last executing test programs: 13.39899215s ago: executing program 4 (id=929): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, 0x0, 0x0, 0x8, 0x0) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffed]}, 0x0, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xa6}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="04ff06aaaaaaaaaa10428a460391b9b6ea6881be6f01d7b69ce472957627f1aa0759d2573563fff74bed738cd2c57613ff8ec5efe05ad53effcfc4dc5b4a386be5a7523d8a068bb5b6ded6b6b97b39e93b733734c216019864d48d64321674140163e25e9dfa2e4c154d5f8ba97278000000000000000000"], 0x9) syz_emit_vhci(0x0, 0x0) r3 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffed]}, 0x0, 0x8) getpid() kexec_load(0xf5, 0x1, &(0x7f0000000b80)=[{0x0, 0x0, 0x0, 0x1000}], 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r3, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000200)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x26e, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0, 0x0], 0x0, 0xd9, &(0x7f0000000500)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0x2b, 0x8, 0x8, &(0x7f0000000600)}}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x70, '\x00', 0x0, @fallback=0x34, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94) write$qrtrtun(r1, &(0x7f0000000380)="63cf8676097c91c58be03f4e99138d5844db2f6d4c610900178406f90e72da3fc5f38c9e7907d84c5773b96f33b84f39cd888682c4cd00"/70, 0x46) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, 0x0, &(0x7f0000000240)=[0x2]}}, 0x40) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x97052, 0xffffffffffffffff, 0x0) r6 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000c8549b407c2c0e032881050203010902240001000000000904000002ff18d40009050602ff0300000009058202080600000002c1b8c3873406a5e5bc8dfbb837a3c1e1551235fb67ec12a773567f3d1cd2b37d9d00add23ba318a20f5eacf82d2ae3ce58fdf1d9e201e7788a5685ee8f6c0e19fbedd8df77414892e4378f119578d42399b3f2687b96464165c73f591a3c6a1715a9e3c3d1d63cc962b074577becc0aebc10e1d170920508ab575151"], 0x0) write$cgroup_freezer_state(r6, &(0x7f0000000040)='FROZEN\x00', 0x7) mkdirat$cgroup(r0, &(0x7f00000000c0)='syz1\x00', 0x1ff) sendfile(r6, r6, 0x0, 0x9) 10.247690929s ago: executing program 2 (id=946): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) chdir(0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80000001}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f00000196c0)=""/102395, 0x18ffb) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000010000108000000000000c300003c5b00", @ANYRES32=0x0, @ANYBLOB="000000009002010008001b0000010000"], 0x28}, 0x1, 0x0, 0x0, 0x11}, 0x4008040) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000240)={0x400, 0x30, 0xf0, 0x0, 0x0, 0x1f, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="341600001000030400000000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="0008000007500500000010000f0000000000140069703665727370616e3000000000000000001980000005003b927ac1c9bec9ab17e3a6936b44342500001880000001800000060004000000000004002ec90e291d620bcb5a45b2aa7612e07300000100050000000000018000000200287d2a237b2c5d000000050029056e583ca2da1179df633462bb458f00000500181b37fef26f1326d7d74984cf7945c800000500a3a55f62b38fd1a6e19ba08b593cb05800000500ab5e3599fe1b536446a6a13d484f49da0000018000000500702ff3a4435b449a1c85a5d8fefc8d3a000004008a4114234ad37d1b67ec482523b190e50000060006000000000002002f6465762f6370752f232f6d7372000000000500b89487879c1f70b247a0308ed81a56d20000018000000100fcffffff00000600030000000000040050d087d287e207c70a0c94f9fd402c72000002002f6465762f6370752f232f6d7372000000000600000000000000060002000000000006007f000000000002002f6465762f6370752f232f6d7372000000000600070000000000010004000000"], 0x1e}, 0x1, 0x0, 0x0, 0x900}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r5, &(0x7f0000000240)=':', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x8, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000000)='veno\x00', 0x5) writev(r5, 0x0, 0x0) r6 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r6, &(0x7f0000000000), 0x10) bind$can_raw(r6, &(0x7f0000000080), 0x10) shutdown(r5, 0x1) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) write$6lowpan_enable(r4, &(0x7f00000000c0)='1', 0x1) clock_gettime(0x6, &(0x7f0000000100)) 9.702040244s ago: executing program 4 (id=947): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000005300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="1400000016000b63d25a80648c25940121", 0x11}, {&(0x7f0000000280)="e26248", 0x3}], 0x2}, 0x40050) syz_emit_ethernet(0x6a, &(0x7f00000002c0)={@broadcast, @random="17043a73dbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x64, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @redirect={0x5, 0x2, 0x0, @multicast1, {0x10, 0x4, 0x1, 0x8, 0x3, 0x65, 0x8, 0x9, 0x32, 0x403c, @broadcast, @empty, {[@timestamp_addr={0x44, 0x2c, 0x40, 0x1, 0x1, [{@rand_addr=0x64010100, 0x7fff}, {@loopback, 0x3f}, {@private=0xa010102, 0x2}, {@multicast2, 0xab}, {@local, 0x7}]}]}}}}}}}, 0x0) 9.589572305s ago: executing program 4 (id=949): syz_open_dev$cec(0x0, 0xffffffffffffffff, 0xd2ec0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) creat(0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r1, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) bind$inet6(r3, 0x0, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x5d031, 0xffffffffffffffff, 0x0) 9.5360814s ago: executing program 3 (id=950): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000fff000/0x1000)=nil, 0x930, 0x3000003, 0x2012, r3, 0x4000) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=@getneightbl={0x14, 0x2e, 0x201}, 0x14}}, 0x0) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x2701, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0xfffffffe, "94c465203d36be01d7000000000000e1100ad985544d00"}) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r7 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) fcntl$setsig(r7, 0xa, 0x21) fcntl$setlease(r1, 0x400, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b50a0000000000007910480000000000610410000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) r8 = socket(0x10, 0x3, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) write$binfmt_aout(r6, &(0x7f00000000c0)=ANY=[@ANYRES16=r8, @ANYRES8, @ANYRESDEC=r3], 0xff2e) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000040)=0xfc) mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[]) splice(r0, &(0x7f0000000040)=0x1, r0, &(0x7f0000000140)=0x6, 0x3, 0x1) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a0000000600010011"], 0x1c}}, 0x800) 9.010890605s ago: executing program 4 (id=951): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x2}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000300)={r1, 0x5}, 0x8) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000700)=ANY=[@ANYRESHEX=r2, @ANYBLOB="281fad5f857eee248af570918bb233d04aad0c5898e5b3de2b9c0d40c3edea9e1d32ed48557afba8fad8288193c3b0aa9778d1c5de480f0838515524347e7b50fd4573935589578e86b6926f57f4d65ae5a0c8e7c590645f9ca37da230d590e00e9d6c8fcbd34492fffb82758a6631076954275befdd60409d9bd9529e40e43bbe0ea0e07ed5d8abd0f7aa21439339afa015d81afbd45143452c0d18fc071cd687a37f0739fe931da4bfa6a79bd1067c7c66c05dc8b005374d0eb9d5807ab502199a7cc9fc4919c79f72ca1e0affec1e74f85c198021a8a1e0ef22b1a0ef1fe3d8f57049a607347cbdd47c517c7294b4fef1fb9ad9eed1d36e9351ec", @ANYBLOB="056d08007bbf1edf24060000000000300012800b400100627231d5676500d8f8b48ae05c70c72edfc823319015d155f61406"], 0x6c}}, 0x0) r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000321000/0x2000)=nil, 0x2000, 0xb635773f03ebbee2, 0x80010, r2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x0, 0x4080) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_wakeup_irq', 0x0, 0xb) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x8000}}) r8 = landlock_create_ruleset(&(0x7f0000000000)={0x6084}, 0x10, 0x0) landlock_restrict_self(r8, 0x0) truncate(&(0x7f0000000680)='./file0\x00', 0x40003e) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_GET(r9, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="b800000001090103"], 0xb8}, 0x1, 0x0, 0x0, 0x4810}, 0x4) r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/profiling', 0xa0442, 0x10) ppoll(&(0x7f0000000080)=[{r10, 0x1201}], 0x1, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_DELETE(r10, &(0x7f0000000380)={0x2c, 0x6, 0x0, {0x6, 0x2, 0x3, 0x0, 'syz'}}, 0x2c) r11 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r3) add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000280)={'fscrypt:', @auto=[0x0, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32]}, &(0x7f0000000180)={0x0, "de8d0d27ca969fa15f8b3b7bae39c1b3327d4332f8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd"}, 0x48, r11) 8.855410273s ago: executing program 3 (id=952): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, 0x0, 0x2) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x20940, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd2(0x0, 0x80000) syz_usb_connect(0x0, 0x1cb, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket$inet_mptcp(0x2, 0x1, 0x106) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r6 = eventfd(0x0) r7 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r7, &(0x7f0000000140), 0x10) r8 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679a, 0x400, 0x2000006, 0x3ce}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r7, 0x0, &(0x7f0000000240)="144024aeae8b2b5d63f7449a372e1406d4defe495b5744eed6801d1d51e1d3fcdcf25bdf4a5f2ef4b45d6898757795c858f0c3d4b26bd644", 0x38, 0x2400c0c7, 0x1}) io_uring_enter(r8, 0x3516, 0x0, 0x0, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000000)={0x7c, 0x3000, 0x4, r4}) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r12, @ANYBLOB="0800a0009e09000008009f000400000008002600800900000800a1000519"], 0x3c}}, 0x0) r14 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r14) socket$phonet_pipe(0x23, 0x5, 0x2) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0xfffff655, @mcast2, 0x7}, 0x1c) write$cgroup_pid(r14, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 8.682782573s ago: executing program 2 (id=955): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$kcm(0x29, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001cc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123f51c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e3962dcddef6af1a11972a6b4975022278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd0971d379380bf63432872cfed453870000b219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d3f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d3112874ec51d6fe048ba6866adebab53168770a71ad901ace383e7927de217d6bf74daf41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafce5c1b3f97a297c9e490f241999085afabdd529f62ca0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637f99f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec737555392a0b06491cba71f897144910fe050038ec9e475e89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb6179d257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0117c9b737b9b59418006c1bc1aafa2768e82597251e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b101000f49e298727340e87cdefb40e56e9cfad973347d0de7ba4754ff231a1b933d8f931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf444b032dad13007b82e6044f643fc8cd07a97e2bbe636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935f602325984386b21b96492ae662082b56cf666e63a757c0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e71338a40c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2603bfab96831957a08e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d01af43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627ebe92d48aa5fc0a7bf1b5108b34d22ad004de8274c22c8ba823d964969c9f02bb78c598fa8701b000884de710b54e5ab2e8ff0c7ae23e0b601ac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105b65007c8ff1f00a8ce7e31f7c9c3e3fa61aab967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa1904122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700ba363ca3182105960bef3378a980000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450cfe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c32e4f1f22af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b404797056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa58291c4eb9d4e08ad7a9c5f04be1ab59719a8200007bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b7f76c78ba0b44ec0bdfa0d32d7030000003a073b12eb579032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e02b7cd25385f3b9628471b4364987b0b2c82a8b0f976387ebb62ead0e1b761e6ec9b824fe006ea52c0c469e3bd8fed05a486bd5511144ebb63d56d61da5fcb58e196a8923edaf228b0cb96b856b15c90b154494fb0cff768b3417fcc89acb9b9b4f8581c82ff3121b5920f4e71508eea4341ec618f4d9110928ea8dd17e36f3beb0c07d911c00eb4054ad48cab563c5ad97d732c3653635df7600091973d44ff94ac6d670ecc085501bd91b586adf858b41d918fd58f8577adb541857dbbf33be97c4809c6595ebfff19b34cec7fd877e8f2aad6a1a6a4ec6dbb3de42bb2e75b4768d139d7b7ff5d51e6863b6704901b59fd92495608395fce98c267a3846b67e7a5b57d995e07dca8db555aea5a0f6f1cd85d791f22d06ff37fcbb22b2d9296b36faee22e513b276fc8494ce31699343278aa8f531ee549d2ba495059c80d5748d8a0cb19df27338aaafbf0849c31572d17a786383b3f619212651a076e5148fa6421f5405e65ee31e6fbd510d92c17fe12a7f203066848e2a9adef66ad7ae8edea20fb8c7233de3736949e15b88699c2f8576060cf95d2593828abde6e2eed2a717655782ae9e589f5de9792c810ec07a842bca96e594f13211eae7ee1919b7af1e33ff726792cbb1366fb8a3684370e35122b0ad40f55846ca7d39cf6f9a1cfa5460f537e89e1c5f3cd10a3d8ae3ecec0c7e4114aec30742d88f313d74447723808da0889e34b31c13a79b8bb105cdcb234d56246bbf003c0ad03ff20f573df9604720d652b0a0cc5d90a284b5c7824bfdc4e3f18eaf9820ffbd8c4f32c8de631c181ab76505dac753fec759b0414cb3c5dfa02b6a3b93ff79bcf8c613b4a9124923e7e6ce74266fd78564000000000ce0d3ac2350502cf4a410152ee893d57622bee2b52df83cd30b4ae17d507fba05e7055db7e6d4cfc085773b900ca50bee4d49529f24bab389fb87fbb481340e8ce1810727212dc5e96d99de07611cb588a5d8b5c510c1f5b3fb568971646821b50dc2542003eb60a4ee9398ae4b6681c29cd921fb35b12ca111f12c59ac39dde4bf4f7524362304610979f5199ef9d271af60a421e29c6483423157ed4c2721123ddf33313a97ec1a55115b6df23157ad17b5e544db26c46d31b2e7375c37ace025955c9482e1ef841554c202c356842233c57c258f8f2043b4b6de433e8a2fb9365b65496c5777c1a1a223763d51190a24fb4047ad7ff6258f1b000000000000000000000000e0ef07726228fb150d09f697ee3db6cc096676225780d422fe917a5c57bedabb42399727b386e979dde3b7243dad1f78e8592937866cfc017f3a8ad31c53115fb7f3452bd3318c4a17cc80bcab32d9ed35273c3c930719ddb5b757f9d85cc86ddd"], &(0x7f0000000140)='GPL\x00'}, 0x48) r5 = socket$kcm(0x2, 0x1, 0x0) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000001c0)=r4, 0x4) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000140)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {0x0, 0x0, 0x0, 0xffffffff}, {0x3, 0x4, 0x20, 0x1000000}, {0x0, 0x2}, {0x0, 0x0, 0x0, 0x2}, {}, {0x3}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x7}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0) sendmsg$inet(r5, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x20000015) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000040)={r5, r4}) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000100)={r5}) 7.923332253s ago: executing program 4 (id=957): socket$can_j1939(0x1d, 0x2, 0x7) socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xa, &(0x7f00000001c0)={0x8, 0x88}, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x2682, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) ioctl$SNDRV_PCM_IOCTL_RESET(0xffffffffffffffff, 0x4141, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5}) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r5, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0) close(r6) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$can_j1939(0x1d, 0x2, 0x7) r7 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x2556, 0x1000, 0x2, 0x24d}, &(0x7f00000006c0)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r8, r9, 0x0) io_uring_enter(r7, 0x100847c0, 0x0, 0x10, 0x0, 0x0) 7.706040575s ago: executing program 2 (id=960): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f0000000480)={0x18}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x772, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) unshare(0x2c020400) write$FUSE_INIT(r3, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x1282, 0x400c6001, 0x5, 0x8, 0x10, 0xc40b, 0x0, 0x0, 0x40, 0x6}}, 0x50) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) 7.641386144s ago: executing program 3 (id=961): r0 = socket$kcm(0xa, 0x2, 0x73) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000010000100feffffff0001000000000000000000000000ffffe0000002fc0100000000000000000000000000010001071c4e23000200000000ff000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d66c0000000a01010100000000000000000000000000000000000000009201000000000000a39b000000000000ffff0000000000001c250000000000000300000000000000fcffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000fefffffffffffffffafffffffcffffff000000008000000002350000020001002000000000000000480003006465666c61746500000000000000000000000000000000000000000000000000960f000000000000000000000000000000000c00"/240], 0x138}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$inet(r0, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412", 0xe00}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2, &(0x7f00000011c0)=ANY=[@ANYBLOB="1400000000000000010000004100000002010000000000004800000000000000080000000700000010000034366567f2219787566400007300000000000000000000000008000000ef3820f3439cb150a3651e799e1459c9c9a7521737a8879e3ef4dca1e3c32158996e4b2abde5342e22f2ba8b679121ac0b0ad62ade31fb2c47f0bbf781eb8bd1e3064141e90e9eac25b189c0da98b676571bbeefba392c3e15a10e03dee4ae1dfe99793e51ec0c6bb5fa6d7b357d249502f5919ef251e5d0e5bed378265b8bd55fde4689cb509b14fa754813a27e72d175e8d677420e10d651833e6e2ab8168b1d633b1bb9a7d4d59ebdc7083d93d35cd469de", @ANYRES32=0x0, @ANYBLOB="e1212f0409000000e70bcf35ac837225dd355ad309a5ec6096633ba38e1ef5baf006020e5f45c993cb5680017c6720bea9b7c451516a8cff7f00000000000019f20b784b2336d43c8a0f7347801a596dfb0b078a967980ccec1d115c7a0000000000000000000000fed6260fdf140498f1274bc569d0d87656d0d18d903580f0ec0915e89bd286b2c25165043f6a001d53f84eaabf01cc310ff28c7c76867ce1a2c9c91b"], 0x6b}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r7 = getpid() sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknod(&(0x7f0000000080)='./bus\x00', 0x8000, 0x7) 6.558403266s ago: executing program 1 (id=962): r0 = socket(0x10, 0x80002, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r1, 0xc0384707, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0x1c}}, 0x0) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x41) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x1e2e81) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r4, 0x40bc5311, &(0x7f0000002500)={0x80, 0x2, 'client0\x00', 0xffffffff80000004, "00000000ffffffe3", "e4a18560d99f00", 0x800000, 0xfffffffc}) recvmsg(r2, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) recvmsg(r2, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5, 0x0, 0xfffffffffff77049}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r9 = socket(0x2, 0x80805, 0x0) r10 = getpid() r11 = syz_pidfd_open(r10, 0x0) setns(r11, 0x24020000) r12 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_pidfd_open(r12, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0xc, &(0x7f0000000180)=@assoc_value, &(0x7f00000001c0)=0xfffffffffffffffd) 6.556613101s ago: executing program 2 (id=963): syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) connect$tipc(0xffffffffffffffff, 0x0, 0x0) openat$ptp0(0xffffffffffffff9c, 0x0, 0x80042, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40186f40, &(0x7f0000000440)=0x1f) 6.551331472s ago: executing program 3 (id=964): r0 = socket$rds(0x15, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00'}) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYRES16], &(0x7f00000005c0)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r2 = socket(0x10, 0x3, 