last executing test programs: 6.399623169s ago: executing program 2 (id=611): socket$nl_route(0x10, 0x3, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$nl_rdma(0x10, 0x3, 0x14) prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x7, 0x800000000000008a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setrlimit(0x4, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c80)=@newtaction={0x98, 0x30, 0xffff, 0x0, 0x0, {}, [{0x84, 0x1, [@m_ife={0x80, 0x1, 0x0, 0x0, {{0x8}, {0x58, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x100000}}}, @TCA_IFE_METALST={0x4}, @TCA_IFE_METALST={0x18, 0x6, [@IFE_META_SKBMARK={0x8}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x8, 0x1, @val=0xa0000}]}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x4, 0x7, 0x5, 0x5, 0x8}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0) 6.032633167s ago: executing program 1 (id=612): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0xc00, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 5.84521708s ago: executing program 2 (id=613): socket$pptp(0x18, 0x1, 0x2) r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) io_uring_setup(0x401de0, &(0x7f00000000c0)={0x0, 0x45d6}) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000000)={0x0}) ioctl$MON_IOCX_GETX(r0, 0x80089203, &(0x7f0000000a40)={0x0, 0x0}) r1 = socket(0xa, 0x5, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x20000045) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='scmi_xfer_end\x00', 0xffffffffffffffff, 0x0, 0xffff}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) dup(0xffffffffffffffff) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000080)={{0x0, 0x1, 0x0, 0x1, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_STOP(r3, 0x54a1) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e23, @private=0xa010100}, @in6={0xa, 0x4e23, 0x7, @mcast1, 0x2}], 0x2c) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r4, 0x3ba0, &(0x7f0000000080)={0x48, 0x8, r6, 0x0, 0x6, 0xffa, &(0x7f0000000540)="ef4cb98950941195a7a0b991b7e1948db647e54151184ecd6b17347bcec4bdf85ff58407ba9d350fd028176a440e826903fee731ef88c1d51b008374b20593218a26f92babc96144f72ced24a285a3300f0867693be1ccc17cee1f433f717bc2adc1e5ce4c7aaa9394c6b6c0435dc0cf6b7817e5e05981d504d80a4e46f5f9814ffbaf6c20928c81895f8c996cf777899dbd2b5df4107a03f6aac3a365f746a59c7b356665f54bf5820577ec15c68f06ed5cfe34a9b720ab8ee400c26bfd4e9c527dad9c1676d4ac114aea0ddd0f7692757f425f5df730d6905977b789ef4759816c2e01a92e387120bfed690ae0db531279e482e01bd26c9c2a6793553698b59ad93e605b137d8873ea7f292f80d533dd4dfd76ac0ca0252ac5f5f2cb5828eca3faf6ad8e2bc829a4326b8fba410959ce1b7753ed5e74c44920b54a31072f32a0cacef1f3f7163a7dfe189167167d0fd5dde978712acd17330016725b1242d1f4091e709f1e625147ed9be87474fed897f726c9fb83b4d2dc3a9266dae14af8d8c021cf75e45da250e1d8dd7b1ed4edc1b097008275518435d2174291c629e4e4afa54f310c14f3563e6a6812ceca49211d76794119792c612eb1fac16cd7f99637167d9879b58cfd5ee4d6386583cca567062bf26c9af5b5df9bfaf8f64f2d000cdd92b9dffbd90e97631397e1b26d4c890cd5ce20185e5b4aeb4b3924a79cf8acdf68a41cc118bd684506e0664ae4b6c255f848a78b4cfc57d51e26f5973207baab9d4687e48b476dc1585aa08eb53afde1bb6fc05fdaa192d05ac277998f098a9cfa219dad03bb59982c51ce95c35c890e1ed4fa2cd465215e2449a6f56d5b8e663a0d83bf74b8ed92ce53ef9ff818da4a7088eeecce687b6969ac316c5dce1bffe067309285faf3a5d7745d4a4df6c0f1105836ba78a3d3558ae30e3f5f13bbdc43cae3ba48b022f6bac835f639ec4c19e030fdce90e27581a9da8e91780b07ecc2f4ecac0ef217eef457813c4272ae1cf6d71a4eb96507ad2bcb32e6d3c755d427be7fed2354427808f16f7fedea2c6ad1a334e3f184d13ac90add874fe881ef71cb1a169b63d3360111c82a95f9f7e0881fc5c74ffdbe2ab1042e039c61635f6c6f1d549d96e665b32d9d880db14a1a0894775d74e5be244b48a1f90f2169ff8aeaa8317f998efbdb3a9ecbac09ee0c7d15f30a4a2d23ecee62ea832f9c9aea6a315182a0bee54a8da41edad2ba59051246ada9e93aaedf5e267cdb43f20f88d99b51179100d30a23aab68b3b78456fec3edcf4dba5af3ed6dea48fea17c5b2e4076e703877bc65bda1601e153cfd334d6e97fbee49c79551cc0a06eb420abcb8ff924f157e7d5ef61ed866286f31d1e845a8be8948857dc8d5a27a1402937d92db34bc9e9b3de5284aa01fa8835f56569d0f0323f66c840ace1b53639c907b9bdeb8273930ee3a4d98d527a96d5efb318a454777c914cdf86de9c2c1cc0f747801d452c4aee294621688fba903688f51d80912097c32e15da97dcb89198fddd3e88f516b0c48d2bc2dfa0e45982d3eceab02068cc985da34ffe13bc358e856b199d70cc8b27329cc55acce39f2f2933311bd9d7ef7940371833c51e18d66f64b992a39f057fc0739feb4311640d3caf899fa2bb923d12dcc9b444595c515409089ecdfb0353edc8fa47367eb7426e387df3443d659d5e0af6496ce7aa3a23841d12d0bb3dbdb95e9416c021fc68c7b45a7eb61b790e7e60b288a3535446e123819d82eb87ded5df2261fef70d5f4a3d6c896ad6072f0c8c8368a0033635fa320395758b446ec264d3fc55440afb671ac99ac4909afb29814db294e33b05921ef1d37533a8eb808257aa92b346fe9054b92508eb7cb5b0d6094fc5bc3ffd78f4ed1c62d674cf53ad3cd296ab6b583618108cb81d53d4711dd9ab449f7c6879e09e8c29d69600086ebfd2a7634bb3870757760260a86dc242efb5849309d515f0250665a34645d48310e0b49032ba76f8bc3f79f1eaf7c474fdaf7c45380405eb5a0cb79c5481eac686b66f04e83d192568493360dd3222c3e7a28a304865f9015d861d402bba36385cd3e6989d3a8b57eee7a174561ba3abc651daff52e4e661696be7c618a9b0b91c1b3c5ae7bb45b51140db4d468bbc43b96b50a063587d9ab4539ce251cd8ae6929549f3d3096ad11b73445a27cdb3ef35846b0964b6c6f703fe8c1c7870da9b6ec4252be6581426798dbc09cbf0c81dec7f4be2dc8ed7be1804fef29f4b1835701b4a4de22552d2c5ed4e923d3d0ff09ee218d0746311f3f393005b2c37894aab3c25db655c2b8294e3039677d2df9f4d4bfeb434330b1724ac925d5ec1a3f3bb6f6024d982da3380c6370d76646bbf2aed9946392097b571b1463ab668138754ae93d5c80be0e0ab7a657434a2253ac49a62a4836d9832c2d915ce881fdee81eb486195f71992a2d276dfcc97bf14e6c11e1ff7efcaf44fa9286a6f4169f438719733f0c9f9460011c277a033b868a6d507488bc3bb44e43df4beea12444b69affea17f2c180eb8df880f27fafd871200f7cf42e068d77e3fc3e7207e11c47f5f5a667723c6b2165ca09f52ae6d18d1412178972d77ba5b40c6943e891dffa7feb66493226bc343772eaf621abc79bae101e7083ec6756784b7893010fa1e3fce43613dbdb7deb8eb823ab4645b8c70d301f50e1077b2d661a26ac81f8652739d00f45a2c497c44c2d980f130fa7bd43711ba0125287c74ff39cabccca019881b18904ae6f38a83239ce9a1f3785ed32a94e004e41fc8f7cc5510b844d10e50d6c0dae581a74ffa8c549be2c5a62beada3579ffe7561be3082caa4429dff023f10b214b9e5f55b746484619eb89b8ce3035eab33027aee7cb8a87c0bedf20d30dc556cb5c5512c9787402920c3e83c591520327dfbd2ee719b48bcbcb5e8255506980a2eb95e7c6f8570949dbb8ce2a9c0e5094c58add49d4d9022aedbaffda8407cff34b88c8cf69f59bfdf94e58965d09bd9a1afb17087d4553cc3ac826a20f803f189febd72d9bc959050b4fed76867fdaadaa2c281da1ad49c1c20d1278b325c05a9052df4bb1223e2ad5a16519675c2ebc48a72afc94b20375a2b4517c88dcf0dc575255da49e95d9e8dcba908aaa91fd67b0632c4b4284fac1987221195874a36c69c48172705bd8de53dc5e20fc2031e15331a99c3b22987fd04e1e2e0dc82122d8b8f27477803118be5d29ffd856eb4551ab770cbaaf4ad9b23ff02b86d916b723e31668e23ced1e2128b6a79370e8da5df813f5ad45c8390fac06f0ef3e8fa40725f005ef980228ae04444737060706cdfe490ef63c64bb2cff03fc2d0fe198e0c8aee0b4c7935e25560d4e1cd9293af906d06c427dfad4245b70894fe89e9b329b3f7918c6c4ec9c2da269adec31f80766a16f083ead717d0cf4cd1ecf6fd735c4284be4000f82fdbdf539a2bbdedd24bad1f124660c847d44864d0ccef50280beba22a44141d311c6e337e70e42ea3cdbada92d2196d98ab0b784b0be6dd8e5abf1e46eedcb308a5f8f6138b965bae7872a9ba91cedd1438b063e3041d30689177dd7344a35a8178d819f39bdea73baaff8e611235d0b1a46eedb78dcf55a7df9eda0db44ce726f9f729979971758a3b35febb9edb12a3f062622a541c9034f4da0e94f5b7222abce49aa487f3d0515c55682d093eaa027a03364f95bcffd0c2962bd9367cb1d56b9e2074ad842f413cf45578930c381403296d9a3799efe9c159e67ac6baebecc50a495a982568a6e110cdab1c5737ac4c172b901b81aeb4683d626efaccc690e5fa6c5b2181bc8750a6175dc06beeb22eb5645a6a1e08769a1a1714ad435916a06aa66d8d660a4b3f1369e77e104ee657bf7eb4be88831a7afa55a4ebd824bd852191f725b89109b67760cc90af9fc11a1eab1cd3e626ae8dc324cbf8bca37e795218bf11c065d7938e0c8f76b9450ed3f561f6e47736fa90844977beb1c29c5bac1897d7644b5bdaa352025c61656f490b8db1e2cf3712d3535c03792cc05068d372242e7231c34f8e9ec1bd7db4260b9ec577279a205be0849de0301ac98fd41901bcbe49111a873262d6cde317d5d46e568d0618f66d73a282784765ef4aa06da2a5a8c43ecf6b00b4bbd64a4be6ac35193c439266da06e16ec72c3fe217f1908b9bf08bed8d99f92dc634457f958025bd3c5a3a0fc9123eb264d7f54e4413029731ecfecd98e3a0de3ff35a859ecea8ffa4f7771933ff37a4f654ccd911c17e595d78dd09fa8591ebd98ec3eff48cd2f37eee232ced4b3b36a0cc89de7aa16db9d7d9c1b8725cacd56b2cc10378c7dd22e5af61e870c335b850a394ea617d0774d1db131a03b46b171c902c496da7d4f8247eb4f2a51af9ea40df10690b67401f18483d7eaf857c0deed25640f800cbb676415edac33b2c01e26417ff2dff25926056ced5ca5b6fe5b01501cc6efdc2d18f8c13f1f1b862401622b50a11ccfe05efff7ba332a3715e20535a08dfac0298f6c138f933a97994aa72f97407cb47daa12f13e4c2306e0e7705d6415c1b27e02057f05baf24c5d26342e51aea34a1996ac1897c4cbd67b745700f0a516d819dcfcbdbe78ef2ca1aa5f9df464ba9170397ca5f1dfa44cce2c14d8c782628ec0e74de26927138e7ffe5a55553d5eff82e1400abab7d946399f60cbb3c0c3005c824f6e237528c73c182af85d7a4e36d4baf4bbaad28842c1d3661f27b4221fbbc32595f2e95fe0a0f03f4b4e9cf8f39cc1ddd0fbea91d7bc57bf07fd2842a135cf3fe6feb0b73aa4806ab75d4b94a198bc736a7366e5147bb789baa26d323611b76d88dc9664fa4e6a461d89d271a1659a9f3d86fcc940b659d788724531d59afe7bf368e76850075d84c14aa70b21f26c769f3fc48c1473a5227261f80a590bf013b506fc546ce4f3f91cf6615761ce39f6a690be3e2879ba0465abaef588b2f9f83b7f7efef40dfffaa6059aabf0f26459409aa528fa685f1ef44c5f381c254472a303a24dcb2940f0030a46ab6b388ff00cbb42c6a65ad342a25ebd4faac35884f1074bdbb46c770ec5aff500fc837b422c47b1bf36bb2b5dd3424a64de211422765eeac5f292371033b033cc07a5834106259b327e9e39ec6e4a976a282b8ba4109fd09e4531b9204cefa73f1e4eb36b4b6e148b8481574c7aeee9c976dfe3a291f18faa30a975f0c860ca3da9832f689f3907dd166c177d1aa4544fc133ad75ee67e8ac57f4c45aee1938c933d71f7253ee614f392ee472e8c0dab3c6895682544b73774c3299f6a27541fa538f115cf111bca342c7e64405e3d64d848ac70b35c5ac445239ebd55516c87ed5e7b2e1b27ea9a604e603359b33f06ac5806e87e8e3d54cc2451f7ea644c903a5b63845b0ef26a92eb2a9ae6418cbf9197d4e0ef5b7bd9f13dc9f01a450f1f769417f612cb5c3224738c3880f6ac6cd1ac98029009526de50e10ac942380cebd507adba24560327942ea70fd7c612b29ceee365aa2d4929a27cf89f31ab9996ed097b866ec86916d7d4a284d41db2a79b908e118ec096dbb79cbc4fa9f53d109e21d4af4d6479c27c041f95187c92d9f96cb8c55b7898f87e06ab52bbb7ad57ec83117e61c8f9b058bfa3cc48165bd9ff0307066104959be3c9899bd034658c4c730cc105cb2087e303bc54991fa7780c1aecaa398776a6e1bd1df3dde85587a31f29f482228eecfabc116457aa48ae09d453b65a99d6f9ad526ad470323f125", 0x5}) sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f0000001540)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x20, 0x0, 0x10, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void, @val={0xc, 0x99, {0x6, 0x7}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x40000) 5.021613908s ago: executing program 1 (id=614): socket$pptp(0x18, 0x1, 0x2) r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) io_uring_setup(0x401de0, &(0x7f00000000c0)={0x0, 0x45d6}) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000000)={0x0}) ioctl$MON_IOCX_GETX(r0, 0x80089203, &(0x7f0000000a40)={0x0, 0x0}) r1 = socket(0xa, 0x5, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x20000045) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='scmi_xfer_end\x00', 0xffffffffffffffff, 0x0, 0xffff}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) dup(0xffffffffffffffff) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000080)={{0x0, 0x1, 0x0, 0x1, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_STOP(r3, 0x54a1) sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e23, @private=0xa010100}, @in6={0xa, 0x4e23, 0x7, @mcast1, 0x2}], 0x2c) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r4, 0x3ba0, &(0x7f0000000080)={0x48, 0x8, r6, 0x0, 0x6, 0xffa, &(0x7f0000000540)="ef4cb98950941195a7a0b991b7e1948db647e54151184ecd6b17347bcec4bdf85ff58407ba9d350fd028176a440e826903fee731ef88c1d51b008374b20593218a26f92babc96144f72ced24a285a3300f0867693be1ccc17cee1f433f717bc2adc1e5ce4c7aaa9394c6b6c0435dc0cf6b7817e5e05981d504d80a4e46f5f9814ffbaf6c20928c81895f8c996cf777899dbd2b5df4107a03f6aac3a365f746a59c7b356665f54bf5820577ec15c68f06ed5cfe34a9b720ab8ee400c26bfd4e9c527dad9c1676d4ac114aea0ddd0f7692757f425f5df730d6905977b789ef4759816c2e01a92e387120bfed690ae0db531279e482e01bd26c9c2a6793553698b59ad93e605b137d8873ea7f292f80d533dd4dfd76ac0ca0252ac5f5f2cb5828eca3faf6ad8e2bc829a4326b8fba410959ce1b7753ed5e74c44920b54a31072f32a0cacef1f3f7163a7dfe189167167d0fd5dde978712acd17330016725b1242d1f4091e709f1e625147ed9be87474fed897f726c9fb83b4d2dc3a9266dae14af8d8c021cf75e45da250e1d8dd7b1ed4edc1b097008275518435d2174291c629e4e4afa54f310c14f3563e6a6812ceca49211d76794119792c612eb1fac16cd7f99637167d9879b58cfd5ee4d6386583cca567062bf26c9af5b5df9bfaf8f64f2d000cdd92b9dffbd90e97631397e1b26d4c890cd5ce20185e5b4aeb4b3924a79cf8acdf68a41cc118bd684506e0664ae4b6c255f848a78b4cfc57d51e26f5973207baab9d4687e48b476dc1585aa08eb53afde1bb6fc05fdaa192d05ac277998f098a9cfa219dad03bb59982c51ce95c35c890e1ed4fa2cd465215e2449a6f56d5b8e663a0d83bf74b8ed92ce53ef9ff818da4a7088eeecce687b6969ac316c5dce1bffe067309285faf3a5d7745d4a4df6c0f1105836ba78a3d3558ae30e3f5f13bbdc43cae3ba48b022f6bac835f639ec4c19e030fdce90e27581a9da8e91780b07ecc2f4ecac0ef217eef457813c4272ae1cf6d71a4eb96507ad2bcb32e6d3c755d427be7fed2354427808f16f7fedea2c6ad1a334e3f184d13ac90add874fe881ef71cb1a169b63d3360111c82a95f9f7e0881fc5c74ffdbe2ab1042e039c61635f6c6f1d549d96e665b32d9d880db14a1a0894775d74e5be244b48a1f90f2169ff8aeaa8317f998efbdb3a9ecbac09ee0c7d15f30a4a2d23ecee62ea832f9c9aea6a315182a0bee54a8da41edad2ba59051246ada9e93aaedf5e267cdb43f20f88d99b51179100d30a23aab68b3b78456fec3edcf4dba5af3ed6dea48fea17c5b2e4076e703877bc65bda1601e153cfd334d6e97fbee49c79551cc0a06eb420abcb8ff924f157e7d5ef61ed866286f31d1e845a8be8948857dc8d5a27a1402937d92db34bc9e9b3de5284aa01fa8835f56569d0f0323f66c840ace1b53639c907b9bdeb8273930ee3a4d98d527a96d5efb318a454777c914cdf86de9c2c1cc0f747801d452c4aee294621688fba903688f51d80912097c32e15da97dcb89198fddd3e88f516b0c48d2bc2dfa0e45982d3eceab02068cc985da34ffe13bc358e856b199d70cc8b27329cc55acce39f2f2933311bd9d7ef7940371833c51e18d66f64b992a39f057fc0739feb4311640d3caf899fa2bb923d12dcc9b444595c515409089ecdfb0353edc8fa47367eb7426e387df3443d659d5e0af6496ce7aa3a23841d12d0bb3dbdb95e9416c021fc68c7b45a7eb61b790e7e60b288a3535446e123819d82eb87ded5df2261fef70d5f4a3d6c896ad6072f0c8c8368a0033635fa320395758b446ec264d3fc55440afb671ac99ac4909afb29814db294e33b05921ef1d37533a8eb808257aa92b346fe9054b92508eb7cb5b0d6094fc5bc3ffd78f4ed1c62d674cf53ad3cd296ab6b583618108cb81d53d4711dd9ab449f7c6879e09e8c29d69600086ebfd2a7634bb3870757760260a86dc242efb5849309d515f0250665a34645d48310e0b49032ba76f8bc3f79f1eaf7c474fdaf7c45380405eb5a0cb79c5481eac686b66f04e83d192568493360dd3222c3e7a28a304865f9015d861d402bba36385cd3e6989d3a8b57eee7a174561ba3abc651daff52e4e661696be7c618a9b0b91c1b3c5ae7bb45b51140db4d468bbc43b96b50a063587d9ab4539ce251cd8ae6929549f3d3096ad11b73445a27cdb3ef35846b0964b6c6f703fe8c1c7870da9b6ec4252be6581426798dbc09cbf0c81dec7f4be2dc8ed7be1804fef29f4b1835701b4a4de22552d2c5ed4e923d3d0ff09ee218d0746311f3f393005b2c37894aab3c25db655c2b8294e3039677d2df9f4d4bfeb434330b1724ac925d5ec1a3f3bb6f6024d982da3380c6370d76646bbf2aed9946392097b571b1463ab668138754ae93d5c80be0e0ab7a657434a2253ac49a62a4836d9832c2d915ce881fdee81eb486195f71992a2d276dfcc97bf14e6c11e1ff7efcaf44fa9286a6f4169f438719733f0c9f9460011c277a033b868a6d507488bc3bb44e43df4beea12444b69affea17f2c180eb8df880f27fafd871200f7cf42e068d77e3fc3e7207e11c47f5f5a667723c6b2165ca09f52ae6d18d1412178972d77ba5b40c6943e891dffa7feb66493226bc343772eaf621abc79bae101e7083ec6756784b7893010fa1e3fce43613dbdb7deb8eb823ab4645b8c70d301f50e1077b2d661a26ac81f8652739d00f45a2c497c44c2d980f130fa7bd43711ba0125287c74ff39cabccca019881b18904ae6f38a83239ce9a1f3785ed32a94e004e41fc8f7cc5510b844d10e50d6c0dae581a74ffa8c549be2c5a62beada3579ffe7561be3082caa4429dff023f10b214b9e5f55b746484619eb89b8ce3035eab33027aee7cb8a87c0bedf20d30dc556cb5c5512c9787402920c3e83c591520327dfbd2ee719b48bcbcb5e8255506980a2eb95e7c6f8570949dbb8ce2a9c0e5094c58add49d4d9022aedbaffda8407cff34b88c8cf69f59bfdf94e58965d09bd9a1afb17087d4553cc3ac826a20f803f189febd72d9bc959050b4fed76867fdaadaa2c281da1ad49c1c20d1278b325c05a9052df4bb1223e2ad5a16519675c2ebc48a72afc94b20375a2b4517c88dcf0dc575255da49e95d9e8dcba908aaa91fd67b0632c4b4284fac1987221195874a36c69c48172705bd8de53dc5e20fc2031e15331a99c3b22987fd04e1e2e0dc82122d8b8f27477803118be5d29ffd856eb4551ab770cbaaf4ad9b23ff02b86d916b723e31668e23ced1e2128b6a79370e8da5df813f5ad45c8390fac06f0ef3e8fa40725f005ef980228ae04444737060706cdfe490ef63c64bb2cff03fc2d0fe198e0c8aee0b4c7935e25560d4e1cd9293af906d06c427dfad4245b70894fe89e9b329b3f7918c6c4ec9c2da269adec31f80766a16f083ead717d0cf4cd1ecf6fd735c4284be4000f82fdbdf539a2bbdedd24bad1f124660c847d44864d0ccef50280beba22a44141d311c6e337e70e42ea3cdbada92d2196d98ab0b784b0be6dd8e5abf1e46eedcb308a5f8f6138b965bae7872a9ba91cedd1438b063e3041d30689177dd7344a35a8178d819f39bdea73baaff8e611235d0b1a46eedb78dcf55a7df9eda0db44ce726f9f729979971758a3b35febb9edb12a3f062622a541c9034f4da0e94f5b7222abce49aa487f3d0515c55682d093eaa027a03364f95bcffd0c2962bd9367cb1d56b9e2074ad842f413cf45578930c381403296d9a3799efe9c159e67ac6baebecc50a495a982568a6e110cdab1c5737ac4c172b901b81aeb4683d626efaccc690e5fa6c5b2181bc8750a6175dc06beeb22eb5645a6a1e08769a1a1714ad435916a06aa66d8d660a4b3f1369e77e104ee657bf7eb4be88831a7afa55a4ebd824bd852191f725b89109b67760cc90af9fc11a1eab1cd3e626ae8dc324cbf8bca37e795218bf11c065d7938e0c8f76b9450ed3f561f6e47736fa90844977beb1c29c5bac1897d7644b5bdaa352025c61656f490b8db1e2cf3712d3535c03792cc05068d372242e7231c34f8e9ec1bd7db4260b9ec577279a205be0849de0301ac98fd41901bcbe49111a873262d6cde317d5d46e568d0618f66d73a282784765ef4aa06da2a5a8c43ecf6b00b4bbd64a4be6ac35193c439266da06e16ec72c3fe217f1908b9bf08bed8d99f92dc634457f958025bd3c5a3a0fc9123eb264d7f54e4413029731ecfecd98e3a0de3ff35a859ecea8ffa4f7771933ff37a4f654ccd911c17e595d78dd09fa8591ebd98ec3eff48cd2f37eee232ced4b3b36a0cc89de7aa16db9d7d9c1b8725cacd56b2cc10378c7dd22e5af61e870c335b850a394ea617d0774d1db131a03b46b171c902c496da7d4f8247eb4f2a51af9ea40df10690b67401f18483d7eaf857c0deed25640f800cbb676415edac33b2c01e26417ff2dff25926056ced5ca5b6fe5b01501cc6efdc2d18f8c13f1f1b862401622b50a11ccfe05efff7ba332a3715e20535a08dfac0298f6c138f933a97994aa72f97407cb47daa12f13e4c2306e0e7705d6415c1b27e02057f05baf24c5d26342e51aea34a1996ac1897c4cbd67b745700f0a516d819dcfcbdbe78ef2ca1aa5f9df464ba9170397ca5f1dfa44cce2c14d8c782628ec0e74de26927138e7ffe5a55553d5eff82e1400abab7d946399f60cbb3c0c3005c824f6e237528c73c182af85d7a4e36d4baf4bbaad28842c1d3661f27b4221fbbc32595f2e95fe0a0f03f4b4e9cf8f39cc1ddd0fbea91d7bc57bf07fd2842a135cf3fe6feb0b73aa4806ab75d4b94a198bc736a7366e5147bb789baa26d323611b76d88dc9664fa4e6a461d89d271a1659a9f3d86fcc940b659d788724531d59afe7bf368e76850075d84c14aa70b21f26c769f3fc48c1473a5227261f80a590bf013b506fc546ce4f3f91cf6615761ce39f6a690be3e2879ba0465abaef588b2f9f83b7f7efef40dfffaa6059aabf0f26459409aa528fa685f1ef44c5f381c254472a303a24dcb2940f0030a46ab6b388ff00cbb42c6a65ad342a25ebd4faac35884f1074bdbb46c770ec5aff500fc837b422c47b1bf36bb2b5dd3424a64de211422765eeac5f292371033b033cc07a5834106259b327e9e39ec6e4a976a282b8ba4109fd09e4531b9204cefa73f1e4eb36b4b6e148b8481574c7aeee9c976dfe3a291f18faa30a975f0c860ca3da9832f689f3907dd166c177d1aa4544fc133ad75ee67e8ac57f4c45aee1938c933d71f7253ee614f392ee472e8c0dab3c6895682544b73774c3299f6a27541fa538f115cf111bca342c7e64405e3d64d848ac70b35c5ac445239ebd55516c87ed5e7b2e1b27ea9a604e603359b33f06ac5806e87e8e3d54cc2451f7ea644c903a5b63845b0ef26a92eb2a9ae6418cbf9197d4e0ef5b7bd9f13dc9f01a450f1f769417f612cb5c3224738c3880f6ac6cd1ac98029009526de50e10ac942380cebd507adba24560327942ea70fd7c612b29ceee365aa2d4929a27cf89f31ab9996ed097b866ec86916d7d4a284d41db2a79b908e118ec096dbb79cbc4fa9f53d109e21d4af4d6479c27c041f95187c92d9f96cb8c55b7898f87e06ab52bbb7ad57ec83117e61c8f9b058bfa3cc48165bd9ff0307066104959be3c9899bd034658c4c730cc105cb2087e303bc54991fa7780c1aecaa398776a6e1bd1df3dde85587a31f29f482228eecfabc116457aa48ae09d453b65a99d6f9ad526ad470323f125", 0x5}) sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f0000001540)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x20, 0x0, 0x10, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void, @val={0xc, 0x99, {0x6, 0x7}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x40000) 4.484312861s ago: executing program 4 (id=617): r0 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='sysfs\x00', 0x1214040, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x20) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) r1 = inotify_init1(0x800) inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x80000405) umount2(&(0x7f0000000000)='./file0\x00', 0x8) r2 