last executing test programs: 3m33.929782979s ago: executing program 2 (id=1337): socket$kcm(0xa, 0x2, 0x0) socket(0x2, 0x80805, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)={0x34, 0x0, 0x1, 0x70bd26, 0x25dfdbfe, {0x5}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x6}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaaa}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0xb}]}, 0x34}, 0x1, 0x0, 0x0, 0x20006911}, 0x0) socket$packet(0x11, 0x2, 0x300) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$tun(r0, &(0x7f0000000400)={@val={0x0, 0x86dd}, @val={0x0, 0x1, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "0200be", 0x4c, 0x2f, 0xff, @local, @mcast2, {[@routing={0x1d, 0x0, 0x1, 0x7}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x2, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x3, 0x5}, 0x1, {0x88a8}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0x9, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x82) 3m33.413983856s ago: executing program 2 (id=1338): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001ac1414aa00000000000000000000000000000000000000000a0000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000feffffffff7f400002000004000000080000000000000000010000000000000044000500ac1414aa000000000000000000000000000000003c00000002000000ac1414aa0000000000000000000000000600000005"], 0xfc}}, 0x0) r1 = socket(0xa, 0x2, 0x0) sendmsg$inet_sctp(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0xff, @loopback, 0x9}, 0x1c, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x4855}, 0x24000052) 3m33.372116847s ago: executing program 2 (id=1339): setitimer(0x2, &(0x7f0000000000)={{0x0, 0x2710}, {0x0, 0xea60}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x101800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fb, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3m33.242455327s ago: executing program 2 (id=1340): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x51) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x800) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20000, 0x0) open_tree(r0, &(0x7f0000000640)='\x00', 0x89901) 3m33.208774957s ago: executing program 2 (id=1341): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd2(0xffffffff, 0x80800) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2, 0x4, 0x2, r2}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2, 0x8, 0x0, r2}) 3m32.914024249s ago: executing program 2 (id=1344): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket$kcm(0x11, 0x3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000880)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000840)='\'', 0x28}], 0x1}, 0x4) r8 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x300, r9, 0x3e}, 0x80, &(0x7f0000002080)=[{&(0x7f0000000180)="27030200", 0x4}], 0x1}, 0x0) 3m32.826434506s ago: executing program 32 (id=1344): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket$kcm(0x11, 0x3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000880)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r7, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000840)='\'', 0x28}], 0x1}, 0x4) r8 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x300, r9, 0x3e}, 0x80, &(0x7f0000002080)=[{&(0x7f0000000180)="27030200", 0x4}], 0x1}, 0x0) 1m14.953407775s ago: executing program 4 (id=2072): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a310000000070000000060a010400000000000000000100000008000b400000000048000480440001800b000100657874686472000034000280080001400000000c080003400000000008000440000000220500020007000000080006400000000308000540000000000900010073797a300000000020000000030a010300000000000000000a0000020900030073797a300000000044010000080a01080000000000000000010000073a00074032e97608c07b8f34d704cc507d07a8d4c429672a9b6841e516ce194f03354b3c46a930469ce36ee8391a02352a70d543c633dc17a9d300007900074012119f33dbd27dbba871f33b8206fc0a59dac6df96baf86f3deffa20b8a2b13fa2fbc917a33ad4b9dc903553ff1e7533cd9d1e3f6a3248b10a63552977fab38d9ad7409cbd223b094a0bb6f0884c8839890d122f9b9963668c97749b2304852a8d461ccc39dc307f41ac41688a4f2d64a916dc532d00000008000a40000000000900010073797a30000000000900020073797a31000000002c00058008000140000086dd080001"], 0x248}}, 0x0) 1m14.649883925s ago: executing program 4 (id=2075): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000010000100000000000000"], 0xd8}, 0x1, 0x0, 0x0, 0x2004c011}, 0x90) 1m13.067155361s ago: executing program 4 (id=2077): socket$inet6_mptcp(0xa, 0x1, 0x106) socket$alg(0x26, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) r1 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r0, &(0x7f00000003c0), &(0x7f0000000080)=@udp=r1, 0x1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r2, r4, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x6e, &(0x7f0000000940)={@broadcast, @broadcast, @val={@val={0x88a8, 0x3, 0x1, 0x4}, {0x8100, 0x4, 0x1, 0x3}}, {@mpls_uc={0x8847, {[], @ipv6=@icmpv6={0xc, 0x6, 'o/+', 0x30, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1={0xfc, 0x1, '\x00', 0x1}, {[], @time_exceed={0x3, 0x1, 0x0, 0xfe, '\x00', {0x6, 0x6, "fe07ab", 0x4, 0x2e, 0x0, @empty, @private1}}}}}}}}, 0x0) 1m10.549553268s ago: executing program 4 (id=2082): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000) 1m10.443980385s ago: executing program 4 (id=2084): capset(&(0x7f0000000040)={0x20071026}, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x202, 0x0) fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = dup2(r1, r0) read$FUSE(r2, &(0x7f0000001a40)={0x2020}, 0x2020) 1m10.136284256s ago: executing program 4 (id=2086): mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() mknod$loop(0x0, 0x2000, 0x1) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r3, &(0x7f0000000940), &(0x7f0000000900)=@buf="91d8e49c7f3a373a9d0c4755c49ac639b665d084fee47c0f643edd681519ae6932ffea2c16bea5f21603adfa37a0de1c9d8c1fe844bda5e50f120f9cf1e5e0539998e2600f51f11c96b474927aa1e3f70559faefb3d6a6649b"}, 0x20) shutdown(0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r4 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$set_timeout(0xf, r4, 0x2) clock_adjtime(0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x2, 0xc, 0x0, 0x0, 0xfffffffffffffff8, 0x0, 0xfffffffffffffffe, 0x100, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4, 0x0, 0x1000, 0x3, 0x0, 0x100001, 0x0, 0x7, 0x80000000000}) 54.002421837s ago: executing program 33 (id=2086): mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() mknod$loop(0x0, 0x2000, 0x1) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r3, &(0x7f0000000940), &(0x7f0000000900)=@buf="91d8e49c7f3a373a9d0c4755c49ac639b665d084fee47c0f643edd681519ae6932ffea2c16bea5f21603adfa37a0de1c9d8c1fe844bda5e50f120f9cf1e5e0539998e2600f51f11c96b474927aa1e3f70559faefb3d6a6649b"}, 0x20) shutdown(0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r4 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$set_timeout(0xf, r4, 0x2) clock_adjtime(0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x2, 0xc, 0x0, 0x0, 0xfffffffffffffff8, 0x0, 0xfffffffffffffffe, 0x100, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4, 0x0, 0x1000, 0x3, 0x0, 0x100001, 0x0, 0x7, 0x80000000000}) 10.380270917s ago: executing program 3 (id=2319): sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x801) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x2, 0x69100f4f, 0xd, 0xe000, 0x10, 0x2, 0x0, 0x0, 0x80, 0x5}}, 0x50) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 9.599911302s ago: executing program 0 (id=2324): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) write$tun(r1, &(0x7f0000000200)={@void, @void, @mpls={[], @ipv6=@tipc_packet={0x3, 0x6, 'Z\vB', 0xd4, 0x6, 0x0, @empty, @mcast1, {[@srh={0x87, 0x6, 0x4, 0x3, 0x2, 0x10, 0x2, [@mcast2, @private0, @empty]}, @dstopts={0x33, 0x1, '\x00', [@ra={0x5, 0x2, 0xf055}, @jumbo={0xc2, 0x4, 0xeac}]}, @routing={0x33, 0xa, 0x0, 0xd, 0x0, [@private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @broadcast}, @private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01']}], @payload_mcast={{{{{{0x2c, 0x0, 0x1, 0x0, 0x0, 0xb, 0x0, 0x2, 0x5, 0x0, 0x57082eceb02ffff2, 0x4, 0x1, 0x1, 0x8, 0x4, 0xa, 0x4e22, 0x4e24}, 0x0, 0x4}, 0x1, 0x4}, 0x1}}}}}}}, 0xfc) 9.10690514s ago: executing program 3 (id=2327): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff0800090000000000080011000000000008000e00800000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x40054) 9.063074422s ago: executing program 0 (id=2328): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioprio_set$pid(0x2, 0x0, 0x4000) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r3, &(0x7f00000021c0), 0x5b, 0x40, 0x0) 8.956563718s ago: executing program 5 (id=2330): r0 = getpgid(0x0) r1 = syz_pidfd_open(r0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r1, 0xff05, 0x0) 8.859569998s ago: executing program 3 (id=2331): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000740)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6047, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xff, 0x50, 0x9, "", [{{0x9, 0x4, 0x0, 0xd, 0x2, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0x1, 0x5, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0xe0, 0x60}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000980)={0x24, 0x0, 0x0, &(0x7f0000000780), 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 8.776133685s ago: executing program 5 (id=2333): sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="180000", @ANYBLOB="a787000000ff"], 0x18}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x22}}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_SET_INTERFACE(r1, 0x0, 0x1) sendmmsg$inet6(r1, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="cd", 0x1}], 0x1}}], 0x4000000000000ec, 0x8001) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/152, 0x98, 0x1, 0x0}, &(0x7f0000000180)=0x40) 8.592554887s ago: executing program 5 (id=2335): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40000000000029a, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) r4 = dup(r3) r5 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0xa, 0x30, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x3, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x4, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x3c}, 0x2, @in=@empty, 0x3504, 0x4, 0x3, 0x0, 0x0, 0xfffffffe, 0x20000}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ftruncate(r5, 0x200004) sendfile(r4, r5, 0x0, 0x80001d00c0d1) 7.807845738s ago: executing program 1 (id=2336): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4, 0x0, 0x81, 0xb, "0062ba7d82070000000000efffffffff086304"}) bpf$PROG_BIND_MAP(0x23, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000)={0x1}) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), r4) sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="5dc58b1a44d6bf1a0bbacef1e01c0fb6041579e5dee68446207fa6ecb27685098b8c647ca6e5b12efec1ef9619f81a2fbc6c1de00202333eb1f8b1042bd98f5ac280091d7ec9f7537d151d91a9ea51dabf524ae7fa0e05e916f83de39f47cee5c948b15eba2b9fe649ce3abade12e2a082a4dcd04b0885bb34ae313f8ef2cc405fae6ff20f62a28625cbb7f19b0d1297988c56ba3ce9564cbf5c3b0a16ae797a9cf36a8e4863a68978d19496c8a9f8875e3c2cf02438f7648082fd4b793963abb6506aa5381c77a57b2f026b0112ee05a225677e8e70ffbdf7ba8dec54d0397583d280847c9a03de2e65ffa2050af07cdc095fd8777582fd5a12e5fe14f734e9052abf27623e711633060821720b35094414b0866bf8fbff9bea509fdf58a3a4b549d60c1e1284d177324b068dc7618def4cb3544eeaa4dbf618b92a8dd1f62c67817b5c8ff17bb79b", @ANYRES16=r5, @ANYBLOB="01002dbd7000ffdbdf25070000000800010001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40000) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x3c, r5, 0x200, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_PID={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, r0}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_NETNS_FD={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008080}, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)=""/67, 0x43) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) timer_create(0x3, 0x0, &(0x7f0000000100)) 7.549214809s ago: executing program 6 (id=2337): sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x801) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x2, 0x69100f4f, 0xd, 0xe000, 0x10, 0x2, 0x0, 0x0, 0x80, 0x5}}, 0x50) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 7.287203327s ago: executing program 5 (id=2338): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = dup(0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) read(r4, &(0x7f0000000040)=""/138, 0x8a) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x28000080) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x10000007, 0xfffc, 0xe655, 0x2, 0x85, 0x8, 0xff}, 0x9c) 5.569288441s ago: executing program 1 (id=2339): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc}) socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r4, 0x6, 0x9, 0x0, &(0x7f0000002000)) syz_open_dev$evdev(0x0, 0x1, 0x80) setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000280)="5a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f0000000080), 0x1) dup(0xffffffffffffffff) 5.307720629s ago: executing program 3 (id=2340): r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e04, 0x3, @dev={0xfe, 0x80, '\x00', 0x25}, 0x23}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x64}, 0x10}, 0x1c, 0x0}}], 0x40000000000024e, 0x20002040) sendto$inet6(r0, 0x0, 0x0, 0x8000, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f00000016c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4084) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) futex(0x0, 0x87, 0xffffffff, 0x0, 0x0, 0x1) 4.868855544s ago: executing program 6 (id=2341): getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000040)={{{@in6=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}}}, &(0x7f0000000240)=0xe8) setuid(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000680)='fdinfo\x00') sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getdents(r1, 0x0, 0x0) 4.548206706s ago: executing program 1 (id=2342): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, 0x0, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x10}]}}}]}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x8044) r4 = accept(r1, 0x0, 0x0) connect$unix(r4, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) 4.199973046s ago: executing program 5 (id=2343): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x9f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 4.155361259s ago: executing program 0 (id=2344): r0 = memfd_secret(0x80000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r0, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000340)={0x0, 0x31c000, 0x800, 0x9}, 0x20) 4.05971008s ago: executing program 0 (id=2345): sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="180000", @ANYBLOB="a787000000ff"], 0x18}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x22}}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x1) sendmmsg$inet6(r1, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="cd", 0x1}], 0x1}}], 0x4000000000000ec, 0x8001) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/152, 0x98, 0x1, 0x0}, &(0x7f0000000180)=0x40) 4.019176998s ago: executing program 3 (id=2346): openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) ioctl$BTRFS_IOC_SYNC(r3, 0x9408, 0x0) r5 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSTI(r5, 0x5412, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x3f}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x4000}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x800000}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff1f}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x2}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {0x4, 0x0, 0x6}, {0x18, 0x2, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.371011478s ago: executing program 1 (id=2347): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) bind$unix(r3, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r3, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=0x0) timer_settime(r5, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) accept(r3, 0x0, 0x0) 3.319672864s ago: executing program 6 (id=2348): memfd_create(&(0x7f0000000000)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x8dy\xf3\xb2\xe6b \x00\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\xfe\xe6\xd2SLR\xa1\x00\x00\x17\x1f$^\xe1\x00\x00\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\xfd\xc7\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x16\x8e-k\x12\xdf\xb9\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba$v\x8e\x9e\xef\xbc\x86f)\x01\xba\xdb\x9em\xe9\"\x03\x933P\x9b\xcc\x9b\f\xa7\x8f9\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe2\x89\xf6L\x1b1\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\r\xd5)\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I\xfa\x12\xfc\x96\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4\x83Mav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW\x00'/679, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020}, 0x2020) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x4e20, 0xeb, @remote, 0x4}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000580), 0x3) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x304}, "080200", "8a36c47a9c625dfaf08ace81c500", '\x00', "362d3017f069109d"}, 0x28) r4 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000400)={0xf0f071, 0x2}) 2.74097875s ago: executing program 0 (id=2349): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000340)=ANY=[@ANYBLOB="6c000000000801020000000000000000050000090900010073797a31000000000900010073797a3100000000060002408808000005000300840000000900010073797a3100000000240004800800"], 0x6c}, 0x1, 0x0, 0x0, 0x4080}, 0x20000000) 2.738552615s ago: executing program 5 (id=2350): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000740)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6047, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xff, 