0x0) sendto$inet6(r2, &(0x7f00000007c0)="7800000018002507b9199b02ffff48000203be04020406050a02040c5c000900580006080a0000000d0085a168d0bf46d32345653600648d270015000a00000849935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000407160016000a0000000000e000e218d1dd3b6ed538f2523250", 0x78, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r1, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f0000000400)="cf2240e6919817e495", 0x0, 0x0, 0x8000}, 0x50) 6.499447829s ago: executing program 0 (id=965): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000001800dd8d00000000000000000200000000000005000000000600150001000000280016802400010000000000000000000004010020000000000000000000000000000000000001"], 0x4c}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r1) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=r3, @ANYRES32=r2, @ANYBLOB="26080071594900000003000000000000009a24440b6dc8c1c800000000", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000000)='nilfs2_mdt_insert_new_block\x00', r1}, 0x18) 6.480778704s ago: executing program 0 (id=966): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a72601"], 0x26c0}}, 0x4010) (fail_nth: 3) 5.949370654s ago: executing program 2 (id=967): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0xffffffffffffffff) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f00000003c0)={0x3}, 0x1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_open_dev$sndctrl(0x0, 0x0, 0x0) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) lstat(&(0x7f0000000400)='./cgroup\x00', &(0x7f0000000440)) setsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000540)=0x9, 0x4) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r4, 0xc0844123, &(0x7f0000000040)) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000fedbdf250f00000008000300", @ANYRES32, @ANYBLOB="08000600", @ANYRES32=r7, @ANYBLOB="f5834f202da8e3a8000a0000006d7f"], 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x8000) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='erofs\x00', 0x0, 0x0) 5.403436527s ago: executing program 1 (id=968): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c0000001800835e010000000000000002000000fd00fe020000000008000400", @ANYRES32=r2, @ANYBLOB="08002700ac141444"], 0x2c}, 0x1, 0xffffff7f}, 0x84) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r5, 0x84, 0x1, &(0x7f0000000000)={0x0, 0x1f}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) request_key(0x0, 0x0, 0x0, 0x0) r7 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r7, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4) listen(r7, 0x0) futex(0x0, 0x8, 0x2, 0x0, &(0x7f0000048000)=0x2, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000001a40)={0x1f, 0xffff, 0x3}, 0x6) write(r8, &(0x7f0000000000)="2e000300010000", 0x7) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000280)={0x8008, 0x0, 0x2002, 0x2b, 0x7, 0x0, 0x80, 0x1}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0xffad, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f0000000080)={0x10000000, 0x2}) 5.403020589s ago: executing program 3 (id=969): syz_usb_connect(0x0, 0x2d, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000880)=ANY=[@ANYRES8=r0, @ANYRES64, @ANYRESOCT, @ANYRES8], 0x1b0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x0) syz_io_uring_setup(0x1f10, &(0x7f00000003c0)={0x0, 0x19de, 0x800, 0x0, 0x212}, 0x0, &(0x7f00000001c0)) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r1, 0x89e4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket(0x10, 0x3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) exit(0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000680)={&(0x7f0000000340)=ANY=[@ANYBLOB="3000000068000500fdffffff00000000020000000e"], 0x30}, 0x1, 0x0, 0x0, 0xc001}, 0x8000) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xeaebf8747da83363}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x40, 0x17, 0xa, 0x1907, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x20000040) 2.850363321s ago: executing program 0 (id=970): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='sched_switch\x00', r0, 0x0, 0x400}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={0x30, r3, 0xc4fc9e906872338b, 0x20, 0x200, {{0x15}, {@void, @val={0xc, 0x99, {0x40, 0x52}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4, 0x3, 0x0, 0x0}]}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca0200000000000000adcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d070490893616810a121ff4feedd1d176b313b9fc7bf31ddff431a4a50760ce18a76c4b7aa73cec3eec984c76d16f798c436410f3f4a41715e736a132c3cb9421be0b3c2bd40b75896c007fa2d47e3d8392d905d582b8eff689b0f493770c91e8c2e8bd0b08ffa4fd0289b04b0ea024768d196ef721314d68d29988b01871c6ea39f95a0b77744caadd24867acab274e8e4bf3fb44df31e15ffdce52f9f60ffe"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000012c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r4, r5, 0x2f, 0x8, 0x4}, 0x20) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="52e06604e1cd8d5f21000000", @ANYRES16=r6, @ANYBLOB="0100000000000000000001000000000001800000070014000000100000000000010002000000000002000c0000000000080009000000000009001500000000000500000000000000028000000e004e220000000002004e24000000000e004e2400000000030004000000000002004e2200000000050005000000000003800000040006000000000003000200000000000600fe80000000000000000000000000003d00000400b8000000000003000400000000000500ffffffff00000180000006007272000000000300e000000200"/218], 0x14}}, 0x0) 2.641234789s ago: executing program 0 (id=971): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0xffffffffffff0000, 0x12b103) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000400)={0x0, @bt={0x2, 0xa410, 0x0, 0x0, 0x5f, 0x8001, 0x3, 0x3, 0x8, 0x4, 0xb, 0x6, 0x3ff, 0x8001, 0x2, 0xc, {0x3ff, 0xfffffffc}, 0x3, 0x4}}) 2.587476096s ago: executing program 1 (id=972): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ec0)={0x38, r0, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x72}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x38}}, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x4}, 0x6) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001280)=ANY=[@ANYBLOB='D'], 0x4c}}, 0x0) write$binfmt_misc(r2, &(0x7f0000001280), 0x6) 2.515781953s ago: executing program 0 (id=973): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) (async) r1 = gettid() timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000380)) (async) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x2010, 0xffffffffffffffff, 0x37dc5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$getownex(r4, 0x10, &(0x7f0000000180)) sendto$inet6(r5, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff) (async) add_key$fscrypt_v1(0x0, &(0x7f0000000440)={'fscrypt:', @desc3}, 0x0, 0x0, 0xfffffffffffffffe) (async) sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x30, 0x1, 0x4, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFULA_CFG_MODE={0xa, 0x2, {0x5}}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) (async) write$cgroup_int(r7, &(0x7f0000000040)=0x1c9, 0x12) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, &(0x7f0000000480)={&(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x80000}) r8 = io_uring_setup(0x4577, &(0x7f0000000540)={0x0, 0x988d, 0x8000, 0x2, 0x2be}) r9 = io_uring_setup(0x7fd0, &(0x7f00000004c0)={0x0, 0x3ed9, 0x2, 0x1, 0x32f, 0x0, r8}) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r9, 0x1e, &(0x7f0000000000)={r9}, 0x1) 2.505749994s ago: executing program 1 (id=974): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f0000000480)={0x18}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x772, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) unshare(0x2c020400) write$FUSE_INIT(r3, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x1282, 0x400c6001, 0x5, 0x8, 0x10, 0xc40b, 0x0, 0x0, 0x40, 0x6}}, 0x50) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) 2.250365847s ago: executing program 0 (id=975): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4000000) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYBLOB="ad4300000000010000000f"], 0x14}, 0x1, 0x0, 0x0, 0x20000054}, 0x0) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) ftruncate(0xffffffffffffffff, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x578410eb) r3 = getpid() process_vm_readv(r3, 0x0, 0x0, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r4 = socket$kcm(0x29, 0x5, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0xf3e, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4) syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) 977.383679ms ago: executing program 3 (id=976): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) mknod(0x0, 0x8000, 0x7) syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x18, &(0x7f0000003780)=0xf, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) listen(0xffffffffffffffff, 0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f00008b0000/0x4000)=nil, 0x4000, 0xb635773f05ebbeef, 0x810, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a000090480000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r5, &(0x7f00000001c0)={0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="00020c0000000c0002c9"], 0x0, 0x0, 0x0}, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000040)=0x0) sched_setaffinity(r6, 0x42, &(0x7f0000000100)=0x5) recvmmsg(r3, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000040), 0x1000000000000145, &(0x7f0000002900)=""/4099, 0x1003}, 0xda}, {{0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000480)=""/94, 0x5e}, 0x4}], 0x2, 0x2, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(r0, 0x0, 0x20048844) r7 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) fsmount(r7, 0x0, 0x1) fsconfig$FSCONFIG_CMD_RECONFIGURE(r7, 0x7, 0x0, 0x0, 0x0) 862.938591ms ago: executing program 4 (id=977): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00"/13], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f00000005c0)=ANY=[@ANYRES16=r0, @ANYRES64=r0, @ANYBLOB="00e8000000000000b7080000000000007b8af8ff0000000000000007020000e2ffffffb703000008000000b7040000fa5400008500001b82000000950000000000"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYRESHEX=r5], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x28, r6, 0x9c3fa077fa966179, 0x386, 0x25dfdbff, {{0x7e}, {@val={0x8}, @val={0xc, 0x99, {0x7ab3cccb, 0x2d}}}}}, 0x28}}, 0x0) io_setup(0x3fe, &(0x7f00000001c0)=0x0) io_getevents(r7, 0x1, 0x0, &(0x7f0000000380), 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x3a155000) io_submit(r7, 0x1, &(0x7f0000000280)=[0x0]) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$pppoe(0x18, 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500)={0x0, 0x0, 0x0}, &(0x7f00000003c0)=0xc) setresgid(0x0, 0x0, r9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0) 783.747001ms ago: executing program 1 (id=978): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) rseq(0x0, 0x0, 0x0, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x84) bpf$MAP_CREATE(0x0, 0x0, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) 280.712743ms ago: executing program 2 (id=979): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000000)=0x7, 0x4) (async) r1 = socket$inet_smc(0x2b, 0x1, 0x0) getsockname(r1, &(0x7f0000000040)=@hci, &(0x7f00000000c0)=0x80) (async) r2 = socket(0x21, 0x2, 0x100) sendmsg$NFT_MSG_GETCHAIN(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x64, 0x4, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x6}, [@NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x5}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x40000001}, 0x20004010) r3 = accept4(r2, &(0x7f0000000240)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, &(0x7f00000002c0)=0x80, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000084}, 0x20004024) (async) socket$packet(0x11, 0x3, 0x300) (async) sendmsg$AUDIT_USER_AVC(r2, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x10, 0x453, 0x510, 0x70bd2a, 0x25dfdbfb, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x10}, 0xc040) (async) getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000500)={0x0, 0x4}, &(0x7f0000000540)=0x8) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f0000000580)={r4, @in={{0x2, 0x4e23, @multicast1}}, [0x70c, 0x8, 0x0, 0x1f0720fc, 0xf201a70, 0xc1c, 0x3, 0x2, 0x8, 0x3ff, 0x8, 0x80, 0x81, 0x10000, 0x7]}, &(0x7f0000000680)=0x100) syz_genetlink_get_family_id$l2tp(&(0x7f00000006c0), r2) r5 = socket$rxrpc(0x21, 0x2, 0xa) (async) r6 = socket$inet(0x2, 0x2, 0x101) ioctl$VFAT_IOCTL_READDIR_SHORT(r6, 0x82307202, &(0x7f0000000700)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) (async) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000980), r3) sendmsg$ETHTOOL_MSG_COALESCE_GET(r2, &(0x7f0000000a80)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000a40)={&(0x7f00000009c0)={0x74, r7, 0x8, 0x70bd2b, 0x25dfdbff, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x1) (async) ioctl$EXT4_IOC_GETSTATE(r5, 0x40046629, &(0x7f0000000ac0)) (async) recvmsg(r2, &(0x7f0000002e80)={&(0x7f0000000b00)=@nfc_llcp, 0x80, &(0x7f0000002d40)=[{&(0x7f0000000b80)=""/111, 0x6f}, {&(0x7f0000000c00)=""/4096, 0x1000}, {&(0x7f0000001c00)=""/22, 0x16}, {&(0x7f0000001c40)=""/219, 0xdb}, {&(0x7f0000001d40)=""/4096, 0x1000}], 0x5, &(0x7f0000002dc0)=""/140, 0x8c}, 0x40000100) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002f00), r2) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r2, &(0x7f0000002fc0)={&(0x7f0000002ec0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000002f80)={&(0x7f0000002f40)={0x2c, r8, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8010}, 0x440d5) socket$nl_rdma(0x10, 0x3, 0x14) (async) r9 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000003200)=@bpf_ext={0x1c, 0x10, &(0x7f0000003000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9ac, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000003080)='GPL\x00', 0x40, 0x50, &(0x7f00000030c0)=""/80, 0x0, 0x12, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000003140)={0x5, 0x1, 0x4, 0xffffffff}, 0x10, 0x29d65, 0xffffffffffffffff, 0x6, 0x0, &(0x7f0000003180)=[{0x1, 0x2, 0xb, 0x4}, {0x4, 0x4, 0x1}, {0x2, 0x5, 0x4, 0x1}, {0x2, 0x3, 0x1, 0x9}, {0x1, 0x5, 0x6, 0xb}, {0x5, 0x4, 0x0, 0x7}], 0x10, 0x2}, 0x94) bpf$PROG_BIND_MAP(0x23, &(0x7f00000032c0)={r9, 0x1}, 0xc) mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, &(0x7f0000003300)=0xc3d, 0x3, 0x0) connect$inet6(r2, &(0x7f0000003340)={0xa, 0x4e21, 0x80000001, @mcast1, 0x1}, 0x1c) r10 = socket$inet_smc(0x2b, 0x1, 0x0) bind(r10, &(0x7f0000003380)=@can, 0x80) (async) ioctl$BLKCLOSEZONE(0xffffffffffffffff, 0x40101287, &(0x7f0000003440)={0x9, 0x8}) 0s ago: executing program 1 (id=980): r0 = socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) setrlimit(0xb, &(0x7f0000000340)={0xa00000000, 0x7abc}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_extract_tcp_res(&(0x7f0000000300), 0x4, 0xfffffff8) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip_mr_cache\x00') read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x34, 0x1, 0x70bd2d, 0x25dbdbfe, {0x1}, [@typed={0x8, 0x7, 0x0, 0x0, @u32=0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x4000040) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r4, &(0x7f0000000440), 0x10) listen(r4, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000180)={0x1}, 0x8) close(0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000740)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f00000000c0)={r5}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000003c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r6, 0x3, r0, 0x5}) kernel console output (not intermixed with test programs): ing attributes in process `syz.0.460'. [ 194.624113][ T7560] netlink: 28 bytes leftover after parsing attributes in process `syz.0.460'. [ 194.636611][ T7560] netlink: 28 bytes leftover after parsing attributes in process `syz.0.460'. [ 194.648532][ T5965] usb 4-1: new low-speed USB device number 15 using dummy_hcd [ 195.043820][ T5965] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 195.212652][ T5965] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.329300][ T5965] usb 4-1: config 0 descriptor?? [ 195.637717][ T7572] IPVS: set_ctl: invalid protocol: 1 172.20.20.187:20001 [ 196.080643][ T7575] : entered promiscuous mode [ 198.095267][ T7589] FAULT_INJECTION: forcing a failure. [ 198.095267][ T7589] name failslab, interval 1, probability 0, space 0, times 0 [ 198.144911][ T7591] siw: device registration error -23 [ 198.170235][ T7589] CPU: 0 UID: 0 PID: 7589 Comm: syz.2.469 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 198.170261][ T7589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.170270][ T7589] Call Trace: [ 198.170276][ T7589] [ 198.170282][ T7589] dump_stack_lvl+0x16c/0x1f0 [ 198.170310][ T7589] should_fail_ex+0x512/0x640 [ 198.170333][ T7589] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 198.170357][ T7589] should_failslab+0xc2/0x120 [ 198.170380][ T7589] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 198.170401][ T7589] ? __d_alloc+0x31/0xaa0 [ 198.170429][ T7589] __d_alloc+0x31/0xaa0 [ 198.170456][ T7589] d_alloc_pseudo+0x1c/0xc0 [ 198.170474][ T7589] alloc_file_pseudo+0xcf/0x230 [ 198.170492][ T7589] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 198.170507][ T7589] ? lockdep_hardirqs_on+0x7c/0x110 [ 198.170536][ T7589] __anon_inode_getfile+0xf7/0x3a0 [ 198.170563][ T7589] bpf_link_prime+0x10f/0x290 [ 198.170587][ T7589] tcx_link_attach+0x219/0x9e0 [ 198.170615][ T7589] ? __pfx_tcx_link_attach+0x10/0x10 [ 198.170638][ T7589] ? __might_fault+0xd0/0x190 [ 198.170662][ T7589] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 198.170685][ T7589] __sys_bpf+0x419b/0x4d80 [ 198.170710][ T7589] ? __pfx___sys_bpf+0x10/0x10 [ 198.170731][ T7589] ? ksys_write+0x190/0x250 [ 198.170754][ T7589] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 198.170794][ T7589] ? fput+0x70/0xf0 [ 198.170819][ T7589] ? ksys_write+0x1ac/0x250 [ 198.170839][ T7589] ? __pfx_ksys_write+0x10/0x10 [ 198.170864][ T7589] __x64_sys_bpf+0x78/0xc0 [ 198.170888][ T7589] ? lockdep_hardirqs_on+0x7c/0x110 [ 198.170920][ T7589] do_syscall_64+0xcd/0x4c0 [ 198.170947][ T7589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.170964][ T7589] RIP: 0033:0x7fba6038e929 [ 198.170978][ T7589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.170994][ T7589] RSP: 002b:00007fba61218038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 198.171012][ T7589] RAX: ffffffffffffffda RBX: 00007fba605b5fa0 RCX: 00007fba6038e929 [ 198.171023][ T7589] RDX: 0000000000000020 RSI: 0000200000000000 RDI: 000000000000001c [ 198.171034][ T7589] RBP: 00007fba61218090 R08: 0000000000000000 R09: 0000000000000000 [ 198.171045][ T7589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.171056][ T7589] R13: 0000000000000000 R14: 00007fba605b5fa0 R15: 00007fff997355f8 [ 198.171079][ T7589] [ 198.410599][ C0] vkms_vblank_simulate: vblank timer overrun [ 198.551461][ T7597] block device autoloading is deprecated and will be removed. [ 198.635808][ T5965] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71 [ 198.636375][ T7599] overlayfs: failed to resolve './file1': -2 [ 198.648073][ T5965] asix 4-1:0.0: probe with driver asix failed with error -71 [ 198.663228][ T5965] usb 4-1: USB disconnect, device number 15 [ 198.690779][ T48] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 198.977778][ T7604] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 198.991232][ T7604] Error validating options; rc = [-22] [ 199.405589][ T7605] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 199.405589][ T7605] The task syz.2.473 (7605) triggered the difference, watch for misbehavior. [ 199.653188][ T48] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 199.780623][ T48] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.788662][ T48] usb 1-1: Product: syz [ 199.826537][ T48] usb 1-1: Manufacturer: syz [ 199.850846][ T48] usb 1-1: SerialNumber: syz [ 199.863606][ T7610] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 199.870310][ T7610] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 199.886471][ T48] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 200.062614][ T7610] vhci_hcd vhci_hcd.0: Device attached [ 200.101460][ T5933] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 200.111789][ T7610] netlink: 'syz.4.475': attribute type 1 has an invalid length. [ 200.350958][ T837] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 200.493050][ T30] audit: type=1400 audit(1752410750.600:508): avc: denied { accept } for pid=7609 comm="syz.4.475" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 200.595401][ T7610] 8021q: adding VLAN 0 to HW filter on device bond2 [ 200.674947][ T30] audit: type=1400 audit(1752410750.800:509): avc: denied { read } for pid=7609 comm="syz.4.475" laddr=::1 lport=255 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 200.762126][ T7619] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7619 comm=syz.4.475 [ 200.789184][ T5818] Bluetooth: hci1: connection err: -111 [ 200.810125][ T7611] vhci_hcd: connection reset by peer [ 200.852368][ T36] vhci_hcd: stop threads [ 200.857472][ T36] vhci_hcd: release socket [ 200.920614][ T36] vhci_hcd: disconnect device [ 201.001786][ T5931] usb 1-1: USB disconnect, device number 22 [ 201.170619][ T5965] usb 4-1: new low-speed USB device number 16 using dummy_hcd [ 201.213284][ T5933] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 201.220296][ T5933] ath9k_htc: Failed to initialize the device [ 201.228327][ T5931] usb 1-1: ath9k_htc: USB layer deinitialized [ 201.241113][ T5893] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 201.332159][ T5965] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 201.350761][ T5965] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.373933][ T5965] usb 4-1: config 0 descriptor?? [ 201.416706][ T5893] usb 3-1: Using ep0 maxpacket: 16 [ 201.422727][ T10] Process accounting resumed [ 201.450839][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.480625][ T30] audit: type=1400 audit(1752410751.600:510): avc: denied { create } for pid=7630 comm="syz.1.481" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 201.499916][ C0] vkms_vblank_simulate: vblank timer overrun [ 201.513828][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.524715][ T5893] usb 3-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 201.536703][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.571417][ T5893] usb 3-1: config 0 descriptor?? [ 201.713852][ T30] audit: type=1326 audit(1752410751.820:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7630 comm="syz.1.