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000004c0)=@setlink={0x28, 0x13, 0x5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x62245}, [@IFLA_NET_NS_FD={0x8, 0x1c, r2}]}, 0x28}}, 0x48000) 4.459860822s ago: executing program 3 (id=618): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FBIOPUTCMAP(r2, 0x4605, &(0x7f0000000180)={0x80000000, 0x1, &(0x7f0000000040)=[0x6], &(0x7f00000000c0), &(0x7f0000000100), 0x0}) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e6, &(0x7f0000000500)) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e7, &(0x7f0000000080)) 4.09248927s ago: executing program 2 (id=620): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000008300), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) getxattr(&(0x7f0000005140)='./file0\x00', &(0x7f0000005180)=@known='system.posix_acl_access\x00', 0x0, 0x0) accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000000c0)=0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) close(0x3) 4.092134857s ago: executing program 3 (id=621): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 3.673509984s ago: executing program 4 (id=622): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) ioctl$BLKPG(0xffffffffffffffff, 0x1269, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000000)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000100)={r3, 0x2, r2, 0x0, 0x80000}) 3.662328532s ago: executing program 3 (id=623): socket$nl_route(0x10, 0x3, 0x0) pipe2(0x0, 0x4080) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) mount$overlay(0x0, 0x0, 0x0, 0x406, &(0x7f0000000140)={[{@userxattr}], [], 0x2c}) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00') prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) preadv(r0, &(0x7f0000001200)=[{&(0x7f0000000080)=""/4097, 0xffffff51}], 0x1, 0x3f, 0x6a76) 3.620587553s ago: executing program 1 (id=624): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FBIOPUTCMAP(r2, 0x4605, &(0x7f0000000180)={0x80000000, 0x1, &(0x7f0000000040)=[0x6], &(0x7f00000000c0), &(0x7f0000000100), 0x0}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r3, 0x400448e6, &(0x7f0000000500)) ioctl$sock_bt_hci(r3, 0x400448e7, &(0x7f0000000080)) 3.572164956s ago: executing program 2 (id=626): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x2010, r0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffe0000000002, 0xfa0f, 0xffffffff}, 0x0) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.net/syz0\x00', 0x1ff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000000000000001"], 0x14}}, 0x0) read(r3, &(0x7f0000000080)=""/186, 0xba) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000005c0)={'pcl711\x00', [0x4f27, 0xfffffffe, 0x4, 0x4, 0x5, 0x5, 0x656b, 0x5, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x3fffffff, 0x8a, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, 0x0, 0xc000) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r6, 0xc018620c, &(0x7f00000002c0)={0x2}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) r8 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x4000) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x103302) r10 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r10) getsockname$packet(r10, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) 2.268876539s ago: executing program 3 (id=628): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000180)={{0x6, @null, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) sendto$netrom(r0, 0x0, 0xffffffffffffff30, 0x0, &(0x7f0000000000)={{0x6, @rose, 0x1}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null]}, 0x48) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4) rt_sigaction(0x10, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x60]}}, 0x0, 0xfffffffffffffe2b, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) ioperm(0xe5b, 0x1, 0x2) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0]) read$FUSE(r4, &(0x7f00000050c0)={0x2020}, 0x2020) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x13f}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80}) io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r5, 0x12, 0x0, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYBLOB], 0x44}}, 0x20000810) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r2, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x8a, 0x3, 0x1c}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r1) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000000)={0x1}) 2.262559907s ago: executing program 4 (id=629): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986"], 0x0}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xfffff000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x4, 0x1, 0x0, 0x2000, &(0x7f0000002000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x4000000) 2.192577038s ago: executing program 0 (id=630): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FBIOPUTCMAP(r2, 0x4605, &(0x7f0000000180)={0x80000000, 0x1, &(0x7f0000000040)=[0x6], &(0x7f00000000c0), &(0x7f0000000100), 0x0}) 2.187606503s ago: executing program 1 (id=631): r0 = getpgrp(0x0) syz_pidfd_open(r0, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r1, 0x5) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x10a) flock(r2, 0x2) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mknodat(0xffffffffffffff9c, 0x0, 0x8000, 0xfffffffa) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) mount$overlay(0x0, &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000440)) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 1.737054325s ago: executing program 0 (id=632): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2000}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x56b23f70}]}]}], {0x14}}, 0xc8}}, 0x0) 1.288573784s ago: executing program 4 (id=633): r0 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)='sysfs\x00', 0x1214040, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x20) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[], [], 0x2f}) r1 = inotify_init1(0x800) inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x80000405) umount2(&(0x7f0000000000)='./file0\x00', 0x8) r2 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000004c0)=@setlink={0x28, 0x13, 0x5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x62245}, [@IFLA_NET_NS_FD={0x8, 0x1c, r2}]}, 0x28}}, 0x48000) 1.20905122s ago: executing program 0 (id=634): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 810.308927ms ago: executing program 0 (id=635): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000010"], 0x0, 0x2af, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r2 = syz_open_procfs(0x0, 0x0) socket$kcm(0x10, 0x400000002, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r3, 0x0) landlock_restrict_self(r3, 0x0) r4 = socket$unix(0x1, 0x2, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) bind$unix(r5, &(0x7f0000003000)=@file={0x1}, 0x6e) r6 = landlock_create_ruleset(&(0x7f0000000000)={0x1, 0x2, 0x1}, 0x18, 0x0) landlock_restrict_self(r6, 0x0) connect$unix(r4, &(0x7f0000000640)=@file={0x1}, 0x6e) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x1) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r8, 0x4020aed2, &(0x7f00000000c0)={0xffff1000, 0x301000, 0x8}) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r8, 0x4020aed2, &(0x7f00000097c0)={0xffff1000, 0x11b000, 0x8}) write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[@ANYRESHEX=r4], 0xfe33) 789.817255ms ago: executing program 1 (id=636): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000069000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x102) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0) unshare(0x22020400) mount$9p_unix(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x84000, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r4, &(0x7f0000000280)={0x2020}, 0x2020) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) r5 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)="c0", 0x1}], 0x1, 0x5) ioctl$IOC_PR_RESERVE(r5, 0x401070c9, &(0x7f0000000200)={0x3ff, 0xd}) 732.395602ms ago: executing program 3 (id=637): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xfffffffffffffffc) syz_kvm_setup_cpu$x86(r1, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text16={0x10, &(0x7f00000001c0)="f30fc733670fc734f40f070fe8c50f20c06635100000000f22c066b9800000c00f326635000800000f30ba4100edbaf80c66b8f441928366efbafc0ced9a00603e010f1aae8000", 0x47}], 0x1, 0x14, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000580)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) r6 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x103800, 0x10a) ioctl$VHOST_SET_VRING_ERR(r6, 0x4008af22, &(0x7f0000000100)={0x3}) 727.416465ms ago: executing program 0 (id=638): socket$nl_route(0x10, 0x3, 0x0) pipe2(0x0, 0x4080) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) mount$overlay(0x0, 0x0, 0x0, 0x406, &(0x7f0000000140)={[{@userxattr}], [], 0x2c}) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00') prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) preadv(r0, &(0x7f0000001200)=[{&(0x7f0000000080)=""/4097, 0xffffff51}], 0x1, 0x3f, 0x6a76) 696.345742ms ago: executing program 4 (id=639): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket$inet6(0xa, 0x5, 0x0) r3 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2a, &(0x7f0000000080)={0x10000000, {{0xa, 0x4e22, 0x5fa64860, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0xfffd, @private1={0xfc, 0x1, '\x00', 0x4}, 0x1}}}, 0x108) setsockopt$inet6_group_source_req(r3, 0x29, 0x2f, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e24, 0x0, @local}}}, 0x108) setsockopt$inet6_group_source_req(r3, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x800, 0x0, 0x2, 0x0, 0x7}, 0x20) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="f9dbdf250c000000040005840000008b00000fc518e11d1bc881af8ebf74db7717d6"], 0x18}, 0x1, 0x0, 0x0, 0x24008000}, 0x2400c000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a80)={&(0x7f0000000040)=ANY=[], 0x0, 0x26, 0x0, 0x1, 0x10}, 0x28) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r4, 0x84, 0x21, &(0x7f00000000c0)=0x5, 0x4) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@private0, @in=@broadcast}}, {{@in6=@empty}, 0x0, @in=@loopback}}, &(0x7f0000000400)=0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000440)={'vxcan0\x00'}) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r5, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000580)={r6}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000c40)='sys_enter\x00'}, 0x10) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000002f40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a00)=ANY=[@ANYBLOB="73bdbe31871826beb882fe670300d5ed51600c341dbc7ac8d96e3a431b1d8414893494901996cb24647c36e9f4797305073b", @ANYRES16=0x0, @ANYBLOB="02002bbd7000fcdbdf2501000000060006004e2400000800088004000080060006004e220000"], 0x2c}, 0x1, 0x0, 0x0, 0x40001}, 0x4000801) listen(r7, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x43) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r9, @ANYRES32=r8, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r9, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r7}, 0x20) sendmmsg$inet6(r7, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)}}], 0x56, 0x10) r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r10, 0xffffffffffffffff, 0x0) 328.290954ms ago: executing program 2 (id=640): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000006800010025bd7000feffffff0a000000000000000c00088063000200ac141421060007000800000008000500", @ANYRES32=r2, @ANYBLOB="bb"], 0x34}}, 0x40040d0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet(0xa, 0x801, 0x84) listen(r4, 0x8) sendto$inet(0xffffffffffffffff, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x2000f324}, 0x8) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0) chroot(&(0x7f0000000040)='./file0\x00') umount2(&(0x7f00000000c0)='./file0\x00', 0x0) 284.407622ms ago: executing program 1 (id=641): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='status\x00') read$FUSE(r0, &(0x7f0000000380)={0x2020}, 0x2020) mkdirat(r0, &(0x7f0000002000)='./bus\x00', 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986"], 0x0}, 0x94) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xfffff000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x4, 0x1, 0x0, 0x2000, &(0x7f0000002000/0x2000)=nil}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="0900000008000000001000000100000004000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000006ac90000000000000000000000000000000000000000006d359fcba2453008f324b0f787cc09ce343fc70077ff4cec55a1badc3e68448b99c10f871e8a7d41a2a2d532e37dc4c5bd143121dfcd950f05d379e6c820222f6d5c09fa90bec2a8655bcacab131c7d575aba9a3a7c1c508fa5a5dce90e97ea4245da49a8a129a96da1f9000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000060000000000000085000000030000009500"/72], 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r5, 0x40082102, &(0x7f0000000080)) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00', r6}, 0x18) r7 = socket$vsock_stream(0x28, 0x1, 0x0) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$KDSKBENT(r8, 0x4b47, &(0x7f0000000000)={0x2, 0x5, 0x6}) connect$vsock_stream(r7, &(0x7f00000002c0)={0x28, 0x0, 0x2710, @local}, 0x10) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@userxattr}, {@metacopy_on}]}) 254.665516ms ago: executing program 3 (id=642): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000100)='^', 0x1, 0x4, &(0x7f0000004ff0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) r1 = syz_open_dev$video(&(0x7f0000000280), 0x80, 0x68c02) io_setup(0x8, &(0x7f0000004200)=0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r2, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1, r3}]) listen(r0, 0x200da90) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x202, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) munlock(&(0x7f00007fe000/0x800000)=nil, 0x800000) setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x0) fchdir(0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000001ec0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r7, 0x0, 0x44040) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r8, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f00000006c0)={0x0, 0x0, r8, r9, 0x227, 0x0, 0x8, 0x7, {0x8e, 0x40, 0x7, 0x220, 0x4, 0x2, 0x8, 0x2, 0x3, 0x3, 0x5, 0x8, 0x3ff, 0x2, "e5d88f223fa4a2700ea357d21e65a316b58acaf2f8c9068dcfeb29c02ff1aed8"}}) r10 = accept4(r0, 0x0, 0x0, 0x80800) setsockopt$inet_sctp6_SCTP_RTOINFO(r10, 0x84, 0x0, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) 238.863085ms ago: executing program 4 (id=643): ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000400)={'gre0\x00', &(0x7f0000000340)={'gretap0\x00', 0x0, 0x700, 0x7800, 0x10001, 0x100, {{0xb, 0x4, 0x1, 0x3c, 0x2c, 0x67, 0x0, 0x9, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010100, {[@lsrr={0x83, 0xb, 0x65, [@loopback, @private=0xa010104]}, @timestamp_prespec={0x44, 0xc, 0x50, 0x3, 0x4, [{@private=0xa010101, 0xff}]}]}}}}}) r0 = socket(0x2, 0x3, 0xff) setsockopt$inet_int(r0, 0x0, 0x3, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) creat(0x0, 0x182) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x19040) semtimedop(0x0, &(0x7f0000000000)=[{0x1, 0xca65, 0x1800}], 0x2aaaaaaaaaaaac57, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3400000010000100000000400000000000000000", @ANYRES32=0x0, @ANYBLOB="80920500050000000cdf15800800018004000c8008001b0000000000"], 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000b9b66040ac0501b300e40102030109021200010004000009040000"], 0x0) sendmmsg$inet(r0, &(0x7f0000001f80)=[{{&(0x7f00000000c0)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, 0x0}}, {{&(0x7f0000000300)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x5, 0x0}}, 0x9, 0x0, 0x0, &(0x7f0000000100)}}], 0x2, 0x4) accept$ax25(0xffffffffffffffff, &(0x7f0000000000)={{0x3, @netrom}, [@netrom, @null, @rose, @default, @default, @remote, @remote, @netrom]}, &(0x7f0000000080)=0x48) r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x1}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0xe) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r5 = syz_open_dev$MSR(&(0x7f0000000200), 0x4, 0x0) read$msr(r5, &(0x7f000001b700)=""/102392, 0x18ff8) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0) add_key$user(&(0x7f0000000000), &(0x7f0000000340)={'syz', 0x2}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe) fsmount(r3, 0x1, 0x6) 215.410582ms ago: executing program 0 (id=644): r0 = getpgrp(0x0) syz_pidfd_open(r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r1, 0x5) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x10a) flock(r2, 0x2) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mknodat(0xffffffffffffff9c, 0x0, 0x8000, 0xfffffffa) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) mount$overlay(0x0, &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000440)) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 0s ago: executing program 2 (id=645): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x721701, 0x0) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) r2 = socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0xa2f01, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeda, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffb9, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0xfffffffffffffe5f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket(0x10, 0x3, 0x0) write(r6, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r6, &(0x7f00000021c0), 0x5b, 0x40, 0x0) write(r2, &(0x7f00000001c0)="240000005800410f9c00f4f90085b3025cb1fddf08000100050100000800028001000000", 0x24) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x80049367, &(0x7f00000003c0)) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), r1) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)={0xcc, r9, 0x200, 0x70bd28, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc}, {0xc, 0x90, 0x9}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0x2}, {0xc, 0x90, 0x100000000}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x6c2}, {0xc, 0x90, 0x7}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4800}, 0x5) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r10, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000840)={r10, &(0x7f0000000640), 0x0}, 0x20) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x4c, r7, 0xd55319eec59dfa33, 0xfffffffe, 0x25dfdbfc, {{}, {@void, @val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x7, 0x67}}}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'pim6reg1\x00'}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc804}, 0xc2010) kernel console output (not intermixed with test programs): z.0.201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 137.787757][ T9] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 138.142298][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 138.154708][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 138.178740][ T9] usb 1-1: config 1 has no interface number 0 [ 138.198345][ T9] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 138.247279][ T9] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 138.325322][ T9] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 138.353150][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 138.373884][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.398688][ T9] usb 1-1: Product: syz [ 138.408038][ T9] usb 1-1: Manufacturer: syz [ 138.496311][ T30] audit: type=1400 audit(1761965333.216:375): avc: denied { write } for pid=6821 comm="syz.4.207" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 138.519263][ T9] usb 1-1: SerialNumber: syz [ 138.544476][ T6808] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 138.557656][ T980] usb 2-1: USB disconnect, device number 6 [ 138.585471][ T6820] kvm: kvm [6818]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x200000000000 [ 139.209035][ T6804] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 139.412570][ T30] audit: type=1400 audit(1761965334.206:376): avc: denied { setopt } for pid=6818 comm="syz.2.206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 139.452146][ T6836] FAULT_INJECTION: forcing a failure. [ 139.452146][ T6836] name failslab, interval 1, probability 0, space 0, times 0 [ 139.473322][ T30] audit: type=1400 audit(1761965334.216:377): avc: denied { setopt } for pid=6829 comm="syz.1.