}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000004}, 0x90) 3.69175834s ago: executing program 2 (id=656): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x7, 0xfb, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x5}, 0xe) shutdown(r1, 0x1) recvmmsg(r1, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) 3.380181999s ago: executing program 7 (id=657): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000000480)={0x2020}, 0x2020) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="18000000071401"], 0x18}, 0x1, 0x0, 0x0, 0xf000000}, 0x0) 3.282844922s ago: executing program 7 (id=658): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20040051}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}, 0x1, 0x0, 0x0, 0x40050}, 0x0) syz_emit_ethernet(0x32, &(0x7f00000007c0)={@random="e90c610faca2", @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0xa, 0x24, 0x0, 0xe000, 0x3, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x0, 0x2, 0x1}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000002ac0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/21, 0x15}, {&(0x7f0000000100)=""/59, 0x3b}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f0000000140)=""/88, 0x58}], 0x4, &(0x7f0000000240)=""/71, 0x47}, 0xf8}, {{&(0x7f0000000440)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/1, 0x1}, {&(0x7f0000000380)=""/36, 0x24}, {&(0x7f00000004c0)=""/38, 0x26}, {&(0x7f0000000500)=""/60, 0x3c}, {&(0x7f0000000540)=""/61, 0x3d}, {&(0x7f0000001800)=""/4096, 0x1000}], 0x6, &(0x7f0000000600)=""/5, 0x5}, 0x743ee000}, {{&(0x7f0000000640)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000002980)=[{&(0x7f00000006c0)=""/227, 0xe3}, {&(0x7f0000002800)=""/114, 0x72}, {&(0x7f0000002880)=""/234, 0xea}], 0x3, &(0x7f00000029c0)=""/242, 0xf2}, 0x5}], 0x3, 0x2, 0x0) 2.882606929s ago: executing program 6 (id=659): io_uring_setup(0x194e, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0x300}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) connect$netrom(r1, &(0x7f0000000080)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @bcast]}, 0x10) 2.82721758s ago: executing program 3 (id=660): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x437, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r2, 0x5120b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r2}]}}}]}, 0x3c}}, 0x4000010) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x0) 2.519399299s ago: executing program 2 (id=661): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_open_dev$sndctrl(0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) dup(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) socket$phonet_pipe(0x23, 0x5, 0x2) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r4, &(0x7f0000000200)}, 0x20) syz_clone(0x44020080, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 2.286995023s ago: executing program 6 (id=662): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_open_dev$vim2m(&(0x7f0000000040), 0x5, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000002c0)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@version_L}]}}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000010000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000006000000000000000005"], 0x310) setsockopt$inet6_group_source_req(r2, 0x29, 0x2c, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x10, @mcast1}}, {{0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}}, 0x108) r3 = openat$zero(0xffffffffffffff9c, 0x0, 0x2, 0x0) read(r3, &(0x7f0000000040)=""/148, 0xffffff96) syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xc, {"a2e3ad214fc752f91b231a0987f70e06d038e7ff7fc6e5539b3272078b089b3b08384b090890e0878f0e1ac6e7049b3350959b669a240d5b67f3988f7ef3195201c0ffe8d17870000000001b1b5d500f0d30090936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb199f6b76383709d8f5c55432a909fda039aec54a1238580f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82999ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad0f765cf60bd0ba2f3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b599d0efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x98) socket$kcm(0x10, 0x2, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5, 0x0, 0x0}) ioctl$IOMMU_DESTROY$stdev(r4, 0x3b80, &(0x7f0000000080)={0x8, r6}) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000080)=0x7) ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000300)=0x4f) syz_open_dev$midi(&(0x7f0000000040), 0x2, 0x0) 2.286806045s ago: executing program 7 (id=663): socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x15, 0x1, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000200), 0x4) 1.478387077s ago: executing program 2 (id=664): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xa0000) (async) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) (async) r1 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000140)={0xfffffffffffffff8, r0, 'id1\x00'}) (async) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_UNLINKAT={0x24, 0x22, 0x0, r4, 0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x1, {0x0, r5}}) (async) io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0) (async) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000040)={&(0x7f0000000bc0)={{@my=0x0}, {@my=0x0, 0x4000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b8317ad07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7d9ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162f3abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c900"}, 0x418}) (async) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f0000000200)={&(0x7f0000001000)=[0x400, 0x40, 0xb74, 0x3, 0x1, 0x0, 0xfffffff7, 0xb1ac, 0x90000, 0x200, 0x3, 0x1, 0x9, 0x40, 0x6, 0x6, 0x7ff, 0x10000, 0xd, 0xab, 0x63, 0xea7e, 0x10e1, 0x8, 0x2, 0x6, 0x10000, 0x1, 0x2, 0x1000, 0xf, 0x7, 0x9, 0x3bc, 0x5, 0x9, 0x7, 0xc9e1, 0x5, 0x1, 0xaae, 0x2, 0x0, 0x81, 0x1c, 0x0, 0x2, 0x6, 0xe939, 0xa, 0x6, 0x0, 0x1000, 0xb, 0x80000001, 0x0, 0x400, 0x3, 0xb, 0xfffffff3, 0xe4, 0x2, 0x4, 0x5, 0xc, 0x3, 0x4874, 0x718000, 0x8, 0x3, 0xe978, 0xb, 0x6, 0x0, 0x7, 0xe, 0x9, 0x0, 0x81, 0x2, 0xfff, 0x0, 0x1000, 0x800, 0x6, 0xaa, 0x5, 0x4, 0x0, 0x80000001, 0x7, 0x2, 0x20000000, 0x9, 0x80, 0x2, 0x4, 0x2, 0xffffffff, 0x0, 0xe25e, 0x7c97d6aa, 0x6, 0x400, 0x1, 0xe4ea, 0x6, 0x2, 0x0, 0x3, 0x8, 0x8, 0x1, 0x7fffffff, 0x4f, 0x8, 0x40, 0x2, 0x6, 0x2, 0x603e, 0x0, 0xfffffff8, 0x6, 0x7, 0x1000, 0x3, 0x3, 0xfff, 0xa, 0x8, 0x7, 0x30, 0x8, 0x7ff, 0xffff, 0xc, 0x6, 0x0, 0x4, 0xffffff01, 0x6, 0x6, 0x4, 0x2, 0x8, 0x3, 0x3, 0x4, 0x5, 0x1, 0x4, 0x5, 0x8, 0x8, 0xd120, 0x4b, 0x5, 0x9, 0x6, 0xb68, 0x6, 0x0, 0xfffffffc, 0x5, 0x1, 0x9, 0x6, 0x2, 0x1, 0x1, 0xc, 0x200, 0x1, 0x3ff, 0x36c, 0xfffffff8, 0x4, 0xfffffff7, 0x9, 0xffff9f33, 0x6d84, 0x86, 0x3, 0x6, 0x8, 0x1, 0x2, 0x6, 0x6810, 0x3, 0x0, 0x8, 0x6, 0x0, 0x9, 0x4f4, 0x171, 0x9, 0x0, 0x0, 0x17e, 0x2893, 0x0, 0x5339, 0xfff, 0x80000000, 0x7fffffff, 0x0, 0xfffffff6, 0x7, 0x9, 0x12000000, 0xa30, 0x2aee18fa, 0x3, 0x0, 0x9, 0x8, 0x0, 0x6, 0xd7, 0x0, 0x1, 0x6, 0x3, 0x0, 0x81, 0x4, 0x7, 0x2, 0xe, 0x10000, 0xe26, 0x7, 0x7fffffff, 0x10000, 0x6, 0x9, 0x6, 0x41, 0x2, 0x6, 0x8, 0x1c, 0x6, 0x2, 0x5, 0x7, 0x81, 0x10001, 0x4, 0xe, 0x80000001, 0x1, 0x0, 0x1, 0x9, 0x7, 0x6, 0x5, 0x7, 0x9, 0xae, 0x1, 0x401, 0xb, 0x6, 0x4, 0x4, 0x4, 0x37, 0xf2b2, 0x1, 0xf0, 0x80000001, 0x6, 0x3, 0x80000001, 0x2, 0xfffffff9, 0x5d89, 0x9, 0x10000, 0x70000, 0x1, 0x3ff, 0x5, 0x7c, 0x75b6, 0x5852000, 0xc, 0xce, 0x4, 0x5, 0x0, 0x9, 0x4, 0x3, 0xfffff062, 0x3ff, 0x5, 0x80000000, 0xffffffff, 0x7, 0xc7, 0x4, 0x7, 0x2, 0x6, 0x2493, 0xfffffffe, 0x7ff, 0xfffffff0, 0x7, 0xdcf6, 0x0, 0x9, 0x4729, 0x2edec316, 0x0, 0x8, 0x3, 0x7, 0x2, 0x1, 0x5, 0x8, 0x7, 0x7, 0x0, 0x9, 0x8, 0x9, 0xfa9b, 0x4, 0xc2e3, 0x1, 0x8, 0x6, 0x5, 0xe, 0x6, 0x0, 0x3, 0xe5c1, 0x200, 0x3, 0x44ef, 0xffff, 0xcfc, 0xff, 0x7, 0xd, 0x6, 0x0, 0x0, 0x9, 0x9, 0x4, 0x4, 0xe, 0x400, 0x1, 0x7d, 0xfffffff9, 0x1, 0x7, 0x5, 0x2, 0x2, 0x10, 0x4, 0x9, 0x7d56a30, 0x3, 0x0, 0x8, 0x6, 0xe, 0x8, 0x0, 0x7, 0x80, 0x9, 0x6, 0x9, 0x800, 0x80000001, 0xe00, 0x8, 0x5, 0x7f, 0x8, 0x1000000, 0x1, 0x7, 0x3, 0x4, 0x2, 0xbc, 0x3, 0x9, 0x4, 0x1, 0xffffffff, 0x9, 0x8, 0x7c, 0x8, 0x5, 0x522, 0x0, 0x7, 0x8000, 0xe0, 0x4, 0x1b, 0x4, 0x1c00, 0x18df, 0x200, 0x7602, 0x400, 0x798c, 0x0, 0x401, 0x9, 0x69460064, 0x4, 0x0, 0x1, 0xfff, 0xb, 0x2, 0x4, 0x400, 0x3ff, 0x3, 0x9, 0x2, 0x5, 0x7ff, 0x7, 0x39, 0x4, 0xfffffff7, 0x9, 0x100000, 0xfffffffd, 0x7, 0xfffff2f6, 0x5d06, 0x2, 0x0, 0xfffffff7, 0x2, 0x10001, 0xfffffffc, 0x502, 0x226e, 0xf, 0x8, 0x9, 0x200, 0x1, 0x0, 0x9, 0x5, 0x7, 0x7, 0x5, 0xa, 0x800, 0x8, 0x7, 0x6, 0xfffffff7, 0x3ff, 0xff, 0x8, 0xc, 0x8, 0x78, 0x2, 0xf591, 0x84, 0x5, 0x0, 0x400, 0x28, 0x7, 0x2, 0x9, 0x8, 0x1, 0x6, 0xffff0001, 0x5, 0x8, 0x80000, 0x400, 0x800, 0x5, 0x9, 0x3, 0xc98d, 0x8, 0x9, 0x625, 0x7fff, 0x6, 0x76bd, 0x4, 0x2, 0x1, 0x8, 0x7, 0xe, 0x201, 0x5, 0x6, 0x7, 0x9, 0x4, 0x6, 0x4, 0x2, 0x6, 0x1, 0x6, 0x6, 0xffffffff, 0x10001, 0xdb, 0x95, 0x7, 0x800, 0x6, 0x1, 0x7, 0x80000000, 0x401, 0x3, 0x9, 0x1, 0x0, 0x7fff, 0x1, 0x8, 0x101, 0x0, 0x0, 0x8, 0x8, 0x1, 0x7, 0x3, 0x180000, 0x8, 0x9, 0x2, 0x1, 0x0, 0xfbb, 0x6, 0x5, 0xc, 0x9f, 0xffffffff, 0x5, 0x73, 0xd8, 0xfffffffd, 0x9, 0x2, 0x6, 0x2, 0xb62, 0x4, 0xf19e, 0x8, 0x7, 0xf0b, 0xe, 0x3, 0x4, 0x2, 0x800, 0x7, 0x3, 0x5, 0x4, 0x2, 0x1, 0x80000001, 0x80, 0x3, 0xfffffffe, 0x6, 0x6, 0x4, 0x3, 0x4, 0x0, 0x8, 0x60ad, 0x3, 0x80000000, 0x401, 0x2, 0x7ff, 0x25, 0x0, 0x0, 0x4, 0x5, 0x80, 0xf1, 0x7, 0x3, 0x7, 0x10001, 0xec9c, 0x8, 0xc, 0x1213, 0xb5, 0x4, 0x3ff, 0x8, 0x6, 0x4, 0x8c7, 0x2, 0xfffffffd, 0x6, 0x8, 0x0, 0xba0e, 0x8, 0xffffffa1, 0x8, 0x50a, 0x6, 0x5f2, 0x6, 0x0, 0xc14, 0x400, 0x3, 0x1, 0x5, 0xfffffffa, 0x1, 0xa, 0x11ed77ac, 0x9, 0x7, 0x7, 0xa, 0x25d, 0x9397, 0x5519, 0x5, 0x80, 0xfffffff2, 0x5, 0xfffffffc, 0xfff, 0x8, 0x0, 0x1, 0x0, 0x3ff, 0x6, 0xd, 0x10000, 0x1, 0x7, 0x1ff, 0x1, 0x5, 0xf, 0x1, 0x2, 0x8c3, 0x3, 0xe9c8, 0x101, 0x100, 0x8, 0x0, 0x6678, 0xddc, 0xb24, 0x1, 0x10, 0x755218e9, 0x5, 0x59, 0x1, 0x2, 0x9, 0x0, 0x7f, 0xffffffc1, 0x7, 0x3, 0x10000, 0x8, 0x7, 0x4, 0x4, 0x3, 0x9, 0x296d, 0xe40, 0x8, 0x1ada6474, 0x749, 0x10000, 0x1, 0x4, 0xd, 0x81, 0x7f, 0x7f, 0x32, 0x0, 0x0, 0x5, 0x2, 0x3, 0x7, 0x1, 0x2, 0xfff, 0x4, 0x12c, 0x6, 0xf, 0x4, 0x926e, 0x9, 0xf, 0x1, 0xfffffff9, 0x200, 0x0, 0x800, 0xd, 0x1, 0x1, 0x8, 0x2, 0x1, 0xf, 0x7, 0xfffffffd, 0x9, 0x351fd390, 0x2, 0x10000, 0x8, 0x46, 0x3d, 0xffffff53, 0x5, 0x2, 0xfffffffc, 0x5, 0xdb5, 0x4, 0x8, 0x3, 0x6, 0x20, 0x4, 0x0, 0x800, 0x8001, 0x6, 0x6, 0x97, 0xa, 0x6, 0x8, 0x4, 0xa6, 0x4, 0x1286, 0x0, 0x0, 0x9, 0x28, 0x80, 0x869, 0x4, 0x0, 0x7f, 0x1, 0x1, 0xb2, 0x6228, 0x5, 0x8, 0x2, 0x7fd, 0xd4, 0x7, 0x65, 0x1, 0x5f, 0x4, 0x7, 0x7, 0x2, 0x9, 0xf8000000, 0x8, 0xcd, 0x5, 0x0, 0x8, 0x6, 0x8, 0x3, 0x8, 0x6, 0xff, 0x1, 0x1, 0x7ff, 0x800, 0x2, 0x2fc0, 0x705c, 0x80000000, 0x3e12, 0x3, 0x4, 0x2, 0xc, 0x7, 0x6, 0x7ff, 0x1, 0x2, 0x81, 0x43066b11, 0xfffffffc, 0x6, 0x9, 0x9, 0x10, 0x4, 0x8, 0x8, 0x10e, 0x9, 0x2, 0x400, 0x8, 0xffff, 0x8001, 0x48, 0x1e84b93c, 0xe026, 0x9, 0x4, 0x9, 0x6, 0x1, 0x9, 0xffff, 0x8001, 0xa1e9, 0x80000000, 0x9, 0x5, 0x8, 0x3, 0x658, 0x1, 0x2, 0x3, 0x69, 0x8, 0x7, 0x4, 0x8, 0x7, 0x3, 0x80000001, 0x80000001, 0x1, 0x0, 0x6, 0x7, 0x8, 0x0, 0x101, 0x0, 0x7fffffff, 0x79, 0x9, 0x5, 0x3, 0x0, 0x5, 0x83f, 0x0, 0x6, 0x8, 0xd6, 0x1, 0x7fffffff, 0x6, 0x4, 0x1000, 0xf, 0x1, 0x400, 0x7, 0x8000, 0xa1, 0xa8d, 0x6, 0xffff, 0x2, 0xc, 0x40, 0xc5, 0x1, 0xc9e, 0x5, 0x9, 0x8, 0x8, 0x401, 0x10000, 0x9, 0x2f, 0x7ff800, 0x7, 0x200, 0x8001, 0x8, 0x1, 0x2, 0x0, 0xa395, 0x1, 0x200, 0x600, 0x9, 0x0, 0x4, 0x3, 0x0, 0x200, 0x2, 0x0, 0x7, 0x1, 0x1, 0x8, 0x80000000, 0x5, 0x4, 0x7, 0xc, 0x2, 0xfd, 0x7e02, 0x101, 0xd1, 0x9, 0x1ff, 0x7, 0xcf, 0x7, 0x10000, 0x7, 0x0, 0x0, 0x2, 0x2, 0x7, 0x4, 0x0, 0x101, 0x2, 0xe, 0x3, 0x189, 0x7, 0xffff0678, 0x1f9f, 0x1, 0x77e4, 0x1, 0x8000, 0x78, 0xcccf, 0x9, 0x3, 0x4, 0x6, 0x8, 0x8, 0x7, 0x9, 0x100, 0x2dab13d2, 0x10000000, 0x8, 0x7f, 0x200, 0x2, 0x7, 0x8000, 0x1], 0x2, 0x400, 0x1}) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x3) (async) pipe(&(0x7f0000000040)={0xffffffffffffffff}) syz_kvm_setup_cpu$x86(r9, r8, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f00000000c0)="de6a84400f005f00440f20c0350a000000440f22c0c442c9a73b33aa00400000460f00d40f01df0f20d835080000000f22d80f0164120066b804000f00d8", 0x3e}], 0x1, 0x63, &(0x7f0000000240)=[@cr4={0x1, 0x2509e0}], 0x1) syz_io_uring_setup(0x47b6, &(0x7f0000000240)={0x0, 0x80, 0x0, 0x2, 0xfb, 0x0, r9}, &(0x7f00000002c0), &(0x7f0000000300)) (async) socket$kcm(0x29, 0x2, 0x0) 905.295082ms ago: executing program 7 (id=665): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="2c385aa3d42e125c1a911ce9aa8144c845", 0x11) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = socket(0x28, 0x5, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x64, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, r5, 0x800, 0x55007}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x34, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x2}, @IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x1}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x6}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x81}, @IFLA_BR_NF_CALL_IPTABLES={0x5, 0x24, 0x1}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x0) connect$vsock_stream(r3, &(0x7f0000000180)={0x28, 0x0, 0x0, @local}, 0x10) connect$vsock_stream(r3, &(0x7f0000000400)={0x28, 0x0, 0x2710, @host}, 0x10) 319.058404ms ago: executing program 1 (id=666): r0 = socket(0x11, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8918, &(0x7f0000000480)={'veth1_macvtap\x00', {0x2, 0x0, @empty=0xcf050000}}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r3}, 0x10) ioctl$VHOST_NET_SET_BACKEND(r2, 0xaf02, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) r5 = socket$inet6_icmp(0xa, 0x2, 0x3a) close_range(r5, r5, 0x0) close(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001400070010000800130008000000080012"], 0x44}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000340)={0x1d, r8, 0x0, {0x2}, 0x2}, 0x18) setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0), 0x0, 0x0, 0x2e}, 0x4048081) setsockopt$SO_J1939_FILTER(r4, 0x6b, 0x1, &(0x7f0000000580)=[{0x2, 0x3, {0x1, 0xf0, 0x2}, {0x2, 0xf0}, 0xfd, 0x2}, {0x2, 0x12, {0x2, 0xf0, 0x1}, {0x0, 0xf0, 0x2}, 0x2, 0x2}, {0x1, 0x0, {0x2, 0x1, 0x2}, {0x0, 0xff, 0x4}}], 0x60) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r8, {0xfffd, 0xffeb}, {0x2, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) r9 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) r10 = gettid() ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4008550c, 0x0) tkill(r10, 0x8) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r9, 0x7a6, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x1, 0x2) 0s ago: executing program 2 (id=667): socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='mm_khugepaged_scan_pmd\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newlink={0x3c, 0x10, 0x403, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x88afa5b4, 0x40}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x3}]}, 0x3c}}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4000}, 0x94) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0xc8100, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000000c0)) syz_open_dev$swradio(&(0x7f0000000080), 0x1, 0x2) socket$nl_route(0x10, 0x3, 0x0) mq_open(&(0x7f0000000000)='-\xb3m\x00', 0x40, 0x4, &(0x7f0000000040)={0x7, 0x8dc, 0x8, 0xffffffff}) r3 = mq_open(&(0x7f0000003dc0)='veth0_to_team\x00', 0x40, 0x105, &(0x7f0000003e00)={0x6, 0xffffffff, 0x7, 0x1}) mq_timedreceive(r3, &(0x7f0000000100)=""/56, 0x38, 0x4, &(0x7f0000000300)) kernel console output (not intermixed with test programs): [ 167.603813][ T5926] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 167.613468][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.632488][ T5927] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 167.644254][ T5861] usb 3-1: Using ep0 maxpacket: 16 [ 167.656517][ T5861] usb 3-1: unable to get BOS descriptor or descriptor too short [ 167.667925][ T5926] usb 2-1: config 0 descriptor?? [ 167.688601][ T5861] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 167.703928][ T5861] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 167.742497][ T30] audit: type=1400 audit(1750928353.000:351): avc: denied { read } for pid=7213 comm="syz.7.281" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 167.753165][ T5926] hub 2-1:0.0: USB hub found [ 167.796727][ T5861] usb 3-1: config 1 has no interface number 1 [ 167.834112][ T5861] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 167.845582][ T5927] usb 4-1: device descriptor read/64, error -71 [ 167.978033][ T5861] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 168.036126][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.076998][ T5861] usb 3-1: Product: syz [ 168.083118][ T5926] hub 2-1:0.0: 1 port detected [ 168.088513][ T5861] usb 3-1: Manufacturer: syz [ 168.104379][ T5861] usb 3-1: SerialNumber: syz [ 168.112533][ T5927] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 168.192601][ T5890] vhci_hcd: vhci_device speed not set [ 168.282445][ T5927] usb 4-1: device descriptor read/64, error -71 [ 168.445303][ T5927] usb usb4-port1: attempt power cycle [ 168.526293][ T7218] Bluetooth: MGMT ver 1.23 [ 168.812162][ T5927] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 168.852429][ T5927] usb 4-1: device descriptor read/8, error -71 [ 168.866017][ T24] usb 7-1: USB disconnect, device number 2 [ 168.879746][ T5926] hub 2-1:0.0: activate --> -90 [ 168.970603][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 169.043632][ T7221] bio_check_eod: 2 callbacks suppressed [ 169.043654][ T7221] syz.6.283: attempt to access beyond end of device [ 169.043654][ T7221] nbd6: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 169.064411][ T7221] XFS (nbd6): SB validate failed with error -5. [ 169.080263][ T5926] hub 2-1:0.0: hub_ext_port_status failed (err = 0) [ 169.122326][ T5927] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 169.162317][ T5927] usb 4-1: device descriptor read/8, error -71 [ 169.286025][ T5927] usb usb4-port1: unable to enumerate USB device [ 169.379795][ T7230] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 169.381788][ T7220] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 169.397412][ T7220] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 169.424015][ T7220] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 169.437362][ T7220] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 169.443913][ T7220] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 169.453188][ T7220] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 169.463292][ T7220] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 169.469773][ T7220] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 169.478595][ T7220] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 169.545119][ T5927] usb 2-1: USB disconnect, device number 9 [ 169.547912][ T7220] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 169.586861][ T5861] usb 3-1: USB disconnect, device