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b698e929 code=0x7ffc0000 [ 201.737045][ C0] vkms_vblank_simulate: vblank timer overrun [ 201.800598][ T10] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 201.975118][ T7645] 9pnet_fd: Insufficient options for proto=fd [ 201.990960][ T30] audit: type=1326 audit(1752410751.820:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7630 comm="syz.1.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b698e929 code=0x7ffc0000 [ 202.097847][ T5893] hid-picolcd 0003:04D8:F002.000B: unknown main item tag 0x0 [ 202.120763][ T30] audit: type=1326 audit(1752410751.820:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7630 comm="syz.1.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f11b698e929 code=0x7ffc0000 [ 202.152710][ T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 202.171789][ T5893] hid-picolcd 0003:04D8:F002.000B: No report with id 0xf4 found [ 202.180708][ T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 202.196922][ T30] audit: type=1326 audit(1752410751.820:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7630 comm="syz.1.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b698e929 code=0x7ffc0000 [ 202.220181][ C0] vkms_vblank_simulate: vblank timer overrun [ 202.226517][ T5893] hid-picolcd 0003:04D8:F002.000B: No report with id 0xf3 found [ 202.243146][ T7628] delete_channel: no stack [ 202.245627][ T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 202.278274][ T5893] usb 3-1: USB disconnect, device number 18 [ 202.284610][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.384798][ T30] audit: type=1326 audit(1752410751.820:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7630 comm="syz.1.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11b698e929 code=0x7ffc0000 [ 202.468242][ T30] audit: type=1400 audit(1752410752.000:516): avc: denied { connect } for pid=7641 comm="syz.0.484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 202.558241][ T30] audit: type=1400 audit(1752410752.090:517): avc: denied { open } for pid=7641 comm="syz.0.484" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=16496 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 202.582369][ C0] vkms_vblank_simulate: vblank timer overrun [ 202.735191][ T7647] Cannot find add_set index 0 as target [ 202.746795][ T7647] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 202.754049][ T7647] team0: Device ipvlan2 is already an upper device of the team interface [ 202.775614][ T10] usb 5-1: GET_CAPABILITIES returned 0 [ 202.804613][ T10] usbtmc 5-1:16.0: can't read capabilities [ 203.031265][ T10] usb 5-1: USB disconnect, device number 20 [ 203.382861][ T7656] binder: 7649:7656 ioctl 400c620e 200000000400 returned -22 [ 203.930618][ T5965] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71 [ 203.999575][ T5965] asix 4-1:0.0: probe with driver asix failed with error -71 [ 204.454035][ T5965] usb 4-1: USB disconnect, device number 16 [ 204.938348][ T7691] Cannot find add_set index 0 as target [ 204.949676][ T7691] 8021q: adding VLAN 0 to HW filter on device ipvlan1 [ 204.956937][ T7691] team0: Device ipvlan1 is already an upper device of the team interface [ 205.606582][ T837] vhci_hcd: vhci_device speed not set [ 205.931574][ T5893] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 206.585061][ T5893] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 206.609516][ T5893] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 206.629332][ T5893] usb 3-1: can't read configurations, error -61 [ 206.780705][ T5893] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 207.491193][ T5893] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 207.512409][ T5893] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 207.520014][ T5893] usb 3-1: can't read configurations, error -61 [ 207.537025][ T5893] usb usb3-port1: attempt power cycle [ 207.701566][ T7727] FAULT_INJECTION: forcing a failure. [ 207.701566][ T7727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 207.723557][ T7727] CPU: 1 UID: 0 PID: 7727 Comm: syz.0.513 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 207.723591][ T7727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 207.723601][ T7727] Call Trace: [ 207.723607][ T7727] [ 207.723614][ T7727] dump_stack_lvl+0x16c/0x1f0 [ 207.723645][ T7727] should_fail_ex+0x512/0x640 [ 207.723671][ T7727] _copy_from_user+0x2e/0xd0 [ 207.723697][ T7727] kstrtouint_from_user+0xd6/0x1d0 [ 207.723716][ T7727] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 207.723734][ T7727] ? __lock_acquire+0xb8a/0x1c90 [ 207.723772][ T7727] proc_fail_nth_write+0x83/0x250 [ 207.723794][ T7727] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 207.723823][ T7727] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 207.723842][ T7727] vfs_write+0x29d/0x1150 [ 207.723868][ T7727] ? __pfx___mutex_lock+0x10/0x10 [ 207.723893][ T7727] ? __pfx_vfs_write+0x10/0x10 [ 207.723922][ T7727] ? __fget_files+0x20e/0x3c0 [ 207.723953][ T7727] ksys_write+0x12a/0x250 [ 207.723974][ T7727] ? __pfx_ksys_write+0x10/0x10 [ 207.724003][ T7727] do_syscall_64+0xcd/0x4c0 [ 207.724031][ T7727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.724049][ T7727] RIP: 0033:0x7f239078d3df [ 207.724064][ T7727] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 207.724081][ T7727] RSP: 002b:00007f23916d8030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 207.724096][ T7727] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f239078d3df [ 207.724107][ T7727] RDX: 0000000000000001 RSI: 00007f23916d80a0 RDI: 0000000000000004 [ 207.724117][ T7727] RBP: 00007f23916d8090 R08: 0000000000000000 R09: 0000000000000000 [ 207.724127][ T7727] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 207.724136][ T7727] R13: 0000000000000000 R14: 00007f23909b5fa0 R15: 00007ffd6ee5f788 [ 207.724160][ T7727] [ 207.791050][ T30] audit: type=1400 audit(1752673157.864:518): avc: denied { watch } for pid=7728 comm="syz.3.514" path="/98/file0" dev="tmpfs" ino=530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 208.020620][ T5893] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 208.041825][ T5893] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 209.250753][ T30] audit: type=1400 audit(1752673157.864:519): avc: denied { watch_sb watch_reads } for pid=7728 comm="syz.3.514" path="/98/file0" dev="tmpfs" ino=530 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 209.358811][ T5893] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 209.383640][ T5893] usb 3-1: can't read configurations, error -71 [ 209.991056][ T30] audit: type=1400 audit(1752673160.044:520): avc: denied { listen } for pid=7745 comm="syz.3.520" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 210.372703][ T7755] tipc: Started in network mode [ 210.390198][ T7755] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 210.424403][ T30] audit: type=1400 audit(1752673160.554:521): avc: denied { write } for pid=7747 comm="syz.2.521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 210.425238][ T7755] tipc: Enabled bearer , priority 0 [ 210.901183][ T7767] IPVS: set_ctl: invalid protocol: 1 172.20.20.187:20001 [ 211.599791][ T5893] tipc: Node number set to 11578026 [ 212.042943][ T7779] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 212.050071][ T7779] team0: Device ipvlan2 is already an upper device of the team interface [ 212.400781][ T5933] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 212.436913][ T7792] dvmrp0: entered allmulticast mode [ 212.597150][ T5933] usb 1-1: Using ep0 maxpacket: 32 [ 212.636538][ T30] audit: type=1400 audit(1752673162.744:522): avc: denied { connect } for pid=7789 comm="syz.3.529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 212.661323][ T5933] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 212.671078][ T5933] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.689323][ T7797] netlink: 28 bytes leftover after parsing attributes in process `syz.2.530'. [ 212.704585][ T5933] usb 1-1: config 0 descriptor?? [ 212.719909][ T7797] netlink: 28 bytes leftover after parsing attributes in process `syz.2.530'. [ 212.725492][ T5933] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 212.858846][ T7803] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 212.927562][ T7803] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 213.022771][ T7803] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 213.185978][ T7785] Illegal XDP return value 4294967274 on prog (id 127) dev N/A, expect packet loss! [ 213.664195][ T5933] gspca_nw80x: reg_r err -71 [ 213.676456][ T5933] nw80x 1-1:0.0: probe with driver nw80x failed with error -71 [ 213.699779][ T5933] usb 1-1: USB disconnect, device number 23 [ 214.460673][ T5879] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 214.710633][ T5879] usb 3-1: Using ep0 maxpacket: 16 [ 214.727230][ T5879] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 214.743830][ T5879] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 215.220913][ T5879] usb 3-1: config 0 interface 0 has no altsetting 0 [ 215.227562][ T5879] usb 3-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 215.236652][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.247663][ T5879] usb 3-1: config 0 descriptor?? [ 215.404050][ T7825] erofs (device nbd1): cannot find valid erofs superblock [ 215.559330][ T30] audit: type=1400 audit(1752673165.684:523): avc: denied { create } for pid=7826 comm="syz.0.540" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 215.644017][ T7832] SELinux: security_context_str_to_sid (5ýÆÉ] ÖS9q#“ë) failed with errno=-22 [ 215.709517][ T5879] apple 0003:05AC:0247.000C: fixing up Magic Keyboard JIS report descriptor [ 215.729071][ T5879] apple 0003:05AC:0247.000C: unexpected long global item [ 215.739174][ T5879] apple 0003:05AC:0247.000C: parse failed [ 215.745215][ T5879] apple 0003:05AC:0247.000C: probe with driver apple failed with error -22 [ 215.910892][ T30] audit: type=1400 audit(1752673166.034:524): avc: denied { setattr } for pid=7823 comm="syz.4.539" name="anycast6" dev="proc" ino=4026533300 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 215.934790][ T5933] usb 4-1: new low-speed USB device number 17 using dummy_hcd [ 215.942988][ T7812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.535'. [ 215.961939][ T7812] netlink: 12 bytes leftover after parsing attributes in process `syz.2.535'. [ 216.000938][ T7812] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 216.009964][ T7812] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 216.018810][ T7812] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 216.027962][ T7812] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 216.053335][ T5965] usb 3-1: USB disconnect, device number 23 [ 216.111803][ T5933] usb 4-1: Invalid ep0 maxpacket: 64 [ 216.254022][ T5933] usb 4-1: new low-speed USB device number 18 using dummy_hcd [ 216.448772][ T7842] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 216.462265][ T7842] Error validating options; rc = [-22] [ 216.720732][ T5933] usb 4-1: Invalid ep0 maxpacket: 64 [ 216.733862][ T5933] usb usb4-port1: attempt power cycle [ 216.776518][ T30] audit: type=1400 audit(1752673166.884:525): avc: denied { connect } for pid=7840 comm="syz.1.543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 216.814407][ T7848] erofs (device nbd4): cannot find valid erofs superblock [ 217.340237][ T7851] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.408655][ T7851] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.493836][ T7851] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.598520][ T7861] syz.4.548: attempt to access beyond end of device [ 217.598520][ T7861] nbd4: rw=0, sector=6, nr_sectors = 2 limit=0 [ 217.620102][ T7861] ADFS-fs (nbd4): error: unable to read block 3, try 0 [ 217.646021][ T30] audit: type=1400 audit(1752673167.774:526): avc: denied { bind } for pid=7860 comm="syz.4.548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 217.650728][ T5933] usb 4-1: new low-speed USB device number 19 using dummy_hcd [ 217.681187][ T30] audit: type=1400 audit(1752673167.794:527): avc: denied { connect } for pid=7860 comm="syz.4.548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 217.706681][ T5933] usb 4-1: Invalid ep0 maxpacket: 64 [ 217.840627][ T5933] usb 4-1: new low-speed USB device number 20 using dummy_hcd [ 217.862445][ T5933] usb 4-1: Invalid ep0 maxpacket: 64 [ 217.868001][ T5933] usb usb4-port1: unable to enumerate USB device [ 217.940745][ T5879] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 218.100579][ T5879] usb 3-1: Using ep0 maxpacket: 32 [ 218.106851][ T5879] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 218.117732][ T5879] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 218.129037][ T5879] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 218.142606][ T5879] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid wMaxPacketSize 0 [ 218.154004][ T5879] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 218.169772][ T5879] usb 3-1: config 0 interface 0 has no altsetting 0 [ 218.179919][ T5879] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 218.189435][ T5879] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 218.198226][ T5879] usb 3-1: Product: syz [ 218.202711][ T5879] usb 3-1: Manufacturer: syz [ 218.207774][ T5879] usb 3-1: SerialNumber: syz [ 218.222725][ T5879] usb 3-1: config 0 descriptor?? [ 218.240720][ T5879] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 218.253521][ T5879] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 218.504629][ T30] audit: type=1400 audit(1752673168.634:528): avc: denied { accept } for pid=7862 comm="syz.2.549" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 218.505191][ T7877] ldusb 3-1:0.0: Couldn't submit interrupt_in_urb -90 [ 218.780680][ T5893] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 218.910626][ T837] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 218.930925][ T5893] usb 5-1: Using ep0 maxpacket: 16 [ 218.942872][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.958361][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.974121][ T5893] usb 5-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 218.990648][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.005447][ T5893] usb 5-1: config 0 descriptor?? [ 219.090746][ T837] usb 1-1: Using ep0 maxpacket: 32 [ 219.101339][ T837] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.120576][ T837] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 219.130343][ T837] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 219.155548][ T837] usb 1-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 219.165674][ T837] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.185914][ T837] usb 1-1: config 0 descriptor?? [ 219.424166][ T5893] usbhid 5-1:0.0: can't add hid device: -71 [ 219.424332][ T7875] delete_channel: no stack [ 219.430153][ T5893] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 219.473037][ T5893] usb 5-1: USB disconnect, device number 21 [ 219.729089][ T837] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.000D/input/input11 [ 219.981178][ T837] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5011.000D/input/input12 [ 220.493006][ T837] kye 0003:0458:5011.000D: input,hiddev1,hidraw0: USB HID v9.00 Mouse [HID 0458:5011] on usb-dummy_hcd.0-1/input0 [ 221.183092][ T5931] usb 3-1: USB disconnect, device number 24 [ 221.697415][ T5931] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 221.858903][ T7894] Set syz1 is full, maxelem 65536 reached [ 221.877050][ T5927] usb 1-1: reset high-speed USB device number 24 using dummy_hcd [ 222.569556][ T30] audit: type=1400 audit(1752673172.694:529): avc: denied { getopt } for pid=7914 comm="syz.3.563" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 222.732606][ T7918] siw: device registration error -23 [ 223.109224][ T30] audit: type=1400 audit(1752673173.154:530): avc: denied { accept } for pid=7914 comm="syz.3.563" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 223.793223][ T7931] netlink: 'syz.4.564': attribute type 10 has an invalid length. [ 223.805302][ T7931] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.813644][ T7931] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.083653][ T7931] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.090831][ T7931] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.098964][ T7931] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.106087][ T7931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.298588][ T7931] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 225.759137][ T7937] netlink: 4 bytes leftover after parsing attributes in process `syz.4.564'. [ 225.786093][ T7937] bridge_slave_1: left allmulticast mode [ 225.910417][ T7937] bridge_slave_1: left promiscuous mode [ 225.977973][ T7937] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.027681][ T7937] bridge_slave_0: left allmulticast mode [ 226.039471][ T7937] bridge_slave_0: left promiscuous mode [ 226.051843][ T7937] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.120977][ T7946] FAULT_INJECTION: forcing a failure. [ 226.120977][ T7946] name failslab, interval 1, probability 0, space 0, times 0 [ 226.143589][ T7946] CPU: 0 UID: 0 PID: 7946 Comm: syz.1.570 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 226.143615][ T7946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 226.143625][ T7946] Call Trace: [ 226.143635][ T7946] [ 226.143642][ T7946] dump_stack_lvl+0x16c/0x1f0 [ 226.143669][ T7946] should_fail_ex+0x512/0x640 [ 226.143682][ T7946] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 226.143698][ T7946] should_failslab+0xc2/0x120 [ 226.143716][ T7946] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 226.143736][ T7946] ? vm_area_dup+0x27/0x8d0 [ 226.143759][ T7946] vm_area_dup+0x27/0x8d0 [ 226.143778][ T7946] __split_vma+0x18e/0x1070 [ 226.143798][ T7946] ? __pfx___split_vma+0x10/0x10 [ 226.143809][ T7946] ? mas_next_slot+0x12d3/0x21b0 [ 226.143833][ T7946] vms_gather_munmap_vmas+0x392/0x1310 [ 226.143848][ T7946] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 226.143866][ T7946] ? mas_walk+0x6a6/0x910 [ 226.143900][ T7946] __mmap_region+0x3c7/0x25e0 [ 226.143924][ T7946] ? __pfx___mmap_region+0x10/0x10 [ 226.143947][ T7946] ? __lock_acquire+0x622/0x1c90 [ 226.143964][ T7946] ? kernel_text_address+0x8d/0x100 [ 226.143976][ T7946] ? __kernel_text_address+0xd/0x40 [ 226.143988][ T7946] ? __lock_acquire+0x622/0x1c90 [ 226.144007][ T7946] ? avc_has_perm_noaudit+0x117/0x3b0 [ 226.144073][ T7946] mmap_region+0x1ab/0x3f0 [ 226.144092][ T7946] do_mmap+0xa3e/0x1210 [ 226.144105][ T7946] ? __pfx_do_mmap+0x10/0x10 [ 226.144114][ T7946] ? __pfx_down_write_killable+0x10/0x10 [ 226.144127][ T7946] vm_mmap_pgoff+0x281/0x450 [ 226.144146][ T7946] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 226.144174][ T7946] ? __fget_files+0x20e/0x3c0 [ 226.144200][ T7946] ksys_mmap_pgoff+0x32c/0x5c0 [ 226.144223][ T7946] ? __pfx_ksys_write+0x10/0x10 [ 226.144239][ T7946] __x64_sys_mmap+0x125/0x190 [ 226.144256][ T7946] do_syscall_64+0xcd/0x4c0 [ 226.144272][ T7946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.144282][ T7946] RIP: 0033:0x7f11b698e929 [ 226.144293][ T7946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.144309][ T7946] RSP: 002b:00007f11b47f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 226.144324][ T7946] RAX: ffffffffffffffda RBX: 00007f11b6bb6080 RCX: 00007f11b698e929 [ 226.144335][ T7946] RDX: 000000000000000b RSI: 0000000000400000 RDI: 0000200000200000 [ 226.144344][ T7946] RBP: 00007f11b47f6090 R08: 0000000000000008 R09: 0000000000000000 [ 226.144353][ T7946] R10: 0000000000002012 R11: 0000000000000246 R12: 0000000000000001 [ 226.144363][ T7946] R13: 0000000000000000 R14: 00007f11b6bb6080 R15: 00007ffcd847aff8 [ 226.144385][ T7946] [ 226.413821][ T5931] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 226.455221][ T7937] bond0: (slave bridge0): Releasing backup interface [ 226.813449][ T5931] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 226.826480][ T5931] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 227.038431][ T30] audit: type=1400 audit(1752673177.044:531): avc: denied { mount } for pid=7951 comm="syz.0.572" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 227.306354][ T5933] usb 1-1: USB disconnect, device number 24 [ 227.389044][ T5931] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 227.399406][ T5931] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.440354][ T7943] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 227.569976][ T5931] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 227.961648][ T5879] usb 4-1: USB disconnect, device number 21 [ 228.229260][ T7943] overlay: ./file0 is not a directory [ 228.327203][ T30] audit: type=1400 audit(1752673178.454:532): avc: denied { unmount } for pid=5806 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 228.373734][ T5818] Bluetooth: hci1: unexpected event for opcode 0x0c7a [ 228.610610][ T5879] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 228.781683][ T5879] usb 4-1: Using ep0 maxpacket: 16 [ 228.797195][ T5879] usb 4-1: New USB device found, idVendor=10b9, idProduct=8000, bcdDevice=c0.fa [ 228.808618][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.819050][ T5879] usb 4-1: Product: syz [ 228.823584][ T5879] usb 4-1: Manufacturer: syz [ 228.828931][ T5879] usb 4-1: SerialNumber: syz [ 228.839646][ T5879] usb 4-1: config 0 descriptor?? [ 229.057234][ T5879] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 229.368459][ T7979] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 229.407395][ T7979] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 229.510016][ T5879] dvb_usb_af9015 4-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 229.548587][ T5879] usb 4-1: USB disconnect, device number 22 [ 229.840945][ T7984] erofs (device nbd0): cannot find valid erofs superblock [ 231.334529][ T7997] trusted_key: encrypted_key: master key parameter 'eser:syz' is invalid [ 232.560956][ T8004] : renamed from bridge_slave_0 (while UP) [ 232.591466][ T30] audit: type=1400 audit(1752673182.664:533): avc: denied { write } for pid=8003 comm="syz.1.586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 232.650712][ T30] audit: type=1400 audit(1752673182.664:534): avc: denied { nlmsg_write } for pid=8003 comm="syz.1.586" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 232.799421][ T30] audit: type=1400 audit(1752673182.694:535): avc: denied { ioctl } for pid=8003 comm="syz.1.586" path="socket:[17359]" dev="sockfs" ino=17359 ioctlcmd=0x8923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 232.824107][ C0] vkms_vblank_simulate: vblank timer overrun [ 232.927448][ T30] audit: type=1400 audit(1752673183.034:536): avc: denied { ioctl } for pid=8012 comm="syz.4.591" path="socket:[16342]" dev="sockfs" ino=16342 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 233.281012][ T8021] siw: device registration error -23 [ 233.323967][ T8023] netlink: 32 bytes leftover after parsing attributes in process `syz.3.593'. [ 233.511221][ T30] audit: type=1400 audit(1752673183.584:537): avc: denied { setopt } for pid=8024 comm="syz.4.594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 233.550833][ T30] audit: type=1400 audit(1752673183.594:538): avc: denied { name_bind } for pid=8024 comm="syz.4.594" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 233.571829][ C0] vkms_vblank_simulate: vblank timer overrun [ 233.744370][ T8030] netlink: 20 bytes leftover after parsing attributes in process `syz.0.596'. [ 233.919236][ T30] audit: type=1400 audit(1752673184.044:539): avc: denied { read } for pid=8032 comm="syz.2.597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 234.563832][ T8041] IPVS: set_ctl: invalid protocol: 1 172.20.20.187:20001 [ 235.230596][ T5931] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 235.516803][ T5931] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 235.540059][ T30] audit: type=1400 audit(1752673185.634:540): avc: denied { remount } for pid=8048 comm="syz.3.602" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 235.675518][ T5931] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 235.754704][ T5931] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.777688][ T5931] usb 1-1: config 0 descriptor?? [ 235.804665][ T5931] pwc: Askey VC010 type 2 USB webcam detected. [ 236.447883][ T8067] siw: device registration error -23 [ 236.638397][ T5931] pwc: recv_control_msg error -32 req 02 val 2700 [ 236.647964][ T5931] pwc: recv_control_msg error -32 req 02 val 2c00 [ 236.675845][ T5931] pwc: recv_control_msg error -32 req 04 val 1000 [ 236.684540][ T5931] pwc: recv_control_msg error -71 req 04 val 1300 [ 236.692864][ T5931] pwc: recv_control_msg error -71 req 04 val 1400 [ 236.700774][ T5933] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 236.713607][ T5931] pwc: recv_control_msg error -71 req 02 val 2000 [ 236.726119][ T5931] pwc: recv_control_msg error -71 req 02 val 2100 [ 236.734297][ T5931] pwc: recv_control_msg error -71 req 04 val 1500 [ 236.741431][ T5931] pwc: recv_control_msg error -71 req 02 val 2500 [ 236.748442][ T5931] pwc: recv_control_msg error -71 req 02 val 2400 [ 236.755634][ T5931] pwc: recv_control_msg error -71 req 02 val 2600 [ 236.763091][ T5931] pwc: recv_control_msg error -71 req 02 val 2900 [ 236.769972][ T5931] pwc: recv_control_msg error -71 req 02 val 2800 [ 236.777421][ T5931] pwc: recv_control_msg error -71 req 04 val 1100 [ 236.785108][ T5931] pwc: recv_control_msg error -71 req 04 val 1200 [ 236.793322][ T5931] pwc: Registered as video103. [ 236.799652][ T5931] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input13 [ 236.824727][ T5931] usb 1-1: USB disconnect, device number 25 [ 236.864682][ T5933] usb 3-1: Using ep0 maxpacket: 8 [ 236.874001][ T5933] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 236.892914][ T5933] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89 [ 236.919961][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 236.945015][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024 [ 236.960672][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 236.974490][ T5933] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 236.995780][ T5933] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 237.015343][ T5933] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 237.021212][ T8073] netlink: 256 bytes leftover after parsing attributes in process `syz.3.610'. [ 237.025166][ T5933] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.043831][ T5933] usb 3-1: Product: syz [ 237.045365][ T8073] netlink: 56 bytes leftover after parsing attributes in process `syz.3.610'. [ 237.048005][ T5933] usb 3-1: Manufacturer: syz [ 237.048022][ T5933] usb 3-1: SerialNumber: syz [ 237.080030][ T5933] usb 3-1: config 0 descriptor?? [ 237.087555][ T8069] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 237.102809][ T5933] ati_remote 3-1:0.0: Initializing ati_remote hardware failed. [ 237.112357][ T5933] ati_remote 3-1:0.0: probe with driver ati_remote failed with error -5 [ 237.210197][ T8076] program syz.3.611 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 237.219429][ T30] audit: type=1400 audit(1752673187.334:541): avc: denied { write } for pid=8074 comm="syz.3.611" name="sg0" dev="devtmpfs" ino=756 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 237.269055][ T8077] program syz.3.611 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 237.354604][ T8077] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 237.777116][ T30] audit: type=1400 audit(1752673187.874:542): avc: denied { block_suspend } for pid=8068 comm="syz.2.608" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 238.397866][ T30] audit: type=1400 audit(1752673188.524:543): avc: denied { ioctl } for pid=8079 comm="syz.4.612" path="socket:[17513]" dev="sockfs" ino=17513 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 238.424027][ T8089] netlink: 16 bytes leftover after parsing attributes in process `syz.4.612'. [ 238.689735][ T5818] Bluetooth: hci0: unexpected event for opcode 0x041c [ 239.151428][ T5893] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 239.392225][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.429567][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.446234][ T5893] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 239.504535][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.550421][ T5893] usb 5-1: config 0 descriptor?? [ 239.767419][ T30] audit: type=1400 audit(1752673189.894:544): avc: denied { write } for pid=8096 comm="syz.1.616" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 239.790470][ C0] vkms_vblank_simulate: vblank timer overrun [ 240.110976][ T8107] trusted_key: encrypted_key: insufficient parameters specified [ 240.113272][ T5872] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 240.138520][ T30] audit: type=1400 audit(1752673190.094:545): avc: denied { ioctl } for pid=8096 comm="syz.1.616" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4620 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 240.164131][ T5872] dvb_usb_az6027 2-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 240.175814][ T5872] usb 2-1: USB disconnect, device number 21 [ 240.208901][ T5931] usb 3-1: USB disconnect, device number 25 [ 240.223396][ T5893] hid-thrustmaster 0003:044F:B65D.000E: reserved main item tag 0xd [ 240.231465][ T5893] hid-thrustmaster 0003:044F:B65D.000E: item fetching failed at offset 2/5 [ 240.240990][ T5893] hid-thrustmaster 0003:044F:B65D.000E: parse failed with error -22 [ 240.249504][ T5893] hid-thrustmaster 0003:044F:B65D.000E: probe with driver hid-thrustmaster failed with error -22 [ 240.542832][ T30] audit: type=1400 audit(1752673190.674:546): avc: denied { ioctl } for pid=8118 comm="syz.2.621" path="socket:[18559]" dev="sockfs" ino=18559 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 240.631949][ T8121] netlink: 156 bytes leftover after parsing attributes in process `syz.4.615'. [ 241.177823][ T30] audit: type=1400 audit(1752673191.304:547): avc: denied { bind } for pid=8124 comm="syz.0.624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 241.562933][ T8131] siw: device registration error -23 [ 241.632134][ T30] audit: type=1400 audit(1752673191.304:548): avc: denied { name_bind } for pid=8124 comm="syz.0.624" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 241.700622][ T30] audit: type=1400 audit(1752673191.304:549): avc: denied { node_bind } for pid=8124 comm="syz.0.624" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 241.729199][ T30] audit: type=1400 audit(1752673191.734:550): avc: denied { create } for pid=8133 comm="syz.2.625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 242.047918][ T8139] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 242.065093][ T30] audit: type=1400 audit(1752673192.174:551): avc: denied { ioctl } for pid=8133 comm="syz.2.625" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 242.089640][ C0] vkms_vblank_simulate: vblank timer overrun [ 242.107479][ T5872] usb 5-1: USB disconnect, device number 22 [ 242.896208][ T8149] syzkaller1: entered promiscuous mode [ 242.960479][ T8149] syzkaller1: entered allmulticast mode [ 243.167094][ T8167] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 243.262442][ T30] audit: type=1400 audit(1752673193.394:552): avc: denied { write } for pid=8165 comm="syz.1.632" path="socket:[18633]" dev="sockfs" ino=18633 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 244.941109][ T48] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 245.130607][ T48] usb 4-1: Using ep0 maxpacket: 32 [ 245.173242][ T48] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 245.231986][ T48] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 245.257478][ T48] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 245.285060][ T48] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 245.294680][ T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.328876][ T48] usb 4-1: config 0 descriptor?? [ 245.329796][ T8179] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 245.341065][ T48] hub 4-1:0.0: USB hub found [ 245.520782][ T5931] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 245.540935][ T48] hub 4-1:0.0: 2 ports detected [ 245.675277][ T5931] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1 [ 245.727224][ T5931] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64 [ 245.794360][ T5931] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 245.816643][ T5931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.862257][ T5931] usb 2-1: Product: syz [ 245.878965][ T5931] usb 2-1: Manufacturer: syz [ 245.900201][ T5931] usb 2-1: SerialNumber: syz [ 245.939570][ T5931] usb 2-1: config 0 descriptor?? [ 246.063702][ T5931] hub 2-1:0.0: bad descriptor, ignoring hub [ 246.092463][ T5931] hub 2-1:0.0: probe with driver hub failed with error -5 [ 246.512826][ T5872] usb 2-1: USB disconnect, device number 22 [ 246.557949][ T5927] hub 4-1:0.0: hub_ext_port_status failed (err = 0) [ 246.622256][ T8214] netlink: 8 bytes leftover after parsing attributes in process `syz.0.647'. [ 247.210641][ T8179] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 247.219324][ T8179] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 247.300660][ T5927] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 247.382501][ T48] usb 4-1: USB disconnect, device number 23 [ 247.483522][ T5927] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 247.497902][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.510718][ T5927] usb 2-1: Product: syz [ 247.532154][ T5927] usb 2-1: Manufacturer: syz [ 247.547302][ T5927] usb 2-1: SerialNumber: syz [ 247.582441][ T5927] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 247.597429][ T48] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 247.730737][ T5872] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 247.902878][ T5872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 247.917721][ T5872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 247.928224][ T5872] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 247.944370][ T5872] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 247.953992][ T5872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.973008][ T5872] usb 5-1: config 0 descriptor?? [ 248.057445][ T5927] usb 2-1: USB disconnect, device number 23 [ 248.273975][ T30] audit: type=1400 audit(1752673198.404:553): avc: denied { accept } for pid=8239 comm="syz.2.655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 248.314988][ T8242] binder: BINDER_SET_CONTEXT_MGR already set [ 248.321855][ T8242] binder: 8241:8242 ioctl 4018620d 200000000040 returned -16 [ 248.425327][ T8245] netlink: 8 bytes leftover after parsing attributes in process `syz.0.657'. [ 248.648529][ T5818] Bluetooth: hci0: unexpected event for opcode 0x2023 [ 248.660868][ T48] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 248.667955][ T48] ath9k_htc: Failed to initialize the device [ 248.674544][ T5927] usb 2-1: ath9k_htc: USB layer deinitialized [ 248.740787][ T5893] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 248.750268][ T5872] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 248.772582][ T8237] netlink: 8 bytes leftover after parsing attributes in process `syz.4.654'. [ 248.786726][ T8248] netlink: 156 bytes leftover after parsing attributes in process `syz.1.659'. [ 248.829535][ T8237] netlink: 'syz.4.654': attribute type 20 has an invalid length. [ 248.853214][ T8237] netlink: 'syz.4.654': attribute type 21 has an invalid length. [ 249.301739][ T48] usb 5-1: USB disconnect, device number 23 [ 249.302064][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 249.302118][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 249.302149][ T5893] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 249.302171][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.323052][ T5893] usb 3-1: config 0 descriptor?? [ 249.790272][ T5893] pyra 0003:1E7D:2CF6.0010: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0 [ 250.072528][ T30] audit: type=1400 audit(1752673200.194:554): avc: denied { setopt } for pid=8261 comm="syz.1.661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 250.380595][ T5872] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 251.334449][ T8271] vxcan0: tx address claim with different name [ 251.356116][ T30] audit: type=1400 audit(1752673201.464:555): avc: denied { write } for pid=8268 comm="syz.4.663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 251.394587][ T5893] pyra 0003:1E7D:2CF6.0010: couldn't init struct pyra_device [ 251.502845][ T5893] pyra 0003:1E7D:2CF6.0010: couldn't install mouse [ 251.584152][ T5893] pyra 0003:1E7D:2CF6.0010: probe with driver pyra failed with error -71 [ 251.606357][ T5893] usb 3-1: USB disconnect, device number 26 [ 251.673998][ T5872] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 251.688967][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.701836][ T5872] usb 4-1: config 0 descriptor?? [ 251.786873][ T8271] mmap: syz.4.663 (8271) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 251.802793][ T8274] netlink: 'syz.0.664': attribute type 7 has an invalid length. [ 251.813217][ T8274] netlink: 32 bytes leftover after parsing attributes in process `syz.0.664'. [ 252.042128][ T30] audit: type=1400 audit(1752935602.174:556): avc: denied { connect } for pid=8283 comm="syz.0.