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 139.492700][ C0] vkms_vblank_simulate: vblank timer overrun [ 139.492706][ T6836] CPU: 1 UID: 0 PID: 6836 Comm: syz.4.209 Not tainted syzkaller #0 PREEMPT(full) [ 139.492727][ T6836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 139.492737][ T6836] Call Trace: [ 139.492743][ T6836] [ 139.492751][ T6836] dump_stack_lvl+0x16c/0x1f0 [ 139.492785][ T6836] should_fail_ex+0x512/0x640 [ 139.492804][ T6836] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 139.492829][ T6836] should_failslab+0xc2/0x120 [ 139.492846][ T6836] kmem_cache_alloc_noprof+0x75/0x6e0 [ 139.492867][ T6836] ? security_file_alloc+0x34/0x2b0 [ 139.492888][ T6836] ? security_file_alloc+0x34/0x2b0 [ 139.492904][ T6836] security_file_alloc+0x34/0x2b0 [ 139.492922][ T6836] init_file+0x93/0x4c0 [ 139.492940][ T6836] alloc_empty_file+0x73/0x1e0 [ 139.492960][ T6836] alloc_file_pseudo+0x13a/0x230 [ 139.492980][ T6836] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 139.493005][ T6836] sock_alloc_file+0x50/0x210 [ 139.493027][ T6836] do_accept+0x240/0x530 [ 139.493043][ T6836] ? do_raw_spin_lock+0x12c/0x2b0 [ 139.493060][ T6836] ? __pfx_do_accept+0x10/0x10 [ 139.493089][ T6836] __sys_accept4+0x100/0x1c0 [ 139.493105][ T6836] ? __pfx___sys_accept4+0x10/0x10 [ 139.493120][ T6836] ? ksys_write+0x1ac/0x250 [ 139.493133][ T6836] ? __pfx_ksys_write+0x10/0x10 [ 139.493151][ T6836] __x64_sys_accept+0x74/0xb0 [ 139.493165][ T6836] ? lockdep_hardirqs_on+0x7c/0x110 [ 139.493187][ T6836] do_syscall_64+0xcd/0xfa0 [ 139.493210][ T6836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.493225][ T6836] RIP: 0033:0x7f289eb8efc9 [ 139.493237][ T6836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.493251][ T6836] RSP: 002b:00007f289f98e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 139.493266][ T6836] RAX: ffffffffffffffda RBX: 00007f289ede5fa0 RCX: 00007f289eb8efc9 [ 139.493275][ T6836] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 139.493284][ T6836] RBP: 00007f289f98e090 R08: 0000000000000000 R09: 0000000000000000 [ 139.493293][ T6836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.493301][ T6836] R13: 00007f289ede6038 R14: 00007f289ede5fa0 R15: 00007fffdbffb868 [ 139.493322][ T6836] [ 139.739818][ T9] cdc_ncm 1-1:1.1: bind() failure [ 139.755409][ T9] usb 1-1: USB disconnect, device number 9 [ 139.762324][ T30] audit: type=1400 audit(1761965334.216:378): avc: denied { write } for pid=6829 comm="syz.1.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 139.808453][ C0] vkms_vblank_simulate: vblank timer overrun [ 140.241514][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 140.250339][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.059105][ T6856] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.067479][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.093997][ T6856] loop9: detected capacity change from 0 to 7 [ 141.101711][ T6856] Buffer I/O error on dev loop9, logical block 0, async page read [ 141.109660][ T6856] Buffer I/O error on dev loop9, logical block 0, async page read [ 141.156549][ T6856] Buffer I/O error on dev loop9, logical block 0, async page read [ 141.164691][ T6856] Buffer I/O error on dev loop9, logical block 0, async page read [ 141.174262][ T6856] Buffer I/O error on dev loop9, logical block 0, async page read [ 141.183024][ T6856] Buffer I/O error on dev loop9, logical block 0, async page read [ 141.201284][ T6856] Buffer I/O error on dev loop9, logical block 0, async page read [ 141.219465][ T6856] ldm_validate_partition_table(): Disk read failed. [ 141.252959][ T6856] Buffer I/O error on dev loop9, logical block 0, async page read [ 141.282269][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.321253][ T6856] Buffer I/O error on dev loop9, logical block 0, async page read [ 141.329150][ T6856] Buffer I/O error on dev loop9, logical block 0, async page read [ 141.501290][ T6856] Dev loop9: unable to read RDB block 0 [ 141.507449][ T6856] loop9: unable to read partition table [ 141.513703][ T6856] loop9: partition table beyond EOD, truncated [ 141.543399][ T30] audit: type=1400 audit(1761965336.336:379): avc: denied { rename } for pid=6860 comm="syz.0.215" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 141.590583][ T6856] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ â·û [ 141.590583][ T6856] ) failed (rc=-5) [ 141.994448][ T6872] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 142.197873][ T6861] overlayfs: statfs failed on './file0' [ 142.361604][ T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 142.500451][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 142.547824][ T30] audit: type=1400 audit(1761965337.356:380): avc: denied { read write } for pid=6878 comm="syz.0.219" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 142.821297][ T9] usb 1-1: new low-speed USB device number 10 using dummy_hcd [ 143.524147][ T30] audit: type=1400 audit(1761965337.356:381): avc: denied { open } for pid=6878 comm="syz.0.219" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 143.591902][ T6877] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 143.615554][ T6887] Falling back ldisc for ttyprintk. [ 143.634779][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 143.657958][ T10] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 143.671022][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.679843][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 143.681454][ T10] usb 3-1: Product: syz [ 143.703514][ T10] usb 3-1: Manufacturer: syz [ 143.709576][ T10] usb 3-1: SerialNumber: syz [ 143.723599][ T10] usb 3-1: config 0 descriptor?? [ 143.744184][ T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 143.753783][ T9] usb 1-1: config 0 has no interface number 0 [ 143.775446][ T10] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 143.781629][ T9] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 143.808869][ T9] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 143.819813][ T9] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 143.928886][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.944155][ T30] audit: type=1400 audit(1761965338.746:382): avc: denied { accept } for pid=6883 comm="syz.4.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 143.967174][ T10] gspca_sunplus: reg_r err -71 [ 143.979234][ T10] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 143.989072][ T9] usb 1-1: config 0 descriptor?? [ 143.999574][ T6879] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 144.041015][ T10] usb 3-1: USB disconnect, device number 6 [ 144.072215][ T6893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.222'. [ 144.080912][ T9] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 144.142046][ T977] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 144.257053][ T5880] usb 1-1: USB disconnect, device number 10 [ 144.406778][ T977] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 144.415905][ T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.424834][ T977] usb 2-1: Product: syz [ 144.429022][ T977] usb 2-1: Manufacturer: syz [ 144.433696][ T977] usb 2-1: SerialNumber: syz [ 144.444550][ T977] usb 2-1: config 0 descriptor?? [ 144.451496][ T977] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 144.915478][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 144.952207][ T977] gspca_sunplus: reg_r err -71 [ 144.957770][ T977] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 144.978310][ T977] usb 2-1: USB disconnect, device number 7 [ 145.620229][ T30] audit: type=1400 audit(1761965340.426:383): avc: denied { read } for pid=6901 comm="syz.0.225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 145.787881][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 145.921634][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 146.024189][ T6914] fuse: Bad value for 'user_id' [ 146.029091][ T6914] fuse: Bad value for 'user_id' [ 146.602393][ T30] audit: type=1400 audit(1761965340.696:384): avc: denied { write } for pid=6910 comm="syz.4.228" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 146.693088][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 146.966974][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 147.271163][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 147.301256][ T5880] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 147.371203][ T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 147.435136][ T9] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 147.444396][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.453401][ T980] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 147.461164][ T9] usb 2-1: Product: syz [ 147.465393][ T9] usb 2-1: Manufacturer: syz [ 147.470037][ T9] usb 2-1: SerialNumber: syz [ 147.476623][ T9] usb 2-1: config 0 descriptor?? [ 147.481141][ T5880] usb 3-1: Using ep0 maxpacket: 32 [ 147.484250][ T9] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 147.488219][ T5880] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 147.503143][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.513245][ T5880] usb 3-1: config 0 descriptor?? [ 147.521040][ T5880] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 147.541157][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 147.547894][ T10] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 147.556583][ T10] usb 5-1: config 179 has no interface number 0 [ 147.563056][ T10] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 147.574362][ T10] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 147.585926][ T10] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 147.598225][ T10] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 147.608515][ T10] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 147.622256][ T10] usb 5-1: config 179 interface 65 has no altsetting 0 [ 147.629186][ T10] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 147.638322][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.647863][ T980] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 147.656958][ T980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.678689][ T980] usb 1-1: config 0 descriptor?? [ 147.687575][ T10] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input7 [ 147.725944][ T980] cp210x 1-1:0.0: cp210x converter detected [ 147.877283][ T5897] usb 5-1: USB disconnect, device number 8 [ 147.877395][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 147.923150][ T5880] gspca_vc032x: reg_w err -71 [ 147.930085][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 147.937459][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 147.944944][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 147.950220][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 147.956097][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 147.961569][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 147.966840][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 147.972251][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 147.977554][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 147.985197][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 147.990479][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 147.997104][ T9] gspca_sunplus: reg_r err -71 [ 147.998571][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.008630][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 148.013178][ T9] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 148.018431][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.039824][ T9] usb 2-1: USB disconnect, device number 8 [ 148.047847][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.054300][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.059967][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.065455][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.070847][ T5880] gspca_vc032x: I2c Bus Busy Wait 00 [ 148.078476][ T5880] gspca_vc032x: Unknown sensor... [ 148.086950][ T5880] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 148.101554][ T5880] usb 3-1: USB disconnect, device number 7 [ 148.288587][ T6928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.299817][ T6928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.435236][ T30] audit: type=1400 audit(1761965343.176:385): avc: denied { create } for pid=6933 comm="syz.3.234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 148.787430][ T30] audit: type=1400 audit(1761965343.196:386): avc: denied { ioctl } for pid=6933 comm="syz.3.234" path="socket:[14148]" dev="sockfs" ino=14148 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 148.827083][ T30] audit: type=1400 audit(1761965343.206:387): avc: denied { name_bind } for pid=6933 comm="syz.3.234" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 148.849405][ T30] audit: type=1400 audit(1761965343.636:388): avc: denied { write } for pid=6927 comm="syz.0.233" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 148.873922][ T30] audit: type=1400 audit(1761965343.636:389): avc: denied { open } for pid=6927 comm="syz.0.233" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 148.946330][ T6928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.954932][ T6928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.962859][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.064209][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.082882][ T6941] netlink: 4 bytes leftover after parsing attributes in process `syz.4.235'. [ 149.245257][ T6941] netlink: 4 bytes leftover after parsing attributes in process `syz.4.235'. [ 149.259450][ T6945] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.267773][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.314359][ T980] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -71 [ 149.322463][ T980] cp210x 1-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 149.330009][ T980] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 149.340235][ T6945] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.354938][ T6945] Cannot find add_set index 0 as target [ 149.654184][ T980] usb 1-1: cp210x converter now attached to ttyUSB0 [ 149.664236][ T980] usb 1-1: USB disconnect, device number 11 [ 149.674866][ T980] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 149.691421][ T980] cp210x 1-1:0.0: device disconnected [ 149.698183][ T6954] process 'syz.3.239' launched '/dev/fd/4' with NULL argv: empty string added [ 149.710752][ T30] audit: type=1400 audit(1761965344.526:390): avc: denied { execute_no_trans } for pid=6953 comm="syz.3.239" path=2F6D656D66643AC9F01D050BAFA9B8C65B0BDB58AE5B1AA9FD16AED16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1112 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 149.940634][ T30] audit: type=1400 audit(1761965344.746:391): avc: denied { bind } for pid=6957 comm="syz.4.241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 150.054208][ T30] audit: type=1400 audit(1761965344.746:392): avc: denied { name_bind } for pid=6957 comm="syz.4.241" src=19996 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 150.097839][ T30] audit: type=1400 audit(1761965344.746:393): avc: denied { node_bind } for pid=6957 comm="syz.4.241" saddr=ff02::1 src=19996 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 150.202644][ T6962] netlink: 8 bytes leftover after parsing attributes in process `syz.4.241'. [ 151.121543][ T977] net_ratelimit: 6 callbacks suppressed [ 151.121559][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 151.180303][ T30] audit: type=1400 audit(1761965345.986:394): avc: denied { mounton } for pid=6970 comm="syz.0.243" path="/50/file0" dev="tmpfs" ino=294 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 151.204496][ T6977] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 151.343150][ T30] audit: type=1400 audit(1761965346.156:395): avc: denied { append } for pid=6978 comm="syz.2.246" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 151.440886][ T6979] loop6: detected capacity change from 0 to 524288000 [ 151.530886][ T6979] vlan2: entered allmulticast mode [ 151.536161][ T6979] hsr_slave_1: entered allmulticast mode [ 151.595897][ C1] I/O error, dev loop6, sector 524287984 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 151.606309][ T6985] loop6: detected capacity change from 524288000 to 524287951 [ 151.607391][ C1] I/O error, dev loop6, sector 524287984 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 151.623643][ C1] buffer_io_error: 9 callbacks suppressed [ 151.623655][ C1] Buffer I/O error on dev loop6, logical block 65535998, async page read [ 151.851571][ T977] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 152.172505][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 152.207782][ T977] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 152.241171][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.282140][ T977] usb 5-1: Product: syz [ 152.291625][ T977] usb 5-1: Manufacturer: syz [ 152.317552][ T977] usb 5-1: SerialNumber: syz [ 152.376526][ T977] usb 5-1: config 0 descriptor?? [ 152.392836][ T977] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 152.629716][ T977] gspca_sunplus: reg_r err -71 [ 152.635560][ T977] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 152.635639][ T5847] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 152.735102][ T977] usb 5-1: USB disconnect, device number 9 [ 152.802537][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 152.912708][ T5847] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 152.977582][ T5847] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 153.013241][ T5847] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 153.025040][ T5847] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.121167][ T5847] usb 1-1: Product: syz [ 153.132592][ T5847] usb 1-1: Manufacturer: syz [ 153.151246][ T5847] usb 1-1: SerialNumber: syz [ 153.163169][ T5847] usb 1-1: config 0 descriptor?? [ 153.172103][ T6996] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 153.181839][ T6996] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 153.202581][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 154.241606][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 154.299095][ T7017] netlink: 12 bytes leftover after parsing attributes in process `syz.1.256'. [ 154.447842][ T7015] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 154.458347][ T7015] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 154.694578][ T7029] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 154.907649][ T7032] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 155.391212][ T42] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 155.532495][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 155.540593][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 155.687317][ T7036] netlink: 8 bytes leftover after parsing attributes in process `syz.1.260'. [ 155.816252][ T42] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 155.826150][ T42] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.841254][ T42] usb 4-1: Product: syz [ 155.845623][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 155.845890][ T42] usb 4-1: Manufacturer: syz [ 155.861524][ T42] usb 4-1: SerialNumber: syz [ 155.873657][ T42] usb 4-1: config 0 descriptor?? [ 155.881149][ T5897] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 155.902514][ T42] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 156.441345][ T42] gspca_sunplus: reg_r err -71 [ 156.446757][ T42] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 156.466533][ T5897] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 156.861636][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.870618][ T5897] usb 3-1: Product: syz [ 156.891868][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 156.899960][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 156.908359][ T42] usb 4-1: USB disconnect, device number 6 [ 156.921279][ T5897] usb 3-1: Manufacturer: syz [ 156.925875][ T5897] usb 3-1: SerialNumber: syz [ 156.999919][ T5897] usb 3-1: config 0 descriptor?? [ 157.027137][ T5897] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 157.230799][ T5897] gspca_sunplus: reg_r err -71 [ 157.237848][ T5847] dm9601 1-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 157.238166][ T5897] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 157.249863][ T5847] usb 1-1: USB disconnect, device number 12 [ 157.291194][ T10] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 157.310597][ T5897] usb 3-1: USB disconnect, device number 8 [ 157.323368][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 157.375242][ T7046] cifs: Unknown parameter 'usrquota' [ 157.482933][ T10] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 157.498800][ T10] usb 5-1: config 0 interface 0 has no altsetting 0 [ 157.511427][ T10] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 157.523548][ T10] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 157.539181][ T10] usb 5-1: Product: syz [ 157.540106][ T7056] fuse: Unknown parameter 'croup_id' [ 157.548128][ T10] usb 5-1: Manufacturer: syz [ 157.559386][ T10] usb 5-1: SerialNumber: syz [ 157.576250][ T10] usb 5-1: config 0 descriptor?? [ 157.589800][ T10] usb 5-1: selecting invalid altsetting 0 [ 158.205023][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 158.603847][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 158.603863][ T30] audit: type=1400 audit(1761965353.416:400): avc: denied { create } for pid=7052 comm="syz.0.265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 159.281441][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 159.295261][ T7082] netlink: 28 bytes leftover after parsing attributes in process `syz.1.272'. [ 159.310236][ T7082] netem: invalid attributes len -17 [ 159.326115][ T7082] netem: change failed [ 159.545903][ T7092] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 159.855955][ T30] audit: type=1400 audit(1761965354.666:401): avc: denied { execute } for pid=7093 comm="syz.2.275" path="/sys/kernel/debug/sync/info" dev="debugfs" ino=4236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1 [ 160.034483][ T10] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 160.101981][ T42] usb 5-1: USB disconnect, device number 10 [ 160.325303][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 160.402300][ T10] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 160.423669][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.432368][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 160.549591][ T10] usb 4-1: Product: syz [ 160.553823][ T10] usb 4-1: Manufacturer: syz [ 160.558827][ T10] usb 4-1: SerialNumber: syz [ 160.566103][ T10] usb 4-1: config 0 descriptor?? [ 160.574879][ T10] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 160.584316][ T7104] FAULT_INJECTION: forcing a failure. [ 160.584316][ T7104] name failslab, interval 1, probability 0, space 0, times 0 [ 160.597108][ T7104] CPU: 1 UID: 0 PID: 7104 Comm: syz.1.279 Not tainted syzkaller #0 PREEMPT(full) [ 160.597131][ T7104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 160.597142][ T7104] Call Trace: [ 160.597148][ T7104] [ 160.597154][ T7104] dump_stack_lvl+0x16c/0x1f0 [ 160.597185][ T7104] should_fail_ex+0x512/0x640 [ 160.597210][ T7104] should_failslab+0xc2/0x120 [ 160.597230][ T7104] kmem_cache_alloc_noprof+0x75/0x6e0 [ 160.597254][ T7104] ? dst_alloc+0x99/0x1a0 [ 160.597277][ T7104] ? __pfx_ip6_dst_gc+0x10/0x10 [ 160.597298][ T7104] ? dst_alloc+0x99/0x1a0 [ 160.597313][ T7104] dst_alloc+0x99/0x1a0 [ 160.597333][ T7104] ip6_pol_route+0x96b/0x1230 [ 160.597357][ T7104] ? __pfx_ip6_pol_route+0x10/0x10 [ 160.597376][ T7104] ? is_bpf_text_address+0x94/0x1a0 [ 160.597412][ T7104] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 160.597432][ T7104] fib6_rule_lookup+0x24c/0x720 [ 160.597453][ T7104] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 160.597471][ T7104] ? find_held_lock+0x2b/0x80 [ 160.597510][ T7104] ip6_route_output_flags+0x1d0/0x640 [ 160.597530][ T7104] ip6_dst_lookup_tail.constprop.0+0xa52/0x2140 [ 160.597550][ T7104] ? lockdep_hardirqs_on+0x7c/0x110 [ 160.597582][ T7104] ? __pfx_ip6_dst_lookup_tail.constprop.0+0x10/0x10 [ 160.597606][ T7104] ? finish_task_switch.isra.0+0x22a/0xc10 [ 160.597636][ T7104] ? finish_task_switch.isra.0+0x221/0xc10 [ 160.597660][ T7104] ? rcu_is_watching+0x12/0xc0 [ 160.597682][ T7104] ? trace_sched_exit_tp+0xd1/0x120 [ 160.597705][ T7104] ip6_dst_lookup_flow+0x99/0x1d0 [ 160.597725][ T7104] ? __pfx_ip6_dst_lookup_flow+0x10/0x10 [ 160.597749][ T7104] ? __pfx_ip6_dst_lookup_flow+0x10/0x10 [ 160.597769][ T7104] addr6_resolve.constprop.0+0x226/0x4a0 [ 160.597789][ T7104] ? __lock_acquire+0xb8a/0x1c90 [ 160.597812][ T7104] ? __pfx_addr6_resolve.constprop.0+0x10/0x10 [ 160.597830][ T7104] ? do_raw_spin_lock+0x12c/0x2b0 [ 160.597852][ T7104] addr_resolve+0x2b3/0x1f10 [ 160.597873][ T7104] ? lockdep_hardirqs_on+0x71/0x110 [ 160.597896][ T7104] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 160.597918][ T7104] ? __debug_object_init+0x2de/0x3d0 [ 160.597935][ T7104] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 160.597951][ T7104] ? __pfx_addr_resolve+0x10/0x10 [ 160.597963][ T7104] ? __pfx___debug_object_init+0x10/0x10 [ 160.597983][ T7104] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 160.598003][ T7104] ? lockdep_init_map_type+0x5c/0x280 [ 160.598024][ T7104] rdma_resolve_ip+0x429/0x6b0 [ 160.598041][ T7104] ? __pfx_addr_handler+0x10/0x10 [ 160.598062][ T7104] rdma_resolve_addr+0x3e7/0x20c0 [ 160.598075][ T7104] ? xa_load+0x153/0x2c0 [ 160.598084][ T7104] ? __pfx_xa_load+0x10/0x10 [ 160.598094][ T7104] ? find_held_lock+0x2b/0x80 [ 160.598108][ T7104] ? __pfx_rdma_resolve_addr+0x10/0x10 [ 160.598121][ T7104] ? __pfx_ucma_get_ctx+0x10/0x10 [ 160.598145][ T7104] ? ucma_resolve_ip+0x15f/0x220 [ 160.598163][ T7104] ucma_resolve_ip+0x15f/0x220 [ 160.598181][ T7104] ? __pfx_ucma_resolve_ip+0x10/0x10 [ 160.598209][ T7104] ? __pfx_ucma_resolve_ip+0x10/0x10 [ 160.598222][ T7104] ucma_write+0x1fb/0x330 [ 160.598233][ T7104] ? __pfx_ucma_write+0x10/0x10 [ 160.598244][ T7104] ? bpf_lsm_file_permission+0x9/0x10 [ 160.598255][ T7104] ? security_file_permission+0x71/0x210 [ 160.598268][ T7104] ? rw_verify_area+0xcf/0x6c0 [ 160.598292][ T7104] ? __pfx_ucma_write+0x10/0x10 [ 160.598308][ T7104] vfs_writev+0x5df/0xde0 [ 160.598338][ T7104] ? __pfx_vfs_writev+0x10/0x10 [ 160.598367][ T7104] ? __fget_files+0x20e/0x3c0 [ 160.598377][ T7104] ? __fget_files+0x120/0x3c0 [ 160.598390][ T7104] ? do_writev+0x28c/0x340 [ 160.598404][ T7104] do_writev+0x28c/0x340 [ 160.598422][ T7104] ? __pfx_do_writev+0x10/0x10 [ 160.598452][ T7104] do_syscall_64+0xcd/0xfa0 [ 160.598477][ T7104] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.598493][ T7104] RIP: 0033:0x7fb2d358efc9 [ 160.598504][ T7104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.598514][ T7104] RSP: 002b:00007fb2d434b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 160.598525][ T7104] RAX: ffffffffffffffda RBX: 00007fb2d37e5fa0 RCX: 00007fb2d358efc9 [ 160.598532][ T7104] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000011 [ 160.598538][ T7104] RBP: 00007fb2d434b090 R08: 0000000000000000 R09: 0000000000000000 [ 160.598544][ T7104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.598550][ T7104] R13: 00007fb2d37e6038 R14: 00007fb2d37e5fa0 R15: 00007ffe2d4e2e38 [ 160.598568][ T7104] [ 161.032904][ C1] vkms_vblank_simulate: vblank timer overrun [ 161.121220][ T10] gspca_sunplus: reg_r err -110 [ 161.146423][ T10] sunplus 4-1:0.0: probe with driver sunplus failed with error -110 [ 161.391570][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 161.461098][ T30] audit: type=1326 audit(1761965356.206:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.1.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 161.488576][ T10] usb 4-1: USB disconnect, device number 7 [ 161.712117][ T36] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 161.725219][ T30] audit: type=1326 audit(1761965356.206:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.1.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 161.731158][ T36] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 161.791749][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.103537][ T30] audit: type=1326 audit(1761965356.206:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.1.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 162.154598][ T36] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.218036][ T36] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.292559][ T30] audit: type=1326 audit(1761965356.206:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.1.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 162.342345][ T7119] netlink: 12 bytes leftover after parsing attributes in process `syz.0.283'. [ 162.402180][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.621638][ T30] audit: type=1326 audit(1761965356.206:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.1.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 162.662675][ T30] audit: type=1326 audit(1761965356.206:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.1.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 162.685854][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.701853][ T30] audit: type=1326 audit(1761965356.206:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.1.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 162.724951][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.744820][ T30] audit: type=1326 audit(1761965356.206:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7108 comm="syz.1.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 162.771152][ T5847] usb 5-1: new low-speed USB device number 11 using dummy_hcd [ 163.027391][ T5847] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 163.055489][ T5847] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 163.451388][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 163.459503][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 164.369374][ T7138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.287'. [ 164.392709][ T7138] netlink: 68 bytes leftover after parsing attributes in process `syz.2.287'. [ 164.508639][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 164.564075][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 164.564111][ T30] audit: type=1400 audit(1761965359.376:421): avc: denied { map } for pid=7155 comm="syz.1.290" path="socket:[15777]" dev="sockfs" ino=15777 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 164.911333][ T42] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 165.328510][ T42] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 165.392499][ T7169] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 165.531325][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.539425][ T42] usb 1-1: Product: syz [ 165.557374][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 165.582425][ T5847] usb 5-1: New USB device found, idVendor=05ac, idProduct=0002, bcdDevice= 0.40 [ 165.601365][ T42] usb 1-1: Manufacturer: syz [ 165.621225][ T5847] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.643644][ T42] usb 1-1: SerialNumber: syz [ 165.666438][ T42] usb 1-1: config 0 descriptor?? [ 165.676803][ T5847] usb 5-1: can't set config #1, error -71 [ 165.694949][ T42] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 165.734440][ T5847] usb 5-1: USB disconnect, device number 11 [ 165.801185][ T5880] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 166.004817][ T5880] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 166.293675][ T30] audit: type=1400 audit(1761965360.896:422): avc: denied { read } for pid=7177 comm="syz.1.294" name="sg0" dev="devtmpfs" ino=747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 166.371368][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.381161][ T42] gspca_sunplus: reg_r err -71 [ 166.385984][ T42] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 166.404170][ T5880] usb 4-1: Product: syz [ 166.412820][ T5880] usb 4-1: Manufacturer: syz [ 166.422799][ T42] usb 1-1: USB disconnect, device number 13 [ 166.441128][ T5880] usb 4-1: SerialNumber: syz [ 166.480752][ T5880] usb 4-1: config 0 descriptor?? [ 166.481306][ T5926] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 166.509404][ T5880] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 166.511463][ T5847] usb 2-1: new low-speed USB device number 9 using dummy_hcd [ 166.526682][ T30] audit: type=1400 audit(1761965360.906:423): avc: denied { ioctl } for pid=7177 comm="syz.1.294" path="/dev/sg0" dev="devtmpfs" ino=747 ioctlcmd=0x1275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 166.657252][ T7182] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 166.868513][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 166.888572][ T5880] gspca_sunplus: reg_r err -71 [ 166.894598][ T5880] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 166.922343][ T5880] usb 4-1: USB disconnect, device number 8 [ 166.938913][ T30] audit: type=1400 audit(1761965360.916:424): avc: denied { create } for pid=7177 comm="syz.1.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 166.969604][ T30] audit: type=1400 audit(1761965360.926:425): avc: denied { getopt } for pid=7177 comm="syz.1.294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 167.079838][ T5847] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 167.101203][ T5847] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 167.121147][ T980] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 167.296779][ T980] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 167.311879][ T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.361056][ T7185] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 167.381301][ T980] usb 3-1: Product: syz [ 167.385573][ T980] usb 3-1: Manufacturer: syz [ 167.421637][ T980] usb 3-1: SerialNumber: syz [ 167.512832][ T980] usb 3-1: config 0 descriptor?? [ 167.521409][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 167.529133][ T980] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 167.734664][ T980] gspca_sunplus: reg_r err -71 [ 167.759757][ T980] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 167.819962][ T980] usb 3-1: USB disconnect, device number 9 [ 167.922636][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.980018][ T7212] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.988451][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.998126][ T7212] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.012936][ T7212] Cannot find add_set index 0 as target [ 169.023398][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.033976][ T2909] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.051153][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.536713][ T5847] usb 2-1: New USB device found, idVendor=05ac, idProduct=0002, bcdDevice= 0.40 [ 169.545777][ T5847] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.561379][ T5847] usb 2-1: can't set config #1, error -71 [ 169.583196][ T5847] usb 2-1: USB disconnect, device number 9 [ 169.739629][ T7208] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.748711][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 169.940417][ T7221] [ 170.063903][ T7220] netlink: 12 bytes leftover after parsing attributes in process `syz.4.307'. [ 170.178653][ T7222] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 170.260939][ T7231] FAULT_INJECTION: forcing a failure. [ 170.260939][ T7231] name failslab, interval 1, probability 0, space 0, times 0 [ 170.273735][ T7231] CPU: 0 UID: 0 PID: 7231 Comm: syz.2.311 Not tainted syzkaller #0 PREEMPT(full) [ 170.273758][ T7231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 170.273770][ T7231] Call Trace: [ 170.273776][ T7231] [ 170.273783][ T7231] dump_stack_lvl+0x16c/0x1f0 [ 170.273813][ T7231] should_fail_ex+0x512/0x640 [ 170.273842][ T7231] should_failslab+0xc2/0x120 [ 170.273863][ T7231] kmem_cache_alloc_noprof+0x75/0x6e0 [ 170.273890][ T7231] ? dst_alloc+0x99/0x1a0 [ 170.273915][ T7231] ? dst_alloc+0x99/0x1a0 [ 170.273932][ T7231] dst_alloc+0x99/0x1a0 [ 170.273954][ T7231] rt_dst_alloc+0x35/0x3a0 [ 170.273983][ T7231] ip_route_input_rcu.part.0+0x5e8/0xe30 [ 170.274009][ T7231] ? __pfx_ip_route_input_rcu.part.0+0x10/0x10 [ 170.274031][ T7231] ? __pfx_iptable_mangle_hook+0x10/0x10 [ 170.274057][ T7231] ip_route_input_noref+0x1c1/0x2e0 [ 170.274080][ T7231] ? __pfx_ip_route_input_noref+0x10/0x10 [ 170.274107][ T7231] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 170.274134][ T7231] ip_rcv_finish_core+0x46f/0x2290 [ 170.274163][ T7231] ip_rcv+0x1c0/0x600 [ 170.274185][ T7231] ? __pfx_ip_rcv+0x10/0x10 [ 170.274205][ T7231] __netif_receive_skb_one_core+0x197/0x1e0 [ 170.274225][ T7231] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 170.274247][ T7231] ? lock_acquire+0x179/0x350 [ 170.274267][ T7231] ? __phys_addr+0xe8/0x180 [ 170.274293][ T7231] __netif_receive_skb+0x1d/0x160 [ 170.274313][ T7231] netif_receive_skb+0x137/0x7b0 [ 170.274333][ T7231] ? __pfx_netif_receive_skb+0x10/0x10 [ 170.274361][ T7231] tun_rx_batched.isra.0+0x3ee/0x740 [ 170.274387][ T7231] ? __pfx_tun_rx_batched.isra.0+0x10/0x10 [ 170.274417][ T7231] ? tun_get_user+0x1ded/0x3cc0 [ 170.274438][ T7231] ? rcu_is_watching+0x12/0xc0 [ 170.274465][ T7231] tun_get_user+0x28b2/0x3cc0 [ 170.274499][ T7231] ? __pfx_tun_get_user+0x10/0x10 [ 170.274524][ T7231] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 170.274554][ T7231] ? find_held_lock+0x2b/0x80 [ 170.274576][ T7231] ? tun_get+0x191/0x370 [ 170.274603][ T7231] tun_chr_write_iter+0xdc/0x210 [ 170.274628][ T7231] vfs_write+0x7d3/0x11d0 [ 170.274646][ T7231] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 170.274672][ T7231] ? __pfx_vfs_write+0x10/0x10 [ 170.274686][ T7231] ? find_held_lock+0x2b/0x80 [ 170.274724][ T7231] ksys_write+0x12a/0x250 [ 170.274740][ T7231] ? __pfx_ksys_write+0x10/0x10 [ 170.274763][ T7231] do_syscall_64+0xcd/0xfa0 [ 170.274792][ T7231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.274809][ T7231] RIP: 0033:0x7fbfefd8da7f [ 170.274823][ T7231] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 170.274842][ T7231] RSP: 002b:00007fbff0c30000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 170.274859][ T7231] RAX: ffffffffffffffda RBX: 00007fbfeffe5fa0 RCX: 00007fbfefd8da7f [ 170.274869][ T7231] RDX: 000000000000002a RSI: 0000200000000340 RDI: 00000000000000c8 [ 170.274878][ T7231] RBP: 00007fbff0c30090 R08: 0000000000000000 R09: 0000000000000000 [ 170.274888][ T7231] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000001 [ 170.274897][ T7231] R13: 00007fbfeffe6038 R14: 00007fbfeffe5fa0 R15: 00007ffdcfdbf758 [ 170.274920][ T7231] [ 170.281136][ T42] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 170.741285][ T5880] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 170.959677][ T42] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 170.980201][ T42] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.990694][ T42] usb 4-1: Product: syz [ 170.992109][ T7244] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 170.995172][ T42] usb 4-1: Manufacturer: syz [ 171.007017][ T42] usb 4-1: SerialNumber: syz [ 171.014546][ T5880] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 171.023662][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.037716][ T5880] usb 1-1: Product: syz [ 171.043361][ T5880] usb 1-1: Manufacturer: syz [ 171.047996][ T5880] usb 1-1: SerialNumber: syz [ 171.064151][ T42] usb 4-1: config 0 descriptor?? [ 171.070656][ T5880] usb 1-1: config 0 descriptor?? [ 171.095002][ T42] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 171.212128][ T5847] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 171.257169][ T5880] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 171.284744][ T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 171.446861][ T5880] gspca_sunplus: reg_r err -71 [ 171.462943][ T5880] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 171.530242][ T42] gspca_sunplus: reg_r err -71 [ 171.541000][ T5880] usb 1-1: USB disconnect, device number 14 [ 171.563631][ T42] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 171.592578][ T42] usb 4-1: USB disconnect, device number 9 [ 171.636475][ T5847] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 171.658586][ T10] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 171.669592][ T5847] usb 2-1: config 0 interface 0 has no altsetting 0 [ 171.676564][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.685373][ T10] usb 5-1: Product: syz [ 171.689753][ T10] usb 5-1: Manufacturer: syz [ 171.694800][ T10] usb 5-1: SerialNumber: syz [ 171.821495][ T5847] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 171.831497][ T10] usb 5-1: config 0 descriptor?? [ 171.837493][ T5847] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 171.852366][ T10] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 171.858832][ T5847] usb 2-1: Product: syz [ 171.865462][ T5847] usb 2-1: Manufacturer: syz [ 171.870302][ T5847] usb 2-1: SerialNumber: syz [ 171.882484][ T5847] usb 2-1: config 0 descriptor?? [ 171.896404][ T5847] usb 2-1: selecting invalid altsetting 0 [ 172.068995][ T30] audit: type=1400 audit(1761965366.876:426): avc: denied { accept } for pid=7250 comm="syz.0.317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 172.222728][ T42] usb 2-1: USB disconnect, device number 10 [ 172.434994][ T10] gspca_sunplus: reg_r err -110 [ 172.446744][ T10] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 173.216085][ T30] audit: type=1400 audit(1761965367.366:427): avc: denied { mount } for pid=7256 comm="syz.0.318" name="/" dev="rpc_pipefs" ino=14720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 173.252081][ T42] net_ratelimit: 7 callbacks suppressed [ 173.252093][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 173.502401][ T10] usb 5-1: USB disconnect, device number 12 [ 173.936019][ T5847] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 173.991193][ T980] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 174.036415][ T7274] Cannot find del_set index 3 as target [ 174.142686][ T980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.174421][ T980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.184974][ T980] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 174.194404][ T980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.206759][ T980] usb 1-1: config 0 descriptor?? [ 174.321699][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.386285][ T6061] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.402715][ T7287] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 175.409217][ T7287] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 175.413733][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.417546][ T7287] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 175.429322][ T7287] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 175.436129][ T7287] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 175.442261][ T7287] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 175.449544][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.518691][ T7284] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.527105][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.535450][ T7284] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.549468][ T7284] Cannot find add_set index 0 as target [ 175.632492][ T5936] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 176.015041][ T5811] Bluetooth: hci0: unexpected event for opcode 0x2035 [ 176.044137][ T30] audit: type=1400 audit(1761965370.826:428): avc: denied { connect } for pid=7295 comm="syz.4.327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 176.501848][ T980] usbhid 1-1:0.0: can't add hid device: -71 [ 176.568220][ T980] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 176.682058][ T980] usb 1-1: USB disconnect, device number 15 [ 176.831006][ T7308] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 177.431933][ T7319] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 177.450882][ T5811] Bluetooth: hci4: command 0x0c1a tx timeout [ 177.454160][ T5822] Bluetooth: hci3: command 0x0c1a tx timeout [ 177.457013][ T5811] Bluetooth: hci2: command 0x0c1a tx timeout [ 177.471107][ T5847] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 177.531255][ T5134] Bluetooth: hci1: command 0x0405 tx timeout [ 177.804207][ T5847] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 177.829921][ T5847] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.849620][ T5847] usb 3-1: Product: syz [ 177.855516][ T5847] usb 3-1: Manufacturer: syz [ 177.861119][ T980] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 177.881686][ T42] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 177.897167][ T5847] usb 3-1: SerialNumber: syz [ 177.924076][ T5847] usb 3-1: config 0 descriptor?? [ 177.947699][ T5847] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 177.971315][ T10] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 178.054176][ T42] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 178.068475][ T980] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 178.088289][ T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.088297][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.088316][ T980] usb 2-1: Product: syz [ 178.108896][ T42] usb 5-1: Product: syz [ 178.113554][ T980] usb 2-1: Manufacturer: syz [ 178.114144][ T42] usb 5-1: Manufacturer: syz [ 178.118921][ T980] usb 2-1: SerialNumber: syz [ 178.123350][ T42] usb 5-1: SerialNumber: syz [ 178.131149][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 178.146789][ T5847] gspca_sunplus: reg_r err -71 [ 178.156273][ T10] usb 1-1: config 4 has an invalid interface number: 102 but max is 0 [ 178.159282][ T42] usb 5-1: config 0 descriptor?? [ 178.165919][ T980] usb 2-1: config 0 descriptor?? [ 178.174459][ T42] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 178.180734][ T5847] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 178.189076][ T10] usb 1-1: config 4 has no interface number 0 [ 178.197273][ T5847] usb 3-1: USB disconnect, device number 10 [ 178.203227][ T10] usb 1-1: config 4 interface 102 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 178.220000][ T980] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 178.227994][ T10] usb 1-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.00 [ 178.237128][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.247768][ T7309] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 178.262597][ T5880] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 178.273086][ T10] ums-jumpshot 1-1:4.102: USB Mass Storage device detected [ 178.284198][ T10] ums-jumpshot 1-1:4.102: Quirks match for vid 05dc pid 0001: 2 [ 178.421194][ T5880] usb 4-1: device descriptor read/64, error -71 [ 178.450613][ T980] gspca_sunplus: reg_r err -71 [ 178.458761][ T980] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 178.469097][ T980] usb 2-1: USB disconnect, device number 11 [ 178.522315][ T5897] usb 1-1: USB disconnect, device number 16 [ 178.579094][ T42] gspca_sunplus: reg_r err -71 [ 178.587118][ T42] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 178.598206][ T42] usb 5-1: USB disconnect, device number 13 [ 178.642108][ T977] net_ratelimit: 8 callbacks suppressed [ 178.642123][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.681297][ T5880] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 178.831165][ T5880] usb 4-1: device descriptor read/64, error -71 [ 178.951321][ T5880] usb usb4-port1: attempt power cycle [ 179.045696][ T30] audit: type=1326 audit(1761965373.856:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7330 comm="syz.1.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 179.069027][ T30] audit: type=1326 audit(1761965373.856:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7330 comm="syz.1.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 179.093535][ T30] audit: type=1326 audit(1761965373.856:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7330 comm="syz.1.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 179.130385][ T30] audit: type=1326 audit(1761965373.856:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7330 comm="syz.1.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 179.156927][ T980] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 179.168587][ T30] audit: type=1326 audit(1761965373.856:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7330 comm="syz.1.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 179.193913][ T30] audit: type=1326 audit(1761965373.856:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7330 comm="syz.1.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 179.271176][ T30] audit: type=1326 audit(1761965373.856:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7330 comm="syz.1.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 179.295074][ T30] audit: type=1326 audit(1761965373.856:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7330 comm="syz.1.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 179.319532][ T30] audit: type=1326 audit(1761965373.856:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7330 comm="syz.1.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 179.321035][ T980] usb 3-1: config 16 has an invalid interface number: 168 but max is 0 [ 179.343570][ T5880] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 179.400709][ T30] audit: type=1326 audit(1761965373.856:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7330 comm="syz.1.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fb2d358efc9 code=0x7ffc0000 [ 179.611229][ T5822] Bluetooth: hci3: command 0x0c1a tx timeout [ 179.765619][ T980] usb 3-1: config 16 has no interface number 0 [ 179.766396][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 179.771836][ T980] usb 3-1: too many endpoints for config 16 interface 168 altsetting 0: 212, using maximum allowed: 30 [ 179.791590][ T980] usb 3-1: config 16 interface 168 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 212 [ 179.805977][ T980] usb 3-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a [ 179.816553][ T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.819174][ T5880] usb 4-1: device descriptor read/8, error -71 [ 179.906572][ T980] HFC-S_USB 3-1:16.168: probe with driver HFC-S_USB failed with error -5 [ 180.619234][ T5822] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 180.627770][ T5822] Bluetooth: hci0: Injecting HCI hardware error event [ 180.635959][ T5822] Bluetooth: hci0: hardware error 0x00 [ 180.728776][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.761218][ T5880] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 180.990318][ T6061] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.998657][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.007853][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.016879][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.045392][ T5880] usb 4-1: device descriptor read/8, error -71 [ 181.308366][ T5880] usb usb4-port1: unable to enumerate USB device [ 181.837497][ T7359] vxfs: unable to read disk superblock at 1 [ 181.849254][ T7359] vxfs: unable to read disk superblock at 8 [ 181.876119][ T7359] vxfs: can't find superblock. [ 182.001269][ T977] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.221670][ T5880] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 182.402177][ T980] usb 3-1: USB disconnect, device number 11 [ 182.413153][ T5880] usb 4-1: Using ep0 maxpacket: 8 [ 182.435460][ T5880] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 182.463399][ T5880] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 182.658170][ T5880] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 182.697130][ T5880] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 182.771233][ T5822] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 182.779929][ T5880] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 182.794556][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.092846][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 183.391929][ T5880] usb 4-1: GET_CAPABILITIES returned 0 [ 183.446337][ T5880] usbtmc 4-1:16.0: can't read capabilities [ 183.519974][ T7382] Cannot find del_set index 3 as target [ 183.604519][ T5880] usb 4-1: USB disconnect, device number 14 [ 183.761244][ T5847] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 183.827711][ T7387] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 184.784180][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 184.792511][ T5880] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 184.971087][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 184.971103][ T30] audit: type=1400 audit(1761965379.736:453): avc: denied { bind } for pid=7398 comm="syz.3.353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 185.005634][ T7402] binder: BINDER_SET_CONTEXT_MGR already set [ 185.045120][ T7402] binder: 7401:7402 ioctl 4018620d 200000000180 returned -16 [ 185.107587][ T30] audit: type=1400 audit(1761965379.736:454): avc: denied { ioctl } for pid=7398 comm="syz.3.353" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 185.181950][ T30] audit: type=1400 audit(1761965379.816:455): avc: denied { set_context_mgr } for pid=7401 comm="syz.4.354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 185.227942][ T5880] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 185.243604][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.261140][ T5880] usb 3-1: Product: syz [ 185.271145][ T5880] usb 3-1: Manufacturer: syz [ 185.276763][ T30] audit: type=1400 audit(1761965379.896:456): avc: denied { bind } for pid=7401 comm="syz.4.354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 185.295909][ T5880] usb 3-1: SerialNumber: syz [ 185.313435][ T5880] usb 3-1: config 0 descriptor?? [ 185.350241][ T5880] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 186.010213][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 186.031781][ T5880] gspca_sunplus: reg_r err -110 [ 186.037224][ T5880] sunplus 3-1:0.0: probe with driver sunplus failed with error -110 [ 186.136092][ T7419] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 187.187552][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 187.211782][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 187.667271][ T10] usb 3-1: USB disconnect, device number 12 [ 187.811212][ T42] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 188.074546][ T42] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 188.111120][ T42] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.119201][ T42] usb 2-1: Product: syz [ 188.139598][ T42] usb 2-1: Manufacturer: syz [ 188.145514][ T42] usb 2-1: SerialNumber: syz [ 188.160496][ T42] usb 2-1: config 0 descriptor?? [ 188.182622][ T42] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 188.250930][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.523835][ T42] gspca_sunplus: reg_r err -71 [ 188.528678][ T42] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 188.545553][ T42] usb 2-1: USB disconnect, device number 12 [ 189.155842][ T7467] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.164378][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.174011][ T7467] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.184553][ T7467] Cannot find add_set index 0 as target [ 189.243841][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.261130][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.276567][ T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 189.282124][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.793973][ T7456] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.802315][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.811493][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 189.847048][ T9] usb 4-1: config 4 has an invalid interface number: 102 but max is 0 [ 189.856366][ T30] audit: type=1800 audit(1761965384.637:457): pid=7473 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.375" name=6E73BF12E10BC845E0807291376B6A9C4CCE5A99F85125232DD3D213E8DCE1FDDEEFF2A7D2AB97C26527FC108503 dev="overlay" ino=16726 res=0 errno=0 [ 189.920344][ T7475] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 189.952915][ T9] usb 4-1: config 4 has no interface number 0 [ 189.959016][ T9] usb 4-1: config 4 interface 102 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 189.991628][ T9] usb 4-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.00 [ 190.099602][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.132119][ T7455] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 190.151682][ T9] ums-jumpshot 4-1:4.102: USB Mass Storage device detected [ 190.178398][ T9] ums-jumpshot 4-1:4.102: Quirks match for vid 05dc pid 0001: 2 [ 190.322455][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 190.621874][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 191.159173][ T9] usb 4-1: USB disconnect, device number 15 [ 191.701221][ T30] audit: type=1326 audit(1761965386.467:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7492 comm="syz.2.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 191.917348][ T30] audit: type=1326 audit(1761965386.477:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7492 comm="syz.2.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 191.956778][ T30] audit: type=1326 audit(1761965386.477:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7492 comm="syz.2.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 191.980789][ T30] audit: type=1326 audit(1761965386.497:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7492 comm="syz.2.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 192.037919][ T30] audit: type=1326 audit(1761965386.497:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7492 comm="syz.2.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 192.073887][ T30] audit: type=1326 audit(1761965386.497:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7492 comm="syz.2.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 192.198765][ T30] audit: type=1326 audit(1761965386.497:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7492 comm="syz.2.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 192.222398][ T30] audit: type=1326 audit(1761965386.507:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7492 comm="syz.2.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 192.261711][ T30] audit: type=1326 audit(1761965386.507:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7492 comm="syz.2.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 192.287336][ T30] audit: type=1326 audit(1761965386.507:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7492 comm="syz.2.