0x50, 0x9, "", [{{0x9, 0x4, 0x0, 0xd, 0x2, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0x1, 0x5, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0xe0, 0x60}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000980)={0x24, 0x0, 0x0, &(0x7f0000000780), 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 1.823843162s ago: executing program 1 (id=2351): sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x801) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x2, 0x69100f4f, 0xd, 0xe000, 0x10, 0x2, 0x0, 0x0, 0x80, 0x5}}, 0x50) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.661913734s ago: executing program 6 (id=2352): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc}) socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r4, 0x6, 0x9, 0x0, &(0x7f0000002000)) syz_open_dev$evdev(0x0, 0x1, 0x80) setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000280)="5a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f0000000080), 0x1) dup(0xffffffffffffffff) 1.182719654s ago: executing program 3 (id=2353): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = dup(0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) read(r4, &(0x7f0000000040)=""/138, 0x8a) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x28000080) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x10000007, 0xfffc, 0xe655, 0x2, 0x85, 0x8, 0xff}, 0x9c) 1.175684369s ago: executing program 0 (id=2354): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioprio_set$pid(0x2, 0x0, 0x4000) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r3, &(0x7f00000021c0), 0x5b, 0x40, 0x0) 313.004753ms ago: executing program 6 (id=2355): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmmsg$inet(r2, &(0x7f00000012c0)=[{{0x0, 0x0, &(0x7f0000001140)}}], 0x1, 0x20000810) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000640)={0x0, 0x23ad697ddad057f0}) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002) 54.102571ms ago: executing program 1 (id=2356): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x7, 0x7ff}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) clock_adjtime(0x0, &(0x7f0000000340)={0x37db, 0x80000000002f423f, 0xfffffffffffffffc, 0x6, 0x0, 0x5, 0x8, 0x4, 0x80000000, 0x80000, 0x2, 0x1, 0x100, 0xfffffffffffffffc, 0x0, 0x2000000000000, 0x3, 0x3, 0x1, 0x4000000000200, 0x0, 0x0, 0x816, 0x80000001, 0x37, 0x6}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_rdma(0x10, 0x3, 0x14) unshare(0x6020400) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) lseek(r3, 0x851, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x32ab60b1caec533c, 0xffffffffffffffff, 0x3000) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000380)) 0s ago: executing program 6 (id=2357): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, 0x0, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x10}]}}}]}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x8044) r4 = accept(r1, 0x0, 0x0) connect$unix(r4, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) kernel console output (not intermixed with test programs): process `syz.4.1222'. [ 200.162490][ T9443] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1224'. [ 200.254185][ T9454] xt_NFQUEUE: number of total queues is 0 [ 200.489246][ T9463] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1232'. [ 200.517327][ T9463] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1232'. [ 200.544024][ T9469] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1233'. [ 200.589403][ T9471] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1234'. [ 200.732279][ T9475] syzkaller0: entered promiscuous mode [ 200.861094][ T9481] xt_NFQUEUE: number of total queues is 0 [ 201.425904][ T9] hid_parser_main: 1 callbacks suppressed [ 201.425922][ T9] hid-generic 0006:0004:0009.0009: unknown main item tag 0x0 [ 201.441025][ T9524] xt_NFQUEUE: number of total queues is 0 [ 201.460100][ T9] hid-generic 0006:0004:0009.0009: unknown main item tag 0x0 [ 201.477075][ T9] hid-generic 0006:0004:0009.0009: unknown main item tag 0x0 [ 201.489485][ T9] hid-generic 0006:0004:0009.0009: unknown main item tag 0x0 [ 201.509081][ T9] hid-generic 0006:0004:0009.0009: unknown main item tag 0x0 [ 201.535638][ T9] hid-generic 0006:0004:0009.0009: unknown main item tag 0x0 [ 201.556944][ T9] hid-generic 0006:0004:0009.0009: unknown main item tag 0x0 [ 201.565592][ T9] hid-generic 0006:0004:0009.0009: unknown main item tag 0x0 [ 201.588450][ T9] hid-generic 0006:0004:0009.0009: unknown main item tag 0x0 [ 201.605432][ T9] hid-generic 0006:0004:0009.0009: unknown main item tag 0x0 [ 201.609346][ T9531] syzkaller0: entered promiscuous mode [ 201.645810][ T9] hid-generic 0006:0004:0009.0009: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0 [ 201.742824][ T9535] fido_id[9535]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 201.974726][ T29] audit: type=1400 audit(1777334072.298:308): avc: denied { mounton } for pid=9545 comm="syz.0.1259" path="/proc/646/task" dev="proc" ino=25822 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 202.008828][ T9549] __nla_validate_parse: 4 callbacks suppressed [ 202.008844][ T9549] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1257'. [ 202.081010][ T29] audit: type=1400 audit(1777334072.410:309): avc: denied { associate } for pid=9555 comm="syz.0.1259" name="core" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 202.364714][ T9568] xt_NFQUEUE: number of total queues is 0 [ 202.435857][ T29] audit: type=1400 audit(1777334072.738:310): avc: denied { read } for pid=9570 comm="syz.3.1267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 202.492673][ T29] audit: type=1400 audit(1777334072.794:311): avc: denied { write } for pid=9570 comm="syz.3.1267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 202.543844][ T29] audit: type=1400 audit(1777334072.841:312): avc: denied { bind } for pid=9570 comm="syz.3.1267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 202.656375][ T5822] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 202.890248][ T29] audit: type=1400 audit(1777334073.159:313): avc: denied { create } for pid=9587 comm="syz.0.1273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 202.961857][ T5822] usb 5-1: device descriptor read/64, error -71 [ 203.222882][ T5822] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 203.477310][ T5822] usb 5-1: device descriptor read/64, error -71 [ 203.574509][ T9604] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1278'. [ 203.605694][ T5822] usb usb5-port1: attempt power cycle [ 203.633522][ T9607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1279'. [ 203.644029][ T9607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1279'. [ 203.968914][ T5822] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 204.004367][ T5822] usb 5-1: device descriptor read/8, error -71 [ 204.051093][ T9629] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1286'. [ 204.380124][ T5822] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 204.440004][ T5822] usb 5-1: device descriptor read/8, error -71 [ 204.622609][ T5822] usb usb5-port1: unable to enumerate USB device [ 206.515437][ T9652] xt_NFQUEUE: number of total queues is 0 [ 206.739473][ T9597] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 207.007989][ T29] audit: type=1400 audit(1777334333.000:314): avc: denied { append } for pid=9669 comm="syz.4.1304" name="loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 207.215340][ T9677] netlink: 240 bytes leftover after parsing attributes in process `syz.4.1305'. [ 207.286625][ T9680] xt_NFQUEUE: number of total queues is 0 [ 207.624555][ T9695] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1311'. [ 207.803424][ T9703] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1314'. [ 207.914958][ T5618] Bluetooth: hci4: command 0x0406 tx timeout [ 207.916307][ T9707] IPv4: Oversized IP packet from 127.202.26.0 [ 208.081523][ T9714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1319'. [ 208.091574][ T9714] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1319'. [ 208.125077][ T9716] xt_NFQUEUE: number of total queues is 0 [ 208.271478][ T9726] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1325'. [ 208.348264][ T9730] process 'syz.0.1326' launched './file0' with NULL argv: empty string added [ 208.357274][ T29] audit: type=1400 audit(1777334334.272:315): avc: denied { execute } for pid=9728 comm="syz.0.1326" name="file0" dev="tmpfs" ino=1330 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 208.403441][ T29] audit: type=1400 audit(1777334334.310:316): avc: denied { execute_no_trans } for pid=9728 comm="syz.0.1326" path="/260/file0" dev="tmpfs" ino=1330 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 209.054387][ T9744] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1332'. [ 209.063567][ T9744] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1332'. [ 209.138423][ T9746] xt_NFQUEUE: number of total queues is 0 [ 209.206528][ T29] audit: type=1400 audit(1777334335.077:317): avc: denied { read write } for pid=9747 comm="syz.0.1334" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 209.234737][ T29] audit: type=1400 audit(1777334335.077:318): avc: denied { open } for pid=9747 comm="syz.0.1334" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 209.985744][ T9758] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1338'. [ 210.111224][ T29] audit: type=1400 audit(1777334335.919:319): avc: denied { mount } for pid=9762 comm="syz.2.1340" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 210.136744][ T29] audit: type=1400 audit(1777334335.947:320): avc: denied { mounton } for pid=9762 comm="syz.2.1340" path="/285/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 210.169012][ T29] audit: type=1400 audit(1777334335.976:321): avc: denied { unmount } for pid=5616 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 210.449032][ T9768] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1343'. [ 210.607460][ T5618] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 210.616121][ T5618] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 210.625763][ T5618] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 210.633680][ T5618] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 210.641733][ T5618] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 210.854525][ T9697] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 211.029940][ T9797] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1350'. [ 211.101510][ T9794] syzkaller0: entered promiscuous mode [ 211.344872][ T9774] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.390566][ T9774] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.432234][ T9774] bridge_slave_0: entered allmulticast mode [ 211.460020][ T9774] bridge_slave_0: entered promiscuous mode [ 211.502896][ T9774] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.518270][ T9774] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.545003][ T9774] bridge_slave_1: entered allmulticast mode [ 211.584377][ T9774] bridge_slave_1: entered promiscuous mode [ 212.140289][ T9774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.180303][ T9774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 212.224099][ T9774] team0: Port device team_slave_0 added [ 212.233886][ T9774] team0: Port device team_slave_1 added [ 212.283854][ T9774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 212.294696][ T9774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 212.777129][ T9774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 212.790135][ T9774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 212.797187][ T9774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 212.841186][ T9774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.871494][ T5618] Bluetooth: hci4: command tx timeout [ 212.967778][ T9774] hsr_slave_0: entered promiscuous mode [ 212.984074][ T9774] hsr_slave_1: entered promiscuous mode [ 212.990415][ T9774] debugfs: 'hsr0' already exists in 'hsr' [ 212.996155][ T9774] Cannot create hsr debugfs directory [ 213.136392][ T9827] __nla_validate_parse: 1 callbacks suppressed [ 213.136408][ T9827] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1356'. [ 213.321259][ T9845] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1360'. [ 213.334637][ T9847] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1359'. [ 213.486757][ T9850] syzkaller0: entered promiscuous mode [ 215.094351][ T5618] Bluetooth: hci4: command tx timeout [ 216.414202][ T9838] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 216.424371][ T9860] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1365'. [ 216.425027][ T9774] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 216.502734][ T9774] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 216.529109][ T9774] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 216.541300][ T9774] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 216.549132][ T9774] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 216.557835][ T9774] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 216.573928][ T9774] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 216.600545][ T9774] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 216.687543][ T9884] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1370'. [ 216.886012][ T9880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1368'. [ 216.934073][ T9894] syzkaller0: entered promiscuous mode [ 216.974004][ T9894] syzkaller0: entered allmulticast mode [ 217.315975][ T5618] Bluetooth: hci4: command tx timeout [ 217.402358][ T9774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.058715][ T9774] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.072485][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.079666][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.734857][ T9911] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1377'. [ 218.777922][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.785092][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.850891][ T9774] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 218.861580][ T9774] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 219.230632][ T29] audit: type=1326 audit(1777334600.457:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9927 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb3579cdd9 code=0x7fc00000 [ 219.538367][ T5618] Bluetooth: hci4: command tx timeout [ 219.589593][ T9774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.887561][ T9774] veth0_vlan: entered promiscuous mode [ 219.910921][ T9774] veth1_vlan: entered promiscuous mode [ 219.974851][ T9774] veth0_macvtap: entered promiscuous mode [ 219.996586][ T29] audit: type=1326 audit(1777334601.168:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9927 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7feb35796b57 code=0x7fc00000 [ 220.008983][ T9774] veth1_macvtap: entered promiscuous mode [ 220.038122][ T9774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.050199][ T9774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.072364][ T79] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.089231][ T79] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.102496][ T79] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.112148][ T79] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.165900][ T9954] syzkaller0: entered promiscuous mode [ 220.180712][ T9954] syzkaller0: entered allmulticast mode [ 221.769274][ T9970] exFAT-fs (loop4): unable to read boot sector [ 221.776912][ T9970] exFAT-fs (loop4): failed to read boot sector [ 221.784880][ T9970] exFAT-fs (loop4): failed to recognize exfat type [ 222.007226][ T9913] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 222.113266][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.152322][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.208452][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.227744][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.262848][ T29] audit: type=1400 audit(1777334859.288:324): avc: denied { mounton } for pid=9774 comm="syz-executor" path="/root/syzkaller.SVYSFt/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=28054 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 222.456803][ T9990] netlink: 240 bytes leftover after parsing attributes in process `syz.5.1345'. [ 223.836485][T10014] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1401'. [ 224.059782][T10034] syzkaller0: entered promiscuous mode [ 224.121527][T10035] mmap: syz.5.1406 (10035) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 227.070120][T10018] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 227.079251][T10032] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1408'. [ 227.153387][T10063] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1417'. [ 227.312870][T10073] xt_NFQUEUE: number of total queues is 0 [ 228.644873][T10095] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1429'. [ 228.681922][T10095] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1429'. [ 228.787755][T10108] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1434'. [ 228.838278][T10115] xt_NFQUEUE: number of total queues is 0 [ 228.948520][ T29] audit: type=1400 audit(1777335377.551:325): avc: denied { ioctl } for pid=10117 comm="syz.1.1439" path="socket:[27546]" dev="sockfs" ino=27546 ioctlcmd=0x4581 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 228.980374][T10125] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1438'. [ 229.038968][ T10] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 229.198534][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 229.205233][ T10] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 229.213394][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 229.224530][ T10] usb 4-1: config 0 has no interface number 0 [ 229.232334][ T10] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 