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 253.244387][ T5872] elan 0003:04F3:0755.0011: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 253.266231][ T5872] usb 4-1: USB disconnect, device number 24 [ 253.355501][ T8288] fido_id[8288]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 253.566947][ T8298] netlink: 32 bytes leftover after parsing attributes in process `syz.2.670'. [ 253.736232][ T8301] FAULT_INJECTION: forcing a failure. [ 253.736232][ T8301] name failslab, interval 1, probability 0, space 0, times 0 [ 253.878492][ T8301] CPU: 1 UID: 0 PID: 8301 Comm: syz.0.674 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 253.878518][ T8301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.878528][ T8301] Call Trace: [ 253.878534][ T8301] [ 253.878540][ T8301] dump_stack_lvl+0x16c/0x1f0 [ 253.878572][ T8301] should_fail_ex+0x512/0x640 [ 253.878593][ T8301] ? __kmalloc_noprof+0xbf/0x510 [ 253.878614][ T8301] ? ima_write_template_field_data+0x5d/0x1f0 [ 253.878631][ T8301] should_failslab+0xc2/0x120 [ 253.878659][ T8301] __kmalloc_noprof+0xd2/0x510 [ 253.878678][ T8301] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.878699][ T8301] ima_write_template_field_data+0x5d/0x1f0 [ 253.878720][ T8301] ima_eventdigest_init_common+0x154/0x430 [ 253.878741][ T8301] ? __pfx_ima_eventdigest_init_common+0x10/0x10 [ 253.878774][ T8301] ? rcu_is_watching+0x12/0xc0 [ 253.878797][ T8301] ? trace_kmalloc+0x2b/0xd0 [ 253.878816][ T8301] ? __kmalloc_noprof+0x242/0x510 [ 253.878840][ T8301] ima_alloc_init_template+0x3a0/0x720 [ 253.878869][ T8301] ima_add_violation+0x123/0x3d0 [ 253.878895][ T8301] ? __pfx_ima_add_violation+0x10/0x10 [ 253.878917][ T8301] ? ima_d_path+0x12b/0x2a0 [ 253.878941][ T8301] ? __pfx_ima_d_path+0x10/0x10 [ 253.878967][ T8301] ? lockdep_init_map_type+0x5c/0x280 [ 253.878992][ T8301] ? ima_inode_get+0x39e/0x580 [ 253.879015][ T8301] process_measurement+0x1783/0x23e0 [ 253.879043][ T8301] ? avc_has_perm_noaudit+0x149/0x3b0 [ 253.879079][ T8301] ? __pfx_process_measurement+0x10/0x10 [ 253.879100][ T8301] ? __pfx_avc_has_perm+0x10/0x10 [ 253.879114][ T8301] ? avc_has_perm_noaudit+0x117/0x3b0 [ 253.879152][ T8301] ? file_map_prot_check+0x1eb/0x360 [ 253.879169][ T8301] ima_file_mmap+0x1a8/0x1d0 [ 253.879186][ T8301] ? __pfx_ima_file_mmap+0x10/0x10 [ 253.879201][ T8301] ? __lock_acquire+0x622/0x1c90 [ 253.879225][ T8301] security_mmap_file+0x88c/0x990 [ 253.879244][ T8301] vm_mmap_pgoff+0xec/0x450 [ 253.879266][ T8301] ? find_held_lock+0x2b/0x80 [ 253.879271][ T8307] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 253.879285][ T8301] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 253.879311][ T8301] ? __fget_files+0x20e/0x3c0 [ 253.879340][ T8301] ksys_mmap_pgoff+0x32c/0x5c0 [ 253.879363][ T8301] ? __pfx_ksys_write+0x10/0x10 [ 253.879389][ T8301] __x64_sys_mmap+0x125/0x190 [ 253.879413][ T8301] do_syscall_64+0xcd/0x4c0 [ 253.879437][ T8301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.879452][ T8301] RIP: 0033:0x7f239078e929 [ 253.879466][ T8301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.879480][ T8301] RSP: 002b:00007f23916d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 253.879495][ T8301] RAX: ffffffffffffffda RBX: 00007f23909b5fa0 RCX: 00007f239078e929 [ 253.879505][ T8301] RDX: 000000000000001f RSI: 0000000000002000 RDI: 0000200000ffc000 [ 253.879514][ T8301] RBP: 00007f23916d8090 R08: 0000000000000004 R09: 0000000100000000 [ 253.879523][ T8301] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 253.879531][ T8301] R13: 0000000000000000 R14: 00007f23909b5fa0 R15: 00007ffd6ee5f788 [ 253.879552][ T8301] [ 254.401835][ T30] audit: type=1804 audit(1752935604.524:557): pid=8301 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.674" name="/newroot/143/file0" dev="tmpfs" ino=765 res=0 errno=0 [ 254.435177][ T8309] netlink: 20 bytes leftover after parsing attributes in process `syz.3.676'. [ 254.582326][ T8311] FAULT_INJECTION: forcing a failure. [ 254.582326][ T8311] name failslab, interval 1, probability 0, space 0, times 0 [ 254.627429][ T8311] CPU: 0 UID: 0 PID: 8311 Comm: syz.4.677 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 254.627458][ T8311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.627470][ T8311] Call Trace: [ 254.627476][ T8311] [ 254.627483][ T8311] dump_stack_lvl+0x16c/0x1f0 [ 254.627510][ T8311] should_fail_ex+0x512/0x640 [ 254.627532][ T8311] ? fs_reclaim_acquire+0xae/0x150 [ 254.627551][ T8311] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 254.627575][ T8311] should_failslab+0xc2/0x120 [ 254.627601][ T8311] __kmalloc_noprof+0xd2/0x510 [ 254.627629][ T8311] tomoyo_realpath_from_path+0xc2/0x6e0 [ 254.627656][ T8311] ? tomoyo_profile+0x47/0x60 [ 254.627685][ T8311] tomoyo_path_number_perm+0x245/0x580 [ 254.627704][ T8311] ? tomoyo_path_number_perm+0x237/0x580 [ 254.627727][ T8311] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 254.627749][ T8311] ? find_held_lock+0x2b/0x80 [ 254.627791][ T8311] ? find_held_lock+0x2b/0x80 [ 254.627809][ T8311] ? hook_file_ioctl_common+0x145/0x410 [ 254.627841][ T8311] ? __fget_files+0x20e/0x3c0 [ 254.627869][ T8311] security_file_ioctl+0x9b/0x240 [ 254.627894][ T8311] __x64_sys_ioctl+0xb7/0x210 [ 254.627916][ T8311] do_syscall_64+0xcd/0x4c0 [ 254.627944][ T8311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.627961][ T8311] RIP: 0033:0x7f331218e929 [ 254.627976][ T8311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.627993][ T8311] RSP: 002b:00007f3313042038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.628010][ T8311] RAX: ffffffffffffffda RBX: 00007f33123b5fa0 RCX: 00007f331218e929 [ 254.628020][ T8311] RDX: 00002000000001c0 RSI: 00000000c0405602 RDI: 0000000000000003 [ 254.628030][ T8311] RBP: 00007f3313042090 R08: 0000000000000000 R09: 0000000000000000 [ 254.628040][ T8311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.628049][ T8311] R13: 0000000000000000 R14: 00007f33123b5fa0 R15: 00007fff817022c8 [ 254.628073][ T8311] [ 254.628080][ T8311] ERROR: Out of memory at tomoyo_realpath_from_path. [ 254.738750][ T30] audit: type=1400 audit(1752935604.854:558): avc: denied { getopt } for pid=8313 comm="syz.0.679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 254.739011][ T92] usb 3-1: new full-speed USB device number 27 using dummy_hcd [ 254.959397][ T8321] program syz.0.679 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 255.055801][ T8322] net veth1_virt_wifi €Â: renamed from virt_wifi0 [ 255.461697][ T8324] program syz.0.679 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 255.492959][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.499240][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.509762][ T8324] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 255.522533][ T48] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 255.740117][ T92] usb 3-1: config 0 has an invalid interface number: 11 but max is 0 [ 255.790687][ T48] usb 2-1: Using ep0 maxpacket: 16 [ 255.849894][ T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 255.854130][ T92] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 255.872866][ T48] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 255.933451][ T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.235005][ T92] usb 3-1: config 0 has no interface number 0 [ 256.238377][ T48] usb 2-1: Product: syz [ 256.301341][ T48] usb 2-1: Manufacturer: syz [ 256.307284][ T48] usb 2-1: SerialNumber: syz [ 256.460607][ T92] usb 3-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 256.461299][ T48] usb 2-1: config 0 descriptor?? [ 256.510042][ T92] usb 3-1: config 0 interface 11 altsetting 253 endpoint 0x87 has invalid maxpacket 8456, setting to 64 [ 256.524713][ T48] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 256.537962][ T48] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 256.541692][ T92] usb 3-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 256.593125][ T92] usb 3-1: config 0 interface 11 has no altsetting 0 [ 256.609940][ T92] usb 3-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 256.621048][ T92] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.633295][ T92] usb 3-1: config 0 descriptor?? [ 256.656986][ T92] keyspan 3-1:0.11: Keyspan 2 port adapter converter detected [ 257.072916][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 7 [ 257.084403][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 81 [ 257.133350][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 82 [ 257.159083][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 1 [ 257.183049][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 2 [ 257.191674][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 85 [ 257.199491][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 5 [ 257.289732][ T8336] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.297085][ T8336] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.330656][ T92] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 257.868981][ T48] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 257.905029][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 83 [ 257.954623][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 84 [ 257.976737][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 3 [ 258.069053][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 4 [ 258.077128][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 86 [ 258.086029][ T92] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 6 [ 258.111504][ T92] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 258.139390][ T92] usb 3-1: USB disconnect, device number 27 [ 258.161279][ T92] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 258.191591][ T92] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 258.207620][ T92] keyspan 3-1:0.11: device disconnected [ 258.331293][ T48] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 258.347784][ T30] audit: type=1400 audit(1752935608.464:559): avc: denied { write } for pid=8316 comm="syz.1.680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 258.350558][ T48] em28xx 2-1:0.0: board has no eeprom [ 258.366938][ C0] vkms_vblank_simulate: vblank timer overrun [ 258.676298][ T8361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.689'. [ 258.690229][ T8361] dummy0: entered promiscuous mode [ 258.699418][ T8361] dummy0: left promiscuous mode [ 258.990690][ T5927] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 259.037978][ T30] audit: type=1400 audit(1752935609.164:560): avc: denied { ioctl } for pid=8369 comm="syz.3.695" path="socket:[19066]" dev="sockfs" ino=19066 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 259.085485][ T30] audit: type=1400 audit(1752935609.174:561): avc: denied { mount } for pid=8369 comm="syz.3.695" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 259.108502][ T30] audit: type=1400 audit(1752935609.174:562): avc: denied { remount } for pid=8369 comm="syz.3.695" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 259.152581][ T5927] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 259.165978][ T5927] usb 3-1: can't read configurations, error -61 [ 259.211990][ T92] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 259.300605][ T5927] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 259.372244][ T92] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 259.382502][ T92] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 259.391855][ T92] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.402820][ T92] usb 1-1: config 0 descriptor?? [ 259.411120][ T92] pwc: Askey VC010 type 2 USB webcam detected. [ 259.453841][ T5927] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 259.461820][ T5927] usb 3-1: can't read configurations, error -61 [ 259.468394][ T5927] usb usb3-port1: attempt power cycle [ 259.480599][ T5933] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 259.631561][ T5933] usb 5-1: Using ep0 maxpacket: 32 [ 259.644215][ T5933] usb 5-1: config 0 has an invalid interface number: 16 but max is 0 [ 259.672910][ T5933] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 259.683410][ T5933] usb 5-1: config 0 has no interface number 0 [ 259.690128][ T5933] usb 5-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 855 [ 259.701014][ T5933] usb 5-1: config 0 interface 16 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 259.717136][ T5933] usb 5-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d [ 259.727542][ T5933] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.735694][ T48] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 259.743769][ T48] em28xx 2-1:0.0: dvb set to bulk mode. [ 259.864565][ T5931] em28xx 2-1:0.0: Binding DVB extension [ 259.870997][ T5933] usb 5-1: Product: syz [ 259.875460][ T5933] usb 5-1: Manufacturer: syz [ 259.880043][ T5933] usb 5-1: SerialNumber: syz [ 259.892295][ T48] usb 2-1: USB disconnect, device number 24 [ 259.901318][ T48] em28xx 2-1:0.0: Disconnecting em28xx [ 259.913093][ T5933] usb 5-1: config 0 descriptor?? [ 259.918792][ T8372] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 259.931894][ T5927] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 260.055461][ T5927] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 260.154343][ T5933] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 260.188461][ T5927] usb 3-1: can't read configurations, error -61 [ 260.251386][ T5933] usb 5-1: invalid MIDI in EP 0 [ 260.353335][ T92] pwc: recv_control_msg error -32 req 02 val 2700 [ 260.370873][ T92] pwc: recv_control_msg error -32 req 02 val 2c00 [ 260.389075][ T5931] em28xx 2-1:0.0: Registering input extension [ 260.389999][ T92] pwc: recv_control_msg error -32 req 04 val 1000 [ 260.400732][ T5927] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 260.407768][ T92] pwc: recv_control_msg error -71 req 04 val 1300 [ 260.416835][ T48] em28xx 2-1:0.0: Closing input extension [ 260.417893][ T92] pwc: recv_control_msg error -71 req 04 val 1400 [ 260.430135][ T92] pwc: recv_control_msg error -71 req 02 val 2000 [ 260.443273][ T92] pwc: recv_control_msg error -71 req 02 val 2100 [ 260.444422][ T5927] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 260.450149][ T92] pwc: recv_control_msg error -71 req 04 val 1500 [ 260.470350][ T92] pwc: recv_control_msg error -71 req 02 val 2500 [ 260.479070][ T92] pwc: recv_control_msg error -71 req 02 val 2400 [ 260.482709][ T5927] usb 3-1: can't read configurations, error -61 [ 260.488159][ T92] pwc: recv_control_msg error -71 req 02 val 2600 [ 260.499611][ T92] pwc: recv_control_msg error -71 req 02 val 2900 [ 260.503327][ T48] em28xx 2-1:0.0: Freeing device [ 260.510157][ T92] pwc: recv_control_msg error -71 req 02 val 2800 [ 260.512216][ T5927] usb usb3-port1: unable to enumerate USB device [ 260.518367][ T92] pwc: recv_control_msg error -71 req 04 val 1100 [ 260.538439][ T92] pwc: recv_control_msg error -71 req 04 val 1200 [ 260.550319][ T92] pwc: Registered as video103. [ 260.555231][ T5933] snd-usb-audio 5-1:0.16: probe with driver snd-usb-audio failed with error -22 [ 260.574747][ T92] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input16 [ 260.586682][ T5933] usb 5-1: USB disconnect, device number 24 [ 260.594472][ T92] usb 1-1: USB disconnect, device number 26 [ 260.662454][ T5989] udevd[5989]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.16/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 261.130696][ T5818] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 261.643628][ T30] audit: type=1400 audit(1752935611.774:563): avc: denied { unmount } for pid=5819 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 262.934109][ T8402] netlink: 'syz.2.705': attribute type 10 has an invalid length. [ 262.987917][ T8402] netlink: 40 bytes leftover after parsing attributes in process `syz.2.705'. [ 263.070956][ T8402] batadv0: entered promiscuous mode [ 263.170261][ T8402] batadv0: entered allmulticast mode [ 263.332899][ T8402] bridge0: port 3(batadv0) entered blocking state [ 263.456539][ T8402] bridge0: port 3(batadv0) entered disabled state [ 263.512465][ T8402] bridge0: port 3(batadv0) entered blocking state [ 263.519175][ T8402] bridge0: port 3(batadv0) entered forwarding state [ 263.532758][ T7345] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 263.542381][ T7345] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 263.706998][ T5893] kernel write not supported for file /464/attr/exec (pid: 5893 comm: kworker/0:5) [ 264.017665][ T8410] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 266.130986][ T92] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 266.647701][ T30] audit: type=1400 audit(1752935616.774:564): avc: denied { mount } for pid=8438 comm="syz.1.715" name="/" dev="autofs" ino=19153 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 266.696150][ T30] audit: type=1400 audit(1752935616.784:565): avc: denied { mounton } for pid=8438 comm="syz.1.715" path="/137/file1/file0" dev="autofs" ino=19160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 266.791758][ T92] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 266.803409][ T30] audit: type=1400 audit(1752935616.784:566): avc: denied { mount } for pid=8438 comm="syz.1.715" name="/" dev="hugetlbfs" ino=19161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 266.839347][ T92] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 266.855538][ T92] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.877558][ T92] usb 5-1: config 0 descriptor?? [ 266.882870][ T30] audit: type=1400 audit(1752935616.784:567): avc: denied { unmount } for pid=8438 comm="syz.1.715" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 266.906035][ T92] pwc: Askey VC010 type 2 USB webcam detected. [ 266.962486][ T30] audit: type=1400 audit(1752935617.094:568): avc: denied { unmount } for pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 267.028722][ T8447] 8021q: adding VLAN 0 to HW filter on device bond0 [ 267.129730][ T8447] bond0: (slave rose0): Enslaving as an active interface with an up link [ 267.566439][ T8457] siw: device registration error -23 [ 267.830644][ T92] pwc: recv_control_msg error -32 req 02 val 2700 [ 267.850246][ T92] pwc: recv_control_msg error -32 req 02 val 2c00 [ 267.861759][ T92] pwc: recv_control_msg error -32 req 04 val 1000 [ 267.875696][ T92] pwc: recv_control_msg error -71 req 04 val 1300 [ 267.883113][ T92] pwc: recv_control_msg error -71 req 04 val 1400 [ 267.889969][ T92] pwc: recv_control_msg error -71 req 02 val 2000 [ 267.904848][ T92] pwc: recv_control_msg error -71 req 02 val 2100 [ 267.917335][ T92] pwc: recv_control_msg error -71 req 04 val 1500 [ 267.937057][ T92] pwc: recv_control_msg error -71 req 02 val 2500 [ 268.138556][ T92] pwc: recv_control_msg error -71 req 02 val 2400 [ 268.313602][ T92] pwc: recv_control_msg error -71 req 02 val 2600 [ 268.325422][ T92] pwc: recv_control_msg error -71 req 02 val 2900 [ 268.333094][ T92] pwc: recv_control_msg error -71 req 02 val 2800 [ 268.339946][ T92] pwc: recv_control_msg error -71 req 04 val 1100 [ 268.363136][ T92] pwc: recv_control_msg error -71 req 04 val 1200 [ 268.377257][ T8466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 268.535775][ T8472] pimreg3: entered allmulticast mode [ 268.572826][ T92] pwc: Registered as video103. [ 268.579211][ T92] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input17 [ 268.656032][ T8472] bond1: entered promiscuous mode [ 268.661270][ T8472] bond1: entered allmulticast mode [ 268.668882][ T8466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 268.679478][ T8472] 8021q: adding VLAN 0 to HW filter on device bond1 [ 268.726538][ T92] usb 5-1: USB disconnect, device number 25 [ 268.727263][ T8473] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 268.748759][ T30] audit: type=1400 audit(1752935618.874:569): avc: denied { getattr } for pid=8469 comm="syz.2.725" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 