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 193.204207][ T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 193.367593][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 193.382985][ T7520] netlink: 12 bytes leftover after parsing attributes in process `syz.1.386'. [ 193.393941][ T9] usb 5-1: config 4 has an invalid interface number: 102 but max is 0 [ 193.415131][ T9] usb 5-1: config 4 has no interface number 0 [ 193.458542][ T9] usb 5-1: config 4 interface 102 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 193.534311][ T9] usb 5-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.00 [ 193.600684][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.661755][ T7507] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 193.703586][ T9] ums-jumpshot 5-1:4.102: USB Mass Storage device detected [ 193.725035][ T9] ums-jumpshot 5-1:4.102: Quirks match for vid 05dc pid 0001: 2 [ 193.770062][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.785612][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.431111][ T9] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 194.602064][ T9] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 194.633564][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 194.773934][ T5897] usb 5-1: USB disconnect, device number 14 [ 194.794432][ T9] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 195.241463][ T9] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 195.249628][ T9] usb 4-1: Product: syz [ 195.267878][ T42] net_ratelimit: 83 callbacks suppressed [ 195.267890][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 195.267939][ T9] usb 4-1: Manufacturer: syz [ 195.377554][ T9] usb 4-1: SerialNumber: syz [ 195.408300][ T9] usb 4-1: config 0 descriptor?? [ 195.444302][ T9] usb 4-1: selecting invalid altsetting 0 [ 195.596253][ T7556] overlayfs: overlapping lowerdir path [ 196.365426][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 196.729177][ T7594] FAULT_INJECTION: forcing a failure. [ 196.729177][ T7594] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 196.781121][ T7594] CPU: 1 UID: 0 PID: 7594 Comm: syz.2.400 Not tainted syzkaller #0 PREEMPT(full) [ 196.781145][ T7594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 196.781155][ T7594] Call Trace: [ 196.781160][ T7594] [ 196.781167][ T7594] dump_stack_lvl+0x16c/0x1f0 [ 196.781196][ T7594] should_fail_ex+0x512/0x640 [ 196.781221][ T7594] _copy_from_user+0x2e/0xd0 [ 196.781235][ T7594] copy_msghdr_from_user+0x98/0x160 [ 196.781250][ T7594] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 196.781267][ T7594] ? __lock_acquire+0x622/0x1c90 [ 196.781286][ T7594] ___sys_recvmsg+0xdb/0x1a0 [ 196.781300][ T7594] ? __pfx____sys_recvmsg+0x10/0x10 [ 196.781315][ T7594] ? find_held_lock+0x2b/0x80 [ 196.781336][ T7594] do_recvmmsg+0x2fe/0x750 [ 196.781352][ T7594] ? __pfx_do_recvmmsg+0x10/0x10 [ 196.781368][ T7594] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 196.781394][ T7594] ? __fget_files+0x20e/0x3c0 [ 196.781409][ T7594] __x64_sys_recvmmsg+0x22a/0x280 [ 196.781424][ T7594] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 196.781442][ T7594] do_syscall_64+0xcd/0xfa0 [ 196.781459][ T7594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.781469][ T7594] RIP: 0033:0x7fbfefd8efc9 [ 196.781478][ T7594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.781489][ T7594] RSP: 002b:00007fbff0c0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 196.781499][ T7594] RAX: ffffffffffffffda RBX: 00007fbfeffe6090 RCX: 00007fbfefd8efc9 [ 196.781506][ T7594] RDX: 0000000000000002 RSI: 00002000000057c0 RDI: 0000000000000005 [ 196.781512][ T7594] RBP: 00007fbff0c0f090 R08: 0000000000000000 R09: 0000000000000000 [ 196.781518][ T7594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.781524][ T7594] R13: 00007fbfeffe6128 R14: 00007fbfeffe6090 R15: 00007ffdcfdbf758 [ 196.781538][ T7594] [ 196.783889][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 197.141864][ T9] usb 4-1: USB disconnect, device number 16 [ 197.241143][ T5880] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 197.361608][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 197.421143][ T5880] usb 5-1: Using ep0 maxpacket: 8 [ 197.524776][ T5880] usb 5-1: config 4 has an invalid interface number: 102 but max is 0 [ 197.533055][ T5880] usb 5-1: config 4 has no interface number 0 [ 197.539229][ T5880] usb 5-1: config 4 interface 102 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 197.552220][ T5880] usb 5-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.00 [ 197.561438][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.573529][ T7595] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 197.582561][ T5880] ums-jumpshot 5-1:4.102: USB Mass Storage device detected [ 197.658285][ T5880] ums-jumpshot 5-1:4.102: Quirks match for vid 05dc pid 0001: 2 [ 198.217507][ T5880] usb 5-1: USB disconnect, device number 15 [ 198.397698][ T7611] overlayfs: overlapping lowerdir path [ 198.405133][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 198.501801][ T5847] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 198.771085][ T5847] usb 1-1: Using ep0 maxpacket: 32 [ 198.957481][ T5847] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 199.015653][ T5847] usb 1-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09 [ 199.031138][ T5847] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.081152][ T5847] usb 1-1: Product: syz [ 199.085405][ T5847] usb 1-1: Manufacturer: syz [ 199.100166][ T5847] usb 1-1: SerialNumber: syz [ 199.132287][ T5847] usb 1-1: config 0 descriptor?? [ 199.136339][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 199.136352][ T30] audit: type=1400 audit(1761965393.947:477): avc: denied { mount } for pid=7621 comm="syz.4.409" name="/" dev="configfs" ino=1098 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 199.185067][ T5847] peak_usb 1-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22 [ 199.193721][ T7622] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 199.221133][ T5847] peak_usb 1-1:0.0: unable to read PCAN-USB serial number (err -22) [ 199.442485][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 200.411737][ T5847] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -22 [ 200.436087][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 200.446789][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 200.481823][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 200.590854][ T30] audit: type=1400 audit(1761965395.397:478): avc: denied { name_connect } for pid=7637 comm="syz.1.413" dest=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 200.611484][ T9] usb 1-1: USB disconnect, device number 17 [ 200.706345][ T7646] netlink: 'syz.1.416': attribute type 2 has an invalid length. [ 200.717149][ T7646] netlink: 164 bytes leftover after parsing attributes in process `syz.1.416'. [ 200.732853][ T7648] netlink: 60 bytes leftover after parsing attributes in process `syz.4.415'. [ 200.748956][ T7642] netlink: 60 bytes leftover after parsing attributes in process `syz.4.415'. [ 200.759463][ T7648] netlink: 60 bytes leftover after parsing attributes in process `syz.4.415'. [ 200.897712][ T7652] Driver unsupported XDP return value 0 on prog (id 118) dev N/A, expect packet loss! [ 200.952452][ T7657] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53 sclass=netlink_route_socket pid=7657 comm=syz.3.420 [ 200.959838][ T7660] netlink: 'syz.3.420': attribute type 29 has an invalid length. [ 200.983984][ T7654] netlink: 'syz.3.420': attribute type 29 has an invalid length. [ 201.115915][ T7666] warning: `syz.3.424' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 201.523626][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.793595][ T7693] netlink: 'syz.3.437': attribute type 2 has an invalid length. [ 201.814882][ T7693] netlink: 164 bytes leftover after parsing attributes in process `syz.3.437'. [ 202.003634][ T7708] netlink: 'syz.0.443': attribute type 33 has an invalid length. [ 202.031157][ T7708] netlink: 152 bytes leftover after parsing attributes in process `syz.0.443'. [ 202.063317][ T7714] netlink: 'syz.4.446': attribute type 39 has an invalid length. [ 202.141002][ T30] audit: type=1400 audit(1761965396.947:479): avc: denied { name_bind } for pid=7720 comm="syz.1.448" src=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 202.216298][ T7724] netlink: 1030 bytes leftover after parsing attributes in process `syz.3.450'. [ 202.244627][ T7724] bond_slave_0: entered promiscuous mode [ 202.250509][ T7724] bond_slave_1: entered promiscuous mode [ 202.808634][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.481156][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.690314][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.078172][ T7764] netlink: 12 bytes leftover after parsing attributes in process `syz.3.464'. [ 204.281708][ T7763] Cannot find add_set index 0 as target [ 204.335377][ T7773] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 204.345294][ T7773] block device autoloading is deprecated and will be removed. [ 204.801848][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.931123][ T5888] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 205.031163][ T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 205.112513][ T5888] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 205.151077][ T5888] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 205.169557][ T5888] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 205.179330][ T5888] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.198043][ T5888] usb 5-1: config 0 descriptor?? [ 205.233842][ T10] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 205.287105][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.318131][ T10] usb 2-1: Product: syz [ 205.336949][ T10] usb 2-1: Manufacturer: syz [ 205.596222][ T10] usb 2-1: SerialNumber: syz [ 205.602442][ T7785] netlink: 136 bytes leftover after parsing attributes in process `syz.3.470'. [ 205.617636][ T10] usb 2-1: config 0 descriptor?? [ 205.692315][ T7788] vivid-004: disconnect [ 205.732089][ T10] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 205.739024][ T30] audit: type=1400 audit(1761965400.547:480): avc: denied { map } for pid=7787 comm="syz.2.471" path="/dev/swradio4" dev="devtmpfs" ino=1008 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 205.950045][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.261449][ T10] gspca_sunplus: reg_r err -110 [ 206.264175][ T7791] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 206.267801][ T10] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 206.273317][ T7791] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 206.286339][ T7791] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 206.292437][ T7791] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 206.317288][ T7787] vivid-004: reconnect [ 206.493521][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.513719][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.530769][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.932061][ T7801] netlink: 136 bytes leftover after parsing attributes in process `syz.2.475'. [ 206.961776][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.970375][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.981198][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 207.427453][ T7810] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 207.436364][ T7810] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 207.445217][ T7810] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 207.565355][ T5888] usbhid 5-1:0.0: can't add hid device: -71 [ 207.571676][ T5888] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 207.581269][ T5888] usb 5-1: USB disconnect, device number 16 [ 207.590644][ T30] audit: type=1326 audit(1761965402.397:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7807 comm="syz.2.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 207.622068][ T10] usb 2-1: USB disconnect, device number 13 [ 207.685904][ T30] audit: type=1326 audit(1761965402.407:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7807 comm="syz.2.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 207.838036][ T30] audit: type=1326 audit(1761965402.547:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7807 comm="syz.2.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 208.165140][ T30] audit: type=1326 audit(1761965402.627:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7807 comm="syz.2.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 208.250198][ T30] audit: type=1326 audit(1761965402.637:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7807 comm="syz.2.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 208.329005][ T5822] Bluetooth: hci1: command 0x0405 tx timeout [ 208.335538][ T5134] Bluetooth: hci4: command 0x0c1a tx timeout [ 208.341682][ T5134] Bluetooth: hci3: command 0x0c1a tx timeout [ 208.347706][ T5134] Bluetooth: hci2: command 0x0c1a tx timeout [ 208.356176][ T30] audit: type=1326 audit(1761965402.647:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7807 comm="syz.2.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 208.383316][ T30] audit: type=1400 audit(1761965403.007:487): avc: denied { ioctl } for pid=7824 comm="syz.4.482" path="pid:[4026532793]" dev="nsfs" ino=4026532793 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 208.484416][ T7827] Cannot find del_set index 3 as target [ 209.037640][ T30] audit: type=1326 audit(1761965403.847:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7807 comm="syz.2.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 209.218287][ T30] audit: type=1326 audit(1761965403.847:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7807 comm="syz.2.477" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfefd8efc9 code=0x7ffc0000 [ 209.452627][ T10] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 209.661410][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 209.669870][ T10] usb 5-1: config 4 has an invalid interface number: 102 but max is 0 [ 209.678571][ T10] usb 5-1: config 4 has no interface number 0 [ 209.711925][ T10] usb 5-1: config 4 interface 102 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 209.727948][ T10] usb 5-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.00 [ 209.737284][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.751184][ T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 209.768431][ T7832] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 209.780177][ T10] ums-jumpshot 5-1:4.102: USB Mass Storage device detected [ 209.806580][ T10] ums-jumpshot 5-1:4.102: Quirks match for vid 05dc pid 0001: 2 [ 209.825962][ T7845] netlink: 136 bytes leftover after parsing attributes in process `syz.1.487'. [ 209.904013][ T9] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 209.913150][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.931140][ T9] usb 3-1: Product: syz [ 209.951312][ T9] usb 3-1: Manufacturer: syz [ 209.972609][ T9] usb 3-1: SerialNumber: syz [ 210.001591][ T9] usb 3-1: config 0 descriptor?? [ 210.034933][ T9] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 210.291139][ T10] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 210.644958][ T9] gspca_sunplus: reg_r err -110 [ 210.654677][ T9] sunplus 3-1:0.0: probe with driver sunplus failed with error -110 [ 210.712835][ T5897] usb 5-1: USB disconnect, device number 17 [ 210.732443][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 210.754648][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 210.776184][ T10] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 210.785890][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.804562][ T10] usb 2-1: config 0 descriptor?? [ 211.768465][ T5897] net_ratelimit: 74 callbacks suppressed [ 211.768484][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 211.811861][ T7864] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 211.819886][ T7864] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 211.825933][ T7864] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 211.832200][ T7864] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 211.908573][ T7868] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 212.251167][ T5847] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 212.327934][ T9] usb 3-1: USB disconnect, device number 13 [ 212.331377][ T4789] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 212.348097][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 212.356781][ T5873] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 212.425356][ T5847] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 212.435036][ T5847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.443586][ T5847] usb 4-1: Product: syz [ 212.447848][ T5847] usb 4-1: Manufacturer: syz [ 212.452842][ T5847] usb 4-1: SerialNumber: syz [ 212.477703][ T5847] usb 4-1: config 0 descriptor?? [ 212.512652][ T7881] Cannot find add_set index 0 as target [ 212.523936][ T5847] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 212.750711][ T5847] gspca_sunplus: reg_r err -71 [ 212.756530][ T5847] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 212.769923][ T5847] usb 4-1: USB disconnect, device number 17 [ 212.812154][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 212.822102][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 212.836958][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 212.937051][ T7886] netlink: 136 bytes leftover after parsing attributes in process `syz.4.498'. [ 213.085214][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 213.149437][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 213.183089][ T10] usb 2-1: USB disconnect, device number 14 [ 213.841585][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 213.850534][ T5134] Bluetooth: hci2: command 0x0c1a tx timeout [ 213.856782][ T5822] Bluetooth: hci4: command 0x0c1a tx timeout [ 213.863088][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 213.869190][ T5811] Bluetooth: hci1: command 0x0405 tx timeout [ 214.111853][ T10] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 214.513242][ T10] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 214.600594][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.670656][ T5847] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 214.685005][ T10] usb 2-1: Product: syz [ 214.720762][ T10] usb 2-1: Manufacturer: syz [ 214.725682][ T10] usb 2-1: SerialNumber: syz [ 214.753925][ T10] usb 2-1: config 0 descriptor?? [ 214.861723][ T10] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 214.884151][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.892253][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.231950][ T10] gspca_sunplus: reg_r err -71 [ 215.237423][ T10] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 215.286036][ T10] usb 2-1: USB disconnect, device number 15 [ 215.305719][ T5847] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 215.329472][ T5847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.338704][ T5847] usb 4-1: Product: syz [ 215.343107][ T5847] usb 4-1: Manufacturer: syz [ 215.347694][ T5847] usb 4-1: SerialNumber: syz [ 215.360448][ T5847] usb 4-1: config 0 descriptor?? [ 215.373700][ T5847] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 215.636097][ T30] audit: type=1400 audit(1761965410.447:490): avc: denied { ioctl } for pid=7920 comm="syz.4.508" path="/dev/input/event3" dev="devtmpfs" ino=988 ioctlcmd=0x45c0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 215.817297][ T5847] gspca_sunplus: reg_r err -71 [ 216.255907][ T5847] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 216.385805][ T5847] usb 4-1: USB disconnect, device number 18 [ 216.401193][ T5880] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 216.961136][ T5880] usb 1-1: Using ep0 maxpacket: 8 [ 216.968243][ T5880] usb 1-1: config 4 has an invalid interface number: 102 but max is 0 [ 216.977204][ T5880] usb 1-1: config 4 has no interface number 0 [ 217.439207][ T5897] net_ratelimit: 4 callbacks suppressed [ 217.439219][ T5897] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 217.459255][ T5880] usb 1-1: config 4 interface 102 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 217.471248][ T5880] usb 1-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.00 [ 217.480508][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.500295][ T7917] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 217.519429][ T5880] ums-jumpshot 1-1:4.102: USB Mass Storage device detected [ 217.541900][ T5880] ums-jumpshot 1-1:4.102: Quirks match for vid 05dc pid 0001: 2 [ 217.971221][ T5880] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 218.082846][ T5936] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.091458][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.101502][ T5847] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.170116][ T5847] usb 1-1: USB disconnect, device number 18 [ 218.200844][ T7955] netlink: 12 bytes leftover after parsing attributes in process `syz.1.517'. [ 218.272496][ T5880] usb 3-1: config index 0 descriptor too short (expected 117, got 102) [ 218.282509][ T5880] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 218.320062][ T5880] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 218.336418][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.358281][ T5880] usb 3-1: Product: syz [ 218.456377][ T7963] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 218.467159][ T5880] usb 3-1: Manufacturer: syz [ 218.472579][ T5880] usb 3-1: SerialNumber: syz [ 218.493207][ T5880] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 218.542852][ T5927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.721575][ T4789] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.731411][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.987038][ T5847] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 219.113532][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 219.227751][ T42] usb 3-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed [ 219.237455][ T30] audit: type=1400 audit(1761965414.037:491): avc: denied { firmware_load } for pid=42 comm="kworker/1:1" path="/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw" dev="sda1" ino=313 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 219.265454][ T5927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 219.318128][ T5847] usb 2-1: device descriptor read/64, error -32 [ 220.070103][ T5880] usb 3-1: USB disconnect, device number 14 [ 220.482523][ T5880] usb 3-1: ath9k_htc: USB layer deinitialized [ 220.491667][ T5927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.546910][ T30] audit: type=1400 audit(1761965414.137:492): avc: denied { create } for pid=7964 comm="syz.4.522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 220.653879][ T7974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.801257][ T5847] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 220.809667][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 220.992251][ T9] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 221.004259][ T5847] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 221.016333][ T5847] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.024468][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.032984][ T5847] usb 2-1: Product: syz [ 221.054571][ T5847] usb 2-1: Manufacturer: syz [ 221.068828][ T9] usb 5-1: config 0 descriptor?? [ 221.079225][ T5847] usb 2-1: SerialNumber: syz [ 221.104368][ T5847] usb 2-1: config 0 descriptor?? [ 221.125497][ T5847] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 221.389698][ T30] audit: type=1400 audit(1761965416.197:493): avc: denied { write } for pid=7964 comm="syz.4.522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 222.071192][ T5847] gspca_sunplus: reg_r err -110 [ 222.081803][ T9] ath6kl: Failed to read usb control message: -71 [ 222.093216][ T5847] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 222.101330][ T9] ath6kl: Unable to read the bmi data from the device: -71 [ 222.117478][ T9] ath6kl: Unable to recv target info: -71 [ 222.128992][ T9] ath6kl: Failed to init ath6kl core: -71 [ 222.136926][ T9] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 222.157816][ T9] usb 5-1: USB disconnect, device number 18 [ 222.288877][ T42] usb 2-1: USB disconnect, device number 17 [ 222.473545][ T7991] netlink: 12 bytes leftover after parsing attributes in process `syz.2.529'. [ 222.561389][ T42] net_ratelimit: 365 callbacks suppressed [ 222.561400][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 222.581101][ T5847] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 222.615330][ T7992] loop6: detected capacity change from 524287951 to 524288000 [ 222.765171][ T5847] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 222.843485][ T5847] usb 4-1: config 0 interface 0 has no altsetting 0 [ 222.883059][ T5847] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 223.012254][ T5847] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 223.020569][ T5847] usb 4-1: Product: syz [ 223.032717][ T5847] usb 4-1: Manufacturer: syz [ 223.048359][ T8003] tmpfs: Bad value for 'mpol' [ 223.051424][ T5847] usb 4-1: SerialNumber: syz [ 223.343215][ T5847] usb 4-1: config 0 descriptor?? [ 223.373566][ T5847] usb 4-1: selecting invalid altsetting 0 [ 223.601381][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.014501][ T4789] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.041706][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.050247][ T5847] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.722254][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.730458][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.738983][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.747078][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.772073][ T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 225.291114][ T42] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 225.438338][ T8021] Cannot find add_set index 0 as target [ 225.502621][ T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 225.520320][ T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 225.562076][ T42] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 225.592066][ T42] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.624922][ T42] usb 1-1: config 0 descriptor?? [ 225.814433][ T5880] usb 4-1: USB disconnect, device number 19 [ 227.878771][ T8031] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 227.884804][ T8031] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 227.890779][ T8031] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 227.896759][ T8031] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 227.957504][ T42] usbhid 1-1:0.0: can't add hid device: -71 [ 228.055542][ T42] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 228.319081][ T42] usb 1-1: USB disconnect, device number 19 [ 228.951125][ T10] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 228.961283][ T5819] Bluetooth: hci2: command 0x0c1a tx timeout [ 229.778611][ T4789] net_ratelimit: 3 callbacks suppressed [ 229.778626][ T4789] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.805815][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.814327][ T5847] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.829491][ T8062] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 229.844478][ T10] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 229.876226][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.905867][ T8072] vivid-004: disconnect [ 229.906734][ T10] usb 2-1: Product: syz [ 229.914362][ T10] usb 2-1: Manufacturer: syz [ 229.918956][ T10] usb 2-1: SerialNumber: syz [ 229.925296][ T4789] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.934807][ T5847] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.945046][ T10] usb 2-1: config 0 descriptor?? [ 229.946853][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.963025][ T10] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 230.001131][ T5819] Bluetooth: hci1: command 0x0405 tx timeout [ 230.001571][ T5811] Bluetooth: hci4: command 0x0c1a tx timeout [ 230.007152][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 230.127794][ T10] gspca_sunplus: reg_r err -71 [ 230.132640][ T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 230.141135][ T42] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 230.151149][ T10] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 230.167741][ T10] usb 2-1: USB disconnect, device number 18 [ 230.251735][ T8058] vivid-004: reconnect [ 230.315454][ T9] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 230.332114][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.334125][ T42] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 230.350293][ T9] usb 3-1: Product: syz [ 230.361162][ T9] usb 3-1: Manufacturer: syz [ 230.369378][ T9] usb 3-1: SerialNumber: syz [ 230.384645][ T42] usb 4-1: config 0 interface 0 has no altsetting 0 [ 230.393512][ T42] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 230.404258][ T42] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 230.412433][ T42] usb 4-1: Product: syz [ 230.418235][ T42] usb 4-1: Manufacturer: syz [ 230.421702][ T9] usb 3-1: config 0 descriptor?? [ 230.426754][ T42] usb 4-1: SerialNumber: syz [ 230.449124][ T42] usb 4-1: config 0 descriptor?? [ 230.463992][ T9] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 230.466372][ T42] usb 4-1: selecting invalid altsetting 0 [ 230.490828][ T8081] netlink: 136 bytes leftover after parsing attributes in process `syz.4.554'. [ 230.668278][ T9] gspca_sunplus: reg_r err -71 [ 231.885324][ T9] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 231.895154][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 231.896096][ T9] usb 3-1: USB disconnect, device number 15 [ 232.108243][ T5819] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 232.558962][ T8093] FAULT_INJECTION: forcing a failure. [ 232.558962][ T8093] name failslab, interval 1, probability 0, space 0, times 0 [ 232.571767][ T8093] CPU: 0 UID: 0 PID: 8093 Comm: syz.4.556 Not tainted syzkaller #0 PREEMPT(full) [ 232.571789][ T8093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 232.571799][ T8093] Call Trace: [ 232.571806][ T8093] [ 232.571813][ T8093] dump_stack_lvl+0x16c/0x1f0 [ 232.571845][ T8093] should_fail_ex+0x512/0x640 [ 232.571866][ T8093] ? __kmalloc_noprof+0xca/0x880 [ 232.571893][ T8093] should_failslab+0xc2/0x120 [ 232.571915][ T8093] __kmalloc_noprof+0xdd/0x880 [ 232.571939][ T8093] ? lsm_blob_alloc+0x68/0x90 [ 232.571969][ T8093] ? lsm_blob_alloc+0x68/0x90 [ 232.571990][ T8093] lsm_blob_alloc+0x68/0x90 [ 232.572014][ T8093] security_task_alloc+0x2d/0x260 [ 232.572038][ T8093] copy_process+0x220b/0x76a0 [ 232.572074][ T8093] ? __pfx_copy_process+0x10/0x10 [ 232.572105][ T8093] ? lockdep_init_map_type+0x5c/0x280 [ 232.572124][ T8093] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 232.572150][ T8093] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 232.572172][ T8093] vhost_task_create+0x1d2/0x370 [ 232.572191][ T8093] ? __pfx_vhost_task_create+0x10/0x10 [ 232.572218][ T8093] ? __pfx_vhost_task_fn+0x10/0x10 [ 232.572239][ T8093] ? mark_held_locks+0x49/0x80 [ 232.572267][ T8093] ? lockdep_hardirqs_on+0x7c/0x110 [ 232.572298][ T8093] kvm_mmu_post_init_vm+0x1b7/0x380 [ 232.572319][ T8093] kvm_arch_vcpu_ioctl_run+0x66/0x1970 [ 232.572338][ T8093] ? preempt_schedule_thunk+0x16/0x30 [ 232.572372][ T8093] kvm_vcpu_ioctl+0x5eb/0x1690 [ 232.572400][ T8093] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 232.572425][ T8093] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 232.572450][ T8093] ? do_vfs_ioctl+0x128/0x14f0 [ 232.572476][ T8093] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 232.572500][ T8093] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 232.572530][ T8093] ? lockdep_hardirqs_on+0x7c/0x110 [ 232.572568][ T8093] ? selinux_file_ioctl+0x180/0x270 [ 232.572587][ T8093] ? selinux_file_ioctl+0xb4/0x270 [ 232.572607][ T8093] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 232.572633][ T8093] __x64_sys_ioctl+0x18e/0x210 [ 232.572660][ T8093] do_syscall_64+0xcd/0xfa0 [ 232.572688][ T8093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.572705][ T8093] RIP: 0033:0x7f289eb8efc9 [ 232.572720][ T8093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.572737][ T8093] RSP: 002b:00007f289f94c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 232.572754][ T8093] RAX: ffffffffffffffda RBX: 00007f289ede6180 RCX: 00007f289eb8efc9 [ 232.572766][ T8093] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 232.572777][ T8093] RBP: 00007f289f94c090 R08: 0000000000000000 R09: 0000000000000000 [ 232.572788][ T8093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 232.572798][ T8093] R13: 00007f289ede6218 R14: 00007f289ede6180 R15: 00007fffdbffb868 [ 232.572825][ T8093] [ 232.881223][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 233.046824][ T5888] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 233.980563][ T5927] usb 4-1: USB disconnect, device number 20 [ 234.092072][ T5888] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 234.101369][ T8112] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 234.110940][ T8112] block device autoloading is deprecated and will be removed. [ 234.142952][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 234.331172][ T5888] usb 2-1: Using ep0 maxpacket: 16 [ 234.338358][ T5888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 234.391843][ T5888] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 234.436591][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.481006][ T5888] usb 2-1: Product: syz [ 234.504337][ T5888] usb 2-1: Manufacturer: syz [ 234.526093][ T5888] usb 2-1: SerialNumber: syz [ 234.565628][ T5888] usb 2-1: config 0 descriptor?? [ 234.584078][ T5888] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 234.600125][ T5888] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 234.852664][ T5888] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 235.016302][ T5888] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 235.035121][ T5888] em28xx 2-1:0.0: board has no eeprom [ 235.042508][ T66] net_ratelimit: 4 callbacks suppressed [ 235.042522][ T66] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.067507][ T5847] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.082099][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.131084][ T5888] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 235.149069][ T5888] em28xx 2-1:0.0: dvb set to bulk mode. [ 235.160099][ T42] em28xx 2-1:0.0: Binding DVB extension [ 235.181319][ T5888] usb 2-1: USB disconnect, device number 19 [ 235.191962][ T8121] netlink: 136 bytes leftover after parsing attributes in process `syz.3.565'. [ 235.226916][ T5888] em28xx 2-1:0.0: Disconnecting em28xx [ 235.275195][ T42] em28xx 2-1:0.0: Registering input extension [ 235.292332][ T5888] em28xx 2-1:0.0: Closing input extension [ 235.331309][ T5888] em28xx 2-1:0.0: Freeing device [ 235.351099][ T5927] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 235.363839][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.372639][ T5847] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.397144][ T5847] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.540984][ T5927] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 235.563960][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.590952][ T5927] usb 1-1: config 0 descriptor?? [ 235.603236][ T5927] cp210x 1-1:0.0: cp210x converter detected [ 235.671184][ T5847] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 235.739386][ T30] audit: type=1400 audit(1761965430.547:494): avc: denied { ioctl } for pid=8127 comm="syz.2.568" path="socket:[19101]" dev="sockfs" ino=19101 ioctlcmd=0x894c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 235.853101][ T5847] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 235.865056][ T5847] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.889055][ T5847] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 235.921726][ T5847] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 235.939486][ T5847] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.005380][ T5847] usb 4-1: config 0 descriptor?? [ 236.081174][ T10] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 236.161363][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 236.183113][ T5927] usb 1-1: cp210x converter now attached to ttyUSB0 [ 236.231362][ T980] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 236.265592][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 236.277932][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 236.290809][ T10] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 236.300394][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.316640][ T10] usb 2-1: config 0 descriptor?? [ 236.404658][ T980] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 236.414808][ T980] usb 3-1: config 0 interface 0 has no altsetting 0 [ 236.423610][ T980] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 236.438949][ T980] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 236.474655][ T5847] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 236.489628][ T980] usb 3-1: Product: syz [ 236.493855][ T980] usb 3-1: Manufacturer: syz [ 236.498465][ T980] usb 3-1: SerialNumber: syz [ 236.512665][ T980] usb 3-1: config 0 descriptor?? [ 236.522543][ T980] usb 3-1: selecting invalid altsetting 0 [ 236.814153][ C0] plantronics 0003:047F:FFFF.0004: hid_field_extract() called with n (132) > 32! (syz.4.567) [ 237.682168][ T5927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 237.735424][ T30] audit: type=1400 audit(1761965432.547:495): avc: denied { lock } for pid=8118 comm="syz.0.564" path="socket:[18395]" dev="sockfs" ino=18395 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 237.781244][ T8143] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 237.787275][ T8143] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 237.794196][ T8143] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 237.800097][ T8143] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 237.820461][ T8143] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 238.587656][ T5847] usb 4-1: USB disconnect, device number 21 [ 239.030113][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 239.063048][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 239.105640][ T10] usb 2-1: USB disconnect, device number 20 [ 239.345502][ T8157] netlink: 136 bytes leftover after parsing attributes in process `syz.4.576'. [ 239.490457][ T5847] usb 3-1: USB disconnect, device number 16 [ 239.621223][ T10] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 239.722188][ T8167] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 239.779941][ T10] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 239.814572][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.823739][ T10] usb 2-1: Product: syz [ 239.831366][ T10] usb 2-1: Manufacturer: syz [ 239.839484][ T10] usb 2-1: SerialNumber: syz [ 239.844460][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 239.844496][ T5819] Bluetooth: hci3: command 0x0c1a tx timeout [ 239.850703][ T5822] Bluetooth: hci2: command 0x0c1a tx timeout [ 239.857519][ T5811] Bluetooth: hci1: command 0x0405 tx timeout [ 239.874605][ T10] usb 2-1: config 0 descriptor?? [ 239.890779][ T10] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 240.020417][ T8170] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 240.029951][ T8170] block device autoloading is deprecated and will be removed. [ 240.103508][ T42] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 240.445127][ T8176] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 240.565452][ T10] gspca_sunplus: reg_r err -71 [ 240.570241][ T10] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 240.590157][ T10] usb 2-1: USB disconnect, device number 21 [ 240.621121][ T42] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 240.669604][ T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.710974][ T42] usb 3-1: Product: syz [ 240.716152][ T42] usb 3-1: Manufacturer: syz [ 240.722122][ T42] usb 3-1: SerialNumber: syz [ 240.871251][ T30] audit: type=1326 audit(1761965435.677:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8177 comm="syz.4.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f289eb8efc9 code=0x7ffc0000 [ 240.874414][ T5927] usb 1-1: USB disconnect, device number 20 [ 241.018086][ T42] usb 3-1: config 0 descriptor?? [ 241.019073][ T30] audit: type=1326 audit(1761965435.677:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8177 comm="syz.4.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f289eb8efc9 code=0x7ffc0000 [ 241.031229][ T42] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 241.062768][ T5927] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 241.101481][ T30] audit: type=1326 audit(1761965435.777:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8177 comm="syz.4.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f289eb8efc9 code=0x7ffc0000 [ 241.142096][ T966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 241.150844][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 241.160802][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 241.195054][ T5927] cp210x 1-1:0.0: device disconnected [ 241.244698][ T42] gspca_sunplus: reg_r err -71 [ 241.487531][ T42] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 241.578080][ T42] usb 3-1: USB disconnect, device number 17 [ 241.660385][ T30] audit: type=1326 audit(1761965435.777:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8177 comm="syz.4.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f289eb8efc9 code=0x7ffc0000 [ 241.685352][ T30] audit: type=1326 audit(1761965435.777:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8177 comm="syz.4.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f289eb8efc9 code=0x7ffc0000 [ 241.733934][ T30] audit: type=1326 audit(1761965435.787:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8177 comm="syz.4.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f289eb8efc9 code=0x7ffc0000 [ 242.278364][ T5819] Bluetooth: hci4: command 0x0c1a tx timeout [ 242.394294][ T30] audit: type=1326 audit(1761965435.787:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8177 comm="syz.4.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f289eb8efc9 code=0x7ffc0000 [ 242.495305][ T30] audit: type=1326 audit(1761965435.787:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8177 comm="syz.4.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f289eb8efc9 code=0x7ffc0000 [ 242.607318][ T30] audit: type=1326 audit(1761965435.807:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8177 comm="syz.4.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f289eb8efc9 code=0x7ffc0000 [ 242.632952][ T30] audit: type=1326 audit(1761965435.807:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8177 comm="syz.4.