number 17 [ 169.599294][ T7220] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 169.609541][ T7220] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 170.081798][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 170.081818][ T30] audit: type=1400 audit(1750928355.060:356): avc: denied { firmware_load } for pid=7229 comm="syz.7.284" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 170.086001][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 170.134265][ T7220] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 170.140574][ T7220] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 170.156097][ T7220] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 170.299148][ T7232] syz.7.284 (7232) used greatest stack depth: 17096 bytes left [ 171.212622][ T7235] orangefs_mount: mount request failed with -4 [ 171.303303][ T7245] netlink: 9896 bytes leftover after parsing attributes in process `syz.6.285'. [ 171.321672][ T5813] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 171.371998][ T5815] Bluetooth: hci1: command 0x0c1a tx timeout [ 171.455193][ T5815] Bluetooth: hci2: command 0x0c1a tx timeout [ 171.492013][ T5813] usb 2-1: Using ep0 maxpacket: 32 [ 171.499684][ T5813] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 171.512914][ T5813] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 171.523032][ T5813] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x6B, changing to 0xB [ 171.524449][ T7259] Cannot find add_set index 1 as target [ 171.535698][ T5815] Bluetooth: hci3: command 0x0c1a tx timeout [ 171.548010][ T5813] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 79, changing to 10 [ 171.559207][ T5813] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 34258, setting to 1024 [ 171.572584][ T5813] usb 2-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 171.593037][ T5813] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.602316][ T5813] usb 2-1: Product: syz [ 171.606661][ T5813] usb 2-1: Manufacturer: syz [ 171.611326][ T5813] usb 2-1: SerialNumber: syz [ 171.616136][ T5815] Bluetooth: hci4: command 0x0c1a tx timeout [ 171.630604][ T7262] team_slave_0: entered promiscuous mode [ 171.636556][ T7262] team_slave_1: entered promiscuous mode [ 171.642398][ T7262] vlan2: entered promiscuous mode [ 171.647408][ T7262] team0: entered promiscuous mode [ 171.682461][ T5813] usb 2-1: config 0 descriptor?? [ 171.695225][ T7244] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 171.715116][ T7259] netlink: 12 bytes leftover after parsing attributes in process `syz.2.292'. [ 172.024232][ T30] audit: type=1400 audit(1750928357.300:357): avc: denied { bind } for pid=7266 comm="syz.2.293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 172.044202][ T7269] netlink: 4 bytes leftover after parsing attributes in process `syz.2.293'. [ 172.148455][ T7269] team0: Port device team_slave_0 removed [ 172.173075][ T5815] Bluetooth: hci0: command 0x0405 tx timeout [ 172.201797][ T5926] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 172.372122][ T30] audit: type=1400 audit(1750928357.640:358): avc: denied { append } for pid=7271 comm="syz.7.294" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 172.395711][ T30] audit: type=1400 audit(1750928357.640:359): avc: denied { open } for pid=7271 comm="syz.7.294" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 172.426694][ T5926] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 172.436911][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.454720][ T5926] usb 4-1: config 0 descriptor?? [ 172.464868][ T5926] cp210x 4-1:0.0: cp210x converter detected [ 172.649414][ T30] audit: type=1400 audit(1750928357.920:360): avc: denied { read } for pid=7274 comm="syz.6.295" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 172.665007][ T5926] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 172.681466][ T30] audit: type=1400 audit(1750928357.920:361): avc: denied { open } for pid=7274 comm="syz.6.295" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 172.682402][ T5926] cp210x 4-1:0.0: querying part number failed [ 172.714502][ T30] audit: type=1400 audit(1750928357.920:362): avc: denied { ioctl } for pid=7274 comm="syz.6.295" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x700f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 172.741212][ T5926] usb 4-1: cp210x converter now attached to ttyUSB0 [ 172.873021][ T7257] netlink: 28 bytes leftover after parsing attributes in process `syz.3.289'. [ 173.083748][ T7286] sp0: Synchronizing with TNC [ 173.091323][ T7286] FAULT_INJECTION: forcing a failure. [ 173.091323][ T7286] name failslab, interval 1, probability 0, space 0, times 0 [ 173.105137][ T7286] CPU: 1 UID: 0 PID: 7286 Comm: syz.2.298 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 173.105163][ T7286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 173.105173][ T7286] Call Trace: [ 173.105179][ T7286] [ 173.105185][ T7286] dump_stack_lvl+0x16c/0x1f0 [ 173.105212][ T7286] should_fail_ex+0x512/0x640 [ 173.105227][ T7286] ? fs_reclaim_acquire+0xae/0x150 [ 173.105240][ T7286] ? tomoyo_encode2+0x100/0x3e0 [ 173.105254][ T7286] should_failslab+0xc2/0x120 [ 173.105270][ T7286] __kmalloc_noprof+0xd2/0x510 [ 173.105284][ T7286] ? d_absolute_path+0x136/0x1a0 [ 173.105297][ T7286] tomoyo_encode2+0x100/0x3e0 [ 173.105313][ T7286] tomoyo_encode+0x29/0x50 [ 173.105326][ T7286] tomoyo_realpath_from_path+0x18f/0x6e0 [ 173.105354][ T7286] tomoyo_path_number_perm+0x245/0x580 [ 173.105371][ T7286] ? tomoyo_path_number_perm+0x237/0x580 [ 173.105392][ T7286] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 173.105436][ T7286] ? find_held_lock+0x2b/0x80 [ 173.105451][ T7286] ? hook_file_ioctl_common+0x145/0x410 [ 173.105471][ T7286] ? __fget_files+0x20e/0x3c0 [ 173.105488][ T7286] security_file_ioctl+0x9b/0x240 [ 173.105504][ T7286] __x64_sys_ioctl+0xb7/0x210 [ 173.105517][ T7286] do_syscall_64+0xcd/0x4c0 [ 173.105534][ T7286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.105545][ T7286] RIP: 0033:0x7f498f98e929 [ 173.105555][ T7286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.105566][ T7286] RSP: 002b:00007f499072e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 173.105576][ T7286] RAX: ffffffffffffffda RBX: 00007f498fbb5fa0 RCX: 00007f498f98e929 [ 173.105583][ T7286] RDX: 00002000000001c0 RSI: 0000000000008925 RDI: 0000000000000003 [ 173.105589][ T7286] RBP: 00007f499072e090 R08: 0000000000000000 R09: 0000000000000000 [ 173.105595][ T7286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.105601][ T7286] R13: 0000000000000000 R14: 00007f498fbb5fa0 R15: 00007fff070c58c8 [ 173.105614][ T7286] [ 173.105624][ T7286] ERROR: Out of memory at tomoyo_realpath_from_path. [ 173.454690][ T5815] Bluetooth: hci1: command 0x0c1a tx timeout [ 173.504722][ T5813] usb 2-1: USB disconnect, device number 10 [ 173.531934][ T5815] Bluetooth: hci2: command 0x0c1a tx timeout [ 173.595880][ T5815] Bluetooth: hci2: unexpected event for opcode 0x0407 [ 173.615604][ T5815] Bluetooth: hci3: command 0x0c1a tx timeout [ 173.695009][ T5815] Bluetooth: hci4: command 0x0c1a tx timeout [ 174.061720][ T5890] usb 4-1: USB disconnect, device number 15 [ 174.118226][ T5890] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 174.295173][ T5815] Bluetooth: hci0: command 0x0405 tx timeout [ 175.049327][ T7304] netlink: 84 bytes leftover after parsing attributes in process `syz.1.302'. [ 175.104112][ T30] audit: type=1400 audit(1750928360.350:363): avc: denied { accept } for pid=7296 comm="syz.1.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 175.154574][ T5890] cp210x 4-1:0.0: device disconnected [ 175.382674][ T5926] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 175.531794][ T5815] Bluetooth: hci1: command 0x0c1a tx timeout [ 175.682683][ T5926] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 175.692001][ T5815] Bluetooth: hci3: command 0x0c1a tx timeout [ 175.704094][ T5926] usb 2-1: config 2 has 0 interfaces, different from the descriptor's value: 1 [ 175.733157][ T5926] usb 2-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d [ 175.763228][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.771834][ T5815] Bluetooth: hci4: command 0x0c1a tx timeout [ 175.796087][ T5926] usb 2-1: Product: syz [ 175.804840][ T5926] usb 2-1: Manufacturer: syz [ 175.842378][ T5926] usb 2-1: SerialNumber: syz [ 176.091469][ T30] audit: type=1400 audit(1750928361.360:364): avc: denied { setopt } for pid=7318 comm="syz.2.308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 176.293328][ T7326] tipc: Enabling of bearer rejected, failed to enable media [ 176.341675][ T5815] Bluetooth: hci0: command 0x0405 tx timeout [ 176.522891][ T881] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 176.719203][ T881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.730476][ T881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.767571][ T881] usb 3-1: New USB device found, idVendor=06a3, idProduct=0ccb, bcdDevice= 0.00 [ 176.767642][ T30] audit: type=1400 audit(1750928362.020:365): avc: denied { getopt } for pid=7342 comm="syz.3.317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 176.776817][ T881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.852551][ T881] usb 3-1: config 0 descriptor?? [ 177.111401][ T7304] Process accounting resumed [ 177.172384][ T5861] usb 2-1: USB disconnect, device number 11 [ 177.282427][ T881] saitek 0003:06A3:0CCB.0008: item fetching failed at offset 0/3 [ 177.438512][ T881] saitek 0003:06A3:0CCB.0008: parse failed [ 177.662690][ T5814] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 177.672859][ T5814] Bluetooth: hci2: Injecting HCI hardware error event [ 177.682355][ T5814] Bluetooth: hci2: hardware error 0x00 [ 177.722230][ T881] saitek 0003:06A3:0CCB.0008: probe with driver saitek failed with error -22 [ 179.328917][ T7384] 9pnet_fd: Insufficient options for proto=fd [ 179.342458][ T5813] usb 3-1: USB disconnect, device number 18 [ 179.436565][ T7384] IPVS: ip_vs_add_dest(): server weight less than zero [ 179.443593][ T5926] IPVS: starting estimator thread 0... [ 179.612886][ T7386] IPVS: using max 49 ests per chain, 117600 per kthread [ 179.782376][ T5814] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 179.921684][ T5926] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 180.080486][ T7393] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 181.202104][ T5926] usb 3-1: Using ep0 maxpacket: 16 [ 182.122588][ T5813] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 182.191854][ T5926] usb 3-1: config index 0 descriptor too short (expected 16456, got 72) [ 182.209335][ T5926] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 182.232811][ T5926] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 182.247316][ T5926] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 182.261539][ T5926] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 182.276221][ T5926] usb 3-1: config 0 has no interface number 0 [ 182.282594][ T5926] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 182.296535][ T5926] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 182.300049][ T5813] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 182.326484][ T5926] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 182.341642][ T5813] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 182.355496][ T5926] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 182.381103][ T5813] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 182.410719][ T5813] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.411640][ T5926] usb 3-1: config 0 interface 125 has no altsetting 0 [ 182.451495][ T5926] usb 3-1: config 0 interface 125 has no altsetting 2 [ 182.480582][ T5926] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 182.496986][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.519156][ T5926] usb 3-1: Product: syz [ 182.536349][ T5926] usb 3-1: Manufacturer: syz [ 182.557929][ T5926] usb 3-1: SerialNumber: syz [ 182.588756][ T5926] usb 3-1: config 0 descriptor?? [ 182.610204][ T5926] usb 3-1: selecting invalid altsetting 2 [ 183.361301][ C1] usb 3-1: async_complete: urb error -71 [ 183.367219][ C1] usb 3-1: async_complete: urb error -71 [ 183.372961][ C1] usb 3-1: async_complete: urb error -71 [ 183.378687][ C1] usb 3-1: async_complete: urb error -71 [ 183.435082][ T5926] get_1284_register: usb error -71 [ 183.440390][ T5926] uss720 3-1:0.125: probe with driver uss720 failed with error -71 [ 183.604060][ T5926] usb 3-1: USB disconnect, device number 19 [ 183.703277][ T5813] usb 2-1: Product: syz [ 183.707473][ T5813] usb 2-1: Manufacturer: syz [ 183.751887][ T5813] usb 2-1: SerialNumber: syz [ 183.768358][ T7412] FAULT_INJECTION: forcing a failure. [ 183.768358][ T7412] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.811764][ T7412] CPU: 0 UID: 0 PID: 7412 Comm: syz.6.334 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 183.811795][ T7412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 183.811804][ T7412] Call Trace: [ 183.811810][ T7412] [ 183.811816][ T7412] dump_stack_lvl+0x16c/0x1f0 [ 183.811850][ T7412] should_fail_ex+0x512/0x640 [ 183.811876][ T7412] _copy_from_user+0x2e/0xd0 [ 183.811902][ T7412] kstrtouint_from_user+0xd6/0x1d0 [ 183.811921][ T7412] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 183.811939][ T7412] ? __lock_acquire+0xb8a/0x1c90 [ 183.811984][ T7412] proc_fail_nth_write+0x83/0x250 [ 183.812008][ T7412] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 183.812037][ T7412] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 183.812057][ T7412] vfs_write+0x2a0/0x1150 [ 183.812084][ T7412] ? __pfx___mutex_lock+0x10/0x10 [ 183.812109][ T7412] ? __pfx_vfs_write+0x10/0x10 [ 183.812137][ T7412] ? __fget_files+0x20e/0x3c0 [ 183.812169][ T7412] ksys_write+0x12a/0x250 [ 183.812190][ T7412] ? __pfx_ksys_write+0x10/0x10 [ 183.812212][ T7412] ? fput+0x70/0xf0 [ 183.812242][ T7412] do_syscall_64+0xcd/0x4c0 [ 183.812270][ T7412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.812289][ T7412] RIP: 0033:0x7f0c0a98d3df [ 183.812304][ T7412] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 183.812321][ T7412] RSP: 002b:00007f0c0b7ba030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 183.812338][ T7412] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0c0a98d3df [ 183.812348][ T7412] RDX: 0000000000000001 RSI: 00007f0c0b7ba0a0 RDI: 0000000000000006 [ 183.812359][ T7412] RBP: 00007f0c0b7ba090 R08: 0000000000000000 R09: 0000000000000000 [ 183.812369][ T7412] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 183.812379][ T7412] R13: 0000000000000000 R14: 00007f0c0abb5fa0 R15: 00007ffc23ad39c8 [ 183.812403][ T7412] [ 183.813226][ T5813] usb 2-1: can't set config #1, error -71 [ 184.092800][ T5813] usb 2-1: USB disconnect, device number 12 [ 184.121875][ T30] audit: type=1400 audit(1750928369.370:366): avc: denied { read } for pid=7414 comm="syz.2.335" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 184.237704][ T30] audit: type=1400 audit(1750928369.370:367): avc: denied { open } for pid=7414 comm="syz.2.335" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 185.121883][ T30] audit: type=1400 audit(1750928369.410:368): avc: denied { bind } for pid=7416 comm="syz.1.336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 185.491782][ T30] audit: type=1400 audit(1750928370.630:369): avc: denied { getopt } for pid=7426 comm="syz.3.337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 185.707114][ T7437] fuse: Unknown parameter 'ro`tm' [ 185.963416][ T5941] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 185.975378][ T5813] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 186.110505][ T7442] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.120221][ T7442] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.136042][ T5941] usb 2-1: Using ep0 maxpacket: 8 [ 186.141430][ T5813] usb 7-1: Using ep0 maxpacket: 8 [ 186.180002][ T5813] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 186.224153][ T5941] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 186.233085][ T5813] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 15 [ 186.255706][ T5941] usb 2-1: config 0 has no interface number 0 [ 186.272759][ T5941] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 186.313024][ T5813] usb 7-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8 [ 186.342594][ T5941] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 186.364800][ T5813] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.383264][ T5813] usb 7-1: Product: syz [ 186.387825][ T5941] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 186.409382][ T5813] usb 7-1: Manufacturer: syz [ 186.415005][ T5813] usb 7-1: SerialNumber: syz [ 186.419763][ T5941] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 186.435764][ T5813] usb 7-1: config 0 descriptor?? [ 186.445248][ T5941] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 186.463256][ T5813] powermate 7-1:0.0: probe with driver powermate failed with error -22 [ 186.490227][ T5941] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.558409][ T5941] usb 2-1: config 0 descriptor?? [ 186.579167][ T5941] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 186.665243][ T30] audit: type=1400 audit(1750928371.940:370): avc: denied { read } for pid=7450 comm="syz.2.347" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 186.763743][ T30] audit: type=1400 audit(1750928371.960:371): avc: denied { open } for pid=7450 comm="syz.2.347" path="/77/file0/file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 186.989212][ T7459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.998215][ T7459] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.082501][ T30] audit: type=1400 audit(1750928372.340:372): avc: denied { write } for pid=7460 comm="syz.2.348" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 187.165476][ T30] audit: type=1400 audit(1750928372.350:373): avc: denied { ioctl } for pid=7460 comm="syz.2.348" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 187.309031][ T7464] netlink: 36 bytes leftover after parsing attributes in process `syz.1.340'. [ 187.328856][ C1] ldusb 2-1:0.55: usb_submit_urb failed (-19) [ 187.335515][ T5926] usb 2-1: USB disconnect, device number 13 [ 187.466182][ T5926] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 187.613264][ T5815] Bluetooth: hci0: command 0x0405 tx timeout [ 187.701742][ T5813] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 187.873364][ T5813] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 187.881536][ T5813] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 187.900065][ T5813] usb 3-1: config 0 has no interface number 0 [ 187.914538][ T5813] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 187.924718][ T5813] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.935425][ T5813] usb 3-1: Product: syz [ 187.939636][ T5813] usb 3-1: Manufacturer: syz [ 187.944654][ T5813] usb 3-1: SerialNumber: syz [ 187.950882][ T5813] usb 3-1: config 0 descriptor?? [ 187.958623][ T5813] hub 3-1:0.31: bad