268.897243][ T8476] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 268.897452][ T8474] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.160964][ T8473] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.253380][ T8485] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 269.980771][ T8492] ucma_write: process 454 (syz.2.729) changed security contexts after opening file descriptor, this is not allowed. [ 270.838612][ T8496] vivid-001: disconnect [ 270.844612][ T8495] vivid-001: reconnect [ 270.957438][ T8498] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 270.984172][ T8504] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048) [ 271.004767][ T8505] vlan2: entered promiscuous mode [ 271.009969][ T8505] vlan2: entered allmulticast mode [ 271.025009][ T8510] siw: device registration error -23 [ 271.045311][ T8512] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 271.081031][ T8505] hsr_slave_1: entered allmulticast mode [ 271.410781][ T5933] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 271.572055][ T5933] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 271.592485][ T5933] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 271.601656][ T5933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.617990][ T5933] usb 3-1: config 0 descriptor?? [ 271.646712][ T5933] pwc: Askey VC010 type 2 USB webcam detected. [ 271.647543][ T8526] 8021q: adding VLAN 0 to HW filter on device bond1 [ 272.023099][ T30] audit: type=1400 audit(1752935622.154:570): avc: denied { map } for pid=8532 comm="syz.4.742" path="socket:[19385]" dev="sockfs" ino=19385 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 272.049127][ T30] audit: type=1400 audit(1752935622.154:571): avc: denied { accept } for pid=8532 comm="syz.4.742" path="socket:[19385]" dev="sockfs" ino=19385 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 272.329504][ T5933] pwc: recv_control_msg error -32 req 02 val 2700 [ 272.352905][ T5933] pwc: recv_control_msg error -32 req 02 val 2c00 [ 272.382271][ T5933] pwc: recv_control_msg error -32 req 04 val 1000 [ 272.389979][ T5933] pwc: recv_control_msg error -71 req 04 val 1300 [ 272.397912][ T5933] pwc: recv_control_msg error -71 req 04 val 1400 [ 272.420195][ T5933] pwc: recv_control_msg error -71 req 02 val 2000 [ 272.431372][ T5933] pwc: recv_control_msg error -71 req 02 val 2100 [ 272.438896][ T5933] pwc: recv_control_msg error -71 req 04 val 1500 [ 272.446877][ T5933] pwc: recv_control_msg error -71 req 02 val 2500 [ 272.454593][ T5933] pwc: recv_control_msg error -71 req 02 val 2400 [ 272.462690][ T5933] pwc: recv_control_msg error -71 req 02 val 2600 [ 272.470211][ T5933] pwc: recv_control_msg error -71 req 02 val 2900 [ 272.477935][ T5933] pwc: recv_control_msg error -71 req 02 val 2800 [ 272.486508][ T5933] pwc: recv_control_msg error -71 req 04 val 1100 [ 272.496219][ T5933] pwc: recv_control_msg error -71 req 04 val 1200 [ 272.614548][ T5933] pwc: Registered as video103. [ 272.630694][ T5933] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input18 [ 272.656029][ T5933] usb 3-1: USB disconnect, device number 32 [ 273.199092][ T8545] netlink: 4 bytes leftover after parsing attributes in process `syz.0.744'. [ 274.551660][ T30] audit: type=1400 audit(1752935624.614:572): avc: denied { bind } for pid=8551 comm="syz.4.747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 276.146869][ T30] audit: type=1400 audit(1752935626.274:573): avc: denied { bind } for pid=8583 comm="syz.3.755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 276.637824][ T8593] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 277.033727][ T30] audit: type=1400 audit(1752935627.164:574): avc: denied { name_connect } for pid=8594 comm="syz.0.758" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 277.061023][ T8587] netlink: 'syz.2.757': attribute type 1 has an invalid length. [ 277.161642][ T8587] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 277.171039][ T8587] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 277.179831][ T8587] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 277.188725][ T8587] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 277.199183][ T8587] bond1: (slave geneve2): making interface the new active one [ 277.207486][ T8587] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 277.276503][ T8587] netlink: 28 bytes leftover after parsing attributes in process `syz.2.757'. [ 277.306727][ T30] audit: type=1326 audit(1752935627.424:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8586 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba6038e929 code=0x7ffc0000 [ 277.481618][ T30] audit: type=1326 audit(1752935627.424:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8586 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba6038e929 code=0x7ffc0000 [ 277.562884][ T30] audit: type=1326 audit(1752935627.424:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8586 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7fba6038e929 code=0x7ffc0000 [ 277.607959][ T30] audit: type=1326 audit(1752935627.424:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8586 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba6038e929 code=0x7ffc0000 [ 277.677364][ T30] audit: type=1326 audit(1752935627.424:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8586 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba6038e929 code=0x7ffc0000 [ 277.700571][ C0] vkms_vblank_simulate: vblank timer overrun [ 277.996505][ T51] Bluetooth: hci1: unexpected event for opcode 0x2023 [ 278.783962][ T8633] hsr0: entered promiscuous mode [ 279.786107][ T8643] zonefs (nullb0) ERROR: Not a zoned block device [ 279.909224][ T837] usb 3-1: new full-speed USB device number 33 using dummy_hcd [ 280.261064][ T30] audit: type=1400 audit(1752935630.394:580): avc: denied { audit_read } for pid=8648 comm="syz.1.773" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 280.262240][ T837] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 280.450474][ T837] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 280.468314][ T837] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 280.481475][ T837] usb 3-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 280.490732][ T837] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.514004][ T30] audit: type=1400 audit(1752935630.634:581): avc: denied { mount } for pid=8650 comm="syz.1.775" name="/" dev="configfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 280.521067][ T837] usb 3-1: config 0 descriptor?? [ 280.543183][ T30] audit: type=1400 audit(1752935630.634:582): avc: denied { search } for pid=8650 comm="syz.1.775" name="/" dev="configfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 280.567473][ T30] audit: type=1400 audit(1752935630.634:583): avc: denied { search } for pid=8650 comm="syz.1.775" name="/" dev="configfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 280.593603][ T8637] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 280.638858][ T8656] FAULT_INJECTION: forcing a failure. [ 280.638858][ T8656] name failslab, interval 1, probability 0, space 0, times 0 [ 280.651664][ T8656] CPU: 1 UID: 0 PID: 8656 Comm: syz.0.776 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 280.651687][ T8656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 280.651696][ T8656] Call Trace: [ 280.651702][ T8656] [ 280.651706][ T8656] dump_stack_lvl+0x16c/0x1f0 [ 280.651726][ T8656] should_fail_ex+0x512/0x640 [ 280.651740][ T8656] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 280.651754][ T8656] should_failslab+0xc2/0x120 [ 280.651772][ T8656] __kmalloc_cache_noprof+0x6a/0x3e0 [ 280.651785][ T8656] ? alloc_fs_context+0x57/0x9c0 [ 280.651803][ T8656] alloc_fs_context+0x57/0x9c0 [ 280.651820][ T8656] path_mount+0xaf8/0x2020 [ 280.651836][ T8656] ? kmem_cache_free+0x2d1/0x4d0 [ 280.651848][ T8656] ? __pfx_path_mount+0x10/0x10 [ 280.651865][ T8656] ? putname+0x154/0x1a0 [ 280.651882][ T8656] __x64_sys_mount+0x28d/0x310 [ 280.651898][ T8656] ? __pfx___x64_sys_mount+0x10/0x10 [ 280.651917][ T8656] do_syscall_64+0xcd/0x4c0 [ 280.651933][ T8656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.651944][ T8656] RIP: 0033:0x7f239078e929 [ 280.651953][ T8656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.651963][ T8656] RSP: 002b:00007f23916d8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 280.651973][ T8656] RAX: ffffffffffffffda RBX: 00007f23909b5fa0 RCX: 00007f239078e929 [ 280.651980][ T8656] RDX: 0000200000000040 RSI: 0000200000000000 RDI: 00002000000000c0 [ 280.651986][ T8656] RBP: 00007f23916d8090 R08: 0000000000000000 R09: 0000000000000000 [ 280.651992][ T8656] R10: 0000000002000010 R11: 0000000000000246 R12: 0000000000000002 [ 280.651998][ T8656] R13: 0000000000000000 R14: 00007f23909b5fa0 R15: 00007ffd6ee5f788 [ 280.652011][ T8656] [ 281.113195][ T837] magicmouse 0003:05AC:0269.0012: hidraw0: USB HID v0.01 Device [HID 05ac:0269] on usb-dummy_hcd.2-1/input0 [ 281.574709][ T837] usb 3-1: USB disconnect, device number 33 [ 281.636369][ T8666] fido_id[8666]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 282.180815][ T5893] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 282.362898][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 282.374707][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 282.387431][ T5893] usb 5-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.00 [ 282.424774][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.428874][ T8679] FAULT_INJECTION: forcing a failure. [ 282.428874][ T8679] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 282.452947][ T8679] CPU: 1 UID: 0 PID: 8679 Comm: syz.3.784 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 282.452970][ T8679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 282.452979][ T8679] Call Trace: [ 282.452984][ T8679] [ 282.452990][ T8679] dump_stack_lvl+0x16c/0x1f0 [ 282.453019][ T8679] should_fail_ex+0x512/0x640 [ 282.453044][ T8679] should_fail_alloc_page+0xe7/0x130 [ 282.453069][ T8679] prepare_alloc_pages+0x3c2/0x610 [ 282.453088][ T8679] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 282.453115][ T8679] ? __lock_acquire+0x622/0x1c90 [ 282.453143][ T8679] ? xas_create+0x1d7/0x1460 [ 282.453158][ T8679] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 282.453182][ T8679] ? lock_acquire+0x179/0x350 [ 282.453206][ T8679] ? rcu_is_watching+0x12/0xc0 [ 282.453233][ T8679] ? __lock_acquire+0x622/0x1c90 [ 282.453257][ T8679] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 282.453279][ T8679] ? policy_nodemask+0xea/0x4e0 [ 282.453304][ T8679] alloc_pages_mpol+0x1fb/0x550 [ 282.453326][ T8679] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 282.453351][ T8679] ? filemap_get_entry+0x1a7/0x3b0 [ 282.453379][ T8679] folio_alloc_noprof+0x20/0x2d0 [ 282.453394][ T8679] filemap_alloc_folio_noprof+0x3a1/0x470 [ 282.453415][ T8679] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 282.453442][ T8679] __filemap_get_folio+0x5e1/0xc30 [ 282.453472][ T8679] fuse_write_begin+0x14d/0x5f0 [ 282.453493][ T8679] generic_perform_write+0x3cd/0x930 [ 282.453520][ T8679] ? __pfx_generic_perform_write+0x10/0x10 [ 282.453541][ T8679] ? generic_write_checks+0x311/0x480 [ 282.453561][ T8679] ? __pfx_generic_write_checks+0x10/0x10 [ 282.453582][ T8679] __generic_file_write_iter+0x1f7/0x240 [ 282.453609][ T8679] generic_file_write_iter+0xe1/0x3c0 [ 282.453632][ T8679] fuse_file_write_iter+0x6be/0x950 [ 282.453657][ T8679] vfs_write+0x6c4/0x1150 [ 282.453677][ T8679] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 282.453698][ T8679] ? __pfx___mutex_lock+0x10/0x10 [ 282.453723][ T8679] ? __pfx_vfs_write+0x10/0x10 [ 282.453767][ T8679] ksys_write+0x12a/0x250 [ 282.453787][ T8679] ? __pfx_ksys_write+0x10/0x10 [ 282.453813][ T8679] do_syscall_64+0xcd/0x4c0 [ 282.453840][ T8679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.453861][ T8679] RIP: 0033:0x7fd0ed18e929 [ 282.453875][ T8679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.453891][ T8679] RSP: 002b:00007fd0ee0b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 282.453908][ T8679] RAX: ffffffffffffffda RBX: 00007fd0ed3b5fa0 RCX: 00007fd0ed18e929 [ 282.453919][ T8679] RDX: 00000000fffffdef RSI: 00002000000000c0 RDI: 0000000000000006 [ 282.453930][ T8679] RBP: 00007fd0ee0b4090 R08: 0000000000000000 R09: 0000000000000000 [ 282.453940][ T8679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 282.453949][ T8679] R13: 0000000000000000 R14: 00007fd0ed3b5fa0 R15: 00007fffdd669578 [ 282.453973][ T8679] [ 282.460636][ T5893] usb 5-1: config 0 descriptor?? [ 282.690640][ T5933] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 282.923487][ T5933] usb 3-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config [ 282.933907][ T5933] usb 3-1: config 5 has 0 interfaces, different from the descriptor's value: 1 [ 282.945663][ T5933] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 282.948301][ T8689] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8689 comm=syz.3.787 [ 282.955102][ T5933] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 282.977187][ T5933] usb 3-1: SerialNumber: syz [ 283.055221][ T8687] netlink: 32 bytes leftover after parsing attributes in process `syz.3.787'. [ 283.128430][ T5893] waltop 0003:172F:0038.0013: hidraw0: USB HID v0.00 Device [HID 172f:0038] on usb-dummy_hcd.4-1/input0 [ 283.219758][ T8684] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 283.240490][ T8684] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 283.254070][ T5893] usb 3-1: USB disconnect, device number 34 [ 283.295644][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 283.295661][ T30] audit: type=1400 audit(1752935633.424:591): avc: denied { append } for pid=8691 comm="syz.0.788" name="btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 283.551596][ T5965] usb 1-1: new full-speed USB device number 27 using dummy_hcd [ 283.701809][ T5965] usb 1-1: device descriptor read/64, error -71 [ 283.926052][ T8704] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 283.970698][ T5965] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 284.120675][ T5965] usb 1-1: device descriptor read/64, error -71 [ 284.232107][ T8714] siw: device registration error -23 [ 284.241351][ T5965] usb usb1-port1: attempt power cycle [ 284.252329][ T30] audit: type=1400 audit(1752935634.384:592): avc: denied { create } for pid=8713 comm="syz.3.796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 284.281496][ T30] audit: type=1400 audit(1752935634.384:593): avc: denied { write } for pid=8713 comm="syz.3.796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 284.359538][ T30] audit: type=1400 audit(1752935634.484:594): avc: denied { append } for pid=8713 comm="syz.3.796" name="event1" dev="devtmpfs" ino=919 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 285.110555][ T5965] usb 1-1: new full-speed USB device number 29 using dummy_hcd [ 285.204029][ T5927] usb 5-1: USB disconnect, device number 26 [ 285.231871][ T5965] usb 1-1: device descriptor read/8, error -71 [ 285.357840][ T8718] netlink: 4 bytes leftover after parsing attributes in process `syz.4.797'. [ 285.500930][ T5965] usb 1-1: new full-speed USB device number 30 using dummy_hcd [ 285.579894][ T5965] usb 1-1: device descriptor read/8, error -71 [ 285.713968][ T5965] usb usb1-port1: unable to enumerate USB device [ 286.645252][ T8739] FAULT_INJECTION: forcing a failure. [ 286.645252][ T8739] name failslab, interval 1, probability 0, space 0, times 0 [ 286.704348][ T8739] CPU: 1 UID: 0 PID: 8739 Comm: syz.0.802 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 286.704377][ T8739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 286.704387][ T8739] Call Trace: [ 286.704393][ T8739] [ 286.704400][ T8739] dump_stack_lvl+0x16c/0x1f0 [ 286.704431][ T8739] should_fail_ex+0x512/0x640 [ 286.704453][ T8739] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 286.704476][ T8739] should_failslab+0xc2/0x120 [ 286.704501][ T8739] __kmalloc_cache_noprof+0x6a/0x3e0 [ 286.704521][ T8739] ? v9fs_mount+0xa6/0xa30 [ 286.704545][ T8739] v9fs_mount+0xa6/0xa30 [ 286.704564][ T8739] ? __pfx_v9fs_mount+0x10/0x10 [ 286.704584][ T8739] ? cap_capable+0xb3/0x250 [ 286.704605][ T8739] ? __pfx_v9fs_mount+0x10/0x10 [ 286.704623][ T8739] legacy_get_tree+0x109/0x220 [ 286.704651][ T8739] vfs_get_tree+0x8e/0x340 [ 286.704669][ T8739] path_mount+0x1414/0x2020 [ 286.704698][ T8739] ? kmem_cache_free+0x2d1/0x4d0 [ 286.704718][ T8739] ? __pfx_path_mount+0x10/0x10 [ 286.704747][ T8739] ? putname+0x154/0x1a0 [ 286.704776][ T8739] __x64_sys_mount+0x28d/0x310 [ 286.704803][ T8739] ? __pfx___x64_sys_mount+0x10/0x10 [ 286.704837][ T8739] do_syscall_64+0xcd/0x4c0 [ 286.704865][ T8739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.704883][ T8739] RIP: 0033:0x7f239078e929 [ 286.704897][ T8739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 286.704913][ T8739] RSP: 002b:00007f23916d8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 286.704929][ T8739] RAX: ffffffffffffffda RBX: 00007f23909b5fa0 RCX: 00007f239078e929 [ 286.704941][ T8739] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000 [ 286.704951][ T8739] RBP: 00007f23916d8090 R08: 0000200000000240 R09: 0000000000000000 [ 286.704961][ T8739] R10: 0000000000800000 R11: 0000000000000246 R12: 0000000000000002 [ 286.704976][ T8739] R13: 0000000000000000 R14: 00007f23909b5fa0 R15: 00007ffd6ee5f788 [ 286.705002][ T8739] [ 287.456648][ T8752] netlink: 16 bytes leftover after parsing attributes in process `syz.0.804'. [ 288.216374][ T8754] vlan2: entered promiscuous mode [ 288.226912][ T8754] vlan2: entered allmulticast mode [ 288.672715][ T30] audit: type=1400 audit(1752935638.794:595): avc: denied { listen } for pid=8762 comm="syz.2.