229.241446][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.249428][ T10] usb 4-1: Product: syz [ 229.253622][ T10] usb 4-1: Manufacturer: syz [ 229.258199][ T10] usb 4-1: SerialNumber: syz [ 229.264635][ T10] usb 4-1: config 0 descriptor?? [ 229.273354][ T5705] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 229.435159][ T5705] usb 1-1: unable to get BOS descriptor or descriptor too short [ 229.444819][ T5705] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 229.455171][ T5705] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 229.464157][ T5705] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 229.473968][ T5705] usb 1-1: config 1 interface 1 has no altsetting 0 [ 229.482176][ T5705] usb 1-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice= 0.40 [ 229.488152][ T10] uvcvideo 4-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 229.491420][ T5705] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.506530][ T5705] usb 1-1: Product: syz [ 229.507188][ T10] uvcvideo 4-1:0.31: No valid video chain found. [ 229.510718][ T5705] usb 1-1: Manufacturer: syz [ 229.510734][ T5705] usb 1-1: SerialNumber: syz [ 229.705843][ T46] usb 4-1: USB disconnect, device number 5 [ 229.735921][ T5705] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 229.763869][ T5705] snd-usb-audio 1-1:1.1: probe with driver snd-usb-audio failed with error -2 [ 229.775894][ T5705] usb 1-1: USB disconnect, device number 7 [ 229.794708][ T5624] udevd[5624]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 230.402625][ T29] audit: type=1326 audit(1777335378.908:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10134 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f175859cdd9 code=0x7ffc0000 [ 230.429429][ T29] audit: type=1326 audit(1777335378.908:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10134 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f175859cdd9 code=0x7ffc0000 [ 230.453011][ T29] audit: type=1326 audit(1777335378.908:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10134 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f175859cdd9 code=0x7ffc0000 [ 230.476545][ T29] audit: type=1326 audit(1777335378.908:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10134 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f175859cdd9 code=0x7ffc0000 [ 230.500826][ T29] audit: type=1326 audit(1777335378.908:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10134 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f175859cdd9 code=0x7ffc0000 [ 230.524812][ T29] audit: type=1326 audit(1777335378.908:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10134 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f175859cdd9 code=0x7ffc0000 [ 230.550863][ T29] audit: type=1326 audit(1777335378.908:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10134 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f175859cdd9 code=0x7ffc0000 [ 230.574494][ T29] audit: type=1326 audit(1777335378.908:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10134 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f175859cdd9 code=0x7ffc0000 [ 230.598256][ T29] audit: type=1326 audit(1777335378.908:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10134 comm="syz.0.1443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f175859cdd9 code=0x7ffc0000 [ 231.921294][T10098] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 232.161366][T10149] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1450'. [ 232.180631][T10142] xt_NFQUEUE: number of total queues is 0 [ 232.545459][ T5705] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 232.841280][T10185] xt_NFQUEUE: number of total queues is 0 [ 232.854558][ T5705] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 232.864917][ T5705] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 232.873861][ T5705] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 232.916358][ T5705] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 232.938161][ T5705] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.944573][T10196] xt_NFQUEUE: number of total queues is 0 [ 232.952190][ T5705] usb 5-1: Product: syz [ 232.952209][ T5705] usb 5-1: Manufacturer: syz [ 232.952224][ T5705] usb 5-1: SerialNumber: syz [ 232.956904][ T5705] cdc_mbim 5-1:1.0: skipping garbage [ 232.974022][ T5705] usb 5-1: selecting invalid altsetting 1 [ 233.170411][ T5705] cdc_mbim 5-1:1.0: bind() failure [ 233.178381][ T5705] usb 5-1: USB disconnect, device number 8 [ 233.269848][ T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 233.430126][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 233.436989][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 233.447162][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=002f, bcdDevice= 0.40 [ 233.456242][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.464340][ T9] usb 4-1: Product: syz [ 233.468499][ T9] usb 4-1: Manufacturer: syz [ 233.473100][ T9] usb 4-1: SerialNumber: syz [ 233.701987][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 233.711627][ T9] usb 4-1: invalid MIDI in EP 0 [ 233.818165][ T9] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 233.833918][ T9] usb 4-1: USB disconnect, device number 6 [ 233.859084][ T6340] udevd[6340]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 234.508488][T10227] xt_NFQUEUE: number of total queues is 0 [ 234.663660][T10229] xt_NFQUEUE: number of total queues is 0 [ 235.761920][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 235.761936][ T29] audit: type=1400 audit(1777335639.928:337): avc: denied { read } for pid=10237 comm="syz.3.1481" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 235.782815][T10239] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 235.793994][ T29] audit: type=1400 audit(1777335639.928:338): avc: denied { open } for pid=10237 comm="syz.3.1481" path="/287/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 235.810002][T10239] block device autoloading is deprecated and will be removed. [ 235.852402][T10180] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 235.999877][ T29] audit: type=1400 audit(1777335640.152:339): avc: denied { mounton } for pid=10244 comm="syz.0.1485" path="/301/file0" dev="tmpfs" ino=1541 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 236.213132][T10258] syzkaller0: entered promiscuous mode [ 236.218716][T10258] syzkaller0: entered allmulticast mode [ 236.258617][ T29] audit: type=1400 audit(1777335640.386:340): avc: denied { read } for pid=10264 comm="syz.3.1493" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 236.285465][ T29] audit: type=1400 audit(1777335640.386:341): avc: denied { open } for pid=10264 comm="syz.3.1493" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 236.314622][ T29] audit: type=1400 audit(1777335640.396:342): avc: denied { ioctl } for pid=10264 comm="syz.3.1493" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 236.352568][ T29] audit: type=1400 audit(1777335640.470:343): avc: denied { setattr } for pid=10264 comm="syz.3.1493" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 236.458026][ T29] audit: type=1400 audit(1777335640.583:344): avc: denied { write } for pid=10264 comm="syz.3.1493" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 237.122953][ T29] audit: type=1400 audit(1777335641.200:345): avc: denied { append } for pid=10280 comm="syz.4.1497" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 237.724743][T10293] SELinux: failed to load policy [ 238.073225][T10312] xt_hashlimit: size too large, truncated to 1048576 [ 239.882846][T10274] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 239.894196][T10334] netlink: 260 bytes leftover after parsing attributes in process `syz.4.1515'. [ 240.139020][T10370] syzkaller0: entered promiscuous mode [ 240.158558][T10370] syzkaller0: entered allmulticast mode [ 240.698515][T10393] binder: 10387:10393 ioctl c0306201 0 returned -14 [ 240.707360][T10393] binder: 10387:10393 ioctl c0306201 0 returned -14 [ 241.858156][T10402] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1532'. [ 242.063566][T10406] kvm: pic: non byte write [ 243.523498][T10439] Bluetooth: hci5: Frame reassembly failed (-84) [ 243.556075][ T79] Bluetooth: hci5: Frame reassembly failed (-84) [ 243.865147][T10457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1549'. [ 244.093382][T10465] xt_NFQUEUE: number of total queues is 0 [ 244.328411][ T29] audit: type=1400 audit(1777335647.910:346): avc: denied { connect } for pid=10478 comm="syz.4.1561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 244.383383][ T5705] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 244.491090][ T5821] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 244.885924][ T29] audit: type=1400 audit(1777335648.181:347): avc: denied { search } for pid=10472 comm="syz.5.1558" name="/" dev="configfs" ino=97 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 244.909190][ T29] audit: type=1400 audit(1777335648.181:348): avc: denied { search } for pid=10472 comm="syz.5.1558" name="/" dev="configfs" ino=97 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 244.932306][ T5705] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 244.943331][ T5705] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 244.949703][ T29] audit: type=1400 audit(1777335648.181:349): avc: denied { read open } for pid=10472 comm="syz.5.1558" path="/" dev="configfs" ino=97 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 244.954640][ T5705] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 244.985044][ T5705] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 244.993157][ T5705] usb 1-1: SerialNumber: syz [ 244.997881][ T5821] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 245.008033][ T5821] usb 4-1: config 0 has no interfaces? [ 245.015796][ T5821] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 245.026131][ T5821] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.034236][ T5821] usb 4-1: Product: syz [ 245.044053][ T5821] usb 4-1: Manufacturer: syz [ 245.048761][ T5821] usb 4-1: SerialNumber: syz [ 245.056191][ T5821] usb 4-1: config 0 descriptor?? [ 245.369441][T10491] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1564'. [ 245.736773][ T29] audit: type=1326 audit(1777335649.248:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10468 comm="syz.3.1557" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6206d9cdd9 code=0x0 [ 245.772146][ T5618] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 246.390149][T10491] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.417422][T10491] bridge_slave_1 (unregistering): left allmulticast mode [ 246.434323][T10491] bridge_slave_1 (unregistering): left promiscuous mode [ 246.441879][T10491] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.454708][ T5705] usb 1-1: 0:2 : does not exist [ 246.479339][T10501] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 246.480972][ T29] audit: type=1400 audit(1777335649.950:351): avc: denied { append } for pid=10500 comm="syz.4.1567" name="001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 246.486919][T10501] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 246.530417][ T5705] usb 1-1: USB disconnect, device number 8 [ 246.619887][T10505] xt_NFQUEUE: number of total queues is 0 [ 246.632111][ T5624] udevd[5624]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 247.159425][T10533] xt_NFQUEUE: number of total queues is 0 [ 247.414961][ T5610] usb 4-1: USB disconnect, device number 7 [ 249.095961][T10553] binder: 10550:10553 ioctl 40046205 0 returned -22 [ 251.183475][ T5705] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 251.368411][ T5705] usb 1-1: config 1 has an invalid descriptor of length 130, skipping remainder of the config [ 251.379231][ T5705] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 251.390121][ T5705] usb 1-1: too many endpoints for config 1 interface 0 altsetting 9: 219, using maximum allowed: 30 [ 251.407491][ T5705] usb 1-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 219 [ 251.420874][ T5705] usb 1-1: config 1 interface 0 has no altsetting 0 [ 251.429904][ T5705] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 251.440349][ T5705] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.448578][ T5705] usb 1-1: Product: syz [ 251.452809][ T5705] usb 1-1: Manufacturer: syz [ 251.457604][ T5705] usb 1-1: SerialNumber: syz [ 251.736408][ T5610] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 251.897870][ T5610] usb 6-1: Using ep0 maxpacket: 8 [ 251.912439][ T5610] usb 6-1: unable to get BOS descriptor or descriptor too short [ 251.950308][ T5610] usb 6-1: config 1 interface 0 has no altsetting 0 [ 251.958888][ T5610] usb 6-1: New USB device found, idVendor=056a, idProduct=0343, bcdDevice= 0.40 [ 251.968577][ T5610] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.978351][ T5610] usb 6-1: Product: syz [ 251.985647][ T5610] usb 6-1: Manufacturer: syz [ 251.990299][ T5610] usb 6-1: SerialNumber: syz [ 252.209612][T10601] xt_TPROXY: Can be used only with -p tcp or -p udp [ 252.390426][ T5705] usb 1-1: USB disconnect, device number 9 [ 252.978138][T10612] overlayfs: failed to resolve './bus': -2 [ 253.338079][ T5610] usbhid 6-1:1.0: can't add hid device: -71 [ 253.344227][ T5610] usbhid 6-1:1.0: probe with driver usbhid failed with error -71 [ 253.360197][ T5610] usb 6-1: USB disconnect, device number 2 [ 254.547920][ T5705] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 254.718384][ T5705] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 254.728550][ T5705] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.739684][ T5705] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 254.749453][ T5705] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 254.762729][ T5705] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 254.776930][ T5705] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.791412][ T5705] usb 2-1: config 0 descriptor?? [ 255.248976][ T5705] plantronics 0003:047F:FFFF.000A: reserved main item tag 0xd [ 255.279260][ T5705] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 255.496972][ T10] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 255.554914][ T5610] usb 2-1: USB disconnect, device number 5 [ 255.611137][T10629] syzkaller0: entered promiscuous mode [ 255.617767][T10629] syzkaller0: entered allmulticast mode [ 255.694390][ T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 255.721531][ T10] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 255.753805][ T10] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 255.787633][ T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 255.801456][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.809571][ T10] usb 6-1: Product: syz [ 255.820044][ T10] usb 6-1: Manufacturer: syz [ 255.829440][ T10] usb 6-1: SerialNumber: syz [ 256.075294][T10650] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 256.088271][T10650] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 257.325128][T10664] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 257.357368][T10664] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 257.391017][ T10] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 257.397492][ T10] cdc_ncm 6-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 257.405014][ T10] cdc_ncm 6-1:1.0: setting rx_max = 2048 [ 257.746844][ T10] cdc_ncm 6-1:1.0: setting tx_max = 88 [ 257.963031][ T10] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.5-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 257.985557][ T10] usb 6-1: USB disconnect, device number 3 [ 257.999218][ T10] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.5-1, CDC NCM (NO ZLP) [ 258.214422][T10671] syzkaller0: entered promiscuous mode [ 258.284767][T10671] syzkaller0: entered allmulticast mode [ 258.649929][T10693] xt_hashlimit: size too large, truncated to 1048576 [ 259.184036][ T5821] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 259.547936][ T5821] usb 5-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 259.585818][ T5821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.610395][ T5821] usb 5-1: Product: syz [ 259.630538][ T5821] usb 5-1: Manufacturer: syz [ 259.643968][ T5821] usb 5-1: SerialNumber: syz [ 259.661870][ T5821] usb 5-1: config 0 descriptor?? [ 259.677432][ T5821] ums-onetouch 5-1:0.0: USB Mass Storage device detected [ 259.881458][ T5610] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 259.925331][ T10] usb 5-1: USB disconnect, device number 9 [ 260.072089][ T5610] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 260.085077][ T5610] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 260.096887][ T5610] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 260.108342][ T5610] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice= 0.40 [ 260.117433][ T5610] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.126306][ T5610] usb 4-1: Product: syz [ 260.130485][ T5610] usb 4-1: Manufacturer: syz [ 260.135132][ T5610] usb 4-1: SerialNumber: syz [ 260.231694][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 260.373446][ T5610] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -90 [ 260.386857][ T5610] usb 4-1: USB disconnect, device number 8 [ 260.413851][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.414174][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 260.448661][ T9] usb 6-1: unable to get BOS descriptor or descriptor too short [ 260.459062][ T9] usb 6-1: New USB device found, idVendor=17cc, idProduct=1021, bcdDevice= 0.40 [ 260.468241][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.476426][ T9] usb 6-1: Product: syz [ 260.485750][ T9] usb 6-1: Manufacturer: syz [ 260.497269][ T9] usb 6-1: SerialNumber: syz [ 261.233509][ T9] usb 6-1: unable to issue vendor read request (ret = -71) [ 261.241433][ T9] usb 6-1: unable to issue vendor read request (ret = -71) [ 261.249855][ T9] usb 6-1: unable to issue vendor read request (ret = -71) [ 261.258107][ T9] usb 6-1: unable to issue vendor read request (ret = -71) [ 261.280692][ T9] usb 6-1: unable to issue vendor read request (ret = -71) [ 261.299468][ T9] usb 6-1: unable to issue vendor read request (ret = -71) [ 261.313200][ T9] usb 6-1: unable to issue vendor read request (ret = -71) [ 261.328297][ T9] usb 6-1: unable to issue vendor read request (ret = -71) [ 261.456462][T10728] syzkaller0: entered promiscuous mode [ 261.464926][ T9] usb 6-1: USB disconnect, device number 4 [ 261.481838][T10728] syzkaller0: entered allmulticast mode [ 261.531285][ T5624] udevd[5624]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 261.568241][ T29] audit: type=1400 audit(1777335920.076:352): avc: denied { wake_alarm } for pid=10737 comm="syz.4.1640" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 261.941632][ T29] audit: type=1400 audit(1777335920.320:353): avc: denied { setopt } for pid=10743 comm="syz.0.1643" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 262.966548][ T10] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 263.156196][ T10] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 263.177993][ T10] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 263.190985][ T10] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 263.207378][ T10] usb 1-1: config 220 has no interface number 2 [ 263.215341][ T10] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 263.228575][ T10] usb 1-1: config 220 interface 0 has no altsetting 0 [ 263.235367][ T10] usb 1-1: config 220 interface 76 has no altsetting 0 [ 263.242225][ T10] usb 1-1: config 220 interface 1 has no altsetting 0 [ 263.255578][ T10] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 263.264632][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.272700][ T10] usb 1-1: Product: syz [ 263.276898][ T10] usb 1-1: Manufacturer: syz [ 263.281494][ T10] usb 1-1: SerialNumber: syz [ 263.518428][ T10] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 263.526030][ T10] uvcvideo 1-1:220.0: No valid video chain found. [ 263.532596][ T10] usb 1-1: selecting invalid altsetting 0 [ 263.552369][ T10] usb 1-1: selecting invalid altsetting 0 [ 263.558495][ T10] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 263.571727][ T10] usb 1-1: USB disconnect, device number 10 [ 264.324252][ T10] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 264.511039][ T10] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 37, changing to 7 [ 264.525050][ T10] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 116, changing to 7 [ 264.538052][ T10] usb 5-1: New USB device found, idVendor=1235, idProduct=8004, bcdDevice= 0.40 [ 264.547268][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.555339][ T10] usb 5-1: Product: syz [ 264.559773][ T10] usb 5-1: Manufacturer: syz [ 264.564381][ T10] usb 5-1: SerialNumber: syz [ 264.646824][ T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 264.805769][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 264.814659][ T10] usb 5-1: Can't get UAC3 power state for id 10 [ 264.831667][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 264.840506][ T10] usb 5-1: 2:0: failed to get current value for ch 0 (-71) [ 264.860668][ T9] usb 1-1: config 15 has an invalid interface number: 73 but max is 0 [ 264.869103][ T9] usb 1-1: config 15 has no interface number 0 [ 264.875441][ T10] usb 5-1: 2:0: cannot get min/max values for control 2 (id 2) [ 264.887756][ T9] usb 1-1: config 15 interface 73 has no altsetting 0 [ 264.894751][ T10] usb 5-1: Warning! Unlikely small volume range (=1), linear volume or custom curve? [ 264.907440][ T10] usb 5-1: [2] FU [Generic Out Playback Volume] ch = 1, val = 0/1/1 [ 264.925572][ T9] usb 1-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=b1.58 [ 264.943285][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.960455][ T9] usb 1-1: Product: syz [ 264.964875][ T9] usb 1-1: Manufacturer: syz [ 264.975426][ T9] usb 1-1: SerialNumber: syz [ 265.276145][ T10] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 265.319841][ T10] usb 5-1: USB disconnect, device number 10 [ 265.356534][ T9] usb 1-1: USB disconnect, device number 11 [ 265.373786][ T6342] udevd[6342]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 265.439179][ T6375] udevd[6375]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:15.73/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 265.797076][T10810] syzkaller0: entered promiscuous mode [ 265.802759][T10810] syzkaller0: entered allmulticast mode [ 265.823784][T10812] syzkaller0: entered promiscuous mode [ 265.829931][T10812] syzkaller0: entered allmulticast mode [ 265.851591][ T5821] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 266.025119][ T5821] usb 5-1: Using ep0 maxpacket: 8 [ 266.050570][ T5821] usb 5-1: unable to get BOS descriptor or descriptor too short [ 266.068751][ T5821] usb 5-1: config 12 has an invalid interface number: 1 but max is 0 [ 266.077062][ T5821] usb 5-1: config 12 has no interface number 0 [ 266.088033][ T5821] usb 5-1: config 12 interface 1 has no altsetting 0 [ 266.101854][ T5821] usb 5-1: New USB device found, idVendor=1164, idProduct=0602, bcdDevice=47.06 [ 266.115865][ T5821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.128471][ T5821] usb 5-1: Product: syz [ 266.137160][ T5821] usb 5-1: Manufacturer: syz [ 266.146540][ T5821] usb 5-1: SerialNumber: syz [ 266.162574][ T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 266.335032][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 266.341874][ T9] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 266.353193][ T9] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 266.364913][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 266.373974][ T9] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 266.382353][ T9] usb 1-1: Product: syz [ 266.386545][ T9] usb 1-1: Manufacturer: syz [ 266.407055][ T9] hub 1-1:4.0: USB hub found [ 266.409775][ T5821] pvrusb2: Hardware description: Gotview USB 2.0 DVD Deluxe [ 266.423869][ T5821] usb 5-1: selecting invalid altsetting 0 [ 266.439032][ T5821] usb 5-1: USB disconnect, device number 11 [ 266.441082][ T2355] pvrusb2: Invalid write control endpoint [ 266.537775][ T5705] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 266.541592][ T2355] pvrusb2: Invalid write control endpoint [ 266.556291][ T2355] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 266.575166][ T2355] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 266.582868][ T2355] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 266.593680][ T2355] pvrusb2: Device being rendered inoperable [ 266.608964][ T2355] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 266.617277][ T2355] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 266.636485][ T9] hub 1-1:4.0: 2 ports detected [ 266.639265][ T2355] pvrusb2: Attached sub-driver cx25840 [ 266.672762][ T2355] pvrusb2: Attempted to execute control transfer when device not ok [ 266.686303][ T2355] pvrusb2: Attempted to execute control transfer when device not ok [ 266.698732][ T2355] pvrusb2: Attempted to execute control transfer when device not ok [ 266.707666][ T2355] pvrusb2: Attempted to execute control transfer when device not ok [ 266.709395][ T5705] usb 2-1: Using ep0 maxpacket: 32 [ 266.720654][ T2355] pvrusb2: Module ID 4 (tuner) for device Gotview USB 2.0 DVD Deluxe failed to load. Possible missing sub-device kernel module or initialization failure within module. [ 266.723564][ T5705] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 266.749786][ T5705] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 266.760366][ T5705] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 266.768552][ T5705] usb 2-1: Product: syz [ 266.773248][ T5705] usb 2-1: Manufacturer: syz [ 266.777864][ T5705] usb 2-1: SerialNumber: syz [ 266.788052][ T5705] usb 2-1: config 0 descriptor?? [ 266.793849][T10823] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 266.862372][ T2355] TUNER: Unable to find symbol tda829x_probe() [ 266.873157][ T9] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 266.890094][ T9] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 266.928677][ T2355] DVB: Unable to find symbol tda9887_attach() [ 266.938756][ T2355] tuner: 1-0043: Tuner 4 found with type(s) Radio TV. [ 266.941137][ T9] usb 1-1: USB disconnect, device number 12 [ 266.950713][ T2355] pvrusb2: Attached sub-driver tuner [ 266.957280][ T2355] pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the failure of one or more sub-device kernel modules. [ 266.976204][ T2355] pvrusb2: You need to resolve the failing condition before this driver can function. There should be some earlier messages giving more information about the problem. [ 267.171013][ T9] usb 2-1: USB disconnect, device number 6 [ 267.900981][T10841] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1668'. [ 268.358590][T10858] IPv6: syztnl0: Disabled Multicast RS [ 269.095763][T10872] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1677'. [ 269.141077][ T29] audit: type=1400 audit(1777336439.161:354): avc: denied { ioctl } for pid=10866 comm="syz.1.1676" path="socket:[31457]" dev="sockfs" ino=31457 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 269.204659][ T29] audit: type=1400 audit(1777336439.208:355): avc: denied { read write } for pid=10874 comm="syz.4.1678" name="video0" dev="devtmpfs" ino=930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 269.247946][ T29] audit: type=1400 audit(1777336439.208:356): avc: denied { open } for pid=10874 comm="syz.4.1678" path="/dev/video0" dev="devtmpfs" ino=930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 269.301699][ T29] audit: type=1400 audit(1777336439.208:357): avc: denied { ioctl } for pid=10874 comm="syz.4.1678" path="/dev/video0" dev="devtmpfs" ino=930 ioctlcmd=0x5608 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 269.901655][ T29] audit: type=1400 audit(1777336439.826:358): avc: denied { ioctl } for pid=10879 comm="syz.3.1679" path="/312/file0/file0" dev="fuse" ino=64 ioctlcmd=0x921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 269.982206][T10880] md: invalid raid superblock magic on ram0 [ 270.000491][T10880] md: ram0 does not have a valid v0.0 superblock, not importing! [ 270.042663][T10880] md: md_import_device returned -22 [ 270.903414][ T29] audit: type=1400 audit(1777336696.784:359): avc: denied { unmount } for pid=5602 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 270.959952][ T29] audit: type=1400 audit(1777336696.858:360): avc: denied { allowed } for pid=10893 comm="syz.5.1683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 271.025001][T10899] syzkaller0: entered promiscuous mode [ 271.030603][T10899] syzkaller0: entered allmulticast mode [ 271.174155][ T29] audit: type=1400 audit(1777336697.046:361): avc: denied { cmd } for pid=10893 comm="syz.5.1683" path="socket:[32021]" dev="sockfs" ino=32021 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 271.653690][ T29] audit: type=1400 audit(1777336697.102:362): avc: denied { read } for pid=10893 comm="syz.5.1683" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 271.689110][ T29] audit: type=1400 audit(1777336697.102:363): avc: denied { open } for pid=10893 comm="syz.5.1683" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 272.245018][T10917] xt_NFQUEUE: number of total queues is 0 [ 274.588517][T10940] syzkaller0: entered promiscuous mode [ 274.666118][T10940] syzkaller0: entered allmulticast mode [ 274.944681][ T5705] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 275.204135][ T5705] usb 2-1: Using ep0 maxpacket: 32 [ 275.275042][ T5705] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 275.381787][ T5705] usb 2-1: config 0 has no interface number 0 [ 275.455595][ T5705] usb 2-1: config 0 interface 12 has no altsetting 0 [ 275.512738][ T5705] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 275.574957][ T5705] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.616775][ T5705] usb 2-1: Product: syz [ 275.638197][ T5705] usb 2-1: Manufacturer: syz [ 275.665822][ T5705] usb 2-1: SerialNumber: syz [ 275.691252][ T5705] usb 2-1: config 0 descriptor?? [ 275.913206][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 275.913238][ T29] audit: type=1400 audit(1777336701.500:365): avc: denied { setopt } for pid=10953 comm="syz.4.1704" lport=60830 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 276.195637][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 276.231416][ T5705] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 276.263310][ T5705] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 276.271380][ T5705] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 276.280369][ T5705] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 276.295507][ T5705] usb 2-1: USB disconnect, device number 7 [ 276.739914][ T29] audit: type=1400 audit(1777336701.921:366): avc: denied { read } for pid=10957 comm="syz.4.1706" name="sg0" dev="devtmpfs" ino=780 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 276.799430][ T29] audit: type=1400 audit(1777336701.921:367): avc: denied { open } for pid=10957 comm="syz.4.1706" path="/dev/sg0" dev="devtmpfs" ino=780 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 276.832040][ T29] audit: type=1400 audit(1777336701.921:368): avc: denied { ioctl } for pid=10957 comm="syz.4.1706" path="/dev/sg0" dev="devtmpfs" ino=780 ioctlcmd=0x2284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 277.071311][ T29] audit: type=1400 audit(1777336702.576:369): avc: denied { read } for pid=10971 comm="syz.3.1711" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 277.082537][T10972] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size. [ 277.096573][ T29] audit: type=1400 audit(1777336702.576:370): avc: denied { open } for pid=10971 comm="syz.3.1711" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 277.127149][ T29] audit: type=1400 audit(1777336702.576:371): avc: denied { ioctl } for pid=10971 comm="syz.3.1711" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x64b2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 277.174999][T10974] syzkaller0: entered promiscuous mode [ 277.180505][T10974] syzkaller0: entered allmulticast mode [ 277.352324][T10981] netlink: 'syz.1.1715': attribute type 3 has an invalid length. [ 277.515852][T10987] xt_NFQUEUE: number of total queues is 0 [ 278.314363][T11005] syzkaller0: entered promiscuous mode [ 278.316113][ T29] audit: type=1400 audit(1777336703.746:372): avc: denied { write } for pid=11000 comm="syz.0.1723" name="card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 278.319873][T11005] syzkaller0: entered allmulticast mode [ 278.884576][ T29] audit: type=1400 audit(1777336704.279:373): avc: denied { read write } for pid=11021 comm="syz.4.1730" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 278.926870][ T29] audit: type=1400 audit(1777336704.279:374): avc: denied { open } for pid=11021 comm="syz.4.1730" path="/386/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 278.987780][T11030] random: crng reseeded on system resumption [ 281.694368][T11056] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1739'. [ 281.744867][T11058] syzkaller0: entered promiscuous mode [ 281.754149][T11058] syzkaller0: entered allmulticast mode [ 281.763575][T11013] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 282.070358][ T5821] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 282.358831][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 282.358873][ T29] audit: type=1400 audit(1777336707.508:377): avc: denied { bind } for pid=11059 comm="syz.3.1742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 283.196337][ T5821] usb 6-1: Using ep0 maxpacket: 8 [ 283.287964][ T29] audit: type=1400 audit(1777336707.508:378): avc: denied { listen } for pid=11059 comm="syz.3.1742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 283.347286][ T5821] usb 6-1: unable to get BOS descriptor or descriptor too short [ 283.393042][ T5821] usb 6-1: config 12 has an invalid interface number: 188 but max is 0 [ 283.433557][ T29] audit: type=1400 audit(1777336707.517:379): avc: denied { connect } for pid=11059 comm="syz.3.1742" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 283.457326][ T5821] usb 6-1: config 12 has no interface number 0 [ 283.480755][ T5821] usb 6-1: config 12 interface 188 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 8 [ 283.504335][ T5821] usb 6-1: config 12 interface 188 has no altsetting 0 [ 283.519660][ T29] audit: type=1400 audit(1777336708.584:380): avc: denied { create } for pid=11071 comm="syz.0.1746" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 283.562239][ T5821] usb 6-1: New USB device found, idVendor=1164, idProduct=0602, bcdDevice=47.06 [ 283.580265][ T5821] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.596667][ T5821] usb 6-1: Product: syz [ 283.597077][T11079] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1747'. [ 283.611847][ T5821] usb 6-1: Manufacturer: syz [ 283.616722][ T5821] usb 6-1: SerialNumber: syz [ 283.637750][T11055] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 283.757744][T11070] xt_NFQUEUE: number of total queues is 0 [ 283.839017][ T10] IPVS: starting estimator thread 0... [ 283.940426][ T5821] pvrusb2: Hardware description: Gotview USB 2.0 DVD Deluxe [ 283.949989][ T5821] usb 6-1: selecting invalid altsetting 0 [ 283.965692][T11094] IPVS: using max 48 ests per chain, 115200 per kthread [ 283.966706][ T5821] usb 6-1: USB disconnect, device number 5 [ 283.978743][ T2355] pvrusb2: Failed to submit write-control URB status=-19 [ 284.007144][ T2355] pvrusb2: Device being rendered inoperable [ 284.037685][ T2355] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 284.077626][ T2355] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 285.283256][T11127] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1762'. [ 285.351635][ T29] audit: type=1400 audit(1777336710.334:381): avc: denied { ioctl } for pid=11130 comm="syz.5.1766" path="socket:[33156]" dev="sockfs" ino=33156 ioctlcmd=0x7452 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 286.026962][ T29] audit: type=1400 audit(1777336710.877:382): avc: denied { create } for pid=11138 comm="syz.0.1768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 287.065333][ T29] audit: type=1400 audit(1777336710.877:383): avc: denied { write } for pid=11138 comm="syz.0.1768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 287.421502][T11100] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 287.567597][ T29] audit: type=1400 audit(1777336710.989:384): avc: denied { connect } for pid=11138 comm="syz.0.1768" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 287.597749][ T29] audit: type=1400 audit(1777336712.374:385): avc: denied { bind } for pid=11151 comm="syz.0.1771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 287.676993][T11163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1771'. [ 288.801036][T11150] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 289.011871][T11181] netlink: 260 bytes leftover after parsing attributes in process `syz.4.1777'. [ 289.015204][T11176] syzkaller0: entered promiscuous mode [ 289.047616][T11183] xt_NFQUEUE: number of total queues is 0 [ 289.062563][T11176] syzkaller0: entered allmulticast mode [ 289.486783][ T5821] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 289.692373][ T5821] usb 5-1: config 0 has an invalid interface number: 238 but max is 0 [ 289.708164][ T5821] usb 5-1: config 0 has no interface number 0 [ 289.722351][ T5821] usb 5-1: config 0 interface 238 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0 [ 289.740160][ T5821] usb 5-1: config 0 interface 238 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 0 [ 289.786117][ T5821] usb 5-1: config 0 interface 238 altsetting 2 endpoint 0x88 has invalid wMaxPacketSize 0 [ 289.815053][ T5821] usb 5-1: config 0 interface 238 altsetting 2 bulk endpoint 0x88 has invalid maxpacket 0 [ 289.859072][ T5821] usb 5-1: config 0 interface 238 has no altsetting 0 [ 289.882090][ T5821] usb 5-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a [ 289.908924][ T5821] usb 5-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160 [ 289.925683][ T5821] usb 5-1: Product: syz [ 289.961286][ T5821] usb 5-1: Manufacturer: syz [ 290.027038][ T5821] usb 5-1: SerialNumber: syz [ 290.315622][ T5821] usb 5-1: config 0 descriptor?? [ 290.397222][ T5821] ni6501 5-1:0.238: driver 'ni6501' failed to auto-configure device. [ 290.561559][T11203] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1784'. [ 290.624938][ T5821] usb 5-1: USB disconnect, device number 12 [ 291.518778][ T29] audit: type=1400 audit(1777336716.098:386): avc: denied { connect } for pid=11227 comm="syz.4.1790" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 291.750447][T11235] xt_NFQUEUE: number of total queues is 0 [ 291.864430][T11241] syzkaller0: entered promiscuous mode [ 291.869961][T11241] syzkaller0: entered allmulticast mode [ 292.409045][T11195] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 292.419631][T11231] netlink: 260 bytes leftover after parsing attributes in process `syz.4.1791'. [ 292.633231][T11244] syzkaller0: entered promiscuous mode [ 292.648038][T11244] syzkaller0: entered allmulticast mode [ 292.666117][T11246] syzkaller0: entered promiscuous mode [ 292.674226][T11246] syzkaller0: entered allmulticast mode [ 292.833882][ T5610] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 293.026219][ T5610] usb 2-1: Using ep0 maxpacket: 8 [ 293.033444][ T5610] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 15 [ 293.042729][ T5610] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 293.060256][ T5610] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 293.073661][ T5610] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 293.087408][ T5610] usb 2-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8 [ 293.096611][ T5610] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.104632][ T5610] usb 2-1: Product: syz [ 293.108792][ T5610] usb 2-1: Manufacturer: syz [ 293.113455][ T5610] usb 2-1: SerialNumber: syz [ 293.123883][ T5610] usb 2-1: config 0 descriptor?? [ 293.131627][T11250] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 293.365547][ T5610] powermate: Expected payload of 3--6 bytes, found 1024 bytes! [ 293.391816][ T5610] input: Griffin SoundKnob as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input10 [ 293.467199][ T29] audit: type=1400 audit(1777336717.923:387): avc: denied { read } for pid=4962 comm="acpid" name="event4" dev="devtmpfs" ino=2957 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 293.518366][ T29] audit: type=1400 audit(1777336717.923:388): avc: denied { open } for pid=4962 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2957 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 293.548335][ T29] audit: type=1400 audit(1777336717.923:389): avc: denied { ioctl } for pid=4962 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2957 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 293.849473][ C0] powermate: config urb returned -71 [ 293.857393][ C0] powermate: config urb returned -71 [ 293.863005][ C0] powermate: config urb returned -71 [ 293.868692][ T10] usb 2-1: USB disconnect, device number 8 [ 293.874558][ C0] powermate 2-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 295.846948][T11254] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 295.864140][T11289] netlink: 260 bytes leftover after parsing attributes in process `syz.5.1809'. [ 296.137577][T11296] syzkaller0: entered promiscuous mode [ 296.155816][T11296] syzkaller0: entered allmulticast mode [ 296.171792][T11309] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1814'. [ 296.275317][ T29] audit: type=1400 audit(1777336720.562:390): avc: denied { read } for pid=11312 comm="syz.4.1818" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 296.298674][ T803] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 296.467127][ T803] usb 6-1: Using ep0 maxpacket: 32 [ 296.474452][ T803] usb 6-1: unable to get BOS descriptor or descriptor too short [ 296.483572][ T803] usb 6-1: config 0 has no interfaces? [ 296.491908][ T803] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 296.499410][ T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 296.508815][ T803] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.516886][ T803] usb 6-1: Product: syz [ 296.522929][ T803] usb 6-1: Manufacturer: syz [ 296.527558][ T803] usb 6-1: SerialNumber: syz [ 296.535245][ T803] usb 6-1: config 0 descriptor?? [ 296.662788][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 296.689147][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 296.700185][ T10] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 296.709290][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.722520][ T10] usb 1-1: config 0 descriptor?? [ 296.955233][ T10] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 297.109160][T11314] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 297.171317][ T10] usb 1-1: USB disconnect, device number 13 [ 297.483852][ T29] audit: type=1400 audit(1777336721.695:391): avc: denied { write } for pid=11318 comm="syz.3.1820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 297.527292][T11317] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 297.547738][T11317] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 297.576958][T11317] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 297.584791][T11317] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 297.595102][T11317] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 297.604675][T11317] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 297.611352][T11317] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 297.635494][T11317] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 297.641799][T11317] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 297.657433][T11317] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 297.668562][T11300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 297.694959][T11300] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 297.748795][ T5821] usb 6-1: USB disconnect, device number 6 [ 297.794470][T11331] netlink: 260 bytes leftover after parsing attributes in process `syz.4.1823'. [ 299.085340][ T5821] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 299.434156][ T5821] usb 6-1: device descriptor read/all, error -71 [ 299.728515][ T5618] Bluetooth: hci2: command 0x0406 tx timeout [ 299.734910][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 299.812677][ T5618] Bluetooth: hci3: command 0x0406 tx timeout [ 299.819086][ T50] Bluetooth: hci4: command 0x0c1a tx timeout [ 300.425650][T11358] syzkaller0: entered promiscuous mode [ 300.453089][T11358] syzkaller0: entered allmulticast mode [ 300.688527][ T29] audit: type=1400 audit(1777336724.633:392): avc: denied { write } for pid=11345 comm="syz.3.1830" name="file0" dev="tmpfs" ino=1751 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 300.979424][ T29] audit: type=1400 audit(1777336724.633:393): avc: denied { open } for pid=11345 comm="syz.3.1830" path="/342/file0" dev="tmpfs" ino=1751 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 301.127418][ T29] audit: type=1400 audit(1777336724.633:394): avc: denied { getopt } for pid=11345 comm="syz.3.1830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 301.310901][T11380] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1836'. [ 301.671287][ T5821] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 301.724779][ T29] audit: type=1400 audit(1777336725.644:395): avc: denied { read write } for pid=11383 comm="syz.0.1838" name="rdma_cm" dev="devtmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 301.910237][ T29] audit: type=1400 audit(1777336725.644:396): avc: denied { open } for pid=11383 comm="syz.0.1838" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 301.962000][ T5821] usb 6-1: Using ep0 maxpacket: 8 [ 301.988159][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 302.000200][ T50] Bluetooth: hci2: command 0x0406 tx timeout [ 302.037066][ T5821] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 302.048437][ T50] Bluetooth: hci3: command 0x0406 tx timeout [ 302.054596][ T5618] Bluetooth: hci4: command 0x0c1a tx timeout [ 302.130188][ T5821] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 302.194427][ T5821] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.313710][ T5821] usb 6-1: config 0 descriptor?? [ 302.557832][ T5821] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 302.658913][ T5821] usb 6-1: USB disconnect, device number 9 [ 303.809922][T11382] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 303.816693][T11382] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 303.822954][T11382] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 303.828953][T11382] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 303.835305][T11382] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 304.415244][ T9] IPVS: starting estimator thread 0... [ 304.578158][T11425] IPVS: using max 46 ests per chain, 110400 per kthread [ 305.390791][T11431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1851'. [ 305.444277][T11431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1851'. [ 305.635889][ T46] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 305.664246][T11435] syzkaller0: entered promiscuous mode [ 305.683391][T11435] syzkaller0: entered allmulticast mode [ 305.753715][T11420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 305.811315][ T46] usb 6-1: Using ep0 maxpacket: 8 [ 305.847565][ T46] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 305.878406][ T46] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 305.910074][ T46] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.954347][ T46] usb 6-1: config 0 descriptor?? [ 305.968709][ T5618] Bluetooth: hci3: command 0x0406 tx timeout [ 305.968728][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 305.974743][ T5620] Bluetooth: hci2: command 0x0406 tx timeout [ 306.052914][ T5618] Bluetooth: hci4: command 0x0c1a tx timeout [ 306.237546][ T46] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 306.254520][ T46] usb 6-1: USB disconnect, device number 10 [ 306.487190][T11453] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1860'. [ 306.840474][T11469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1862'. [ 306.874636][T11472] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1863'. [ 306.888695][T11472] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1863'. [ 307.938389][ T29] audit: type=1400 audit(1777336731.474:397): avc: denied { watch_reads } for pid=11483 comm="syz.5.1869" path="/84" dev="tmpfs" ino=439 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 308.818940][T11498] netlink: 260 bytes leftover after parsing attributes in process `syz.5.1871'. [ 309.247433][T11507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1875'. [ 309.622069][T11507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1875'. [ 309.657294][ T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 309.920867][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 309.936420][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 309.982863][T11514] syzkaller0: entered promiscuous mode [ 310.021233][ T9] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 310.030363][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.043430][ T9] usb 1-1: config 0 descriptor?? [ 310.128441][T11519] tipc: Enabled bearer , priority 0 [ 310.141319][T11522] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1879'. [ 310.161776][T11516] tipc: Disabling bearer [ 310.211575][T11522] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1879'. [ 310.295152][ T9] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 310.364542][ T9] usb 1-1: USB disconnect, device number 14 [ 312.433043][T11563] tipc: Enabled bearer , priority 0 [ 312.545836][T11556] tipc: Disabling bearer [ 313.197399][T11580] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1897'. [ 313.247506][ T5618] Bluetooth: hci3: unexpected event for opcode 0x58a0 [ 313.283861][T11576] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1897'. [ 314.120462][ T29] audit: type=1400 audit(1777336737.238:398): avc: denied { watch } for pid=11598 comm="syz.0.1905" path="/386/file1" dev="tmpfs" ino=1979 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 314.177536][ T29] audit: type=1400 audit(1777336737.248:399): avc: denied { watch_sb watch_reads } for pid=11598 comm="syz.0.1905" path="/386/file1" dev="tmpfs" ino=1979 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 316.231749][T11624] kvm: kvm [11621]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 316.243899][T11624] kvm: kvm [11621]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 316.278695][T11624] kvm: vcpu 0: requested 14336 ns lapic timer period limited to 200000 ns [ 316.301021][ T46] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 316.470716][T11636] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1919'. [ 316.483152][ T46] usb 5-1: Using ep0 maxpacket: 8 [ 316.498785][ T46] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 316.517327][ T46] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 316.563482][ T46] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 316.579792][ T46] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 316.605126][ T46] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 316.646782][ T46] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 316.683364][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.717150][ T9] usb 6-1: new full-speed USB device number 11 using dummy_hcd [ 316.827168][T11636] nbd: socks must be embedded in a SOCK_ITEM attr [ 317.007501][ T46] usb 5-1: GET_CAPABILITIES returned 0 [ 317.028980][ T46] usbtmc 5-1:16.0: can't read capabilities [ 317.108523][T11641] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1919'. [ 317.150485][T11641] nbd: nbd64 already in use [ 317.267893][ T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 317.336554][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 317.396294][ T46] usb 5-1: USB disconnect, device number 13 [ 318.191894][ T29] audit: type=1400 audit(1777336741.047:400): avc: denied { mount } for pid=11659 comm="syz.1.1924" name="/" dev="autofs" ino=34575 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 318.262351][ T29] audit: type=1400 audit(1777336741.056:401): avc: denied { read } for pid=11659 comm="syz.1.1924" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 318.301919][ T6370] udevd[6370]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 318.348196][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 318.358760][ T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 318.371668][ T9] usb 6-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 318.380737][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.393503][ T29] audit: type=1400 audit(1777336741.056:402): avc: denied { open } for pid=11659 comm="syz.1.1924" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 318.445003][ T29] audit: type=1400 audit(1777336741.056:403): avc: denied { ioctl } for pid=11659 comm="syz.1.1924" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9379 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 318.822619][ T9] usb 6-1: config 0 descriptor?? [ 318.831294][ T29] audit: type=1400 audit(1777336741.636:404): avc: denied { module_request } for pid=11671 comm="syz.4.1930" kmod="netdev-bridge_slave_1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 318.872710][T11675] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1930'. [ 319.115439][T11681] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1930'. [ 319.784329][ T9] usbhid 6-1:0.0: can't add hid device: -71 [ 319.793700][ T9] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 