descriptor, ignoring hub [ 187.965733][ T5813] hub 3-1:0.31: probe with driver hub failed with error -5 [ 187.974597][ T5813] usb 3-1: Found UVC 0.04 device syz (046d:08c3) [ 187.981046][ T5813] uvcvideo 3-1:0.31: Entity type for entity Output 6 was not initialized! [ 187.990668][ T5813] usb 3-1: Failed to create links for entity 6 [ 187.997077][ T5813] usb 3-1: Failed to register entities (-22). [ 188.225223][ T5813] usb 3-1: USB disconnect, device number 20 [ 188.297730][ T7477] fuse: Bad value for 'rootmode' [ 188.554048][ T5926] libceph: connect (1)[c::]:6789 error -101 [ 188.567465][ T5926] libceph: mon0 (1)[c::]:6789 connect error [ 188.698851][ T7482] syz.1.353 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 188.769637][ T5926] usb 7-1: USB disconnect, device number 3 [ 188.844944][ T117] libceph: connect (1)[c::]:6789 error -101 [ 188.851078][ T117] libceph: mon0 (1)[c::]:6789 connect error [ 189.880351][ T5926] libceph: connect (1)[c::]:6789 error -101 [ 189.886484][ T5926] libceph: mon0 (1)[c::]:6789 connect error [ 189.981922][ T5815] Bluetooth: hci0: command 0x0405 tx timeout [ 190.012086][ T7479] ceph: No mds server is up or the cluster is laggy [ 190.610868][ T7504] fuse: Unknown parameter 'f`' [ 190.738311][ T7508] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.361'. [ 190.747750][ T7508] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 190.756041][ T7508] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 191.502219][ T30] audit: type=1326 audit(1750928376.770:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7513 comm="syz.3.363" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d5cb8e929 code=0x0 [ 191.547321][ T7511] netlink: 12 bytes leftover after parsing attributes in process `syz.2.362'. [ 191.669288][ T7519] overlayfs: missing 'lowerdir' [ 191.688533][ T30] audit: type=1326 audit(1750928376.960:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7513 comm="syz.3.363" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d5cb8e929 code=0x0 [ 191.754459][ T7522] netlink: 'syz.6.364': attribute type 1 has an invalid length. [ 191.834641][ T7522] 8021q: adding VLAN 0 to HW filter on device bond1 [ 191.891768][ T117] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 192.081910][ T117] usb 3-1: Using ep0 maxpacket: 16 [ 192.092391][ T117] usb 3-1: unable to get BOS descriptor or descriptor too short [ 192.107053][ T117] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 192.139197][ T117] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 192.182017][ T30] audit: type=1400 audit(1750928377.430:376): avc: denied { write } for pid=7529 comm="syz.7.366" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 192.224510][ T117] usb 3-1: config 1 has no interface number 1 [ 192.257681][ T117] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 192.320509][ T117] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 192.357578][ T117] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.449431][ T117] usb 3-1: Product: syz [ 192.488697][ T117] usb 3-1: Manufacturer: syz [ 192.529201][ T117] usb 3-1: SerialNumber: syz [ 192.534270][ T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 192.701779][ T24] usb 7-1: Using ep0 maxpacket: 32 [ 192.727036][ T24] usb 7-1: config 0 has an invalid interface number: 117 but max is 0 [ 192.741025][ T24] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.762112][ T24] usb 7-1: config 0 has no interface number 0 [ 192.783159][ T24] usb 7-1: config 0 interface 117 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 192.928822][ T24] usb 7-1: New USB device found, idVendor=0830, idProduct=0061, bcdDevice= 3.c8 [ 192.946923][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.974973][ T24] usb 7-1: Product: syz [ 192.996898][ T24] usb 7-1: Manufacturer: syz [ 193.115125][ T24] usb 7-1: SerialNumber: syz [ 193.139789][ T24] usb 7-1: config 0 descriptor?? [ 193.358490][ T24] usb 7-1: active config #0 != 1 ?? [ 193.385643][ T24] usb 7-1: USB disconnect, device number 4 [ 193.701714][ T5926] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 193.869989][ T7555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.372'. [ 194.427275][ T5926] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.457982][ T5926] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 194.471229][ T5926] usb 4-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 194.488394][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.503892][ T117] usb 3-1: USB disconnect, device number 21 [ 194.578067][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.584581][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.678918][ T5926] usb 4-1: config 0 descriptor?? [ 194.815506][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 195.034025][ T7574] tipc: Started in network mode [ 195.081794][ T7574] tipc: Node identity ac14140f, cluster identity 4711 [ 195.103324][ T7574] tipc: New replicast peer: 255.255.255.255 [ 195.120991][ T7574] tipc: Enabled bearer , priority 10 [ 195.224825][ T5926] usb 4-1: USB disconnect, device number 16 [ 195.232749][ T7577] netlink: 12 bytes leftover after parsing attributes in process `syz.1.376'. [ 195.288770][ T7577] tipc: Disabling bearer [ 195.821716][ T117] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 196.001882][ T117] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 196.013059][ T117] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 111, setting to 64 [ 196.052313][ T30] audit: type=1400 audit(1750928381.300:377): avc: denied { mounton } for pid=7585 comm="syz.6.382" path="/proc/108/task" dev="proc" ino=17412 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 196.085542][ T117] usb 3-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00 [ 196.108027][ T117] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.125929][ T117] usb 3-1: config 0 descriptor?? [ 196.140164][ T7572] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 196.213202][ T5926] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 196.297104][ T117] rc_core: IR keymap rc-xbox-dvd not found [ 196.304101][ T117] Registered IR keymap rc-empty [ 196.320398][ T117] rc rc0: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 196.416532][ T7572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.425097][ T5926] usb 2-1: Using ep0 maxpacket: 16 [ 196.431511][ T7572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.442222][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 196.458036][ T5926] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 196.471671][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.487043][ T117] input: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input8 [ 196.509384][ T5926] usb 2-1: Product: syz [ 196.513752][ T5926] usb 2-1: Manufacturer: syz [ 196.526499][ T5926] usb 2-1: SerialNumber: syz [ 196.563411][ T117] usb 3-1: USB disconnect, device number 22 [ 196.569453][ C1] xbox_remote 3-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 196.599766][ T5926] usb 2-1: config 0 descriptor?? [ 196.613580][ T5926] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 196.649791][ T5926] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 196.784166][ T7593] kvm: kvm [7592]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80 [ 196.797944][ T7593] kvm: kvm [7592]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 196.806716][ T7593] kvm: kvm [7592]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 196.842827][ T7593] kvm: kvm [7592]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 196.865020][ T7593] kvm: kvm [7592]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 196.900779][ T7600] syz.7.385: attempt to access beyond end of device [ 196.900779][ T7600] nbd7: rw=0, sector=64, nr_sectors = 1 limit=0 [ 196.917179][ T7600] syz.7.385: attempt to access beyond end of device [ 196.917179][ T7600] nbd7: rw=0, sector=256, nr_sectors = 1 limit=0 [ 196.943759][ T7600] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 196.966276][ T7600] syz.7.385: attempt to access beyond end of device [ 196.966276][ T7600] nbd7: rw=0, sector=512, nr_sectors = 1 limit=0 [ 197.071834][ T30] audit: type=1400 audit(1750928382.170:378): avc: denied { create } for pid=7599 comm="syz.7.385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 197.142257][ T7600] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 197.156705][ T30] audit: type=1400 audit(1750928382.170:379): avc: denied { getopt } for pid=7599 comm="syz.7.385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 197.179283][ T7600] syz.7.385: attempt to access beyond end of device [ 197.179283][ T7600] nbd7: rw=0, sector=64, nr_sectors = 2 limit=0 [ 197.196636][ T7600] syz.7.385: attempt to access beyond end of device [ 197.196636][ T7600] nbd7: rw=0, sector=512, nr_sectors = 2 limit=0 [ 197.210043][ T7600] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 197.221156][ T7600] syz.7.385: attempt to access beyond end of device [ 197.221156][ T7600] nbd7: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 197.234804][ T7600] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 197.253946][ T7600] syz.7.385: attempt to access beyond end of device [ 197.253946][ T7600] nbd7: rw=0, sector=64, nr_sectors = 4 limit=0 [ 197.268735][ T7600] syz.7.385: attempt to access beyond end of device [ 197.268735][ T7600] nbd7: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 197.282552][ T7600] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 197.294559][ T5926] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 197.308171][ T7600] syz.7.385: attempt to access beyond end of device [ 197.308171][ T7600] nbd7: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 197.323053][ T7600] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 197.335001][ T7600] syz.7.385: attempt to access beyond end of device [ 197.335001][ T7600] nbd7: rw=0, sector=64, nr_sectors = 8 limit=0 [ 197.350360][ T7600] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=256, location=256 [ 197.386009][ T7600] UDF-fs: error (device nbd7): udf_read_tagged: read failed, block=512, location=512 [ 197.396316][ T7600] UDF-fs: warning (device nbd7): udf_fill_super: No partition found (1) [ 197.723472][ T30] audit: type=1400 audit(1750928382.990:380): avc: denied { getopt } for pid=7604 comm="syz.6.386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 198.026568][ T5813] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 198.064790][ T5926] em28xx 2-1:0.0: read from i2c device at 0xa0 failed with unknown error (status=23) [ 198.076994][ T5926] em28xx 2-1:0.0: board has no eeprom [ 198.181730][ T5813] usb 7-1: Using ep0 maxpacket: 8 [ 198.196584][ T5813] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 198.205786][ T36] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 198.211796][ T5861] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 198.225141][ T7618] [U] [ 198.228303][ T7618] [U] [ 198.231032][ T7618] [U] [ 198.233755][ T7618] [U] [ 198.238372][ T7618] [U] [ 198.241114][ T7618] [U] [ 198.243834][ T7618] [U] [ 198.246649][ T7618] [U] [ 198.251964][ T7618] [U] [ 198.254721][ T7618] [U] [ 198.257424][ T7618] [U] [ 198.260132][ T7618] [U] [ 198.264332][ T5813] usb 7-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 198.274029][ T5813] usb 7-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 198.282401][ T5813] usb 7-1: Product: syz [ 198.286761][ T5813] usb 7-1: Manufacturer: syz [ 198.291541][ T5813] usb 7-1: SerialNumber: syz [ 198.292025][ T5926] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 198.324764][ T5926] em28xx 2-1:0.0: dvb set to bulk mode. [ 198.331097][ T117] em28xx 2-1:0.0: Binding DVB extension [ 198.360647][ T5926] usb 2-1: USB disconnect, device number 14 [ 198.374681][ T5926] em28xx 2-1:0.0: Disconnecting em28xx [ 198.400899][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 198.436859][ T5861] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 111, setting to 64 [ 198.468957][ T117] em28xx 2-1:0.0: Registering input extension [ 198.476396][ T5861] usb 3-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00 [ 198.487104][ T5926] em28xx 2-1:0.0: Closing input extension [ 198.493637][ T5861] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.527013][ T5861] usb 3-1: config 0 descriptor?? [ 198.528290][ T7605] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 198.542495][ T7608] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 198.555907][ T5926] em28xx 2-1:0.0: Freeing device [ 198.567391][ T5813] usb 7-1: palm_os_3_probe - error -71 getting connection information [ 198.588669][ T5813] visor 7-1:1.0: probe with driver visor failed with error -71 [ 198.629628][ T5813] usb 7-1: USB disconnect, device number 5 [ 198.673202][ T5861] rc_core: IR keymap rc-xbox-dvd not found [ 198.693837][ T5861] Registered IR keymap rc-empty [ 198.708209][ T5861] rc rc0: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 198.733171][ T5861] input: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input10 [ 198.813799][ T7608] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.851134][ T7608] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 199.037568][ T5926] usb 3-1: USB disconnect, device number 23 [ 199.043746][ C1] xbox_remote 3-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 199.509445][ T30] audit: type=1400 audit(1750928384.780:381): avc: denied { bind } for pid=7629 comm="syz.6.394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 199.533670][ T5861] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 199.653782][ T7635] overlayfs: missing 'lowerdir' [ 199.709283][ T5861] usb 4-1: Using ep0 maxpacket: 16 [ 199.844425][ T5861] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 199.938203][ T5861] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 199.987058][ T5861] usb 4-1: config 1 has no interface number 1 [ 200.014424][ T5861] usb 4-1: too many endpoints for config 1 interface 2 altsetting 252: 65, using maximum allowed: 30 [ 200.049836][ T5861] usb 4-1: config 1 interface 2 altsetting 252 has 0 endpoint descriptors, different from the interface descriptor's value: 65 [ 200.084462][ T5861] usb 4-1: config 1 interface 2 has no altsetting 0 [ 200.093623][ T5861] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 200.103049][ T5861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.111075][ T5861] usb 4-1: Product: syz [ 200.115481][ T5861] usb 4-1: Manufacturer: syz [ 200.120106][ T5861] usb 4-1: SerialNumber: syz [ 200.152066][ T5941] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 200.311938][ T5941] usb 7-1: Using ep0 maxpacket: 32 [ 200.323320][ T7643] netlink: 32 bytes leftover after parsing attributes in process `syz.1.399'. [ 200.336093][ T5941] usb 7-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 200.371801][ T5941] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.401231][ T7643] netlink: 8 bytes leftover after parsing attributes in process `syz.1.399'. [ 200.418764][ T5941] usb 7-1: Product: syz [ 200.432469][ T5941] usb 7-1: Manufacturer: syz [ 200.488247][ T5861] usb 4-1: USB disconnect, device number 17 [ 200.507587][ T7646] netlink: 24 bytes leftover after parsing attributes in process `syz.2.398'. [ 200.878093][ T5941] usb 7-1: SerialNumber: syz [ 200.902703][ T5941] usb 7-1: config 0 descriptor?? [ 200.936847][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 201.208406][ T7620] [U] [ 201.868308][ T5941] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 202.034408][ T5941] gspca_topro: reg_w err -71 [ 202.091708][ T5941] gspca_topro: Sensor soi763a [ 202.117025][ T7666] netlink: 12 bytes leftover after parsing attributes in process `syz.3.403'. [ 202.212551][ T5941] usb 7-1: USB disconnect, device number 6 [ 202.348579][ T7666] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 202.357936][ T7666] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 202.366914][ T7666] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 202.375924][ T7666] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 202.384829][ T30] audit: type=1400 audit(1750928387.540:382): avc: denied { ioctl } for pid=7663 comm="syz.3.403" path="socket:[16944]" dev="sockfs" ino=16944 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 202.448470][ T7666] vxlan0: entered promiscuous mode [ 202.911684][ T5861] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 203.021886][ T7683] xt_hashlimit: max too large, truncated to 1048576 [ 203.032947][ T7683] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '' [ 203.065809][ T7683] netlink: 'syz.3.407': attribute type 29 has an invalid length. [ 203.086134][ T7683] netlink: 4 bytes leftover after parsing attributes in process `syz.3.407'. [ 203.122935][ T30] audit: type=1400 audit(1750928388.400:383): avc: denied { bind } for pid=7685 comm="syz.6.408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 203.185758][ T5861] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 203.197720][ T5861] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 111, setting to 64 [ 203.225552][ T5861] usb 8-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00 [ 203.253709][ T5861] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.283694][ T5861] usb 8-1: config 0 descriptor?? [ 203.290922][ T7680] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 203.423648][ T5861] rc_core: IR keymap rc-xbox-dvd not found [ 203.445719][ T5861] Registered IR keymap rc-empty [ 203.457998][ T5861] rc rc0: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0 [ 203.518604][ T7680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 203.615386][ T5861] input: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0/input11 [ 203.622035][ T7680] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 203.993253][ T5813] usb 8-1: USB disconnect, device number 2 [ 203.993317][ C1] xbox_remote 8-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 204.130542][ T7699] raw_sendmsg: syz.2.413 forgot to set AF_INET. Fix it! [ 204.139028][ T7698] 8021q: VLANs not supported on sit0 [ 204.284854][ T7700] trusted_key: encrypted_key: insufficient parameters specified [ 204.330901][ T30] audit: type=1400 audit(1750928389.600:384): avc: denied { getopt } for pid=7696 comm="syz.1.412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 204.674512][ T7706] netlink: 4 bytes leftover after parsing attributes in process `syz.1.415'. [ 204.709934][ T7711] overlayfs: failed to resolve './file0': -2 [ 204.715015][ T30] audit: type=1400 audit(1750928389.990:385): avc: granted { setsecparam } for pid=7709 comm="syz.7.417" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 204.937473][ T30] audit: type=1400 audit(1750928390.190:386): avc: denied { search } for pid=7690 comm="syz.6.410" name="/" dev="configfs" ino=1069 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 205.179207][ T30] audit: type=1400 audit(1750928390.210:387): avc: denied { search } for pid=7690 comm="syz.6.410" name="/" dev="configfs" ino=1069 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 205.251073][ T30] audit: type=1400 audit(1750928390.210:388): avc: denied { read open } for pid=7690 comm="syz.6.410" path="/" dev="configfs" ino=1069 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 205.274406][ T5813] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 205.661992][ T30] audit: type=1400 audit(1750928390.210:389): avc: denied { read write } for pid=7690 comm="syz.6.410" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 205.706714][ T30] audit: type=1400 audit(1750928390.210:390): avc: denied { open } for pid=7690 comm="syz.6.410" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 205.829840][ T30] audit: type=1400 audit(1750928390.210:391): avc: denied { write } for pid=7690 comm="syz.6.410" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 207.570917][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 207.570939][ T30] audit: type=1400 audit(1750928392.830:394): avc: denied { bind } for pid=7755 comm="syz.1.426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 208.039038][ T30] audit: type=1400 audit(1750928392.830:395): avc: denied { write } for pid=7755 comm="syz.1.426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 209.255569][ T7776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.428'. [ 209.267237][ T7776] netlink: 'syz.2.428': attribute type 5 has an invalid length. [ 209.275177][ T7776] netlink: 20 bytes leftover after parsing attributes in process `syz.2.428'. [ 209.382447][ T7778] FAULT_INJECTION: forcing a failure. [ 209.382447][ T7778] name failslab, interval 1, probability 0, space 0, times 0 [ 209.498520][ T7776] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 209.521897][ T7778] CPU: 1 UID: 0 PID: 7778 Comm: syz.1.430 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 209.521933][ T7778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.521944][ T7778] Call Trace: [ 209.521950][ T7778] [ 209.521955][ T7778] dump_stack_lvl+0x16c/0x1f0 [ 209.521986][ T7778] should_fail_ex+0x512/0x640 [ 209.522003][ T7778] ? fs_reclaim_acquire+0xae/0x150 [ 209.522015][ T7778] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 209.522034][ T7778] should_failslab+0xc2/0x120 [ 209.522053][ T7778] __kmalloc_noprof+0xd2/0x510 [ 209.522071][ T7778] tomoyo_realpath_from_path+0xc2/0x6e0 [ 209.522091][ T7778] tomoyo_mount_acl+0x664/0x850 [ 209.522105][ T7778] ? kernel_text_address+0x8d/0x100 [ 209.522120][ T7778] ? __kernel_text_address+0xd/0x40 [ 209.522133][ T7778] ? __pfx_tomoyo_mount_acl+0x10/0x10 [ 209.522149][ T7778] ? stack_trace_save+0x8e/0xc0 [ 209.522176][ T7778] ? tomoyo_domain+0xbb/0x150 [ 209.522193][ T7778] ? tomoyo_profile+0x47/0x60 [ 209.522212][ T7778] tomoyo_mount_permission+0x16d/0x420 [ 209.522225][ T7778] ? tomoyo_mount_permission+0x14f/0x420 [ 209.522239][ T7778] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 209.522261][ T7778] security_sb_mount+0x9b/0x260 [ 209.522277][ T7778] path_mount+0x128/0x2020 [ 209.522295][ T7778] ? kmem_cache_free+0x2d1/0x4d0 [ 209.522307][ T7778] ? __pfx_path_mount+0x10/0x10 [ 209.522325][ T7778] ? putname+0x154/0x1a0 [ 209.522346][ T7778] __x64_sys_mount+0x28d/0x310 [ 209.522363][ T7778] ? __pfx___x64_sys_mount+0x10/0x10 [ 209.522383][ T7778] do_syscall_64+0xcd/0x4c0 [ 209.522400][ T7778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.522413][ T7778] RIP: 0033:0x7f7db8b8e929 [ 209.522422][ T7778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.522433][ T7778] RSP: 002b:00007f7db9a53038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 209.522446][ T7778] RAX: ffffffffffffffda RBX: 00007f7db8db5fa0 RCX: 00007f7db8b8e929 [ 209.522452][ T7778] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 0000200000000140 [ 209.522458][ T7778] RBP: 00007f7db9a53090 R08: 0000000000000000 R09: 0000000000000000 [ 209.522464][ T7778] R10: 0000000002208004 R11: 0000000000000246 R12: 0000000000000002 [ 209.522470][ T7778] R13: 0000000000000000 R14: 00007f7db8db5fa0 R15: 00007ffceafa81a8 [ 209.522483][ T7778] [ 209.522491][ T7778] ERROR: Out of memory at tomoyo_realpath_from_path. [ 209.920105][ T7776] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 209.986621][ T7776] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 210.165228][ T7776] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 210.196149][ T7776] geneve2: entered promiscuous mode [ 210.238092][ T7776] geneve2: entered allmulticast mode [ 210.336477][ T30] audit: type=1400 audit(1750928395.610:396): avc: denied { mounton } for pid=7794 comm="syz.3.435" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 210.831978][ T7809] netlink: 16 bytes leftover after parsing attributes in process `syz.1.439'. [ 212.907104][ T7816] capability: warning: `syz.3.443' uses deprecated v2 capabilities in a way that may be insecure [ 213.103558][ T7812] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 213.980032][ T7841] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 214.247540][ T5815] Bluetooth: hci4: unexpected event for opcode 0x2060 [ 214.429540][ T30] audit: type=1400 audit(1750928399.700:397): avc: denied { write } for pid=7848 comm="syz.2.452" path="socket:[18536]" dev="sockfs" ino=18536 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 215.007815][ T7851] xfs: Unknown parameter 'discardaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaÀ' [ 215.031850][ T30] audit: type=1400 audit(1750928400.280:398): avc: denied { mounton } for pid=7848 comm="syz.2.452" path="/97/bus" dev="tmpfs" ino=542 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 215.045951][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.602972][ T30] audit: type=1400 audit(1750928400.870:399): avc: denied { mount } for pid=7859 comm="syz.3.455" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 215.610981][ T7864] [U] [ 215.611043][ T7864] [U] [ 215.611063][ T7864] [U] [ 215.611086][ T7864] [U] [ 215.611185][ T7864] [U] [ 215.611207][ T7864] [U] [ 215.611231][ T7864] [U] [ 215.611255][ T7864] [U] [ 215.611336][ T7864] [U] [ 215.611353][ T7864] [U] [ 215.611370][ T7864] [U] [ 215.611386][ T7864] [U] [ 215.611454][ T7864] [U] [ 215.611472][ T7864] [U] [ 215.611489][ T7864] [U] [ 215.611507][ T7864] [U] [ 215.618689][ T7864] [U] [ 215.618726][ T7864] [U] [ 215.618754][ T7864] [U] [ 215.618775][ T7864] [U] [ 215.618871][ T7864] [U] [ 215.618896][ T7864] [U] [ 215.618919][ T7864] [U] [ 215.618944][ T7864] [U] [ 215.619014][ T7864] [U] [ 215.619032][ T7864] [U] [ 215.619051][ T7864] [U] [ 215.619067][ T7864] [U] [ 215.619136][ T7864] [U] [ 215.619153][ T7864] [U] [ 215.619171][ T7864] [U] [ 215.619188][ T7864] [U] [ 215.619281][ T7864] [U] [ 215.619302][ T7864] [U] [ 215.619329][ T7864] [U] [ 215.619355][ T7864] [U] [ 215.619459][ T7864] [U] [ 215.619489][ T7864] [U] [ 215.619509][ T7864] [U] [ 215.619526][ T7864] [U] [ 215.619600][ T7864] [U] [ 215.619618][ T7864] [U] [ 215.619635][ T7864] [U] [ 215.619652][ T7864] [U] [ 215.619721][ T7864] [U] [ 215.619739][ T7864] [U] [ 215.619765][ T7864] [U] [ 215.619782][ T7864] [U] [ 215.619865][ T7864] [U] [ 215.619888][ T7864] [U] [ 215.619910][ T7864] [U] [ 215.619932][ T7864] [U] [ 215.620034][ T7864] [U] [ 215.620051][ T7864] [U] [ 215.620068][ T7864] [U] [ 215.620085][ T7864] [U] [ 215.620157][ T7864] [U] [ 215.620175][ T7864] [U] [ 215.620191][ T7864] [U] [ 215.620208][ T7864] [U] [ 215.620276][ T7864] [U] [ 215.620292][ T7864] [U] [ 215.620309][ T7864] [U] [ 215.620326][ T7864] [U] [ 215.620399][ T7864] [U] [ 215.620418][ T7864] [U] [ 215.620434][ T7864] [U] [ 215.620454][ T7864] [U] [ 215.620553][ T7864] [U] [ 215.620576][ T7864] [U] [ 215.620597][ T7864] [U] [ 215.620618][ T7864] [U] [ 215.634681][ T7864] [U] [ 215.840956][ T7864] [U] [ 215.843640][ T7864] [U] [ 215.846317][ T7864] [U] [ 215.849038][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.913818][ T7864] [U] [ 215.916592][ T7864] [U] [ 215.919304][ T7864] [U] [ 215.922018][ T7864] [U] [ 216.443691][ T7865] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 216.444461][ T5941] IPVS: starting estimator thread 0... [ 216.553272][ T7880] IPVS: using max 45 ests per chain, 108000 per kthread [ 217.053533][ T30] audit: type=1400 audit(1750928402.130:400): avc: denied { write } for pid=7883 comm="syz.7.462" path="socket:[18128]" dev="sockfs" ino=18128 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 217.844071][ T7894] netlink: 12 bytes leftover after parsing attributes in process `syz.2.464'. [ 217.853476][ T7894] netlink: 12 bytes leftover after parsing attributes in process `syz.2.464'. [ 218.007312][ T7898] netlink: 'syz.2.464': attribute type 1 has an invalid length. [ 218.015380][ T7898] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 218.023085][ T7898] IPv6: NLM_F_CREATE should be set when creating new route [ 218.676726][ T7901] dummy0: entered promiscuous mode [ 218.686500][ T7864] [U] [ 218.837181][ T7904] overlayfs: missing 'lowerdir' [ 218.852439][ T7901] macsec1: entered promiscuous mode [ 219.171296][ T7901] macsec1: entered allmulticast mode [ 219.199569][ T7901] dummy0: entered allmulticast mode [ 219.256280][ T7901] dummy0: left allmulticast mode [ 219.261712][ T7901] dummy0: left promiscuous mode [ 219.313123][ T7916] netlink: 16 bytes leftover after parsing attributes in process `syz.7.467'. [ 219.650239][ T30] audit: type=1400 audit(1750928404.920:401): avc: denied { create } for pid=7922 comm="syz.6.473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 220.061505][ T30] audit: type=1400 audit(1750928404.920:402): avc: denied { ioctl } for pid=7922 comm="syz.6.473" path="socket:[18185]" dev="sockfs" ino=18185 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 220.309639][ T30] audit: type=1400 audit(1750928405.580:403): avc: denied { accept } for pid=7935 comm="syz.3.476" lport=36336 faddr=::ffff:100.1.1.0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 220.341497][ T30] audit: type=1400 audit(1750928405.610:404): avc: denied { write } for pid=7935 comm="syz.3.476" path="socket:[18197]" dev="sockfs" ino=18197 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 221.129606][ T30] audit: type=1400 audit(1750928405.610:405): avc: denied { setopt } for pid=7935 comm="syz.3.476" lport=36336 faddr=::ffff:100.1.1.0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 221.929489][ T7967] [U] [ 221.932267][ T7967] [U] [ 221.934968][ T7967] [U] [ 221.937661][ T7967] [U] [ 221.969946][ T7967] [U] [ 221.972728][ T7967] [U] [ 221.975437][ T7967] [U] [ 221.978134][ T7967] [U] [ 222.001748][ T24] IPVS: starting estimator thread 0... [ 222.036816][ T7967] [U] [ 222.039588][ T7967] [U] [ 222.042285][ T7967] [U] [ 222.044985][ T7967] [U] [ 222.092404][ T7968] IPVS: using max 38 ests per chain, 91200 per kthread [ 222.114845][ T7970] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 222.206665][ T7972] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 222.216909][ T30] audit: type=1400 audit(1750928407.470:406): avc: denied { module_request } for pid=7973 comm="syz.6.488" kmod="net-pf-16-proto-16-family-" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 222.482318][ T7982] FAULT_INJECTION: forcing a failure. [ 222.482318][ T7982] name failslab, interval 1, probability 0, space 0, times 0 [ 222.521367][ T7982] CPU: 1 UID: 0 PID: 7982 Comm: syz.2.490 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 222.521398][ T7982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 222.521408][ T7982] Call Trace: [ 222.521415][ T7982] [ 222.521422][ T7982] dump_stack_lvl+0x16c/0x1f0 [ 222.521453][ T7982] should_fail_ex+0x512/0x640 [ 222.521476][ T7982] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 222.521501][ T7982] should_failslab+0xc2/0x120 [ 222.521526][ T7982] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 222.521552][ T7982] ? __alloc_skb+0x2b2/0x380 [ 222.521576][ T7982] __alloc_skb+0x2b2/0x380 [ 222.521594][ T7982] ? __pfx___alloc_skb+0x10/0x10 [ 222.521612][ T7982] ? selinux_socket_getpeersec_dgram+0x1a4/0x370 [ 222.521633][ T7982] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 222.521659][ T7982] netlink_alloc_large_skb+0x69/0x130 [ 222.521679][ T7982] netlink_sendmsg+0x6a1/0xdd0 [ 222.521699][ T7982] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.521731][ T7982] ____sys_sendmsg+0xa95/0xc70 [ 222.521750][ T7982] ? copy_msghdr_from_user+0x10a/0x160 [ 222.521773][ T7982] ? __pfx_____sys_sendmsg+0x10/0x10 [ 222.521797][ T7982] ___sys_sendmsg+0x134/0x1d0 [ 222.521818][ T7982] ? __pfx____sys_sendmsg+0x10/0x10 [ 222.521838][ T7982] ? __lock_acquire+0x622/0x1c90 [ 222.521891][ T7982] __sys_sendmsg+0x16d/0x220 [ 222.521915][ T7982] ? __pfx___sys_sendmsg+0x10/0x10 [ 222.521952][ T7982] do_syscall_64+0xcd/0x4c0 [ 222.521980][ T7982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.521997][ T7982] RIP: 0033:0x7f498f98e929 [ 222.522012][ T7982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.522030][ T7982] RSP: 002b:00007f499072e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 222.522049][ T7982] RAX: ffffffffffffffda RBX: 00007f498fbb5fa0 RCX: 00007f498f98e929 [ 222.522060][ T7982] RDX: 0000000000000800 RSI: 00002000000001c0 RDI: 0000000000000004 [ 222.522069][ T7982] RBP: 00007f499072e090 R08: 0000000000000000 R09: 0000000000000000 [ 222.522078][ T7982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 222.522086][ T7982] R13: 0000000000000000 R14: 00007f498fbb5fa0 R15: 00007fff070c58c8 [ 222.522106][ T7982] [ 222.743455][ C1] vkms_vblank_simulate: vblank timer overrun [ 222.887244][ T7958] [U] [ 224.112411][ T5941] usb 7-1: new full-speed USB device number 7 using dummy_hcd [ 224.596951][ T5941] usb 7-1: config 0 has an invalid interface number: 195 but max is 0 [ 224.627207][ T5941] usb 7-1: config 0 has no interface number 0 [ 224.641165][ T5941] usb 7-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=78.c4 [ 224.650997][ T5941] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.693605][ T5941] r8152-cfgselector 7-1: Unknown version 0x0000 [ 224.863772][ T5941] r8152-cfgselector 7-1: config 0 descriptor?? [ 225.206473][ T8024] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 225.218362][ T8024] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 225.232260][ T5941] r8152-cfgselector 7-1: Unknown version 0x0000 [ 225.246327][ T5941] r8152-cfgselector 7-1: bad CDC descriptors [ 225.441734][ T8002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.452608][ T8002] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.478786][ T5861] r8152-cfgselector 7-1: USB disconnect, device number 7 [ 225.581868][ T24] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 225.628606][ T30] audit: type=1400 audit(1750928410.900:407): avc: denied { unmount } for pid=6954 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 225.731338][ T8041] [U] [ 225.734057][ T8041] [U] [ 225.736724][ T8041] [U] [ 225.739414][ T8041] [U] [ 225.743833][ T8041] [U] [ 225.746531][ T8041] [U] [ 225.749232][ T8041] [U] [ 225.751952][ T8041] [U] [ 225.758394][ T8041] [U] [ 225.761110][ T8041] [U] [ 225.763801][ T8041] [U] [ 225.766498][ T8041] [U] [ 225.771026][ T8041] [U] [ 225.773769][ T8041] [U] [ 225.776471][ T8041] [U] [ 225.779175][ T8041] [U] [ 225.825461][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 225.847143][ T24] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 225.992703][ T117] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 226.027121][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.091970][ T5815] Bluetooth: hci3: unexpected event for opcode 0x2060 [ 226.212673][ T24] pvrusb2: Hardware description: Terratec Grabster AV400 [ 226.235012][ T117] usb 3-1: Using ep0 maxpacket: 8 [ 226.281651][ T24] pvrusb2: ********** [ 226.285750][ T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 226.313314][ T117] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 226.323263][ T24] pvrusb2: Important functionality might not be entirely working. [ 226.338451][ T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 226.360802][ T117] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 226.371722][ T117] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 226.379848][ T117] usb 3-1: Product: syz [ 226.385594][ T24] pvrusb2: ********** [ 226.403347][ T8046] wireguard0: entered promiscuous mode [ 226.408876][ T8046] wireguard0: entered allmulticast mode [ 226.419127][ T117] usb 3-1: Manufacturer: syz [ 226.430543][ T2337] pvrusb2: Invalid write control endpoint [ 226.444489][ T117] usb 3-1: SerialNumber: syz [ 226.452558][ T8040] [U] [ 226.576936][ T2337] pvrusb2: Invalid write control endpoint [ 226.605856][ T2337] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 226.619973][ T2337] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 226.628041][ T2337] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 226.638222][ T2337] pvrusb2: Device being rendered inoperable [ 226.668425][ T2337] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 226.704269][ T117] usb 3-1: palm_os_3_probe - error -71 getting connection information [ 226.718640][ T117] visor 3-1:1.0: probe with driver visor failed with error -71 [ 226.755172][ T117] usb 3-1: USB disconnect, device number 24 [ 226.842656][ T2337] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 226.859768][ T8056] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 226.873286][ T2337] pvrusb2: Attached sub-driver cx25840 [ 226.880989][ T2337] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 226.892176][ T2337] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 227.801815][ T24] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 227.863614][ T8074] loop9: detected capacity change from 0 to 524288000 [ 227.971801][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 227.997332][ T24] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 228.021344][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 228.123586][ T5861] usb 4-1: USB disconnect, device number 18 [ 228.131647][ T24] usb 3-1: config 0 has no interface number 0 [ 228.153657][ T8080] trusted_key: encrypted_key: keyword 'updat¾Í¶\Œault' not recognized [ 228.172141][ T5941] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 228.187763][ T24] usb 3-1: New USB device found, idVendor=0572, idProduct=58a2, bcdDevice=27.0a [ 228.211703][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.242294][ T24] usb 3-1: Product: syz [ 228.264705][ T8082] netlink: 16 bytes leftover after parsing attributes in process `syz.3.518'. [ 228.275667][ T30] audit: type=1400 audit(1750928413.530:408): avc: denied { watch } for pid=8081 comm="syz.3.518" path="/100/control" dev="tmpfs" ino=560 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 228.298037][ C1] vkms_vblank_simulate: vblank timer overrun [ 228.307824][ T24] usb 3-1: Manufacturer: syz [ 228.325429][ T24] usb 3-1: SerialNumber: syz [ 228.342823][ T24] usb 3-1: config 0 descriptor?? [ 228.364340][ T24] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a2) with 1 interfaces [ 228.369439][ T5941] usb 8-1: unable to get BOS descriptor or descriptor too short [ 228.410881][ T5941] usb 8-1: config 1 has an