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 288.755593][ T30] audit: type=1326 audit(1752935638.834:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8762 comm="syz.2.808" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba6038e929 code=0x0 [ 288.783051][ T51] Bluetooth: hci4: unexpected event for opcode 0x2023 [ 288.845961][ T8766] 9pnet: Could not find request transport: fùxdno=0xffffffffffffffff [ 289.481661][ T8772] netlink: 4 bytes leftover after parsing attributes in process `syz.1.810'. [ 289.920655][ T5933] usb 1-1: new full-speed USB device number 31 using dummy_hcd [ 289.973976][ T8782] ceph: No mds server is up or the cluster is laggy [ 289.982015][ T5927] libceph: connect (1)[c::]:6789 error -97 [ 289.988669][ T5927] libceph: mon0 (1)[c::]:6789 connect error [ 290.154902][ T5933] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 290.349532][ T5933] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 290.350190][ T8792] ubi31: attaching mtd0 [ 290.385129][ T8792] ubi31: scanning is finished [ 290.385697][ T5933] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 290.400711][ T8792] ubi31: empty MTD device detected [ 290.495360][ T5933] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 290.504883][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.513419][ T5933] usb 1-1: Product: syz [ 290.520030][ T5933] usb 1-1: Manufacturer: syz [ 290.739155][ T8792] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 290.748224][ T8792] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 290.751346][ T5933] usb 1-1: SerialNumber: syz [ 290.762846][ T8792] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 290.773844][ T8792] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 290.783105][ T8792] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 290.792064][ T8792] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 290.802491][ T8792] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4120297952 [ 290.813343][ T8792] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 290.840041][ T8794] ubi31: background thread "ubi_bgt31d" started, PID 8794 [ 290.841040][ T5933] usb 1-1: config 0 descriptor?? [ 290.940137][ T8798] siw: device registration error -23 [ 290.981131][ T8784] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 290.988334][ T8784] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 290.996320][ T5933] usb 1-1: ucan: probing device on interface #0 [ 291.178160][ T8802] netlink: 12 bytes leftover after parsing attributes in process `syz.1.817'. [ 291.464041][ T8803] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 291.514180][ T5933] usb 1-1: ucan: device reported invalid device info [ 291.547845][ T30] audit: type=1400 audit(1752935641.674:597): avc: denied { accept } for pid=8804 comm="syz.2.818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 291.576300][ T5933] usb 1-1: ucan: probe failed; try to update the device firmware [ 292.166128][ T30] audit: type=1400 audit(1752935642.284:598): avc: denied { getattr } for pid=8811 comm="syz.1.820" name="/" dev="secretmem" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 292.714325][ T30] audit: type=1400 audit(1752935642.834:599): avc: denied { write } for pid=8815 comm="syz.1.822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 292.785132][ T5933] usb 1-1: USB disconnect, device number 31 [ 293.700893][ T8833] netlink: 8 bytes leftover after parsing attributes in process `syz.2.826'. [ 293.727300][ T8833] netlink: 36 bytes leftover after parsing attributes in process `syz.2.826'. [ 293.750728][ T8839] binder: 8837:8839 ioctl c0306201 200000000180 returned -22 [ 293.759247][ T30] audit: type=1400 audit(1752935643.884:600): avc: denied { remount } for pid=8837 comm="syz.4.828" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 293.790770][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.2.826'. [ 293.942094][ T8848] netlink: 8 bytes leftover after parsing attributes in process `syz.3.829'. [ 294.090884][ T837] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 294.510598][ T837] usb 5-1: Using ep0 maxpacket: 32 [ 294.526271][ T837] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 294.553545][ T837] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.603070][ T837] usb 5-1: config 0 descriptor?? [ 294.635217][ T837] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 294.825145][ T837] gspca_nw80x: reg_w err -71 [ 294.830229][ T837] nw80x 5-1:0.0: probe with driver nw80x failed with error -71 [ 295.054296][ T837] usb 5-1: USB disconnect, device number 27 [ 295.134192][ T30] audit: type=1400 audit(1752935645.254:601): avc: denied { read } for pid=8859 comm="syz.2.836" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 295.448746][ T30] audit: type=1400 audit(1752935645.254:602): avc: denied { open } for pid=8859 comm="syz.2.836" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 295.872290][ T30] audit: type=1400 audit(1752935645.554:603): avc: denied { append } for pid=8859 comm="syz.2.836" name="card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 295.914239][ T8867] netlink: 56 bytes leftover after parsing attributes in process `syz.3.837'. [ 295.966679][ T30] audit: type=1400 audit(1752935645.724:604): avc: denied { write } for pid=8865 comm="syz.3.837" path="socket:[20417]" dev="sockfs" ino=20417 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 296.004612][ T30] audit: type=1400 audit(1752935645.794:605): avc: denied { setattr } for pid=8870 comm="syz.1.838" name="NETLINK" dev="sockfs" ino=20430 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 296.050959][ T8863] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 296.058736][ T8863] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 296.331911][ T8863] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 296.338420][ T8863] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 296.350417][ T8863] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 296.356820][ T8863] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 296.377438][ T8863] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 296.393056][ T8863] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 296.670952][ T5927] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 296.820764][ T92] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 296.940698][ T5927] usb 4-1: Using ep0 maxpacket: 16 [ 296.950606][ T92] usb 1-1: device descriptor read/64, error -71 [ 296.951942][ T5927] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 296.971181][ T5927] usb 4-1: config 0 has no interface number 0 [ 296.977510][ T5927] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 296.988958][ T5927] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 296.999224][ T837] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 297.012859][ T5927] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 297.022319][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 297.030596][ T5927] usb 4-1: Product: syz [ 297.035428][ T5927] usb 4-1: SerialNumber: syz [ 297.053321][ T5927] usb 4-1: config 0 descriptor?? [ 297.081853][ T5927] cm109 4-1:0.8: invalid payload size 0, expected 4 [ 297.093207][ T5927] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input19 [ 297.140704][ T837] usb 3-1: device descriptor read/64, error -71 [ 297.190644][ T92] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 297.282616][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 297.331785][ T92] usb 1-1: device descriptor read/64, error -71 [ 297.380840][ T837] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 297.419309][ T8903] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=8903 comm=syz.1.849 [ 297.441495][ T92] usb usb1-port1: attempt power cycle [ 297.497434][ C0] cm109_urb_ctl_callback: 6 callbacks suppressed [ 297.497456][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 297.511516][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 297.518680][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 297.525895][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 297.530616][ T837] usb 3-1: device descriptor read/64, error -71 [ 297.533068][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 297.547045][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 297.556092][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 297.563329][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 297.570598][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 297.577829][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 297.640984][ T837] usb usb3-port1: attempt power cycle [ 297.698305][ T5872] usb 4-1: USB disconnect, device number 25 [ 297.698354][ C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 297.741571][ T5872] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 297.960595][ T92] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 298.014144][ T51] Bluetooth: hci0: command 0x0401 tx timeout [ 298.021578][ T837] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 298.172751][ T837] usb 3-1: device descriptor read/8, error -71 [ 298.509826][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 298.516995][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 298.524245][ T837] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 298.533295][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 298.572886][ T837] usb 3-1: device descriptor read/8, error -71 [ 298.706348][ T92] usb 1-1: device descriptor read/8, error -71 [ 298.724688][ T837] usb usb3-port1: unable to enumerate USB device [ 299.974639][ T8924] input: syz1 as /devices/virtual/input/input20 [ 300.003455][ T30] audit: type=1400 audit(1752935650.134:606): avc: denied { write } for pid=8925 comm="syz.2.857" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 300.090639][ T5818] Bluetooth: hci0: command 0x0401 tx timeout [ 300.570718][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 300.577102][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 300.583459][ T5818] Bluetooth: hci1: command 0x0406 tx timeout [ 300.790612][ T30] audit: type=1400 audit(1752935650.914:607): avc: denied { map } for pid=8932 comm="syz.4.860" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 300.936388][ T8953] tipc: Started in network mode [ 300.941662][ T8953] tipc: Node identity 7f000001, cluster identity 4711 [ 300.949854][ T8953] tipc: Enabled bearer , priority 10 [ 300.963303][ T8944] lo speed is unknown, defaulting to 1000 [ 300.985383][ T30] audit: type=1400 audit(1752935650.914:608): avc: denied { execute } for pid=8932 comm="syz.4.860" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 301.237727][ T8969] netlink: 24 bytes leftover after parsing attributes in process `syz.0.868'. [ 301.306455][ T8976] FAULT_INJECTION: forcing a failure. [ 301.306455][ T8976] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 301.343563][ T8976] CPU: 1 UID: 0 PID: 8976 Comm: syz.3.870 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 301.343589][ T8976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 301.343599][ T8976] Call Trace: [ 301.343605][ T8976] [ 301.343611][ T8976] dump_stack_lvl+0x16c/0x1f0 [ 301.343641][ T8976] should_fail_ex+0x512/0x640 [ 301.343667][ T8976] _copy_to_user+0x32/0xd0 [ 301.343693][ T8976] simple_read_from_buffer+0xcb/0x170 [ 301.343719][ T8976] proc_fail_nth_read+0x197/0x270 [ 301.343742][ T8976] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 301.343765][ T8976] ? rw_verify_area+0xcf/0x680 [ 301.343783][ T8976] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 301.343805][ T8976] vfs_read+0x1e4/0xc60 [ 301.343834][ T8976] ? __pfx___mutex_lock+0x10/0x10 [ 301.343859][ T8976] ? __pfx_vfs_read+0x10/0x10 [ 301.343886][ T8976] ? __fget_files+0x20e/0x3c0 [ 301.343917][ T8976] ksys_read+0x12a/0x250 [ 301.343938][ T8976] ? __pfx_ksys_read+0x10/0x10 [ 301.343966][ T8976] do_syscall_64+0xcd/0x4c0 [ 301.343993][ T8976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.344011][ T8976] RIP: 0033:0x7fd0ed18d33c [ 301.344025][ T8976] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 301.344041][ T8976] RSP: 002b:00007fd0ee0b4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 301.344058][ T8976] RAX: ffffffffffffffda RBX: 00007fd0ed3b5fa0 RCX: 00007fd0ed18d33c [ 301.344069][ T8976] RDX: 000000000000000f RSI: 00007fd0ee0b40a0 RDI: 0000000000000003 [ 301.344078][ T8976] RBP: 00007fd0ee0b4090 R08: 0000000000000000 R09: 0000000000000000 [ 301.344088][ T8976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.344098][ T8976] R13: 0000000000000000 R14: 00007fd0ed3b5fa0 R15: 00007fffdd669578 [ 301.344122][ T8976] [ 301.929822][ T8994] netlink: 40 bytes leftover after parsing attributes in process `syz.0.878'. [ 302.305518][ T837] tipc: Node number set to 2130706433 [ 302.311298][ T30] audit: type=1400 audit(1752935652.144:609): avc: denied { accept } for pid=8986 comm="syz.0.878" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 302.346572][ T8998] FAULT_INJECTION: forcing a failure. [ 302.346572][ T8998] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 302.359843][ T8998] CPU: 0 UID: 0 PID: 8998 Comm: syz.4.877 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 302.359867][ T8998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 302.359876][ T8998] Call Trace: [ 302.359881][ T8998] [ 302.359888][ T8998] dump_stack_lvl+0x16c/0x1f0 [ 302.359916][ T8998] should_fail_ex+0x512/0x640 [ 302.359939][ T8998] _copy_from_user+0x2e/0xd0 [ 302.359961][ T8998] memdup_user+0x6b/0xe0 [ 302.359982][ T8998] strndup_user+0x78/0xe0 [ 302.360003][ T8998] __x64_sys_mount+0x180/0x310 [ 302.360026][ T8998] ? __pfx___x64_sys_mount+0x10/0x10 [ 302.360050][ T8998] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 302.360074][ T8998] do_syscall_64+0xcd/0x4c0 [ 302.360098][ T8998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.360115][ T8998] RIP: 0033:0x7f331218e929 [ 302.360128][ T8998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.360144][ T8998] RSP: 002b:00007f3313021038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 302.360159][ T8998] RAX: ffffffffffffffda RBX: 00007f33123b6080 RCX: 00007f331218e929 [ 302.360170][ T8998] RDX: 0000200000000180 RSI: 0000200000000040 RDI: 0000200000000140 [ 302.360180][ T8998] RBP: 00007f3313021090 R08: 0000000000000000 R09: 0000000000000000 [ 302.360189][ T8998] R10: 0000000002208004 R11: 0000000000000246 R12: 0000000000000001 [ 302.360199][ T8998] R13: 0000000000000001 R14: 00007f33123b6080 R15: 00007fff817022c8 [ 302.360221][ T8998] [ 302.365028][ T8992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.876'. [ 302.895349][ T8992] bond_slave_0: entered promiscuous mode [ 302.901326][ T8992] bond_slave_1: entered promiscuous mode [ 302.908645][ T8992] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 303.070710][ T92] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 303.159764][ T30] audit: type=1400 audit(1752935653.194:610): avc: denied { mounton } for pid=9000 comm="syz.0.880" path="/191/file0" dev="configfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 303.388515][ T30] audit: type=1400 audit(1752935653.214:611): avc: denied { read } for pid=9000 comm="syz.0.880" name="/" dev="configfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 303.902270][ T30] audit: type=1400 audit(1752935653.214:612): avc: denied { open } for pid=9000 comm="syz.0.880" path="/191/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 303.925029][ T30] audit: type=1400 audit(1752935653.214:613): avc: denied { read } for pid=9000 comm="syz.0.880" name="/" dev="configfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 303.946738][ C0] vkms_vblank_simulate: vblank timer overrun [ 303.953131][ T92] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 303.963438][ T92] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 303.972372][ T30] audit: type=1400 audit(1752935653.214:614): avc: denied { read } for pid=9000 comm="syz.0.880" name="/" dev="configfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 303.994073][ C0] vkms_vblank_simulate: vblank timer overrun [ 304.000159][ T92] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 304.038156][ T92] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 304.047665][ T92] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.055727][ T92] usb 5-1: Product: syz [ 304.060083][ T92] usb 5-1: Manufacturer: syz [ 304.065290][ T30] audit: type=1400 audit(1752935654.194:615): avc: denied { unmount } for pid=5806 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 304.087074][ T92] usb 5-1: SerialNumber: syz [ 304.111751][ T92] cdc_ncm 5-1:1.0: NCM or ECM functional descriptors missing [ 304.119193][ T92] cdc_ncm 5-1:1.0: bind() failure [ 304.164050][ T9012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.237673][ T9012] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.312607][ T5927] usb 5-1: USB disconnect, device number 28 [ 304.693411][ T9027] 9pnet_fd: Insufficient options for proto=fd [ 305.667670][ T30] audit: type=1400 audit(1752935655.794:616): avc: denied { map } for pid=9029 comm="syz.1.888" path="socket:[21327]" dev="sockfs" ino=21327 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 305.813655][ T30] audit: type=1400 audit(1752935655.944:617): avc: denied { setopt } for pid=9037 comm="syz.3.891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 305.836055][ T9038] trusted_key: syz.3.891 sent an empty control message without MSG_MORE. [ 306.003752][ T9046] netlink: 'syz.2.893': attribute type 1 has an invalid length. [ 306.116201][ T30] audit: type=1400 audit(1752935656.244:618): avc: denied { getopt } for pid=9045 comm="syz.2.893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 306.370733][ T5872] usb 1-1: new low-speed USB device number 36 using dummy_hcd [ 306.611165][ T5872] usb 1-1: no configurations [ 306.615941][ T5872] usb 1-1: can't read configurations, error -22 [ 306.750592][ T5872] usb 1-1: new low-speed USB device number 37 using dummy_hcd [ 306.887381][ T9061] netlink: 28 bytes leftover after parsing attributes in process `syz.3.899'. [ 306.953980][ T30] audit: type=1400 audit(1752935657.074:619): avc: denied { relabelfrom } for pid=9063 comm="syz.4.901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 306.977992][ T30] audit: type=1400 audit(1752935657.084:620): avc: denied { relabelto } for pid=9063 comm="syz.4.901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 307.064461][ T5872] usb 1-1: no configurations [ 307.069332][ T5872] usb 1-1: can't read configurations, error -22 [ 307.106706][ T5872] usb usb1-port1: attempt power cycle [ 307.170798][ T5893] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 307.321722][ T5893] usb 4-1: Using ep0 maxpacket: 8 [ 307.334912][ T5893] usb 4-1: unable to get BOS descriptor or descriptor too short [ 307.369870][ T5893] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 307.438316][ T5893] usb 4-1: can't read configurations, error -71 [ 307.480707][ T5872] usb 1-1: new low-speed USB device number 38 using dummy_hcd [ 307.698239][ T5872] usb 1-1: no configurations [ 307.733960][ T5872] usb 1-1: can't read configurations, error -22 [ 307.922373][ T5872] usb 1-1: new low-speed USB device number 39 using dummy_hcd [ 307.983680][ T5872] usb 1-1: no configurations [ 308.004011][ T5872] usb 1-1: can't read configurations, error -22 [ 308.071059][ T5872] usb usb1-port1: unable to enumerate USB device [ 308.777925][ T9089] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 309.165341][ T9089] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 309.236239][ T9089] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 309.620649][ T5893] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 309.886576][ T5893] usb 3-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 50827, setting to 1024 [ 309.898116][ T5893] usb 3-1: config 0 interface 0 has no altsetting 0 [ 309.905130][ T5893] usb 3-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 309.915035][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.925388][ T5893] usb 3-1: config 0 descriptor?? [ 309.931811][ T9102] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 309.948740][ T9111] netlink: 'syz.3.916': attribute type 64 has an invalid length. [ 309.959066][ T9111] netlink: 44 bytes leftover after parsing attributes in process `syz.3.916'. [ 310.348666][ T5893] usbhid 3-1:0.0: can't add hid device: -71 [ 310.366219][ T5893] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 310.391903][ T5893] usb 3-1: USB disconnect, device number 39 [ 310.969049][ T9126] FAULT_INJECTION: forcing a failure. [ 310.969049][ T9126] name failslab, interval 1, probability 0, space 0, times 0 [ 311.025873][ T9126] CPU: 1 UID: 0 PID: 9126 Comm: syz.4.920 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 311.025897][ T9126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 311.025907][ T9126] Call Trace: [ 311.025913][ T9126] [ 311.025919][ T9126] dump_stack_lvl+0x16c/0x1f0 [ 311.025948][ T9126] should_fail_ex+0x512/0x640 [ 311.025970][ T9126] ? fs_reclaim_acquire+0xae/0x150 [ 311.025989][ T9126] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 311.026013][ T9126] should_failslab+0xc2/0x120 [ 311.026037][ T9126] __kmalloc_noprof+0xd2/0x510 [ 311.026064][ T9126] tomoyo_realpath_from_path+0xc2/0x6e0 [ 311.026090][ T9126] ? tomoyo_profile+0x47/0x60 [ 311.026118][ T9126] tomoyo_path_number_perm+0x245/0x580 [ 311.026137][ T9126] ? tomoyo_path_number_perm+0x237/0x580 [ 311.026159][ T9126] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 311.026181][ T9126] ? find_held_lock+0x2b/0x80 [ 311.026225][ T9126] ? find_held_lock+0x2b/0x80 [ 311.026244][ T9126] ? hook_file_ioctl_common+0x145/0x410 [ 311.026277][ T9126] ? __fget_files+0x20e/0x3c0 [ 311.026303][ T9126] security_file_ioctl+0x9b/0x240 [ 311.026327][ T9126] __x64_sys_ioctl+0xb7/0x210 [ 311.026348][ T9126] do_syscall_64+0xcd/0x4c0 [ 311.026375][ T9126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.026393][ T9126] RIP: 0033:0x7f331218e929 [ 311.026406][ T9126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.026422][ T9126] RSP: 002b:00007f3313042038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 311.026439][ T9126] RAX: ffffffffffffffda RBX: 