319.803672][ T9] usb 6-1: USB disconnect, device number 11 [ 320.136719][ T5610] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 320.318378][ T5610] usb 5-1: Using ep0 maxpacket: 8 [ 320.327553][ T5610] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 320.348464][ T5610] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 320.371322][ T5610] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 320.400696][ T5610] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 320.410909][ T5610] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 320.424183][ T5610] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 320.433445][ T5610] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.559573][T11710] syz_tun: entered allmulticast mode [ 320.669765][ T5610] usb 5-1: GET_CAPABILITIES returned 0 [ 320.684178][ T5610] usbtmc 5-1:16.0: can't read capabilities [ 321.768804][ T803] usb 5-1: USB disconnect, device number 14 [ 326.071300][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 326.569961][ T803] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 326.867834][ T803] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 326.903793][ T803] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x37, changing to 0x7 [ 326.940392][ T803] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 10 [ 326.969003][ T803] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 326.985881][T11780] syzkaller0: entered promiscuous mode [ 326.998193][ T803] usb 2-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 327.001216][T11780] syzkaller0: entered allmulticast mode [ 327.017171][ T803] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.036082][ T803] usb 2-1: Product: syz [ 327.058473][ T803] usb 2-1: Manufacturer: syz [ 327.069237][ T803] usb 2-1: SerialNumber: syz [ 327.249064][ T803] usb 2-1: config 0 descriptor?? [ 327.774526][ T803] usb 2-1: USB disconnect, device number 9 [ 327.937637][ T5610] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 328.129942][ T5610] usb 6-1: Using ep0 maxpacket: 8 [ 328.139741][ T5610] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 328.161118][ T5610] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 328.183339][ T5610] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 328.196050][ T5610] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 328.209020][ T5610] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 328.223197][ T5610] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 328.234923][ T5610] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.870275][ T5610] usb 6-1: GET_CAPABILITIES returned 0 [ 328.876760][ T5610] usbtmc 6-1:16.0: can't read capabilities [ 329.102787][ T5610] usb 6-1: USB disconnect, device number 12 [ 330.017255][ T803] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 330.417754][ T803] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 330.432314][ T803] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 330.446254][ T803] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.797524][ T803] usb 2-1: config 0 descriptor?? [ 330.808547][ T803] pwc: Askey VC010 type 2 USB webcam detected. [ 331.026619][ T803] pwc: send_video_command error -71 [ 331.032545][ T803] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 331.044609][ T803] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71 [ 331.058235][ T803] usb 2-1: USB disconnect, device number 10 [ 331.378518][ T46] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 331.542686][ T46] usb 4-1: Using ep0 maxpacket: 32 [ 331.556163][ T46] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 331.583198][ T46] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 331.603047][ T803] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 331.611995][ T46] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 331.627205][ T5610] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 331.629714][ T46] usb 4-1: Product: syz [ 331.649291][ T46] usb 4-1: Manufacturer: syz [ 331.660201][ T46] usb 4-1: SerialNumber: syz [ 331.673312][ T46] usb 4-1: config 0 descriptor?? [ 331.683007][T11844] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 331.788027][ T803] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 331.798450][ T803] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 331.807790][ T803] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.818735][ T803] usb 2-1: config 0 descriptor?? [ 331.826478][ T803] pwc: Askey VC010 type 2 USB webcam detected. [ 331.838053][ T5610] usb 6-1: Using ep0 maxpacket: 8 [ 331.854227][ T5610] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 331.864897][ T5610] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 331.875365][ T5610] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 331.885885][ T5610] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 331.897359][ T5610] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 331.911378][ T5610] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 331.921179][ T5610] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.998540][ T46] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 332.170287][ T5610] usb 6-1: GET_CAPABILITIES returned 0 [ 332.178096][ T5610] usbtmc 6-1:16.0: can't read capabilities [ 332.258264][ T803] pwc: recv_control_msg error -32 req 02 val 2b00 [ 332.266312][ T803] pwc: recv_control_msg error -32 req 02 val 2700 [ 332.273481][ T803] pwc: recv_control_msg error -32 req 02 val 2c00 [ 332.280579][ T803] pwc: recv_control_msg error -32 req 04 val 1000 [ 332.499241][ T5610] usb 6-1: USB disconnect, device number 13 [ 332.581953][ T803] pwc: recv_control_msg error -32 req 04 val 1300 [ 332.591020][ T803] pwc: recv_control_msg error -32 req 04 val 1400 [ 332.601587][ T46] usb 1-1: unable to get BOS descriptor or descriptor too short [ 332.610898][ T803] pwc: recv_control_msg error -32 req 02 val 2000 [ 332.618523][ T46] usb 1-1: config 63 has an invalid interface number: 66 but max is 0 [ 332.626890][ T46] usb 1-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config [ 332.637941][ T803] pwc: recv_control_msg error -32 req 02 val 2100 [ 332.644817][ T46] usb 1-1: config 63 has no interface number 0 [ 332.651197][ T46] usb 1-1: config 63 interface 66 has no altsetting 0 [ 332.658453][ T803] pwc: recv_control_msg error -32 req 04 val 1500 [ 332.667858][ T803] pwc: recv_control_msg error -32 req 02 val 2500 [ 332.675572][ T46] usb 1-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4 [ 332.684627][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.692618][ T46] usb 1-1: Product: syz [ 332.697124][ T46] usb 1-1: Manufacturer: syz [ 332.701998][ T803] pwc: recv_control_msg error -32 req 02 val 2400 [ 332.708612][ T46] usb 1-1: SerialNumber: syz [ 332.714170][ T803] pwc: recv_control_msg error -32 req 02 val 2600 [ 332.722668][ T803] pwc: recv_control_msg error -32 req 02 val 2900 [ 332.732417][ T803] pwc: recv_control_msg error -32 req 02 val 2800 [ 332.742401][ T803] pwc: recv_control_msg error -32 req 04 val 1100 [ 332.761309][ T803] pwc: Registered as video103. [ 332.768314][ T803] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input11 [ 333.006622][ T46] uvcvideo 1-1:63.66: Found UVC 0.07 device syz (174f:8acf) [ 333.026432][ T46] uvcvideo 1-1:63.66: Failed to query (GET_INFO) UVC control 6 on unit 1: -71 (exp. 1). [ 333.053529][ T46] uvcvideo 1-1:63.66: Failed to query (GET_INFO) UVC control 9 on unit 1: -71 (exp. 1). [ 333.073252][ T803] usb 2-1: USB disconnect, device number 11 [ 333.100395][ T46] uvcvideo 1-1:63.66: Failed to query (GET_INFO) UVC control 1 on unit 1: -71 (exp. 1). [ 333.150451][ T46] uvcvideo 1-1:63.66: Failed to query (GET_INFO) UVC control 4 on unit 1: -71 (exp. 1). [ 333.195281][ T46] uvcvideo 1-1:63.66: Failed to query (GET_INFO) UVC control 17 on unit 1: -71 (exp. 1). [ 333.209367][ T46] uvcvideo 1-1:63.66: No streaming interface found for terminal 29. [ 333.217639][ T46] uvcvideo 1-1:63.66: Entity type for entity Output 32773 was not initialized! [ 333.266924][ T46] usb 1-1: USB disconnect, device number 15 [ 333.644036][ T46] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 333.830599][ T46] usb 1-1: unable to get BOS descriptor or descriptor too short [ 333.888776][ T46] usb 1-1: not running at top speed; connect to a high speed hub [ 333.941620][ T46] usb 1-1: config 63 has an invalid interface number: 66 but max is 0 [ 333.982489][ T46] usb 1-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config [ 334.057175][ T46] usb 1-1: config 63 has no interface number 0 [ 334.099289][ T46] usb 1-1: config 63 interface 66 has no altsetting 0 [ 334.251759][ T46] usb 1-1: string descriptor 0 read error: -22 [ 334.258946][ T46] usb 1-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4 [ 334.268566][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.290267][ T46] uvcvideo 1-1:63.66: Found UVC 0.07 device (174f:8acf) [ 335.065250][ T803] IPVS: starting estimator thread 0... [ 335.165910][ T803] usb 4-1: USB disconnect, device number 9 [ 335.174065][T11894] IPVS: using max 48 ests per chain, 115200 per kthread [ 335.373968][ T46] uvcvideo 1-1:63.66: Failed to query (GET_INFO) UVC control 6 on unit 1: -71 (exp. 1). [ 335.436288][ T46] uvcvideo 1-1:63.66: Failed to query (GET_INFO) UVC control 9 on unit 1: -71 (exp. 1). [ 335.482316][ T46] uvcvideo 1-1:63.66: Failed to query (GET_INFO) UVC control 1 on unit 1: -71 (exp. 1). [ 335.528807][ T46] uvcvideo 1-1:63.66: Failed to query (GET_INFO) UVC control 4 on unit 1: -71 (exp. 1). [ 335.560524][ T46] uvcvideo 1-1:63.66: Failed to query (GET_INFO) UVC control 17 on unit 1: -71 (exp. 1). [ 335.601215][ T46] uvcvideo 1-1:63.66: No streaming interface found for terminal 29. [ 335.747582][ T46] uvcvideo 1-1:63.66: Entity type for entity Output 32773 was not initialized! [ 335.767359][ T46] usb 1-1: USB disconnect, device number 16 [ 336.298798][ T29] audit: type=1400 audit(1777336758.004:405): avc: denied { write } for pid=11905 comm="syz.3.2010" path="socket:[36223]" dev="sockfs" ino=36223 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 337.557222][T11927] syz_tun: entered allmulticast mode [ 337.834997][ T29] audit: type=1400 audit(1777336759.314:406): avc: denied { map } for pid=11932 comm="syz.0.2017" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=36254 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 337.961877][T11938] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 338.933402][ T29] audit: type=1400 audit(1777336759.314:407): avc: denied { read write } for pid=11932 comm="syz.0.2017" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=36254 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 339.896812][T11948] netlink: 100 bytes leftover after parsing attributes in process `syz.3.2022'. [ 340.184735][T11956] syzkaller0: entered promiscuous mode [ 340.202803][T11956] syzkaller0: entered allmulticast mode [ 340.461884][ T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 340.589721][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 340.653834][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 340.709027][ T9] usb 4-1: config 1 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 340.721153][ T9] usb 4-1: config 1 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0 [ 340.734763][ T9] usb 4-1: config 1 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 340.879900][T11972] comedi comedi1: pcmmio: I/O port conflict (0x100,32) [ 341.498299][T11971] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 341.504971][T11971] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 341.513600][T11971] vhci_hcd vhci_hcd.0: Device attached [ 341.520752][ T803] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 341.528845][ T9] usb 4-1: config 1 interface 0 has no altsetting 0 [ 341.529058][T11973] vhci_hcd: connection closed [ 341.552219][ T13] vhci_hcd vhci_hcd.1: stop threads [ 341.563316][ T13] vhci_hcd vhci_hcd.1: release socket [ 341.568718][ T13] vhci_hcd vhci_hcd.1: disconnect device [ 341.582449][ T9] usb 4-1: string descriptor 0 read error: -22 [ 341.592791][ T9] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.40 [ 341.615937][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.701197][ T803] usb 1-1: Using ep0 maxpacket: 32 [ 341.711243][ T803] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 341.735356][ T803] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 341.885207][ T5610] IPVS: starting estimator thread 0... [ 342.026622][ T803] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 342.064396][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 342.075073][ T0] NOHZ tick-stop error: local softirq work is pending, handler #04!!! [ 342.103222][ T803] usb 1-1: Product: syz [ 342.104169][T11981] IPVS: using max 49 ests per chain, 117600 per kthread [ 342.109514][ T803] usb 1-1: Manufacturer: syz [ 342.130358][ T803] usb 1-1: SerialNumber: syz [ 342.145335][ T803] usb 1-1: config 0 descriptor?? [ 342.158354][ T9] usbhid 4-1:1.0: can't add hid device: -32 [ 342.171274][T11963] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 342.178130][ T9] usbhid 4-1:1.0: probe with driver usbhid failed with error -32 [ 342.572939][ T803] usb 1-1: USB disconnect, device number 17 [ 343.947832][ T5821] usb 4-1: USB disconnect, device number 10 [ 344.335189][T12013] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2046'. [ 344.437666][ T5821] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 344.731821][ T5821] usb 4-1: Using ep0 maxpacket: 8 [ 344.738795][ T5821] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 344.747354][ T5821] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 344.757113][ T5821] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 344.766885][ T5821] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 344.777546][ T5821] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 344.790570][ T5821] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 344.799602][ T5821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.864307][ T803] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 345.024486][ T803] usb 6-1: Using ep0 maxpacket: 32 [ 345.033156][ T803] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 345.047430][ T5821] usb 4-1: usb_control_msg returned -71 [ 345.055092][ T5821] usbtmc 4-1:16.0: can't read capabilities [ 345.066930][ T803] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 345.077587][ T803] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 345.088341][ T5821] usb 4-1: USB disconnect, device number 11 [ 345.097973][ T803] usb 6-1: Product: syz [ 345.109622][ T803] usb 6-1: Manufacturer: syz [ 345.114284][ T803] usb 6-1: SerialNumber: syz [ 345.121103][ T803] usb 6-1: config 0 descriptor?? [ 345.127091][T12028] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 345.354540][ T5821] usb 6-1: USB disconnect, device number 14 [ 345.865359][T12052] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2061'. [ 346.811525][T12049] syzkaller0: entered promiscuous mode [ 346.858024][T12049] syzkaller0: entered allmulticast mode [ 348.516181][T12082] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2072'. [ 369.974268][T12155] syzkaller0: entered promiscuous mode [ 369.992652][T12155] syzkaller0: entered allmulticast mode [ 370.034104][ T5610] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 370.094372][ T5620] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 370.106125][ T5620] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 370.118931][ T5620] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 370.126955][ T5620] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 370.134576][ T5620] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 370.203688][ T5610] usb 4-1: config 1 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 370.218180][ T5610] usb 4-1: config 1 interface 0 has no altsetting 0 [ 370.229104][ T5610] usb 4-1: string descriptor 0 read error: -22 [ 370.236436][ T5610] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.40 [ 370.246443][ T5610] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.483439][T12130] syz_tun (unregistering): left allmulticast mode [ 370.906508][ T5821] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 371.002430][ T5610] usbhid 4-1:1.0: can't add hid device: -32 [ 371.010940][ T5610] usbhid 4-1:1.0: probe with driver usbhid failed with error -32 [ 371.029202][ T5610] usb 4-1: USB disconnect, device number 12 [ 371.100613][ T5821] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 371.130059][ T5821] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 371.157100][ T5821] usb 2-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a [ 371.185380][ T5821] usb 2-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160 [ 371.206181][ T5821] usb 2-1: Product: syz [ 371.219079][ T5821] usb 2-1: Manufacturer: syz [ 371.240280][ T5821] usb 2-1: SerialNumber: syz [ 371.259674][ T5821] usb 2-1: config 0 descriptor?? [ 371.392104][T12159] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.399691][T12159] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.407084][T12159] bridge_slave_0: entered allmulticast mode [ 371.416854][T12159] bridge_slave_0: entered promiscuous mode [ 371.429673][T12159] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.437369][T12159] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.445472][T12159] bridge_slave_1: entered allmulticast mode [ 371.453443][T12159] bridge_slave_1: entered promiscuous mode [ 371.483954][T12159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 371.495862][T12159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 371.537243][T12159] team0: Port device team_slave_0 added [ 371.548129][T12159] team0: Port device team_slave_1 added [ 371.595305][T12159] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 371.602649][T12159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 371.632181][T12159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 