invalid interface descriptor of length 7, skipping [ 228.423104][ T5941] usb 8-1: config 1 has an invalid descriptor of length 184, skipping remainder of the config [ 228.433710][ T5941] usb 8-1: config 1 has 0 interfaces, different from the descriptor's value: 2 [ 228.447156][ T24] cx231xx 3-1:0.1: Not found matching IAD interface [ 228.447802][ T5941] usb 8-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75 [ 228.465822][ T5941] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.474949][ T5941] usb 8-1: Product: 罤郰效蒒葠䀛艉祢ꥃ줆ꬬ㙂使䆃â«á”­Ñ¥Ôœèž³å £èƒ²æ´‚ﱧ貪셇ⶊ칵ìªç¯—岘엀⺆㫖᳑齌ឰژ᪕㮅锈埾ቼ嵵í½àº®è¯„㵱롄줅挥历䙷蕷ӂÈ့練텬ⷹí’눺Ȁ旆ꅟ蘣â„ɢ礧廫éï´„ï“‘ã£äµ‚綖닚â‰í˜‹á¾§ä„ºî¾œî¢Œï»¿ê‡ä«¡å±–ïž¸ìž¦ì¤‰é¸»è¨„ã žè°¸â‡®ëº [ 228.511308][ T5941] usb 8-1: Manufacturer: ဌ [ 228.599953][ T30] audit: type=1800 audit(1750928413.840:409): pid=8067 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.513" name="/" dev="fuse" ino=1 res=0 errno=0 [ 228.616858][ T5890] usb 3-1: USB disconnect, device number 25 [ 228.677076][ T8087] [U] [ 228.679865][ T8087] [U] [ 228.682589][ T8087] [U] [ 228.685313][ T8087] [U] [ 228.717486][ T5941] usb 8-1: SerialNumber: syz [ 228.731854][ T8087] [U] [ 228.734624][ T8087] [U] [ 228.737340][ T8087] [U] [ 228.740049][ T8087] [U] [ 228.927142][ T5815] Bluetooth: hci1: unexpected event for opcode 0x2060 [ 229.112580][ T8076] block device autoloading is deprecated and will be removed. [ 229.146195][ T8076] bio_check_eod: 2 callbacks suppressed [ 229.146219][ T8076] syz.7.515: attempt to access beyond end of device [ 229.146219][ T8076] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 229.322602][ T8097] fuse: Unknown parameter 'ro`tm' [ 229.541810][ T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 229.598065][ T5926] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 229.607405][ T4854] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 229.711627][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 229.747220][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 229.757285][ T5926] usb 3-1: Using ep0 maxpacket: 8 [ 229.764393][ T5926] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 229.773627][ T5926] usb 3-1: config 0 has no interface number 0 [ 229.781667][ T5926] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 229.792938][ T24] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 229.803007][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.815229][ T24] usb 2-1: Product: syz [ 229.825687][ T24] usb 2-1: Manufacturer: syz [ 229.831654][ T5926] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 229.852178][ T24] usb 2-1: SerialNumber: syz [ 229.873465][ T24] usb 2-1: config 0 descriptor?? [ 229.878820][ T5926] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 229.920633][ T24] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 229.931076][ T5926] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 229.958148][ T24] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 229.971670][ T5926] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 229.991121][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.043569][ T5926] usb 3-1: config 0 descriptor?? [ 230.076703][ T5926] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 230.951984][ T24] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 230.963367][ C1] ldusb 3-1:0.55: usb_submit_urb failed (-19) [ 230.971919][ T5861] usb 3-1: USB disconnect, device number 26 [ 230.988634][ T5861] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 231.054338][ T5890] usb 8-1: USB disconnect, device number 3 [ 231.155308][ T8086] [U] [ 231.850401][ T8110] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 232.098094][ T30] audit: type=1400 audit(1750928417.370:410): avc: denied { create } for pid=8111 comm="syz.6.526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 232.242859][ T24] em28xx 2-1:0.0: read from i2c device at 0xa0 failed with unknown error (status=23) [ 232.265557][ T24] em28xx 2-1:0.0: board has no eeprom [ 232.353606][ T8121] 9pnet_virtio: no channels available for device 127.0.0.1 [ 232.771925][ T24] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 232.797519][ T24] em28xx 2-1:0.0: dvb set to bulk mode. [ 232.831506][ T5926] em28xx 2-1:0.0: Binding DVB extension [ 232.854098][ T24] usb 2-1: USB disconnect, device number 16 [ 233.022781][ T24] em28xx 2-1:0.0: Disconnecting em28xx [ 233.115609][ T5926] em28xx 2-1:0.0: Registering input extension [ 233.130203][ T24] em28xx 2-1:0.0: Closing input extension [ 233.175119][ T24] em28xx 2-1:0.0: Freeing device [ 233.307931][ T8136] netlink: 24 bytes leftover after parsing attributes in process `syz.3.532'. [ 233.498325][ T8136] netlink: 4 bytes leftover after parsing attributes in process `syz.3.532'. [ 233.673128][ T5814] Bluetooth: hci0: unexpected event for opcode 0x2060 [ 233.831902][ T117] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 233.841713][ T30] audit: type=1400 audit(1750928419.090:411): avc: denied { listen } for pid=8144 comm="syz.7.535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 233.876530][ T30] audit: type=1400 audit(1750928419.150:412): avc: denied { accept } for pid=8144 comm="syz.7.535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 234.031027][ T117] usb 2-1: config index 0 descriptor too short (expected 65350, got 70) [ 234.050906][ T117] usb 2-1: config 255 has too many interfaces: 255, using maximum allowed: 32 [ 234.066666][ T117] usb 2-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config [ 234.090589][ T117] usb 2-1: config 255 has 0 interfaces, different from the descriptor's value: 255 [ 234.105290][ T8152] syzkaller1: entered promiscuous mode [ 234.110827][ T8152] syzkaller1: entered allmulticast mode [ 234.118507][ T117] usb 2-1: New USB device found, idVendor=1b3b, idProduct=2951, bcdDevice=9e.ee [ 234.129026][ T117] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.139756][ T117] usb 2-1: Product: syz [ 234.141983][ T5890] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 234.144609][ T117] usb 2-1: Manufacturer: syz [ 234.160576][ T117] usb 2-1: SerialNumber: syz [ 234.191907][ T24] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 234.311672][ T5890] usb 7-1: Using ep0 maxpacket: 8 [ 234.323545][ T5890] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 234.343804][ T5890] usb 7-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 234.361664][ T5890] usb 7-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 234.384793][ T5890] usb 7-1: Product: syz [ 234.389073][ T5890] usb 7-1: Manufacturer: syz [ 234.407437][ T117] usb 2-1: USB disconnect, device number 17 [ 234.425655][ T5890] usb 7-1: SerialNumber: syz [ 234.503080][ T8155] ip6gre1: entered allmulticast mode [ 234.696513][ T8147] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 234.741275][ T5890] usb 7-1: palm_os_3_probe - error -71 getting connection information [ 234.769075][ T5890] visor 7-1:1.0: probe with driver visor failed with error -71 [ 234.781443][ T8161] netlink: 28 bytes leftover after parsing attributes in process `syz.3.540'. [ 234.817287][ T5890] usb 7-1: USB disconnect, device number 9 [ 235.074681][ T8170] [U] [ 235.077462][ T8170] [U] [ 235.080207][ T8170] [U] [ 235.082948][ T8170] [U] [ 235.086011][ T5941] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 235.105794][ T8170] [U] [ 235.108592][ T8170] [U] [ 235.111315][ T8170] [U] [ 235.114039][ T8170] [U] [ 235.126844][ T8170] [U] [ 235.129646][ T8170] [U] [ 235.132370][ T8170] [U] [ 235.135089][ T8170] [U] [ 235.262521][ T5941] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 235.271540][ T5941] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 235.286750][ T5941] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 235.321657][ T5941] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 235.355818][ T5941] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 235.372267][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 235.381234][ T5941] usb 4-1: Product: syz [ 235.414076][ T5941] usb 4-1: Manufacturer: syz [ 235.657057][ T8161] netlink: 8 bytes leftover after parsing attributes in process `syz.3.540'. [ 235.700292][ T5890] usb 4-1: USB disconnect, device number 19 [ 235.712005][ T8170] [U] [ 236.312215][ T5890] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 236.641925][ T5890] usb 3-1: Using ep0 maxpacket: 32 [ 236.650974][ T5890] usb 3-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 236.677468][ T5890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.717111][ T5890] usb 3-1: Product: syz [ 236.728355][ T8197] netlink: 8 bytes leftover after parsing attributes in process `syz.3.549'. [ 236.741410][ T5890] usb 3-1: Manufacturer: syz [ 236.746155][ T5890] usb 3-1: SerialNumber: syz [ 236.865821][ T5890] usb 3-1: config 0 descriptor?? [ 237.028652][ T8205] tmpfs: Unknown parameter 'gi' [ 237.871986][ T5941] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 238.035077][ T5941] usb 2-1: Using ep0 maxpacket: 16 [ 238.043538][ T8213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 238.063390][ T5941] usb 2-1: unable to get BOS descriptor or descriptor too short [ 238.077859][ T5941] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 238.112301][ T8213] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 238.116810][ T30] audit: type=1400 audit(1750928423.390:413): avc: denied { read write } for pid=8215 comm="syz.7.554" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 238.144816][ T5941] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 238.144857][ T5941] usb 2-1: config 1 has no interface number 1 [ 238.144937][ T5941] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 238.147261][ T5941] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 238.218979][ T8217] ip6gre1: entered allmulticast mode [ 238.269775][ T30] audit: type=1400 audit(1750928423.390:414): avc: denied { open } for pid=8215 comm="syz.7.554" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 238.291241][ T5941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.312027][ T5941] usb 2-1: Product: syz [ 238.322130][ T5941] usb 2-1: Manufacturer: syz [ 238.453135][ T5941] usb 2-1: SerialNumber: syz [ 238.841682][ T5926] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 239.008768][ T5926] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84 [ 239.033459][ T5926] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 47999, setting to 64 [ 239.039294][ T5815] Bluetooth: hci0: unexpected event for opcode 0x2060 [ 239.053529][ T5890] RobotFuzz Open Source InterFace, OSIF 3-1:0.0: failure sending bit rate [ 239.057896][ T5926] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 239.070441][ T5890] RobotFuzz Open Source InterFace, OSIF 3-1:0.0: probe with driver RobotFuzz Open Source InterFace, OSIF failed with error -110 [ 239.147972][ T5926] usb 7-1: New USB device found, idVendor=1bc7, idProduct=1040, bcdDevice=b5.b1 [ 239.185142][ T5926] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.220128][ T5926] usb 7-1: Product: syz [ 239.231011][ T5926] usb 7-1: Manufacturer: syz [ 239.240555][ T5926] usb 7-1: SerialNumber: syz [ 239.248752][ T5926] usb 7-1: config 0 descriptor?? [ 239.272095][ T8221] raw-gadget.3 gadget.6: fail, usb_ep_enable returned -22 [ 239.286832][ T5926] option 7-1:0.0: GSM modem (1-port) converter detected [ 239.437679][ T8237] fuse: Unknown parameter 'ro`tm' [ 239.491154][ T5890] usb 3-1: USB disconnect, device number 27 [ 239.504923][ T8221] Set syz0 is full, maxelem 0 reached [ 239.519679][ T8221] IPVS: set_ctl: invalid protocol: 22 0.0.0.0:20004 [ 239.528660][ T881] usb 7-1: USB disconnect, device number 10 [ 239.539339][ T881] option 7-1:0.0: device disconnected [ 239.682252][ T5926] usb 8-1: new full-speed USB device number 5 using dummy_hcd [ 239.742670][ T117] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 239.843579][ T5926] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84 [ 239.855913][ T5926] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 47999, setting to 64 [ 239.866985][ T5926] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 239.916412][ T5926] usb 8-1: New USB device found, idVendor=1bc7, idProduct=1040, bcdDevice=b5.b1 [ 239.942136][ T117] usb 4-1: Using ep0 maxpacket: 8 [ 239.946921][ T5941] usb 2-1: USB disconnect, device number 18 [ 239.952613][ T5926] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.962994][ T5926] usb 8-1: Product: syz [ 239.967254][ T5926] usb 8-1: Manufacturer: syz [ 239.994427][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 240.033279][ T5926] usb 8-1: SerialNumber: syz [ 240.038392][ T117] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 240.050022][ T117] usb 4-1: config 0 has no interface number 0 [ 240.057525][ T5926] usb 8-1: config 0 descriptor?? [ 240.064002][ T117] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 240.075307][ T117] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 240.075740][ T8239] raw-gadget.4 gadget.7: fail, usb_ep_enable returned -22 [ 240.088448][ T117] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 240.105332][ T117] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 240.127188][ T117] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 240.129119][ T5926] option 8-1:0.0: GSM modem (1-port) converter detected [ 240.145667][ T117] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.158849][ T117] usb 4-1: config 0 descriptor?? [ 240.163522][ T5890] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 240.178627][ T117] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 240.254770][ T30] audit: type=1400 audit(1750928425.530:415): avc: denied { read } for pid=8248 comm="syz.6.567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 240.333177][ T5890] usb 3-1: Using ep0 maxpacket: 8 [ 240.340450][ T5890] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 240.358600][ T5890] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 240.361284][ T8239] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 240.368094][ T5890] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 240.384844][ T5890] usb 3-1: Product: syz [ 240.389464][ T5890] usb 3-1: Manufacturer: syz [ 240.395422][ T5890] usb 3-1: SerialNumber: syz [ 240.411860][ T8239] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 240.422852][ T8239] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 240.430739][ T8239] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 240.509665][ T30] audit: type=1400 audit(1750928425.770:416): avc: denied { ioctl } for pid=8248 comm="syz.6.567" path="socket:[20645]" dev="sockfs" ino=20645 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 240.536240][ T5941] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 240.680054][ C1] ldusb 4-1:0.55: usb_submit_urb failed (-19) [ 240.686413][ T5926] usb 4-1: USB disconnect, device number 20 [ 240.846040][ T5926] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 241.045322][ T117] usb 8-1: USB disconnect, device number 5 [ 241.063751][ T5890] usb 3-1: palm_os_3_probe - error -110 getting connection information [ 241.072849][ T5890] visor 3-1:1.0: probe with driver visor failed with error -110 [ 241.096533][ T5861] usb 3-1: USB disconnect, device number 28 [ 241.106485][ T117] option 8-1:0.0: device disconnected [ 241.121765][ T5941] usb 2-1: Using ep0 maxpacket: 8 [ 241.128439][ T5941] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 241.145383][ T5941] usb 2-1: config 179 has no interface number 0 [ 241.156234][ T5941] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 241.181707][ T5941] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 241.200045][ T5941] usb 2-1: config 179 interface 65 altsetting 12 has an invalid descriptor for endpoint zero, skipping [ 241.219163][ T5941] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 241.232980][ T5941] usb 2-1: config 179 interface 65 has no altsetting 0 [ 241.240147][ T5941] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 241.249363][ T5941] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.279465][ T30] audit: type=1400 audit(1750928426.550:417): avc: denied { mount } for pid=8256 comm="syz.6.568" name="/" dev="bdev" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bdev_t tclass=filesystem permissive=1 [ 241.479358][ T5813] usb 2-1: USB disconnect, device number 19 [ 241.592523][ T5941] usb 7-1: new full-speed USB device number 11 using dummy_hcd [ 241.642271][ T8269] syz.7.570: attempt to access beyond end of device [ 241.642271][ T8269] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 241.760642][ T5941] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 241.780815][ T5941] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 241.795260][ T5941] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 241.813803][ T5941] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 241.817126][ T8274] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=8274 comm=syz.2.574 [ 241.826335][ T5941] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.847571][ T5941] usb 7-1: Product: syz [ 241.852164][ T5941] usb 7-1: Manufacturer: syz [ 241.857439][ T5941] usb 7-1: SerialNumber: syz [ 241.872664][ T5941] usb 7-1: config 0 descriptor?? [ 242.027911][ T8277] netlink: 'syz.2.574': attribute type 10 has an invalid length. [ 242.038860][ T8277] netlink: 40 bytes leftover after parsing attributes in process `syz.2.574'. [ 242.042459][ T8259] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 242.053321][ T8277] dummy0: entered promiscuous mode [ 242.065774][ T8277] bridge0: port 3(dummy0) entered blocking state [ 242.073936][ T8277] bridge0: port 3(dummy0) entered disabled state [ 242.081757][ T8277] dummy0: entered allmulticast mode [ 242.112409][ T8259] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 242.125799][ T8277] bridge0: port 3(dummy0) entered blocking state [ 242.132928][ T8277] bridge0: port 3(dummy0) entered forwarding state [ 242.161863][ T5861] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 242.162216][ T30] audit: type=1400 audit(1750928427.430:418): avc: denied { create } for pid=8273 comm="syz.2.574" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 242.338149][ T5941] usb 7-1: ucan: probing device on interface #0 [ 242.375856][ T30] audit: type=1400 audit(1750928427.650:419): avc: denied { write } for pid=8273 comm="syz.2.574" name="file0" dev="tmpfs" ino=684 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 242.401928][ T30] audit: type=1400 audit(1750928427.650:420): avc: denied { open } for pid=8273 comm="syz.2.574" path="/122/file0" dev="tmpfs" ino=684 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 242.402269][ T5861] usb 4-1: Using ep0 maxpacket: 32 [ 242.488739][ T8280] FAULT_INJECTION: forcing a failure. [ 242.488739][ T8280] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 242.516536][ T8280] CPU: 1 UID: 0 PID: 8280 Comm: syz.7.576 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 242.516567][ T8280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 242.516576][ T8280] Call Trace: [ 242.516582][ T8280] [ 242.516590][ T8280] dump_stack_lvl+0x16c/0x1f0 [ 242.516621][ T8280] should_fail_ex+0x512/0x640 [ 242.516646][ T8280] _copy_to_user+0x32/0xd0 [ 242.516672][ T8280] simple_read_from_buffer+0xcb/0x170 [ 242.516695][ T8280] proc_fail_nth_read+0x197/0x270 [ 242.516715][ T8280] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 242.516736][ T8280] ? rw_verify_area+0xcf/0x680 [ 242.516756][ T8280] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 242.516776][ T8280] vfs_read+0x1e1/0xc60 [ 242.516799][ T8280] ? __pfx___mutex_lock+0x10/0x10 [ 242.516825][ T8280] ? __pfx_vfs_read+0x10/0x10 [ 242.516852][ T8280] ? __fget_files+0x20e/0x3c0 [ 242.516880][ T8280] ksys_read+0x12a/0x250 [ 242.516900][ T8280] ? __pfx_ksys_read+0x10/0x10 [ 242.516926][ T8280] do_syscall_64+0xcd/0x4c0 [ 242.516953][ T8280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.516972][ T8280] RIP: 0033:0x7fb9f558d33c [ 242.516989][ T8280] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 242.517006][ T8280] RSP: 002b:00007fb9f6365030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 242.517023][ T8280] RAX: ffffffffffffffda RBX: 00007fb9f57b5fa0 RCX: 00007fb9f558d33c [ 242.517034][ T8280] RDX: 000000000000000f RSI: 00007fb9f63650a0 RDI: 0000000000000004 [ 242.517044][ T8280] RBP: 00007fb9f6365090 R08: 0000000000000000 R09: 0000000000000000 [ 242.517053][ T8280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 242.517062][ T8280] R13: 0000000000000000 R14: 00007fb9f57b5fa0 R15: 00007ffde27f7af8 [ 242.517086][ T8280] [ 242.523947][ T30] audit: type=1400 audit(1750928427.790:421): avc: denied { unlink } for pid=5818 comm="syz-executor" name="file0" dev="tmpfs" ino=684 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 242.593562][ T5861] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 242.597310][ T5941] usb 7-1: ucan: device protocol version 71303168 is not supported [ 242.611657][ T5861] usb 4-1: config 0 has an invalid interface descriptor of length 5, skipping [ 242.656696][ T5941] usb 7-1: ucan: probe failed; try to update the device firmware [ 242.780071][ T30] audit: type=1400 audit(1750928427.810:422): avc: denied { watch_reads } for pid=8258 comm="syz.6.569" path="/67" dev="tmpfs" ino=368 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 242.797904][ T8285] FAULT_INJECTION: forcing a failure. [ 242.797904][ T8285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 242.818565][ T8285] CPU: 1 UID: 0 PID: 8285 Comm: syz.7.579 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 242.818591][ T8285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 242.818601][ T8285] Call Trace: [ 242.818606][ T8285] [ 242.818614][ T8285] dump_stack_lvl+0x16c/0x1f0 [ 242.818645][ T8285] should_fail_ex+0x512/0x640 [ 242.818670][ T8285] _copy_from_user+0x2e/0xd0 [ 242.818694][ T8285] copy_msghdr_from_user+0x98/0x160 [ 242.818721][ T8285] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 242.818754][ T8285] ___sys_sendmsg+0xfe/0x1d0 [ 242.818774][ T8285] ? __pfx____sys_sendmsg+0x10/0x10 [ 242.818794][ T8285] ? __lock_acquire+0x622/0x1c90 [ 242.818844][ T8285] __sys_sendmsg+0x16d/0x220 [ 242.818863][ T8285] ? __pfx___sys_sendmsg+0x10/0x10 [ 242.818884][ T8285] ? __pfx_bpf_trace_run2+0x10/0x10 [ 242.818905][ T8285] ? syscall_trace_enter+0x1cb/0x260 [ 242.818927][ T8285] ? rcu_is_watching+0x12/0xc0 [ 242.818953][ T8285] do_syscall_64+0xcd/0x4c0 [ 242.818980][ T8285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.818996][ T8285] RIP: 0033:0x7fb9f558e929 [ 242.819009][ T8285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.819024][ T8285] RSP: 002b:00007fb9f6365038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 242.819040][ T8285] RAX: ffffffffffffffda RBX: 00007fb9f57b5fa0 RCX: 00007fb9f558e929 [ 242.819052][ T8285] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000004 [ 242.819061][ T8285] RBP: 00007fb9f6365090 R08: 0000000000000000 R09: 0000000000000000 [ 242.819070][ T8285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.819080][ T8285] R13: 0000000000000000 R14: 00007fb9f57b5fa0 R15: 00007ffde27f7af8 [ 242.819101][ T8285] [ 242.819816][ T5861] usb 4-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config [ 242.854945][ T5813] usb 7-1: USB disconnect, device number 11 [ 242.888865][ T5861] usb 4-1: config 0 has no interface number 0 [ 242.892002][ T881] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 242.900313][ T5861] usb 4-1: New USB device found, idVendor=6547, idProduct=0232, bcdDevice=f8.e0 [ 243.063489][ T881] usb 3-1: Using ep0 maxpacket: 16 [ 243.079026][ T881] usb 3-1: unable to get BOS descriptor or descriptor too short [ 243.109932][ T881] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 243.128310][ T881] usb 3-1: can't read configurations, error -71 [ 243.212218][ T5861] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.224763][ T5861] usb 4-1: config 0 descriptor?? [ 243.296285][ T8294] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8294 comm=syz.7.582 [ 244.006749][ T8300] fuse: Unknown parameter 'ro`tm' [ 244.263415][ T5926] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 244.551868][ T5926] usb 2-1: Using ep0 maxpacket: 8 [ 244.562032][ T5926] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 244.723009][ T5926] usb 2-1: config 0 has no interface number 0 [ 244.729217][ T5926] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 244.774914][ T5926] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 245.175021][ T5926] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 245.222114][ T5926] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 245.253129][ T5861] usb 4-1: string descriptor 0 read error: -71 [ 245.268169][ T8313] FAULT_INJECTION: forcing a failure. [ 245.268169][ T8313] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 245.281337][ T8313] CPU: 1 UID: 0 PID: 8313 Comm: syz.6.588 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 245.281356][ T8313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.281363][ T8313] Call Trace: [ 245.281367][ T8313] [ 245.281372][ T8313] dump_stack_lvl+0x16c/0x1f0 [ 245.281394][ T8313] should_fail_ex+0x512/0x640 [ 245.281413][ T8313] _copy_from_iter+0x29f/0x16f0 [ 245.281431][ T8313] ? __alloc_skb+0x200/0x380 [ 245.281447][ T8313] ? __pfx__copy_from_iter+0x10/0x10 [ 245.281462][ T8313] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 245.281485][ T8313] netlink_sendmsg+0x829/0xdd0 [ 245.281498][ T8313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 245.281513][ T8313] ____sys_sendmsg+0xa95/0xc70 [ 245.281524][ T8313] ? copy_msghdr_from_user+0x10a/0x160 [ 245.281550][ T8313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 245.281575][ T8313] ___sys_sendmsg+0x134/0x1d0 [ 245.281600][ T8313] ? __pfx____sys_sendmsg+0x10/0x10 [ 245.281621][ T8313] ? __lock_acquire+0x622/0x1c90 [ 245.281675][ T8313] __sys_sendmsg+0x16d/0x220 [ 245.281698][ T8313] ? __pfx___sys_sendmsg+0x10/0x10 [ 245.281739][ T8313] do_syscall_64+0xcd/0x4c0 [ 245.281767][ T8313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.281784][ T8313] RIP: 0033:0x7f0c0a98e929 [ 245.281800][ T8313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.281812][ T8313] RSP: 002b:00007f0c0b7ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 245.281823][ T8313] RAX: ffffffffffffffda RBX: 00007f0c0abb5fa0 RCX: 00007f0c0a98e929 [ 245.281830][ T8313] RDX: 000000000400c084 RSI: 0000200000000000 RDI: 000000000000000d [ 245.281836][ T8313] RBP: 00007f0c0b7ba090 R08: 0000000000000000 R09: 0000000000000000 [ 245.281842][ T8313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 245.281847][ T8313] R13: 0000000000000000 R14: 00007f0c0abb5fa0 R15: 00007ffc23ad39c8 [ 245.281861][ T8313] [ 245.478491][ T5861] ark3116 4-1:0.12: required endpoints missing [ 245.490404][ T5861] usb 4-1: USB disconnect, device number 21 [ 245.498590][ T5926] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 245.507917][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.544834][ T5926] usb 2-1: config 0 descriptor?? [ 245.589128][ T5926] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 246.252321][ T5926] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 246.451806][ T117] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 246.813943][ T8324] netlink: 5128 bytes leftover after parsing attributes in process `syz.6.591'. [ 246.828473][ T5926] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 246.829198][ T8324] netlink: 5128 bytes leftover after parsing attributes in process `syz.6.591'. [ 246.839179][ T117] usb 4-1: Using ep0 maxpacket: 16 [ 246.862004][ T5898] usb 2-1: USB disconnect, device number 20 [ 246.868019][ C1] ldusb 2-1:0.55: usb_submit_urb failed (-19) [ 246.890028][ T8324] netlink: 584 bytes leftover after parsing attributes in process `syz.6.591'. [ 246.892027][ T5926] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 246.941750][ T5898] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 246.952131][ T117] usb 4-1: unable to get BOS descriptor or descriptor too short [ 246.974735][ T117] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 246.987635][ T5926] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 246.999452][ T5926] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 247.007631][ T117] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 247.017389][ T5926] usb 8-1: SerialNumber: syz [ 247.019792][ T8328] /dev/nullb0: Can't open blockdev [ 247.022235][ T117] usb 4-1: config 1 has no interface number 1 [ 247.022314][ T117] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 247.048102][ T117] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 247.059981][ T117] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.068234][ T117] usb 4-1: Product: syz [ 247.070910][ T881] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 247.073635][ T117] usb 4-1: Manufacturer: syz [ 247.087420][ T117] usb 4-1: SerialNumber: syz [ 247.235713][ T881] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 247.249332][ T881] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 247.267735][ T881] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 247.279271][ T881] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 247.290157][ T881] usb 7-1: SerialNumber: syz [ 247.342160][ T8333] netlink: 8 bytes leftover after parsing attributes in process `syz.7.590'. [ 247.421335][ T8334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 247.474515][ T8334] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 247.579976][ T881] usb 7-1: 0:2 : does not exist [ 247.605142][ T881] usb 7-1: unit 5 not found! [ 247.725847][ T881] usb 7-1: USB disconnect, device number 12 [ 248.219697][ T6037] udevd[6037]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 248.695738][ T117] usb 4-1: USB disconnect, device number 22 [ 249.238159][ T5823] udevd[5823]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 249.425399][ T5926] usb 8-1: 0:2 : does not exist [ 249.430435][ T5926] usb 8-1: unit 1 not found! [ 249.551616][ T5926] usb 8-1: USB disconnect, device number 6 [ 249.723627][ T8367] fuse: Unknown parameter 'æ\æ|jt’0xffffffffffffffff' [ 249.741868][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 249.741922][ T30] audit: type=1400 audit(1750928434.930:424): avc: denied { create } for pid=8358 comm="syz.1.599" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 250.759172][ T8371] syz.7.601 (8371): drop_caches: 2 [ 251.140907][ T8378] netlink: 20 bytes leftover after parsing attributes in process `syz.7.604'. [ 251.218585][ T2905] Bluetooth: hci5: Frame reassembly failed (-84) [ 251.227334][ T8382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8382 comm=syz.7.604 [ 251.645385][ T8382] netlink: 24 bytes leftover after parsing attributes in process `syz.7.604'. [ 253.195936][ T881] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 253.206093][ T8401] FAULT_INJECTION: forcing a failure. [ 253.206093][ T8401] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 253.219387][ T8401] CPU: 1 UID: 0 PID: 8401 Comm: syz.7.610 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 253.219405][ T8401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.219411][ T8401] Call Trace: [ 253.219415][ T8401] [ 253.219419][ T8401] dump_stack_lvl+0x16c/0x1f0 [ 253.219440][ T8401] should_fail_ex+0x512/0x640 [ 253.219458][ T8401] _copy_to_iter+0x463/0x16f0 [ 253.219477][ T8401] ? __pfx__copy_to_iter+0x10/0x10 [ 253.219493][ T8401] ? __skb_recv_datagram+0x1b2/0x220 [ 253.219514][ T8401] ? __pfx___skb_recv_datagram+0x10/0x10 [ 253.219528][ T8401] simple_copy_to_iter+0x46/0x90 [ 253.219539][ T8401] __skb_datagram_iter+0x129/0x900 [ 253.219551][ T8401] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 253.219563][ T8401] ? skb_recv_datagram+0x88/0xc0 [ 253.219577][ T8401] skb_copy_datagram_iter+0x40/0x50 [ 253.219590][ T8401] netlink_recvmsg+0x27e/0xa90 [ 253.219609][ T8401] ? __pfx_netlink_recvmsg+0x10/0x10 [ 253.219632][ T8401] sock_recvmsg+0x1f9/0x250 [ 253.219644][ T8401] ____sys_recvmsg+0x218/0x6b0 [ 253.219657][ T8401] ? __pfx_____sys_recvmsg+0x10/0x10 [ 253.219673][ T8401] ? __lock_acquire+0x622/0x1c90 [ 253.219693][ T8401] ___sys_recvmsg+0x114/0x1a0 [ 253.219708][ T8401] ? __pfx____sys_recvmsg+0x10/0x10 [ 253.219724][ T8401] ? find_held_lock+0x2b/0x80 [ 253.219745][ T8401] do_recvmmsg+0x2fe/0x750 [ 253.219761][ T8401] ? __pfx_do_recvmmsg+0x10/0x10 [ 253.219774][ T8401] ? find_held_lock+0x2b/0x80 [ 253.219786][ T8401] ? __might_fault+0xe3/0x190 [ 253.219800][ T8401] ? __might_fault+0x13b/0x190 [ 253.219820][ T8401] ? __pfx_get_timespec64+0x10/0x10 [ 253.219835][ T8401] ? __fget_files+0x20e/0x3c0 [ 253.219853][ T8401] __x64_sys_recvmmsg+0x199/0x280 [ 253.219868][ T8401] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 253.219888][ T8401] do_syscall_64+0xcd/0x4c0 [ 253.219904][ T8401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.219915][ T8401] RIP: 0033:0x7fb9f558e929 [ 253.219924][ T8401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.219935][ T8401] RSP: 002b:00007fb9f6365038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 253.219947][ T8401] RAX: ffffffffffffffda RBX: 00007fb9f57b5fa0 RCX: 00007fb9f558e929 [ 253.219953][ T8401] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000004 [ 253.219960][ T8401] RBP: 00007fb9f6365090 R08: 0000200000003700 R09: 0000000000000000 [ 253.219966][ T8401] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001 [ 253.219971][ T8401] R13: 0000000000000000 R14: 00007fb9f57b5fa0 R15: 00007ffde27f7af8 [ 253.219984][ T8401] [ 253.220301][ T5815] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 253.223100][ T5814] Bluetooth: hci5: command 0x1003 tx timeout [ 253.638805][ T30] audit: type=1400 audit(1750928438.900:425): avc: denied { shutdown } for pid=8402 comm="syz.1.611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 253.651702][ T881] usb 3-1: Using ep0 maxpacket: 16 [ 253.667469][ T881] usb 3-1: unable to get BOS descriptor or descriptor too short [ 253.680461][ T881] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 253.707106][ T881] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 253.763016][ T30] audit: type=1400 audit(1750928438.940:426): avc: denied { audit_read } for pid=8402 comm="syz.1.611" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 253.789797][ T881] usb 3-1: config 1 has no interface number 1 [ 253.800525][ T881] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 253.844603][ T881] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 253.859082][ T881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.879958][ T881] usb 3-1: Product: syz [ 253.907515][ T881] usb 3-1: Manufacturer: syz [ 253.922685][ T881] usb 3-1: SerialNumber: syz [ 253.975416][ T8416] tmpfs: Unknown parameter 'us­ [ 253.975416][ T8416] uota_block_hagdlimýO³J' [ 254.142177][ T5813] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 254.240490][ T8410] ip6gre1: entered allmulticast mode [ 254.571652][ T5813] usb 7-1: Using ep0 maxpacket: 8 [ 254.573294][ T5813] usb 7-1: config 150 has an invalid interface number: 204 but max is 1 [ 254.573325][ T5813] usb 7-1: config 150 has an invalid descriptor of length 99, skipping remainder of the config [ 254.573340][ T5813] usb 7-1: config 150 has 1 interface, different from the descriptor's value: 2 [ 254.573356][ T5813] usb 7-1: config 150 has no interface number 0 [ 254.573388][ T5813] usb 7-1: config 150 interface 204 has no altsetting 0 [ 254.575012][ T5813] usb 7-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 254.575037][ T5813] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.575057][ T5813] usb 7-1: Product: syz [ 254.575068][ T5813] usb 7-1: Manufacturer: syz [ 254.575079][ T5813] usb 7-1: SerialNumber: syz [ 254.747194][ T8425] tty tty34: ldisc open failed (-12), clearing slot 33 [ 254.793033][ T5813] usb 7-1: USB disconnect, device number 13 [ 254.880540][ T30] audit: type=1400 audit(1750928440.150:427): avc: denied { shutdown } for pid=8428 comm="syz.7.620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 254.973394][ T8434] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 255.081180][ T30] audit: type=1400 audit(1750928440.240:428): avc: denied { mount } for pid=8433 comm="syz.1.622" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 255.166027][ T30] audit: type=1400 audit(1750928440.440:429): avc: denied { unmount } for pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 255.290910][ T30] audit: type=1400 audit(1750928440.560:430): avc: denied { create } for pid=8430 comm="syz.3.621" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 255.557369][ T8447] can0: slcan on ttyS3. [ 255.654897][ T8447] netlink: 28 bytes leftover after parsing attributes in process `syz.2.624'. [ 255.723227][ T5926] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 255.766276][ T881] usb 3-1: USB disconnect, device number 31 [ 255.868157][ T8441] can0 (unregistered): slcan off ttyS3. [ 255.902838][ T5926] usb 2-1: device descriptor read/64, error -71 [ 255.991997][ T8453] input: syz0 as /devices/virtual/input/input13 [ 256.017567][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.035464][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.094405][ T8456] 9pnet_fd: Insufficient options for proto=fd [ 256.115569][ T8456] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 256.133945][ T8456] sp0: Synchronizing with TNC [ 256.161964][ T5926] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 256.323249][ T5926] usb 2-1: device descriptor read/64, error -71 [ 256.450795][ T5926] usb usb2-port1: attempt power cycle [ 256.451925][ T30] audit: type=1400 audit(1750928441.720:431): avc: denied { read write } for pid=8464 comm="syz.6.633" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 256.521766][ T30] audit: type=1400 audit(1750928441.720:432): avc: denied { open } for pid=8464 comm="syz.6.633" path="/78/bus" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 257.172051][ T30] audit: type=1400 audit(1750928442.450:433): avc: denied { unmount } for pid=6954 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 