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f289eb8efc9 code=0x7ffc0000 [ 242.881197][ T5927] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 243.078564][ T5927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 243.158491][ T5927] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 243.244853][ T5927] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 243.253993][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.303915][ T5927] usb 4-1: config 0 descriptor?? [ 243.746860][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.755822][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.767094][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.781315][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 244.271446][ T8212] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 244.278861][ T8212] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 244.285661][ T8212] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 244.291803][ T8212] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 244.297801][ T8212] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 244.323921][ T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 244.332471][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 244.340841][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 245.096616][ T8231] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 245.399108][ T8236] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 245.408698][ T8236] block device autoloading is deprecated and will be removed. [ 245.597065][ T5927] usbhid 4-1:0.0: can't add hid device: -71 [ 245.910122][ T5880] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 245.927783][ T5811] Bluetooth: hci2: SCO packet for unknown connection handle 200 [ 245.928556][ T5811] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 245.952592][ T5927] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 246.358176][ T5811] Bluetooth: hci2: command 0x0c1a tx timeout [ 246.358185][ T5822] Bluetooth: hci4: command 0x0c1a tx timeout [ 246.358217][ T5822] Bluetooth: hci3: command 0x0c1a tx timeout [ 246.376338][ T5819] Bluetooth: hci1: command 0x0405 tx timeout [ 246.432069][ T5927] usb 4-1: USB disconnect, device number 22 [ 246.593759][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 246.593775][ T30] audit: type=1400 audit(1761965441.407:533): avc: denied { bind } for pid=8244 comm="syz.0.600" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 246.604485][ T5880] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 246.630068][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.638707][ T5880] usb 2-1: Product: syz [ 246.643888][ T5880] usb 2-1: Manufacturer: syz [ 247.243309][ T7581] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.360949][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.377666][ T5880] usb 2-1: SerialNumber: syz [ 247.415800][ T5880] usb 2-1: config 0 descriptor?? [ 247.447872][ T5880] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 247.591107][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.626749][ T5880] gspca_sunplus: reg_r err -71 [ 247.654940][ T5880] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 247.678489][ T5880] usb 2-1: USB disconnect, device number 22 [ 247.803884][ T8263] netlink: 136 bytes leftover after parsing attributes in process `syz.2.607'. [ 247.821557][ T30] audit: type=1400 audit(1761965442.637:534): avc: denied { connect } for pid=8261 comm="syz.4.606" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 248.443078][ T5822] Bluetooth: hci2: command 0x0c1a tx timeout [ 249.451574][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 249.462915][ T7581] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 249.475526][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 249.483621][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 249.493765][ T5927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 249.501858][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 249.510138][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 250.386305][ T8303] overlayfs: missing 'lowerdir' [ 252.251420][ T30] audit: type=1400 audit(1761965447.057:535): avc: denied { map } for pid=8326 comm="syz.2.626" path="socket:[19876]" dev="sockfs" ino=19876 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 252.365165][ T30] audit: type=1400 audit(1761965447.057:536): avc: denied { read accept } for pid=8326 comm="syz.2.626" path="socket:[19876]" dev="sockfs" ino=19876 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 252.713211][ T30] audit: type=1400 audit(1761965447.277:537): avc: denied { append } for pid=8326 comm="syz.2.626" name="comedi3" dev="devtmpfs" ino=1279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 252.738423][ T8334] binder: 8326:8334 ioctl c018620c 2000000002c0 returned -1 [ 252.754580][ T30] audit: type=1400 audit(1761965447.507:538): avc: denied { connect } for pid=8337 comm="syz.3.628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 252.780656][ T30] audit: type=1400 audit(1761965447.567:539): avc: denied { write } for pid=8337 comm="syz.3.628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 253.061232][ T42] net_ratelimit: 4 callbacks suppressed [ 253.061246][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 253.649770][ T8353] overlay: Unknown parameter '/' [ 253.758806][ T30] audit: type=1400 audit(1761965448.567:540): avc: denied { create } for pid=8357 comm="syz.0.635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 253.861789][ T980] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 254.086266][ T5927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 254.358254][ T8378] netlink: 8 bytes leftover after parsing attributes in process `syz.2.640'. [ 255.098742][ T8395] overlayfs: conflicting options: userxattr,metacopy=on [ 255.525204][ T5927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 255.550376][ T966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 255.551501][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.567095][ T5937] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 255.575905][ T42] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 255.583996][ T5873] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 255.584468][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.651153][ T980] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 360.580936][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 360.587887][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P8371/1:b..l P8380/1:b..l [ 360.597208][ C1] rcu: (detected by 1, t=10502 jiffies, g=22517, q=206 ncpus=2) [ 360.604906][ C1] task:syz.0.644 state:R running task stack:25944 pid:8380 tgid:8380 ppid:5808 task_flags:0x40004c flags:0x00080000 [ 360.618671][ C1] Call Trace: [ 360.621931][ C1] [ 360.624839][ C1] __schedule+0x1190/0x5de0 [ 360.629332][ C1] ? free_pages_and_swap_cache+0x328/0x4a0 [ 360.635115][ C1] ? __pfx_free_pages_and_swap_cache+0x10/0x10 [ 360.641249][ C1] ? __pfx___schedule+0x10/0x10 [ 360.646078][ C1] ? mark_held_locks+0x49/0x80 [ 360.650816][ C1] preempt_schedule_irq+0x51/0x90 [ 360.655814][ C1] irqentry_exit+0x36/0x90 [ 360.660215][ C1] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 360.665645][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x3b/0x70 [ 360.671770][ C1] Code: 8b 05 79 72 e4 11 a9 00 01 ff 00 74 1d f6 c4 01 74 43 a9 00 00 0f 00 75 3c a9 00 00 f0 00 75 35 8b 82 7c 16 00 00 85 c0 74 2b <8b> 82 58 16 00 00 83 f8 02 75 20 48 8b 8a 60 16 00 00 8b 92 5c 16 [ 360.691350][ C1] RSP: 0018:ffffc9000bcff770 EFLAGS: 00000246 [ 360.697385][ C1] RAX: 0000000080000000 RBX: 0000000049ef8067 RCX: ffffffff82109cbc [ 360.705326][ C1] RDX: ffff888048812480 RSI: ffffffff82109b9e RDI: 0000000000000007 [ 360.713269][ C1] RBP: ffff88802c7b6668 R08: 0000000000000007 R09: 0000000000000000 [ 360.721209][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888049ef8690 [ 360.729149][ C1] R13: 1ffff9200179fef1 R14: ffffc9000bcff968 R15: 000000000127be00 [ 360.737094][ C1] ? __pte_offset_map_lock+0x1dc/0x310 [ 360.742535][ C1] ? __pte_offset_map_lock+0xbe/0x310 [ 360.747876][ C1] __pte_offset_map_lock+0xbe/0x310 [ 360.753046][ C1] ? __pfx___pte_offset_map_lock+0x10/0x10 [ 360.758820][ C1] ? find_held_lock+0x2b/0x80 [ 360.763468][ C1] ? __pfx___might_resched+0x10/0x10 [ 360.768726][ C1] ? unmap_page_range+0x1eed/0x41b0 [ 360.773895][ C1] unmap_page_range+0xac9/0x41b0 [ 360.778812][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 360.784154][ C1] ? mas_next_slot+0x12d3/0x1cb0 [ 360.789074][ C1] ? uprobe_munmap+0x20/0x600 [ 360.793750][ C1] unmap_single_vma.constprop.0+0x153/0x240 [ 360.799617][ C1] unmap_vmas+0x218/0x470 [ 360.803921][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 360.808757][ C1] exit_mmap+0x1b2/0xb90 [ 360.812970][ C1] ? trace_contention_end+0xdd/0x130 [ 360.818236][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 360.822980][ C1] ? arch_uprobe_clear_state+0x16/0x150 [ 360.828516][ C1] __mmput+0x12a/0x410 [ 360.832558][ C1] mmput+0x62/0x70 [ 360.836253][ C1] do_exit+0x7c7/0x2bf0 [ 360.840386][ C1] ? __pfx_do_exit+0x10/0x10 [ 360.844948][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 360.850298][ C1] do_group_exit+0xd3/0x2a0 [ 360.854778][ C1] __x64_sys_exit_group+0x3e/0x50 [ 360.859787][ C1] x64_sys_call+0x150b/0x1730 [ 360.864437][ C1] do_syscall_64+0xcd/0xfa0 [ 360.868915][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.874779][ C1] RIP: 0033:0x7f4b9a18efc9 [ 360.879162][ C1] RSP: 002b:00007ffc57ea7618 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 360.887542][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b9a18efc9 [ 360.895498][ C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 360.903442][ C1] RBP: 00007ffc57ea767c R08: 0000001257ea770f R09: 00000000000927c0 [ 360.911385][ C1] R10: 0000000000004d3c R11: 0000000000000246 R12: 0000000000000082 [ 360.919327][ C1] R13: 00000000000927c0 R14: 000000000003e0c9 R15: 00007ffc57ea76d0 [ 360.927274][ C1] [ 360.930266][ C1] task:syz.1.641 state:R running task stack:26152 pid:8371 tgid:8370 ppid:5814 task_flags:0x400140 flags:0x00080001 [ 360.943704][ C1] Call Trace: [ 360.946963][ C1] [ 360.949868][ C1] __schedule+0x1190/0x5de0 [ 360.954355][ C1] ? __pfx___schedule+0x10/0x10 [ 360.959185][ C1] preempt_schedule_irq+0x51/0x90 [ 360.964183][ C1] irqentry_exit+0x36/0x90 [ 360.968573][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 360.974524][ C1] RIP: 0010:lock_acquire+0x62/0x350 [ 360.979694][ C1] Code: 94 08 12 83 f8 07 0f 87 bc 02 00 00 89 c0 48 0f a3 05 12 11 e9 0e 0f 82 74 02 00 00 8b 35 8a 41 e9 0e 85 f6 0f 85 8d 00 00 00 <48> 8b 44 24 30 65 48 2b 05 29 94 08 12 0f 85 c7 02 00 00 48 83 c4 [ 360.999275][ C1] RSP: 0018:ffffc900100c71b8 EFLAGS: 00000206 [ 361.005313][ C1] RAX: 0000000000000046 RBX: ffffffff8e3c4660 RCX: 00000000ef9d33e4 [ 361.013253][ C1] RDX: 0000000000000000 RSI: ffffffff8da05660 RDI: ffffffff8bf07040 [ 361.021195][ C1] RBP: 0000000000000002 R08: 0ac0d5affe09d4ff R09: 0000000000000000 [ 361.029136][ C1] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 361.037075][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 361.045025][ C1] ? unwind_next_frame+0x3f4/0x20a0 [ 361.050195][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 361.056332][ C1] unwind_next_frame+0xd1/0x20a0 [ 361.061239][ C1] ? unwind_next_frame+0xbd/0x20a0 [ 361.066321][ C1] ? alloc_pages_mpol+0x1fb/0x550 [ 361.071324][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 361.077453][ C1] arch_stack_walk+0x94/0x100 [ 361.082114][ C1] ? alloc_pages_mpol+0x1fb/0x550 [ 361.087121][ C1] stack_trace_save+0x8e/0xc0 [ 361.091781][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 361.097130][ C1] save_stack+0x160/0x1f0 [ 361.101436][ C1] ? __pfx_save_stack+0x10/0x10 [ 361.106260][ C1] ? post_alloc_hook+0x1c0/0x230 [ 361.111169][ C1] ? get_page_from_freelist+0x10a3/0x3a30 [ 361.116863][ C1] ? __alloc_frozen_pages_noprof+0x25f/0x2470 [ 361.122903][ C1] ? alloc_pages_mpol+0x1fb/0x550 [ 361.127913][ C1] ? __lock_acquire+0x622/0x1c90 [ 361.132828][ C1] __set_page_owner+0x91/0x560 [ 361.137564][ C1] ? __pfx___set_page_owner+0x10/0x10 [ 361.142906][ C1] ? rcu_is_watching+0x12/0xc0 [ 361.147642][ C1] ? bad_range+0x261/0x4c0 [ 361.152028][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 361.157203][ C1] post_alloc_hook+0x1c0/0x230 [ 361.161941][ C1] get_page_from_freelist+0x10a3/0x3a30 [ 361.167466][ C1] ? prepare_alloc_pages+0x3c2/0x610 [ 361.172733][ C1] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 361.178610][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 361.184912][ C1] ? is_bpf_text_address+0x8a/0x1a0 [ 361.190082][ C1] ? bpf_ksym_find+0x127/0x1c0 [ 361.194822][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 361.200956][ C1] ? __kernel_text_address+0xd/0x40 [ 361.206127][ C1] ? unwind_get_return_address+0x59/0xa0 [ 361.211730][ C1] ? arch_stack_walk+0xa6/0x100 [ 361.216552][ C1] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 361.222421][ C1] ? policy_nodemask+0xea/0x4e0 [ 361.227245][ C1] alloc_pages_mpol+0x1fb/0x550 [ 361.232068][ C1] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 361.237422][ C1] ? get_freelist+0x1a8/0x1e0 [ 361.242082][ C1] ? find_held_lock+0x2b/0x80 [ 361.246731][ C1] new_slab+0x24a/0x360 [ 361.250861][ C1] ___slab_alloc+0xdae/0x1a60 [ 361.255512][ C1] ? __alloc_skb+0x2b2/0x380 [ 361.260078][ C1] ? __alloc_skb+0x2b2/0x380 [ 361.264647][ C1] ? __slab_alloc.constprop.0+0x63/0x110 [ 361.270261][ C1] __slab_alloc.constprop.0+0x63/0x110 [ 361.275706][ C1] kmem_cache_alloc_node_noprof+0x43c/0x770 [ 361.281573][ C1] ? __alloc_skb+0x2b2/0x380 [ 361.286145][ C1] ? __alloc_skb+0x2b2/0x380 [ 361.290706][ C1] __alloc_skb+0x2b2/0x380 [ 361.295095][ C1] ? __pfx___alloc_skb+0x10/0x10 [ 361.300002][ C1] ? rcu_is_watching+0x12/0xc0 [ 361.304739][ C1] ? __kmalloc_large_noprof+0x40/0x70 [ 361.310081][ C1] ? kmem_cache_alloc_noprof+0x2a1/0x6e0 [ 361.315688][ C1] ? lockdep_init_map_type+0x5c/0x280 [ 361.321034][ C1] audit_log_start+0x34e/0x950 [ 361.325784][ C1] ? __pfx_audit_log_start+0x10/0x10 [ 361.331046][ C1] audit_seccomp+0x60/0x290 [ 361.335522][ C1] __seccomp_filter+0x8a4/0x11c0 [ 361.340430][ C1] ? __pfx___seccomp_filter+0x10/0x10 [ 361.345777][ C1] __secure_computing+0x287/0x3b0 [ 361.350773][ C1] syscall_trace_enter+0x89/0x240 [ 361.355769][ C1] do_syscall_64+0x3cd/0xfa0 [ 361.360335][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.366198][ C1] RIP: 0033:0x7fb2d358efc9 [ 361.370584][ C1] RSP: 002b:00007fb2d434b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 361.378970][ C1] RAX: ffffffffffffffda RBX: 00007fb2d37e5fa8 RCX: 00007fb2d358efc9 [ 361.386913][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb2d37e5fa8 [ 361.394855][ C1] RBP: 00007fb2d37e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 361.402796][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.410753][ C1] R13: 00007fb2d37e6038 R14: 00007ffe2d4e2d50 R15: 00007ffe2d4e2e38 [ 361.418705][ C1] [ 361.421709][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10579 jiffies! g22517 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 361.433996][ C1] rcu: Possible timer handling issue on cpu=1 timer-softirq=14070 [ 361.441852][ C1] rcu: rcu_preempt kthread starved for 10585 jiffies! g22517 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 361.453182][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 361.463118][ C1] rcu: RCU grace-period kthread stack dump: [ 361.468973][ C1] task:rcu_preempt state:I stack:28456 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 361.480845][ C1] Call Trace: [ 361.484096][ C1] [ 361.487003][ C1] __schedule+0x1190/0x5de0 [ 361.491498][ C1] ? __lock_acquire+0x622/0x1c90 [ 361.496423][ C1] ? __pfx___schedule+0x10/0x10 [ 361.501424][ C1] ? find_held_lock+0x2b/0x80 [ 361.506080][ C1] ? schedule+0x2d7/0x3a0 [ 361.510402][ C1] schedule+0xe7/0x3a0 [ 361.514446][ C1] schedule_timeout+0x123/0x290 [ 361.519280][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 361.524625][ C1] ? __pfx_process_timeout+0x10/0x10 [ 361.529884][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 361.535664][ C1] ? prepare_to_swait_event+0xf5/0x480 [ 361.541103][ C1] rcu_gp_fqs_loop+0x1ea/0xaf0 [ 361.545838][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 361.551092][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 361.556274][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 361.561178][ C1] ? rcu_gp_cleanup+0x7c1/0xd90 [ 361.565998][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 361.571788][ C1] rcu_gp_kthread+0x26d/0x380 [ 361.576434][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 361.581601][ C1] ? rcu_is_watching+0x12/0xc0 [ 361.586340][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 361.591525][ C1] ? __kthread_parkme+0x19e/0x250 [ 361.596535][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 361.601712][ C1] kthread+0x3c5/0x780 [ 361.605751][ C1] ? __pfx_kthread+0x10/0x10 [ 361.610311][ C1] ? rcu_is_watching+0x12/0xc0 [ 361.615138][ C1] ? __pfx_kthread+0x10/0x10 [ 361.619707][ C1] ret_from_fork+0x675/0x7d0 [ 361.624277][ C1] ? __pfx_kthread+0x10/0x10 [ 361.628841][ C1] ret_from_fork_asm+0x1a/0x30 [ 361.633592][ C1] [ 361.636592][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 361.642886][ C1] CPU: 1 UID: 0 PID: 1297 Comm: aoe_tx0 Not tainted syzkaller #0 PREEMPT(full) [ 361.651881][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 361.661931][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 [ 361.668323][ C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 36 ca 35 f6 48 89 df e8 1e 1e 36 f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 01 00 00 00 e8 45 26 26 f6 65 8b 05 7e 65 3e 08 85 c0 74 16 5b [ 361.687904][ C1] RSP: 0018:ffffc90004abf958 EFLAGS: 00000246 [ 361.693945][ C1] RAX: 0000000000000016 RBX: ffffffff9add9280 RCX: 0000000000000002 [ 361.701897][ C1] RDX: 0000000000000000 RSI: ffffffff8da2b02d RDI: ffffffff8bf07040 [ 361.709841][ C1] RBP: 0000000000000293 R08: 0000000000000001 R09: 0000000000000001 [ 361.717785][ C1] R10: ffffffff9081fcd7 R11: 0000000000000001 R12: ffffffff8f05d360 [ 361.725727][ C1] R13: ffffffff9add9388 R14: 0000000000000000 R15: ffffffff9add93c0 [ 361.733669][ C1] FS: 0000000000000000(0000) GS:ffff888124b08000(0000) knlGS:0000000000000000 [ 361.742570][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 361.749126][ C1] CR2: 0000200000034030 CR3: 0000000052715000 CR4: 00000000003526f0 [ 361.757077][ C1] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 361.765018][ C1] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 361.772960][ C1] Call Trace: [ 361.776210][ C1] [ 361.779113][ C1] uart_write_room+0x2d9/0x940 [ 361.783853][ C1] ? __pfx_uart_write_room+0x10/0x10 [ 361.789111][ C1] tty_write_room+0x66/0x90 [ 361.793599][ C1] handle_tx+0x14f/0x630 [ 361.797818][ C1] dev_hard_start_xmit+0x97/0x740 [ 361.802818][ C1] __dev_queue_xmit+0xa46/0x4490 [ 361.807727][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 361.812907][ C1] ? finish_task_switch.isra.0+0x221/0xc10 [ 361.818715][ C1] ? rcu_is_watching+0x12/0xc0 [ 361.823463][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 361.828806][ C1] ? __schedule+0x11a3/0x5de0 [ 361.833466][ C1] ? __lock_acquire+0xb8a/0x1c90 [ 361.838390][ C1] ? __lock_acquire+0xb8a/0x1c90 [ 361.843307][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 361.848303][ C1] ? find_held_lock+0x2b/0x80 [ 361.852950][ C1] ? skb_dequeue+0x126/0x180 [ 361.857508][ C1] ? find_held_lock+0x2b/0x80 [ 361.862169][ C1] ? rcu_is_watching+0x12/0xc0 [ 361.866907][ C1] tx+0xcc/0x190 [ 361.870429][ C1] ? __pfx_tx+0x10/0x10 [ 361.874555][ C1] kthread+0x1e4/0x3e0 [ 361.878609][ C1] ? find_held_lock+0x2b/0x80 [ 361.883256][ C1] ? __pfx_kthread+0x10/0x10 [ 361.887819][ C1] ? __pfx_default_wake_function+0x10/0x10 [ 361.893601][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 361.898775][ C1] ? __kthread_parkme+0x19e/0x250 [ 361.903774][ C1] ? __pfx_kthread+0x10/0x10 [ 361.908337][ C1] kthread+0x3c5/0x780 [ 361.912376][ C1] ? __pfx_kthread+0x10/0x10 [ 361.916937][ C1] ? rcu_is_watching+0x12/0xc0 [ 361.921675][ C1] ? __pfx_kthread+0x10/0x10 [ 361.926238][ C1] ret_from_fork+0x675/0x7d0 [ 361.930796][ C1] ? __pfx_kthread+0x10/0x10 [ 361.935364][ C1] ret_from_fork_asm+0x1a/0x30 [ 361.940117][ C1]