371.646100][T12159] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 371.653255][T12159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 371.680211][T12159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 371.723121][T12159] hsr_slave_0: entered promiscuous mode [ 371.729635][T12159] hsr_slave_1: entered promiscuous mode [ 371.735781][T12159] debugfs: 'hsr0' already exists in 'hsr' [ 371.741890][T12159] Cannot create hsr debugfs directory [ 371.819895][ T5822] usb 2-1: USB disconnect, device number 12 [ 372.094649][T12195] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2101'. [ 372.410565][ T5618] Bluetooth: hci5: command tx timeout [ 372.605870][T12159] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 372.632396][T12159] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 372.645562][T12159] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 372.671722][T12159] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 372.684299][T12159] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 372.851403][T12159] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 372.861444][T12159] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 372.878432][T12159] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 373.193865][T12159] 8021q: adding VLAN 0 to HW filter on device bond0 [ 373.208397][T12159] 8021q: adding VLAN 0 to HW filter on device team0 [ 373.241464][T12159] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 373.252263][T12159] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 374.119040][T12091] bridge0: port 1(bridge_slave_0) entered blocking state [ 374.126211][T12091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 374.231489][T12091] bridge0: port 2(bridge_slave_1) entered blocking state [ 374.238620][T12091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 374.246284][ T29] audit: type=1400 audit(1777337049.490:408): avc: denied { setopt } for pid=12217 comm="syz.5.2104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 374.614101][ T5618] Bluetooth: hci5: command tx timeout [ 375.262787][T12159] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 375.464230][T12159] veth0_vlan: entered promiscuous mode [ 375.474324][T12159] veth1_vlan: entered promiscuous mode [ 375.493814][T12159] veth0_macvtap: entered promiscuous mode [ 375.502334][T12159] veth1_macvtap: entered promiscuous mode [ 375.517800][T12159] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 375.528388][T12159] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 375.604024][ T79] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 375.613156][ T79] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 375.622187][ T79] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 375.631166][ T79] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 375.768568][T12091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 375.776695][T12091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 375.785558][T11353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 375.793685][T11353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 375.865429][ T29] audit: type=1400 audit(1777337051.035:409): avc: denied { mounton } for pid=12159 comm="syz-executor" path="/root/syzkaller.7tHgEl/syz-tmp" dev="sda1" ino=2049 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 375.940957][ T29] audit: type=1400 audit(1777337051.035:410): avc: denied { mounton } for pid=12159 comm="syz-executor" path="/root/syzkaller.7tHgEl/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 376.013608][ T29] audit: type=1400 audit(1777337051.072:411): avc: denied { mounton } for pid=12159 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 376.206465][ T5610] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 376.839367][ T5618] Bluetooth: hci5: command tx timeout [ 376.913232][ T5610] usb 4-1: config 1 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 376.926662][ T5610] usb 4-1: config 1 interface 0 has no altsetting 0 [ 376.936428][ T5610] usb 4-1: string descriptor 0 read error: -22 [ 376.942869][ T5610] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.40 [ 376.952982][ T5610] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.808477][ T5610] usbhid 4-1:1.0: can't add hid device: -32 [ 379.024416][ T5610] usbhid 4-1:1.0: probe with driver usbhid failed with error -32 [ 379.059540][ T5618] Bluetooth: hci5: command tx timeout [ 379.068334][ T5610] usb 4-1: USB disconnect, device number 13 [ 379.476415][ T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 379.933125][ T9] usb 2-1: config 0 has an invalid interface number: 238 but max is 0 [ 379.944491][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 379.956307][ T9] usb 2-1: config 0 has no interface number 0 [ 379.963229][ T9] usb 2-1: config 0 interface 238 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 379.977410][ T9] usb 2-1: config 0 interface 238 has no altsetting 0 [ 381.065715][ T9] usb 2-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a [ 381.080561][ T9] usb 2-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160 [ 381.089735][ T9] usb 2-1: Product: syz [ 381.094325][ T9] usb 2-1: Manufacturer: syz [ 381.099319][ T9] usb 2-1: SerialNumber: syz [ 381.118647][ T9] usb 2-1: config 0 descriptor?? [ 381.135997][ T9] comedi comedi5: Wrong number of endpoints [ 381.142438][ T9] ni6501 2-1:0.238: driver 'ni6501' failed to auto-configure device. [ 381.282237][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 381.567502][ T46] usb 2-1: USB disconnect, device number 13 [ 383.325255][T12328] tipc: Started in network mode [ 383.330618][T12328] tipc: Node identity 0e58520920dd, cluster identity 4711 [ 383.339861][T12328] tipc: Enabled bearer , priority 0 [ 383.400887][T12328] syzkaller0: entered promiscuous mode [ 383.408977][T12328] syzkaller0: entered allmulticast mode [ 383.415978][T12328] tipc: Resetting bearer [ 384.855534][T12091] tipc: Resetting bearer [ 384.865154][T12325] tipc: Resetting bearer [ 385.748972][ T5821] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 385.887844][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 385.945153][ T5821] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 386.173625][ T5821] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 386.202420][ T5821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.233415][ T5821] usb 1-1: config 0 descriptor?? [ 386.381450][ T5821] pwc: Askey VC010 type 2 USB webcam detected. [ 386.881595][ T5821] pwc: recv_control_msg error -32 req 02 val 2b00 [ 386.895866][ T5821] pwc: recv_control_msg error -32 req 02 val 2700 [ 386.909463][ T5821] pwc: recv_control_msg error -32 req 02 val 2c00 [ 386.916476][ T5821] pwc: recv_control_msg error -32 req 04 val 1000 [ 386.923716][ T5821] pwc: recv_control_msg error -32 req 04 val 1300 [ 387.152155][ T5821] pwc: recv_control_msg error -71 req 02 val 2000 [ 387.173299][ T5821] pwc: recv_control_msg error -71 req 02 val 2100 [ 387.189642][ T5821] pwc: recv_control_msg error -71 req 04 val 1500 [ 387.207349][ T5821] pwc: recv_control_msg error -71 req 02 val 2500 [ 387.228461][ T5821] pwc: recv_control_msg error -71 req 02 val 2400 [ 387.253179][ T5821] pwc: recv_control_msg error -71 req 02 val 2600 [ 387.279542][ T5821] pwc: recv_control_msg error -71 req 02 val 2900 [ 387.300011][ T5821] pwc: recv_control_msg error -71 req 02 val 2800 [ 387.319972][ T5821] pwc: recv_control_msg error -71 req 04 val 1100 [ 387.350842][ T5821] pwc: recv_control_msg error -71 req 04 val 1200 [ 387.377878][ T5821] pwc: Registered as video103. [ 387.396363][ T5821] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input13 [ 387.453813][ T5821] usb 1-1: USB disconnect, device number 18 [ 388.127671][T12325] tipc: Disabling bearer [ 388.136893][ T1681] tipc: Node number set to 780489225 [ 388.483609][ T46] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 388.514006][T12393] trusted_key: syz.1.2158 sent an empty control message without MSG_MORE. [ 388.978412][ T46] usb 1-1: Using ep0 maxpacket: 32 [ 389.041272][ T46] usb 1-1: config 139 has an invalid interface number: 95 but max is 0 [ 389.099933][ T46] usb 1-1: config 139 has no interface number 0 [ 389.478639][ T46] usb 1-1: config 139 interface 95 has no altsetting 0 [ 389.503035][ T46] usb 1-1: New USB device found, idVendor=061c, idProduct=c084, bcdDevice=c0.8c [ 389.513698][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.521904][ T46] usb 1-1: Product: syz [ 389.526078][ T46] usb 1-1: Manufacturer: syz [ 389.531421][ T46] usb 1-1: SerialNumber: syz [ 390.009331][ T46] usb 1-1: USB disconnect, device number 19 [ 390.408226][ T803] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 390.675228][ T803] usb 4-1: Using ep0 maxpacket: 8 [ 390.706825][ T803] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 390.922127][ T803] usb 4-1: can't read configurations, error -61 [ 391.082168][ T803] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 391.263149][ T803] usb 4-1: Using ep0 maxpacket: 8 [ 391.299825][ T803] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 391.368995][ T803] usb 4-1: can't read configurations, error -61 [ 391.407176][ T803] usb usb4-port1: attempt power cycle [ 391.724338][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 391.800613][ T803] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 391.978233][ T803] usb 4-1: Using ep0 maxpacket: 8 [ 392.002666][ T29] audit: type=1400 audit(1777337066.110:412): avc: denied { sqpoll } for pid=12431 comm="syz.0.2172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 392.471685][ T803] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 392.539560][ T803] usb 4-1: can't read configurations, error -61 [ 392.770319][ T803] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 392.946752][ T803] usb 4-1: Using ep0 maxpacket: 8 [ 393.059681][ T803] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 393.133386][ T803] usb 4-1: can't read configurations, error -61 [ 393.143261][ T803] usb usb4-port1: unable to enumerate USB device [ 393.464361][ T46] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 393.806278][ T46] usb 6-1: Using ep0 maxpacket: 8 [ 393.955016][ T46] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 393.970679][ T46] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 393.979867][ T46] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.007392][ T46] usb 6-1: config 0 descriptor?? [ 394.523184][ T46] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 394.659770][T12459] syzkaller0: entered promiscuous mode [ 394.665448][T12459] syzkaller0: entered allmulticast mode [ 397.167775][ T5821] usb 6-1: USB disconnect, device number 15 [ 397.261415][T12485] netlink: 88 bytes leftover after parsing attributes in process `syz.6.2190'. [ 397.448720][T12498] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2194'. [ 397.493733][ T1681] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 397.513341][T12498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2194'. [ 397.557117][ T9] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 397.601554][ T5821] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 397.666341][ T1681] usb 1-1: Using ep0 maxpacket: 8 [ 397.675478][ T1681] usb 1-1: config 0 has an invalid interface number: 255 but max is 14 [ 397.684404][ T1681] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 397.695568][ T1681] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 15 [ 397.706285][ T1681] usb 1-1: config 0 has no interface number 0 [ 397.713567][ T1681] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 397.726969][ T1681] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 397.744519][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 397.750364][ T1681] usb 1-1: config 0 interface 255 has no altsetting 0 [ 397.752336][T12506] syzkaller0: entered promiscuous mode [ 397.763198][T12506] syzkaller0: entered allmulticast mode [ 397.763815][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 397.781434][ T5821] usb 6-1: Using ep0 maxpacket: 8 [ 397.785116][ T9] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 397.795936][ T1681] usb 1-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8 [ 397.796370][ T5821] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 397.805831][ T9] usb 4-1: can't read configurations, error -71 [ 397.821770][ T1681] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.829944][ T5821] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 397.829989][ T5821] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 397.830010][ T5821] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.862413][ T1681] usb 1-1: Product: syz [ 397.867008][ T1681] usb 1-1: Manufacturer: syz [ 397.872424][ T1681] usb 1-1: SerialNumber: syz [ 397.887202][ T1681] usb 1-1: config 0 descriptor?? [ 398.089709][ T1681] powermate 1-1:0.255: probe with driver powermate failed with error -22 [ 399.075978][T12527] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2201'. [ 399.463803][T12529] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2203'. [ 399.700327][T12542] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2206'. [ 399.799254][T12537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2206'. [ 400.228586][ T5821] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 400.399679][ T5821] usb 2-1: Using ep0 maxpacket: 16 [ 400.416003][ T5821] usb 2-1: unable to get BOS descriptor or descriptor too short [ 400.457056][ T5821] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 400.462801][ T9] usb 1-1: USB disconnect, device number 20 [ 400.492374][ T5821] usb 2-1: can't read configurations, error -71 [ 400.551793][T12552] kvm: kvm [12551]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 400.552896][ T1681] usb 6-1: USB disconnect, device number 16 [ 400.560672][T12552] kvm: kvm [12551]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 400.683487][T12559] kAFS: unable to lookup cell 'sy' [ 400.745874][T12557] syzkaller0: entered promiscuous mode [ 400.778151][T12557] syzkaller0: entered allmulticast mode [ 400.828249][ T29] audit: type=1400 audit(1777337074.364:413): avc: denied { read write } for pid=12566 comm="syz.6.2216" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 400.873295][ T29] audit: type=1400 audit(1777337074.364:414): avc: denied { ioctl open } for pid=12566 comm="syz.6.2216" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 400.993785][T12569] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2215'. [ 401.062790][ T803] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 401.226349][ T803] usb 1-1: Using ep0 maxpacket: 8 [ 401.254234][ T803] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 401.272272][ T803] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 401.289751][T12582] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2219'. [ 401.299150][ T803] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.322271][ T803] usb 1-1: config 0 descriptor?? [ 401.568440][ T803] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 402.499082][T12580] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2219'. [ 402.773084][T12593] netlink: 'syz.1.2224': attribute type 4 has an invalid length. [ 402.795564][T12593] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2224'. [ 402.889395][ T46] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 402.917976][ T9] usb 1-1: USB disconnect, device number 21 [ 403.049753][ T803] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 403.057395][ T46] usb 7-1: device descriptor read/64, error -71 [ 403.537707][ T803] usb 6-1: config 0 has an invalid interface number: 238 but max is 0 [ 403.546042][ T803] usb 6-1: config 0 has no interface number 0 [ 403.552137][ T803] usb 6-1: config 0 interface 238 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0 [ 403.561950][ T803] usb 6-1: config 0 interface 238 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 0 [ 403.571819][ T803] usb 6-1: config 0 interface 238 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 403.584779][ T803] usb 6-1: config 0 interface 238 has no altsetting 0 [ 403.589991][ T9] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 403.593212][ T803] usb 6-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f6.6a [ 403.608248][ T803] usb 6-1: New USB device strings: Mfr=181, Product=147, SerialNumber=160 [ 403.616760][ T803] usb 6-1: Product: syz [ 403.620905][ T803] usb 6-1: Manufacturer: syz [ 403.625465][ T803] usb 6-1: SerialNumber: syz [ 403.630369][ T46] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 403.639571][ T803] usb 6-1: config 0 descriptor?? [ 403.650418][ T803] comedi comedi5: Wrong number of endpoints [ 403.656926][ T803] ni6501 6-1:0.238: driver 'ni6501' failed to auto-configure device. [ 403.822640][ T46] usb 7-1: device descriptor read/64, error -71 [ 403.887769][T12609] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2231'. [ 403.893236][ T1681] usb 6-1: USB disconnect, device number 17 [ 403.979785][ T46] usb usb7-port1: attempt power cycle [ 404.013593][T12618] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2233'. [ 404.077502][T12615] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2233'. [ 404.171811][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 404.207591][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 404.230491][ T9] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 404.239282][ T9] usb 4-1: can't read configurations, error -71 [ 404.364392][ T46] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 404.398389][ T46] usb 7-1: device descriptor read/8, error -71 [ 405.122774][ T46] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 405.158010][ T46] usb 7-1: device descriptor read/8, error -71 [ 405.306331][ T46] usb usb7-port1: unable to enumerate USB device [ 405.459508][T12646] overlay: ./file1 is not a directory [ 405.843856][ T29] audit: type=1400 audit(1777337079.090:415): avc: denied { mount } for