257.212330][ T5926] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 257.252274][ T5926] usb 2-1: device descriptor read/8, error -71 [ 257.295792][ T8481] fuse: Unknown parameter 'ro`tm' [ 257.338192][ T8479] fuse: Unknown parameter 'ro`tm' [ 257.472097][ T30] audit: type=1400 audit(1750928442.750:434): avc: denied { mount } for pid=8483 comm="syz.7.637" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1 [ 257.521909][ T5926] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 257.551696][ T881] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 257.562463][ T5926] usb 2-1: device descriptor read/8, error -71 [ 257.590911][ T8486] netlink: 28 bytes leftover after parsing attributes in process `syz.7.637'. [ 257.631879][ T5898] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 257.692085][ T5926] usb usb2-port1: unable to enumerate USB device [ 257.702392][ T881] usb 4-1: Using ep0 maxpacket: 8 [ 257.714519][ T881] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 257.724253][ T881] usb 4-1: config 0 has no interface number 0 [ 257.734804][ T881] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 257.752100][ T881] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 257.763885][ T881] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 257.775372][ T881] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 257.791355][ T881] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 257.800829][ T881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.821780][ T5898] usb 7-1: Using ep0 maxpacket: 8 [ 257.825802][ T881] usb 4-1: config 0 descriptor?? [ 257.832889][ T5898] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 257.841016][ T5898] usb 7-1: config 0 has no interface number 0 [ 257.847641][ T881] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 257.861682][ T5898] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 257.903146][ T5898] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 257.920041][ T5898] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 257.934278][ T5898] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 257.948296][ T5898] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 257.957803][ T5926] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 257.969347][ T5898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.991627][ T5898] usb 7-1: config 0 descriptor?? [ 258.010137][ T5898] ldusb 7-1:0.55: LD USB Device #1 now attached to major 180 minor 1 [ 258.161777][ T5926] usb 3-1: Using ep0 maxpacket: 16 [ 258.168657][ T5926] usb 3-1: unable to get BOS descriptor or descriptor too short [ 258.177660][ T5926] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 258.187943][ T5926] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 258.196991][ T5926] usb 3-1: config 1 has no interface number 1 [ 258.203989][ T5926] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 258.221845][ T5926] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 258.232155][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.240522][ T5926] usb 3-1: Product: syz [ 258.245591][ T5926] usb 3-1: Manufacturer: syz [ 258.250368][ T5926] usb 3-1: SerialNumber: syz [ 258.577366][ T5861] usb 7-1: USB disconnect, device number 14 [ 258.626157][ T5861] ldusb 7-1:0.55: LD USB Device #1 now disconnected [ 258.920820][ C0] Unknown status report in ack skb [ 259.992963][ T5861] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 260.067629][ T5926] usb 3-1: USB disconnect, device number 32 [ 260.108669][ T5809] udevd[5809]: setting owner of /dev/bus/usb/003/032 to uid=0, gid=0 failed: No such file or directory [ 260.175446][ T5861] usb 2-1: Using ep0 maxpacket: 16 [ 260.189678][ T5809] udevd[5809]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 260.223067][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 260.350560][ T5926] usb 4-1: USB disconnect, device number 23 [ 260.362800][ T5861] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 260.372164][ T5861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.380290][ T5861] usb 2-1: Product: syz [ 260.385621][ T5861] usb 2-1: Manufacturer: syz [ 260.391682][ T5861] usb 2-1: SerialNumber: syz [ 260.417191][ T5926] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 260.426783][ T5861] usb 2-1: config 0 descriptor?? [ 260.513062][ T5861] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 260.545132][ T5861] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 260.892950][ T8514] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 260.902331][ T8514] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 260.911123][ T8514] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 260.919994][ T8514] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 260.974771][ T8514] vxlan0: entered promiscuous mode [ 261.002836][ T8514] vxlan0: entered allmulticast mode [ 261.092407][ T5861] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 261.248256][ T30] audit: type=1400 audit(1750928446.520:435): avc: denied { listen } for pid=8510 comm="syz.2.645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 261.281691][ T30] audit: type=1400 audit(1750928446.550:436): avc: denied { append } for pid=8510 comm="syz.2.645" name="001" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 261.443696][ T5926] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 261.611943][ T5890] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 261.613142][ T5926] usb 8-1: Using ep0 maxpacket: 16 [ 261.671835][ T5926] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 261.687692][ T5926] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 261.699724][ T5926] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.708075][ T5926] usb 8-1: Product: syz [ 261.712966][ T5926] usb 8-1: Manufacturer: syz [ 261.717731][ T5926] usb 8-1: SerialNumber: syz [ 261.726251][ T5926] usb 8-1: config 0 descriptor?? [ 261.735794][ T5926] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 261.745524][ T5926] em28xx 8-1:0.0: DVB interface 0 found: bulk [ 261.782247][ T5890] usb 7-1: Using ep0 maxpacket: 32 [ 261.805631][ T5890] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 261.815794][ T5890] usb 7-1: can't read configurations, error -61 [ 261.951771][ T5890] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 261.964519][ T5861] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 261.973980][ T5861] em28xx 2-1:0.0: board has no eeprom [ 262.000620][ T13] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 262.051810][ T5861] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 262.059818][ T5861] em28xx 2-1:0.0: dvb set to bulk mode. [ 262.065515][ T117] em28xx 2-1:0.0: Binding DVB extension [ 262.083963][ T5861] usb 2-1: USB disconnect, device number 25 [ 262.101698][ T5890] usb 7-1: Using ep0 maxpacket: 32 [ 262.101705][ T5898] usb 3-1: new full-speed USB device number 33 using dummy_hcd [ 262.123895][ T5890] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 262.135962][ T5890] usb 7-1: can't read configurations, error -61 [ 262.139370][ T117] em28xx 2-1:0.0: Registering input extension [ 262.149121][ T5861] em28xx 2-1:0.0: Disconnecting em28xx [ 262.149301][ T5890] usb usb7-port1: attempt power cycle [ 262.160573][ T5861] em28xx 2-1:0.0: Closing input extension [ 262.188821][ T5861] em28xx 2-1:0.0: Freeing device [ 262.283388][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 262.295351][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 111, setting to 64 [ 262.306442][ T5898] usb 3-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00 [ 262.317017][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.328036][ T5898] usb 3-1: config 0 descriptor?? [ 262.334077][ T8532] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 262.341348][ T5926] em28xx 8-1:0.0: unknown em28xx chip ID (0) [ 262.412045][ T5898] rc_core: IR keymap rc-xbox-dvd not found [ 262.427739][ T5898] Registered IR keymap rc-empty [ 262.436264][ T5898] rc rc0: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 262.477028][ T5898] input: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input15 [ 262.502145][ T5890] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 262.544914][ T5890] usb 7-1: Using ep0 maxpacket: 32 [ 262.583124][ T5890] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 262.594285][ T5890] usb 7-1: can't read configurations, error -61 [ 262.627626][ C1] xbox_remote 3-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 262.635573][ T5861] usb 3-1: USB disconnect, device number 33 [ 263.073159][ T5890] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 263.142390][ T5890] usb 7-1: Using ep0 maxpacket: 32 [ 263.150273][ T5890] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 263.158125][ T5890] usb 7-1: can't read configurations, error -61 [ 263.172194][ T5890] usb usb7-port1: unable to enumerate USB device [ 263.236778][ T5926] em28xx 8-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 263.260767][ T5926] em28xx 8-1:0.0: board has no eeprom [ 263.334331][ T5926] em28xx 8-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 263.343386][ T5926] em28xx 8-1:0.0: dvb set to bulk mode. [ 263.349005][ T5861] em28xx 8-1:0.0: Binding DVB extension [ 263.366426][ T5926] usb 8-1: USB disconnect, device number 7 [ 263.422515][ T5926] em28xx 8-1:0.0: Disconnecting em28xx [ 263.441177][ T5861] em28xx 8-1:0.0: Registering input extension [ 263.456348][ T5926] em28xx 8-1:0.0: Closing input extension [ 263.482859][ T5890] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 263.487708][ T5926] em28xx 8-1:0.0: Freeing device [ 263.673850][ T5890] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 263.712515][ T5890] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 263.727859][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.765585][ T5890] usb 2-1: config 0 descriptor?? [ 263.795471][ T5890] pwc: Askey VC010 type 2 USB webcam detected. [ 263.837946][ T8555] netlink: 8 bytes leftover after parsing attributes in process `syz.7.657'. [ 263.904202][ T30] audit: type=1400 audit(1750928449.180:437): avc: denied { read } for pid=8556 comm="syz.7.658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 264.203556][ T8544] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 264.259439][ T5890] pwc: recv_control_msg error -32 req 02 val 2b00 [ 264.270577][ T5890] pwc: recv_control_msg error -32 req 02 val 2700 [ 264.284427][ T5890] pwc: recv_control_msg error -32 req 02 val 2c00 [ 264.307939][ T5890] pwc: recv_control_msg error -32 req 04 val 1000 [ 264.321992][ T8544] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 264.348656][ T5890] pwc: recv_control_msg error -32 req 04 val 1300 [ 264.403986][ T5890] pwc: recv_control_msg error -32 req 04 val 1400 [ 264.483444][ T5890] pwc: recv_control_msg error -32 req 02 val 2000 [ 264.503583][ T5890] pwc: recv_control_msg error -32 req 02 val 2100 [ 264.510818][ T5890] pwc: recv_control_msg error -32 req 04 val 1500 [ 264.523912][ T5890] pwc: recv_control_msg error -32 req 02 val 2500 [ 265.542491][ T5890] pwc: recv_control_msg error -71 req 02 val 2900 [ 265.775635][ T5890] pwc: recv_control_msg error -71 req 02 val 2800 [ 266.070015][ T8569] 9pnet_fd: Insufficient options for proto=fd [ 266.290497][ T5890] pwc: recv_control_msg error -71 req 04 val 1100 [ 266.333650][ T5890] pwc: recv_control_msg error -71 req 04 val 1200 [ 266.580411][ T8585] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 266.723690][ T5890] pwc: Registered as video103. [ 267.123545][ T5890] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input17 [ 267.291316][ T5890] usb 2-1: USB disconnect, device number 26 [ 267.388903][ T8585] Falling back ldisc for ptm1. [ 267.417655][ T8590] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 274.492800][ C1] wlan1: beacon TX faster than countdown (channel/color switch) completion [ 372.411517][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 372.411540][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P8562/1:b..l [ 372.412190][ C1] rcu: (detected by 1, t=10502 jiffies, g=27005, q=383 ncpus=2) [ 372.412207][ C1] task:syz.3.660 state:R running task stack:26248 pid:8562 tgid:8560 ppid:5812 task_flags:0x40054c flags:0x00004002 [ 372.412266][ C1] Call Trace: [ 372.412273][ C1] [ 372.412284][ C1] __schedule+0x116a/0x5de0 [ 372.412317][ C1] ? __lock_acquire+0x5b1/0x1c90 [ 372.412353][ C1] ? __pfx___schedule+0x10/0x10 [ 372.412372][ C1] ? lock_acquire+0x179/0x350 [ 372.412401][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 372.412431][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 372.412454][ C1] preempt_schedule_common+0x44/0xc0 [ 372.412478][ C1] preempt_schedule_thunk+0x16/0x30 [ 372.412503][ C1] _raw_spin_unlock+0x3e/0x50 [ 372.412524][ C1] unmap_page_range+0x106b/0x4350 [ 372.412574][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 372.412606][ C1] ? uprobe_munmap+0x20/0x5c0 [ 372.412635][ C1] unmap_single_vma.constprop.0+0x153/0x240 [ 372.412665][ C1] unmap_vmas+0x218/0x470 [ 372.412692][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 372.412719][ C1] ? mas_next_slot+0x12d3/0x21b0 [ 372.412759][ C1] exit_mmap+0x1b9/0xb90 [ 372.412781][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 372.412825][ C1] __mmput+0x12a/0x410 [ 372.412847][ C1] mmput+0x62/0x70 [ 372.412866][ C1] do_exit+0x7c4/0x2bd0 [ 372.412888][ C1] ? __pfx___might_resched+0x10/0x10 [ 372.412917][ C1] ? __pfx_do_exit+0x10/0x10 [ 372.412939][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 372.412955][ C1] ? find_held_lock+0x2b/0x80 [ 372.412979][ C1] do_group_exit+0xd3/0x2a0 [ 372.413004][ C1] get_signal+0x2673/0x26d0 [ 372.413036][ C1] ? __pfx_get_signal+0x10/0x10 [ 372.413063][ C1] arch_do_signal_or_restart+0x8f/0x7d0 [ 372.413085][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 372.413119][ C1] exit_to_user_mode_loop+0x84/0x110 [ 372.413140][ C1] do_syscall_64+0x3f6/0x4c0 [ 372.413167][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.413185][ C1] RIP: 0033:0x7f8d5cb8e929 [ 372.413199][ C1] RSP: 002b:00007f8d5d9eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 372.413216][ C1] RAX: 000000000000003c RBX: 00007f8d5cdb5fa0 RCX: 00007f8d5cb8e929 [ 372.413227][ C1] RDX: 0000000004000010 RSI: 0000200000000380 RDI: 0000000000000004 [ 372.413238][ C1] RBP: 00007f8d5cc10b39 R08: 0000000000000000 R09: 0000000000000000 [ 372.413249][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 372.413260][ C1] R13: 0000000000000000 R14: 00007f8d5cdb5fa0 R15: 00007ffde045dd18 [ 372.413283][ C1] [ 372.413290][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10499 jiffies! g27005 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 372.413309][ C1] rcu: Possible timer handling issue on cpu=0 timer-softirq=19706 [ 372.413318][ C1] rcu: rcu_preempt kthread starved for 10500 jiffies! g27005 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 372.413337][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 372.413345][ C1] rcu: RCU grace-period kthread stack dump: [ 372.413351][ C1] task:rcu_preempt state:I stack:27784 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 372.413409][ C1] Call Trace: [ 372.413414][ C1] [ 372.413430][ C1] __schedule+0x116a/0x5de0 [ 372.413459][ C1] ? __lock_acquire+0x622/0x1c90 [ 372.413487][ C1] ? __pfx___schedule+0x10/0x10 [ 372.413513][ C1] ? find_held_lock+0x2b/0x80 [ 372.413533][ C1] ? schedule+0x2d7/0x3a0 [ 372.413557][ C1] schedule+0xe7/0x3a0 [ 372.413578][ C1] schedule_timeout+0x123/0x290 [ 372.413596][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 372.413616][ C1] ? __pfx_process_timeout+0x10/0x10 [ 372.413643][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 372.413664][ C1] ? prepare_to_swait_event+0xf5/0x480 [ 372.413691][ C1] rcu_gp_fqs_loop+0x1ea/0xb00 [ 372.413721][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 372.413747][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 372.413771][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 372.413794][ C1] ? rcu_gp_cleanup+0x7c1/0xd90 [ 372.413823][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 372.413847][ C1] rcu_gp_kthread+0x270/0x380 [ 372.413873][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 372.413897][ C1] ? rcu_is_watching+0x12/0xc0 [ 372.413917][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 372.413941][ C1] ? __kthread_parkme+0x19e/0x250 [ 372.413966][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 372.413991][ C1] kthread+0x3c2/0x780 [ 372.414008][ C1] ? __pfx_kthread+0x10/0x10 [ 372.414025][ C1] ? rcu_is_watching+0x12/0xc0 [ 372.414045][ C1] ? __pfx_kthread+0x10/0x10 [ 372.414062][ C1] ret_from_fork+0x5d4/0x6f0 [ 372.414086][ C1] ? __pfx_kthread+0x10/0x10 [ 372.414102][ C1] ret_from_fork_asm+0x1a/0x30 [ 372.414133][ C1] [ 372.414139][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 372.414147][ C1] Sending NMI from CPU 1 to CPUs 0: [ 372.414175][ C0] NMI backtrace for cpu 0 [ 372.414187][ C0] CPU: 0 UID: 0 PID: 8590 Comm: syz.7.665 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 372.414205][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 372.414213][ C0] RIP: 0010:rcu_is_watching+0x80/0xc0 [ 372.414231][ C0] Code: 89 da 48 c1 ea 03 0f b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 24 8b 03 c1 e8 02 83 e0 01 65 ff 0d c0 82 2b 12 <74> 07 5b 5d c3 cc cc cc cc e8 e2 07 8b ff 5b 5d e9 1b 15 e2 09 48 [ 372.414244][ C0] RSP: 0018:ffffc90000007d20 EFLAGS: 00000002 [ 372.414254][ C0] RAX: 0000000000000001 RBX: ffff8880b8433228 RCX: ffffffff89926b3d [ 372.414262][ C0] RDX: 0000000000000000 RSI: ffffffff8c157b20 RDI: ffffffff8df26da0 [ 372.414271][ C0] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 372.414279][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8993285b [ 372.414287][ C0] R13: 185a77969c000000 R14: 0000000000000000 R15: ffff88805c104000 [ 372.414296][ C0] FS: 00007fb9f63656c0(0000) GS:ffff888124752000(0000) knlGS:0000000000000000 [ 372.414310][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 372.414319][ C0] CR2: 0000556421742aa8 CR3: 0000000077b59000 CR4: 00000000003526f0 [ 372.414328][ C0] DR0: 0000000000000007 DR1: 0000000000000001 DR2: 0000000000000002 [ 372.414336][ C0] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 372.414344][ C0] Call Trace: [ 372.414348][ C0] [ 372.414354][ C0] lock_release+0x201/0x2f0 [ 372.414374][ C0] _raw_spin_unlock+0x16/0x50 [ 372.414389][ C0] advance_sched+0x62b/0xc80 [ 372.414410][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 372.414424][ C0] ? __pfx_advance_sched+0x10/0x10 [ 372.414438][ C0] __hrtimer_run_queues+0x202/0xad0 [ 372.414456][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 372.414469][ C0] ? read_tsc+0x9/0x20 [ 372.414484][ C0] ? rcu_is_watching+0x12/0xc0 [ 372.414500][ C0] hrtimer_interrupt+0x397/0x8e0 [ 372.414519][ C0] __sysvec_apic_timer_interrupt+0x108/0x3f0 [ 372.414541][ C0] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 372.414558][ C0] [ 372.414562][ C0] [ 372.414567][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 372.414581][ C0] RIP: 