00007f33123b5fa0 RCX: 00007f331218e929 [ 311.026450][ T9126] RDX: 00002000000003c0 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 311.026459][ T9126] RBP: 00007f3313042090 R08: 0000000000000000 R09: 0000000000000000 [ 311.026468][ T9126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.026477][ T9126] R13: 0000000000000000 R14: 00007f33123b5fa0 R15: 00007fff817022c8 [ 311.026499][ T9126] [ 311.026506][ T9126] ERROR: Out of memory at tomoyo_realpath_from_path. [ 313.859041][ T30] audit: type=1400 audit(1752935663.904:621): avc: denied { kexec_image_load } for pid=9151 comm="syz.4.929" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 314.258195][ T30] audit: type=1400 audit(1752935664.384:622): avc: denied { setattr } for pid=9165 comm="syz.0.934" name="/" dev="configfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 314.280384][ T837] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 314.280842][ T9168] netlink: 20 bytes leftover after parsing attributes in process `syz.0.934'. [ 314.386430][ T30] audit: type=1400 audit(1752935664.424:623): avc: denied { ioctl } for pid=9169 comm="syz.1.935" path="socket:[22594]" dev="sockfs" ino=22594 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 314.483274][ T837] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 314.520580][ T837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1544, setting to 1024 [ 314.543333][ T30] audit: type=1400 audit(1752935664.454:624): avc: denied { create } for pid=9167 comm="syz.3.936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 314.573807][ T837] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 314.621439][ T837] usb 5-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=81.28 [ 314.640418][ T837] usb 5-1: New USB device strings: Mfr=5, Product=2, SerialNumber=3 [ 314.670973][ T837] usb 5-1: Product: syz [ 314.675186][ T837] usb 5-1: Manufacturer: syz [ 314.679792][ T837] usb 5-1: SerialNumber: syz [ 314.708285][ T837] usb 5-1: config 0 descriptor?? [ 314.723934][ T9163] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 314.740084][ T9163] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 314.794046][ T837] option 5-1:0.0: GSM modem (1-port) converter detected [ 314.813770][ T837] usb 5-1: GSM modem (1-port) converter now attached to ttyUSB0 [ 315.003915][ T5893] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 315.053174][ T9189] overlayfs: missing 'lowerdir' [ 315.201340][ T9152] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 315.217475][ T837] usb 5-1: USB disconnect, device number 29 [ 315.220603][ T5893] usb 1-1: Using ep0 maxpacket: 16 [ 315.230750][ T837] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0 [ 315.232381][ T5893] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 315.253404][ T5893] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 315.258171][ T837] option 5-1:0.0: device disconnected [ 315.263692][ T5893] usb 1-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 315.278368][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.288571][ T5893] usb 1-1: config 0 descriptor?? [ 315.738152][ T5893] hid-picolcd 0003:04D8:F002.0014: unknown main item tag 0x0 [ 315.805046][ T5893] hid-picolcd 0003:04D8:F002.0014: No report with id 0xf4 found [ 315.870190][ T5893] hid-picolcd 0003:04D8:F002.0014: No report with id 0xf3 found [ 316.276186][ T9184] delete_channel: no stack [ 316.319299][ T5893] usb 1-1: USB disconnect, device number 40 [ 316.703438][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.709816][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.046505][ T30] audit: type=1400 audit(1752935667.174:625): avc: denied { map } for pid=9218 comm="syz.4.951" path="socket:[22747]" dev="sockfs" ino=22747 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 317.126580][ T9220] netlink: 164 bytes leftover after parsing attributes in process `syz.4.951'. [ 317.262133][ T9224] dummy0: entered promiscuous mode [ 317.309566][ T9224] lo speed is unknown, defaulting to 1000 [ 319.554652][ T9255] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 319.652525][ T9265] ubi: mtd0 is already attached to ubi31 [ 320.032341][ T30] audit: type=1400 audit(1752935670.064:626): avc: denied { ioctl } for pid=9260 comm="syz.3.964" path="socket:[22904]" dev="sockfs" ino=22904 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 320.107900][ T30] audit: type=1400 audit(1752935670.134:627): avc: denied { create } for pid=9259 comm="syz.1.962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 320.624699][ T30] audit: type=1400 audit(1752935670.144:628): avc: denied { sys_admin } for pid=9259 comm="syz.1.962" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 320.900471][ T9282] netlink: 24 bytes leftover after parsing attributes in process `syz.3.969'. [ 323.311547][ T9279] erofs (device nbd2): cannot find valid erofs superblock [ 323.608475][ T9293] block device autoloading is deprecated and will be removed. [ 325.131155][ T5933] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 325.880699][ T5931] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 326.463360][ T30] audit: type=1326 audit(1752935676.594:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9308 comm="syz.4.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f331218e929 code=0x7ffc0000 [ 326.512927][ T5931] usb 4-1: Using ep0 maxpacket: 32 [ 326.582818][ T9315] netlink: 'syz.1.980': attribute type 7 has an invalid length. [ 326.595062][ T30] audit: type=1326 audit(1752935676.594:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9308 comm="syz.4.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f331218e929 code=0x7ffc0000 [ 326.623585][ T5931] usb 4-1: config 4 has an invalid interface number: 128 but max is 0 [ 326.680708][ T5931] usb 4-1: config 4 has no interface number 0 [ 326.683884][ T30] audit: type=1326 audit(1752935676.614:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9308 comm="syz.4.977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f331218e929 code=0x7ffc0000 [ 326.690599][ T5931] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 326.731476][ T5931] usb 4-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 326.748399][ T5931] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 326.825292][ T5872] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 326.894685][ C1] ================================================================== [ 326.902773][ C1] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x45a/0x4d0 [ 326.910650][ C1] Read of size 2 at addr ffff88807b49dc2a by task syz.0.975/9300 [ 326.918337][ C1] [ 326.920638][ C1] CPU: 1 UID: 0 PID: 9300 Comm: syz.0.975 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 326.920653][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 326.920660][ C1] Call Trace: [ 326.920665][ C1] [ 326.920669][ C1] dump_stack_lvl+0x116/0x1f0 [ 326.920686][ C1] print_report+0xcd/0x680 [ 326.920701][ C1] ? __virt_addr_valid+0x81/0x610 [ 326.920713][ C1] ? __phys_addr+0xe8/0x180 [ 326.920724][ C1] ? rose_timer_expiry+0x45a/0x4d0 [ 326.920737][ C1] kasan_report+0xe0/0x110 [ 326.920751][ C1] ? rose_timer_expiry+0x45a/0x4d0 [ 326.920765][ C1] rose_timer_expiry+0x45a/0x4d0 [ 326.920779][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 326.920792][ C1] call_timer_fn+0x197/0x620 [ 326.920806][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 326.920821][ C1] ? rcu_is_watching+0x12/0xc0 [ 326.920834][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 326.920848][ C1] __run_timers+0x6ef/0x960 [ 326.920863][ C1] ? __pfx___run_timers+0x10/0x10 [ 326.920881][ C1] run_timer_base+0x114/0x190 [ 326.920895][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 326.920909][ C1] ? rcu_is_watching+0x12/0xc0 [ 326.920921][ C1] run_timer_softirq+0x1a/0x40 [ 326.920941][ C1] handle_softirqs+0x219/0x8e0 [ 326.920965][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 326.920985][ C1] __irq_exit_rcu+0x109/0x170 [ 326.920997][ C1] irq_exit_rcu+0x9/0x30 [ 326.921007][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 326.921022][ C1] [ 326.921026][ C1] [ 326.921029][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 326.921041][ C1] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 [ 326.921055][ C1] Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 aa f0 14 f6 48 89 df e8 92 44 15 f6 e8 cd 6b 40 f6 fb bf 01 00 00 00 d2 64 05 f6 65 8b 05 9b 5a 49 08 85 c0 74 06 5b e9 41 4d 00 00 [ 326.921065][ C1] RSP: 0018:ffffc9000c287cd8 EFLAGS: 00000202 [ 326.921074][ C1] RAX: 000000000016e115 RBX: ffff888027e80940 RCX: ffffffff81c3f04f [ 326.921080][ C1] RDX: 0000000000000000 RSI: ffffffff8de1a6a6 RDI: 0000000000000001 [ 326.921087][ C1] RBP: ffff888027e80d40 R08: 0000000000000001 R09: 0000000000000001 [ 326.921092][ C1] R10: ffffffff90a81857 R11: 0000000000000001 R12: 0000000000000000 [ 326.921098][ C1] R13: 0000000000000021 R14: 0000000000000400 R15: ffff888027e80940 [ 326.921106][ C1] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 326.921120][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 326.921132][ C1] get_signal+0x1e6c/0x26d0 [ 326.921147][ C1] ? __pfx_get_signal+0x10/0x10 [ 326.921160][ C1] arch_do_signal_or_restart+0x8f/0x7d0 [ 326.921172][ C1] ? __pfx_restore_altstack+0x10/0x10 [ 326.921186][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 326.921197][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 326.921210][ C1] ? __do_sys_rt_sigreturn+0x16b/0x230 [ 326.921222][ C1] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 326.921234][ C1] exit_to_user_mode_loop+0x84/0x110 [ 326.921246][ C1] do_syscall_64+0x3f6/0x4c0 [ 326.921261][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.921272][ C1] RIP: 0033:0x7f239078e927 [ 326.921280][ C1] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 326.921289][ C1] RSP: 002b:00007f23916d80e8 EFLAGS: 00000246 [ 326.921296][ C1] RAX: 00000000000000ca RBX: 00007f23909b5fa8 RCX: 00007f239078e929 [ 326.921303][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f23909b5fa8 [ 326.921309][ C1] RBP: 00007f23909b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 326.921317][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23909b5fac [ 326.921323][ C1] R13: 0000000000000000 R14: 00007ffd6ee5f6a0 R15: 00007ffd6ee5f788 [ 326.921332][ C1] [ 326.921336][ C1] [ 327.292905][ C1] Allocated by task 8957: [ 327.297204][ C1] kasan_save_stack+0x33/0x60 [ 327.301861][ C1] kasan_save_track+0x14/0x30 [ 327.306524][ C1] __kasan_kmalloc+0xaa/0xb0 [ 327.311097][ C1] garp_init_applicant+0xbb/0x500 [ 327.316096][ C1] register_vlan_dev+0x197/0x940 [ 327.321020][ C1] vlan_ioctl_handler+0x8dd/0xa70 [ 327.326027][ C1] sock_ioctl+0x4b8/0x6b0 [ 327.330330][ C1] __x64_sys_ioctl+0x18b/0x210 [ 327.335068][ C1] do_syscall_64+0xcd/0x4c0 [ 327.339549][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.345417][ C1] [ 327.347715][ C1] Freed by task 6015: [ 327.351678][ C1] kasan_save_stack+0x33/0x60 [ 327.356343][ C1] kasan_save_track+0x14/0x30 [ 327.360999][ C1] kasan_save_free_info+0x3b/0x60 [ 327.365997][ C1] __kasan_slab_free+0x51/0x70 [ 327.370737][ C1] kmem_cache_free_bulk.part.0+0x383/0x7f0 [ 327.376518][ C1] kvfree_rcu_bulk+0x1b7/0x1e0 [ 327.381266][ C1] kfree_rcu_work+0x124/0x1a0 [ 327.385917][ C1] process_one_work+0x9cf/0x1b70 [ 327.390828][ C1] worker_thread+0x6c8/0xf10 [ 327.395399][ C1] kthread+0x3c2/0x780 [ 327.399444][ C1] ret_from_fork+0x5d4/0x6f0 [ 327.404011][ C1] ret_from_fork_asm+0x1a/0x30 [ 327.408748][ C1] [ 327.411053][ C1] Last potentially related work creation: [ 327.416749][ C1] kasan_save_stack+0x33/0x60 [ 327.421412][ C1] kasan_record_aux_stack+0xa7/0xc0 [ 327.426591][ C1] kvfree_call_rcu+0x76/0x470 [ 327.431242][ C1] garp_uninit_applicant+0x284/0x460 [ 327.436502][ C1] unregister_vlan_dev+0x3ff/0x590 [ 327.441586][ C1] vlan_device_event+0x1960/0x2290 [ 327.446668][ C1] notifier_call_chain+0xb9/0x410 [ 327.451674][ C1] call_netdevice_notifiers_info+0xbe/0x140 [ 327.457545][ C1] unregister_netdevice_many_notify+0xf9d/0x2700 [ 327.463857][ C1] unregister_netdevice_queue+0x305/0x3f0 [ 327.469554][ C1] __tun_detach+0x1249/0x1540 [ 327.474205][ C1] tun_chr_close+0xc2/0x230 [ 327.478683][ C1] __fput+0x402/0xb70 [ 327.482643][ C1] task_work_run+0x150/0x240 [ 327.487204][ C1] exit_to_user_mode_loop+0xeb/0x110 [ 327.492464][ C1] do_syscall_64+0x3f6/0x4c0 [ 327.497045][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.502916][ C1] [ 327.505225][ C1] The buggy address belongs to the object at ffff88807b49dc00 [ 327.505225][ C1] which belongs to the cache kmalloc-512 of size 512 [ 327.519260][ C1] The buggy address is located 42 bytes inside of [ 327.519260][ C1] freed 512-byte region [ffff88807b49dc00, ffff88807b49de00) [ 327.532957][ C1] [ 327.535277][ C1] The buggy address belongs to the physical page: [ 327.541659][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807b49dc00 pfn:0x7b49c [ 327.551699][ C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 327.560174][ C1] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 327.568649][ C1] page_type: f5(slab) [ 327.572604][ C1] raw: 00fff00000000240 ffff88801b841c80 ffffea0001530510 ffffea0000a59a10 [ 327.581187][ C1] raw: ffff88807b49dc00 000000000010000c 00000000f5000000 0000000000000000 [ 327.589743][ C1] head: 00fff00000000240 ffff88801b841c80 ffffea0001530510 ffffea0000a59a10 [ 327.598389][ C1] head: ffff88807b49dc00 000000000010000c 00000000f5000000 0000000000000000 [ 327.607047][ C1] head: 00fff00000000002 ffffea0001ed2701 00000000ffffffff 00000000ffffffff [ 327.615704][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 327.624359][ C1] page dumped because: kasan: bad access detected [ 327.630749][ C1] page_owner tracks the page as allocated [ 327.636435][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5152, tgid 5152 (mount), ts 17348193785, free_ts 17346603698 [ 327.656412][ C1] post_alloc_hook+0x1c0/0x230 [ 327.661159][ C1] get_page_from_freelist+0x1321/0x3890 [ 327.666683][ C1] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 327.672553][ C1] alloc_pages_mpol+0x1fb/0x550 [ 327.677384][ C1] new_slab+0x23b/0x330 [ 327.681522][ C1] ___slab_alloc+0xd9c/0x1940 [ 327.686196][ C1] __slab_alloc.constprop.0+0x56/0xb0 [ 327.691556][ C1] __kmalloc_noprof+0x2f2/0x510 [ 327.696388][ C1] tomoyo_init_log+0x1385/0x2140 [ 327.701314][ C1] tomoyo_supervisor+0x302/0x13b0 [ 327.706329][ C1] tomoyo_mount_acl+0x50c/0x850 [ 327.711156][ C1] tomoyo_mount_permission+0x16d/0x420 [ 327.716593][ C1] security_sb_mount+0x9b/0x260 [ 327.721422][ C1] path_mount+0x128/0x2020 [ 327.725817][ C1] __x64_sys_mount+0x28d/0x310 [ 327.730560][ C1] do_syscall_64+0xcd/0x4c0 [ 327.735043][ C1] page last free pid 5152 tgid 5152 stack trace: [ 327.741352][ C1] __free_frozen_pages+0x7fe/0x1180 [ 327.746531][ C1] stack_depot_save_flags+0x354/0xa40 [ 327.751886][ C1] kasan_save_stack+0x42/0x60 [ 327.756551][ C1] kasan_save_track+0x14/0x30 [ 327.761389][ C1] __kasan_kmalloc+0xaa/0xb0 [ 327.765969][ C1] shrinker_alloc+0xf5/0xbf0 [ 327.770544][ C1] alloc_super+0x7c8/0xbd0 [ 327.774950][ C1] sget_fc+0x116/0xc20 [ 327.778999][ C1] get_tree_keyed+0x59/0x1d0 [ 327.783581][ C1] vfs_get_tree+0x8e/0x340 [ 327.787975][ C1] path_mount+0x1414/0x2020 [ 327.792462][ C1] __x64_sys_mount+0x28d/0x310 [ 327.797209][ C1] do_syscall_64+0xcd/0x4c0 [ 327.801692][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.807560][ C1] [ 327.809857][ C1] Memory state around the buggy address: [ 327.815459][ C1] ffff88807b49db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 327.823497][ C1] ffff88807b49db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 327.831533][ C1] >ffff88807b49dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 327.839568][ C1] ^ [ 327.844909][ C1] ffff88807b49dc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 327.852957][ C1] ffff88807b49dd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 327.861009][ C1] ================================================================== [ 327.869094][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 327.876264][ C1] CPU: 1 UID: 0 PID: 9300 Comm: syz.0.975 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 327.888123][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 327.898155][ C1] Call Trace: [ 327.901411][ C1] [ 327.904232][ C1] dump_stack_lvl+0x3d/0x1f0 [ 327.908816][ C1] panic+0x71c/0x800 [ 327.912689][ C1] ? __pfx_panic+0x10/0x10 [ 327.917080][ C1] ? mark_held_locks+0x49/0x80 [ 327.921823][ C1] ? rose_timer_expiry+0x45a/0x4d0 [ 327.926914][ C1] ? check_panic_on_warn+0x1f/0xb0 [ 327.932003][ C1] ? rose_timer_expiry+0x45a/0x4d0 [ 327.937087][ C1] check_panic_on_warn+0xab/0xb0 [ 327.942009][ C1] end_report+0x107/0x170 [ 327.946315][ C1] kasan_report+0xee/0x110 [ 327.950705][ C1] ? rose_timer_expiry+0x45a/0x4d0 [ 327.955813][ C1] rose_timer_expiry+0x45a/0x4d0 [ 327.960764][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 327.966230][ C1] call_timer_fn+0x197/0x620 [ 327.970816][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 327.975919][ C1] ? rcu_is_watching+0x12/0xc0 [ 327.980672][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 327.986118][ C1] __run_timers+0x6ef/0x960 [ 327.990613][ C1] ? __pfx___run_timers+0x10/0x10 [ 327.995629][ C1] run_timer_base+0x114/0x190 [ 328.000292][ C1] ? __pfx_run_timer_base+0x10/0x10 [ 328.005477][ C1] ? rcu_is_watching+0x12/0xc0 [ 328.010230][ C1] run_timer_softirq+0x1a/0x40 [ 328.015000][ C1] handle_softirqs+0x219/0x8e0 [ 328.019750][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 328.025023][ C1] __irq_exit_rcu+0x109/0x170 [ 328.029687][ C1] irq_exit_rcu+0x9/0x30 [ 328.033914][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 328.039537][ C1] [ 328.042456][ C1] [ 328.045370][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 328.051335][ C1] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 [ 328.057135][ C1] Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 aa f0 14 f6 48 89 df e8 92 44 15 f6 e8 cd 6b 40 f6 fb bf 01 00 00 00 d2 64 05 f6 65 8b 05 9b 5a 49 08 85 c0 74 06 5b e9 41 4d 00 00 [ 328.076728][ C1] RSP: 0018:ffffc9000c287cd8 EFLAGS: 00000202 [ 328.082778][ C1] RAX: 000000000016e115 RBX: ffff888027e80940 RCX: ffffffff81c3f04f [ 328.090774][ C1] RDX: 0000000000000000 RSI: ffffffff8de1a6a6 RDI: 0000000000000001 [ 328.098726][ C1] RBP: ffff888027e80d40 R08: 0000000000000001 R09: 0000000000000001 [ 328.106679][ C1] R10: ffffffff90a81857 R11: 0000000000000001 R12: 0000000000000000 [ 328.114633][ C1] R13: 0000000000000021 R14: 0000000000000400 R15: ffff888027e80940 [ 328.122592][ C1] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 328.128565][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 328.133751][ C1] get_signal+0x1e6c/0x26d0 [ 328.138251][ C1] ? __pfx_get_signal+0x10/0x10 [ 328.143094][ C1] arch_do_signal_or_restart+0x8f/0x7d0 [ 328.148632][ C1] ? __pfx_restore_altstack+0x10/0x10 [ 328.153990][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 328.160126][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 328.165314][ C1] ? __do_sys_rt_sigreturn+0x16b/0x230 [ 328.170761][ C1] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 328.176555][ C1] exit_to_user_mode_loop+0x84/0x110 [ 328.181823][ C1] do_syscall_64+0x3f6/0x4c0 [ 328.186404][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.192292][ C1] RIP: 0033:0x7f239078e927 [ 328.196691][ C1] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 328.216281][ C1] RSP: 002b:00007f23916d80e8 EFLAGS: 00000246 [ 328.222331][ C1] RAX: 00000000000000ca RBX: 00007f23909b5fa8 RCX: 00007f239078e929 [ 328.230292][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f23909b5fa8 [ 328.238251][ C1] RBP: 00007f23909b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 328.246204][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f23909b5fac [ 328.254159][ C1] R13: 0000000000000000 R14: 00007ffd6ee5f6a0 R15: 00007ffd6ee5f788 [ 328.262118][ C1] [ 328.265458][ C1] Kernel Offset: disabled [ 328.269757][ C1] Rebooting in 86400 seconds..