pid=12661 comm="syz.5.2249" name="/" dev="ramfs" ino=40564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 405.998537][T12668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2250'. [ 406.169307][ T29] audit: type=1400 audit(1777337079.342:416): avc: denied { unmount } for pid=12159 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1 [ 406.821901][ T46] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 407.109688][ T46] usb 7-1: device descriptor read/64, error -71 [ 407.388204][ T46] usb 7-1: new full-speed USB device number 7 using dummy_hcd [ 407.580720][ T46] usb 7-1: device descriptor read/64, error -71 [ 407.719872][ T46] usb usb7-port1: attempt power cycle [ 407.765251][T12711] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2266'. [ 407.931297][T12726] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2273'. [ 408.157594][ T46] usb 7-1: new full-speed USB device number 8 using dummy_hcd [ 408.214909][ T46] usb 7-1: device descriptor read/8, error -71 [ 408.273126][T12739] netlink: 220 bytes leftover after parsing attributes in process `syz.3.2279'. [ 408.306129][T12739] netlink: 'syz.3.2279': attribute type 2 has an invalid length. [ 408.500092][ T46] usb 7-1: new full-speed USB device number 9 using dummy_hcd [ 408.580933][ T46] usb 7-1: device descriptor read/8, error -71 [ 408.758016][ T46] usb usb7-port1: unable to enumerate USB device [ 408.941278][ T29] audit: type=1400 audit(1777337081.991:417): avc: denied { accept } for pid=12752 comm="syz.3.2286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 409.217699][T12766] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2291'. [ 409.509216][ T9] IPVS: starting estimator thread 0... [ 409.646599][T12773] IPVS: using max 45 ests per chain, 108000 per kthread [ 410.775635][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 411.058633][ T29] audit: type=1400 audit(1777337083.965:418): avc: denied { mount } for pid=12797 comm="syz.0.2302" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1 [ 411.332305][ T1681] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 411.528017][ T1681] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 411.573476][ T1681] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 411.607710][ T1681] usb 4-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 411.635946][ T1681] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.654928][ T1681] usb 4-1: Product: syz [ 411.667874][ T1681] usb 4-1: Manufacturer: syz [ 411.676218][ T1681] usb 4-1: SerialNumber: syz [ 411.699706][ T1681] usb 4-1: config 0 descriptor?? [ 411.948855][ T1681] usb 4-1: USB disconnect, device number 22 [ 412.014271][T12816] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2308'. [ 413.789094][ T29] audit: type=1400 audit(1777337086.520:419): avc: denied { write } for pid=12854 comm="syz.0.2324" name="sg0" dev="devtmpfs" ino=780 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 413.817279][T12855] sg_write: data in/out 447452/210 bytes for SCSI command 0x0-- guessing data in; [ 413.817279][T12855] program syz.0.2324 not setting count and/or reply_len properly [ 413.981703][ T46] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 414.227021][ T46] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 414.284618][ T46] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 414.329745][ T46] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 414.358499][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.418298][ T46] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 414.446179][ T46] usb 2-1: invalid MIDI out EP 0 [ 414.801592][ T46] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 414.825818][ T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 414.851987][ T46] usb 2-1: USB disconnect, device number 16 [ 416.131574][ T9] usb 4-1: config 1 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 416.157763][ T9] usb 4-1: config 1 interface 0 has no altsetting 0 [ 416.177089][ T9] usb 4-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.40 [ 417.219734][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.080562][ T9] usb 4-1: Product: syz [ 418.290760][ T9] usb 4-1: Manufacturer: syz [ 418.296884][ T9] usb 4-1: SerialNumber: syz [ 418.365396][ T9] usb 4-1: can't set config #1, error -71 [ 418.381102][ T9] usb 4-1: USB disconnect, device number 23 [ 421.891246][T12938] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2349'. [ 423.219948][ T10] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 536.115918][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 536.122935][ C1] rcu: 0-...!: (1 GPs behind) idle=766c/1/0x4000000000000000 softirq=58917/58918 fqs=1 [ 536.133377][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P12946 [ 536.140750][ C1] rcu: (detected by 1, t=10506 jiffies, g=59333, q=605 ncpus=2) [ 536.148454][ C1] Sending NMI from CPU 1 to CPUs 0: [ 536.148477][ C0] NMI backtrace for cpu 0 [ 536.148492][ C0] CPU: 0 UID: 0 PID: 12946 Comm: syz.0.2354 Tainted: G L syzkaller #0 PREEMPT(full) [ 536.148511][ C0] Tainted: [L]=SOFTLOCKUP [ 536.148516][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 536.148524][ C0] RIP: 0010:__lock_acquire+0x9b/0x2630 [ 536.148546][ C0] Code: c0 41 89 c5 83 fb 07 76 08 84 c0 0f 85 ec 02 00 00 65 48 8b 2d ce 23 26 12 83 fb 01 0f 87 1e 03 00 00 89 d8 0f 87 42 1e 00 00 <49> 8b 44 c2 08 48 85 c0 0f 84 08 03 00 00 8b 8d 88 0b 00 00 83 f9 [ 536.148559][ C0] RSP: 0018:ffffc90000007c00 EFLAGS: 00000097 [ 536.148570][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 536.148578][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9b42b518 [ 536.148587][ C0] RBP: ffff888026182500 R08: 0000000000000001 R09: 0000000000000001 [ 536.148595][ C0] R10: ffffffff9b42b518 R11: 0000000000000001 R12: 0000000000000000 [ 536.148604][ C0] R13: 000000009b33ad01 R14: 0000000000000000 R15: 0000000000000000 [ 536.148612][ C0] FS: 00007f17594d56c0(0000) GS:ffff888124379000(0000) knlGS:0000000000000000 [ 536.148628][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 536.148637][ C0] CR2: 00007fba3fe17dac CR3: 0000000038973000 CR4: 00000000003526f0 [ 536.148646][ C0] Call Trace: [ 536.148652][ C0] [ 536.148662][ C0] lock_acquire+0x1b1/0x370 [ 536.148679][ C0] ? debug_object_activate+0x144/0x490 [ 536.148697][ C0] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 536.148714][ C0] ? do_raw_spin_lock+0x128/0x260 [ 536.148734][ C0] _raw_spin_lock_irqsave+0x3a/0x60 [ 536.148756][ C0] ? debug_object_activate+0x144/0x490 [ 536.148772][ C0] debug_object_activate+0x144/0x490 [ 536.148790][ C0] ? __pfx_debug_object_activate+0x10/0x10 [ 536.148810][ C0] ? do_raw_spin_lock+0x128/0x260 [ 536.148830][ C0] enqueue_hrtimer+0x75/0x2f0 [ 536.148850][ C0] __hrtimer_run_queues+0x73d/0xa00 [ 536.148873][ C0] hrtimer_interrupt+0x3e5/0x940 [ 536.148889][ C0] __sysvec_apic_timer_interrupt+0x10b/0x460 [ 536.148910][ C0] sysvec_apic_timer_interrupt+0x9e/0xc0 [ 536.148924][ C0] [ 536.148929][ C0] [ 536.148934][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 536.148949][ C0] RIP: 0010:finish_task_switch.isra.0+0x2d3/0x1010 [ 536.148963][ C0] Code: 2f 0a 00 00 41 c7 87 e0 0d 00 00 00 00 00 00 0f 1f 44 00 00 49 8d 7f 48 e8 fa 4b b7 09 e8 35 8d 3b 00 fb 48 8d bb a8 16 00 00 <48> b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 84 [ 536.148976][ C0] RSP: 0018:ffffc9000540f3e0 EFLAGS: 00000202 [ 536.148986][ C0] RAX: 0000000000008257 RBX: ffff888026182500 RCX: 0000000000000080 [ 536.148995][ C0] RDX: 0000000000000000 RSI: ffffffff8df1e366 RDI: ffff888026183ba8 [ 536.149004][ C0] RBP: ffffc9000540f438 R08: 0000000000000001 R09: 0000000000000000 [ 536.149012][ C0] R10: 0000000000000001 R11: ffffffff81d54282 R12: ffff88802f35ca00 [ 536.149021][ C0] R13: 0000000000000000 R14: ffffffff90d7b9e4 R15: ffff8880b843b240 [ 536.149031][ C0] ? finish_task_switch.isra.0+0x152/0x1010 [ 536.149050][ C0] __schedule+0x10f1/0x6820 [ 536.149069][ C0] ? __pfx___schedule+0x10/0x10 [ 536.149087][ C0] ? xas_find+0x32c/0x8e0 [ 536.149102][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 536.149116][ C0] preempt_schedule_common+0x42/0xc0 [ 536.149130][ C0] preempt_schedule_thunk+0x16/0x30 [ 536.149145][ C0] _raw_spin_unlock+0x3e/0x50 [ 536.149164][ C0] filemap_map_pages+0x15ac/0x2140 [ 536.149189][ C0] ? __pfx_filemap_map_pages+0x10/0x10 [ 536.149211][ C0] ? __pfx_filemap_map_pages+0x10/0x10 [ 536.149230][ C0] do_fault+0x985/0x1750 [ 536.149247][ C0] __handle_mm_fault+0x187d/0x2a00 [ 536.149266][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 536.149286][ C0] ? __pfx___handle_mm_fault+0x10/0x10 [ 536.149304][ C0] ? pte_offset_map_lock+0x174/0x320 [ 536.149319][ C0] ? find_held_lock+0x2b/0x80 [ 536.149334][ C0] ? follow_page_pte+0x4d0/0x13f0 [ 536.149351][ C0] handle_mm_fault+0x36d/0xa20 [ 536.149370][ C0] __get_user_pages+0x1178/0x32a0 [ 536.149388][ C0] ? __pfx___get_user_pages+0x10/0x10 [ 536.149405][ C0] populate_vma_page_range+0x267/0x3f0 [ 536.149422][ C0] ? __pfx_populate_vma_page_range+0x10/0x10 [ 536.149438][ C0] ? __pfx_find_vma_intersection+0x10/0x10 [ 536.149452][ C0] ? do_mmap+0x93f/0x12f0 [ 536.149467][ C0] __mm_populate+0x107/0x3a0 [ 536.149483][ C0] ? __pfx___mm_populate+0x10/0x10 [ 536.149499][ C0] ? up_write+0x28c/0x4f0 [ 536.149518][ C0] vm_mmap_pgoff+0x37f/0x470 [ 536.149534][ C0] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 536.149550][ C0] ? do_futex+0x192/0x350 [ 536.149568][ C0] ? __pfx_do_futex+0x10/0x10 [ 536.149588][ C0] ksys_mmap_pgoff+0xe4/0x610 [ 536.149602][ C0] ? __x64_sys_futex+0x358/0x4d0 [ 536.149621][ C0] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 536.149635][ C0] ? xfd_validate_state+0x129/0x190 [ 536.149651][ C0] ? __task_pid_nr_ns+0x1ca/0x510 [ 536.149668][ C0] __x64_sys_mmap+0x125/0x190 [ 536.149686][ C0] do_syscall_64+0x10b/0xf80 [ 536.149700][ C0] ? clear_bhb_loop+0x40/0x90 [ 536.149715][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.149729][ C0] RIP: 0033:0x7f175859cdd9 [ 536.149741][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 536.149754][ C0] RSP: 002b:00007f17594d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 536.149766][ C0] RAX: ffffffffffffffda RBX: 00007f1758815fa0 RCX: 00007f175859cdd9 [ 536.149775][ C0] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000 [ 536.149783][ C0] RBP: 00007f1758632d69 R08: ffffffffffffffff R09: 0000000000000000 [ 536.149791][ C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000 [ 536.149800][ C0] R13: 00007f1758816038 R14: 00007f1758815fa0 R15: 00007ffcf4892908 [ 536.149813][ C0] [ 536.150472][ C1] task:syz.0.2354 state:R running task stack:25896 pid:12946 tgid:12945 ppid:5603 task_flags:0x400040 flags:0x00080010 [ 536.735798][ C1] Call Trace: [ 536.739064][ C1] [ 536.741995][ C1] ? __schedule+0x10f1/0x6820 [ 536.746690][ C1] ? __pfx___schedule+0x10/0x10 [ 536.751543][ C1] ? xas_find+0x32c/0x8e0 [ 536.755868][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 536.761231][ C1] ? preempt_schedule_common+0x42/0xc0 [ 536.766693][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 536.772062][ C1] ? _raw_spin_unlock+0x3e/0x50 [ 536.776930][ C1] ? filemap_map_pages+0x15ac/0x2140 [ 536.782233][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 536.787699][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 536.793155][ C1] ? do_fault+0x985/0x1750 [ 536.797574][ C1] ? __handle_mm_fault+0x187d/0x2a00 [ 536.802859][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 536.808241][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 536.813714][ C1] ? pte_offset_map_lock+0x174/0x320 [ 536.819001][ C1] ? find_held_lock+0x2b/0x80 [ 536.823683][ C1] ? follow_page_pte+0x4d0/0x13f0 [ 536.828713][ C1] ? handle_mm_fault+0x36d/0xa20 [ 536.833658][ C1] ? __get_user_pages+0x1178/0x32a0 [ 536.838860][ C1] ? __pfx___get_user_pages+0x10/0x10 [ 536.844234][ C1] ? populate_vma_page_range+0x267/0x3f0 [ 536.849861][ C1] ? __pfx_populate_vma_page_range+0x10/0x10 [ 536.855842][ C1] ? __pfx_find_vma_intersection+0x10/0x10 [ 536.861638][ C1] ? do_mmap+0x93f/0x12f0 [ 536.865961][ C1] ? __mm_populate+0x107/0x3a0 [ 536.870718][ C1] ? __pfx___mm_populate+0x10/0x10 [ 536.875824][ C1] ? up_write+0x28c/0x4f0 [ 536.880154][ C1] ? vm_mmap_pgoff+0x37f/0x470 [ 536.884914][ C1] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 536.890021][ C1] ? do_futex+0x192/0x350 [ 536.894350][ C1] ? __pfx_do_futex+0x10/0x10 [ 536.899029][ C1] ? ksys_mmap_pgoff+0xe4/0x610 [ 536.903870][ C1] ? __x64_sys_futex+0x358/0x4d0 [ 536.908803][ C1] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 536.914081][ C1] ? xfd_validate_state+0x129/0x190 [ 536.919273][ C1] ? __task_pid_nr_ns+0x1ca/0x510 [ 536.924296][ C1] ? __x64_sys_mmap+0x125/0x190 [ 536.929144][ C1] ? do_syscall_64+0x10b/0xf80 [ 536.933901][ C1] ? clear_bhb_loop+0x40/0x90 [ 536.938572][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.944637][ C1] [ 536.947644][ C1] rcu: rcu_preempt kthread starved for 10500 jiffies! g59333 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 536.958822][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 536.968773][ C1] rcu: RCU grace-period kthread stack dump: [ 536.974640][ C1] task:rcu_preempt state:R running task stack:27992 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 536.988123][ C1] Call Trace: [ 536.991389][ C1] [ 536.994309][ C1] __schedule+0x10e9/0x6820 [ 536.998826][ C1] ? __pfx___schedule+0x10/0x10 [ 537.003676][ C1] ? find_held_lock+0x2b/0x80 [ 537.008350][ C1] ? schedule+0x2bf/0x390 [ 537.012681][ C1] schedule+0xdd/0x390 [ 537.016745][ C1] schedule_timeout+0x127/0x280 [ 537.021596][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 537.026973][ C1] ? __pfx_process_timeout+0x10/0x10 [ 537.032257][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 537.038057][ C1] ? prepare_to_swait_event+0xdf/0x4a0 [ 537.043514][ C1] rcu_gp_fqs_loop+0x1a9/0x900 [ 537.048276][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 537.053561][ C1] ? prepare_to_swait_event+0xae/0x4a0 [ 537.059013][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 537.063945][ C1] ? __pfx_rcu_gp_cleanup+0x10/0x10 [ 537.069137][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 537.074937][ C1] rcu_gp_kthread+0x179/0x230 [ 537.079610][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 537.084798][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 537.090603][ C1] ? __kthread_parkme+0x18c/0x230 [ 537.095618][ C1] ? kthread+0x13a/0x450 [ 537.099851][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 537.105039][ C1] kthread+0x370/0x450 [ 537.109100][ C1] ? __pfx_kthread+0x10/0x10 [ 537.113686][ C1] ret_from_fork+0x72b/0xd50 [ 537.118270][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 537.123379][ C1] ? __switch_to+0x800/0x1100 [ 537.128063][ C1] ? __pfx_kthread+0x10/0x10 [ 537.132664][ C1] ret_from_fork_asm+0x1a/0x30 [ 537.137446][ C1] [ 537.140460][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 537.146778][ C1] CPU: 1 UID: 0 PID: 1082 Comm: kworker/u8:7 Tainted: G L syzkaller #0 PREEMPT(full) [ 537.157806][ C1] Tainted: [L]=SOFTLOCKUP [ 537.162128][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 537.172175][ C1] Workqueue: events_unbound toggle_allocation_gate [ 537.178691][ C1] RIP: 0010:smp_call_function_many_cond+0x589/0x1700 [ 537.185359][ C1] Code: b8 00 00 00 00 00 fc ff df 48 8b 54 24 08 49 89 d5 49 89 d4 49 c1 ed 03 41 83 e4 07 49 01 c5 41 83 c4 03 e8 09 80 0c 00 f3 90 <41> 0f b6 45 00 41 38 c4 7c 08 84 c0 0f 85 63 0f 00 00 8b 45 08 31 [ 537.204954][ C1] RSP: 0018:ffffc9000553f870 EFLAGS: 00000293 [ 537.211010][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81fc0f3d [ 537.218966][ C1] RDX: ffff888029bbca00 RSI: ffffffff81fc0f17 RDI: ffff888029bbca00 [ 537.226926][ C1] RBP: ffff8880b8443320 R08: 0000000000000005 R09: 0000000000000000 [ 537.234884][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003 [ 537.242842][ C1] R13: ffffed1017088665 R14: 0000000000000001 R15: ffff8880b853c5c0 [ 537.250800][ C1] FS: 0000000000000000(0000) GS:ffff888124479000(0000) knlGS:0000000000000000 [ 537.259717][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 537.266291][ C1] CR2: 00002000000026c0 CR3: 000000000e596000 CR4: 00000000003526f0 [ 537.274257][ C1] Call Trace: [ 537.277526][ C1] [ 537.280450][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 537.285482][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 537.291800][ C1] ? __pfx_text_poke_memcpy+0x10/0x10 [ 537.297171][ C1] ? __pfx___text_poke+0x10/0x10 [ 537.302107][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 537.307130][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 537.312240][ C1] ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190 [ 537.318729][ C1] smp_text_poke_batch_finish+0x337/0xc60 [ 537.324445][ C1] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 537.330678][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 537.336909][ C1] ? find_held_lock+0x2b/0x80 [ 537.341581][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 537.347551][ C1] jump_label_update+0x37a/0x550 [ 537.352482][ C1] static_key_enable_cpuslocked+0x1bc/0x270 [ 537.358364][ C1] static_key_enable+0x1a/0x20 [ 537.363127][ C1] toggle_allocation_gate+0xfe/0x2d0 [ 537.368409][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 537.374303][ C1] ? rcu_is_watching+0x12/0xc0 [ 537.379067][ C1] process_one_work+0xa0e/0x1980 [ 537.384012][ C1] ? __pfx_process_one_work+0x10/0x10 [ 537.389383][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 537.395277][ C1] worker_thread+0x5ef/0xe50 [ 537.399871][ C1] ? kthread+0x13a/0x450 [ 537.404106][ C1] ? __pfx_worker_thread+0x10/0x10 [ 537.409217][ C1] kthread+0x370/0x450 [ 537.413277][ C1] ? __pfx_kthread+0x10/0x10 [ 537.417863][ C1] ret_from_fork+0x72b/0xd50 [ 537.422446][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 537.427554][ C1] ? __switch_to+0x800/0x1100 [ 537.432228][ C1] ? __pfx_kthread+0x10/0x10 [ 537.436813][ C1] ret_from_fork_asm+0x1a/0x30 [ 537.441583][ C1]