0010:console_flush_all+0x9a2/0xc60 [ 372.414598][ C0] Code: 00 e8 a2 9b 28 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 50 c6 20 00 48 85 db 0f 85 55 01 00 00 e8 d2 ca 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 17 a7 87 [ 372.414611][ C0] RSP: 0018:ffffc90003e4efc0 EFLAGS: 00000283 [ 372.414620][ C0] RAX: ffffffff8f2eba98 RBX: 0000000000000000 RCX: ffffc9000c229000 [ 372.414629][ C0] RDX: 0000000000080000 RSI: ffffffff819b52ce RDI: 0000000000000007 [ 372.414638][ C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 372.414645][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8f2eba98 [ 372.414654][ C0] R13: ffffffff8f2eba40 R14: ffffc90003e4f050 R15: dffffc0000000000 [ 372.414671][ C0] ? console_flush_all+0x99e/0xc60 [ 372.414690][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 372.414709][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 372.414728][ C0] console_unlock+0xd8/0x210 [ 372.414742][ C0] ? __pfx_console_unlock+0x10/0x10 [ 372.414757][ C0] ? _printk+0xc7/0x100 [ 372.414768][ C0] ? __down_trylock_console_sem+0xb0/0x140 [ 372.414782][ C0] vprintk_emit+0x418/0x6d0 [ 372.414798][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 372.414816][ C0] _printk+0xc7/0x100 [ 372.414827][ C0] ? __pfx__printk+0x10/0x10 [ 372.414843][ C0] br_multicast_set_startup_query_intvl+0xe4/0x120 [ 372.414866][ C0] br_changelink+0xfdc/0x1710 [ 372.414883][ C0] ? __pfx_br_changelink+0x10/0x10 [ 372.414900][ C0] ? ns_capable+0xd7/0x110 [ 372.414930][ C0] ? netlink_ns_capable+0xfa/0x130 [ 372.414949][ C0] ? __pfx_br_changelink+0x10/0x10 [ 372.414964][ C0] rtnl_newlink+0x129b/0x2000 [ 372.414988][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 372.415005][ C0] ? find_held_lock+0x2b/0x80 [ 372.415020][ C0] ? avc_has_perm_noaudit+0x117/0x3b0 [ 372.415043][ C0] ? avc_has_perm_noaudit+0x149/0x3b0 [ 372.415064][ C0] ? cred_has_capability.isra.0+0x193/0x2f0 [ 372.415089][ C0] ? find_held_lock+0x2b/0x80 [ 372.415103][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 372.415120][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 372.415138][ C0] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 372.415156][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 372.415174][ C0] rtnetlink_rcv_msg+0x95e/0xe90 [ 372.415194][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 372.415215][ C0] ? ref_tracker_free+0x37c/0x830 [ 372.415235][ C0] netlink_rcv_skb+0x158/0x420 [ 372.415249][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 372.415268][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 372.415285][ C0] ? netlink_deliver_tap+0x1ae/0xd30 [ 372.415307][ C0] netlink_unicast+0x53a/0x7f0 [ 372.415321][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 372.415336][ C0] netlink_sendmsg+0x8d1/0xdd0 [ 372.415351][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 372.415367][ C0] ____sys_sendmsg+0xa95/0xc70 [ 372.415382][ C0] ? copy_msghdr_from_user+0x10a/0x160 [ 372.415400][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 372.415416][ C0] ? __pfx_futex_wake_mark+0x10/0x10 [ 372.415431][ C0] ___sys_sendmsg+0x134/0x1d0 [ 372.415449][ C0] ? __pfx____sys_sendmsg+0x10/0x10 [ 372.415466][ C0] ? __lock_acquire+0x622/0x1c90 [ 372.415497][ C0] __sys_sendmsg+0x16d/0x220 [ 372.415515][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 372.415532][ C0] ? __x64_sys_futex+0x1e0/0x4c0 [ 372.415557][ C0] do_syscall_64+0xcd/0x4c0 [ 372.415576][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.415589][ C0] RIP: 0033:0x7fb9f558e929 [ 372.415602][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.415614][ C0] RSP: 002b:00007fb9f6365038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 372.415626][ C0] RAX: ffffffffffffffda RBX: 00007fb9f57b5fa0 RCX: 00007fb9f558e929 [ 372.415635][ C0] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000007 [ 372.415643][ C0] RBP: 00007fb9f5610b39 R08: 0000000000000000 R09: 0000000000000000 [ 372.415651][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 372.415659][ C0] R13: 0000000000000000 R14: 00007fb9f57b5fa0 R15: 00007ffde27f7af8 [ 372.415678][ C0] [ 508.589783][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 225s! [udevd:5823] [ 508.589807][ C1] Modules linked in: [ 508.589818][ C1] irq event stamp: 2160844 [ 508.589824][ C1] hardirqs last enabled at (2160843): [] irqentry_exit+0x3b/0x90 [ 508.589858][ C1] hardirqs last disabled at (2160844): [] sysvec_apic_timer_interrupt+0xe/0xc0 [ 508.589882][ C1] softirqs last enabled at (2160842): [] handle_softirqs+0x5be/0x8e0 [ 508.589904][ C1] softirqs last disabled at (2160571): [] __irq_exit_rcu+0x109/0x170 [ 508.589929][ C1] CPU: 1 UID: 0 PID: 5823 Comm: udevd Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 508.589949][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 508.589959][ C1] RIP: 0010:smp_call_function_many_cond+0xd84/0x1510 [ 508.589981][ C1] Code: 46 48 8b 14 24 49 89 d6 49 89 d5 49 c1 ee 03 41 83 e5 07 4d 01 e6 41 83 c5 03 e8 f7 1b 0c 00 f3 90 41 0f b6 06 41 38 c5 7c 08 <84> c0 0f 85 6f 05 00 00 8b 43 08 31 ff 83 e0 01 89 c5 89 c6 e8 13 [ 508.589997][ C1] RSP: 0000:ffffc9000427f8c8 EFLAGS: 00000206 [ 508.590009][ C1] RAX: 0000000000000000 RBX: ffff8880b84421e0 RCX: ffffffff81b001cd [ 508.590019][ C1] RDX: ffff888025204880 RSI: ffffffff81b001a9 RDI: 0000000000000005 [ 508.590030][ C1] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 508.590040][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 508.590049][ C1] R13: 0000000000000003 R14: ffffed101708843d R15: ffff8880b853b580 [ 508.590060][ C1] FS: 00007f3a461a2880(0000) GS:ffff888124852000(0000) knlGS:0000000000000000 [ 508.590076][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 508.590086][ C1] CR2: 0000556421724fe8 CR3: 000000005d53f000 CR4: 00000000003526f0 [ 508.590097][ C1] DR0: 0000000000000007 DR1: 0000000000000001 DR2: 0000000000000002 [ 508.590106][ C1] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 508.590116][ C1] Call Trace: [ 508.590122][ C1] [ 508.590129][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 508.590158][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 508.590183][ C1] ? lock_acquire+0x179/0x350 [ 508.590211][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 508.590228][ C1] ? __pfx_should_flush_tlb+0x10/0x10 [ 508.590246][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 508.590267][ C1] flush_tlb_mm_range+0x4a0/0x1790 [ 508.590286][ C1] ? page_table_check_clear+0x362/0x740 [ 508.590313][ C1] ? __page_table_check_pte_clear+0xa9/0x100 [ 508.590335][ C1] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 508.590356][ C1] ? __pfx_pte_mkwrite+0x10/0x10 [ 508.590374][ C1] ptep_clear_flush+0x136/0x180 [ 508.590400][ C1] do_wp_page+0x1683/0x4f20 [ 508.590432][ C1] ? __pfx_do_wp_page+0x10/0x10 [ 508.590459][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 508.590483][ C1] __handle_mm_fault+0x2223/0x5490 [ 508.590508][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 508.590525][ C1] ? lock_vma_under_rcu+0x47d/0x970 [ 508.590543][ C1] ? lock_vma_under_rcu+0x47d/0x970 [ 508.590579][ C1] handle_mm_fault+0x589/0xd10 [ 508.590598][ C1] ? __pkru_allows_pkey+0x41/0xb0 [ 508.590627][ C1] do_user_addr_fault+0x60c/0x1370 [ 508.590652][ C1] ? rcu_is_watching+0x12/0xc0 [ 508.590674][ C1] exc_page_fault+0x5c/0xb0 [ 508.590695][ C1] asm_exc_page_fault+0x26/0x30 [ 508.590711][ C1] RIP: 0033:0x7f3a45ab5db7 [ 508.590725][ C1] Code: 00 00 00 41 55 48 89 d0 49 89 fd 41 54 49 89 f4 53 4c 89 c3 48 83 ec 10 48 39 4f 60 0f 84 c1 00 00 00 42 f6 44 01 08 01 74 59 <48> 83 61 08 fe 48 3d ff 03 00 00 76 69 49 8b 55 70 49 8d 75 60 48 [ 508.590740][ C1] RSP: 002b:00007ffecf11d110 EFLAGS: 00010202 [ 508.590752][ C1] RAX: 0000000000006010 RBX: 00000000000001f0 RCX: 0000556421724fe0 [ 508.590762][ C1] RDX: 0000000000006010 RSI: 000055642171efd0 RDI: 00007f3a45bf1ac0 [ 508.590772][ C1] RBP: 00007f3a45bf1ac0 R08: 00000000000001f0 R09: 0000000000000000 [ 508.590781][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 000055642171efd0 [ 508.590791][ C1] R13: 00007f3a45bf1ac0 R14: 00000000000001f0 R15: 00007f3a45bf1ac0 [ 508.590814][ C1] [ 508.590822][ C1] Sending NMI from CPU 1 to CPUs 0: [ 508.590847][ C0] NMI backtrace for cpu 0 [ 508.590857][ C0] CPU: 0 UID: 0 PID: 8590 Comm: syz.7.665 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 508.590872][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 508.590880][ C0] RIP: 0010:lock_acquire+0x4e/0x350 [ 508.590899][ C0] Code: 48 8b 05 3d 63 34 12 48 89 44 24 30 31 c0 66 90 65 8b 05 59 63 34 12 83 f8 07 0f 87 bc 02 00 00 89 c0 48 0f a3 05 62 95 0f 0f <0f> 82 74 02 00 00 8b 35 4a c7 0f 0f 85 f6 0f 85 8d 00 00 00 48 8b [ 508.590911][ C0] RSP: 0018:ffffc90000007c90 EFLAGS: 00000097 [ 508.590921][ C0] RAX: 0000000000000000 RBX: ffffffff9afaf6e0 RCX: 0000000000000000 [ 508.590929][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9afaf6e0 [ 508.590937][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 508.590945][ C0] R10: 0000000000000000 R11: ffffffff9afaf6c8 R12: 0000000000000001 [ 508.590953][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 508.590961][ C0] FS: 00007fb9f63656c0(0000) GS:ffff888124752000(0000) knlGS:0000000000000000 [ 508.590975][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 508.590984][ C0] CR2: 0000556421742aa8 CR3: 0000000077b59000 CR4: 00000000003526f0 [ 508.590993][ C0] DR0: 0000000000000007 DR1: 0000000000000001 DR2: 0000000000000002 [ 508.591000][ C0] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 508.591009][ C0] Call Trace: [ 508.591013][ C0] [ 508.591018][ C0] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 508.591043][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 508.591060][ C0] ? debug_object_activate+0x14c/0x4c0 [ 508.591079][ C0] debug_object_activate+0x14c/0x4c0 [ 508.591101][ C0] ? __pfx_debug_object_activate+0x10/0x10 [ 508.591123][ C0] ? do_raw_spin_lock+0x12c/0x2b0 [ 508.591136][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 508.591151][ C0] enqueue_hrtimer+0x23/0x3b0 [ 508.591166][ C0] __hrtimer_run_queues+0x8ff/0xad0 [ 508.591183][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 508.591197][ C0] ? read_tsc+0x9/0x20 [ 508.591212][ C0] ? rcu_is_watching+0x12/0xc0 [ 508.591229][ C0] hrtimer_interrupt+0x397/0x8e0 [ 508.591248][ C0] __sysvec_apic_timer_interrupt+0x108/0x3f0 [ 508.591269][ C0] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 508.591285][ C0] [ 508.591289][ C0] [ 508.591295][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 508.591308][ C0] RIP: 0010:console_flush_all+0x9a2/0xc60 [ 508.591325][ C0] Code: 00 e8 a2 9b 28 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 50 c6 20 00 48 85 db 0f 85 55 01 00 00 e8 d2 ca 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 17 a7 87 [ 508.591337][ C0] RSP: 0018:ffffc90003e4efc0 EFLAGS: 00000283 [ 508.591346][ C0] RAX: ffffffff8f2eba98 RBX: 0000000000000000 RCX: ffffc9000c229000 [ 508.591359][ C0] RDX: 0000000000080000 RSI: ffffffff819b52ce RDI: 0000000000000007 [ 508.591368][ C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000 [ 508.591376][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8f2eba98 [ 508.591384][ C0] R13: ffffffff8f2eba40 R14: ffffc90003e4f050 R15: dffffc0000000000 [ 508.591396][ C0] ? console_flush_all+0x99e/0xc60 [ 508.591415][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 508.591433][ C0] ? is_printk_cpu_sync_owner+0x32/0x40 [ 508.591451][ C0] console_unlock+0xd8/0x210 [ 508.591465][ C0] ? __pfx_console_unlock+0x10/0x10 [ 508.591480][ C0] ? _printk+0xc7/0x100 [ 508.591491][ C0] ? __down_trylock_console_sem+0xb0/0x140 [ 508.591504][ C0] vprintk_emit+0x418/0x6d0 [ 508.591520][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 508.591538][ C0] _printk+0xc7/0x100 [ 508.591549][ C0] ? __pfx__printk+0x10/0x10 [ 508.591564][ C0] br_multicast_set_startup_query_intvl+0xe4/0x120 [ 508.591588][ C0] br_changelink+0xfdc/0x1710 [ 508.591604][ C0] ? __pfx_br_changelink+0x10/0x10 [ 508.591620][ C0] ? ns_capable+0xd7/0x110 [ 508.591635][ C0] ? netlink_ns_capable+0xfa/0x130 [ 508.591654][ C0] ? __pfx_br_changelink+0x10/0x10 [ 508.591669][ C0] rtnl_newlink+0x129b/0x2000 [ 508.591691][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 508.591708][ C0] ? find_held_lock+0x2b/0x80 [ 508.591724][ C0] ? avc_has_perm_noaudit+0x117/0x3b0 [ 508.591747][ C0] ? avc_has_perm_noaudit+0x149/0x3b0 [ 508.591767][ C0] ? cred_has_capability.isra.0+0x193/0x2f0 [ 508.591792][ C0] ? find_held_lock+0x2b/0x80 [ 508.591806][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 508.591823][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 508.591840][ C0] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 508.591859][ C0] ? __pfx_rtnl_newlink+0x10/0x10 [ 508.591877][ C0] rtnetlink_rcv_msg+0x95e/0xe90 [ 508.591896][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 508.591917][ C0] ? ref_tracker_free+0x37c/0x830 [ 508.591937][ C0] netlink_rcv_skb+0x158/0x420 [ 508.591950][ C0] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 508.591968][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 508.591985][ C0] ? netlink_deliver_tap+0x1ae/0xd30 [ 508.592006][ C0] netlink_unicast+0x53a/0x7f0 [ 508.592020][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 508.592035][ C0] netlink_sendmsg+0x8d1/0xdd0 [ 508.592050][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.592067][ C0] ____sys_sendmsg+0xa95/0xc70 [ 508.592081][ C0] ? copy_msghdr_from_user+0x10a/0x160 [ 508.592099][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 508.592113][ C0] ? __pfx_futex_wake_mark+0x10/0x10 [ 508.592128][ C0] ___sys_sendmsg+0x134/0x1d0 [ 508.592145][ C0] ? __pfx____sys_sendmsg+0x10/0x10 [ 508.592161][ C0] ? __lock_acquire+0x622/0x1c90 [ 508.592191][ C0] __sys_sendmsg+0x16d/0x220 [ 508.592209][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 508.592225][ C0] ? __x64_sys_futex+0x1e0/0x4c0 [ 508.592251][ C0] do_syscall_64+0xcd/0x4c0 [ 508.592271][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.592283][ C0] RIP: 0033:0x7fb9f558e929 [ 508.592295][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.592306][ C0] RSP: 002b:00007fb9f6365038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 508.592318][ C0] RAX: ffffffffffffffda RBX: 00007fb9f57b5fa0 RCX: 00007fb9f558e929 [ 508.592326][ C0] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000007 [ 508.592334][ C0] RBP: 00007fb9f5610b39 R08: 0000000000000000 R09: 0000000000000000 [ 508.592342][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 508.592349][ C0] R13: 0000000000000000 R14: 00007fb9f57b5fa0 R15: 00007ffde27f7af8 [ 508.592367][ C0] [ 508.592843][ C1] Kernel panic - not syncing: softlockup: hung tasks [ 508.592856][ C1] CPU: 1 UID: 0 PID: 5823 Comm: udevd Tainted: G L 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 508.592878][ C1] Tainted: [L]=SOFTLOCKUP [ 508.592884][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 508.592893][ C1] Call Trace: [ 508.592900][ C1] [ 508.592906][ C1] dump_stack_lvl+0x3d/0x1f0 [ 508.592931][ C1] panic+0x71c/0x800 [ 508.592956][ C1] ? __pfx_panic+0x10/0x10 [ 508.592977][ C1] ? __pfx__printk+0x10/0x10 [ 508.592994][ C1] ? nmi_backtrace_stall_check+0x6e/0x540 [ 508.593020][ C1] ? irq_work_queue+0xce/0x100 [ 508.593042][ C1] ? watchdog_timer_fn+0x5f9/0x7d0 [ 508.593062][ C1] ? watchdog_timer_fn+0x5ec/0x7d0 [ 508.593084][ C1] watchdog_timer_fn+0x60a/0x7d0 [ 508.593105][ C1] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 508.593123][ C1] __hrtimer_run_queues+0x5ea/0xad0 [ 508.593147][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 508.593164][ C1] ? read_tsc+0x9/0x20 [ 508.593188][ C1] hrtimer_interrupt+0x397/0x8e0 [ 508.593217][ C1] __sysvec_apic_timer_interrupt+0x108/0x3f0 [ 508.593243][ C1] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 508.593264][ C1] [ 508.593269][ C1] [ 508.593276][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 508.593294][ C1] RIP: 0010:smp_call_function_many_cond+0xd84/0x1510 [ 508.593314][ C1] Code: 46 48 8b 14 24 49 89 d6 49 89 d5 49 c1 ee 03 41 83 e5 07 4d 01 e6 41 83 c5 03 e8 f7 1b 0c 00 f3 90 41 0f b6 06 41 38 c5 7c 08 <84> c0 0f 85 6f 05 00 00 8b 43 08 31 ff 83 e0 01 89 c5 89 c6 e8 13 [ 508.593329][ C1] RSP: 0000:ffffc9000427f8c8 EFLAGS: 00000206 [ 508.593341][ C1] RAX: 0000000000000000 RBX: ffff8880b84421e0 RCX: ffffffff81b001cd [ 508.593352][ C1] RDX: ffff888025204880 RSI: ffffffff81b001a9 RDI: 0000000000000005 [ 508.593361][ C1] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 508.593371][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000 [ 508.593381][ C1] R13: 0000000000000003 R14: ffffed101708843d R15: ffff8880b853b580 [ 508.593398][ C1] ? smp_call_function_many_cond+0xd9d/0x1510 [ 508.593419][ C1] ? smp_call_function_many_cond+0xd79/0x1510 [ 508.593442][ C1] ? smp_call_function_many_cond+0xd79/0x1510 [ 508.593462][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 508.593490][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 508.593515][ C1] ? lock_acquire+0x179/0x350 [ 508.593542][ C1] ? __pfx_flush_tlb_func+0x10/0x10 [ 508.593560][ C1] ? __pfx_should_flush_tlb+0x10/0x10 [ 508.593579][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 508.593601][ C1] flush_tlb_mm_range+0x4a0/0x1790 [ 508.593625][ C1] ? page_table_check_clear+0x362/0x740 [ 508.593650][ C1] ? __page_table_check_pte_clear+0xa9/0x100 [ 508.593673][ C1] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 508.593695][ C1] ? __pfx_pte_mkwrite+0x10/0x10 [ 508.593715][ C1] ptep_clear_flush+0x136/0x180 [ 508.593739][ C1] do_wp_page+0x1683/0x4f20 [ 508.593771][ C1] ? __pfx_do_wp_page+0x10/0x10 [ 508.593799][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 508.593823][ C1] __handle_mm_fault+0x2223/0x5490 [ 508.593848][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 508.593867][ C1] ? lock_vma_under_rcu+0x47d/0x970 [ 508.593886][ C1] ? lock_vma_under_rcu+0x47d/0x970 [ 508.593923][ C1] handle_mm_fault+0x589/0xd10 [ 508.593943][ C1] ? __pkru_allows_pkey+0x41/0xb0 [ 508.593966][ C1] do_user_addr_fault+0x60c/0x1370 [ 508.593992][ C1] ? rcu_is_watching+0x12/0xc0 [ 508.594014][ C1] exc_page_fault+0x5c/0xb0 [ 508.594036][ C1] asm_exc_page_fault+0x26/0x30 [ 508.594051][ C1] RIP: 0033:0x7f3a45ab5db7 [ 508.594063][ C1] Code: 00 00 00 41 55 48 89 d0 49 89 fd 41 54 49 89 f4 53 4c 89 c3 48 83 ec 10 48 39 4f 60 0f 84 c1 00 00 00 42 f6 44 01 08 01 74 59 <48> 83 61 08 fe 48 3d ff 03 00 00 76 69 49 8b 55 70 49 8d 75 60 48 [ 508.594078][ C1] RSP: 002b:00007ffecf11d110 EFLAGS: 00010202 [ 508.594090][ C1] RAX: 0000000000006010 RBX: 00000000000001f0 RCX: 0000556421724fe0 [ 508.594101][ C1] RDX: 0000000000006010 RSI: 000055642171efd0 RDI: 00007f3a45bf1ac0 [ 508.594111][ C1] RBP: 00007f3a45bf1ac0 R08: 00000000000001f0 R09: 0000000000000000 [ 508.594121][ C1] R10: 0000000000000000 R11: 0000000000000202 R12: 000055642171efd0 [ 508.594132][ C1] R13: 00007f3a45bf1ac0 R14: 00000000000001f0 R15: 00007f3a45bf1ac0 [ 508.594155][ C1] [ 509.691654][ C1] Shutting down cpus with NMI [ 509.691935][ C1] Kernel Offset: disabled